libauth: add procsetuser() function to change user id of the calling process
Provide a central function to change the user id of the calling process. This is mostly used by programs to become the none user, followed by a call to newns().
This commit is contained in:
parent
daccd2b226
commit
fc5070c600
6 changed files with 40 additions and 2 deletions
|
@ -102,6 +102,8 @@ extern int amount(int, char*, int, char*);
|
||||||
|
|
||||||
extern int login(char*, char*, char*);
|
extern int login(char*, char*, char*);
|
||||||
|
|
||||||
|
extern int procsetuser(char*);
|
||||||
|
|
||||||
typedef struct Attr Attr;
|
typedef struct Attr Attr;
|
||||||
enum {
|
enum {
|
||||||
AttrNameval, /* name=val -- when matching, must have name=val */
|
AttrNameval, /* name=val -- when matching, must have name=val */
|
||||||
|
|
|
@ -92,6 +92,8 @@ extern int amount(int, char*, int, char*);
|
||||||
|
|
||||||
extern int login(char*, char*, char*);
|
extern int login(char*, char*, char*);
|
||||||
|
|
||||||
|
extern int procsetuser(char*);
|
||||||
|
|
||||||
typedef struct Attr Attr;
|
typedef struct Attr Attr;
|
||||||
enum {
|
enum {
|
||||||
AttrNameval, /* name=val -- when matching, must have name=val */
|
AttrNameval, /* name=val -- when matching, must have name=val */
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
.TH AUTH 2
|
.TH AUTH 2
|
||||||
.SH NAME
|
.SH NAME
|
||||||
amount, newns, addns, login, noworld, auth_proxy, fauth_proxy, auth_allocrpc, auth_freerpc, auth_rpc, auth_getkey, amount_getkey, auth_freeAI, auth_chuid, auth_challenge, auth_response, auth_freechal, auth_respond, auth_respondAI, auth_userpasswd, auth_getuserpasswd, auth_getinfo \- routines for authenticating users
|
amount, newns, addns, login, noworld, procsetuser, auth_proxy, fauth_proxy, auth_allocrpc, auth_freerpc, auth_rpc, auth_getkey, amount_getkey, auth_freeAI, auth_chuid, auth_challenge, auth_response, auth_freechal, auth_respond, auth_respondAI, auth_userpasswd, auth_getuserpasswd, auth_getinfo \- routines for authenticating users
|
||||||
.SH SYNOPSIS
|
.SH SYNOPSIS
|
||||||
.nf
|
.nf
|
||||||
.PP
|
.PP
|
||||||
|
@ -27,6 +27,9 @@ int login(char *user, char *password, char *namespace);
|
||||||
int noworld(char *user);
|
int noworld(char *user);
|
||||||
.PP
|
.PP
|
||||||
.B
|
.B
|
||||||
|
int procsetuser(char *user);
|
||||||
|
.PP
|
||||||
|
.B
|
||||||
AuthInfo* auth_proxy(int fd, AuthGetkey *getkey, char *fmt, ...);
|
AuthInfo* auth_proxy(int fd, AuthGetkey *getkey, char *fmt, ...);
|
||||||
.PP
|
.PP
|
||||||
.B
|
.B
|
||||||
|
@ -130,7 +133,7 @@ and
|
||||||
.IR amount .
|
.IR amount .
|
||||||
.PP
|
.PP
|
||||||
.I Login
|
.I Login
|
||||||
changes the user id of the process
|
changes the user id of the process to
|
||||||
.I user
|
.I user
|
||||||
and recreates the namespace using the file
|
and recreates the namespace using the file
|
||||||
.I namespace
|
.I namespace
|
||||||
|
@ -151,6 +154,15 @@ Otherwise, it returns 0.
|
||||||
is used by telnetd and ftpd to provide sandboxed
|
is used by telnetd and ftpd to provide sandboxed
|
||||||
access for some users.
|
access for some users.
|
||||||
.PP
|
.PP
|
||||||
|
.I Procsetuser
|
||||||
|
changes the user id of the process to
|
||||||
|
.I user
|
||||||
|
but keeps the namespace unchanged.
|
||||||
|
Only hostowner can change the user to
|
||||||
|
anything other than the
|
||||||
|
.B none
|
||||||
|
user.
|
||||||
|
.PP
|
||||||
The following routines use the
|
The following routines use the
|
||||||
.B AuthInfo
|
.B AuthInfo
|
||||||
structure returned after a successful authentication by
|
structure returned after a successful authentication by
|
||||||
|
|
|
@ -18,6 +18,7 @@ OFILES=\
|
||||||
login.$O\
|
login.$O\
|
||||||
newns.$O\
|
newns.$O\
|
||||||
noworld.$O\
|
noworld.$O\
|
||||||
|
procsetuser.$O\
|
||||||
passtokey.$O\
|
passtokey.$O\
|
||||||
|
|
||||||
HFILES=\
|
HFILES=\
|
||||||
|
|
|
@ -17,6 +17,7 @@ OFILES=\
|
||||||
login.$O\
|
login.$O\
|
||||||
newns.$O\
|
newns.$O\
|
||||||
noworld.$O\
|
noworld.$O\
|
||||||
|
procsetuser.$O\
|
||||||
|
|
||||||
HFILES=\
|
HFILES=\
|
||||||
/sys/include/auth.h\
|
/sys/include/auth.h\
|
||||||
|
|
20
sys/src/libauth/procsetuser.c
Normal file
20
sys/src/libauth/procsetuser.c
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
#include <u.h>
|
||||||
|
#include <libc.h>
|
||||||
|
#include <auth.h>
|
||||||
|
|
||||||
|
int
|
||||||
|
procsetuser(char *user)
|
||||||
|
{
|
||||||
|
int fd, n;
|
||||||
|
|
||||||
|
fd = open("#c/user", OWRITE|OCEXEC);
|
||||||
|
if(fd < 0)
|
||||||
|
return -1;
|
||||||
|
n = strlen(user);
|
||||||
|
if(write(fd, user, n) != n){
|
||||||
|
close(fd);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
close(fd);
|
||||||
|
return 0;
|
||||||
|
}
|
Loading…
Reference in a new issue