From 3f14582b85d0ff363d21fba79e2cc99c6be25647 Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Mon, 15 Aug 2022 14:05:54 +0200 Subject: [PATCH] LoginServer+LibCore: Only create user temp directory from LoginServer Other programs use Core::Account::login(), notably su(1), which stopped working due to a missing "cpath" pledge promise. This patch moves the /tmp/user/ creation logic to a separate function that LoginServer can call. --- Userland/Libraries/LibCore/Account.cpp | 15 +++++++-------- Userland/Libraries/LibCore/Account.h | 2 ++ Userland/Services/LoginServer/main.cpp | 5 +++++ 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/Userland/Libraries/LibCore/Account.cpp b/Userland/Libraries/LibCore/Account.cpp index dc2e64a1d3..4135028211 100644 --- a/Userland/Libraries/LibCore/Account.cpp +++ b/Userland/Libraries/LibCore/Account.cpp @@ -149,17 +149,16 @@ bool Account::authenticate(SecretString const& password) const return hash != nullptr && AK::timing_safe_compare(hash, m_password_hash.characters(), m_password_hash.length()); } -bool Account::login() const +ErrorOr Account::create_user_temporary_directory_if_needed() const { auto const temporary_directory = String::formatted("/tmp/user/{}", m_uid); - if (auto result = Core::Directory::create(temporary_directory, Core::Directory::CreateDirectories::Yes); result.is_error()) { - dbgln("{}", result.release_error()); - return false; - } - - if (chown(temporary_directory.characters(), m_uid, m_gid) < 0) - return false; + TRY(Core::Directory::create(temporary_directory, Core::Directory::CreateDirectories::Yes)); + TRY(Core::System::chown(temporary_directory, m_uid, m_gid)); + return {}; +} +bool Account::login() const +{ if (setgroups(m_extra_gids.size(), m_extra_gids.data()) < 0) return false; diff --git a/Userland/Libraries/LibCore/Account.h b/Userland/Libraries/LibCore/Account.h index 8e545aaad1..e75de6f71a 100644 --- a/Userland/Libraries/LibCore/Account.h +++ b/Userland/Libraries/LibCore/Account.h @@ -42,6 +42,8 @@ public: bool authenticate(SecretString const& password) const; bool login() const; + ErrorOr create_user_temporary_directory_if_needed() const; + String username() const { return m_username; } String password_hash() const { return m_password_hash; } diff --git a/Userland/Services/LoginServer/main.cpp b/Userland/Services/LoginServer/main.cpp index 8b539c9540..34fc819e2f 100644 --- a/Userland/Services/LoginServer/main.cpp +++ b/Userland/Services/LoginServer/main.cpp @@ -18,6 +18,11 @@ static void child_process(Core::Account const& account) { + if (auto result = account.create_user_temporary_directory_if_needed(); result.is_error()) { + dbgln("Failed to create temporary directory for user {}: {}", account.username(), result.error()); + exit(1); + } + if (!account.login()) { dbgln("failed to switch users: {}", strerror(errno)); exit(1);