udev-acl.c revision 135f3e8d0b4b4968908421b677c9ef2ba860b71d
/*
* Copyright (C) 2009 Kay Sievers <kay.sievers@vrfy.org>
*
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details:
*/
#include <errno.h>
#include <getopt.h>
#include <glib.h>
#include <inttypes.h>
#include <libudev.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
static int debug;
enum{
ACTION_NONE = 0,
};
{
int get;
acl_entry_t e;
int ret;
/* don't touch ACLs for root */
if (uid == 0)
return 0;
/* read current record */
if (!acl)
return -1;
/* locate ACL_USER entry for uid */
while (get == 1) {
acl_tag_t t;
acl_get_tag_type(e, &t);
if (t == ACL_USER) {
uid_t *u;
u = (uid_t*)acl_get_qualifier(e);
if (u == NULL) {
ret = -1;
goto out;
}
if (*u == uid) {
entry = e;
acl_free(u);
break;
}
acl_free(u);
}
}
/* remove ACL_USER entry for uid */
if (!add) {
ret = 0;
goto out;
}
goto update;
}
/* create ACL_USER entry for uid */
if (ret != 0)
goto out;
}
/* add permissions for uid */
/* update record */
if (debug)
acl_calc_mask(&acl);
if (ret != 0)
goto out;
out:
return ret;
}
/* check if a given uid is listed */
{
GSList *l;
return 1;
return 0;
}
/* return list of current uids of local active sessions */
{
keyfile = g_key_file_new();
int i;
uid_t u;
continue;
continue;
continue;
continue;
if (u > 0 && !uid_in_list(list, u))
}
}
}
return list;
}
/* ConsoleKit calls us with special variables */
static int consolekit_called(const char *ck_action, uid_t *uid, uid_t *uid2, const char **remove_session_id, int *action)
{
int a = ACTION_NONE;
uid_t u = 0;
const char *s;
const char *s2;
const char *old_session = NULL;
return -1;
/* We can have one of: remove, add, change, no-change */
s = getenv("CK_SEAT_OLD_SESSION_ID");
return -1;
a = ACTION_REMOVE;
} else if (s == NULL) {
a = ACTION_ADD;
} else {
a = ACTION_CHANGE;
}
switch (a) {
case ACTION_ADD:
s = getenv("CK_SEAT_SESSION_USER_UID");
if (s == NULL)
return -1;
s = getenv("CK_SEAT_SESSION_IS_LOCAL");
if (s == NULL)
return -1;
if (strcmp(s, "true") != 0)
return 0;
break;
case ACTION_REMOVE:
s = getenv("CK_SEAT_OLD_SESSION_USER_UID");
if (s == NULL)
return -1;
s = getenv("CK_SEAT_OLD_SESSION_IS_LOCAL");
if (s == NULL)
return -1;
if (strcmp(s, "true") != 0)
return 0;
if (old_session == NULL)
return -1;
break;
case ACTION_CHANGE:
s = getenv("CK_SEAT_OLD_SESSION_USER_UID");
if (s == NULL)
return -1;
s = getenv("CK_SEAT_SESSION_USER_UID");
if (s == NULL)
return -1;
s = getenv("CK_SEAT_OLD_SESSION_IS_LOCAL");
return -1;
/* don't process non-local session changes */
return 0;
/* process the change */
if (u == u2) {
/* special case: we noop if we are
* changing between local sessions for
* the same uid */
a = ACTION_NONE;
}
if (old_session == NULL)
return -1;
} else if (strcmp(s, "true") == 0) {
/* only process the removal */
a = ACTION_REMOVE;
if (old_session == NULL)
return -1;
/* only process the addition */
a = ACTION_ADD;
u = u2;
}
break;
}
*uid = u;
*action = a;
return 0;
}
/* add or remove a ACL for a given uid from all matching devices */
{
struct udev_enumerate *enumerate;
struct udev_list_entry *list_entry;
/* iterate over all devices tagged with ACL_SET */
struct udev_device *device;
const char *node;
continue;
continue;
}
}
static void
{
/*
* Remove ACL for given uid from all matching devices
* when there is currently no local active session.
*/
apply_acl_to_devices(uid, 0);
}
{
{}
};
int action = -1;
bool uid_given = false;
const char* remove_session_id = NULL;
int rc = 0;
/* valgrind is more important to us than a slice allocator */
while (1) {
int option;
if (option == -1)
break;
switch (option) {
case 'a':
else
action = ACTION_ADD;
break;
case 'D':
break;
case 'u':
uid_given = true;
break;
case 'd':
debug = 1;
break;
case 'h':
printf("Usage: udev-acl --action=ACTION [--device=DEVICEFILE] [--user=UID]\n\n");
goto out;
}
}
uid_given = true;
if (action < 0) {
rc = 2;
goto out;
}
rc = 3;
goto out;
}
if (uid_given) {
switch (action) {
case ACTION_ADD:
/* Add ACL for given uid to all matching devices. */
break;
case ACTION_REMOVE:
break;
case ACTION_CHANGE:
break;
case ACTION_NONE:
goto out;
break;
default:
break;
}
/*
* Add ACLs for all current session uids to a given device.
*
* Or remove ACLs for uids which do not have any current local
* active session. Remove is not really interesting, because in
* most cases the device node is removed anyway.
*/
GSList *l;
uid_t u;
u = GPOINTER_TO_UINT(l->data);
}
} else {
rc = 3;
}
out:
return rc;
}