mirror of
https://github.com/yggdrasil-network/yggdrasil-go.git
synced 2025-04-27 21:55:07 +03:00
Rewrite chuser() for simplicity and correctness
- Use unambiguous variable names (w/o package name conflict). - Fail on invalid input such as the empty string or `:`. - Do not change group without user, i.e. fail on `:group`. - Parse input using mnemonic APIs. - Do not juggle between integer types. - Unset supplementary groups. - Use setres[ug]id(2) to match the idiom of OpenBSD base programs. Includes/Supersedes #1202. Fixes #927. I only tested on OpenBSD (so far), hence the split, but other systems should just work.
This commit is contained in:
Klemens Nanni
parent
75d2080e53
commit
a0bfd9da44
2 changed files with 59 additions and 2 deletions
57
cmd/yggdrasil/chuser_openbsd.go
Normal file
57
cmd/yggdrasil/chuser_openbsd.go
Normal file
|
|
@ -0,0 +1,57 @@
|
|||
//go:build openbsd
|
||||
// +build openbsd
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os/user"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"golang.org/x/sys/unix"
|
||||
)
|
||||
|
||||
func chuser(input string) error {
|
||||
givenUser, givenGroup, _ := strings.Cut(input, ":")
|
||||
|
||||
var (
|
||||
err error
|
||||
usr *user.User
|
||||
grp *user.Group
|
||||
uid, gid int
|
||||
)
|
||||
|
||||
if usr, err = user.Lookup(givenUser); err != nil {
|
||||
if usr, err = user.LookupId(givenUser); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
if uid, err = strconv.Atoi(usr.Uid); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if givenGroup != "" {
|
||||
if grp, err = user.LookupGroup(givenGroup); err != nil {
|
||||
if grp, err = user.LookupGroupId(givenGroup); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
gid, _ = strconv.Atoi(grp.Gid)
|
||||
} else {
|
||||
gid, _ = strconv.Atoi(usr.Gid)
|
||||
}
|
||||
|
||||
if err := unix.Setgroups([]int{gid}); err != nil {
|
||||
return fmt.Errorf("setgroups: %d: %v", gid, err)
|
||||
}
|
||||
if err := unix.Setresgid(gid, gid, gid); err != nil {
|
||||
return fmt.Errorf("setresgid: %d: %v", gid, err)
|
||||
}
|
||||
if err := unix.Setresuid(uid, uid, uid); err != nil {
|
||||
return fmt.Errorf("setresuid: %d: %v", uid, err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
|
||||
// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
|
||||
//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || solaris
|
||||
// +build aix darwin dragonfly freebsd linux netbsd solaris
|
||||
|
||||
package main
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue