diff options
author | Tomasz Kramkowski <tomasz@kramkow.ski> | 2023-01-30 20:37:26 +0000 |
---|---|---|
committer | Tomasz Kramkowski <tomasz@kramkow.ski> | 2023-01-30 20:43:52 +0000 |
commit | 2d25ea7eb25f4c6480cf0b1b53cab0cfe1e0c87d (patch) | |
tree | 3c880330e7eee6aa5d661b1c189ef878d5a3b7e7 /src | |
parent | 6b89e0dcb0d3a513d548fb38c08d4b66a353f364 (diff) | |
download | pam_usercg_rust-master.tar.gz pam_usercg_rust-master.tar.xz pam_usercg_rust-master.zip |
Diffstat (limited to 'src')
-rw-r--r-- | src/lib.rs | 53 |
1 files changed, 33 insertions, 20 deletions
@@ -5,31 +5,38 @@ mod pam; mod passwd; mod syslog; -use cap_std::fs::{Dir, OpenOptions}; use pam::PAMHandle; +use rustix::fd::{AsFd, OwnedFd}; +use rustix::fs::{self, Mode, OFlags}; +use rustix::io::{self, Errno}; +use rustix::path::Arg; use std::ffi::{c_char, c_int, CStr, CString}; -use std::io::{ErrorKind, Write}; use std::panic; -use std::path::Path; use std::process; use syslog::{Facility, Level, Priority}; -fn create_and_open_dir<P: AsRef<Path> + ?Sized>( - d: &Dir, - path: &P, -) -> std::io::Result<Dir> { - if let Err(e) = d.create_dir(path) { - if e.kind() != ErrorKind::AlreadyExists { +fn create_and_open_dir<D: AsFd, P: Arg + Copy>( + d: &D, + path: P, +) -> rustix::io::Result<OwnedFd> { + if let Err(e) = fs::mkdirat(d, path, Mode::RWXU | Mode::RWXG | Mode::RWXO) { + if e != Errno::EXIST { return Err(e); } } - d.open_dir(path) + fs::openat(d, path, OFlags::DIRECTORY | OFlags::PATH, Mode::empty()) } struct SessionError; -impl From<std::io::Error> for SessionError { - fn from(_: std::io::Error) -> Self { +impl From<rustix::io::Errno> for SessionError { + fn from(_: rustix::io::Errno) -> Self { + SessionError + } +} + +impl From<std::ffi::NulError> for SessionError { + fn from(_: std::ffi::NulError) -> Self { SessionError } } @@ -52,7 +59,7 @@ fn open_session(h: &PAMHandle, mountpoint: &str) -> Result<(), SessionError> { } }; let uid = match passwd::get_uid_by_name(&user) { - Some(uid) => uid.to_string(), + Some(uid) => CString::new(uid.to_string())?, None => { if let Ok(message) = CString::new(format!("Failure to map user {user:?} to passwd entry")) @@ -62,16 +69,22 @@ fn open_session(h: &PAMHandle, mountpoint: &str) -> Result<(), SessionError> { return Err(SessionError); } }; - let d = Dir::open_ambient_dir(mountpoint, cap_std::ambient_authority())?; + let d = fs::openat( + fs::cwd(), + mountpoint, + OFlags::DIRECTORY | OFlags::PATH, + Mode::empty(), + )?; let d = create_and_open_dir(&d, "user")?; let d = create_and_open_dir(&d, &uid)?; let d = create_and_open_dir(&d, "leaf")?; - let pid = process::id().to_string(); - let mut options = OpenOptions::new(); - options.write(true); - let mut procs = d.open_with("cgroup.procs", &options)?; - procs.write_all(pid.as_bytes())?; - Ok(()) + let pid = CString::new(process::id().to_string())?; + let pid = pid.as_bytes(); + let procs = fs::openat(d, "cgroup.procs", OFlags::WRONLY, Mode::empty())?; + match io::write(procs, pid) { + Ok(n) if n == pid.len() => Ok(()), + _ => Err(SessionError), + } } const CG_MOUNT: &str = "/sys/fs/cgroup"; |