aboutsummaryrefslogtreecommitdiff
path: root/os-posix.c
diff options
context:
space:
mode:
authorIan Jackson <ian.jackson@eu.citrix.com>2017-09-15 18:10:44 +0100
committerIan Jackson <Ian.Jackson@eu.citrix.com>2018-04-26 16:29:51 +0100
commit2c42f1e80103cb926c0703d4c1ac1fb9c3e2c600 (patch)
tree7a70bba42c024c87a4fdc8a43c64c7bbcf462c41 /os-posix.c
parentf0a2171bf9f35b0430e18676a688b2c985f8917a (diff)
os-posix: Provide new -runas <uid>:<gid> facility
This allows the caller to specify a uid and gid to use, even if there is no corresponding password entry. This will be useful in certain Xen configurations. We don't support just -runas <uid> because: (i) deprivileging without calling setgroups would be ineffective (ii) given only a uid we don't know what gid we ought to use (since uids may eppear in multiple passwd file entries with different gids). Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Reviewed-by: Anthony PERARD <anthony.perard@citrix.com> CC: Paolo Bonzini <pbonzini@redhat.com> CC: Markus Armbruster <armbru@redhat.com> CC: Daniel P. Berrange <berrange@redhat.com> CC: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Diffstat (limited to 'os-posix.c')
-rw-r--r--os-posix.c77
1 files changed, 65 insertions, 12 deletions
diff --git a/os-posix.c b/os-posix.c
index 560db955cb..0f59566639 100644
--- a/os-posix.c
+++ b/os-posix.c
@@ -41,7 +41,14 @@
#include <sys/prctl.h>
#endif
-static struct passwd *user_pwd;
+/*
+ * Must set all three of these at once.
+ * Legal combinations are unset by name by uid
+ */
+static struct passwd *user_pwd; /* NULL non-NULL NULL */
+static uid_t user_uid = (uid_t)-1; /* -1 -1 >=0 */
+static gid_t user_gid = (gid_t)-1; /* -1 -1 >=0 */
+
static const char *chroot_dir;
static int daemonize;
static int daemon_pipe;
@@ -127,6 +134,33 @@ void os_set_proc_name(const char *s)
#endif
}
+
+static bool os_parse_runas_uid_gid(const char *optarg)
+{
+ unsigned long lv;
+ const char *ep;
+ uid_t got_uid;
+ gid_t got_gid;
+ int rc;
+
+ rc = qemu_strtoul(optarg, &ep, 0, &lv);
+ got_uid = lv; /* overflow here is ID in C99 */
+ if (rc || *ep != ':' || got_uid != lv || got_uid == (uid_t)-1) {
+ return false;
+ }
+
+ rc = qemu_strtoul(ep + 1, 0, 0, &lv);
+ got_gid = lv; /* overflow here is ID in C99 */
+ if (rc || got_gid != lv || got_gid == (gid_t)-1) {
+ return false;
+ }
+
+ user_pwd = NULL;
+ user_uid = got_uid;
+ user_gid = got_gid;
+ return true;
+}
+
/*
* Parse OS specific command line options.
* return 0 if option handled, -1 otherwise
@@ -144,8 +178,13 @@ void os_parse_cmd_args(int index, const char *optarg)
#endif
case QEMU_OPTION_runas:
user_pwd = getpwnam(optarg);
- if (!user_pwd) {
- fprintf(stderr, "User \"%s\" doesn't exist\n", optarg);
+ if (user_pwd) {
+ user_uid = -1;
+ user_gid = -1;
+ } else if (!os_parse_runas_uid_gid(optarg)) {
+ error_report("User \"%s\" doesn't exist"
+ " (and is not <uid>:<gid>)",
+ optarg);
exit(1);
}
break;
@@ -165,18 +204,32 @@ void os_parse_cmd_args(int index, const char *optarg)
static void change_process_uid(void)
{
- if (user_pwd) {
- if (setgid(user_pwd->pw_gid) < 0) {
- error_report("Failed to setgid(%d)", user_pwd->pw_gid);
+ assert((user_uid == (uid_t)-1) || user_pwd == NULL);
+ assert((user_uid == (uid_t)-1) ==
+ (user_gid == (gid_t)-1));
+
+ if (user_pwd || user_uid != (uid_t)-1) {
+ gid_t intended_gid = user_pwd ? user_pwd->pw_gid : user_gid;
+ uid_t intended_uid = user_pwd ? user_pwd->pw_uid : user_uid;
+ if (setgid(intended_gid) < 0) {
+ error_report("Failed to setgid(%d)", intended_gid);
exit(1);
}
- if (initgroups(user_pwd->pw_name, user_pwd->pw_gid) < 0) {
- error_report("Failed to initgroups(\"%s\", %d)",
- user_pwd->pw_name, user_pwd->pw_gid);
- exit(1);
+ if (user_pwd) {
+ if (initgroups(user_pwd->pw_name, user_pwd->pw_gid) < 0) {
+ error_report("Failed to initgroups(\"%s\", %d)",
+ user_pwd->pw_name, user_pwd->pw_gid);
+ exit(1);
+ }
+ } else {
+ if (setgroups(1, &user_gid) < 0) {
+ error_report("Failed to setgroups(1, [%d])",
+ user_gid);
+ exit(1);
+ }
}
- if (setuid(user_pwd->pw_uid) < 0) {
- error_report("Failed to setuid(%d)", user_pwd->pw_uid);
+ if (setuid(intended_uid) < 0) {
+ error_report("Failed to setuid(%d)", intended_uid);
exit(1);
}
if (setuid(0) != -1) {