diff options
author | Ian Jackson <ian.jackson@eu.citrix.com> | 2017-09-15 18:10:44 +0100 |
---|---|---|
committer | Ian Jackson <Ian.Jackson@eu.citrix.com> | 2018-04-26 16:29:51 +0100 |
commit | 2c42f1e80103cb926c0703d4c1ac1fb9c3e2c600 (patch) | |
tree | 7a70bba42c024c87a4fdc8a43c64c7bbcf462c41 /os-posix.c | |
parent | f0a2171bf9f35b0430e18676a688b2c985f8917a (diff) |
os-posix: Provide new -runas <uid>:<gid> facility
This allows the caller to specify a uid and gid to use, even if there
is no corresponding password entry. This will be useful in certain
Xen configurations.
We don't support just -runas <uid> because: (i) deprivileging without
calling setgroups would be ineffective (ii) given only a uid we don't
know what gid we ought to use (since uids may eppear in multiple
passwd file entries with different gids).
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Markus Armbruster <armbru@redhat.com>
CC: Daniel P. Berrange <berrange@redhat.com>
CC: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Diffstat (limited to 'os-posix.c')
-rw-r--r-- | os-posix.c | 77 |
1 files changed, 65 insertions, 12 deletions
diff --git a/os-posix.c b/os-posix.c index 560db955cb..0f59566639 100644 --- a/os-posix.c +++ b/os-posix.c @@ -41,7 +41,14 @@ #include <sys/prctl.h> #endif -static struct passwd *user_pwd; +/* + * Must set all three of these at once. + * Legal combinations are unset by name by uid + */ +static struct passwd *user_pwd; /* NULL non-NULL NULL */ +static uid_t user_uid = (uid_t)-1; /* -1 -1 >=0 */ +static gid_t user_gid = (gid_t)-1; /* -1 -1 >=0 */ + static const char *chroot_dir; static int daemonize; static int daemon_pipe; @@ -127,6 +134,33 @@ void os_set_proc_name(const char *s) #endif } + +static bool os_parse_runas_uid_gid(const char *optarg) +{ + unsigned long lv; + const char *ep; + uid_t got_uid; + gid_t got_gid; + int rc; + + rc = qemu_strtoul(optarg, &ep, 0, &lv); + got_uid = lv; /* overflow here is ID in C99 */ + if (rc || *ep != ':' || got_uid != lv || got_uid == (uid_t)-1) { + return false; + } + + rc = qemu_strtoul(ep + 1, 0, 0, &lv); + got_gid = lv; /* overflow here is ID in C99 */ + if (rc || got_gid != lv || got_gid == (gid_t)-1) { + return false; + } + + user_pwd = NULL; + user_uid = got_uid; + user_gid = got_gid; + return true; +} + /* * Parse OS specific command line options. * return 0 if option handled, -1 otherwise @@ -144,8 +178,13 @@ void os_parse_cmd_args(int index, const char *optarg) #endif case QEMU_OPTION_runas: user_pwd = getpwnam(optarg); - if (!user_pwd) { - fprintf(stderr, "User \"%s\" doesn't exist\n", optarg); + if (user_pwd) { + user_uid = -1; + user_gid = -1; + } else if (!os_parse_runas_uid_gid(optarg)) { + error_report("User \"%s\" doesn't exist" + " (and is not <uid>:<gid>)", + optarg); exit(1); } break; @@ -165,18 +204,32 @@ void os_parse_cmd_args(int index, const char *optarg) static void change_process_uid(void) { - if (user_pwd) { - if (setgid(user_pwd->pw_gid) < 0) { - error_report("Failed to setgid(%d)", user_pwd->pw_gid); + assert((user_uid == (uid_t)-1) || user_pwd == NULL); + assert((user_uid == (uid_t)-1) == + (user_gid == (gid_t)-1)); + + if (user_pwd || user_uid != (uid_t)-1) { + gid_t intended_gid = user_pwd ? user_pwd->pw_gid : user_gid; + uid_t intended_uid = user_pwd ? user_pwd->pw_uid : user_uid; + if (setgid(intended_gid) < 0) { + error_report("Failed to setgid(%d)", intended_gid); exit(1); } - if (initgroups(user_pwd->pw_name, user_pwd->pw_gid) < 0) { - error_report("Failed to initgroups(\"%s\", %d)", - user_pwd->pw_name, user_pwd->pw_gid); - exit(1); + if (user_pwd) { + if (initgroups(user_pwd->pw_name, user_pwd->pw_gid) < 0) { + error_report("Failed to initgroups(\"%s\", %d)", + user_pwd->pw_name, user_pwd->pw_gid); + exit(1); + } + } else { + if (setgroups(1, &user_gid) < 0) { + error_report("Failed to setgroups(1, [%d])", + user_gid); + exit(1); + } } - if (setuid(user_pwd->pw_uid) < 0) { - error_report("Failed to setuid(%d)", user_pwd->pw_uid); + if (setuid(intended_uid) < 0) { + error_report("Failed to setuid(%d)", intended_uid); exit(1); } if (setuid(0) != -1) { |