RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 05:07:45 +00:00
Code Issues Activity Actions

LoginServer+LibCore: Only create user temp directory from LoginServer

Browse source 
Other programs use Core::Account::login(), notably su(1), which stopped
working due to a missing "cpath" pledge promise.

This patch moves the /tmp/user/ creation logic to a separate function
that LoginServer can call.
This commit is contained in:
Andreas Kling 2022-08-15 14:05:54 +02:00
parent 32642394a9
commit 3f14582b85
3 changed files with 14 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

15
Userland/Libraries/LibCore/Account.cpp
View file

@ -149,17 +149,16 @@ bool Account::authenticate(SecretString const& password) const
return hash != nullptr && AK::timing_safe_compare(hash, m_password_hash.characters(), m_password_hash.length()); return hash != nullptr && AK::timing_safe_compare(hash, m_password_hash.characters(), m_password_hash.length());
} }
bool Account::login() const ErrorOr<void> Account::create_user_temporary_directory_if_needed() const
{ {
auto const temporary_directory = String::formatted("/tmp/user/{}", m_uid); auto const temporary_directory = String::formatted("/tmp/user/{}", m_uid);
if (auto result = Core::Directory::create(temporary_directory, Core::Directory::CreateDirectories::Yes); result.is_error()) { TRY(Core::Directory::create(temporary_directory, Core::Directory::CreateDirectories::Yes));
dbgln("{}", result.release_error()); TRY(Core::System::chown(temporary_directory, m_uid, m_gid));
return false; return {};
} }
if (chown(temporary_directory.characters(), m_uid, m_gid) < 0)
return false;
bool Account::login() const
{
if (setgroups(m_extra_gids.size(), m_extra_gids.data()) < 0) if (setgroups(m_extra_gids.size(), m_extra_gids.data()) < 0)
return false; return false;

2
Userland/Libraries/LibCore/Account.h
View file

@ -42,6 +42,8 @@ public:
bool authenticate(SecretString const& password) const; bool authenticate(SecretString const& password) const;
bool login() const; bool login() const;
ErrorOr<void> create_user_temporary_directory_if_needed() const;
String username() const { return m_username; } String username() const { return m_username; }
String password_hash() const { return m_password_hash; } String password_hash() const { return m_password_hash; }

5
Userland/Services/LoginServer/main.cpp
View file

@ -18,6 +18,11 @@
static void child_process(Core::Account const& account) static void child_process(Core::Account const& account)
{ {
if (auto result = account.create_user_temporary_directory_if_needed(); result.is_error()) {
dbgln("Failed to create temporary directory for user {}: {}", account.username(), result.error());
exit(1);
}
if (!account.login()) { if (!account.login()) {
dbgln("failed to switch users: {}", strerror(errno)); dbgln("failed to switch users: {}", strerror(errno));
exit(1); exit(1);