[systemd-commits] 3 commits - src/logind-acl.c src/logind.c src/logind.h src/logind-session-dbus.c src/org.freedesktop.login1.conf src/uaccess.c TODO
Lennart Poettering
lennart at kemper.freedesktop.org
Wed Jun 29 10:53:37 PDT 2011
TODO | 3 +++
src/logind-acl.c | 20 ++++++++++++--------
src/logind-session-dbus.c | 8 ++++++++
src/logind.c | 2 +-
src/logind.h | 2 +-
src/org.freedesktop.login1.conf | 4 ++++
src/uaccess.c | 37 +++++++++++++++++++++++++++----------
7 files changed, 56 insertions(+), 20 deletions(-)
New commits:
commit 5bc849fd06ca08687d22fb9ff846550ec3ff161b
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Jun 29 19:53:27 2011 +0200
logind: allow access to SetIdleHint() to owner of the session
diff --git a/src/logind-session-dbus.c b/src/logind-session-dbus.c
index 2435a65..0ef6558 100644
--- a/src/logind-session-dbus.c
+++ b/src/logind-session-dbus.c
@@ -302,6 +302,7 @@ static DBusHandlerResult session_message_dispatch(
} else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Session", "SetIdleHint")) {
dbus_bool_t b;
+ unsigned long ul;
if (!dbus_message_get_args(
message,
@@ -310,6 +311,13 @@ static DBusHandlerResult session_message_dispatch(
DBUS_TYPE_INVALID))
return bus_send_error_reply(connection, message, &error, -EINVAL);
+ ul = dbus_bus_get_unix_user(connection, dbus_message_get_sender(message), &error);
+ if (ul == (unsigned long) -1)
+ return bus_send_error_reply(connection, message, &error, -EIO);
+
+ if (ul != 0 && ul != s->user->uid)
+ return bus_send_error_reply(connection, message, NULL, -EPERM);
+
session_set_idle_hint(s, b);
reply = dbus_message_new_method_return(message);
diff --git a/src/logind.h b/src/logind.h
index 7e47bc3..10b7527 100644
--- a/src/logind.h
+++ b/src/logind.h
@@ -36,7 +36,6 @@
*
* spawn user systemd
* direct client API
- * verify access to SetIdleHint
*
* udev:
* drop redundant udev_device_get_is_initialized() use as soon as libudev is fixed
diff --git a/src/org.freedesktop.login1.conf b/src/org.freedesktop.login1.conf
index dc6a01c..c423ef5 100644
--- a/src/org.freedesktop.login1.conf
+++ b/src/org.freedesktop.login1.conf
@@ -76,6 +76,10 @@
send_interface="org.freedesktop.login1.Session"
send_member="Activate"/>
+ <allow send_destination="org.freedesktop.login1"
+ send_interface="org.freedesktop.login1.Session"
+ send_member="SetIdleHint"/>
+
<allow receive_sender="org.freedesktop.login1"/>
</policy>
commit 539072153c0db3d91c1c59ad447d96b0e1f3cf77
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Jun 29 19:41:07 2011 +0200
acl: libudev currently doesn't handle properly enumerator matches with multiple tags, so avoid using them for now
diff --git a/TODO b/TODO
index 86f2d72..155f09f 100644
--- a/TODO
+++ b/TODO
@@ -22,6 +22,9 @@ F15 External:
* fix broken Sockets=syslog-ng.socket packaging
Features:
+
+* understand https://bugzilla.redhat.com/show_bug.cgi?id=672194
+
* possibly set timezone offset from systemd at init instead
of calling hwclock
diff --git a/src/logind-acl.c b/src/logind-acl.c
index 7571093..59af981 100644
--- a/src/logind-acl.c
+++ b/src/logind-acl.c
@@ -222,7 +222,7 @@ int devnode_acl_all(struct udev *udev,
assert(udev);
- if (!seat)
+ if (isempty(seat))
seat = "seat0";
e = udev_enumerate_new(udev);
@@ -233,11 +233,13 @@ int devnode_acl_all(struct udev *udev,
if (r < 0)
goto finish;
- if (!streq(seat, "seat0")) {
- r = udev_enumerate_add_match_tag(e, seat);
- if (r < 0)
- goto finish;
- }
+ /* FIXME: when libudev is able to handle multiple match tags
+ * properly, optimize the search here a bit */
+ /* if (!streq(seat, "seat0")) { */
+ /* r = udev_enumerate_add_match_tag(e, seat); */
+ /* if (r < 0) */
+ /* goto finish; */
+ /* } */
r = udev_enumerate_scan_devices(e);
if (r < 0)
@@ -254,8 +256,8 @@ int devnode_acl_all(struct udev *udev,
goto finish;
}
- sn = udev_device_get_property_value(d, "SEAT");
- if (!sn)
+ sn = udev_device_get_property_value(d, "ID_SEAT");
+ if (isempty(sn))
sn = "seat0";
if (!streq(seat, sn)) {
@@ -270,6 +272,8 @@ int devnode_acl_all(struct udev *udev,
goto finish;
}
+ log_debug("Fixing up %s for seat %s...", node, sn);
+
r = devnode_acl(node, flush, del, old_uid, add, new_uid);
udev_device_unref(d);
diff --git a/src/logind.c b/src/logind.c
index 9bab875..cbc878e 100644
--- a/src/logind.c
+++ b/src/logind.c
@@ -286,7 +286,7 @@ int manager_process_seat_device(Manager *m, struct udev_device *d) {
Seat *seat;
sn = udev_device_get_property_value(d, "ID_SEAT");
- if (!sn)
+ if (isempty(sn))
sn = "seat0";
if (!seat_name_is_valid(sn)) {
diff --git a/src/logind.h b/src/logind.h
index aaa21cd..7e47bc3 100644
--- a/src/logind.h
+++ b/src/logind.h
@@ -45,6 +45,7 @@
* trigger based on libudev if available
* enumerate recursively with libudev when triggering
* use sysfs in device hash table, not sysname, when fb driver is fixed
+ * fix ACL enumeration as soon as libudev can properly handle two match tags when enumerating
*
* non-local X11 server
* reboot/shutdown halt management
diff --git a/src/uaccess.c b/src/uaccess.c
index 2f6ac43..1683707 100644
--- a/src/uaccess.c
+++ b/src/uaccess.c
@@ -44,7 +44,7 @@ int main(int argc, char *argv[]) {
}
path = argv[1];
- seat = argc >= 3 ? argv[2] : "seat0";
+ seat = argc < 3 || isempty(argv[2]) ? "seat0" : argv[2];
p = strappend("/run/systemd/seats/", seat);
if (!p) {
commit f5f32cd7adb78d390fa9050588095b3d31c8527b
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Jun 29 18:06:58 2011 +0200
uaccess: drop ACLs in case of error, just to be safe
diff --git a/src/uaccess.c b/src/uaccess.c
index 392b516..2f6ac43 100644
--- a/src/uaccess.c
+++ b/src/uaccess.c
@@ -31,6 +31,7 @@ int main(int argc, char *argv[]) {
const char *path, *seat;
char *p, *active_uid = NULL;
unsigned long ul;
+ bool changed_acl = false;
log_set_target(LOG_TARGET_AUTO);
log_parse_environment();
@@ -66,21 +67,37 @@ int main(int argc, char *argv[]) {
goto finish;
}
- r = safe_atolu(active_uid, &ul);
- if (r < 0) {
- log_error("Failed to parse active UID value %s: %s", active_uid, strerror(-r));
- goto finish;
- }
+ if (active_uid) {
+ r = safe_atolu(active_uid, &ul);
+ if (r < 0) {
+ log_error("Failed to parse active UID value %s: %s", active_uid, strerror(-r));
+ goto finish;
+ }
- r = devnode_acl(path, true, false, 0, true, (uid_t) ul);
- if (r < 0) {
- log_error("Failed to apply ACL on %s: %s", path, strerror(-r));
- goto finish;
+ r = devnode_acl(path, true, false, 0, true, (uid_t) ul);
+ if (r < 0) {
+ log_error("Failed to apply ACL on %s: %s", path, strerror(-r));
+ goto finish;
+ }
+
+ changed_acl = true;
}
r = 0;
finish:
+ if (path && !changed_acl) {
+ int k;
+ /* Better be safe that sorry and reset ACL */
+
+ k = devnode_acl(path, true, false, 0, false, 0);
+ if (k < 0) {
+ log_error("Failed to apply ACL on %s: %s", path, strerror(-k));
+ if (r >= 0)
+ r = k;
+ }
+ }
+
free(active_uid);
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
More information about the systemd-commits
mailing list