libauth: add procsetuser() function to change user id of the calling process

Provide a central function to change the user id
of the calling process.

This is mostly used by programs to become the none
user, followed by a call to newns().
This commit is contained in:
cinap_lenrek 2020-12-19 17:46:55 +01:00
parent daccd2b226
commit fc5070c600
6 changed files with 40 additions and 2 deletions

View file

@ -102,6 +102,8 @@ extern int amount(int, char*, int, char*);
extern int login(char*, char*, char*); extern int login(char*, char*, char*);
extern int procsetuser(char*);
typedef struct Attr Attr; typedef struct Attr Attr;
enum { enum {
AttrNameval, /* name=val -- when matching, must have name=val */ AttrNameval, /* name=val -- when matching, must have name=val */

View file

@ -92,6 +92,8 @@ extern int amount(int, char*, int, char*);
extern int login(char*, char*, char*); extern int login(char*, char*, char*);
extern int procsetuser(char*);
typedef struct Attr Attr; typedef struct Attr Attr;
enum { enum {
AttrNameval, /* name=val -- when matching, must have name=val */ AttrNameval, /* name=val -- when matching, must have name=val */

View file

@ -1,6 +1,6 @@
.TH AUTH 2 .TH AUTH 2
.SH NAME .SH NAME
amount, newns, addns, login, noworld, auth_proxy, fauth_proxy, auth_allocrpc, auth_freerpc, auth_rpc, auth_getkey, amount_getkey, auth_freeAI, auth_chuid, auth_challenge, auth_response, auth_freechal, auth_respond, auth_respondAI, auth_userpasswd, auth_getuserpasswd, auth_getinfo \- routines for authenticating users amount, newns, addns, login, noworld, procsetuser, auth_proxy, fauth_proxy, auth_allocrpc, auth_freerpc, auth_rpc, auth_getkey, amount_getkey, auth_freeAI, auth_chuid, auth_challenge, auth_response, auth_freechal, auth_respond, auth_respondAI, auth_userpasswd, auth_getuserpasswd, auth_getinfo \- routines for authenticating users
.SH SYNOPSIS .SH SYNOPSIS
.nf .nf
.PP .PP
@ -27,6 +27,9 @@ int login(char *user, char *password, char *namespace);
int noworld(char *user); int noworld(char *user);
.PP .PP
.B .B
int procsetuser(char *user);
.PP
.B
AuthInfo* auth_proxy(int fd, AuthGetkey *getkey, char *fmt, ...); AuthInfo* auth_proxy(int fd, AuthGetkey *getkey, char *fmt, ...);
.PP .PP
.B .B
@ -130,7 +133,7 @@ and
.IR amount . .IR amount .
.PP .PP
.I Login .I Login
changes the user id of the process changes the user id of the process to
.I user .I user
and recreates the namespace using the file and recreates the namespace using the file
.I namespace .I namespace
@ -151,6 +154,15 @@ Otherwise, it returns 0.
is used by telnetd and ftpd to provide sandboxed is used by telnetd and ftpd to provide sandboxed
access for some users. access for some users.
.PP .PP
.I Procsetuser
changes the user id of the process to
.I user
but keeps the namespace unchanged.
Only hostowner can change the user to
anything other than the
.B none
user.
.PP
The following routines use the The following routines use the
.B AuthInfo .B AuthInfo
structure returned after a successful authentication by structure returned after a successful authentication by

View file

@ -18,6 +18,7 @@ OFILES=\
login.$O\ login.$O\
newns.$O\ newns.$O\
noworld.$O\ noworld.$O\
procsetuser.$O\
passtokey.$O\ passtokey.$O\
HFILES=\ HFILES=\

View file

@ -17,6 +17,7 @@ OFILES=\
login.$O\ login.$O\
newns.$O\ newns.$O\
noworld.$O\ noworld.$O\
procsetuser.$O\
HFILES=\ HFILES=\
/sys/include/auth.h\ /sys/include/auth.h\

View file

@ -0,0 +1,20 @@
#include <u.h>
#include <libc.h>
#include <auth.h>
int
procsetuser(char *user)
{
int fd, n;
fd = open("#c/user", OWRITE|OCEXEC);
if(fd < 0)
return -1;
n = strlen(user);
if(write(fd, user, n) != n){
close(fd);
return -1;
}
close(fd);
return 0;
}