From 12127d9c04e8151c51bd14114dce424ff8448345 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Thu, 9 Sep 2021 09:40:49 -0400
Subject: [PATCH 2/2] main: Allow cache files to be marked immutable

At the moment, at start up we unconditionally reset permission of all
cache files in /var/lib/AccountsService/users.  If the mode of the files
can't be reset, accountsservice fails to start.

But there's a situation where we should proceed anyway: If the
mode is already correct, and the file is read-only, there is no reason
to refuse to proceed.

This commit changes the code to explicitly validate the permissions of
the file before failing.
---
 src/main.c | 29 +++++++++++++++++++++++++----
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/src/main.c b/src/main.c
index 01cb617..36a2d7e 100644
--- a/src/main.c
+++ b/src/main.c
@@ -16,143 +16,164 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
  *
  * Written by: Matthias Clasen <mclasen@redhat.com>
  */
 
 #include "config.h"
 
 #include <stdlib.h>
 #include <stdarg.h>
 #include <locale.h>
 #include <libintl.h>
 #include <syslog.h>
 #include <sys/stat.h>
 #include <errno.h>
 
 #include <glib.h>
 #include <glib/gi18n.h>
 #include <glib/gstdio.h>
 #include <glib-unix.h>
 
 #include "daemon.h"
 
 #define NAME_TO_CLAIM "org.freedesktop.Accounts"
 
 static gboolean
 ensure_directory (const char  *path,
                   gint         mode,
                   GError     **error)
 {
+        GStatBuf stat_buffer = { 0 };
+
         if (g_mkdir_with_parents (path, mode) < 0) {
                 g_set_error (error,
                              G_FILE_ERROR,
                              g_file_error_from_errno (errno),
                              "Failed to create directory %s: %m",
                              path);
                 return FALSE;
         }
 
-        if (g_chmod (path, mode) < 0) {
+        g_chmod (path, mode);
+
+        if (g_stat (path, &stat_buffer) < 0) {
+                g_clear_error (error);
+
                 g_set_error (error,
                              G_FILE_ERROR,
                              g_file_error_from_errno (errno),
-                             "Failed to change permissions of directory %s: %m",
+                             "Failed to validate permissions of directory %s: %m",
                              path);
                 return FALSE;
         }
 
+        if ((stat_buffer.st_mode & ~S_IFMT) != mode) {
+                g_set_error (error,
+                             G_FILE_ERROR,
+                             g_file_error_from_errno (errno),
+                             "Directory %s has wrong mode %o; it should be %o",
+                             path, stat_buffer.st_mode, mode);
+                return FALSE;
+        }
+
         return TRUE;
 }
 
 static gboolean
 ensure_file_permissions (const char  *dir_path,
                          gint         file_mode,
                          GError     **error)
 {
         GDir *dir = NULL;
         const gchar *filename;
         gint errsv = 0;
 
         dir = g_dir_open (dir_path, 0, error);
         if (dir == NULL)
                 return FALSE;
 
         while ((filename = g_dir_read_name (dir)) != NULL) {
+                GStatBuf stat_buffer = { 0 };
+
                 gchar *file_path = g_build_filename (dir_path, filename, NULL);
 
                 g_debug ("Changing permission of %s to %04o", file_path, file_mode);
-                if (g_chmod (file_path, file_mode) < 0)
+                g_chmod (file_path, file_mode);
+
+                if (g_stat (file_path, &stat_buffer) < 0)
                         errsv = errno;
 
+                if ((stat_buffer.st_mode & ~S_IFMT) != file_mode)
+                        errsv = EACCES;
+
                 g_free (file_path);
         }
 
         g_dir_close (dir);
 
         /* Report any errors after all chmod()s have been attempted. */
         if (errsv != 0) {
                 g_set_error (error,
                              G_FILE_ERROR,
                              g_file_error_from_errno (errsv),
                              "Failed to change permissions of files in directory %s: %m",
                              dir_path);
                 return FALSE;
         }
 
         return TRUE;
 }
 
 static void
 on_bus_acquired (GDBusConnection  *connection,
                  const gchar      *name,
                  gpointer          user_data)
 {
         GMainLoop *loop = user_data;
         Daemon *daemon;
         g_autoptr(GError) error = NULL;
 
         if (!ensure_directory (ICONDIR, 0775, &error) ||
             !ensure_directory (USERDIR, 0700, &error) ||
             !ensure_file_permissions (USERDIR, 0600, &error)) {
                 g_printerr ("%s\n", error->message);
                 g_main_loop_quit (loop);
                 return;
         }
 
         daemon = daemon_new ();
         if (daemon == NULL) {
                 g_printerr ("Failed to initialize daemon\n");
                 g_main_loop_quit (loop);
                 return;
         }
-
         openlog ("accounts-daemon", LOG_PID, LOG_DAEMON);
         syslog (LOG_INFO, "started daemon version %s", VERSION);
         closelog ();
         openlog ("accounts-daemon", 0, LOG_AUTHPRIV);
 }
 
 static void
 on_name_lost (GDBusConnection  *connection,
               const gchar      *name,
               gpointer          user_data)
 {
         GMainLoop *loop = user_data;
 
         g_debug ("got NameLost, exiting");
         g_main_loop_quit (loop);
 }
 
 static gboolean debug;
 
 static void
 on_log_debug (const gchar *log_domain,
               GLogLevelFlags log_level,
               const gchar *message,
               gpointer user_data)
 {
         g_autoptr(GString) string = NULL;
         const gchar *progname;
         int ret G_GNUC_UNUSED;
 
         string = g_string_new (NULL);
-- 
2.31.1