systemd/src/udev/udev-builtin-uaccess.c

/*
 * manage device node user ACL
 *
 * Copyright 2010-2012 Kay Sievers <kay@vrfy.org>
 * Copyright 2010 Lennart Poettering
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

#include <errno.h>
#include <stdio.h>
#include <stdlib.h>

#include "sd-login.h"

#include "login-util.h"
#include "logind-acl.h"
#include "udev.h"
#include "util.h"

static int builtin_uaccess(struct udev_device *dev, int argc, char *argv[], bool test) {
        int r;
        const char *path = NULL, *seat;
        bool changed_acl = false;
        uid_t uid;

        umask(0022);

        /* don't muck around with ACLs when the system is not running systemd */
        if (!logind_running())
                return 0;

        path = udev_device_get_devnode(dev);
        seat = udev_device_get_property_value(dev, "ID_SEAT");
        if (!seat)
                seat = "seat0";

        r = sd_seat_get_active(seat, NULL, &uid);
        if (r == -ENXIO || r == -ENODATA) {
                /* No active session on this seat */
                r = 0;
                goto finish;
        } else if (r < 0) {
                log_error("Failed to determine active user on seat %s.", seat);
                goto finish;
        }

        r = devnode_acl(path, true, false, 0, true, uid);
        if (r < 0) {
                log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL on %s: %m", path);
                goto finish;
        }

        changed_acl = true;
        r = 0;

finish:
        if (path && !changed_acl) {
                int k;

                /* Better be safe than sorry and reset ACL */
                k = devnode_acl(path, true, false, 0, false, 0);
                if (k < 0) {
                        log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL on %s: %m", path);
                        if (r >= 0)
                                r = k;
                }
        }

        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}

const struct udev_builtin udev_builtin_uaccess = {
        .name = "uaccess",
        .cmd = builtin_uaccess,
        .help = "Manage device node user ACL",
};
udev: convert 'uaccess' to a builtin 2012-04-09 18:37:54 +04:00			`/*`
			`* manage device node user ACL`
			`*`
			`* Copyright 2010-2012 Kay Sievers <kay@vrfy.org>`
			`* Copyright 2010 Lennart Poettering`
			`*`
			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License as published by`
			`* the Free Software Foundation, either version 2 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

tree-wide: sort includes Sort the includes accoding to the new coding style. 2015-11-17 00:09:36 +03:00			`#include <errno.h>`
udev: convert 'uaccess' to a builtin 2012-04-09 18:37:54 +04:00			`#include <stdio.h>`
			`#include <stdlib.h>`

util: move logind_running() to login-util.[ch] 2015-10-25 00:30:40 +03:00			`#include "sd-login.h"`

			`#include "login-util.h"`
udev: convert 'uaccess' to a builtin 2012-04-09 18:37:54 +04:00			`#include "logind-acl.h"`
			`#include "udev.h"`
			`#include "util.h"`

udev: place opening { at the same line as the function declaration 2014-07-29 17:47:41 +04:00			`static int builtin_uaccess(struct udev_device dev, int argc, char argv[], bool test) {`
udev: convert 'uaccess' to a builtin 2012-04-09 18:37:54 +04:00			`int r;`
			`const char path = NULL, seat;`
			`bool changed_acl = false;`
			`uid_t uid;`

			`umask(0022);`

			`/* don't muck around with ACLs when the system is not running systemd */`
PAM, uaccess: check for logind, not for systemd It is possible to build systemd without logind or run logind without systemd init. Commit 66e41181 fixed sd_booted() to only succeed for systemd init; with that, testing for systemd init is wrong in the parts that talk to logind. In particular, this affects the PAM module and the "uaccess" udev builtin. Change sd_booted() to a new logind_running() which tests for /run/systemd/seats/. For details, see: <https://mail.gnome.org/archives/desktop-devel-list/2013-March/msg00092.html> https://bugs.freedesktop.org/show_bug.cgi?id=62754 2013-03-26 14:36:31 +04:00			`if (!logind_running())`
udev: convert 'uaccess' to a builtin 2012-04-09 18:37:54 +04:00			`return 0;`

			`path = udev_device_get_devnode(dev);`
			`seat = udev_device_get_property_value(dev, "ID_SEAT");`
			`if (!seat)`
			`seat = "seat0";`

			`r = sd_seat_get_active(seat, NULL, &uid);`
sd-login: fix sd_seat_get_active() to return ENODATA This seems to be an oversight from: 707b66c66381c899d7ef640e158ffdd5bcff4deb We have to return ENODATA instead of ENOENT if a requested entry is non-present. Also fix the call-site in udev to check for these errors. 2015-09-08 15:03:22 +03:00			`if (r == -ENXIO \|\| r == -ENODATA) {`
udev: convert 'uaccess' to a builtin 2012-04-09 18:37:54 +04:00			`/* No active session on this seat */`
			`r = 0;`
			`goto finish;`
			`} else if (r < 0) {`
			`log_error("Failed to determine active user on seat %s.", seat);`
			`goto finish;`
			`}`

			`r = devnode_acl(path, true, false, 0, true, uid);`
			`if (r < 0) {`
treewide: use the negative error codes returned by our functions Our functions return negative error codes. Do not rely on errno being set after calling our own functions. 2015-11-05 15:44:06 +03:00			`log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL on %s: %m", path);`
udev: convert 'uaccess' to a builtin 2012-04-09 18:37:54 +04:00			`goto finish;`
			`}`

			`changed_acl = true;`
			`r = 0;`

			`finish:`
			`if (path && !changed_acl) {`
			`int k;`

			`/* Better be safe than sorry and reset ACL */`
			`k = devnode_acl(path, true, false, 0, false, 0);`
			`if (k < 0) {`
udev: uaccess - do not log error when device node disappears https://github.com/systemd/systemd/issues/875 2015-08-05 21:33:48 +03:00			`log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL on %s: %m", path);`
udev: convert 'uaccess' to a builtin 2012-04-09 18:37:54 +04:00			`if (r >= 0)`
			`r = k;`
			`}`
			`}`

			`return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;`
			`}`

			`const struct udev_builtin udev_builtin_uaccess = {`
			`.name = "uaccess",`
			`.cmd = builtin_uaccess,`
udevadm,..: make --help output of udev tools more like the output of the various other tools 2015-01-05 15:19:55 +03:00			`.help = "Manage device node user ACL",`
udev: convert 'uaccess' to a builtin 2012-04-09 18:37:54 +04:00			`};`