javalsai/lidm
0
1
Fork 0
mirror of https://github.com/javalsai/lidm.git synced 2026-02-27 12:00:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: support Xorg & better auth logic (#80)

Browse Source 
Co-authored-by: grialion <48643945+grialion@users.noreply.github.com>
This commit is contained in:
javalsai
2026-01-19 21:17:45 +01:00
committed by GitHub
parent d65bd7a8ee
commit 7e7a297e2e
28 changed files with 842 additions and 351 deletions
Download Patch File Download Diff File Expand all files Collapse all files

515
src/auth.c
View File

@@ -1,114 +1,39 @@
// TODO: handle `fork() == -1`// TODO: handle `fork() == -1`s
#include <errno.h>
#include <grp.h>
#include <pwd.h>
#include <security/pam_misc.h>
#include <signal.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <unistd.h>
#include "auth.h"
#include "config.h"
#include "desktop_exec.h"
#include "log.h"
#include "macros.h"
#include "pam.h"
#include "sessions.h"
#include "ui.h"
#include "unistd.h"
#include "util.h"
struct pam_conv_data {
char* password;
void (*display_pam_msg)(const char* msg, int msg_style);
};
#define XORG_MESSAGE_LENGTH 16
int pam_conversation(int num_msg, const struct pam_message** msg,
struct pam_response** resp, void* appdata_ptr) {
struct pam_response* reply =
(struct pam_response*)malloc(sizeof(struct pam_response) * num_msg);
if (!reply) {
return PAM_BUF_ERR;
static void try_source_file(struct Vector* NNULLABLE vec_envlist,
char* NNULLABLE filepath) {
log_printf("sourcing %s\n", filepath);
FILE* file2source = fopen(filepath, "r");
if (file2source == NULL) {
log_printf("error sourcing %s\n", filepath);
return;
}
struct pam_conv_data* conv_data = (struct pam_conv_data*)appdata_ptr;
for (size_t i = 0; i < num_msg; i++) {
reply[i].resp = NULL;
reply[i].resp_retcode = 0;
switch (msg[i]->msg_style) {
case PAM_PROMPT_ECHO_OFF:
case PAM_PROMPT_ECHO_ON:
reply[i].resp = strdup(conv_data->password);
if (!reply[i].resp) {
for (size_t j = 0; j < i; j++)
free(reply[j].resp);
free(reply);
return PAM_BUF_ERR;
}
break;
case PAM_TEXT_INFO:
case PAM_ERROR_MSG:
if (conv_data->display_pam_msg && msg[i]->msg) {
conv_data->display_pam_msg(msg[i]->msg, msg[i]->msg_style);
}
break;
default:
break;
}
}
*resp = reply;
return PAM_SUCCESS;
}
#ifndef PAM_SERVICE_FALLBACK
#define PAM_SERVICE_FALLBACK "login"
#endif
#define CHECK_PAM_RET(call) \
ret = (call); \
if (ret != PAM_SUCCESS) { \
pam_end(pamh, ret); \
return NULL; \
}
void clear_screen() {
printf("\x1b[H\x1b[J");
}
pam_handle_t* get_pamh(char* user, char* passwd) {
pam_handle_t* pamh = NULL;
struct pam_conv_data conv_data = {.password = passwd,
.display_pam_msg = print_pam_msg};
struct pam_conv pamc = {pam_conversation, (void*)&conv_data};
int ret;
char* pam_service_override = getenv("LIDM_PAM_SERVICE");
char* pam_service_name =
pam_service_override ? pam_service_override : PAM_SERVICE_FALLBACK;
CHECK_PAM_RET(pam_start(pam_service_name, user, &pamc, &pamh))
CHECK_PAM_RET(pam_authenticate(pamh, 0))
CHECK_PAM_RET(pam_acct_mgmt(pamh, 0))
CHECK_PAM_RET(pam_setcred(pamh, PAM_ESTABLISH_CRED))
CHECK_PAM_RET(pam_open_session(pamh, 0))
CHECK_PAM_RET(pam_setcred(pamh, PAM_REINITIALIZE_CRED))
return pamh;
}
#undef CHECK_PAM_RET
void* shmalloc(size_t size) {
return mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS,
-1, 0);
}
void sourceFileTry(char* file) {
FILE* file2source = fopen(file, "r");
if (file2source == NULL) return;
char* line = NULL;
size_t len = 0;
ssize_t read;
@@ -117,13 +42,10 @@ void sourceFileTry(char* file) {
if (read == 0 || (read > 0 && *line == '#')) continue;
if (line[read - 1] == '\n') line[read - 1] = '\0';
/* printf("Retrieved line of length %zu:\n", read); */
/* printf("%s\n", line); */
for (size_t i = 1; i < read; i++) {
for (ssize_t i = 1; i < read; i++) {
if (line[i] == '=') {
/* printf("FOUND '='!\n"); */
line[i] = '\0';
setenv(line, &line[i + 1], 1);
vec_push(vec_envlist, (void*)line);
line = NULL;
break;
}
}
@@ -133,85 +55,235 @@ void sourceFileTry(char* file) {
(void)fclose(file2source);
}
void moarEnv(char* user, struct session session, struct passwd* pw,
struct config* config) {
if (chdir(pw->pw_dir) == -1) print_errno("can't chdir to user home");
setenv("HOME", pw->pw_dir, true);
setenv("USER", pw->pw_name, true);
setenv("SHELL", pw->pw_shell, true);
// TERM
setenv("LOGNAME", pw->pw_name, true);
// MAIL?
// PATH?
char* xdg_session_type = "unknown";
if (session.type == SHELL) xdg_session_type = "tty";
if (session.type == XORG) xdg_session_type = "x11";
if (session.type == WAYLAND) xdg_session_type = "wayland";
setenv("XDG_SESSION_TYPE", xdg_session_type, true);
printf("\n\n\n\n\x1b[1m");
for (size_t i = 0; i < config->behavior.source.length; i++) {
/* printf("DEBUG(source)!!!! %d %s\n", i, (char*)vec_get(&behavior->source,
* i)); */
sourceFileTry((char*)vec_get(&config->behavior.source, i));
static void source_paths(struct Vector* NNULLABLE vec_envlist,
struct Vector* NNULLABLE abs_source,
const char* NULLABLE user_home,
struct Vector* NNULLABLE user_source) {
for (size_t i = 0; i < abs_source->length; i++) {
char* path = vec_get(abs_source, i);
try_source_file(vec_envlist, path);
}
/* printf("\n"); */
if (pw->pw_dir) {
const char* home = pw->pw_dir;
size_t home_len = strlen(home);
for (size_t i = 0; i < config->behavior.user_source.length; i++) {
const char* filename = (char*)vec_get(&config->behavior.user_source, i);
size_t filename_len = strlen(filename);
size_t path_len = home_len + 1 + filename_len + 1; // nullbyte and slash
char* path = malloc(path_len);
if (!path) continue; // can't bother
memcpy(path, home, home_len);
path[home_len] = '/'; // assume pw_dir doesn't start with '/' :P
memcpy(&path[home_len + 1], filename, filename_len);
path[path_len - 1] = '\0';
sourceFileTry(path);
if (user_home)
for (size_t i = 0; i < user_source->length; i++) {
char* path = NULL;
asprintf(&path, "%s/%s", user_home, (char*)vec_get(user_source, i));
if (!path) {
log_puts("alloc failure on user source\n");
continue;
}
try_source_file(vec_envlist, path);
free(path);
}
else {
log_puts("user has no home\n");
}
}
/*char *buf;*/
/*size_t bsize = snprintf(NULL, 0, "/run/user/%d", pw->pw_uid) + 1;*/
/*buf = malloc(bsize);*/
/*snprintf(buf, bsize, "/run/user/%d", pw->pw_uid);*/
/*setenv("XDG_RUNTIME_DIR", buf, true);*/
/*setenv("XDG_SESSION_CLASS", "user", true);*/
/*setenv("XDG_SESSION_ID", "1", true);*/
/*setenv("XDG_SESSION_DESKTOP", , true);*/
/*setenv("XDG_SEAT", "seat0", true);*/
struct child_msg {
char* msg;
int _errno;
bool err;
};
/// block until X returns the display number or an error occurs
static bool x_get_display(const int xorg_pipefd[2], int* display) {
char buffer[XORG_MESSAGE_LENGTH];
bool status;
close(xorg_pipefd[1]);
ssize_t bytes_read = read(xorg_pipefd[0], buffer, sizeof(buffer) - 1);
buffer[bytes_read] = '\0';
if (bytes_read > 0) {
char* endptr;
int val = (int)strtol(buffer, &endptr, 10);
if (endptr == buffer) {
(void)fputs("failed to parse Xorg display response\n", stderr);
status = false;
} else {
*display = val;
status = true;
}
} else if (bytes_read == 0) {
(void)fputs("Xorg pipe closed\n", stderr);
status = false;
} else {
perror("read");
status = false;
}
/*char *buf;*/
/*size_t bsize = snprintf(NULL, 0, "/run/user/%d", pw->pw_uid) + 1;*/
/*buf = malloc(bsize);*/
/*snprintf(buf, bsize, "/run/user/%d", pw->pw_uid);*/
/*setenv("XDG_RUNTIME_DIR", buf, true);*/
/*setenv("XDG_SESSION_CLASS", "user", true);*/
/*setenv("XDG_SESSION_ID", "1", true);*/
/*setenv("XDG_SESSION_DESKTOP", , true);*/
/*setenv("XDG_SEAT", "seat0", true);*/
close(xorg_pipefd[0]);
return status;
}
/// small helper to push dyn arr
static void push_dyn_arr(void*** arr, void* item) {
struct Vector vec = vec_from_raw(*arr);
vec_push(&vec, item);
*arr = vec_as_raw(vec);
}
// TODO: properly pass this down
extern int vt;
static void start_xorg_server(struct passwd* pw, char** NNULLABLE envlist,
int xorg_pipefd[2]) {
close(xorg_pipefd[0]);
if (!pw->pw_dir) _exit(EXIT_FAILURE);
// !!!!!!!!!! ATTENTION: this fails silently, of course add failure msgs but
// for now I can't so be careful
if (vt == -1) _exit(EXIT_FAILURE);
// pass the pipe so Xorg can write the DISPLAY value in there
char* fd_str;
asprintf(&fd_str, "%d", xorg_pipefd[1]);
if (!fd_str) _exit(EXIT_FAILURE);
char* vt_path;
asprintf(&vt_path, "vt%d", vt);
if (!vt_path) {
free(fd_str);
_exit(EXIT_FAILURE);
}
char* xorg_path = search_path("Xorg");
if (!xorg_path) {
(void)fputs("couldn't find Xorg binary in PATH, sure it's installed?\n",
stderr);
_exit(EXIT_FAILURE);
}
int exit = execle(xorg_path, xorg_path, "-displayfd", fd_str, vt_path, NULL,
envlist);
perror("exec");
free(vt_path);
free(fd_str);
free(xorg_path);
_exit(exit);
}
// TODO: add error msgs
/// returns on completion
static void launch_with_xorg_server(struct session_exec* NNULLABLE exec,
struct passwd* pw,
char** NNULLABLE envlist) {
int xorg_pipefd[2];
if (pipe(xorg_pipefd) == -1) _exit(EXIT_FAILURE);
(void)fflush(NULL);
pid_t xorg_pid = fork();
if (xorg_pid == 0) {
start_xorg_server(pw, envlist, xorg_pipefd);
}
int display = 0;
if (!x_get_display(xorg_pipefd, &display)) {
(void)fputs("failed to get X display, aborting\n", stderr);
int status;
waitpid(xorg_pid, &status, 0);
_exit(EXIT_FAILURE);
}
char* display_env;
asprintf(&display_env, "DISPLAY=:%d", display);
if (!display_env) {
(void)fputs("failure allocating memory for DISPLAY string\n", stderr);
_exit(EXIT_FAILURE);
}
// convert back for convenient push-ing
push_dyn_arr((void***)&envlist, display_env);
if (!envlist) {
(void)fputs("failure allocating memory for DISPLAY env\n", stderr);
_exit(EXIT_FAILURE);
}
(void)fflush(NULL);
pid_t xorg_session_pid = fork();
if (xorg_session_pid == 0) {
int exit = session_exec_exec(exec, envlist);
perror("exec error");
(void)fputs("failure calling session\n", stderr);
_exit(exit);
}
// looks weird, waiting on -1 should wait on any child and then just check if
// its xorg server or the session and kill the other waiting on it
pid_t pid;
int status; // not even read for now
while ((pid = waitpid(-1, &status, 0)) > 0) {
if (pid == xorg_pid || pid == xorg_session_pid) {
pid_t pid_to_kill = pid ^ xorg_pid ^ xorg_session_pid;
if (pid == xorg_pid) printf("Xorg server died\n");
if (pid == xorg_session_pid) printf("Xorg session died\n");
kill(pid_to_kill, SIGTERM);
waitpid(pid_to_kill, &status, 0);
break;
}
}
}
#define SEND_MSG(MSG) \
{ \
write(pipefd[1], &(MSG), sizeof(struct child_msg)); \
close(pipefd[1]); \
}
#define SEND_ERR(MSG) \
{ \
write(pipefd[1], \
&(struct child_msg){.msg = (MSG), ._errno = errno, .err = true}, \
sizeof(struct child_msg)); \
close(pipefd[1]); \
_exit(EXIT_FAILURE); \
}
#define DUMMY_READ() \
{ \
char _dummy; \
read(pipefd[0], &_dummy, sizeof(_dummy)); \
}
inline static void forked(int pipefd[2], struct passwd* pw,
char* NNULLABLE user,
struct session* NNULLABLE session,
char** NNULLABLE envlist) {
if (chdir(pw->pw_dir) == -1) SEND_ERR("chdir");
if (setgid(pw->pw_gid) == -1) SEND_ERR("setgid");
if (initgroups(user, pw->pw_gid) == -1) SEND_ERR("initgroups");
if (setuid(pw->pw_uid) == -1) SEND_ERR("setuid");
SEND_MSG((struct child_msg){.err = false});
DUMMY_READ();
close(pipefd[0]);
if (session->type == XORG) {
launch_with_xorg_server(&session->exec, pw, envlist);
_exit(EXIT_SUCCESS);
} else {
int exit = session_exec_exec(&session->exec, envlist);
perror("exec error");
(void)fputs("failure calling session\n", stderr);
_exit(exit);
}
}
#undef SEND_MSG
#undef SEND_ERR
#undef DUMMY_READ
// NOLINTBEGIN(readability-function-cognitive-complexity)
bool launch(char* user, char* passwd, struct session session, void (*cb)(void),
struct config* config) {
char** desktop_exec;
int desktop_count;
if (session.type != SHELL) {
desktop_exec = NULL;
int parse_status =
parse_exec_string(session.exec, &desktop_count, &desktop_exec);
if (parse_status != 0 || desktop_count == 0 || !desktop_exec[0]) {
print_err("failure parsing exec string");
log_printf("failure parsing exec string '%s': %d\n",
session.exec ? session.exec : "NULL", parse_status);
free_parsed_args(desktop_count, desktop_exec);
return false;
}
}
struct passwd* pw = getpwnam(user);
if (pw == NULL) {
print_err("could not get user info");
@@ -225,91 +297,58 @@ bool launch(char* user, char* passwd, struct session session, void (*cb)(void),
}
clear_pam_msg();
bool* reach_session = shmalloc(sizeof(bool));
if (reach_session == NULL) {
perror("error allocating shared memory");
struct pamh_getenv_status env_ret =
pamh_get_complete_env(pamh, pw, session.type);
if (env_ret.error_flag != PAMH_ERR_NOERR) {
if (env_ret.error_flag == PAMH_ERR_ALLOC) {
print_err("allocator error");
} else if (env_ret.error_flag == PAMH_ERR_ERRNO) {
print_errno(env_ret.errfn);
} else if (env_ret.error_flag == PAMH_ERR_NOERRNO) {
print_err(env_ret.errfn);
}
return false;
}
*reach_session = false;
struct Vector envlist_vec = vec_from_raw((void**)env_ret.envlist);
source_paths(&envlist_vec, &config->behavior.source, pw->pw_dir,
&config->behavior.user_source);
char** envlist = (char**)vec_as_raw(envlist_vec);
if (!envlist) {
print_err("vec alloc error");
return false;
}
int pipefd[2];
pipe(pipefd);
uint pid = fork();
if (pid == 0) { // child
char* term = NULL;
char* getterm = getenv("TERM");
// TODO: handle malloc error
if (getterm != NULL) term = strdup(getterm);
if (clearenv() != 0) {
print_errno("clearenv");
_exit(EXIT_FAILURE);
if (pid == 0)
forked(pipefd, pw, user, &session, envlist);
else {
struct child_msg msg;
read(pipefd[0], &msg, sizeof(struct child_msg));
close(pipefd[0]);
if (msg.err) {
errno = msg._errno;
print_errno(msg.msg);
return false;
}
char** envlist = pam_getenvlist(pamh);
if (envlist == NULL) {
print_errno("pam_getenvlist");
_exit(EXIT_FAILURE);
}
for (size_t i = 0; envlist[i] != NULL; i++) {
putenv(envlist[i]);
}
// FIXME: path hotfix
putenv("PATH=/bin:/usr/bin");
if (term != NULL) {
setenv("TERM", term, true);
free(term);
}
if (cb) cb();
printf("\x1b[0m\x1b[H\x1b[J");
(void)fflush(stdout);
close(pipefd[1]);
free((void*)envlist);
moarEnv(user, session, pw, config);
// TODO: chown stdin to user
// does it inherit stdin from parent and
// does parent need to reclaim it after
// this dies?
if (setgid(pw->pw_gid) == -1) {
print_errno("setgid");
_exit(EXIT_FAILURE);
}
if (initgroups(user, pw->pw_gid) == -1) {
print_errno("initgroups");
_exit(EXIT_FAILURE);
}
if (setuid(pw->pw_uid) == -1) {
perror("setuid");
_exit(EXIT_FAILURE);
}
if (cb != NULL) cb();
*reach_session = true;
// TODO: test existence of executable with TryExec
printf("\x1b[0m");
// NOLINTNEXTLINE(bugprone-branch-clone)
if (session.type == SHELL) {
clear_screen();
(void)fflush(stdout);
execlp(session.exec, session.exec, NULL);
} else if (session.type == XORG || session.type == WAYLAND) {
clear_screen();
(void)fflush(stdout);
// NOLINTNEXTLINE
execvp(desktop_exec[0], desktop_exec);
// NOLINTNEXTLINE
free_parsed_args(desktop_count, desktop_exec);
}
perror("exec error");
(void)fputs("failure calling session\n", stderr);
} else {
pid_t child_pid = (pid_t)pid;
waitpid(child_pid, NULL, 0);
int exit_code;
waitpid((pid_t)pid, &exit_code, 0);
pam_setcred(pamh, PAM_DELETE_CRED);
pam_close_session(pamh, 0);
pam_end(pamh, PAM_SUCCESS);
if (*reach_session == false) return false;
if (exit_code != 0) return false;
exit(0);
}