diff options
| author | Laurent Bercot <ska-skaware@skarnet.org> | 2015-01-06 23:38:19 +0000 |
|---|---|---|
| committer | Laurent Bercot <ska-skaware@skarnet.org> | 2015-01-06 23:38:19 +0000 |
| commit | f7033d3fee696a0d1a775686d1b229eae1b5a137 (patch) | |
| tree | fc9c05f797271fb72765282ab169845a84a58679 /src/daemontools-extras | |
| parent | 861bed98658c79a55bcfea8e7f9e706c4d610c8a (diff) | |
| download | s6-f7033d3fee696a0d1a775686d1b229eae1b5a137.tar.gz s6-f7033d3fee696a0d1a775686d1b229eae1b5a137.tar.xz s6-f7033d3fee696a0d1a775686d1b229eae1b5a137.zip | |
Add s6-applyuidgid
Diffstat (limited to 'src/daemontools-extras')
| -rw-r--r-- | src/daemontools-extras/deps-exe/s6-applyuidgid | 1 | ||||
| -rw-r--r-- | src/daemontools-extras/s6-applyuidgid.c | 68 |
2 files changed, 69 insertions, 0 deletions
diff --git a/src/daemontools-extras/deps-exe/s6-applyuidgid b/src/daemontools-extras/deps-exe/s6-applyuidgid new file mode 100644 index 0000000..e7187fe --- /dev/null +++ b/src/daemontools-extras/deps-exe/s6-applyuidgid @@ -0,0 +1 @@ +-lskarnet diff --git a/src/daemontools-extras/s6-applyuidgid.c b/src/daemontools-extras/s6-applyuidgid.c new file mode 100644 index 0000000..77beef2 --- /dev/null +++ b/src/daemontools-extras/s6-applyuidgid.c @@ -0,0 +1,68 @@ +/* ISC license. */ + +#include <skalibs/nonposix.h> +#include <sys/types.h> +#include <unistd.h> +#include <grp.h> +#include <limits.h> +#include <skalibs/uint.h> +#include <skalibs/gidstuff.h> +#include <skalibs/strerr2.h> +#include <skalibs/sgetopt.h> +#include <skalibs/env.h> +#include <skalibs/djbunix.h> + +#define USAGE "s6-applyuidgid [ -z ] [ -u uid ] [ -g gid ] [ -G gidlist ] [ -U ] prog..." +#define dieusage() strerr_dieusage(100, USAGE) + +int main (int argc, char const *const *argv, char const *const *envp) +{ + unsigned int uid = 0, gid = 0 ; + gid_t gids[NGROUPS_MAX] ; + unsigned int gidn = (unsigned int)-1 ; + int unexport = 0 ; + PROG = "s6-applyuidgid" ; + { + subgetopt_t l = SUBGETOPT_ZERO ; + for (;;) + { + register int opt = subgetopt_r(argc, argv, "zUu:g:G:", &l) ; + if (opt == -1) break ; + switch (opt) + { + case 'z' : unexport = 1 ; break ; + case 'u' : if (!uint0_scan(l.arg, &uid)) dieusage() ; break ; + case 'g' : if (!uint0_scan(l.arg, &gid)) dieusage() ; break ; + case 'G' : if (!gid_scanlist(gids, NGROUPS_MAX, l.arg, &gidn)) dieusage() ; break ; + case 'U' : + { + char const *x = env_get2(envp, "UID") ; + if (!x) strerr_dienotset(100, "UID") ; + if (!uint0_scan(x, &uid)) strerr_dieinvalid(100, "UID") ; + x = env_get2(envp, "GID") ; + if (!x) strerr_dienotset(100, "GID") ; + if (!uint0_scan(x, &gid)) strerr_dieinvalid(100, "GID") ; + x = env_get2(envp, "GIDLIST") ; + if (!x) strerr_dienotset(100, "GIDLIST") ; + if (!gid_scanlist(gids, NGROUPS_MAX, x, &gidn) && *x) + strerr_dieinvalid(100, "GIDLIST") ; + break ; + } + default : dieusage() ; + } + } + argc -= l.ind ; argv += l.ind ; + } + if (!argc) dieusage() ; + + if (gidn != (unsigned int)-1 && setgroups(gidn, gids) < 0) + strerr_diefu1sys(111, "set supplementary group list") ; + if (gid && setgid(gid) < 0) + strerr_diefu1sys(111, "setgid") ; + if (uid && setuid(uid) < 0) + strerr_diefu1sys(111, "setuid") ; + + if (unexport) pathexec_r(argv, envp, env_len(envp), "UID\0GID\0GIDLIST", 16) ; + else pathexec_run(argv[0], argv, envp) ; + strerr_dieexec(111, argv[0]) ; +} |