main: Allow cache files to be marked immutableallow-overriding-system-account

At the moment, at start up we unconditionally reset permission of all cache files in /var/lib/AccountsService/users. If the mode of the files can't be reset, accountsservice fails to start. But there's a situation where we should proceed anyway: If the mode is already correct, and the file is read-only, there is no reason to refuse to proceed. This commit changes the code to explicitly validate the permissions of the file before failing.
author: Ray Strode <rstrode@redhat.com> 2021-09-09 09:40:49 -0400
committer: Ray Strode <rstrode@redhat.com> 2021-09-10 16:03:24 -0400
commit: 6b72e84dc0f4dad72e3d4831088d11968adc232c (patch)
tree: ccc9a1ea6c4f0dd73c82e74fbe80bfc955ca8744
parent: e718b762f9ba2d334c6800b5637ef10d908a1ff5 (diff)
download: accountsservice-allow-overriding-system-account.tar.gz
1 files changed, 25 insertions, 4 deletions
diff --git a/src/main.c b/src/main.c
index 2163fa6..f7f4331 100644
--- a/src/main.c
+++ b/src/main.c
@@ -43,6 +43,8 @@ ensure_directory (const char  *path,
                   gint         mode,
                   GError     **error)
 {
+        GStatBuf stat_buffer = { 0 };
+
         if (g_mkdir_with_parents (path, mode) < 0) {
                 g_set_error (error,
                              G_FILE_ERROR,
@@ -52,15 +54,28 @@ ensure_directory (const char  *path,
                 return FALSE;
         }
 
-        if (g_chmod (path, mode) < 0) {
+        g_chmod (path, mode);
+
+        if (g_stat (path, &stat_buffer) < 0) {
+                g_clear_error (error);
+
                 g_set_error (error,
                              G_FILE_ERROR,
                              g_file_error_from_errno (errno),
-                             "Failed to change permissions of directory %s: %m",
+                             "Failed to validate permissions of directory %s: %m",
                              path);
                 return FALSE;
         }
 
+        if ((stat_buffer.st_mode & ~S_IFMT) != mode) {
+                g_set_error (error,
+                             G_FILE_ERROR,
+                             g_file_error_from_errno (errno),
+                             "Directory %s has wrong mode %o; it should be %o",
+                             path, stat_buffer.st_mode, mode);
+                return FALSE;
+        }
+
         return TRUE;
 }
 
@@ -78,12 +93,19 @@ ensure_file_permissions (const char  *dir_path,
                 return FALSE;
 
         while ((filename = g_dir_read_name (dir)) != NULL) {
+                GStatBuf stat_buffer = { 0 };
+
                 gchar *file_path = g_build_filename (dir_path, filename, NULL);
 
                 g_debug ("Changing permission of %s to %04o", file_path, file_mode);
-                if (g_chmod (file_path, file_mode) < 0)
+                g_chmod (file_path, file_mode);
+
+                if (g_stat (file_path, &stat_buffer) < 0)
                         errsv = errno;
 
+                if ((stat_buffer.st_mode & ~S_IFMT) != file_mode)
+                        errsv = EACCES;
+
                 g_free (file_path);
         }
 
@@ -125,7 +147,6 @@ on_bus_acquired (GDBusConnection  *connection,
                 g_main_loop_quit (loop);
                 return;
         }
-
         openlog ("accounts-daemon", LOG_PID, LOG_DAEMON);
         syslog (LOG_INFO, "started daemon version %s", VERSION);
         closelog ();
author	Ray Strode <rstrode@redhat.com>	2021-09-09 09:40:49 -0400
committer	Ray Strode <rstrode@redhat.com>	2021-09-10 16:03:24 -0400
commit	6b72e84dc0f4dad72e3d4831088d11968adc232c (patch)
tree	ccc9a1ea6c4f0dd73c82e74fbe80bfc955ca8744
parent	e718b762f9ba2d334c6800b5637ef10d908a1ff5 (diff)
download	accountsservice-allow-overriding-system-account.tar.gz