Changes: pass and set gid and uid from invoker process to launcher

15 years ago · 0740932d25
parent f8f18c9026
commit 0740932d25
7 changed files with 78 additions and 1 deletions
--- a/src/common/protocol.h
+++ b/src/common/protocol.h
@ -33,6 +33,7 @@ const uint32_t INVOKER_MSG_EXEC               = 0xe8ec0000;
 const uint32_t INVOKER_MSG_ARGS               = 0xa4650000;
 const uint32_t INVOKER_MSG_ENV                = 0xe5710000;
 const uint32_t INVOKER_MSG_PRIO               = 0xa1ce0000;
+const uint32_t INVOKER_MSG_IDS                = 0xb2df4000;
 const uint32_t INVOKER_MSG_IO                 = 0x10fd0000;
 const uint32_t INVOKER_MSG_END                = 0xdead0000;
 const uint32_t INVOKER_MSG_PID                = 0x1d1d0000;
--- a/src/invoker/invoker.c
+++ b/src/invoker/invoker.c
@ -296,6 +296,18 @@ static bool invoker_send_prio(int fd, int prio)
    return true;
 }

+static bool invoker_send_ids(int fd, int uid, int gid)
+{
+    // Send action.
+    invoke_send_msg(fd, INVOKER_MSG_IDS);
+    invoke_send_msg(fd, uid);
+    invoke_send_msg(fd, gid);
+
+    invoke_recv_ack(fd);
+
+    return true;
+}
+
 static bool invoker_send_env(int fd)
 {
    int i, n_vars;
@ -418,6 +430,9 @@ static int invoke(int prog_argc, char **prog_argv, char *prog_name,
            prog_prio = 0;
        }

+        int uid = getuid();
+        int gid = getgid();
+
        int fd = invoker_init(app_type);

        invoker_send_magic(fd, magic_options);
@ -425,6 +440,7 @@ static int invoke(int prog_argc, char **prog_argv, char *prog_name,
        invoker_send_exec(fd, prog_name);
        invoker_send_args(fd, prog_argc, prog_argv);
        invoker_send_prio(fd, prog_prio);
+        invoker_send_ids(fd, uid, gid);
        invoker_send_io(fd);
        invoker_send_env(fd);
        invoker_send_end(fd);
--- a/src/launcher/appdata.cpp
+++ b/src/launcher/appdata.cpp
@ -27,7 +27,9 @@ AppData::AppData() :
    m_fileName(""),
    m_prio(0),
    m_entry(NULL),
-    m_ioDescriptors()
+    m_ioDescriptors(),
+    m_gid(0),
+    m_uid(0)
 {}

 void AppData::setOptions(int newOptions)
@ -110,6 +112,22 @@ void AppData::setIODescriptors(const vector<int> & newIODescriptors)
    m_ioDescriptors = newIODescriptors;
 }

+void AppData::setIDs(uid_t userId, gid_t groupId)
+{
+    m_uid = userId;
+    m_gid = groupId;
+}
+
+uid_t AppData::userId() const
+{
+    return m_uid;
+}
+
+gid_t AppData::groupId() const
+{
+    return m_gid;
+}
+
 void AppData::deleteArgv()
 {
    if (m_argv)
--- a/src/launcher/appdata.h
+++ b/src/launcher/appdata.h
@ -89,6 +89,15 @@ public:
    //! Set I/O descriptors
    void setIODescriptors(const vector<int> & ioDescriptors);

+    //! Set user ID and group ID of calling process
+    void setIDs(uid_t userId, gid_t groupId);
+
+    //! Get user ID of calling process
+    uid_t userId() const;
+
+    //! Get group ID of calling process
+    gid_t groupId() const;
+
    //! Frees the memory reserved for argv
    void deleteArgv();

@ -105,6 +114,9 @@ private:
    int         m_prio;
    entry_t     m_entry;
    vector<int> m_ioDescriptors;
+    gid_t       m_gid;
+    uid_t       m_uid;
+
 };

 #endif // APPDATA_H
--- a/src/launcher/booster.cpp
+++ b/src/launcher/booster.cpp
@ -168,6 +168,17 @@ int Booster::launchProcess()
    if (!errno && cur_prio < m_app.priority())
        setpriority(PRIO_PROCESS, 0, m_app.priority());

+    // Possible set user ID and group ID of calling process
+    uid_t uid = getuid();
+    gid_t gid = getgid();
+
+    if (uid != m_app.userId())
+        setuid(m_app.userId());
+
+    if (gid != m_app.groupId())
+        setgid(m_app.groupId());
+
+
    // Load the application and find out the address of main()
    void* handle = loadMain();

--- a/src/launcher/connection.cpp
+++ b/src/launcher/connection.cpp
@ -310,6 +310,16 @@ bool Connection::receivePriority()
    return true;
 }

+bool Connection::receiveIDs()
+{
+    recvMsg(&m_uid);
+    recvMsg(&m_gid);
+
+    sendMsg(INVOKER_MSG_ACK);
+
+    return true;
+}
+
 bool Connection::receiveArgs()
 {
    // Get argc
@ -485,6 +495,9 @@ bool Connection::receiveActions()
        case INVOKER_MSG_IO:
            receiveIO();
            break;
+        case INVOKER_MSG_IDS:
+            receiveIDs();
+            break;
        case INVOKER_MSG_END:
            sendMsg(INVOKER_MSG_ACK);

@ -519,6 +532,7 @@ bool Connection::receiveApplicationData(AppData & rApp)
        rApp.setArgc(m_argc);
        rApp.setArgv(m_argv);
        rApp.setIODescriptors(vector<int>(m_io, m_io + IO_DESCRIPTOR_COUNT));
+        rApp.setIDs(m_uid, m_gid);
    }
    else
    {
--- a/src/launcher/connection.h
+++ b/src/launcher/connection.h
@ -132,6 +132,9 @@ private:
    //! Receive I/O descriptors
    bool receiveIO();

+    //! Receive userId and GroupId
+    bool receiveIDs();
+
    //! Receive priority
    bool receivePriority();

@ -161,6 +164,8 @@ private:
    int      m_io[IO_DESCRIPTOR_COUNT];
    uint32_t m_priority;
    bool     m_sendPid;
+    gid_t    m_gid;
+    uid_t    m_uid;

 #if defined (HAVE_CREDS) && ! defined (DISABLE_VERIFICATION)
    static const char * m_credsStr;