From patchwork Tue Sep  8 23:17:37 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andy Zhou <azhou@nicira.com>
X-Patchwork-Id: 515637
Return-Path: <dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from archives.nicira.com (unknown
	[IPv6:2600:3c00::f03c:91ff:fe6e:bdf7])
	by ozlabs.org (Postfix) with ESMTP id 11CBC140180
	for <incoming@patchwork.ozlabs.org>;
	Wed,  9 Sep 2015 09:17:59 +1000 (AEST)
Received: from archives.nicira.com (localhost [127.0.0.1])
	by archives.nicira.com (Postfix) with ESMTP id 30044106BC;
	Tue,  8 Sep 2015 16:17:50 -0700 (PDT)
X-Original-To: dev@openvswitch.org
Delivered-To: dev@openvswitch.org
Received: from mx1e4.cudamail.com (mx1.cudamail.com [69.90.118.67])
	by archives.nicira.com (Postfix) with ESMTPS id 11357106B4
	for <dev@openvswitch.org>; Tue,  8 Sep 2015 16:17:49 -0700 (PDT)
Received: from bar5.cudamail.com (unknown [192.168.21.12])
	by mx1e4.cudamail.com (Postfix) with ESMTPS id 775541E024B
	for <dev@openvswitch.org>; Tue,  8 Sep 2015 17:17:48 -0600 (MDT)
X-ASG-Debug-ID: 1441754265-09eadd7da4b4360001-byXFYA
Received: from mx1-pf2.cudamail.com ([192.168.24.2]) by bar5.cudamail.com
	with
	ESMTP id Ekj7Rr4YPFxnh1s2 (version=TLSv1 cipher=DHE-RSA-AES256-SHA
	bits=256 verify=NO) for <dev@openvswitch.org>;
	Tue, 08 Sep 2015 17:17:45 -0600 (MDT)
X-Barracuda-Envelope-From: azhou@nicira.com
X-Barracuda-RBL-Trusted-Forwarder: 192.168.24.2
Received: from unknown (HELO mail-pa0-f45.google.com) (209.85.220.45)
	by mx1-pf2.cudamail.com with ESMTPS (RC4-SHA encrypted);
	8 Sep 2015 23:17:45 -0000
Received-SPF: unknown (mx1-pf2.cudamail.com: Multiple SPF records returned)
X-Barracuda-RBL-Trusted-Forwarder: 209.85.220.45
Received: by padhy16 with SMTP id hy16so134743871pad.1
	for <dev@openvswitch.org>; Tue, 08 Sep 2015 16:17:44 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=n/f/ZkXZDhRtXSokZeZidq9nankIn8o+DB6+G8XlvR0=;
	b=kVesI1i6HiTLLli8wVCzxkAG7zeVylohlh+5TNvfnVhvJa2SWrb9adqm9+9R845QUj
	HV+foKhlrdoHh1b/Z7dO1PUZAJlWwmdswn9EhMSzxLsYLhNhPPOXQkuuFHe2BMlCIiEc
	RDnBGddnYLjeJKweUdUPFN0jryoBSsx7+LKnuLPsl2lNc0NcxoS2cxF7LugIJviW78oM
	vpopbiAtC3SfyZgi8zeq9zfQNkqaEH89Aa1tMZI+9ekvBEfJKvIjMaj/ALfeNKl/RUmm
	dLtpltOcrhO03kyuchZh96ilgeqvKQO6ESsxqOEVLpeFEKU2Il54/SoUfSB84TCVmS5x
	XMRg==
X-Gm-Message-State: 
 ALoCoQlsMZhAquBzkSxblbr52Cwppx+hQ0r1rCJExhoF7kqeqKkC43vIqL2NCnNKmUiWvHSW4Koy
X-Received: by 10.66.164.230 with SMTP id yt6mr53230649pab.149.1441754264560;
	Tue, 08 Sep 2015 16:17:44 -0700 (PDT)
Received: from localhost.localdomain ([208.91.2.3])
	by smtp.gmail.com with ESMTPSA id
	bh16sm4676907pdb.67.2015.09.08.16.17.43
	(version=TLSv1/SSLv3 cipher=OTHER);
	Tue, 08 Sep 2015 16:17:43 -0700 (PDT)
X-CudaMail-Envelope-Sender: azhou@nicira.com
X-Barracuda-Apparent-Source-IP: 208.91.2.3
From: Andy Zhou <azhou@nicira.com>
To: dev@openvswitch.org
X-CudaMail-Whitelist-To: dev@openvswitch.org
X-CudaMail-MID: CM-E2-907102629
X-CudaMail-DTE: 090815
X-CudaMail-Originating-IP: 209.85.220.45
Date: Tue,  8 Sep 2015 16:17:37 -0700
X-ASG-Orig-Subj: [##CM-E2-907102629##][v2 2/3] lib: Add --user for daemon
Message-Id: <1441754258-9868-2-git-send-email-azhou@nicira.com>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1441754258-9868-1-git-send-email-azhou@nicira.com>
References: <1441754258-9868-1-git-send-email-azhou@nicira.com>
X-Barracuda-Connect: UNKNOWN[192.168.24.2]
X-Barracuda-Start-Time: 1441754265
X-Barracuda-Encrypted: DHE-RSA-AES256-SHA
X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi
X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?=
X-Virus-Scanned: by bsmtpd at cudamail.com
X-Barracuda-BRTS-Status: 1
Subject: [ovs-dev] [v2 2/3] lib: Add --user for daemon
X-BeenThere: dev@openvswitch.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: <dev.openvswitch.org>
List-Unsubscribe: <http://openvswitch.org/mailman/options/dev>,
	<mailto:dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://openvswitch.org/pipermail/dev>
List-Post: <mailto:dev@openvswitch.org>
List-Help: <mailto:dev-request@openvswitch.org?subject=help>
List-Subscribe: <http://openvswitch.org/mailman/listinfo/dev>,
	<mailto:dev-request@openvswitch.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: dev-bounces@openvswitch.org
Sender: "dev" <dev-bounces@openvswitch.org>

Allow daemon running as root to accept --user option, that accepts
"user:group" string as input. Performs sanity check on the input,
and store the converted uid and gid.

daemon_become_new_user() needs to be called to make the actual
switch.

Signed-off-by: Andy Zhou <azhou@nicira.com>
---
v2 : use sysconf() to get proper buffer size. not hard code it
---
 lib/daemon-unix.c | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 lib/daemon.h      | 27 ++++++++++++++-----
 2 files changed, 97 insertions(+), 7 deletions(-)

diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c
index 4a2e7b4..ee1761a 100644
--- a/lib/daemon-unix.c
+++ b/lib/daemon-unix.c
@@ -20,6 +20,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <grp.h>
+#include <pwd.h>
 #include <signal.h>
 #include <stdlib.h>
 #include <string.h>
@@ -693,6 +694,82 @@ should_service_stop(void)
     return false;
 }
 
+void daemon_set_new_user(const char *user_spec)
+{
+    char *pos = strchr(user_spec, ':');
+    int bufsize;
+
+    uid = getuid();
+    gid = getgid();
+
+    if (gid || uid) {
+        VLOG_FATAL("%s: only root can use --user option", pidfile);
+    }
+
+    if ((bufsize = sysconf(_SC_GETPW_R_SIZE_MAX)) == -1) {
+        VLOG_FATAL("%s: Invalid --user option %s (Unknown system password "
+                   "configuration)", pidfile, user_spec);
+    }
+
+    user_spec += strspn(user_spec, " \t\r\n");
+    int len = pos ? pos - user_spec : strlen(user_spec);
+    struct passwd pwd, *res;
+    char buf[bufsize];
+
+    if (len) {
+        user = xzalloc(len + 1);
+        strncpy(user, user_spec, len);
+
+        if (getpwnam_r(user, &pwd, buf, bufsize, &res)) {
+            VLOG_FATAL("%s: Invalid --user option %s (no such user %s)",
+                       pidfile, user_spec, user);
+        }
+    } else {
+        /* User is not specified, use current user.  */
+        if (getpwuid_r(uid, &pwd, buf, bufsize, &res)) {
+            VLOG_FATAL("%s: Invalid --user option %s (failed to lookup "
+                       "current user with uid %d)", pidfile, user_spec, uid);
+        }
+        user = strdup(pwd.pw_name);
+    }
+
+    uid = pwd.pw_uid;
+    gid = pwd.pw_gid;
+
+    if (pos) {
+        char *grpstr = pos + 1;
+        grpstr += strspn(grpstr, " \t\r\n");
+
+        if (*grpstr) {
+            struct group grp, *res;
+
+            if(getgrnam_r(grpstr, &grp, buf, bufsize, &res)) {
+                VLOG_FATAL("%s: Invalid --user option %s (unknown group %s)",
+                           pidfile, user_spec, grpstr);
+            }
+
+            if(gid != grp.gr_gid) {
+                char **mem;
+
+                for(mem = grp.gr_mem; *mem; ++mem) {
+                    if (!strcmp(*mem, user)) {
+                        break;
+                    }
+                }
+
+                if (!*mem) {
+                    VLOG_FATAL("%s: Invalid --user option %s (user %s is "
+                               "not in group %s)", pidfile, user_spec,
+                               user, grpstr);
+                }
+                gid = grp.gr_gid;
+            }
+        }
+    }
+
+    switch_to_new_user = true;
+}
+
 void
 daemon_become_new_user(void)
 {
diff --git a/lib/daemon.h b/lib/daemon.h
index ccf30f8..b00c698 100644
--- a/lib/daemon.h
+++ b/lib/daemon.h
@@ -42,14 +42,16 @@
     OPT_NO_CHDIR,                               \
     OPT_OVERWRITE_PIDFILE,                      \
     OPT_PIDFILE,                                \
-    OPT_MONITOR
+    OPT_MONITOR,                                \
+    OPT_USER_GROUP
 
-#define DAEMON_LONG_OPTIONS                                             \
-        {"detach",            no_argument, NULL, OPT_DETACH},           \
-        {"no-chdir",          no_argument, NULL, OPT_NO_CHDIR},         \
-        {"pidfile",           optional_argument, NULL, OPT_PIDFILE},    \
+#define DAEMON_LONG_OPTIONS                                              \
+        {"detach",            no_argument, NULL, OPT_DETACH},            \
+        {"no-chdir",          no_argument, NULL, OPT_NO_CHDIR},          \
+        {"pidfile",           optional_argument, NULL, OPT_PIDFILE},     \
         {"overwrite-pidfile", no_argument, NULL, OPT_OVERWRITE_PIDFILE}, \
-        {"monitor",           no_argument, NULL, OPT_MONITOR}
+        {"monitor",           no_argument, NULL, OPT_MONITOR},           \
+        {"user",              required_argument, NULL, OPT_USER_GROUP}
 
 #define DAEMON_OPTION_HANDLERS                  \
         case OPT_DETACH:                        \
@@ -70,6 +72,10 @@
                                                 \
         case OPT_MONITOR:                       \
             daemon_set_monitor();               \
+            break;                              \
+                                                \
+        case OPT_USER_GROUP:                    \
+            daemon_set_new_user(optarg);        \
             break;
 
 void set_detach(void);
@@ -77,6 +83,7 @@ void daemon_set_monitor(void);
 void set_no_chdir(void);
 void ignore_existing_pidfile(void);
 void daemon_become_new_user(void);
+void daemon_set_new_user(const char *);
 pid_t read_pidfile(const char *name);
 #else
 #define DAEMON_OPTION_ENUMS                    \
@@ -85,7 +92,7 @@ pid_t read_pidfile(const char *name);
     OPT_PIDFILE,                               \
     OPT_PIPE_HANDLE,                           \
     OPT_SERVICE,                               \
-    OPT_SERVICE_MONITOR
+    OPT_SERVICE_MONITOR                        \
 
 #define DAEMON_LONG_OPTIONS                                               \
         {"detach",             no_argument, NULL, OPT_DETACH},            \
@@ -120,6 +127,12 @@ void control_handler(DWORD request);
 void set_pipe_handle(const char *pipe_handle);
 
 static inline void
+daemon_set_new_user(const char *)
+{
+    /* Not implemented. */
+}
+
+static inline void
 daemon_become_new_user(void)
 {
     /* Not implemented. */