Rewrite chuser() for simplicity and correctness

- Use unambiguous variable names (w/o package name conflict).
- Fail on invalid input such as the empty string or `:`.
- Do not change group without user, i.e. fail on `:group`.
- Parse input using mnemonic APIs.
- Do not juggle between integer types.
- Unset supplementary groups.
- Use setres[ug]id(2) to match the idiom of OpenBSD base programs.

Includes/Supersedes yggdrasil-network#1202.
Fixes yggdrasil-network#927.

I only tested on OpenBSD (so far), hence the split, but other systems
should just work.

Author: klemensn

cmd/yggdrasil/chuser_openbsd.go

@@ -0,0 +1,57 @@
+//go:build openbsd
+// +build openbsd
+
+package main
+
+import (
+	"fmt"
+	"os/user"
+	"strconv"
+	"strings"
+
+	"golang.org/x/sys/unix"
+)
+
+func chuser(input string) error {
+	givenUser, givenGroup, _ := strings.Cut(input, ":")
+
+	var (
+		err      error
+		usr      *user.User
+		grp      *user.Group
+		uid, gid int
+	)
+
+	if usr, err = user.Lookup(givenUser); err != nil {
+		if usr, err = user.LookupId(givenUser); err != nil {
+			return err
+		}
+	}
+	if uid, err = strconv.Atoi(usr.Uid); err != nil {
+		return err
+	}
+
+	if givenGroup != "" {
+		if grp, err = user.LookupGroup(givenGroup); err != nil {
+			if grp, err = user.LookupGroupId(givenGroup); err != nil {
+				return err
+			}
+		}
+
+		gid, _ = strconv.Atoi(grp.Gid)
+	} else {
+		gid, _ = strconv.Atoi(usr.Gid)
+	}
+
+	if err := unix.Setgroups([]int{gid}); err != nil {
+		return fmt.Errorf("setgroups: %d: %v", gid, err)
+	}
+	if err := unix.Setresgid(gid, gid, gid); err != nil {
+		return fmt.Errorf("setresgid: %d: %v", gid, err)
+	}
+	if err := unix.Setresuid(uid, uid, uid); err != nil {
+		return fmt.Errorf("setresuid: %d: %v", uid, err)
+	}
+
+	return nil
+}

cmd/yggdrasil/chuser_unix.go

@@ -1,5 +1,5 @@
-//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || solaris
+// +build aix darwin dragonfly freebsd linux netbsd solaris
 
 package main