From bdd8126b938de11272f79bb7f512316740469ed7 Mon Sep 17 00:00:00 2001
From: Tomasz Kramkowski <tomasz@kramkow.ski>
Date: Fri, 27 Jan 2023 14:22:33 +0000
Subject: use cap-std

---
 src/lib.rs | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

(limited to 'src/lib.rs')

diff --git a/src/lib.rs b/src/lib.rs
index 23f5b79..434eb29 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -1,9 +1,9 @@
-use libc::mode_t;
-use openat::{Dir, AsPath};
+use cap_std::fs::{Dir, OpenOptions};
 use pam::constants::{PamFlag, PamResultCode};
 use pam::module::{PamHandle, PamHooks};
 use std::ffi::CStr;
 use std::io::{ErrorKind, Write};
+use std::path::Path;
 use std::process;
 
 const CG_MOUNT: &str = "/sys/fs/cgroup";
@@ -11,17 +11,17 @@ const CG_MOUNT: &str = "/sys/fs/cgroup";
 struct PAMUserCG;
 pam::pam_hooks!(PAMUserCG);
 
-fn create_and_open_dir<P: AsPath + Copy>(
-        d: &Dir, path: P, mode: mode_t,
+fn create_and_open_dir<P: AsRef<Path> + Copy>(
+        d: &Dir, path: P,
     ) -> std::io::Result<Dir> {
-    match d.create_dir(path, mode) {
+    match d.create_dir(path) {
         Ok(()) => Ok(()),
         Err(e) => match e.kind() {
             ErrorKind::AlreadyExists => Ok(()),
             _ => Err(e),
         }
     }?;
-    d.sub_dir(path)
+    d.open_dir(path)
 }
 
 struct SessionError;
@@ -29,14 +29,16 @@ struct SessionError;
 fn open_session(h: &mut PamHandle) -> Result<(), SessionError> {
     let user = h.get_user(None).or(Err(SessionError))?;
     let user = users::get_user_by_name(&user).ok_or(SessionError)?;
-    let d = Dir::open(CG_MOUNT).or(Err(SessionError))?;
-    let d = create_and_open_dir(&d, "user", 0o777).or(Err(SessionError))?;
-    let d = create_and_open_dir(&d, &user.uid().to_string(), 0o777)
+    let aa = cap_std::ambient_authority();
+    let d = Dir::open_ambient_dir(CG_MOUNT, aa).or(Err(SessionError))?;
+    let d = create_and_open_dir(&d, "user").or(Err(SessionError))?;
+    let d = create_and_open_dir(&d, &user.uid().to_string())
         .or(Err(SessionError))?;
-    let d = create_and_open_dir(&d, "leaf", 0o777).or(Err(SessionError))?;
+    let d = create_and_open_dir(&d, "leaf").or(Err(SessionError))?;
     let pid = process::id().to_string();
-    let mut procs = d.open_file_ex("cgroup.procs", libc::O_WRONLY, 0)
-        .or(Err(SessionError))?;
+    let mut options = OpenOptions::new();
+    options.write(true);
+    let mut procs = d.open_with("cgroup.procs", &options).or(Err(SessionError))?;
     procs.write_all(pid.as_bytes()).or(Err(SessionError))?;
     Ok(())
 }
-- 
cgit v1.2.3-54-g00ecf