Skip to content

Commit

Permalink
Rewrite chuser() for simplicity and correctness
Browse files Browse the repository at this point in the history
- Use unambiguous variable names (w/o package name conflict).
- Fail on invalid input such as the empty string or `:`.
- Do not change group without user, i.e. fail on `:group`.
- Parse input using mnemonic APIs.
- Do not juggle between integer types.
- Unset supplementary groups.
- Use setres[ug]id(2) to match the idiom of OpenBSD base programs.

Includes/Supersedes yggdrasil-network#1202.
Fixes yggdrasil-network#927.

I only tested on OpenBSD (so far), hence the split, but other systems
should just work.
  • Loading branch information
klemensn committed Nov 11, 2024
1 parent 75d2080 commit a0bfd9d
Show file tree
Hide file tree
Showing 2 changed files with 59 additions and 2 deletions.
57 changes: 57 additions & 0 deletions cmd/yggdrasil/chuser_openbsd.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
//go:build openbsd
// +build openbsd

package main

import (
"fmt"
"os/user"
"strconv"
"strings"

"golang.org/x/sys/unix"
)

func chuser(input string) error {
givenUser, givenGroup, _ := strings.Cut(input, ":")

var (
err error
usr *user.User
grp *user.Group
uid, gid int
)

if usr, err = user.Lookup(givenUser); err != nil {
if usr, err = user.LookupId(givenUser); err != nil {
return err
}
}
if uid, err = strconv.Atoi(usr.Uid); err != nil {
return err
}

if givenGroup != "" {
if grp, err = user.LookupGroup(givenGroup); err != nil {
if grp, err = user.LookupGroupId(givenGroup); err != nil {
return err
}
}

gid, _ = strconv.Atoi(grp.Gid)
} else {
gid, _ = strconv.Atoi(usr.Gid)
}

if err := unix.Setgroups([]int{gid}); err != nil {
return fmt.Errorf("setgroups: %d: %v", gid, err)
}
if err := unix.Setresgid(gid, gid, gid); err != nil {
return fmt.Errorf("setresgid: %d: %v", gid, err)
}
if err := unix.Setresuid(uid, uid, uid); err != nil {
return fmt.Errorf("setresuid: %d: %v", uid, err)
}

return nil
}
4 changes: 2 additions & 2 deletions cmd/yggdrasil/chuser_unix.go
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || solaris
// +build aix darwin dragonfly freebsd linux netbsd solaris

package main

Expand Down

0 comments on commit a0bfd9d

Please sign in to comment.