shithub: riscv

Info  •  Files  •  Log  •  Branches

libauth: add procsetuser() function to change user id of the calling process

Provide a central function to change the user id
of the calling process.

This is mostly used by programs to become the none
user, followed by a call to newns().

--- a/sys/include/ape/auth.h

+++ b/sys/include/ape/auth.h

@@ -102,6 +102,8 @@

 extern	int	login(char*, char*, char*);

+extern	int	procsetuser(char*);

+

 typedef struct Attr Attr;

 enum {

 	AttrNameval,		/* name=val -- when matching, must have name=val */

--- a/sys/include/auth.h

+++ b/sys/include/auth.h

@@ -92,6 +92,8 @@

 extern	int	login(char*, char*, char*);

+extern	int	procsetuser(char*);

+

 typedef struct Attr Attr;

 enum {

 	AttrNameval,		/* name=val -- when matching, must have name=val */

--- a/sys/man/2/auth

+++ b/sys/man/2/auth

@@ -1,6 +1,6 @@

 .TH AUTH 2

 .SH NAME

-amount, newns, addns, login, noworld, auth_proxy, fauth_proxy, auth_allocrpc, auth_freerpc, auth_rpc, auth_getkey, amount_getkey, auth_freeAI, auth_chuid, auth_challenge, auth_response, auth_freechal, auth_respond, auth_respondAI, auth_userpasswd, auth_getuserpasswd, auth_getinfo \- routines for authenticating users

+amount, newns, addns, login, noworld, procsetuser, auth_proxy, fauth_proxy, auth_allocrpc, auth_freerpc, auth_rpc, auth_getkey, amount_getkey, auth_freeAI, auth_chuid, auth_challenge, auth_response, auth_freechal, auth_respond, auth_respondAI, auth_userpasswd, auth_getuserpasswd, auth_getinfo \- routines for authenticating users

 .SH SYNOPSIS

 .nf

 .PP

@@ -27,6 +27,9 @@

 int		noworld(char *user);

 .PP

 .B

+int		procsetuser(char *user);

+.PP

+.B

 AuthInfo*	auth_proxy(int fd, AuthGetkey *getkey, char *fmt, ...);

 .PP

 .B

@@ -130,7 +133,7 @@

 .IR amount .

 .PP

 .I Login

-changes the user id of the process

+changes the user id of the process to

 .I user

 and recreates the namespace using the file

 .I namespace

@@ -150,6 +153,15 @@

 .I Noworld

 is used by telnetd and ftpd to provide sandboxed

 access for some users.

+.PP

+.I Procsetuser

+changes the user id of the process to

+.I user

+but keeps the namespace unchanged.

+Only hostowner can change the user to

+anything other than the

+.B none

+user.

 .PP

 The following routines use the

 .B AuthInfo

--- a/sys/src/ape/lib/auth/mkfile

+++ b/sys/src/ape/lib/auth/mkfile

@@ -18,6 +18,7 @@

 	login.$O\

 	newns.$O\

 	noworld.$O\

+	procsetuser.$O\

 	passtokey.$O\

 HFILES=\

--- a/sys/src/libauth/mkfile

+++ b/sys/src/libauth/mkfile

@@ -17,6 +17,7 @@

 	login.$O\

 	newns.$O\

 	noworld.$O\

+	procsetuser.$O\

 HFILES=\

 	/sys/include/auth.h\

--- /dev/null

+++ b/sys/src/libauth/procsetuser.c

@@ -1,0 +1,20 @@

+#include <u.h>

+#include <libc.h>

+#include <auth.h>

+

+int

+procsetuser(char *user)

+{

+	int fd, n;

+

+	fd = open("#c/user", OWRITE|OCEXEC);

+	if(fd < 0)

+		return -1;

+	n = strlen(user);

+	if(write(fd, user, n) != n){

+		close(fd);

+		return -1;

+	}

+	close(fd);

+	return 0;

+}