Landry Breuil <landry@openbsd.org> writes:

> Le Fri, Oct 31, 2025 at 10:40:35PM +0100, Landry Breuil a écrit :
>> hi,
>> 
>> third attempt at a port for https://git.sr.ht/~kennylevinsen/gtkgreet &
>> https://git.sr.ht/~kennylevinsen/greetd, i'm at a point where i have
>> something that 'works', eg:
>> 
>> - greetd is started as root via rc.d
>> - it spawns cage -- gtkgreet (still as root, but should technically be
>>   with a dedicated user) to show the graphical login manager in a caged
>> wayland session
>> - when the user logs in, the cage wayland session exits, and the chosen
>>   wayland session (eg labwc, sway, wayfire for now on OpenBSD, list to
>> fill in /etc/greetd/environments) is started as the given user.
>> - exiting that session (eg pkill labwc), the greeter is shown again.
>> 
>> things to improve:
>> - properly call login_fbtab instead of the super ugly chown i'm doing
>>   (see patches/patch-greetd_src_session_worker_rs, i know nothing to
>> rust, and so far i hate this first experience with it)
>> 
>> - do something to mkdir ~/.local/run with the to-be-logged-in user ?
>> 
>> - see if it can work on other ttys than ttyC0 (but then fbtab should be
>>   amended ?)
>> 
>> - see if /var/run/greetd should be created/deleted outside of the rc
>>   script and in the rust code ? this one is used only for the 'greeter'
>> wayland session
>> 
>> - see how it can work with a dedicated unpriv user
>
> new iteration, with:
>
> - "proper" login_fbtab() integration, which resets ownership to root when
>   the wayland session exits

a small comment about login_fbtab()

> Index: greetd/src/session/worker.rs
> --- greetd/src/session/worker.rs.orig
> +++ greetd/src/session/worker.rs
> @@ -1,5 +1,13 @@
>  use std::{env, ffi::CString, os::unix::net::UnixDatagram};
>  
> +use libc::{ c_int, c_char, uid_t, gid_t };
> +#[link(name = "util")]
> +extern "C" {
> +    fn login_fbtab(tty: *const c_char, uid: uid_t, gid: gid_t) -> c_int;
> +}
> +
> +use std::os::unix::fs;
> +
>  use nix::{
>      sys::wait::waitpid,
>      unistd::{execve, fork, initgroups, setgid, setsid, setuid, ForkResult},
> @@ -163,6 +171,13 @@ fn worker(sock: &UnixDatagram) -> Result<(), Error> {
>  
>      let user = nix::unistd::User::from_name(&pam_username)?.ok_or("unable to get user info")?;
>  
> +    let ttyc_str = CString::new("ttyC0").unwrap();
> +    let ttyptr: *const i8 = ttyc_str.as_ptr() as *const i8;

use c_char instead of i8 here. else it will not build on archs where
c_char is unsigned (like aarch64)

> +    let rc = unsafe { login_fbtab(ttyptr, user.uid.into(), user.gid.into()) };
> +    if rc != 0 {
> +        return Err("login_fbtab failed".into());
> +    }
> +
>      // Make this process a session leader.
>      setsid().map_err(|e| format!("unable to become session leader: {}", e))?;
>  

Regards
-- 
Sebastien Marie