From b7bd75c4c0e37a5eb2295a4028d1160715a98c41 Mon Sep 17 00:00:00 2001 From: Dan Kenigsberg Date: Tue, 19 Oct 2010 15:22:57 +0200 Subject: [PATCH] Run initgroups() in qemudOpenAsUID() qemudOpenAsUID is intended to open a file with the credentials of a specified uid. Current implementation fails if the file is accessible to one of uid's groups but not owned by uid. This patch replaces the supplementary group list that the child process inherited from libvirtd with the default group list of uid. --- src/qemu/qemu_driver.c | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 0ce2d4038b..7204ac8efb 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -41,6 +41,7 @@ #include #include #include +#include #include #include #include @@ -6353,6 +6354,7 @@ parent_cleanup: char *buf = NULL; size_t bufsize = 1024 * 1024; int bytesread; + struct passwd pwd, *pwd_result; /* child doesn't need the read side of the pipe */ close(pipefd[0]); @@ -6365,6 +6367,26 @@ parent_cleanup: goto child_cleanup; } + if (VIR_ALLOC_N(buf, bufsize) < 0) { + exit_code = ENOMEM; + virReportOOMError(); + goto child_cleanup; + } + + exit_code = getpwuid_r(uid, &pwd, buf, bufsize, &pwd_result); + if (pwd_result == NULL) { + virReportSystemError(errno, + _("cannot getpwuid_r(%d) to read '%s'"), + uid, path); + goto child_cleanup; + } + if (initgroups(pwd.pw_name, pwd.pw_gid) != 0) { + exit_code = errno; + virReportSystemError(errno, + _("cannot initgroups(\"%s\", %d) to read '%s'"), + pwd.pw_name, pwd.pw_gid, path); + goto child_cleanup; + } if (setuid(uid) != 0) { exit_code = errno; virReportSystemError(errno, @@ -6379,11 +6401,6 @@ parent_cleanup: path, uid); goto child_cleanup; } - if (VIR_ALLOC_N(buf, bufsize) < 0) { - exit_code = ENOMEM; - virReportOOMError(); - goto child_cleanup; - } /* read from fd and write to pipefd[1] until EOF */ do { -- 2.47.2