Skip to content

Commit

Permalink
one chuser() to rule them all
Browse files Browse the repository at this point in the history
  • Loading branch information
@klemensn
klemensn committed Nov 11, 2024
1 parent a0bfd9d commit 3fede90
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 126 deletions.
57 changes: 0 additions & 57 deletions cmd/yggdrasil/chuser_openbsd.go
View file

This file was deleted.

102 changes: 33 additions & 69 deletions cmd/yggdrasil/chuser_unix.go
View file
Original file line number Diff line number Diff line change
@@ -1,92 +1,56 @@
//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || solaris
// +build aix darwin dragonfly freebsd linux netbsd solaris
//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris

package main

import (
"errors"
"fmt"
"math"
osuser "os/user"
"os/user"
"strconv"
"strings"
"syscall"

"golang.org/x/sys/unix"
)

func chuser(user string) error {
group := ""
if i := strings.IndexByte(user, ':'); i >= 0 {
user, group = user[:i], user[i+1:]
}
func chuser(input string) error {
givenUser, givenGroup, _ := strings.Cut(input, ":")

u := (*osuser.User)(nil)
g := (*osuser.Group)(nil)
var (
err error
usr *user.User
grp *user.Group
uid, gid int
)

if user != "" {
if _, err := strconv.ParseUint(user, 10, 32); err == nil {
u, err = osuser.LookupId(user)
if err != nil {
return fmt.Errorf("failed to lookup user by id %q: %v", user, err)
}
} else {
u, err = osuser.Lookup(user)
if err != nil {
return fmt.Errorf("failed to lookup user by name %q: %v", user, err)
}
if usr, err = user.Lookup(givenUser); err != nil {
if usr, err = user.LookupId(givenUser); err != nil {
return err
}
}
if group != "" {
if _, err := strconv.ParseUint(group, 10, 32); err == nil {
g, err = osuser.LookupGroupId(group)
if err != nil {
return fmt.Errorf("failed to lookup group by id %q: %v", user, err)
}
} else {
g, err = osuser.LookupGroup(group)
if err != nil {
return fmt.Errorf("failed to lookup group by name %q: %v", user, err)
}
}
if uid, err = strconv.Atoi(usr.Uid); err != nil {
return err
}

if g != nil {
gid, _ := strconv.ParseUint(g.Gid, 10, 32)
var err error
if gid < math.MaxInt {
if err := syscall.Setgroups([]int{int(gid)}); err != nil {
return fmt.Errorf("failed to setgroups %d: %v", gid, err)
if givenGroup != "" {
if grp, err = user.LookupGroup(givenGroup); err != nil {
if grp, err = user.LookupGroupId(givenGroup); err != nil {
return err
}
err = syscall.Setgid(int(gid))
} else {
err = errors.New("gid too big")
}

if err != nil {
return fmt.Errorf("failed to setgid %d: %v", gid, err)
}
} else if u != nil {
gid, _ := strconv.ParseUint(u.Gid, 10, 32)
if err := syscall.Setgroups([]int{int(uint32(gid))}); err != nil {
return fmt.Errorf("failed to setgroups %d: %v", gid, err)
}
err := syscall.Setgid(int(uint32(gid)))
if err != nil {
return fmt.Errorf("failed to setgid %d: %v", gid, err)
}
gid, _ = strconv.Atoi(grp.Gid)
} else {
gid, _ = strconv.Atoi(usr.Gid)
}

if u != nil {
uid, _ := strconv.ParseUint(u.Uid, 10, 32)
var err error
if uid < math.MaxInt {
err = syscall.Setuid(int(uid))
} else {
err = errors.New("uid too big")
}

if err != nil {
return fmt.Errorf("failed to setuid %d: %v", uid, err)
}
if err := unix.Setgroups([]int{gid}); err != nil {
return fmt.Errorf("setgroups: %d: %v", gid, err)
}
if err := unix.Setresgid(gid, gid, gid); err != nil {

Check failure on line 49 in cmd/yggdrasil/chuser_unix.go

View workflow job for this annotation

GitHub Actions / Build & Test (macOS, Go 1.21) 

undefined: unix.Setresgid

Check failure on line 49 in cmd/yggdrasil/chuser_unix.go

View workflow job for this annotation

GitHub Actions / Build & Test (macOS, Go 1.22) 

undefined: unix.Setresgid

Check failure on line 49 in cmd/yggdrasil/chuser_unix.go

View workflow job for this annotation

GitHub Actions / Build & Test (macOS, Go 1.23) 

undefined: unix.Setresgid
return fmt.Errorf("setresgid: %d: %v", gid, err)
}
if err := unix.Setresuid(uid, uid, uid); err != nil {

Check failure on line 52 in cmd/yggdrasil/chuser_unix.go

View workflow job for this annotation

GitHub Actions / Build & Test (macOS, Go 1.21) 

undefined: unix.Setresuid

Check failure on line 52 in cmd/yggdrasil/chuser_unix.go

View workflow job for this annotation

GitHub Actions / Build & Test (macOS, Go 1.22) 

undefined: unix.Setresuid

Check failure on line 52 in cmd/yggdrasil/chuser_unix.go

View workflow job for this annotation

GitHub Actions / Build & Test (macOS, Go 1.23) 

undefined: unix.Setresuid
return fmt.Errorf("setresuid: %d: %v", uid, err)
}

return nil
Expand Down

0 comments on commit 3fede90

Please sign in to comment.