Commit graph

16060 commits

Author SHA1 Message Date
Ben Wiederhake
7980268b7b Meta: Document QtCreator 'lic' auto-complete 2021-01-22 11:28:07 +01:00
Ben Wiederhake
58f25092c7 Meta: Fix silly copyright line 2021-01-22 11:28:07 +01:00
Tom
9943816e83 LibPthread: Fix asserting futex return value
FUTEX_WAIT returns the number of threads woken (if any).

Fixes #5032
2021-01-22 11:17:07 +01:00
Linus Groh
efc091df81 Ports: Build python3 with libffi
This makes building the _ctypes module succeed. We still can't import
it, but hey, that's progress! :^)
2021-01-22 11:10:01 +01:00
Doctor5555
6803d5dfbe passwd: Remove duplicate 'wpath' pledge 2021-01-22 11:09:44 +01:00
Tom
2830ce5383 Kernel: Unsupported TTY ioctls should return EINVAL gracefully
Fixes #4971
2021-01-22 09:25:04 +01:00
Andreas Kling
47a4a5ac1d Base: Add root to the /etc/shadow file
The password is still empty by default, but being present in the shadow
file is now a requirement for authentication.
2021-01-21 11:35:32 +01:00
Andreas Kling
3b80358142 LibCore: Always fail Account authentication on missing shadow entry
If a user is missing from /etc/shadow, we used to just allow anyone to
authenticate as that user without a password.

With this patch, authentication will instead always fail.
2021-01-21 11:34:39 +01:00
Andreas Kling
439f447ba8 LibCore+su+passwd: Don't keep /etc/passwd and /etc/shadow open
Now that we've moved to atomic replacement of these files when altering
them, we don't need to keep them open for the lifetime of Core::Account
so just simplify this and close them when they are not needed.
2021-01-21 11:17:06 +01:00
Andreas Kling
77e0598c6d passwd+LibCore: Make passwd replace /etc files atomically
Before this patch, we had a nasty race condition when changing a user's
password: there was a time window between truncating /etc/shadow and
writing out its new contents, where you could simply "su" to root
without using a password.

Instead of writing directly to /etc/passwd and /etc/shadow, we now
create temporary files in /etc and fill them with the new contents.
Those files are then atomically renamed to /etc/passwd and /etc/shadow.

Sadly, fixing this race requires giving the passwd program a lot more
privileges. This is something we can and should improve upon. :^)
2021-01-21 11:08:20 +01:00
Andreas Kling
c9a7f81dc3 Kernel: Create new files with the current process EUID/EGID
We were using the UID/GID and not the EUID/EGID, which didn't match
other systems.
2021-01-21 11:08:16 +01:00
Andreas Kling
928ee2c791 Kernel: Don't let signals unblock threads while handling a page fault
It was possible to signal a process while it was paging in an inode
backed VM object. This would cause the inode read to EINTR, and the
page fault handler would assert.

Solve this by simply not unblocking threads due to signals if they are
currently busy handling a page fault. This is probably not the best way
to solve this issue, so I've added a FIXME to that effect.
2021-01-21 00:14:56 +01:00
Andreas Kling
1f53dd0943 Ext2FS: Propagate I/O errors from Ext2FSInode::write_bytes() 2021-01-21 00:14:56 +01:00
Nico Weber
65570216b4 oss-fuzz: Try harder to fix build
Apparently memfd_create() is newish in glibc, and oss-fuzz
uses Ubuntu 16.04 as base for its docker images, which doens't
yet have memfd_create(). But, not to worry, it does have the syscall
define and that's all we really need :/
2021-01-20 23:41:38 +01:00
Andreas Kling
57ca15f126 Kernel: Remove commented-out code from Thread::dispatch_signal() 2021-01-20 23:27:23 +01:00
Andreas Kling
19d3f8cab7 Kernel+LibC: Turn errno codes into a strongly typed enum
..and allow implicit creation of KResult and KResultOr from ErrnoCode.
This means that kernel functions that return those types can finally
do "return EINVAL;" and it will just work.

There's a handful of functions that still deal with signed integers
that should be converted to return KResults.
2021-01-20 23:20:02 +01:00
Andreas Kling
e279b45aed Kernel: Make BlockBasedFS read/write functions return a KResult
This way, if something goes wrong, we get to keep the actual error.
Also, KResults are nodiscard, so we have to deal with that in Ext2FS
instead of just silently ignoring I/O errors(!)
2021-01-20 22:57:36 +01:00
Nico Weber
91aa0d9997 LibGfx/Painter: Keep translation and clip_rect in logical coordinates
Moves Painter away from general affine transport support a bit, but
this scale factor business does feel like it's a bit different.

This is conceptually cleaner (everything should use logical coordinates
as much as possible), and it means the code in GUI::Painter() will work
without changes due to that, but the draw function implementations
overall get a bit murkier (draw_rect() becomes nicer though). Still,
feels like the right direction.

No behavior change.
2021-01-20 21:01:48 +01:00
Nico Weber
362bde4a86 SystemServer.ini: Default to not showing network change notifications
Until someone has time to implement something for not showing the
very first network change at boot, let's turn off notifications for
network changes by default altogether. Having to dismiss this
notification at every boot gets old fast.
2021-01-20 21:01:21 +01:00
Linus Groh
17f90e72b4 CrashReporter: Show pledge violation in backtrace 2021-01-20 21:01:15 +01:00
Linus Groh
678919e9c1 Kernel: Set "pledge_violation" coredump metadata in REQUIRE_PROMISE()
Similar to LibC storing an assertion message before aborting, process
death by pledge violation now sets a "pledge_violation" key with the
respective pledge name as value in its coredump metadata, which the
CrashReporter will then show.
2021-01-20 21:01:15 +01:00
Nico Weber
7e5c49b755 Meta: Add some more documentation on oss-fuzz 2021-01-20 21:00:58 +01:00
Nico Weber
2f82854e4a Revert "LibCore: Try to fix fuzzer build"
This reverts commit c5709c0aed.
2021-01-20 21:00:46 +01:00
Nico Weber
8ccd8b4a6f LibJS: Include <typeinfo> in AST.cpp
Without this, the oss-fuzz build says:

../Userland/Libraries/LibJS/AST.cpp:58:34: error: member access into incomplete type 'const std::type_info'
    return demangle(typeid(*this).name()).substring(4);
                                 ^
2021-01-20 21:00:27 +01:00
Ben Wiederhake
de98f69bfe Userland: Implement shuf for basic shuffling 2021-01-20 19:19:34 +01:00
Ben Wiederhake
9c8efcd17e Userland: Fix broken newlines in 'sort' 2021-01-20 19:19:34 +01:00
Ben Wiederhake
ab07a713bf LibC: Implement uniform random sampling without modulo bias 2021-01-20 19:19:34 +01:00
Ben Wiederhake
e849c62f55 Conway: Don't run misleading srand()
The randomness is taken from arc4random() which is independent from srand/rand/rand_r,
so there's no need to call srand(). At best, it confuses the reader to think that
there would eventually be a call to rand().
2021-01-20 19:19:34 +01:00
Ben Wiederhake
c8465b4c1a Meta: Slightly improve image script 2021-01-20 19:19:34 +01:00
Nico Weber
e2dfd028f9 LibGfxScaleDemo: Add coverage for blit_with_alpha 2021-01-20 19:15:03 +01:00
Linus Groh
ea80ff882d Run: Fix newline in info label
This apparently was a workaround for escape sequences in GML at some
point (see #4937), but it now literally inserts "\n" and no newline, as
the backslash itself is escaped.
2021-01-20 19:14:40 +01:00
Nico Weber
c5709c0aed LibCore: Try to fix fuzzer build
This might fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29675
See also `man memfd_create`.
2021-01-20 19:14:04 +01:00
Nico Weber
98637bd549 WindowServer: In HighDPI mode, load high-res window buttons and high-res cursors
Bitmap::load_from_file("foo.png", 2) will now look for "foo-2x.png" and
try load that as a bitmap with scale factor 2 if it exists. If it
doesn't, it falls back to the 1x bitmap as normal.
Only places that know that they'll draw the bitmap to a 2x painter
should pass "2" for the second argument.

Use this new API in WindowServer for loading window buttons and
cursors.

As a testing aid, ctrl-shift-super-i can force HighDPI icons off in
HighDPI mode. Toggling between low-res and high-res icons makes it easy
to see if the high-res version of an icon looks right: It should look
like the low-res version, just less jaggy.

We'll likely have to grow a better API for loading scaled resources, but
for now this suffices.

Things to check:
- `chres 640 480` followed by `chres 640 480 2` followed by
  `chres 640 480`
- window buttons in window context menu (in task bar and on title bar)
  still have low-res icons
- ctrl-shift-super-i in high-res mode toggles sharpness of window
  buttons and of arrow cursorf
- arrow cursor hotspot is still where you'd expect
2021-01-20 10:28:27 +01:00
Nico Weber
5ad2cbe9ad Base: Add 2x images for arrow cursor and window buttons
The window close buttons look correct.

The arrow cursor isn't quite right yet:
- its shadow was nearest-neighbor upscaled from the 1x version
- the arrow handle looks a bit too chubby

But it's a start, and maybe someone with better gimp skills than me can
pretty it up later.
2021-01-20 10:28:27 +01:00
Nico Weber
5f9c42c404 LibGfx: Give Bitmap a scale factor
Gfx::Bitmap can now store its scale factor. Normally it's 1, but
in high dpi mode it can be 2.

If a Bitmap with a scale factor of 2 is blitted to a Painter with
scale factor of 2, the pixels can be copied over without any resampling.
(When blitting a Bitmap with a scale factor of 1 to a Painter with scale
factor of 2, the Bitmap is painted at twice its width and height at
paint time. Blitting a Bitmap with a scale factor of 2 to a Painter with
scale factor 1 is not supported.)

A Bitmap with scale factor of 2 reports the same width() and height() as
one with scale factor 1. That's important because many places in the
codebase use a bitmap's width() and height() to layout Widgets, and all
widget coordinates are in logical coordinates as well, per
Documentation/HighDPI.md.

Bitmap grows physical_width() / physical_height() to access the actual
pixel size. Update a few callers that work with pixels to call this
instead.

Make Painter's constructor take its scale factor from the target bitmap
that's passed in, and update its various blit() methods to handle
blitting a 2x bitmap to a 2x painter. This allows removing some gnarly
code in Compositor. (In return, put some new gnarly code in
LibGfxScaleDemo to preserve behavior there.)

No intended behavior change.
2021-01-20 10:28:27 +01:00
Linus Groh
c6726f331e WindowServer: Rename WallpaperMode::{Scaled => Stretch}
This option was renamed from scaled to stretch in DisplaySettings in
699ba84, but since WindowServer receives a plain string and was not
updated, it wouldn't recognize the new renamed value as a valid option.
Turns out sending plain strings via IPC and only mapping them to enum
values on the receiving end is brittle, we should probably update
Desktop::set_wallpaper_mode() to use an enum as well at some point.

Fixes #5006.
2021-01-20 09:16:27 +01:00
Linus Groh
cb8e4be3b5 Ports: Add missing version.sh file to python3 port
I thought I had committed this, but it's .gitignore'd. Add an exception
to Ports/.gitignore and add it for real this time. :^)

Fixes #5008.
2021-01-19 22:18:32 +01:00
Andreas Kling
b7248be251 Kernel: Allow sys$chmod() to change the sticky bit
We were incorrectly masking off the sticky bit when setting file modes.
2021-01-19 20:28:13 +01:00
Andreas Kling
8601108e21 Kernel: Implement the same symlink protection as Linux
Path resolution will now refuse to follow symlinks in some cases where
you don't own the symlink, or when it's in a sticky world-writable
directory and the link has a different owner than the directory.

The point of all this is to prevent classic TOCTOU bugs in /tmp etc.

Fixes #4934
2021-01-19 20:28:09 +01:00
Andreas Kling
9681e3eca0 Kernel: Implement the same hard link protection as Linux
sys$link() will now fail to create hard links in some cases where you
don't own or have write access to the link target.

Work towards #4934
2021-01-19 20:28:04 +01:00
Nico Weber
b1c640a956 Docs: Start outlining options for highdpi resource handling 2021-01-19 16:48:21 +01:00
Jean-Baptiste Boric
6677ab1ccd Boot: Fix undefined Multiboot behaviors
Both ESP and GDTR are left undefined by the Multiboot specification and
OS images must not rely on these values to be valid. Fix the undefined
behaviors so that booting with PXELINUX does not triple-fault the CPU.
2021-01-19 09:03:37 +01:00
AnotherTest
cb29dca029 Shell: Don't spam perror() on kill_job()
That function is allowed to be given a dead job, so don't bother with
perror()
2021-01-19 08:19:43 +01:00
AnotherTest
86f50aa74e Shell: Make tests use PASS/FAIL instead of exit codes
There's no guarantee that the last executed command will have a zero
exit code, and so the shell exit code may or may not be zero, even if
all the tests pass.
Also changes the `test || echo fail && exit` to
`if not test { echo fail && exit }`, since that's nicer-looking.
2021-01-19 08:19:43 +01:00
AnotherTest
5ec139e728 Shell: Make 'if' expressions return the unevaluated value of blocks
This makes it possible to actually put them in a sequence and cast them
to commands.
2021-01-19 08:19:43 +01:00
AnotherTest
50473003be Shell: Add a not builtin
`not` just takes a command, runs it, then negates its exit code (0->1,
non-zero->0).
2021-01-19 08:19:43 +01:00
AnotherTest
2843526513 Shell: Mark control structures to be executed in the current process 2021-01-19 08:19:43 +01:00
AnotherTest
1c78d12f1c Shell: Implement for_each_entry() for syntactic list nodes
This allows correct iteration over nested lists.
Also store values to variables without resolving them, to delay the
resolution step as much as possible (this helps with storing nested
lists in variables).
2021-01-19 08:19:43 +01:00
AnotherTest
fc7a06af9d Shell: Consider numbers as word characters too
Otherwise `foobar2` wouldn't be a valid identifier
2021-01-19 08:19:43 +01:00
AnotherTest
8cfda86a45 Shell: Actually return the exit code of the file when running a file 2021-01-19 08:19:43 +01:00