[thirdparty/systemd.git] / src / nspawn / nspawn-setuid.c

/* SPDX-License-Identifier: LGPL-2.1+ */

#include <fcntl.h>
#include <grp.h>
#include <sys/types.h>
#include <unistd.h>

#include "alloc-util.h"
#include "def.h"
#include "errno.h"
#include "fd-util.h"
#include "fileio.h"
#include "mkdir.h"
#include "nspawn-setuid.h"
#include "process-util.h"
#include "rlimit-util.h"
#include "signal-util.h"
#include "string-util.h"
#include "strv.h"
#include "user-util.h"
#include "util.h"

static int spawn_getent(const char *database, const char *key, pid_t *rpid) {
        int pipe_fds[2], r;
        pid_t pid;

        assert(database);
        assert(key);
        assert(rpid);

        if (pipe2(pipe_fds, O_CLOEXEC) < 0)
                return log_error_errno(errno, "Failed to allocate pipe: %m");

        r = safe_fork("(getent)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid);
        if (r < 0) {
                safe_close_pair(pipe_fds);
                return r;
        }
        if (r == 0) {
                char *empty_env = NULL;

                safe_close(pipe_fds[0]);

                if (rearrange_stdio(-1, pipe_fds[1], -1) < 0)
                        _exit(EXIT_FAILURE);

                (void) close_all_fds(NULL, 0);

                (void) rlimit_nofile_safe();

                execle("/usr/bin/getent", "getent", database, key, NULL, &empty_env);
                execle("/bin/getent", "getent", database, key, NULL, &empty_env);
                _exit(EXIT_FAILURE);
        }

        pipe_fds[1] = safe_close(pipe_fds[1]);

        *rpid = pid;

        return pipe_fds[0];
}

int change_uid_gid_raw(
                uid_t uid,
                gid_t gid,
                const gid_t *supplementary_gids,
                size_t n_supplementary_gids) {

        if (!uid_is_valid(uid))
                uid = 0;
        if (!gid_is_valid(gid))
                gid = 0;

        (void) fchown(STDIN_FILENO, uid, gid);
        (void) fchown(STDOUT_FILENO, uid, gid);
        (void) fchown(STDERR_FILENO, uid, gid);

        if (setgroups(n_supplementary_gids, supplementary_gids) < 0)
                return log_error_errno(errno, "Failed to set auxiliary groups: %m");

        if (setresgid(gid, gid, gid) < 0)
                return log_error_errno(errno, "setresgid() failed: %m");

        if (setresuid(uid, uid, uid) < 0)
                return log_error_errno(errno, "setresuid() failed: %m");

        return 0;
}

int change_uid_gid(const char *user, char **_home) {
        char *x, *u, *g, *h;
        const char *word, *state;
        _cleanup_free_ gid_t *gids = NULL;
        _cleanup_free_ char *home = NULL, *line = NULL;
        _cleanup_fclose_ FILE *f = NULL;
        _cleanup_close_ int fd = -1;
        unsigned n_gids = 0;
        size_t sz = 0, l;
        uid_t uid;
        gid_t gid;
        pid_t pid;
        int r;

        assert(_home);

        if (!user || STR_IN_SET(user, "root", "0")) {
                /* Reset everything fully to 0, just in case */

                r = reset_uid_gid();
                if (r < 0)
                        return log_error_errno(r, "Failed to become root: %m");

                *_home = NULL;
                return 0;
        }

        /* First, get user credentials */
        fd = spawn_getent("passwd", user, &pid);
        if (fd < 0)
                return fd;

        f = fdopen(fd, "r");
        if (!f)
                return log_oom();
        fd = -1;

        r = read_line(f, LONG_LINE_MAX, &line);
        if (r == 0)
                return log_error_errno(SYNTHETIC_ERRNO(ESRCH),
                                       "Failed to resolve user %s.", user);
        if (r < 0)
                return log_error_errno(r, "Failed to read from getent: %m");

        (void) wait_for_terminate_and_check("getent passwd", pid, WAIT_LOG);

        x = strchr(line, ':');
        if (!x)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "/etc/passwd entry has invalid user field.");

        u = strchr(x+1, ':');
        if (!u)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "/etc/passwd entry has invalid password field.");

        u++;
        g = strchr(u, ':');
        if (!g)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "/etc/passwd entry has invalid UID field.");

        *g = 0;
        g++;
        x = strchr(g, ':');
        if (!x)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "/etc/passwd entry has invalid GID field.");

        *x = 0;
        h = strchr(x+1, ':');
        if (!h)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "/etc/passwd entry has invalid GECOS field.");

        h++;
        x = strchr(h, ':');
        if (!x)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "/etc/passwd entry has invalid home directory field.");

        *x = 0;

        r = parse_uid(u, &uid);
        if (r < 0)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "Failed to parse UID of user.");

        r = parse_gid(g, &gid);
        if (r < 0)
                return log_error_errno(SYNTHETIC_ERRNO(EIO),
                                       "Failed to parse GID of user.");

        home = strdup(h);
        if (!home)
                return log_oom();

        f = safe_fclose(f);
        line = mfree(line);

        /* Second, get group memberships */
        fd = spawn_getent("initgroups", user, &pid);
        if (fd < 0)
                return fd;

        f = fdopen(fd, "r");
        if (!f)
                return log_oom();
        fd = -1;

        r = read_line(f, LONG_LINE_MAX, &line);
        if (r == 0)
                return log_error_errno(SYNTHETIC_ERRNO(ESRCH),
                                       "Failed to resolve user %s.", user);
        if (r < 0)
                return log_error_errno(r, "Failed to read from getent: %m");

        (void) wait_for_terminate_and_check("getent initgroups", pid, WAIT_LOG);

        /* Skip over the username and subsequent separator whitespace */
        x = line;
        x += strcspn(x, WHITESPACE);
        x += strspn(x, WHITESPACE);

        FOREACH_WORD(word, l, x, state) {
                char c[l+1];

                memcpy(c, word, l);
                c[l] = 0;

                if (!GREEDY_REALLOC(gids, sz, n_gids+1))
                        return log_oom();

                r = parse_gid(c, &gids[n_gids++]);
                if (r < 0)
                        return log_error_errno(r, "Failed to parse group data from getent: %m");
        }

        r = mkdir_parents(home, 0775);
        if (r < 0)
                return log_error_errno(r, "Failed to make home root directory: %m");

        r = mkdir_safe(home, 0755, uid, gid, 0);
        if (r < 0 && !IN_SET(r, -EEXIST, -ENOTDIR))
                return log_error_errno(r, "Failed to make home directory: %m");

        r = change_uid_gid_raw(uid, gid, gids, n_gids);
        if (r < 0)
                return r;

        if (_home)
                *_home = TAKE_PTR(home);

        return 0;
}
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
ee645080	2
ca78ad1d	3	#include <fcntl.h>
07630cea	4	#include <grp.h>
ee645080 LP	5	#include <sys/types.h>
ee645080 LP	6	#include <unistd.h>
ee645080	7
b5efdb8a	8	#include "alloc-util.h"
c5b82d86	9	#include "def.h"
dccca82b	10	#include "errno.h"
3ffd4af2	11	#include "fd-util.h"
c5b82d86	12	#include "fileio.h"
ee645080	13	#include "mkdir.h"
3ffd4af2	14	#include "nspawn-setuid.h"
ee645080	15	#include "process-util.h"
595225af	16	#include "rlimit-util.h"
07630cea LP	17	#include "signal-util.h"
07630cea LP	18	#include "string-util.h"
5018c0c9	19	#include "strv.h"
b1d4f8e1	20	#include "user-util.h"
07630cea	21	#include "util.h"
ee645080 LP	22
ee645080 LP	23	static int spawn_getent(const char database, const char key, pid_t *rpid) {
4c253ed1	24	int pipe_fds[2], r;
ee645080 LP	25	pid_t pid;
	26
	27	assert(database);
	28	assert(key);
	29	assert(rpid);
	30
	31	if (pipe2(pipe_fds, O_CLOEXEC) < 0)
	32	return log_error_errno(errno, "Failed to allocate pipe: %m");
	33
b6e1fff1	34	r = safe_fork("(getent)", FORK_RESET_SIGNALS\|FORK_DEATHSIG\|FORK_LOG, &pid);
05a8b330 LP	35	if (r < 0) {
05a8b330 LP	36	safe_close_pair(pipe_fds);
b6e1fff1	37	return r;
05a8b330	38	}
4c253ed1	39	if (r == 0) {
ee645080 LP	40	char *empty_env = NULL;
ee645080 LP	41
2b33ab09	42	safe_close(pipe_fds[0]);
ee645080	43
2b33ab09	44	if (rearrange_stdio(-1, pipe_fds[1], -1) < 0)
ee645080 LP	45	_exit(EXIT_FAILURE);
ee645080 LP	46
7acf581a	47	(void) close_all_fds(NULL, 0);
ee645080	48
595225af LP	49	(void) rlimit_nofile_safe();
595225af LP	50
ee645080 LP	51	execle("/usr/bin/getent", "getent", database, key, NULL, &empty_env);
	52	execle("/bin/getent", "getent", database, key, NULL, &empty_env);
	53	_exit(EXIT_FAILURE);
	54	}
	55
	56	pipe_fds[1] = safe_close(pipe_fds[1]);
	57
	58	*rpid = pid;
	59
	60	return pipe_fds[0];
	61	}
	62
61b44433 LP	63	int change_uid_gid_raw(
	64	uid_t uid,
	65	gid_t gid,
	66	const gid_t *supplementary_gids,
	67	size_t n_supplementary_gids) {
	68
	69	if (!uid_is_valid(uid))
	70	uid = 0;
	71	if (!gid_is_valid(gid))
	72	gid = 0;
	73
	74	(void) fchown(STDIN_FILENO, uid, gid);
	75	(void) fchown(STDOUT_FILENO, uid, gid);
	76	(void) fchown(STDERR_FILENO, uid, gid);
	77
	78	if (setgroups(n_supplementary_gids, supplementary_gids) < 0)
	79	return log_error_errno(errno, "Failed to set auxiliary groups: %m");
	80
	81	if (setresgid(gid, gid, gid) < 0)
	82	return log_error_errno(errno, "setresgid() failed: %m");
	83
	84	if (setresuid(uid, uid, uid) < 0)
	85	return log_error_errno(errno, "setresuid() failed: %m");
	86
	87	return 0;
	88	}
	89
ee645080	90	int change_uid_gid(const char user, char *_home) {
c5b82d86	91	char x, u, g, h;
ee645080	92	const char word, state;
61b44433	93	_cleanup_free_ gid_t *gids = NULL;
c5b82d86	94	_cleanup_free_ char home = NULL, line = NULL;
ee645080 LP	95	_cleanup_fclose_ FILE *f = NULL;
ee645080 LP	96	_cleanup_close_ int fd = -1;
61b44433	97	unsigned n_gids = 0;
ee645080 LP	98	size_t sz = 0, l;
	99	uid_t uid;
	100	gid_t gid;
	101	pid_t pid;
	102	int r;
	103
	104	assert(_home);
	105
5018c0c9	106	if (!user \|\| STR_IN_SET(user, "root", "0")) {
ee645080 LP	107	/* Reset everything fully to 0, just in case */
	108
	109	r = reset_uid_gid();
	110	if (r < 0)
	111	return log_error_errno(r, "Failed to become root: %m");
	112
	113	*_home = NULL;
	114	return 0;
	115	}
	116
	117	/* First, get user credentials */
	118	fd = spawn_getent("passwd", user, &pid);
	119	if (fd < 0)
	120	return fd;
	121
e92aaed3	122	f = fdopen(fd, "r");
ee645080 LP	123	if (!f)
	124	return log_oom();
	125	fd = -1;
	126
c5b82d86	127	r = read_line(f, LONG_LINE_MAX, &line);
baaa35ad ZJS	128	if (r == 0)
	129	return log_error_errno(SYNTHETIC_ERRNO(ESRCH),
	130	"Failed to resolve user %s.", user);
c5b82d86 LP	131	if (r < 0)
c5b82d86 LP	132	return log_error_errno(r, "Failed to read from getent: %m");
ee645080	133
7d4904fe	134	(void) wait_for_terminate_and_check("getent passwd", pid, WAIT_LOG);
ee645080 LP	135
ee645080 LP	136	x = strchr(line, ':');
baaa35ad ZJS	137	if (!x)
	138	return log_error_errno(SYNTHETIC_ERRNO(EIO),
	139	"/etc/passwd entry has invalid user field.");
ee645080 LP	140
ee645080 LP	141	u = strchr(x+1, ':');
baaa35ad ZJS	142	if (!u)
	143	return log_error_errno(SYNTHETIC_ERRNO(EIO),
	144	"/etc/passwd entry has invalid password field.");
ee645080 LP	145
	146	u++;
	147	g = strchr(u, ':');
baaa35ad ZJS	148	if (!g)
	149	return log_error_errno(SYNTHETIC_ERRNO(EIO),
	150	"/etc/passwd entry has invalid UID field.");
ee645080 LP	151
	152	*g = 0;
	153	g++;
	154	x = strchr(g, ':');
baaa35ad ZJS	155	if (!x)
	156	return log_error_errno(SYNTHETIC_ERRNO(EIO),
	157	"/etc/passwd entry has invalid GID field.");
ee645080 LP	158
	159	*x = 0;
	160	h = strchr(x+1, ':');
baaa35ad ZJS	161	if (!h)
	162	return log_error_errno(SYNTHETIC_ERRNO(EIO),
	163	"/etc/passwd entry has invalid GECOS field.");
ee645080 LP	164
	165	h++;
	166	x = strchr(h, ':');
baaa35ad ZJS	167	if (!x)
	168	return log_error_errno(SYNTHETIC_ERRNO(EIO),
	169	"/etc/passwd entry has invalid home directory field.");
ee645080 LP	170
	171	*x = 0;
	172
	173	r = parse_uid(u, &uid);
baaa35ad ZJS	174	if (r < 0)
	175	return log_error_errno(SYNTHETIC_ERRNO(EIO),
	176	"Failed to parse UID of user.");
ee645080 LP	177
ee645080 LP	178	r = parse_gid(g, &gid);
baaa35ad ZJS	179	if (r < 0)
	180	return log_error_errno(SYNTHETIC_ERRNO(EIO),
	181	"Failed to parse GID of user.");
ee645080 LP	182
	183	home = strdup(h);
	184	if (!home)
	185	return log_oom();
	186
c5b82d86 LP	187	f = safe_fclose(f);
	188	line = mfree(line);
	189
ee645080 LP	190	/* Second, get group memberships */
	191	fd = spawn_getent("initgroups", user, &pid);
	192	if (fd < 0)
	193	return fd;
	194
e92aaed3	195	f = fdopen(fd, "r");
ee645080 LP	196	if (!f)
	197	return log_oom();
	198	fd = -1;
	199
c5b82d86	200	r = read_line(f, LONG_LINE_MAX, &line);
baaa35ad ZJS	201	if (r == 0)
	202	return log_error_errno(SYNTHETIC_ERRNO(ESRCH),
	203	"Failed to resolve user %s.", user);
c5b82d86 LP	204	if (r < 0)
c5b82d86 LP	205	return log_error_errno(r, "Failed to read from getent: %m");
ee645080	206
7d4904fe	207	(void) wait_for_terminate_and_check("getent initgroups", pid, WAIT_LOG);
ee645080 LP	208
	209	/* Skip over the username and subsequent separator whitespace */
	210	x = line;
	211	x += strcspn(x, WHITESPACE);
	212	x += strspn(x, WHITESPACE);
	213
	214	FOREACH_WORD(word, l, x, state) {
	215	char c[l+1];
	216
	217	memcpy(c, word, l);
	218	c[l] = 0;
	219
61b44433	220	if (!GREEDY_REALLOC(gids, sz, n_gids+1))
ee645080 LP	221	return log_oom();
ee645080 LP	222
61b44433	223	r = parse_gid(c, &gids[n_gids++]);
c7f9a8d2 LP	224	if (r < 0)
c7f9a8d2 LP	225	return log_error_errno(r, "Failed to parse group data from getent: %m");
ee645080 LP	226	}
	227
	228	r = mkdir_parents(home, 0775);
	229	if (r < 0)
	230	return log_error_errno(r, "Failed to make home root directory: %m");
	231
d50b5839	232	r = mkdir_safe(home, 0755, uid, gid, 0);
37c1d5e9	233	if (r < 0 && !IN_SET(r, -EEXIST, -ENOTDIR))
ee645080 LP	234	return log_error_errno(r, "Failed to make home directory: %m");
ee645080 LP	235
61b44433 LP	236	r = change_uid_gid_raw(uid, gid, gids, n_gids);
	237	if (r < 0)
	238	return r;
ee645080	239
1cc6c93a YW	240	if (_home)
1cc6c93a YW	241	*_home = TAKE_PTR(home);
ee645080 LP	242
	243	return 0;
	244	}