added users (spsf untangled by astronand)

2026-02-20 23:32:05 -05:00
parent 57b1d46837
commit 0655f2a39e
20 changed files with 2419 additions and 237 deletions
--- a/Src/Hyperion-kernel/lib/modules/Hyperion/92_permissions.kmod
+++ b/Src/Hyperion-kernel/lib/modules/Hyperion/92_permissions.kmod
@@ -0,0 +1,165 @@
+--:Minify:--
+local kernel = ...
+
+local bit32 = require("bit32")
+local bor = bit32.bor
+local lshift = bit32.lshift
+
+--   bit 0 = everyone-write,  bit 1 = everyone-read
+--   bit 2 = group-write,     bit 3 = group-read
+--   bit 4 = owner-write,     bit 5 = owner-read
+--   bit 6 = suid
+local P_OWNER_R = lshift(1, 5)
+local P_OWNER_W = lshift(1, 4)
+local P_GROUP_R = lshift(1, 3)
+local P_GROUP_W = lshift(1, 2)
+local P_WORLD_R = lshift(1, 1)
+local P_WORLD_W = lshift(1, 0)
+local P_SUID    = lshift(1, 6)
+
+local RW_R_R   = bor(P_OWNER_R, P_OWNER_W, P_GROUP_R, P_WORLD_R)         -- 644 / rw-r--r--
+local RWX_R_R  = bor(P_OWNER_R, P_OWNER_W, P_GROUP_R, P_WORLD_R)         -- 755 / rwxr--r--
+local RW_R__   = bor(P_OWNER_R, P_OWNER_W, P_GROUP_R)                    -- 640 / rw-r-----
+local RW____   = bor(P_OWNER_R, P_OWNER_W)                               -- 600 / rw-------
+local SUID_755 = bor(P_SUID, P_OWNER_R, P_OWNER_W, P_GROUP_R, P_WORLD_R) -- 4755
+
+local function metaEntry(name, owner, group, perms)
+    return string.char(#name) .. name
+        .. string.char(owner, group, perms)
+        .. string.char(0)
+end
+
+local rootDisk = kernel.disks["$"]
+
+local function writeMeta(dir, entries)
+    local diskDir = dir == "/" and "/" or dir
+    local path = (diskDir:sub(-1) == "/" and diskDir or diskDir .. "/") .. ".meta"
+    if path:sub(1,1) == "/" then path = path:sub(2) end
+    if path == "" then path = ".meta" end
+
+    local data = ""
+    for _, e in ipairs(entries) do
+        data = data .. metaEntry(e[1], e[2], e[3], e[4])
+    end
+
+    local ok, err = pcall(function()
+        local f = rootDisk:open(path, "w")
+        f.write(data)
+        f.close()
+    end)
+    if not ok then
+        kernel.log("permissions: failed to write /" .. path .. ": " .. tostring(err), "WARN", 8)
+    end
+end
+
+if rootDisk:fileExists(".meta") then
+    kernel.log("Permissions already seeded, skipping.", "INFO")
+else
+    kernel.log("Seeding filesystem permissions...", "INFO")
+
+    writeMeta("/", {
+        {"bin",     0, 0, RWX_R_R},
+        {"boot",    0, 0, RWX_R_R},
+        {"dev",     0, 0, RWX_R_R},
+        {"etc",     0, 0, RWX_R_R},
+        {"home",    0, 0, RWX_R_R},
+        {"lib",     0, 0, RWX_R_R},
+        {"root",    0, 0, RW____  },
+        {"sbin",    0, 0, RWX_R_R},
+        {"tmp",     0, 0, bor(P_OWNER_R, P_OWNER_W, P_GROUP_R, P_GROUP_W, P_WORLD_R, P_WORLD_W)},
+        {"usr",     0, 0, RWX_R_R},
+        {"var",     0, 0, RWX_R_R},
+    })
+
+    writeMeta("/bin", {
+        {"cat",     0, 0, RWX_R_R},
+        {"clear",   0, 0, RWX_R_R},
+        {"echo",    0, 0, RWX_R_R},
+        {"hfetch",  0, 0, RWX_R_R},
+        {"hysh",    0, 0, RWX_R_R},
+        {"hyshex",  0, 0, RWX_R_R},
+        {"install", 0, 0, RWX_R_R},
+        {"login",   0, 0, SUID_755},
+        {"ls",      0, 0, RWX_R_R},
+        {"lua",     0, 0, RWX_R_R},
+        {"luaold",  0, 0, RWX_R_R},
+        {"mkdir",   0, 0, RWX_R_R},
+        {"ps",      0, 0, RWX_R_R},
+        {"pwd",     0, 0, RWX_R_R},
+        {"spm",     0, 0, RWX_R_R},
+        {"su",      0, 0, SUID_755},
+        {"sudo",    0, 0, SUID_755},
+        {"sysdump", 0, 0, RWX_R_R},
+        {"whoami",  0, 0, RWX_R_R},
+        {"yes",     0, 0, RWX_R_R},
+        {"startup", 0, 0, RWX_R_R},
+    })
+
+    writeMeta("/bin/startup", {
+        {"test.lua",    0, 0, RWX_R_R},
+    })
+
+    writeMeta("/etc", {
+        {"passwd",  0, 0, RW_R_R},
+        {"shadow",  0, 0, RW____  },
+        {"pam.d",   0, 0, RWX_R_R},
+    })
+
+    writeMeta("/etc/pam.d", {
+        {"secret",  0, 0, RW____},
+    })
+
+    writeMeta("/sbin", {
+        {"init.lua", 0, 0, RWX_R_R},
+    })
+
+    writeMeta("/boot", {
+        {"kernel.lua",   0, 0, RW_R_R},
+        {"boot.cfg",     0, 0, RW_R_R},
+        {"safeboot.cfg", 0, 0, RW_R_R},
+        {"fstab",        0, 0, RW_R_R},
+        {"initfs",       0, 0, RW_R_R},
+        {"cct",          0, 0, RWX_R_R},
+        {"oc",           0, 0, RWX_R_R},
+    })
+
+    writeMeta("/lib", {
+        {"sys",     0, 0, RWX_R_R},
+        {"modules", 0, 0, RWX_R_R},
+        {"crypto",  0, 0, RWX_R_R},
+        {"store",   0, 0, RWX_R_R},
+        {"snip",    0, 0, RW_R_R},
+        {"io",      0, 0, RW_R_R},
+        {"bit32",   0, 0, RW_R_R},
+    })
+
+    kernel.log("Filesystem permissions seeded.", "INFO")
+end
+
+-- TODO: move this to vfs.kmod
+local _orig_open = kernel.vfs.open
+kernel.vfs.open = function(path, mode)
+    local fd = _orig_open(path, mode)
+    if mode == "r" then
+        local task = kernel.currentTask
+        local fobj = task.fd[fd]
+        if fobj and fobj.meta then
+            local suid_set = bit32.extract(fobj.meta.perms, 6) == 1
+            if suid_set then
+                fobj.suid_owner = fobj.meta.owner
+            end
+        end
+    end
+    return fd
+end
+
+kernel.syscalls["fget_suid"] = function(fd)
+    local task = kernel.currentTask
+    local fobj = task and task.fd[fd]
+    if fobj and fobj.suid_owner then
+        return fobj.suid_owner
+    end
+    return nil
+end
+
+kernel.log("Permission module loaded.", "INFO")