summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Bouchaud <yoz@efl.so>2015-09-24 03:48:06 +0000
committerMichael Bouchaud <yoz@efl.so>2015-09-24 03:48:06 +0000
commit866fdf557acbfbf1f2404da9c3799020375c16d2 (patch)
tree4873479ea2b03a3b4da04f78eb20487e093db325
parent07567ce6960769f057eebe2b13d0131d2a4493c7 (diff)
nobody user is right, just give him a sandbox to create some files
-rw-r--r--data/entrance.conf.in2
-rw-r--r--src/daemon/entrance.c77
2 files changed, 65 insertions, 14 deletions
diff --git a/data/entrance.conf.in b/data/entrance.conf.in
index ac143da..b1ac05d 100644
--- a/data/entrance.conf.in
+++ b/data/entrance.conf.in
@@ -71,5 +71,5 @@ group "Entrance_Config" struct {
71 value "virtual_keyboard" uchar: 0; 71 value "virtual_keyboard" uchar: 0;
72 72
73 /* the user to log in with */ 73 /* the user to log in with */
74 value "start_user" string: "entrance"; 74 value "start_user" string: "nobody";
75} 75}
diff --git a/src/daemon/entrance.c b/src/daemon/entrance.c
index a1d2010..c86eb85 100644
--- a/src/daemon/entrance.c
+++ b/src/daemon/entrance.c
@@ -5,9 +5,11 @@
5#include <Eina.h> 5#include <Eina.h>
6#include "Ecore_Getopt.h" 6#include "Ecore_Getopt.h"
7#include <xcb/xcb.h> 7#include <xcb/xcb.h>
8#include <assert.h>
8 9
9#define ENTRANCE_DISPLAY ":0.0" 10#define ENTRANCE_DISPLAY ":0.0"
10#define ENTRANCE_XEPHYR ":1.0" 11#define ENTRANCE_XEPHYR ":1.0"
12#define ENTRANCE_CONFIG_HOME_PATH "/var/cache/entrance/client"
11 13
12static Eina_Bool _open_log(); 14static Eina_Bool _open_log();
13static Eina_Bool _entrance_main(const char *dname); 15static Eina_Bool _entrance_main(const char *dname);
@@ -186,39 +188,88 @@ _entrance_client_data(void *d EINA_UNUSED, int t EINA_UNUSED, void *event)
186static Eina_Bool 188static Eina_Bool
187_entrance_main(const char *dname) 189_entrance_main(const char *dname)
188{ 190{
191 struct passwd *pwd = NULL;
192 const char *user;
193 char buf[PATH_MAX];
194 const char *home_path;
195 struct stat st;
196
189 PT("starting..."); 197 PT("starting...");
190 if (!entrance_config->autologin) 198 if (!entrance_config->autologin)
191 { 199 {
192 if (!_entrance_client) 200 if (!_entrance_client)
193 { 201 {
194 char buf[PATH_MAX];
195 const char *user = NULL;
196 ecore_event_handler_add(ECORE_EXE_EVENT_DEL, 202 ecore_event_handler_add(ECORE_EXE_EVENT_DEL,
197 _entrance_client_del, NULL); 203 _entrance_client_del, NULL);
198 ecore_event_handler_add(ECORE_EXE_EVENT_ERROR, 204 ecore_event_handler_add(ECORE_EXE_EVENT_ERROR,
199 _entrance_client_error, NULL); 205 _entrance_client_error, NULL);
200 ecore_event_handler_add(ECORE_EXE_EVENT_DATA, 206 ecore_event_handler_add(ECORE_EXE_EVENT_DATA,
201 (Ecore_Event_Handler_Cb)_entrance_client_data, NULL); 207 _entrance_client_data, NULL);
202 if (entrance_config->start_user && entrance_config->start_user[0]) 208 if (entrance_config->start_user
209 && entrance_config->start_user[0]) {
210 pwd = getpwnam(entrance_config->start_user);
211 }
212 if (!pwd)
203 { 213 {
204 if (getpwnam(entrance_config->start_user)) 214 PT("The given user %s, is not valid."
205 user = entrance_config->start_user; 215 "Falling back to nobody", entrance_config->start_user);
216 pwd = getpwnam("nobody");
217 user = "nobody";
218 assert(pwd);
206 } 219 }
207 220 else
208 if (!user) 221 {
222 user = entrance_config->start_user;
223 }
224 if (!pwd->pw_dir || !strcmp(pwd->pw_dir, "/"))
225 {
226 PT("No home directory for client");
227 home_path = ENTRANCE_CONFIG_HOME_PATH;
228 if (!ecore_file_exists(ENTRANCE_CONFIG_HOME_PATH))
229 {
230 PT("Creating new home directory for client");
231 ecore_file_mkdir(ENTRANCE_CONFIG_HOME_PATH);
232 chown(ENTRANCE_CONFIG_HOME_PATH,
233 pwd->pw_uid, pwd->pw_gid);
234 }
235 else
236 {
237 if (!ecore_file_is_dir(ENTRANCE_CONFIG_HOME_PATH))
238 {
239 PT("Hum a file already exists here "
240 ENTRANCE_CONFIG_HOME_PATH" sorry but"
241 "I remove it, I need it ^^");
242 ecore_file_remove(ENTRANCE_CONFIG_HOME_PATH);
243 ecore_file_mkdir(ENTRANCE_CONFIG_HOME_PATH);
244 chown(ENTRANCE_CONFIG_HOME_PATH,
245 pwd->pw_uid, pwd->pw_gid);
246 }
247 }
248 }
249 else
250 {
251 home_path = pwd->pw_dir;
252 }
253 PT("Home directory %s", home_path);
254 stat(home_path, &st);
255 if ((st.st_uid != pwd->pw_uid)
256 || (st.st_gid != pwd->pw_gid))
209 { 257 {
210 PT("The given user %s, is not not valid. Falling back to nobody user, possible that this wont work, set up a correct start_user in entrance.conf", entrance_config->start_user); 258 PT("The permission about %s is wrong, I fix it", home_path);
211 user = "nobody"; 259 chown(home_path, pwd->pw_uid, pwd->pw_gid);
212 } 260 }
213 261
214 snprintf(buf, sizeof(buf), 262 snprintf(buf, sizeof(buf),
215 SUDO" -u %s " 263 SUDO" --user %s HOME=%s "
216 "LD_LIBRARY_PATH="PACKAGE_LIB_DIR" " 264 "LD_LIBRARY_PATH="PACKAGE_LIB_DIR" "
217 PACKAGE_BIN_DIR"/entrance_client -d %s -t %s", 265 PACKAGE_BIN_DIR"/entrance_client -d %s -t %s",
218 user, dname, entrance_config->theme); 266 user, home_path, dname, entrance_config->theme);
219 PT("Exec entrance_client: %s", buf); 267 PT("Exec entrance_client: %s", buf);
220 268
221 _entrance_client = ecore_exe_pipe_run(buf, ECORE_EXE_PIPE_READ | ECORE_EXE_PIPE_ERROR, NULL); 269 _entrance_client =
270 ecore_exe_pipe_run(buf,
271 ECORE_EXE_PIPE_READ | ECORE_EXE_PIPE_ERROR,
272 NULL);
222 } 273 }
223 } 274 }
224 else 275 else