From c45c51fe97193898f3909dcf5e4c0e117ab239a2 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 1 May 2009 23:50:11 +0200 Subject: chroot: accept new options --userspec=U:G and --groups=G1,G2,G3 * NEWS: Note chroot's new options. * doc/coreutils.texi: Document them. * src/chroot.c (main): Add support for --userspec and --groups. * tests/Makefile.am (root-tests): Add chroot/credentials. * tests/chroot/credentials: New file. * tests/test-lib.sh: Define NON_ROOT_GROUP to a default value. --- src/chroot.c | 125 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 122 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/chroot.c b/src/chroot.c index 6d3fddf77..788a1fc41 100644 --- a/src/chroot.c +++ b/src/chroot.c @@ -21,17 +21,88 @@ #include #include #include +#include #include "system.h" #include "error.h" #include "long-options.h" #include "quote.h" +#include "userspec.h" +#include "xstrtol.h" /* The official name of this program (e.g., no `g' prefix). */ #define PROGRAM_NAME "chroot" #define AUTHORS proper_name ("Roland McGrath") +#ifndef MAXGID +# define MAXGID GID_T_MAX +#endif + +enum +{ + GROUPS = UCHAR_MAX + 1, + USERSPEC +}; + +static struct option const long_opts[] = +{ + {"groups", required_argument, NULL, GROUPS}, + {"userspec", required_argument, NULL, USERSPEC}, + {GETOPT_HELP_OPTION_DECL}, + {GETOPT_VERSION_OPTION_DECL}, + {NULL, 0, NULL, 0} +}; + +/* Groups is a comma separated list of additional groups. */ +static int +set_additional_groups (char const *groups) +{ + GETGROUPS_T *gids = NULL; + size_t n_gids_allocated = 0; + size_t n_gids = 0; + char *buffer = xstrdup (groups); + char const *tmp; + int ret; + + for (tmp = strtok (buffer, ","); tmp; tmp = strtok (NULL, ",")) + { + struct group *g; + unsigned long int value; + + if (xstrtoul (tmp, NULL, 10, &value, "") == LONGINT_OK && value <= MAXGID) + { + g = getgrgid (value); + } + else + { + g = getgrnam (tmp); + if (g != NULL) + value = g->gr_gid; + } + + if (g == NULL) + { + error (0, errno, _("cannot find group %s"), tmp); + free (buffer); + return 1; + } + + if (n_gids == n_gids_allocated) + gids = x2nrealloc (gids, &n_gids_allocated, sizeof *gids); + gids[n_gids++] = value; + } + + free (buffer); + + ret = setgroups (n_gids, gids); + + free (gids); + + return ret; +} + + void usage (int status) { @@ -41,13 +112,20 @@ usage (int status) else { printf (_("\ -Usage: %s NEWROOT [COMMAND [ARG]...]\n\ +Usage: %s [OPTION] NEWROOT [COMMAND [ARG]...]\n\ or: %s OPTION\n\ "), program_name, program_name); + fputs (_("\ Run COMMAND with root directory set to NEWROOT.\n\ \n\ "), stdout); + + fputs (_("\ + --userspec=USER:GROUP specify user and group (ID or name) to use\n\ + --groups=G_LIST specify supplementary groups as g1,g2,..,gN\n\ +"), stdout); + fputs (HELP_OPTION_DESCRIPTION, stdout); fputs (VERSION_OPTION_DESCRIPTION, stdout); fputs (_("\ @@ -62,6 +140,10 @@ If no command is given, run ``${SHELL} -i'' (default: /bin/sh).\n\ int main (int argc, char **argv) { + int c; + char const *userspec = NULL; + char const *groups = NULL; + initialize_main (&argc, &argv); set_program_name (argv[0]); setlocale (LC_ALL, ""); @@ -73,8 +155,21 @@ main (int argc, char **argv) parse_long_options (argc, argv, PROGRAM_NAME, PACKAGE_NAME, Version, usage, AUTHORS, (char const *) NULL); - if (getopt_long (argc, argv, "+", NULL, NULL) != -1) - usage (EXIT_FAILURE); + + while ((c = getopt_long (argc, argv, "+", long_opts, NULL)) != -1) + { + switch (c) + { + case USERSPEC: + userspec = optarg; + break; + case GROUPS: + groups = optarg; + break; + default: + usage (EXIT_FAILURE); + } + } if (argc <= optind) { @@ -105,6 +200,30 @@ main (int argc, char **argv) argv += optind + 1; } + if (userspec) + { + uid_t uid; + gid_t gid; + char *user; + char *group; + char const *err = parse_user_spec (userspec, &uid, &gid, &user, &group); + + if (err) + error (EXIT_FAILURE, errno, "%s", err); + + free (user); + free (group); + + if (groups && set_additional_groups (groups)) + error (0, errno, _("failed to set additional groups")); + + if (gid && setgid (gid)) + error (0, errno, _("failed to set group-ID")); + + if (uid && setuid (uid)) + error (0, errno, _("failed to set user-ID")); + } + /* Execute the given command. */ execvp (argv[0], argv); -- cgit v1.2.3-70-g09d2