udev-acl: add/remove ACLs for active/inactive local sessions

1 files changed, 43 insertions, 27 deletions

diff --git a/udev-acl/udev-acl.c b/udev-acl/udev-acl.c
index 443ba45..5bac6bd 100644
--- a/udev-acl/udev-acl.c
+++ b/udev-acl/udev-acl.c
@@ -114,8 +114,8 @@ static int uid_in_list(GSList *list, uid_t uid)
 	return 0;
 }
 
-/* return list of current uids of local sessions */
-static GSList *uids_with_local_session(const char *own_id)
+/* return list of current uids of local active sessions */
+static GSList *uids_with_local_active_session(const char *own_id)
 {
 	GSList *list = NULL;
 	GKeyFile *keyfile;
@@ -134,13 +134,12 @@ static GSList *uids_with_local_session(const char *own_id)
 
 				if (!g_str_has_prefix(groups[i], "Session "))
 					continue;
-				if (own_id != NULL) {
-					/* exclude our own session */
-					if (g_str_has_suffix(groups[i], own_id))
-						continue;
-				}
+				if (own_id != NULL &&g_str_has_suffix(groups[i], own_id))
+					continue;
 				if (!g_key_file_get_boolean(keyfile, groups[i], "is_local", NULL))
 					continue;
+				if (!g_key_file_get_boolean(keyfile, groups[i], "is_active", NULL))
+					continue;
 				u = g_key_file_get_integer(keyfile, groups[i], "uid", NULL);
 				if (u > 0 && !uid_in_list(list, u))
 					list = g_slist_prepend(list, GUINT_TO_POINTER(u));
@@ -156,34 +155,42 @@ static GSList *uids_with_local_session(const char *own_id)
 /* ConsoleKit calls us with special variables */
 static int consolekit_called(const char *action, uid_t *uid, const char **own_session, int *add)
 {
-	const char *id;
-	const char *local;
+	int a;
+	uid_t u;
+	const char *s;
 	const char *session;
 
-	id = getenv("CK_SESSION_USER_UID");
-	if (id == NULL)
+	if (strcmp(action, "session_active_changed") != 0)
 		return -1;
 
-	local = getenv("CK_SESSION_IS_LOCAL");
-	if (local == NULL)
+	s = getenv("CK_SESSION_IS_LOCAL");
+	if (s == NULL)
 		return -1;
+	if (strcmp(s, "true") != 0)
+		return 0;
 
-	session = getenv("CK_SESSION_ID");
-	if (session == NULL)
+	s = getenv("CK_SESSION_IS_ACTIVE");
+	if (s == NULL)
 		return -1;
+	if (strcmp(s, "true") == 0)
+		a = 1;
+	else
+		a = 0;
 
-	if (strcmp(local, "true") != 0)
+	session = getenv("CK_SESSION_ID");
+	if (session == NULL)
 		return -1;
 
-	if (strcmp(action, "session_added") == 0)
-		*add = 1;
-	else if (strcmp(action, "session_removed") == 0)
-		*add = 0;
-	else
+	s = getenv("CK_SESSION_USER_UID");
+	if (s == NULL)
 		return -1;
+	u = strtoul(s, NULL, 10);
+	if (u == 0)
+		return 0;
 
 	*own_session = session;
-	*uid = strtoul(id, NULL, 10);
+	*uid = u;
+	*add = a;
 	return 0;
 }
 
@@ -286,23 +293,32 @@ int main (int argc, char* argv[])
 
 	if (uid != 0) {
 		if (add) {
-			/* add ACL for given uid to all matching devices */
+			/* Add ACL for given uid to all matching devices. */
 			apply_acl_to_devices(uid, 1);
 		} else {
-			/* remove ACL for given uid to all matching devices, if last session goes away */
+			/*
+			 * Remove ACL for given uid from all matching devices
+			 * when there is currently no local active session.
+			 */
 			GSList *list;
 
-			list = uids_with_local_session(own_session);
+			list = uids_with_local_active_session(own_session);
 			if (!uid_in_list(list, uid))
 				apply_acl_to_devices(uid, 0);
 			g_slist_free(list);
 		}
 	} else if (device != NULL) {
-		/* update list of ACLs of all current session uids to a given device */
+		/*
+		 * Add ACLs for all current session uids to a given device.
+		 *
+		 * Or remove ACLs for uids which do not have any current local
+		 * active session. Remove is not really interesting, because in
+		 * most cases the device node is removed anyway.
+		 */
 		GSList *list;
 		GSList *l;
 
-		list = uids_with_local_session(NULL);
+		list = uids_with_local_active_session(NULL);
 		for (l = list; l != NULL; l = g_slist_next(l)) {
 			uid_t u;