hal: Branch 'master'
David Zeuthen
david at kemper.freedesktop.org
Mon Mar 26 23:33:05 PDT 2007
configure.in | 1
doc/man/Makefile.am | 4
doc/man/hal-is-caller-locked-out.1.in | 68 ++++++++++++
doc/man/hald.1.in | 3
hald/hald_dbus.c | 6 -
tools/Makefile.am | 6 -
tools/hal-is-caller-locked-out.c | 183 ++++++++++++++++++++++++++++++++++
tools/hal-luks-setup | 23 ++++
tools/hal-luks-teardown | 23 ++++
9 files changed, 310 insertions(+), 7 deletions(-)
New commits:
diff-tree 28fc2fa7c6bbde540d4f17e810ab59fda0c186ba (from 583de1e89c8043180814921c860f85c4cd9ed58b)
Author: David Zeuthen <davidz at redhat.com>
Date: Tue Mar 27 02:33:05 2007 -0400
make LUKS setup/teardown respect the standard .Volume and .Storage locks
This required a new tool hal-is-caller-locked-out. Also add a manual
page for this tool.
diff --git a/configure.in b/configure.in
index 52b2dca..6570b99 100644
--- a/configure.in
+++ b/configure.in
@@ -862,6 +862,7 @@ doc/man/hal-get-property.1
doc/man/hal-set-property.1
doc/man/hal-find-by-property.1
doc/man/hal-find-by-capability.1
+doc/man/hal-is-caller-locked-out.1
po/Makefile.in
])
diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am
index 475db03..ece5db6 100644
--- a/doc/man/Makefile.am
+++ b/doc/man/Makefile.am
@@ -1,9 +1,9 @@
if MAN_PAGES_ENABLED
-MAN_IN_FILES = hald.1.in lshal.1.in hal-get-property.1.in hal-set-property.1.in hal-find-by-property.1.in hal-find-by-capability.1.in
+MAN_IN_FILES = hald.1.in lshal.1.in hal-get-property.1.in hal-set-property.1.in hal-find-by-property.1.in hal-find-by-capability.1.in hal-is-caller-locked-out.1.in
-man_MANS = hald.1 lshal.1 hal-get-property.1 hal-set-property.1 hal-find-by-property.1 hal-find-by-capability.1
+man_MANS = hald.1 lshal.1 hal-get-property.1 hal-set-property.1 hal-find-by-property.1 hal-find-by-capability.1 hal-is-caller-locked-out.1
endif # MAN_PAGES_ENABLED
diff --git a/doc/man/hal-is-caller-locked-out.1.in b/doc/man/hal-is-caller-locked-out.1.in
new file mode 100644
index 0000000..41dc842
--- /dev/null
+++ b/doc/man/hal-is-caller-locked-out.1.in
@@ -0,0 +1,68 @@
+.\"
+.\" hal-is-caller-locked-out manual page.
+.\" Copyright (C) 2007 David Zeuthen <david at fubar.dk>
+.\"
+.TH HAL-IS-CALLER-LOCKED-OUT 1
+.SH NAME
+hal-is-caller-locked-out \- determine if a caller is locked out
+.SH SYNOPSIS
+.PP
+.B hal-is-caller-locked-out
+[options]
+
+.SH DESCRIPTION
+
+\fIhal-is-caller-locked-out\fP determines if a specific caller is
+locked out of a specific D-Bus interface on a specific device. For
+more information about both the big picture and specific
+.B HAL
+properties, refer to the \fIHAL spec\fP which can be found in
+.I "/usr/share/doc/hal-0.5.9/spec/hal-spec.html"
+depending on the distribution.
+
+.SH OPTIONS
+The following options are supported:
+.TP
+.I "--udi"
+The UDI (\fIUnique Device Identifier\fP) of the device object.
+.TP
+.I "--interface"
+The name of the interface to check fo.
+.TP
+.I "--caller"
+The unique D-Bus name on the system bus of the caller.
+.TP
+.I "--help"
+Print out usage.
+.TP
+.I "--version"
+Print the version.
+
+.SH RETURN VALUE
+.PP
+This program determines if a given process on the system bus is locked
+out of a D-Bus interface. If the process is locked out or an error
+occurs this program exits with exit code 1. Otherwise it exits with
+exit code 0. Note that only the super user (root) or other privileged
+users can use this tool.
+
+.SH BUGS
+.PP
+Please send bug reports to either the distribution or the HAL
+mailing list, see
+.I "http://lists.freedesktop.org/mailman/listinfo/hal"
+on how to subscribe.
+
+.SH SEE ALSO
+.PP
+\&\fIhald\fR\|(1),
+\&\fIlshal\fR\|(1),
+\&\fIhal-get-property\fR\|(1),
+\&\fIhal-set-property\fR\|(1),
+\&\fIhal-find-by-property\fR\|(1),
+\&\fIhal-find-by-capability\fR\|(1)
+
+.SH AUTHOR
+Written by David Zeuthen <david at fubar.dk> with a lot of help from many
+others.
+
diff --git a/doc/man/hald.1.in b/doc/man/hald.1.in
index d7bf88b..b72c6a4 100644
--- a/doc/man/hald.1.in
+++ b/doc/man/hald.1.in
@@ -96,7 +96,8 @@ hotplug event and one after.
\&\fIhal-set-property\fR\|(1),
\&\fIhal-get-property\fR\|(1),
\&\fIhal-find-by-property\fR\|(1),
-\&\fIhal-find-by-capability\fR\|(1)
+\&\fIhal-find-by-capability\fR\|(1),
+\&\fIhal-is-caller-locked-out\fR\|(1)
.SH AUTHOR
Written by David Zeuthen <david at fubar.dk> with a lot of help from many
diff --git a/hald/hald_dbus.c b/hald/hald_dbus.c
index a1a2b66..2816947 100644
--- a/hald/hald_dbus.c
+++ b/hald/hald_dbus.c
@@ -2019,8 +2019,8 @@ device_is_caller_locked_out (DBusConnect
sender = dbus_message_get_sender (message);
- /* only allow HAL helpers to ask this question */
- if (!local_interface) {
+ /* only allow HAL helpers / privileged users to ask this question */
+ if (!local_interface && !access_check_message_caller_is_root_or_hal (ci_tracker, message)) {
raise_permission_denied (connection, message, "IsCallerLockedOut: not privileged");
}
@@ -2029,7 +2029,7 @@ device_is_caller_locked_out (DBusConnect
DBUS_TYPE_STRING, &interface_name,
DBUS_TYPE_STRING, &caller_sysbus_name,
DBUS_TYPE_INVALID)) {
- raise_syntax (connection, message, "ReleaseInterfaceLock");
+ raise_syntax (connection, message, "IsCallerLockedOut");
return DBUS_HANDLER_RESULT_HANDLED;
}
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 2b96220..3c5a302 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -29,7 +29,8 @@ bin_PROGRAMS = \
hal-set-property \
hal-find-by-capability \
hal-find-by-property \
- hal-device
+ hal-device \
+ hal-is-caller-locked-out
lshal_SOURCES = lshal.c
lshal_LDADD = @GLIB_LIBS@ $(top_builddir)/libhal/libhal.la
@@ -49,6 +50,9 @@ hal_find_by_property_LDADD = @DBUS_LIBS@
hal_device_SOURCES = hal-device.c
hal_device_LDADD = @DBUS_LIBS@ $(top_builddir)/libhal/libhal.la
+hal_is_caller_locked_out_SOURCES = hal-is-caller-locked-out.c
+hal_is_caller_locked_out_LDADD = @DBUS_LIBS@ $(top_builddir)/libhal/libhal.la
+
libexec_PROGRAMS = \
hal-storage-mount \
hal-storage-unmount \
diff --git a/tools/hal-is-caller-locked-out.c b/tools/hal-is-caller-locked-out.c
new file mode 100644
index 0000000..96a4ea2
--- /dev/null
+++ b/tools/hal-is-caller-locked-out.c
@@ -0,0 +1,183 @@
+/***************************************************************************
+ * CVSID: $Id$
+ *
+ * hal-is-caller-locked-out.c : Determine if a caller is locked out
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <getopt.h>
+
+#include <libhal.h>
+
+/**
+ * usage:
+ * @argc: Number of arguments given to program
+ * @argv: Arguments given to program
+ *
+ * Print out program usage.
+ */
+static void
+usage (int argc, char *argv[])
+{
+ fprintf (stderr,
+ "\n"
+ "usage : hal-is-caller-locked-out --udi <udi> --interface <interface>\n"
+ " --caller <caller-name>\n"
+ " [--help] [--version]\n");
+ fprintf (stderr,
+ "\n"
+ " --udi Unique Device Id\n"
+ " --interface Interface\n"
+ " --caller The name of the caller\n"
+ " --version Show version and exit\n"
+ " --help Show this information and exit\n"
+ "\n"
+ "This program determines if a given process on the system bus is\n"
+ "locked out of a D-Bus interface. If the process is locked out\n"
+ "or an error occurs this program exits with exit code 1. Otherwise\n"
+ "it exits with exit code 0. Note that only the super user (root)\n"
+ "or other privileged users can use this tool.\n"
+ "\n");
+}
+
+/**
+ * main:
+ * @argc: Number of arguments given to program
+ * @argv: Arguments given to program
+ *
+ * Returns: Return code
+ *
+ * Main entry point
+ */
+int
+main (int argc, char *argv[])
+{
+ char *udi = NULL;
+ char *interface = NULL;
+ char *caller = NULL;
+ dbus_bool_t is_version = FALSE;
+ dbus_bool_t locked_out;
+ DBusError error;
+ LibHalContext *hal_ctx;
+
+
+ if (argc <= 1) {
+ usage (argc, argv);
+ return 1;
+ }
+
+ while (1) {
+ int c;
+ int option_index = 0;
+ const char *opt;
+ static struct option long_options[] = {
+ {"udi", 1, NULL, 0},
+ {"interface", 1, NULL, 0},
+ {"caller", 1, NULL, 0},
+ {"version", 0, NULL, 0},
+ {"help", 0, NULL, 0},
+ {NULL, 0, NULL, 0}
+ };
+
+ c = getopt_long (argc, argv, "",
+ long_options, &option_index);
+ if (c == -1)
+ break;
+
+ switch (c) {
+ case 0:
+ opt = long_options[option_index].name;
+
+ if (strcmp (opt, "help") == 0) {
+ usage (argc, argv);
+ return 0;
+ } else if (strcmp (opt, "version") == 0) {
+ is_version = TRUE;
+ } else if (strcmp (opt, "udi") == 0) {
+ udi = strdup (optarg);
+ } else if (strcmp (opt, "caller") == 0) {
+ caller = strdup (optarg);
+ } else if (strcmp (opt, "interface") == 0) {
+ interface = strdup (optarg);
+ }
+ break;
+
+ default:
+ usage (argc, argv);
+ return 1;
+ break;
+ }
+ }
+
+ if (is_version) {
+ printf ("hal-is-caller-locked-out " PACKAGE_VERSION "\n");
+ return 0;
+ }
+
+ if (udi == NULL || caller == NULL || interface == NULL) {
+ usage (argc, argv);
+ return 1;
+ }
+
+ dbus_error_init (&error);
+ if ((hal_ctx = libhal_ctx_new ()) == NULL) {
+ fprintf (stderr, "error: libhal_ctx_new\n");
+ return 1;
+ }
+ if (!libhal_ctx_set_dbus_connection (hal_ctx, dbus_bus_get (DBUS_BUS_SYSTEM, &error))) {
+ fprintf (stderr, "error: libhal_ctx_set_dbus_connection: %s: %s\n", error.name, error.message);
+ LIBHAL_FREE_DBUS_ERROR (&error);
+ return 1;
+ }
+ if (!libhal_ctx_init (hal_ctx, &error)) {
+ if (dbus_error_is_set(&error)) {
+ fprintf (stderr, "error: libhal_ctx_init: %s: %s\n", error.name, error.message);
+ dbus_error_free (&error);
+ }
+ fprintf (stderr, "Could not initialise connection to hald.\n"
+ "Normally this means the HAL daemon (hald) is not running or not ready.\n");
+ return 1;
+ }
+
+ locked_out = libhal_device_is_caller_locked_out (hal_ctx,
+ udi,
+ interface,
+ caller,
+ &error);
+ if (dbus_error_is_set (&error)) {
+ fprintf (stderr, "error: %s: %s\n", error.name, error.message);
+ dbus_error_free (&error);
+ return 1;
+ }
+
+ if (locked_out)
+ return 1;
+ else
+ return 0;
+}
diff --git a/tools/hal-luks-setup b/tools/hal-luks-setup
index 247fe0c..154bde6 100755
--- a/tools/hal-luks-setup
+++ b/tools/hal-luks-setup
@@ -6,6 +6,12 @@
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2.
+locked_out() {
+ echo "org.freedesktop.Hal.Device.InterfaceLocked" >&2
+ echo "Enclosing drive/volume is locked" >&2
+ exit 1
+}
+
if [ -z "$HAL_PROP_BLOCK_DEVICE" ] || [ -z "$HAL_PROP_INFO_UDI" ] || [ -z "$HAL_PROP_VOLUME_UUID" ] ; then
echo "org.freedesktop.Hal.Device.UnknownError" >&2
echo "Missing or empty environment variable(s)." >&2
@@ -13,6 +19,23 @@ if [ -z "$HAL_PROP_BLOCK_DEVICE" ] || [
exit 1
fi
+# Respect the same locks as Mount()/Unmount() etc.
+if [ -n "$HAL_METHOD_INVOKED_BY_SYSTEMBUS_CONNECTION_NAME" ] ; then
+ hal-is-caller-locked-out --udi $HAL_PROP_INFO_UDI \
+ --interface org.freedesktop.Hal.Volume \
+ --caller $HAL_METHOD_INVOKED_BY_SYSTEMBUS_CONNECTION_NAME
+ RET=$?
+ if [ "$RET" != "1" ] ; then
+ locked_out
+ fi
+ hal-is-caller-locked-out --udi $HAL_PROP_STORAGE_ORIGINATING_DEVICE \
+ --interface org.freedesktop.Hal.Storage \
+ --caller $HAL_METHOD_INVOKED_BY_SYSTEMBUS_CONNECTION_NAME
+ RET=$?
+ if [ "$RET" != "1" ] ; then
+ locked_out
+ fi
+fi
if [ -n "$HALD_UNAME_S" -a -x ./$HALD_UNAME_S/hal-luks-setup-$HALD_UNAME_S ]; then
exec ./$HALD_UNAME_S/hal-luks-setup-$HALD_UNAME_S $@
diff --git a/tools/hal-luks-teardown b/tools/hal-luks-teardown
index f6e8359..387cdfa 100755
--- a/tools/hal-luks-teardown
+++ b/tools/hal-luks-teardown
@@ -6,6 +6,12 @@
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2.
+locked_out() {
+ echo "org.freedesktop.Hal.Device.InterfaceLocked" >&2
+ echo "Enclosing drive/volume is locked" >&2
+ exit 1
+}
+
# Check for environment variables
if [ -z "$HAL_PROP_BLOCK_DEVICE" ] || [ -z "$HAL_PROP_INFO_UDI" ] || [ -z "$HAL_PROP_VOLUME_UUID" ] ; then
echo "org.freedesktop.Hal.Device.UnknownError" >&2
@@ -14,6 +20,23 @@ if [ -z "$HAL_PROP_BLOCK_DEVICE" ] || [
exit 1
fi
+# Respect the same locks as Mount()/Unmount() etc.
+if [ -n "$HAL_METHOD_INVOKED_BY_SYSTEMBUS_CONNECTION_NAME" ] ; then
+ hal-is-caller-locked-out --udi $HAL_PROP_INFO_UDI \
+ --interface org.freedesktop.Hal.Volume \
+ --caller $HAL_METHOD_INVOKED_BY_SYSTEMBUS_CONNECTION_NAME
+ RET=$?
+ if [ "$RET" != "1" ] ; then
+ locked_out
+ fi
+ hal-is-caller-locked-out --udi $HAL_PROP_STORAGE_ORIGINATING_DEVICE \
+ --interface org.freedesktop.Hal.Storage \
+ --caller $HAL_METHOD_INVOKED_BY_SYSTEMBUS_CONNECTION_NAME
+ RET=$?
+ if [ "$RET" != "1" ] ; then
+ locked_out
+ fi
+fi
if [ -n "$HALD_UNAME_S" -a -x ./$HALD_UNAME_S/hal-luks-teardown-$HALD_UNAME_S ]; then
exec ./$HALD_UNAME_S/hal-luks-teardown-$HALD_UNAME_S $@
More information about the hal-commit
mailing list