hal: Branch 'master'

David Zeuthen david at kemper.freedesktop.org
Mon Mar 26 23:33:05 PDT 2007


 configure.in                          |    1 
 doc/man/Makefile.am                   |    4 
 doc/man/hal-is-caller-locked-out.1.in |   68 ++++++++++++
 doc/man/hald.1.in                     |    3 
 hald/hald_dbus.c                      |    6 -
 tools/Makefile.am                     |    6 -
 tools/hal-is-caller-locked-out.c      |  183 ++++++++++++++++++++++++++++++++++
 tools/hal-luks-setup                  |   23 ++++
 tools/hal-luks-teardown               |   23 ++++
 9 files changed, 310 insertions(+), 7 deletions(-)

New commits:
diff-tree 28fc2fa7c6bbde540d4f17e810ab59fda0c186ba (from 583de1e89c8043180814921c860f85c4cd9ed58b)
Author: David Zeuthen <davidz at redhat.com>
Date:   Tue Mar 27 02:33:05 2007 -0400

    make LUKS setup/teardown respect the standard .Volume and .Storage locks
    
    This required a new tool hal-is-caller-locked-out. Also add a manual
    page for this tool.

diff --git a/configure.in b/configure.in
index 52b2dca..6570b99 100644
--- a/configure.in
+++ b/configure.in
@@ -862,6 +862,7 @@ doc/man/hal-get-property.1
 doc/man/hal-set-property.1
 doc/man/hal-find-by-property.1
 doc/man/hal-find-by-capability.1
+doc/man/hal-is-caller-locked-out.1
 po/Makefile.in
 ])
 
diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am
index 475db03..ece5db6 100644
--- a/doc/man/Makefile.am
+++ b/doc/man/Makefile.am
@@ -1,9 +1,9 @@
 
 if MAN_PAGES_ENABLED
 
-MAN_IN_FILES = hald.1.in lshal.1.in hal-get-property.1.in hal-set-property.1.in hal-find-by-property.1.in hal-find-by-capability.1.in
+MAN_IN_FILES = hald.1.in lshal.1.in hal-get-property.1.in hal-set-property.1.in hal-find-by-property.1.in hal-find-by-capability.1.in hal-is-caller-locked-out.1.in
 
-man_MANS = hald.1 lshal.1 hal-get-property.1 hal-set-property.1 hal-find-by-property.1 hal-find-by-capability.1
+man_MANS = hald.1 lshal.1 hal-get-property.1 hal-set-property.1 hal-find-by-property.1 hal-find-by-capability.1 hal-is-caller-locked-out.1
 
 endif # MAN_PAGES_ENABLED
 
diff --git a/doc/man/hal-is-caller-locked-out.1.in b/doc/man/hal-is-caller-locked-out.1.in
new file mode 100644
index 0000000..41dc842
--- /dev/null
+++ b/doc/man/hal-is-caller-locked-out.1.in
@@ -0,0 +1,68 @@
+.\" 
+.\" hal-is-caller-locked-out manual page.
+.\" Copyright (C) 2007 David Zeuthen <david at fubar.dk>
+.\"
+.TH HAL-IS-CALLER-LOCKED-OUT 1
+.SH NAME
+hal-is-caller-locked-out \- determine if a caller is locked out
+.SH SYNOPSIS
+.PP
+.B hal-is-caller-locked-out
+[options]
+
+.SH DESCRIPTION
+
+\fIhal-is-caller-locked-out\fP determines if a specific caller is
+locked out of a specific D-Bus interface on a specific device. For
+more information about both the big picture and specific
+.B HAL
+properties, refer to the \fIHAL spec\fP which can be found in
+.I "/usr/share/doc/hal-0.5.9/spec/hal-spec.html"
+depending on the distribution.
+
+.SH OPTIONS
+The following options are supported:
+.TP
+.I "--udi"
+The UDI (\fIUnique Device Identifier\fP) of the device object.
+.TP
+.I "--interface"
+The name of the interface to check fo.
+.TP
+.I "--caller"
+The unique D-Bus name on the system bus of the caller.
+.TP
+.I "--help"
+Print out usage.
+.TP
+.I "--version"
+Print the version.
+
+.SH RETURN VALUE
+.PP
+This program determines if a given process on the system bus is locked
+out of a D-Bus interface. If the process is locked out or an error
+occurs this program exits with exit code 1. Otherwise it exits with
+exit code 0. Note that only the super user (root) or other privileged
+users can use this tool.
+
+.SH BUGS
+.PP
+Please send bug reports to either the distribution or the HAL
+mailing list, see 
+.I "http://lists.freedesktop.org/mailman/listinfo/hal"
+on how to subscribe.
+
+.SH SEE ALSO
+.PP
+\&\fIhald\fR\|(1), 
+\&\fIlshal\fR\|(1), 
+\&\fIhal-get-property\fR\|(1),
+\&\fIhal-set-property\fR\|(1),
+\&\fIhal-find-by-property\fR\|(1),
+\&\fIhal-find-by-capability\fR\|(1)
+
+.SH AUTHOR
+Written by David Zeuthen <david at fubar.dk> with a lot of help from many
+others.
+
diff --git a/doc/man/hald.1.in b/doc/man/hald.1.in
index d7bf88b..b72c6a4 100644
--- a/doc/man/hald.1.in
+++ b/doc/man/hald.1.in
@@ -96,7 +96,8 @@ hotplug event and one after.
 \&\fIhal-set-property\fR\|(1),
 \&\fIhal-get-property\fR\|(1),
 \&\fIhal-find-by-property\fR\|(1),
-\&\fIhal-find-by-capability\fR\|(1)
+\&\fIhal-find-by-capability\fR\|(1),
+\&\fIhal-is-caller-locked-out\fR\|(1)
 
 .SH AUTHOR
 Written by David Zeuthen <david at fubar.dk> with a lot of help from many
diff --git a/hald/hald_dbus.c b/hald/hald_dbus.c
index a1a2b66..2816947 100644
--- a/hald/hald_dbus.c
+++ b/hald/hald_dbus.c
@@ -2019,8 +2019,8 @@ device_is_caller_locked_out (DBusConnect
 
 	sender = dbus_message_get_sender (message);
 
-        /* only allow HAL helpers to ask this question */
-        if (!local_interface) {
+        /* only allow HAL helpers / privileged users to ask this question */
+        if (!local_interface && !access_check_message_caller_is_root_or_hal (ci_tracker, message)) {
                 raise_permission_denied (connection, message, "IsCallerLockedOut: not privileged");
         }
 
@@ -2029,7 +2029,7 @@ device_is_caller_locked_out (DBusConnect
 				    DBUS_TYPE_STRING, &interface_name,
 				    DBUS_TYPE_STRING, &caller_sysbus_name,
 				    DBUS_TYPE_INVALID)) {
-		raise_syntax (connection, message, "ReleaseInterfaceLock");
+		raise_syntax (connection, message, "IsCallerLockedOut");
 		return DBUS_HANDLER_RESULT_HANDLED;
 	}
 
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 2b96220..3c5a302 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -29,7 +29,8 @@ bin_PROGRAMS =                    \
 	hal-set-property          \
 	hal-find-by-capability    \
 	hal-find-by-property      \
-	hal-device
+	hal-device		  \
+	hal-is-caller-locked-out
 
 lshal_SOURCES = lshal.c
 lshal_LDADD = @GLIB_LIBS@ $(top_builddir)/libhal/libhal.la
@@ -49,6 +50,9 @@ hal_find_by_property_LDADD = @DBUS_LIBS@
 hal_device_SOURCES = hal-device.c
 hal_device_LDADD = @DBUS_LIBS@ $(top_builddir)/libhal/libhal.la
 
+hal_is_caller_locked_out_SOURCES = hal-is-caller-locked-out.c
+hal_is_caller_locked_out_LDADD = @DBUS_LIBS@ $(top_builddir)/libhal/libhal.la
+
 libexec_PROGRAMS =                          \
 	hal-storage-mount	            \
 	hal-storage-unmount 	            \
diff --git a/tools/hal-is-caller-locked-out.c b/tools/hal-is-caller-locked-out.c
new file mode 100644
index 0000000..96a4ea2
--- /dev/null
+++ b/tools/hal-is-caller-locked-out.c
@@ -0,0 +1,183 @@
+/***************************************************************************
+ * CVSID: $Id$
+ *
+ * hal-is-caller-locked-out.c : Determine if a caller is locked out
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ **************************************************************************/
+
+
+#ifdef HAVE_CONFIG_H
+#  include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <getopt.h>
+
+#include <libhal.h>
+
+/** 
+ *  usage:
+ *  @argc:                Number of arguments given to program
+ *  @argv:                Arguments given to program
+ *
+ *  Print out program usage. 
+ */
+static void
+usage (int argc, char *argv[])
+{
+	fprintf (stderr,
+                 "\n"
+                 "usage : hal-is-caller-locked-out --udi <udi> --interface <interface>\n"
+                 "                                 --caller <caller-name>\n"
+                 "                                 [--help] [--version]\n");
+	fprintf (stderr,
+                 "\n"
+                 "        --udi            Unique Device Id\n"
+                 "        --interface      Interface\n"
+                 "        --caller         The name of the caller\n"
+                 "        --version        Show version and exit\n"
+                 "        --help           Show this information and exit\n"
+                 "\n"
+                 "This program determines if a given process on the system bus is\n"
+                 "locked out of a D-Bus interface. If the process is locked out\n"
+                 "or an error occurs this program exits with exit code 1. Otherwise\n"
+                 "it exits with exit code 0. Note that only the super user (root)\n"
+                 "or other privileged users can use this tool.\n"
+                 "\n");
+}
+
+/** 
+ *  main:
+ *  @argc:                Number of arguments given to program
+ *  @argv:                Arguments given to program
+ *
+ *  Returns:              Return code
+ *
+ *  Main entry point 
+ */
+int
+main (int argc, char *argv[])
+{
+	char *udi = NULL;
+	char *interface = NULL;
+	char *caller = NULL;
+        dbus_bool_t is_version = FALSE;
+        dbus_bool_t locked_out;
+	DBusError error;
+        LibHalContext *hal_ctx;
+
+
+	if (argc <= 1) {
+		usage (argc, argv);
+		return 1;
+	}
+
+	while (1) {
+		int c;
+		int option_index = 0;
+		const char *opt;
+		static struct option long_options[] = {
+			{"udi", 1, NULL, 0},
+			{"interface", 1, NULL, 0},
+			{"caller", 1, NULL, 0},
+			{"version", 0, NULL, 0},
+			{"help", 0, NULL, 0},
+			{NULL, 0, NULL, 0}
+		};
+
+		c = getopt_long (argc, argv, "",
+				 long_options, &option_index);
+		if (c == -1)
+			break;
+
+		switch (c) {
+		case 0:
+			opt = long_options[option_index].name;
+
+			if (strcmp (opt, "help") == 0) {
+				usage (argc, argv);
+				return 0;
+			} else if (strcmp (opt, "version") == 0) {
+				is_version = TRUE;
+			} else if (strcmp (opt, "udi") == 0) {
+				udi = strdup (optarg);
+			} else if (strcmp (opt, "caller") == 0) {
+				caller = strdup (optarg);
+			} else if (strcmp (opt, "interface") == 0) {
+				interface = strdup (optarg);
+			}
+			break;
+
+		default:
+			usage (argc, argv);
+			return 1;
+			break;
+		}
+	}
+
+	if (is_version) {
+		printf ("hal-is-caller-locked-out " PACKAGE_VERSION "\n");
+		return 0;
+	}
+
+	if (udi == NULL || caller == NULL || interface == NULL) {
+		usage (argc, argv);
+		return 1;
+	}
+
+	dbus_error_init (&error);	
+	if ((hal_ctx = libhal_ctx_new ()) == NULL) {
+		fprintf (stderr, "error: libhal_ctx_new\n");
+		return 1;
+	}
+	if (!libhal_ctx_set_dbus_connection (hal_ctx, dbus_bus_get (DBUS_BUS_SYSTEM, &error))) {
+		fprintf (stderr, "error: libhal_ctx_set_dbus_connection: %s: %s\n", error.name, error.message);
+		LIBHAL_FREE_DBUS_ERROR (&error);
+		return 1;
+	}
+	if (!libhal_ctx_init (hal_ctx, &error)) {
+		if (dbus_error_is_set(&error)) {
+			fprintf (stderr, "error: libhal_ctx_init: %s: %s\n", error.name, error.message);
+			dbus_error_free (&error);
+		}
+		fprintf (stderr, "Could not initialise connection to hald.\n"
+				 "Normally this means the HAL daemon (hald) is not running or not ready.\n");
+		return 1;
+	}
+
+        locked_out = libhal_device_is_caller_locked_out (hal_ctx,
+                                                         udi,
+                                                         interface,
+                                                         caller,
+                                                         &error);
+        if (dbus_error_is_set (&error)) {
+		fprintf (stderr, "error: %s: %s\n", error.name, error.message);
+		dbus_error_free (&error);
+		return 1;
+        }
+
+        if (locked_out)
+                return 1;
+        else
+                return 0;
+}
diff --git a/tools/hal-luks-setup b/tools/hal-luks-setup
index 247fe0c..154bde6 100755
--- a/tools/hal-luks-setup
+++ b/tools/hal-luks-setup
@@ -6,6 +6,12 @@
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2.
 
+locked_out() {
+	echo "org.freedesktop.Hal.Device.InterfaceLocked" >&2
+	echo "Enclosing drive/volume is locked" >&2
+	exit 1
+}
+
 if [ -z "$HAL_PROP_BLOCK_DEVICE" ] || [ -z "$HAL_PROP_INFO_UDI" ] || [ -z "$HAL_PROP_VOLUME_UUID" ] ; then
         echo "org.freedesktop.Hal.Device.UnknownError" >&2
         echo "Missing or empty environment variable(s)." >&2
@@ -13,6 +19,23 @@ if [ -z "$HAL_PROP_BLOCK_DEVICE" ] || [ 
         exit 1
 fi
 
+# Respect the same locks as Mount()/Unmount() etc.
+if [ -n "$HAL_METHOD_INVOKED_BY_SYSTEMBUS_CONNECTION_NAME" ] ; then
+    hal-is-caller-locked-out --udi $HAL_PROP_INFO_UDI \
+        --interface org.freedesktop.Hal.Volume \
+        --caller $HAL_METHOD_INVOKED_BY_SYSTEMBUS_CONNECTION_NAME
+    RET=$?
+    if [ "$RET" != "1" ] ; then
+        locked_out
+    fi
+    hal-is-caller-locked-out --udi $HAL_PROP_STORAGE_ORIGINATING_DEVICE \
+        --interface org.freedesktop.Hal.Storage \
+        --caller $HAL_METHOD_INVOKED_BY_SYSTEMBUS_CONNECTION_NAME
+    RET=$?
+    if [ "$RET" != "1" ] ; then
+        locked_out
+    fi
+fi
 
 if [ -n "$HALD_UNAME_S" -a -x ./$HALD_UNAME_S/hal-luks-setup-$HALD_UNAME_S ]; then
     exec ./$HALD_UNAME_S/hal-luks-setup-$HALD_UNAME_S $@
diff --git a/tools/hal-luks-teardown b/tools/hal-luks-teardown
index f6e8359..387cdfa 100755
--- a/tools/hal-luks-teardown
+++ b/tools/hal-luks-teardown
@@ -6,6 +6,12 @@
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2.
 
+locked_out() {
+	echo "org.freedesktop.Hal.Device.InterfaceLocked" >&2
+	echo "Enclosing drive/volume is locked" >&2
+	exit 1
+}
+
 # Check for environment variables
 if [ -z "$HAL_PROP_BLOCK_DEVICE" ] || [ -z "$HAL_PROP_INFO_UDI" ] || [ -z "$HAL_PROP_VOLUME_UUID" ] ; then
         echo "org.freedesktop.Hal.Device.UnknownError" >&2
@@ -14,6 +20,23 @@ if [ -z "$HAL_PROP_BLOCK_DEVICE" ] || [ 
         exit 1
 fi
 
+# Respect the same locks as Mount()/Unmount() etc.
+if [ -n "$HAL_METHOD_INVOKED_BY_SYSTEMBUS_CONNECTION_NAME" ] ; then
+    hal-is-caller-locked-out --udi $HAL_PROP_INFO_UDI \
+        --interface org.freedesktop.Hal.Volume \
+        --caller $HAL_METHOD_INVOKED_BY_SYSTEMBUS_CONNECTION_NAME
+    RET=$?
+    if [ "$RET" != "1" ] ; then
+        locked_out
+    fi
+    hal-is-caller-locked-out --udi $HAL_PROP_STORAGE_ORIGINATING_DEVICE \
+        --interface org.freedesktop.Hal.Storage \
+        --caller $HAL_METHOD_INVOKED_BY_SYSTEMBUS_CONNECTION_NAME
+    RET=$?
+    if [ "$RET" != "1" ] ; then
+        locked_out
+    fi
+fi
 
 if [ -n "$HALD_UNAME_S" -a -x ./$HALD_UNAME_S/hal-luks-teardown-$HALD_UNAME_S ]; then
     exec ./$HALD_UNAME_S/hal-luks-teardown-$HALD_UNAME_S $@


More information about the hal-commit mailing list