First working version* (#1)

* hopefully it works now

* actually spawn startx

* print pwd

* print pwd

* print pwd

* whoami-temp

* added suid

* added suid

* added print user

* fixed group ids

* inc chvt version

* flipped setgid/setuid order

* chvt(1) after setuid

* change X to vt7

* change X to vt7

* chown

* chown

* removed chvt

* removed startx vt7

* removed chown

* restructure

* added print xauth

* starting X

* updated get free display to use path exists

* fuck commit messages

* yeet

* fuck

* yeet

* yeet

* 7

* groups

* groups

* chown

* nochown

* print

* added xdg envvars

* added env

* lang

* shovel

* it works! 🎉

* hi

* hey

Co-authored-by: Jonathan Donszelmann <[email protected]>

Author: Victor

Cargo.toml

@@ -1,5 +1,5 @@
 [package]
-name = "CaDMium"
+name = "cadmium"
 version = "0.1.0"
 authors = ["Victor Roest <[email protected]>"]
 edition = "2018"
@@ -9,4 +9,8 @@ logind-dbus="0.1.1"
 rpassword="4.0.1"
 pam="0.7.0"
 pam-sys="0.5.6"
-nix = "0.15.0"
+nix="0.15.0"
+users="0.9.1"
+chvt="0.2.0"
+rand="0.7.2"
+xcb="0.9.0"

cadmium.service

@@ -1,12 +1,15 @@
 [Unit]
 Description=CaDMium
-After=systemd-user-sessions.service
-Conflicts[email protected]
-After=systemd-user-sessions.service [email protected] plymouth-quit.service systemd-logind.service
-
+After=systemd-user-sessions.service plymouth-quit-wait.service
+After[email protected]
 
 [Service]
 ExecStart=/usr/bin/cadmium
+StandardInput=tty
+TTYPath=/dev/tty2
+TTYReset=yes
+TTYVHangup=yes
+Type=idle
 
 [Install]
 Alias=display-manager.service

res/xsetup.sh

@@ -0,0 +1,102 @@
+#! /bin/sh
+# Xsession - run as user
+# Copyright (C) 2016 Pier Luigi Fiorini <[email protected]>
+
+# This file is extracted from kde-workspace (kdm/kfrontend/genkdmconf.c)
+# Copyright (C) 2001-2005 Oswald Buddenhagen <[email protected]>
+
+# Note that the respective logout scripts are not sourced.
+case $SHELL in
+  */bash)
+    [ -z "$BASH" ] && exec $SHELL $0 "$@"
+    set +o posix
+    [ -f /etc/profile ] && . /etc/profile
+    if [ -f $HOME/.bash_profile ]; then
+      . $HOME/.bash_profile
+    elif [ -f $HOME/.bash_login ]; then
+      . $HOME/.bash_login
+    elif [ -f $HOME/.profile ]; then
+      . $HOME/.profile
+    fi
+    ;;
+*/zsh)
+    [ -z "$ZSH_NAME" ] && exec $SHELL $0 "$@"
+    [ -d /etc/zsh ] && zdir=/etc/zsh || zdir=/etc
+    zhome=${ZDOTDIR:-$HOME}
+    # zshenv is always sourced automatically.
+    [ -f $zdir/zprofile ] && . $zdir/zprofile
+    [ -f $zhome/.zprofile ] && . $zhome/.zprofile
+    [ -f $zdir/zlogin ] && . $zdir/zlogin
+    [ -f $zhome/.zlogin ] && . $zhome/.zlogin
+    emulate -R sh
+    ;;
+  */csh|*/tcsh)
+    # [t]cshrc is always sourced automatically.
+    # Note that sourcing csh.login after .cshrc is non-standard.
+    xsess_tmp=`mktemp /tmp/xsess-env-XXXXXX`
+    $SHELL -c "if (-f /etc/csh.login) source /etc/csh.login; if (-f ~/.login) source ~/.login; /bin/sh -c 'export -p' >! $xsess_tmp"
+    . $xsess_tmp
+    rm -f $xsess_tmp
+    ;;
+  */fish)
+    [ -f /etc/profile ] && . /etc/profile
+    xsess_tmp=`mktemp /tmp/xsess-env-XXXXXX`
+    $SHELL --login -c "/bin/sh -c 'export -p' > $xsess_tmp"
+    . $xsess_tmp
+    rm -f $xsess_tmp
+    ;;
+  *) # Plain sh, ksh, and anything we do not know.
+    [ -f /etc/profile ] && . /etc/profile
+    [ -f $HOME/.profile ] && . $HOME/.profile
+    ;;
+esac
+
+[ -f /etc/xprofile ] && . /etc/xprofile
+[ -f $HOME/.xprofile ] && . $HOME/.xprofile
+
+# run all system xinitrc shell scripts.
+if [ -d /etc/X11/xinit/xinitrc.d ]; then
+  for i in /etc/X11/xinit/xinitrc.d/* ; do
+  if [ -x "$i" ]; then
+    . "$i"
+  fi
+  done
+fi
+
+# Load Xsession scripts
+# OPTIONFILE, USERXSESSION, USERXSESSIONRC and ALTUSERXSESSION are required
+# by the scripts to work
+xsessionddir="/etc/X11/Xsession.d"
+OPTIONFILE=/etc/X11/Xsession.options
+USERXSESSION=$HOME/.xsession
+USERXSESSIONRC=$HOME/.xsessionrc
+ALTUSERXSESSION=$HOME/.Xsession
+
+if [ -d "$xsessionddir" ]; then
+    for i in `ls $xsessionddir`; do
+        script="$xsessionddir/$i"
+        echo "Loading X session script $script"
+        if [ -r "$script"  -a -f "$script" ] && expr "$i" : '^[[:alnum:]_-]\+$' > /dev/null; then
+            . "$script"
+        fi
+    done
+fi
+
+if [ -d /etc/X11/Xresources ]; then
+  for i in /etc/X11/Xresources/*; do
+    [ -f $i ] && xrdb -merge $i
+  done
+elif [ -f /etc/X11/Xresources ]; then
+  xrdb -merge /etc/X11/Xresources
+fi
+[ -f $HOME/.Xresources ] && xrdb -merge $HOME/.Xresources
+
+if [ -f "$USERXSESSION" ]; then
+  . "$USERXSESSION"
+fi
+
+if [ -z "$*" ]; then
+    exec xmessage -center -buttons OK:0 -default OK "Sorry, $DESKTOP_SESSION is no valid session."
+else
+    exec $@
+fi

src/askpass/mod.rs

@@ -0,0 +1,23 @@
+use std::error::Error;
+use core::fmt;
+use fmt::Debug;
+
+pub mod simple;
+
+
+#[derive(Debug)]
+pub enum AskPassError {
+
+}
+impl Error for AskPassError {}
+impl fmt::Display for AskPassError {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        <dyn Debug>::fmt(self, f)
+    }
+}
+
+pub struct UserInfo {
+    pub username: String,
+    pub password: String,
+}
+

src/askpass/simple.rs

@@ -0,0 +1,26 @@
+use crate::askpass::UserInfo;
+use std::io;
+use std::io::Write;
+use rpassword::read_password;
+
+pub fn simple_get_credentials() -> io::Result<UserInfo> {
+
+    println!("Login:");
+    print!("username: ");
+    io::stdout().flush().ok().expect("Could not flush stdout");
+
+
+    let mut username = String::new();
+    io::stdin().read_line(&mut username)?;
+    username.truncate(username.trim_end().len());
+
+    print!("password (hidden): ");
+    io::stdout().flush().ok().expect("Could not flush stdout");
+
+    let password = read_password()?;
+
+    Ok(UserInfo {
+        username,
+        password
+    })
+}

src/dbus.rs

@@ -0,0 +1,16 @@
+use std::process::Command;
+use std::env;
+
+pub fn start_dbus() {
+    let dbus_output = Command::new("/usr/bin/dbus-launch").output().expect("Couldn't start DBus");
+    let results = String::from_utf8_lossy(&dbus_output.stdout);
+    for variable in results.lines(){
+        let line: Vec<&str> = variable.splitn(2, "=").collect();
+
+        env::set_var(
+            line.get(0).expect("Couldn't read dbus-launch return value"),
+            line.get(1).expect("Couldn't read dbus-launch return value")
+        );
+    }
+
+}

src/error.rs

@@ -0,0 +1,24 @@
+use core::fmt;
+use std::error::Error;
+use crate::askpass::AskPassError;
+use fmt::Debug;
+use crate::x::XError;
+
+#[derive(Debug)]
+pub enum ErrorKind {
+    InhibitationError,
+    IoError,
+    AuthenticationError,
+    DBusError,
+    SessionError,
+    AskPassError(AskPassError),
+    XError(XError),
+
+}
+impl Error for ErrorKind {}
+impl fmt::Display for ErrorKind {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        <dyn Debug>::fmt(self, f)
+    }
+}
+

src/login.rs

@@ -0,0 +1,99 @@
+use crate::askpass::UserInfo;
+use crate::error::ErrorKind;
+use pam_sys::PamReturnCode;
+use crate::askpass::simple::simple_get_credentials;
+use logind_dbus::LoginManager;
+use pam::Authenticator;
+use users::get_user_by_name;
+use std::env;
+
+fn xdg(tty: u32, _uid: u32) {
+//    let user = format!("/run/user/{}", uid);
+//    env::set_var("XDG_RUNTIME_DIR", format!("/run/user/{}", uid));
+
+    env::set_var("XDG_SESSION_CLASS", "greeter");
+
+    //TODO: should be seat{display}. might need to move to a place where we actually know the display.
+    env::set_var("XDG_SEAT", "seat0");
+
+    env::set_var("XDG_VTNR", format!("{}", tty));
+    env::set_var("XDG_SESSION_ID", "1");
+
+    // temp
+//    env::set_var("DBUS_SESSION_BUS_ADDRESS", format!("unix:path=/run/user/{}/bus", uid));
+
+    env::set_var("XDG_SESSION_TYPE", "tty");
+}
+
+pub fn authenticate(tty: u32) -> Result<(UserInfo, LoginManager), ErrorKind>{
+    let logind_manager = LoginManager::new().expect("Could not get logind-manager");
+
+    let mut authenticator = Authenticator::with_password("login")
+        .expect("Failed to init PAM client.");
+
+    // block where we inhibit suspend
+    let login_info= {
+        let _suspend_lock = logind_manager.connect()
+            .inhibit_suspend("Cadmium", "login")
+            .map_err(|_| ErrorKind::InhibitationError)?;
+
+        // TODO: change to generic get credentials
+        let login_info = simple_get_credentials().map_err(|_| ErrorKind::IoError)?;
+
+        let user= get_user_by_name(&login_info.username).expect("Couldn't find username");
+        xdg(tty as u32, user.uid());
+
+        authenticator.get_handler().set_credentials(login_info.username.clone(), login_info.password);
+
+        match authenticator.authenticate() {
+            Err(e)=>  {
+                if e.to_string() == PamReturnCode::PERM_DENIED.to_string() {
+                    println!("Permission denied.");
+                } else if e.to_string() == PamReturnCode::AUTH_ERR.to_string() {
+                    #[cfg(debug_assertions)]
+                    dbg!("AUTH_ERR");
+
+                    println!("Authentication error.");
+                } else if e.to_string() == PamReturnCode::USER_UNKNOWN.to_string() {
+                    #[cfg(debug_assertions)]
+                    dbg!("USER_UNKNOWN");
+
+                    println!("Authentication error.");
+                } else if e.to_string() == PamReturnCode::MAXTRIES.to_string() {
+                    println!("Maximum login attempts reached.");
+                } else if e.to_string() == PamReturnCode::CRED_UNAVAIL.to_string() {
+                    println!("Underlying authentication service can not retrieve user credentials unavailable.");
+                } else if e.to_string() == PamReturnCode::ACCT_EXPIRED.to_string() {
+                    println!("Account expired");
+                } else if e.to_string() == PamReturnCode::CRED_EXPIRED.to_string() {
+                    println!("Account  expired");
+                } else if e.to_string() == PamReturnCode::TRY_AGAIN.to_string() {
+                    println!("PAM fucked up, please try again");
+                } else if e.to_string() == PamReturnCode::ABORT.to_string() {
+                    println!("user's authentication token has expired");
+                } else if e.to_string() == PamReturnCode::INCOMPLETE.to_string() {
+                    println!("We fucked up, please try again");
+                } else {
+                    println!("A PAM error occurred: {}", e);
+                }
+
+                return Err(ErrorKind::AuthenticationError)
+            }
+            Ok(_) => ()
+        };
+
+//        logind_manager.register().map_err(|_| ErrorKind::DBusError)?;
+
+        (
+            UserInfo{
+                username: login_info.username,
+                password: String::new()
+            },
+            logind_manager
+        )
+    };
+
+    authenticator.open_session().map_err(|_| ErrorKind::SessionError)?;
+
+    Ok(login_info)
+}