This avoids unintentionally adding a newline character at the end of
user passwords when they are set using passwd(1).
I also fixed these two issues:
- The return value of getline() was being saved in an `int` variable
instead of in a `ssize_t` variable; I replaced the `int` keyword with
`auto` to fix this issue.
- Prior to this patch, get_password() could potentially return
tcsetattr()'s errno instead of getline()'s errno in case of an error.
We now make sure it always returns the right errno in case of an error.
This was very obviously racy and would only succeed if we already own
the socket anyway. (And if we do, we can bind to it without unlinking!)
Work towards #4876.
This doesn't solve half of the problems with /tmp/rpc, but this way we
can at least make it sticky instead of having it fully world-writable
and owned by whoever was the first to bind an RPC socket.
Move some more complex globals into a Singleton, which allows it being
used from global destructors. It solves problems where some global
variables, such as HashMaps may already be deleted, triggering crashes
trying to use them.
This allows adding and removing of asynchronous signal handlers while
executing signal handlers, even if it is for the same signal that is
being handled right now.
These changes are arbitrarily divided into multiple commits to make it
easier to find potentially introduced bugs with git bisect.Everything:
The modifications in this commit were automatically made using the
following command:
find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
This patch moves the user account password hashes from /etc/passwd,
where they were world-readable, to /etc/shadow, where only root can
access them.
The Core::Account class is extended to support both authentication
against, and modification of /etc/shadow.
The default password for "anon" as of this commit is "foo" :^)
We were using the "accept" flag on the event to break out of the
bubbling loop, but this had lasting consequences since all events that
bubbled too far came out looking as if someone had accepted them.
If an event is ignored by everyone, it should appear ignored.
Because ProcFS will refresh the data upon seek to 0, we can re-use
the same file descriptor. This saves us from having to open it every
time, but it also reduces the odds that we are unable to open a new
file descriptor due to low memory conditions.
This patchset makes ProtocolServer stream the downloads to its client
(LibProtocol), and as such changes the download API; a possible
download lifecycle could be as such:
notation = client->server:'>', server->client:'<', pipe activity:'*'
```
> StartDownload(GET, url, headers, {})
< Response(0, fd 8)
* {data, 1024b}
< HeadersBecameAvailable(0, response_headers, 200)
< DownloadProgress(0, 4K, 1024)
* {data, 1024b}
* {data, 1024b}
< DownloadProgress(0, 4K, 2048)
* {data, 1024b}
< DownloadProgress(0, 4K, 1024)
< DownloadFinished(0, true, 4K)
```
Since managing the received file descriptor is a pain, LibProtocol
implements `Download::stream_into(OutputStream)`, which can be used to
stream the download into any given output stream (be it a file, or
memory, or writing stuff with a delay, etc.).
Also, as some of the users of this API require all the downloaded data
upfront, LibProtocol also implements `set_should_buffer_all_input()`,
which causes the download instance to buffer all the data until the
download is complete, and to call the `on_buffered_download_finish`
hook.
This can be used to register a property that maps enum values to certain
strings, e.g.
REGISTER_ENUM_PROPERTY(
property_name, getter, setter, Enum,
{ Enum::Foo, "Foo" },
{ Enum::Bar, "Bar" });
Also use it for REGISTER_SIZE_POLICY_PROPERTY :^)
None of the code using this actually expected the timer to fire right
away, but they would instead call start() on it once they were ready to
accept a timer fire.
Let's make the API behave the way its clients believed it did. :^)
This was a goofy kernel API where you could assign an icon_id (int) to
a process which referred to a global shbuf with a 16x16 icon bitmap
inside it.
Instead of this, programs that want to display a process icon now
retrieve it from the process executable instead.
POSIX allows the default streams (stdin, stdout and stderr) to be
macros, which means that on such systems (musl libc is one) building
Lagom will fail due to the File::std*() names.
Also fix any files that use these identifiers.
This implements a number of changes related to time:
* If a HPET is present, it is now used only as a system timer, unless
the Local APIC timer is used (in which case the HPET timer will not
trigger any interrupts at all).
* If a HPET is present, the current time can now be as accurate as the
chip can be, independently from the system timer. We now query the
HPET main counter for the current time in CPU #0's system timer
interrupt, and use that as a base line. If a high precision time is
queried, that base line is used in combination with quering the HPET
timer directly, which should give a much more accurate time stamp at
the expense of more overhead. For faster time stamps, the more coarse
value based on the last interrupt will be returned. This also means
that any missed interrupts should not cause the time to drift.
* The default system interrupt rate is reduced to about 250 per second.
* Fix calculation of Thread CPU usage by using the amount of ticks they
used rather than the number of times a context switch happened.
* Implement CLOCK_REALTIME_COARSE and CLOCK_MONOTONIC_COARSE and use it
for most cases where precise timestamps are not needed.
Almost everyone using this API actually wanted String instead of a
ByteBuffer anyway, and there were a bunch of slightly different ways
clients would convert to String.
Let's just cut out all the confusion and make it return String. :^)
That's just silly :)
Also fix that one use of read_line() which assumes it will
null-terminated in mount.cpp (this would've blown up if the IODevice was
at EOF and had a line with the same size as max_size).
Problem:
- The default constructor is is deleted because NonnullRefPtr has no
default constructor and there is a member variable of that type, but
the function is set as `= default`.
Solution:
- Remove the code because the function is actually deleted implicitly.
This makes most operations thread safe, especially so that they
can safely be used in the Kernel. This includes obtaining a strong
reference from a weak reference, which now requires an explicit
call to WeakPtr::strong_ref(). Another major change is that
Weakable::make_weak_ref() may require the explicit target type.
Previously we used reinterpret_cast in WeakPtr, assuming that it
can be properly converted. But WeakPtr does not necessarily have
the knowledge to be able to do this. Instead, we now ask the class
itself to deliver a WeakPtr to the type that we want.
Also, WeakLink is no longer specific to a target type. The reason
for this is that we want to be able to safely convert e.g. WeakPtr<T>
to WeakPtr<U>, and before this we just reinterpret_cast the internal
WeakLink<T> to WeakLink<U>, which is a bold assumption that it would
actually produce the correct code. Instead, WeakLink now operates
on just a raw pointer and we only make those constructors/operators
available if we can verify that it can be safely cast.
In order to guarantee thread safety, we now use the least significant
bit in the pointer for locking purposes. This also means that only
properly aligned pointers can be used.
...instead of maybe bitmap + a single mime type and its corresponding data.
This allows drag&drop operations to hold multiple different kinds of
data, and the views/applications to choose between those.
For instance, Spreadsheet can keep the structure of the dragged cells,
and still provide text-only data to be passed to different unrelated editors.
From https://youtu.be/YNSAZIW3EM0?t=1474:
"Hmm... I don't think that name is right! From the perspective of
userspace, this is a file descriptor. File description is what the
kernel internally keeps track of, but as far as userspace is concerned,
he just has a file descriptor. [...] Maybe that name should be changed."
Core::File even has a member of this enum type... called
m_should_close_file_descriptor - so let's just rename it :^)
This reverts my previous commit in WebServer and fixes the whole issue
in a much better way. Instead of having the MIME type guesser take a
URL (which we don't actually have in the WebServer at that point),
just take a path as a StringView.
Also, make use of the case-insensitive StringView::ends_with() :^)
