From 0740932d2586da83738521d371055e9a7f7adf0c Mon Sep 17 00:00:00 2001 From: Alexey Shilov Date: Wed, 18 Aug 2010 16:18:39 +0300 Subject: [PATCH] Changes: pass and set gid and uid from invoker process to launcher --- src/common/protocol.h | 1 + src/invoker/invoker.c | 16 ++++++++++++++++ src/launcher/appdata.cpp | 20 +++++++++++++++++++- src/launcher/appdata.h | 12 ++++++++++++ src/launcher/booster.cpp | 11 +++++++++++ src/launcher/connection.cpp | 14 ++++++++++++++ src/launcher/connection.h | 5 +++++ 7 files changed, 78 insertions(+), 1 deletion(-) diff --git a/src/common/protocol.h b/src/common/protocol.h index e823782..46dac00 100644 --- a/src/common/protocol.h +++ b/src/common/protocol.h @@ -33,6 +33,7 @@ const uint32_t INVOKER_MSG_EXEC = 0xe8ec0000; const uint32_t INVOKER_MSG_ARGS = 0xa4650000; const uint32_t INVOKER_MSG_ENV = 0xe5710000; const uint32_t INVOKER_MSG_PRIO = 0xa1ce0000; +const uint32_t INVOKER_MSG_IDS = 0xb2df4000; const uint32_t INVOKER_MSG_IO = 0x10fd0000; const uint32_t INVOKER_MSG_END = 0xdead0000; const uint32_t INVOKER_MSG_PID = 0x1d1d0000; diff --git a/src/invoker/invoker.c b/src/invoker/invoker.c index d6b7ccc..ccad021 100644 --- a/src/invoker/invoker.c +++ b/src/invoker/invoker.c @@ -296,6 +296,18 @@ static bool invoker_send_prio(int fd, int prio) return true; } +static bool invoker_send_ids(int fd, int uid, int gid) +{ + // Send action. + invoke_send_msg(fd, INVOKER_MSG_IDS); + invoke_send_msg(fd, uid); + invoke_send_msg(fd, gid); + + invoke_recv_ack(fd); + + return true; +} + static bool invoker_send_env(int fd) { int i, n_vars; @@ -418,6 +430,9 @@ static int invoke(int prog_argc, char **prog_argv, char *prog_name, prog_prio = 0; } + int uid = getuid(); + int gid = getgid(); + int fd = invoker_init(app_type); invoker_send_magic(fd, magic_options); @@ -425,6 +440,7 @@ static int invoke(int prog_argc, char **prog_argv, char *prog_name, invoker_send_exec(fd, prog_name); invoker_send_args(fd, prog_argc, prog_argv); invoker_send_prio(fd, prog_prio); + invoker_send_ids(fd, uid, gid); invoker_send_io(fd); invoker_send_env(fd); invoker_send_end(fd); diff --git a/src/launcher/appdata.cpp b/src/launcher/appdata.cpp index 85be9c1..3a50282 100644 --- a/src/launcher/appdata.cpp +++ b/src/launcher/appdata.cpp @@ -27,7 +27,9 @@ AppData::AppData() : m_fileName(""), m_prio(0), m_entry(NULL), - m_ioDescriptors() + m_ioDescriptors(), + m_gid(0), + m_uid(0) {} void AppData::setOptions(int newOptions) @@ -110,6 +112,22 @@ void AppData::setIODescriptors(const vector & newIODescriptors) m_ioDescriptors = newIODescriptors; } +void AppData::setIDs(uid_t userId, gid_t groupId) +{ + m_uid = userId; + m_gid = groupId; +} + +uid_t AppData::userId() const +{ + return m_uid; +} + +gid_t AppData::groupId() const +{ + return m_gid; +} + void AppData::deleteArgv() { if (m_argv) diff --git a/src/launcher/appdata.h b/src/launcher/appdata.h index 2e93e99..be03a8b 100644 --- a/src/launcher/appdata.h +++ b/src/launcher/appdata.h @@ -89,6 +89,15 @@ public: //! Set I/O descriptors void setIODescriptors(const vector & ioDescriptors); + //! Set user ID and group ID of calling process + void setIDs(uid_t userId, gid_t groupId); + + //! Get user ID of calling process + uid_t userId() const; + + //! Get group ID of calling process + gid_t groupId() const; + //! Frees the memory reserved for argv void deleteArgv(); @@ -105,6 +114,9 @@ private: int m_prio; entry_t m_entry; vector m_ioDescriptors; + gid_t m_gid; + uid_t m_uid; + }; #endif // APPDATA_H diff --git a/src/launcher/booster.cpp b/src/launcher/booster.cpp index 9e5a0c6..cff0190 100644 --- a/src/launcher/booster.cpp +++ b/src/launcher/booster.cpp @@ -168,6 +168,17 @@ int Booster::launchProcess() if (!errno && cur_prio < m_app.priority()) setpriority(PRIO_PROCESS, 0, m_app.priority()); + // Possible set user ID and group ID of calling process + uid_t uid = getuid(); + gid_t gid = getgid(); + + if (uid != m_app.userId()) + setuid(m_app.userId()); + + if (gid != m_app.groupId()) + setgid(m_app.groupId()); + + // Load the application and find out the address of main() void* handle = loadMain(); diff --git a/src/launcher/connection.cpp b/src/launcher/connection.cpp index da5e6ef..acf4d11 100644 --- a/src/launcher/connection.cpp +++ b/src/launcher/connection.cpp @@ -310,6 +310,16 @@ bool Connection::receivePriority() return true; } +bool Connection::receiveIDs() +{ + recvMsg(&m_uid); + recvMsg(&m_gid); + + sendMsg(INVOKER_MSG_ACK); + + return true; +} + bool Connection::receiveArgs() { // Get argc @@ -485,6 +495,9 @@ bool Connection::receiveActions() case INVOKER_MSG_IO: receiveIO(); break; + case INVOKER_MSG_IDS: + receiveIDs(); + break; case INVOKER_MSG_END: sendMsg(INVOKER_MSG_ACK); @@ -519,6 +532,7 @@ bool Connection::receiveApplicationData(AppData & rApp) rApp.setArgc(m_argc); rApp.setArgv(m_argv); rApp.setIODescriptors(vector(m_io, m_io + IO_DESCRIPTOR_COUNT)); + rApp.setIDs(m_uid, m_gid); } else { diff --git a/src/launcher/connection.h b/src/launcher/connection.h index 733b2ed..4921c6f 100644 --- a/src/launcher/connection.h +++ b/src/launcher/connection.h @@ -132,6 +132,9 @@ private: //! Receive I/O descriptors bool receiveIO(); + //! Receive userId and GroupId + bool receiveIDs(); + //! Receive priority bool receivePriority(); @@ -161,6 +164,8 @@ private: int m_io[IO_DESCRIPTOR_COUNT]; uint32_t m_priority; bool m_sendPid; + gid_t m_gid; + uid_t m_uid; #if defined (HAVE_CREDS) && ! defined (DISABLE_VERIFICATION) static const char * m_credsStr;