forked from security/hakurei
exit: move final and early code to internal package
Exit cleanup state information is now stored in a dedicated struct and built up using methods of that struct. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
@@ -8,58 +8,102 @@ import (
|
||||
"path"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/acl"
|
||||
"git.ophivana.moe/cat/fortify/internal/final"
|
||||
"git.ophivana.moe/cat/fortify/internal/state"
|
||||
"git.ophivana.moe/cat/fortify/internal"
|
||||
"git.ophivana.moe/cat/fortify/internal/util"
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
)
|
||||
|
||||
const (
|
||||
pulseServer = "PULSE_SERVER"
|
||||
pulseCookie = "PULSE_COOKIE"
|
||||
|
||||
home = "HOME"
|
||||
xdgConfigHome = "XDG_CONFIG_HOME"
|
||||
)
|
||||
|
||||
func (a *App) SharePulse() {
|
||||
a.setEnablement(state.EnablePulse)
|
||||
a.setEnablement(internal.EnablePulse)
|
||||
|
||||
// ensure PulseAudio directory ACL (e.g. `/run/user/%d/pulse`)
|
||||
pulse := path.Join(a.runtimePath, "pulse")
|
||||
pulseS := path.Join(pulse, "native")
|
||||
if s, err := os.Stat(pulse); err != nil {
|
||||
if !errors.Is(err, fs.ErrNotExist) {
|
||||
final.Fatal("Error accessing PulseAudio directory:", err)
|
||||
internal.Fatal("Error accessing PulseAudio directory:", err)
|
||||
}
|
||||
final.Fatal(fmt.Sprintf("PulseAudio dir '%s' not found", pulse))
|
||||
internal.Fatal(fmt.Sprintf("PulseAudio dir '%s' not found", pulse))
|
||||
} else {
|
||||
// add environment variable for new process
|
||||
a.AppendEnv(util.PulseServer, "unix:"+pulseS)
|
||||
a.AppendEnv(pulseServer, "unix:"+pulseS)
|
||||
if err = acl.UpdatePerm(pulse, a.UID(), acl.Execute); err != nil {
|
||||
final.Fatal("Error preparing PulseAudio:", err)
|
||||
internal.Fatal("Error preparing PulseAudio:", err)
|
||||
} else {
|
||||
final.RegisterRevertPath(pulse)
|
||||
a.exit.RegisterRevertPath(pulse)
|
||||
}
|
||||
|
||||
// ensure PulseAudio socket permission (e.g. `/run/user/%d/pulse/native`)
|
||||
if s, err = os.Stat(pulseS); err != nil {
|
||||
if errors.Is(err, fs.ErrNotExist) {
|
||||
final.Fatal("PulseAudio directory found but socket does not exist")
|
||||
internal.Fatal("PulseAudio directory found but socket does not exist")
|
||||
}
|
||||
final.Fatal("Error accessing PulseAudio socket:", err)
|
||||
internal.Fatal("Error accessing PulseAudio socket:", err)
|
||||
} else {
|
||||
if m := s.Mode(); m&0o006 != 0o006 {
|
||||
final.Fatal(fmt.Sprintf("Unexpected permissions on '%s':", pulseS), m)
|
||||
internal.Fatal(fmt.Sprintf("Unexpected permissions on '%s':", pulseS), m)
|
||||
}
|
||||
}
|
||||
|
||||
// Publish current user's pulse-cookie for target user
|
||||
pulseCookieSource := util.DiscoverPulseCookie()
|
||||
pulseCookieSource := discoverPulseCookie()
|
||||
pulseCookieFinal := path.Join(a.sharePath, "pulse-cookie")
|
||||
a.AppendEnv(util.PulseCookie, pulseCookieFinal)
|
||||
a.AppendEnv(pulseCookie, pulseCookieFinal)
|
||||
verbose.Printf("Publishing PulseAudio cookie '%s' to '%s'\n", pulseCookieSource, pulseCookieFinal)
|
||||
if err = util.CopyFile(pulseCookieFinal, pulseCookieSource); err != nil {
|
||||
final.Fatal("Error copying PulseAudio cookie:", err)
|
||||
internal.Fatal("Error copying PulseAudio cookie:", err)
|
||||
}
|
||||
if err = acl.UpdatePerm(pulseCookieFinal, a.UID(), acl.Read); err != nil {
|
||||
final.Fatal("Error publishing PulseAudio cookie:", err)
|
||||
internal.Fatal("Error publishing PulseAudio cookie:", err)
|
||||
} else {
|
||||
final.RegisterRevertPath(pulseCookieFinal)
|
||||
a.exit.RegisterRevertPath(pulseCookieFinal)
|
||||
}
|
||||
|
||||
verbose.Printf("PulseAudio dir '%s' configured\n", pulse)
|
||||
}
|
||||
}
|
||||
|
||||
// discoverPulseCookie try various standard methods to discover the current user's PulseAudio authentication cookie
|
||||
func discoverPulseCookie() string {
|
||||
if p, ok := os.LookupEnv(pulseCookie); ok {
|
||||
return p
|
||||
}
|
||||
|
||||
if p, ok := os.LookupEnv(home); ok {
|
||||
p = path.Join(p, ".pulse-cookie")
|
||||
if s, err := os.Stat(p); err != nil {
|
||||
if !errors.Is(err, fs.ErrNotExist) {
|
||||
internal.Fatal("Error accessing PulseAudio cookie:", err)
|
||||
// unreachable
|
||||
return p
|
||||
}
|
||||
} else if !s.IsDir() {
|
||||
return p
|
||||
}
|
||||
}
|
||||
|
||||
if p, ok := os.LookupEnv(xdgConfigHome); ok {
|
||||
p = path.Join(p, "pulse", "cookie")
|
||||
if s, err := os.Stat(p); err != nil {
|
||||
if !errors.Is(err, fs.ErrNotExist) {
|
||||
internal.Fatal("Error accessing PulseAudio cookie:", err)
|
||||
// unreachable
|
||||
return p
|
||||
}
|
||||
} else if !s.IsDir() {
|
||||
return p
|
||||
}
|
||||
}
|
||||
|
||||
internal.Fatal(fmt.Sprintf("Cannot locate PulseAudio cookie (tried $%s, $%s/pulse/cookie, $%s/.pulse-cookie)",
|
||||
pulseCookie, xdgConfigHome, home))
|
||||
return ""
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user