LoginServer: Process logins and start SystemServer in user mode

Author: https://github.com/petelliott Commit: https://github.com/SerenityOS/serenity/commit/e3ed7f76c54 Pull-request: https://github.com/SerenityOS/serenity/pull/10433 Issue: https://github.com/SerenityOS/serenity/issues/1181 Reviewed-by: https://github.com/alimpfard ✅
2024-12-04 13:30:31 +00:00 · 2021-10-09 23:30:50 -06:00 · 2021-10-09 23:30:50 -06:00 · e3ed7f76c5 · 2024-07-18 02:13:34 +09:00
commit e3ed7f76c5
parent 9e3d6d161b
2 changed files with 104 additions and 0 deletions
--- a/Base/etc/SystemServer.ini
+++ b/Base/etc/SystemServer.ini
@ -166,3 +166,6 @@ KeepAlive=0
 [SystemServer]
 Arguments=--user
 User=anon
+
+#[LoginServer]
+#User=root
--- a/Userland/Services/LoginServer/main.cpp
+++ b/Userland/Services/LoginServer/main.cpp
@ -4,14 +4,115 @@
 * SPDX-License-Identifier: BSD-2-Clause
 */

+#include <LibCore/Account.h>
 #include <LibGUI/Application.h>
 #include <Services/LoginServer/LoginWindow.h>
+#include <errno.h>
+#include <string.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+static void child_process(Core::Account const& account)
+{
+    if (!account.login()) {
+        dbgln("failed to switch users: {}", strerror(errno));
+        exit(1);
+    }
+
+    setenv("HOME", account.home_directory().characters(), true);
+    pid_t rc = setsid();
+    if (rc == -1) {
+        dbgln("failed to setsid: {}", strerror(errno));
+        exit(1);
+    }
+    dbgln("login with sid={}", rc);
+
+    execlp("/bin/SystemServer", "SystemServer", "--user", nullptr);
+    dbgln("failed to exec SystemServer --user: {}", strerror(errno));
+    exit(127);
+}
+
+static void login(Core::Account const& account, LoginWindow& window)
+{
+    pid_t pid = fork();
+    if (pid == 0)
+        child_process(account);
+
+    int wstatus;
+    pid_t rc = waitpid(pid, &wstatus, 0);
+    if (rc == -1)
+        dbgln("waitpid failed: {}", strerror(errno));
+    if (rc != 0)
+        dbgln("SystemServer exited with non-zero status: {}", rc);
+
+    window.show();
+}

 int main(int argc, char** argv)
 {
    auto app = GUI::Application::construct(argc, argv);

+    if (pledge("stdio recvfd sendfd rpath exec proc id", nullptr) < 0) {
+        perror("pledge");
+        return 1;
+    }
+
+    if (unveil("/home", "r") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    if (unveil("/etc/passwd", "r") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    if (unveil("/etc/shadow", "r") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    if (unveil("/etc/group", "r") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    if (unveil("/bin/SystemServer", "x") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    if (unveil("/res", "r") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    unveil(nullptr, nullptr);
+
    auto window = LoginWindow::construct();
+    window->on_submit = [&]() {
+        auto username = window->username();
+        auto password = Core::SecretString::take_ownership(window->password().to_byte_buffer());
+
+        window->set_password("");
+
+        auto account = Core::Account::from_name(username.characters());
+        if (account.is_error()) {
+            dbgln("failed graphical login for user {}: {}", username, account.error());
+            return;
+        }
+
+        if (!account.value().authenticate(password)) {
+            dbgln("failed graphical login for user {}: invalid password", username);
+            return;
+        }
+
+        window->set_username("");
+        window->hide();
+
+        login(account.value(), *window);
+    };
+
    window->show();

    return app->exec();