C-API: Added cli_process_control(), added uid to cli_process_control()

2023-06-01 17:44:49 +02:00 · 2023-06-01 17:44:49 +02:00 · 080eef0278
commit 080eef0278
parent bd6a67f1d9
12 changed files with 103 additions and 20 deletions
--- a/lib/src/clixon_proc.c
+++ b/lib/src/clixon_proc.c
@ -50,7 +50,8 @@
     description, namespace, start arguments, etc. Starts in STOPPED state:
       --> STOPPED

-     On operation "start" or "restart" it gets a pid and goes into RUNNING state:
+     On operation using clixon_process_operation():
+       "start" or "restart" it gets a pid and goes into RUNNING state:
           STOPPED -- (re)start --> RUNNING(pid)

     When running, several things may happen:
@ -116,6 +117,7 @@
 #include "clixon_hash.h"
 #include "clixon_handle.h"
 #include "clixon_options.h"
+#include "clixon_uid.h"
 #include "clixon_event.h"
 #include "clixon_sig.h"
 #include "clixon_string.h"
@ -143,6 +145,7 @@ struct process_entry_t {
    char          *pe_name;     /* Name of process used for internal use. Unique with exiting=0 */
    char          *pe_description; /* Description of service */
    char          *pe_netns;    /* Network namespace */
+    uid_t          pe_uid;      /* UID of process or -1 to keep same as backend */
    char         **pe_argv;     /* argv with command as element 0 and NULL-terminated */
    int            pe_argc;     /* Length of argc */
    pid_t          pe_pid;      /* Running process id (state) or 0 if dead (pid is set if exiting=1) */
@ -150,7 +153,7 @@ struct process_entry_t {
    proc_state_t   pe_state;    /* stopped, running, exiting */
    pid_t          pe_exit_status;/* Status on exit as defined in waitpid */
    struct timeval pe_starttime; /* Start time */
-    proc_cb_t     *pe_callback; /* Wrapper function, may be called from process_operation  */
+    proc_cb_t     *pe_callback;  /* Wrapper function, may be called from process_operation  */
 };

 /* Forward declaration */
@ -261,13 +264,15 @@ clixon_proc_socket_close(pid_t pid,
 *
 * @param[in]  argv  NULL-terminated Argument vector
 * @param[in]  netns Network namespace (or NULL)
+ * @param[in]  uid   User-id or -1 to keep existing
 * @param[out] pid   Process id
 * @retval     0     OK
 * @retval     -1    Error.
 */
-int
+static int
 clixon_proc_background(char       **argv,
                       const char  *netns,
+                       uid_t        uid,
                       pid_t       *pid0)
 {
    int           retval = -1;
@ -308,10 +313,14 @@ clixon_proc_background(char       **argv,
        char nsfile[PATH_MAX];
        int  nsfd;
 #endif
-
+        if (uid != -1){
+            if (drop_priv_perm(uid) < 0)
+                goto done;
+        }
        clicon_debug(1, "%s child", __FUNCTION__);
        clicon_signal_unblock(0);
        signal(SIGTSTP, SIG_IGN);
+
        if (chdir("/") < 0){
            clicon_err(OE_UNIX, errno, "chdirq");
            exit(1);
@ -425,6 +434,7 @@ clixon_process_argv_get(clicon_handle h,
 * @param[in]  name     Process name
 * @param[in]  description  Description of process
 * @param[in]  netns    Namespace netspace (or NULL)
+ * @param[in]  uid      UID of process (or -1 to keep same)
 * @param[in]  callback Wrapper function
 * @param[in]  argv     NULL-terminated vector of vectors 
 * @param[in]  argc     Length of argv
@ -437,6 +447,7 @@ clixon_process_register(clicon_handle h,
                        const char   *name,
                        const char   *description,
                        const char   *netns,
+                        const uid_t   uid,
                        proc_cb_t    *callback,
                        char        **argv,
                        int           argc)
@ -470,6 +481,7 @@ clixon_process_register(clicon_handle h,
        clicon_err(OE_DB, errno, "strdup netns");
        goto done;
    }
+    pe->pe_uid = uid;
    pe->pe_argc = argc;
    if ((pe->pe_argv = calloc(argc, sizeof(char *))) == NULL){
        clicon_err(OE_UNIX, errno, "calloc");
@ -839,7 +851,8 @@ clixon_process_sched(int           fd,
                    if (proc_op_run(pe->pe_pid, &isrunning) < 0)
                        goto done;
                    if (!isrunning)
-                        if (clixon_proc_background(pe->pe_argv, pe->pe_netns, &pe->pe_pid) < 0)
+                        if (clixon_proc_background(pe->pe_argv, pe->pe_netns,
+                                                   pe->pe_uid, &pe->pe_pid) < 0)
                            goto done;
                    clicon_debug(1, "%s %s(%d) %s --%s--> %s", __FUNCTION__,
                                 pe->pe_name, pe->pe_pid,
@ -864,7 +877,8 @@ clixon_process_sched(int           fd,
                case PROC_OP_START:
                    if (isrunning) /* Already runs */
                        break;
-                    if (clixon_proc_background(pe->pe_argv, pe->pe_netns, &pe->pe_pid) < 0)
+                    if (clixon_proc_background(pe->pe_argv, pe->pe_netns,
+                                               pe->pe_uid, &pe->pe_pid) < 0)
                        goto done;
                    clicon_debug(1, "%s %s(%d) %s --%s--> %s", __FUNCTION__,
                                 pe->pe_name, pe->pe_pid,
@ -967,7 +981,8 @@ clixon_process_waitpid(clicon_handle h)
                case PROC_OP_RESTART:
                    /* This is the case where there is an existing process running.
                     * it was killed above but still runs and needs to be reaped */
-                    if (clixon_proc_background(pe->pe_argv, pe->pe_netns, &pe->pe_pid) < 0)
+                    if (clixon_proc_background(pe->pe_argv, pe->pe_netns,
+                                               pe->pe_uid, &pe->pe_pid) < 0)
                        goto done;
                    gettimeofday(&pe->pe_starttime, NULL);
                    clicon_debug(1, "%s %s(%d) %s --%s--> %s", __FUNCTION__,