From 866fdf557acbfbf1f2404da9c3799020375c16d2 Mon Sep 17 00:00:00 2001 From: Michael Bouchaud Date: Thu, 24 Sep 2015 03:48:06 +0000 Subject: [PATCH] nobody user is right, just give him a sandbox to create some files --- data/entrance.conf.in | 2 +- src/daemon/entrance.c | 77 +++++++++++++++++++++++++++++++++++-------- 2 files changed, 65 insertions(+), 14 deletions(-) diff --git a/data/entrance.conf.in b/data/entrance.conf.in index ac143da..b1ac05d 100644 --- a/data/entrance.conf.in +++ b/data/entrance.conf.in @@ -71,5 +71,5 @@ group "Entrance_Config" struct { value "virtual_keyboard" uchar: 0; /* the user to log in with */ - value "start_user" string: "entrance"; + value "start_user" string: "nobody"; } diff --git a/src/daemon/entrance.c b/src/daemon/entrance.c index a1d2010..c86eb85 100644 --- a/src/daemon/entrance.c +++ b/src/daemon/entrance.c @@ -5,9 +5,11 @@ #include #include "Ecore_Getopt.h" #include +#include #define ENTRANCE_DISPLAY ":0.0" #define ENTRANCE_XEPHYR ":1.0" +#define ENTRANCE_CONFIG_HOME_PATH "/var/cache/entrance/client" static Eina_Bool _open_log(); static Eina_Bool _entrance_main(const char *dname); @@ -186,39 +188,88 @@ _entrance_client_data(void *d EINA_UNUSED, int t EINA_UNUSED, void *event) static Eina_Bool _entrance_main(const char *dname) { + struct passwd *pwd = NULL; + const char *user; + char buf[PATH_MAX]; + const char *home_path; + struct stat st; + PT("starting..."); if (!entrance_config->autologin) { if (!_entrance_client) { - char buf[PATH_MAX]; - const char *user = NULL; ecore_event_handler_add(ECORE_EXE_EVENT_DEL, _entrance_client_del, NULL); ecore_event_handler_add(ECORE_EXE_EVENT_ERROR, _entrance_client_error, NULL); ecore_event_handler_add(ECORE_EXE_EVENT_DATA, - (Ecore_Event_Handler_Cb)_entrance_client_data, NULL); - if (entrance_config->start_user && entrance_config->start_user[0]) + _entrance_client_data, NULL); + if (entrance_config->start_user + && entrance_config->start_user[0]) { + pwd = getpwnam(entrance_config->start_user); + } + if (!pwd) { - if (getpwnam(entrance_config->start_user)) - user = entrance_config->start_user; + PT("The given user %s, is not valid." + "Falling back to nobody", entrance_config->start_user); + pwd = getpwnam("nobody"); + user = "nobody"; + assert(pwd); } - - if (!user) + else { - PT("The given user %s, is not not valid. Falling back to nobody user, possible that this wont work, set up a correct start_user in entrance.conf", entrance_config->start_user); - user = "nobody"; + user = entrance_config->start_user; + } + if (!pwd->pw_dir || !strcmp(pwd->pw_dir, "/")) + { + PT("No home directory for client"); + home_path = ENTRANCE_CONFIG_HOME_PATH; + if (!ecore_file_exists(ENTRANCE_CONFIG_HOME_PATH)) + { + PT("Creating new home directory for client"); + ecore_file_mkdir(ENTRANCE_CONFIG_HOME_PATH); + chown(ENTRANCE_CONFIG_HOME_PATH, + pwd->pw_uid, pwd->pw_gid); + } + else + { + if (!ecore_file_is_dir(ENTRANCE_CONFIG_HOME_PATH)) + { + PT("Hum a file already exists here " + ENTRANCE_CONFIG_HOME_PATH" sorry but" + "I remove it, I need it ^^"); + ecore_file_remove(ENTRANCE_CONFIG_HOME_PATH); + ecore_file_mkdir(ENTRANCE_CONFIG_HOME_PATH); + chown(ENTRANCE_CONFIG_HOME_PATH, + pwd->pw_uid, pwd->pw_gid); + } + } + } + else + { + home_path = pwd->pw_dir; + } + PT("Home directory %s", home_path); + stat(home_path, &st); + if ((st.st_uid != pwd->pw_uid) + || (st.st_gid != pwd->pw_gid)) + { + PT("The permission about %s is wrong, I fix it", home_path); + chown(home_path, pwd->pw_uid, pwd->pw_gid); } snprintf(buf, sizeof(buf), - SUDO" -u %s " + SUDO" --user %s HOME=%s " "LD_LIBRARY_PATH="PACKAGE_LIB_DIR" " PACKAGE_BIN_DIR"/entrance_client -d %s -t %s", - user, dname, entrance_config->theme); + user, home_path, dname, entrance_config->theme); PT("Exec entrance_client: %s", buf); - _entrance_client = ecore_exe_pipe_run(buf, ECORE_EXE_PIPE_READ | ECORE_EXE_PIPE_ERROR, NULL); + _entrance_client = + ecore_exe_pipe_run(buf, + ECORE_EXE_PIPE_READ | ECORE_EXE_PIPE_ERROR, + NULL); } } else