From 7cd0f6b791c75d78ea2544c8548069b9e5c06d54 Mon Sep 17 00:00:00 2001 From: cathugger Date: Mon, 11 Jul 2022 19:35:01 +0300 Subject: [PATCH 1/5] argument to change uid/gid --- cmd/yggdrasil/chuser_other.go | 10 +++++ cmd/yggdrasil/chuser_unix.go | 73 +++++++++++++++++++++++++++++++++++ cmd/yggdrasil/main.go | 9 +++++ 3 files changed, 92 insertions(+) create mode 100644 cmd/yggdrasil/chuser_other.go create mode 100644 cmd/yggdrasil/chuser_unix.go diff --git a/cmd/yggdrasil/chuser_other.go b/cmd/yggdrasil/chuser_other.go new file mode 100644 index 000000000..702f3715c --- /dev/null +++ b/cmd/yggdrasil/chuser_other.go @@ -0,0 +1,10 @@ +//go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !solaris +// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris + +package main + +import "errors" + +func chuser(user string) error { + return errors.New("setting uid/gid is not supported on this platform") +} diff --git a/cmd/yggdrasil/chuser_unix.go b/cmd/yggdrasil/chuser_unix.go new file mode 100644 index 000000000..5612ca3b1 --- /dev/null +++ b/cmd/yggdrasil/chuser_unix.go @@ -0,0 +1,73 @@ +//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris +// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris + +package main + +import ( + "fmt" + osuser "os/user" + "strconv" + "strings" + "syscall" +) + +func chuser(user string) error { + group := "" + if i := strings.IndexByte(user, ':'); i >= 0 { + user, group = user[:i], user[i+1:] + } + + u := (*osuser.User)(nil) + g := (*osuser.Group)(nil) + + if user != "" { + if _, err := strconv.ParseUint(user, 10, 32); err == nil { + u, err = osuser.LookupId(user) + if err != nil { + return fmt.Errorf("failed to lookup user by id %q: %v", user, err) + } + } else { + u, err = osuser.Lookup(user) + if err != nil { + return fmt.Errorf("failed to lookup user by name %q: %v", user, err) + } + } + } + if group != "" { + if _, err := strconv.ParseUint(group, 10, 32); err == nil { + g, err = osuser.LookupGroupId(group) + if err != nil { + return fmt.Errorf("failed to lookup group by id %q: %v", user, err) + } + } else { + g, err = osuser.LookupGroup(group) + if err != nil { + return fmt.Errorf("failed to lookup group by name %q: %v", user, err) + } + } + } + + if g != nil { + gid, _ := strconv.ParseUint(g.Gid, 10, 32) + err := syscall.Setgid(int(gid)) + if err != nil { + return fmt.Errorf("failed to setgid %d: %v", gid, err) + } + } else if u != nil { + gid, _ := strconv.ParseUint(u.Gid, 10, 32) + err := syscall.Setgid(int(gid)) + if err != nil { + return fmt.Errorf("failed to setgid %d: %v", gid, err) + } + } + + if u != nil { + uid, _ := strconv.ParseUint(u.Uid, 10, 32) + err := syscall.Setuid(int(uid)) + if err != nil { + return fmt.Errorf("failed to setuid %d: %v", uid, err) + } + } + + return nil +} diff --git a/cmd/yggdrasil/main.go b/cmd/yggdrasil/main.go index 29afdf5d2..3a00b3fca 100644 --- a/cmd/yggdrasil/main.go +++ b/cmd/yggdrasil/main.go @@ -52,6 +52,7 @@ func main() { getsnet := flag.Bool("subnet", false, "use in combination with either -useconf or -useconffile, outputs your IPv6 subnet") getpkey := flag.Bool("publickey", false, "use in combination with either -useconf or -useconffile, outputs your public key") loglevel := flag.String("loglevel", "info", "loglevel to enable") + chuserto := flag.String("user", "", "user (and, optionally, group) to set UID/GID to") flag.Parse() done := make(chan struct{}) @@ -280,6 +281,14 @@ func main() { <-done }) + // Change user if requested + if *chuserto != "" { + err = chuser(*chuserto) + if err != nil { + panic(err) + } + } + // Block until we are told to shut down. <-ctx.Done() From 72fbe251b678860f609e4732bf550bb4bb87493b Mon Sep 17 00:00:00 2001 From: cathugger Date: Fri, 8 Dec 2023 18:26:32 +0000 Subject: [PATCH 2/5] attempt to make CodeQL warnings go away --- cmd/yggdrasil/chuser_unix.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/yggdrasil/chuser_unix.go b/cmd/yggdrasil/chuser_unix.go index 5612ca3b1..a6d0b618c 100644 --- a/cmd/yggdrasil/chuser_unix.go +++ b/cmd/yggdrasil/chuser_unix.go @@ -49,13 +49,13 @@ func chuser(user string) error { if g != nil { gid, _ := strconv.ParseUint(g.Gid, 10, 32) - err := syscall.Setgid(int(gid)) + err := syscall.Setgid(int(uint32(gid))) if err != nil { return fmt.Errorf("failed to setgid %d: %v", gid, err) } } else if u != nil { gid, _ := strconv.ParseUint(u.Gid, 10, 32) - err := syscall.Setgid(int(gid)) + err := syscall.Setgid(int(uint32(gid))) if err != nil { return fmt.Errorf("failed to setgid %d: %v", gid, err) } @@ -63,7 +63,7 @@ func chuser(user string) error { if u != nil { uid, _ := strconv.ParseUint(u.Uid, 10, 32) - err := syscall.Setuid(int(uid)) + err := syscall.Setuid(int(uint32(uid))) if err != nil { return fmt.Errorf("failed to setuid %d: %v", uid, err) } From 87fa0a8936d554d3f885ee6f7f6d6647c8c75f65 Mon Sep 17 00:00:00 2001 From: Neil Date: Sat, 3 Aug 2024 20:56:22 +0100 Subject: [PATCH 3/5] Update cmd/yggdrasil/chuser_unix.go Co-authored-by: VNAT --- cmd/yggdrasil/chuser_unix.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/cmd/yggdrasil/chuser_unix.go b/cmd/yggdrasil/chuser_unix.go index a6d0b618c..6994687dd 100644 --- a/cmd/yggdrasil/chuser_unix.go +++ b/cmd/yggdrasil/chuser_unix.go @@ -49,7 +49,13 @@ func chuser(user string) error { if g != nil { gid, _ := strconv.ParseUint(g.Gid, 10, 32) - err := syscall.Setgid(int(uint32(gid))) + var err error + if gid < math.MaxInt { + err = syscall.Setgid(int(gid)) + } else { + err = errors.New("gid too big") + } + if err != nil { return fmt.Errorf("failed to setgid %d: %v", gid, err) } From cb29747e4387ac29f8670db02aca42bb3987bf06 Mon Sep 17 00:00:00 2001 From: Neil Date: Sat, 3 Aug 2024 20:56:30 +0100 Subject: [PATCH 4/5] Update cmd/yggdrasil/chuser_unix.go Co-authored-by: VNAT --- cmd/yggdrasil/chuser_unix.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/cmd/yggdrasil/chuser_unix.go b/cmd/yggdrasil/chuser_unix.go index 6994687dd..7684655b8 100644 --- a/cmd/yggdrasil/chuser_unix.go +++ b/cmd/yggdrasil/chuser_unix.go @@ -69,7 +69,13 @@ func chuser(user string) error { if u != nil { uid, _ := strconv.ParseUint(u.Uid, 10, 32) - err := syscall.Setuid(int(uint32(uid))) + var err error + if uid < math.MaxInt { + err = syscall.Setuid(int(uid)) + } else { + err = errors.New("uid too big") + } + if err != nil { return fmt.Errorf("failed to setuid %d: %v", uid, err) } From a2f35a3f7fbf6e31804466e3fa770d496bfeba33 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Sat, 3 Aug 2024 20:58:41 +0100 Subject: [PATCH 5/5] Fix imports --- cmd/yggdrasil/chuser_unix.go | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/cmd/yggdrasil/chuser_unix.go b/cmd/yggdrasil/chuser_unix.go index 7684655b8..6e802c69a 100644 --- a/cmd/yggdrasil/chuser_unix.go +++ b/cmd/yggdrasil/chuser_unix.go @@ -4,7 +4,9 @@ package main import ( + "errors" "fmt" + "math" osuser "os/user" "strconv" "strings" @@ -51,11 +53,11 @@ func chuser(user string) error { gid, _ := strconv.ParseUint(g.Gid, 10, 32) var err error if gid < math.MaxInt { - err = syscall.Setgid(int(gid)) + err = syscall.Setgid(int(gid)) } else { - err = errors.New("gid too big") + err = errors.New("gid too big") } - + if err != nil { return fmt.Errorf("failed to setgid %d: %v", gid, err) } @@ -71,11 +73,11 @@ func chuser(user string) error { uid, _ := strconv.ParseUint(u.Uid, 10, 32) var err error if uid < math.MaxInt { - err = syscall.Setuid(int(uid)) + err = syscall.Setuid(int(uid)) } else { - err = errors.New("uid too big") + err = errors.New("uid too big") } - + if err != nil { return fmt.Errorf("failed to setuid %d: %v", uid, err) }