[systemd.git] / src / udev / udev-builtin-uaccess.c

/*
 * manage device node user ACL
 *
 * Copyright 2010-2012 Kay Sievers <kay@vrfy.org>
 * Copyright 2010 Lennart Poettering
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <unistd.h>
#include <string.h>
#include <ctype.h>
#include <fcntl.h>
#include <errno.h>
#include <dirent.h>
#include <getopt.h>

#include "systemd/sd-login.h"
#include "logind-acl.h"
#include "udev.h"
#include "util.h"

static int builtin_uaccess(struct udev_device *dev, int argc, char *argv[], bool test) {
        int r;
        const char *path = NULL, *seat;
        bool changed_acl = false;
        uid_t uid;

        umask(0022);

        /* don't muck around with ACLs when the system is not running systemd */
        if (!logind_running())
                return 0;

        path = udev_device_get_devnode(dev);
        seat = udev_device_get_property_value(dev, "ID_SEAT");
        if (!seat)
                seat = "seat0";

        r = sd_seat_get_active(seat, NULL, &uid);
        if (r == -ENOENT) {
                /* No active session on this seat */
                r = 0;
                goto finish;
        } else if (r < 0) {
                log_error("Failed to determine active user on seat %s.", seat);
                goto finish;
        }

        r = devnode_acl(path, true, false, 0, true, uid);
        if (r < 0) {
                log_error("Failed to apply ACL on %s: %s", path, strerror(-r));
                goto finish;
        }

        changed_acl = true;
        r = 0;

finish:
        if (path && !changed_acl) {
                int k;

                /* Better be safe than sorry and reset ACL */
                k = devnode_acl(path, true, false, 0, false, 0);
                if (k < 0) {
                        log_error("Failed to apply ACL on %s: %s", path, strerror(-k));
                        if (r >= 0)
                                r = k;
                }
        }

        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}

const struct udev_builtin udev_builtin_uaccess = {
        .name = "uaccess",
        .cmd = builtin_uaccess,
        .help = "manage device node user ACL",
};
Commit	Line	Data
663996b3 MS	1	/*
	2	* manage device node user ACL
	3	*
	4	* Copyright 2010-2012 Kay Sievers <kay@vrfy.org>
	5	* Copyright 2010 Lennart Poettering
	6	*
	7	* This program is free software: you can redistribute it and/or modify
	8	* it under the terms of the GNU General Public License as published by
	9	* the Free Software Foundation, either version 2 of the License, or
	10	* (at your option) any later version.
	11	*
	12	* This program is distributed in the hope that it will be useful,
	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	15	* GNU General Public License for more details.
	16	*
	17	* You should have received a copy of the GNU General Public License
	18	* along with this program. If not, see <http://www.gnu.org/licenses/>.
	19	*/
	20
	21	#include <stdio.h>
	22	#include <stdlib.h>
	23	#include <stdarg.h>
	24	#include <unistd.h>
	25	#include <string.h>
	26	#include <ctype.h>
	27	#include <fcntl.h>
	28	#include <errno.h>
	29	#include <dirent.h>
	30	#include <getopt.h>
	31
5eef597e	32	#include "systemd/sd-login.h"
663996b3 MS	33	#include "logind-acl.h"
	34	#include "udev.h"
	35	#include "util.h"
	36
5eef597e	37	static int builtin_uaccess(struct udev_device dev, int argc, char argv[], bool test) {
663996b3 MS	38	int r;
	39	const char path = NULL, seat;
	40	bool changed_acl = false;
	41	uid_t uid;
	42
663996b3 MS	43	umask(0022);
	44
	45	/* don't muck around with ACLs when the system is not running systemd */
	46	if (!logind_running())
	47	return 0;
	48
	49	path = udev_device_get_devnode(dev);
	50	seat = udev_device_get_property_value(dev, "ID_SEAT");
	51	if (!seat)
	52	seat = "seat0";
	53
	54	r = sd_seat_get_active(seat, NULL, &uid);
	55	if (r == -ENOENT) {
	56	/* No active session on this seat */
	57	r = 0;
	58	goto finish;
	59	} else if (r < 0) {
	60	log_error("Failed to determine active user on seat %s.", seat);
	61	goto finish;
	62	}
	63
	64	r = devnode_acl(path, true, false, 0, true, uid);
	65	if (r < 0) {
	66	log_error("Failed to apply ACL on %s: %s", path, strerror(-r));
	67	goto finish;
	68	}
	69
	70	changed_acl = true;
	71	r = 0;
	72
	73	finish:
	74	if (path && !changed_acl) {
	75	int k;
	76
	77	/* Better be safe than sorry and reset ACL */
	78	k = devnode_acl(path, true, false, 0, false, 0);
	79	if (k < 0) {
	80	log_error("Failed to apply ACL on %s: %s", path, strerror(-k));
	81	if (r >= 0)
	82	r = k;
	83	}
	84	}
	85
	86	return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
	87	}
	88
	89	const struct udev_builtin udev_builtin_uaccess = {
	90	.name = "uaccess",
	91	.cmd = builtin_uaccess,
	92	.help = "manage device node user ACL",
	93	};