From a0a4a95389ec88050a049905a876c1488d5a173b Mon Sep 17 00:00:00 2001
From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Thu, 30 Sep 2021 14:36:44 -0500
Subject: [PATCH] Simpler user/group parsing

---
 src/lib/server/cf_parse.c    | 31 ++++++++++++++++++++++
 src/lib/server/cf_parse.h    |  5 ++++
 src/lib/server/main_config.c | 51 ++----------------------------------
 3 files changed, 38 insertions(+), 49 deletions(-)

diff --git a/src/lib/server/cf_parse.c b/src/lib/server/cf_parse.c
index 9d604d6a9d..69dd578626 100644
--- a/src/lib/server/cf_parse.c
+++ b/src/lib/server/cf_parse.c
@@ -37,6 +37,7 @@ RCSID("$Id$")
 #include <freeradius-devel/util/debug.h>
 #include <freeradius-devel/util/inet.h>
 #include <freeradius-devel/util/misc.h>
+#include <freeradius-devel/util/perm.h>
 #include <freeradius-devel/util/types.h>
 
 static CONF_PARSER conf_term = CONF_PARSER_TERMINATOR;
@@ -1719,3 +1720,33 @@ int cf_table_parse_uint32(UNUSED TALLOC_CTX *ctx, void *out, UNUSED void *parent
 	return 0;
 }
 
+/** Generic function for resolving UID strings to uid_t values
+ *
+ * Type should be FR_TYPE_VOID, struct field should be a uid_t.
+ */
+int cf_parse_uid(TALLOC_CTX *ctx, void *out, UNUSED void *parent,
+		 CONF_ITEM *ci, UNUSED CONF_PARSER const *rule)
+{
+	if (fr_perm_uid_from_str(ctx, (uid_t *)out, cf_pair_value(cf_item_to_pair(ci))) < 0) {
+		cf_log_perr(ci, "Failed resolving UID");
+		return -1;
+	}
+
+	return 0;
+}
+
+/** Generic function for resolving GID strings to uid_t values
+ *
+ * Type should be FR_TYPE_VOID, struct field should be a gid_t.
+ */
+int cf_parse_gid(TALLOC_CTX *ctx, void *out, UNUSED void *parent,
+		 CONF_ITEM *ci, UNUSED CONF_PARSER const *rule)
+{
+	if (fr_perm_gid_from_str(ctx, (gid_t *)out, cf_pair_value(cf_item_to_pair(ci))) < 0) {
+		cf_log_perr(ci, "Failed resolving GID");
+		return -1;
+	}
+
+	return 0;
+}
+
diff --git a/src/lib/server/cf_parse.h b/src/lib/server/cf_parse.h
index 9809a28216..ba2850e2f5 100644
--- a/src/lib/server/cf_parse.h
+++ b/src/lib/server/cf_parse.h
@@ -504,6 +504,11 @@ int		cf_table_parse_uint32(UNUSED TALLOC_CTX *ctx, void *out, UNUSED void *paren
 int		cf_table_parse_int32(UNUSED TALLOC_CTX *ctx, void *out, UNUSED void *parent,
 				     CONF_ITEM *ci, CONF_PARSER const *rule);
 
+int		cf_parse_uid(TALLOC_CTX *ctx, void *out, UNUSED void *parent,
+			     CONF_ITEM *ci, CONF_PARSER const *rule);
+
+int		cf_parse_gid(TALLOC_CTX *ctx, void *out, UNUSED void *parent,
+			     CONF_ITEM *ci, CONF_PARSER const *rule);
 
 #ifdef __cplusplus
 }
diff --git a/src/lib/server/main_config.c b/src/lib/server/main_config.c
index 49dcc3ae99..f0f8d36f0a 100644
--- a/src/lib/server/main_config.c
+++ b/src/lib/server/main_config.c
@@ -92,11 +92,6 @@ static int max_request_time_parse(TALLOC_CTX *ctx, void *out, void *parent, CONF
 
 static int name_parse(TALLOC_CTX *ctx, void *out, void *parent, CONF_ITEM *ci, CONF_PARSER const *rule);
 
-#ifdef HAVE_SETUID
-static int uid_parse(TALLOC_CTX *ctx, void *out, UNUSED void *parent, CONF_ITEM *ci, CONF_PARSER const *rule);
-static int gid_parse(TALLOC_CTX *ctx, void *out, UNUSED void *parent, CONF_ITEM *ci, CONF_PARSER const *rule);
-#endif
-
 /*
  *	Log destinations
  */
@@ -230,8 +225,8 @@ static const CONF_PARSER server_config[] = {
  **********************************************************************/
 static const CONF_PARSER security_config[] = {
 #ifdef HAVE_SETUID
-	{ FR_CONF_OFFSET_IS_SET("user", FR_TYPE_VOID, main_config_t, uid), .func = uid_parse },
-	{ FR_CONF_OFFSET_IS_SET("group", FR_TYPE_VOID, main_config_t, gid), .func = gid_parse },
+	{ FR_CONF_OFFSET_IS_SET("user", FR_TYPE_VOID, main_config_t, uid), .func = cf_parse_uid },
+	{ FR_CONF_OFFSET_IS_SET("group", FR_TYPE_VOID, main_config_t, gid), .func = cf_parse_gid },
 #endif
 	{ FR_CONF_OFFSET("chroot", FR_TYPE_STRING, main_config_t, chroot_dir) },
 	{ FR_CONF_OFFSET("allow_core_dumps", FR_TYPE_BOOL, main_config_t, allow_core_dumps), .dflt = "no" },
@@ -373,48 +368,6 @@ static int name_parse(TALLOC_CTX *ctx, void *out, void *parent,
 	return cf_pair_parse_value(ctx, out, parent, ci, rule);		/* Set new value */
 }
 
-#ifdef HAVE_SETUID
-static int uid_parse(TALLOC_CTX *ctx, void *out, UNUSED void *parent,
-		     CONF_ITEM *ci, UNUSED CONF_PARSER const *rule)
-{
-	struct passwd	*user;
-	char const	*uid_name;
-
-	uid_name = cf_pair_value(cf_item_to_pair(ci));
-
-	if (fr_perm_getpwnam(ctx, &user, uid_name) < 0) {
-		cf_log_perr(ci, "Cannot get passwd entry for user \"%s\"", uid_name);
-		return 0;
-	}
-
-	memcpy(out, &user->pw_uid, sizeof(user->pw_uid));
-
-	talloc_free(user);
-
-	return 0;
-}
-
-static int gid_parse(TALLOC_CTX *ctx, void *out, UNUSED void *parent,
-		     CONF_ITEM *ci, UNUSED CONF_PARSER const *rule)
-{
-	struct group	*group;
-	char const	*gid_name;
-
-	gid_name = cf_pair_value(cf_item_to_pair(ci));
-
-	if (fr_perm_getgrnam(ctx, &group, gid_name) < 0) {
-		cf_log_perr(ci, "Cannot resolve group name \"%s\"", gid_name);
-		return 0;
-	}
-
-	memcpy(out, &group->gr_gid, sizeof(group->gr_gid));
-
-	talloc_free(group);
-
-	return 0;
-}
-#endif
-
 static int num_networks_parse(TALLOC_CTX *ctx, void *out, void *parent,
 			      CONF_ITEM *ci, CONF_PARSER const *rule)
 {
-- 
2.47.2