use cap-std

author: Tomasz Kramkowski <tomasz@kramkow.ski> 2023-01-27 14:22:33 +0000
committer: Tomasz Kramkowski <tomasz@kramkow.ski> 2023-01-27 14:22:33 +0000
commit: bdd8126b938de11272f79bb7f512316740469ed7 (patch)
tree: 5a46eaf4942f4a21552cf606b35effe5ac1c97c4 /src
parent: 6cef9f0fc159de4c9fd708050ec76adb4e74d390 (diff)
download: pam_usercg_rust-bdd8126b938de11272f79bb7f512316740469ed7.tar.gz
pam_usercg_rust-bdd8126b938de11272f79bb7f512316740469ed7.tar.xz
pam_usercg_rust-bdd8126b938de11272f79bb7f512316740469ed7.zip
1 files changed, 14 insertions, 12 deletions
diff --git a/src/lib.rs b/src/lib.rs
index 23f5b79..434eb29 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -1,9 +1,9 @@
-use libc::mode_t;
-use openat::{Dir, AsPath};
+use cap_std::fs::{Dir, OpenOptions};
 use pam::constants::{PamFlag, PamResultCode};
 use pam::module::{PamHandle, PamHooks};
 use std::ffi::CStr;
 use std::io::{ErrorKind, Write};
+use std::path::Path;
 use std::process;
 
 const CG_MOUNT: &str = "/sys/fs/cgroup";
@@ -11,17 +11,17 @@ const CG_MOUNT: &str = "/sys/fs/cgroup";
 struct PAMUserCG;
 pam::pam_hooks!(PAMUserCG);
 
-fn create_and_open_dir<P: AsPath + Copy>(
-        d: &Dir, path: P, mode: mode_t,
+fn create_and_open_dir<P: AsRef<Path> + Copy>(
+        d: &Dir, path: P,
     ) -> std::io::Result<Dir> {
-    match d.create_dir(path, mode) {
+    match d.create_dir(path) {
         Ok(()) => Ok(()),
         Err(e) => match e.kind() {
             ErrorKind::AlreadyExists => Ok(()),
             _ => Err(e),
         }
     }?;
-    d.sub_dir(path)
+    d.open_dir(path)
 }
 
 struct SessionError;
@@ -29,14 +29,16 @@ struct SessionError;
 fn open_session(h: &mut PamHandle) -> Result<(), SessionError> {
     let user = h.get_user(None).or(Err(SessionError))?;
     let user = users::get_user_by_name(&user).ok_or(SessionError)?;
-    let d = Dir::open(CG_MOUNT).or(Err(SessionError))?;
-    let d = create_and_open_dir(&d, "user", 0o777).or(Err(SessionError))?;
-    let d = create_and_open_dir(&d, &user.uid().to_string(), 0o777)
+    let aa = cap_std::ambient_authority();
+    let d = Dir::open_ambient_dir(CG_MOUNT, aa).or(Err(SessionError))?;
+    let d = create_and_open_dir(&d, "user").or(Err(SessionError))?;
+    let d = create_and_open_dir(&d, &user.uid().to_string())
         .or(Err(SessionError))?;
-    let d = create_and_open_dir(&d, "leaf", 0o777).or(Err(SessionError))?;
+    let d = create_and_open_dir(&d, "leaf").or(Err(SessionError))?;
     let pid = process::id().to_string();
-    let mut procs = d.open_file_ex("cgroup.procs", libc::O_WRONLY, 0)
-        .or(Err(SessionError))?;
+    let mut options = OpenOptions::new();
+    options.write(true);
+    let mut procs = d.open_with("cgroup.procs", &options).or(Err(SessionError))?;
     procs.write_all(pid.as_bytes()).or(Err(SessionError))?;
     Ok(())
 }
author	Tomasz Kramkowski <tomasz@kramkow.ski>	2023-01-27 14:22:33 +0000
committer	Tomasz Kramkowski <tomasz@kramkow.ski>	2023-01-27 14:22:33 +0000
commit	bdd8126b938de11272f79bb7f512316740469ed7 (patch)
tree	5a46eaf4942f4a21552cf606b35effe5ac1c97c4 /src
parent	6cef9f0fc159de4c9fd708050ec76adb4e74d390 (diff)
download	pam_usercg_rust-bdd8126b938de11272f79bb7f512316740469ed7.tar.gz pam_usercg_rust-bdd8126b938de11272f79bb7f512316740469ed7.tar.xz pam_usercg_rust-bdd8126b938de11272f79bb7f512316740469ed7.zip