From 8598fca688ab57e7bb8729e3eb5675ede46156b6 Mon Sep 17 00:00:00 2001 From: Olof hagsand Date: Fri, 2 Jun 2023 13:38:00 +0200 Subject: [PATCH] Add gid to clixon_process_register() for drop privs --- CHANGELOG.md | 2 +- apps/backend/backend_plugin_restconf.c | 2 +- lib/clixon/clixon_proc.h | 2 +- lib/clixon/clixon_string.h | 1 - lib/src/clixon_proc.c | 29 +++++++++++++++++++------- lib/src/clixon_string.c | 6 +++--- 6 files changed, 28 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4374f521..4e3322cd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -54,7 +54,7 @@ Expected: July 2023 ### C/CLI-API changes on existing features Developers may need to change their code -* Added `uid` parameter to `clixon_process_register()` +* Added `uid` and `gid` parameters to `clixon_process_register()` for drop privs * Added output function to JSON output: * `xml2json_vec(...,skiptop)` --> `xml2json_vec(..., cligen_output, skiptop)` * `yang2cli_yspec` removed last argument `printgen`. diff --git a/apps/backend/backend_plugin_restconf.c b/apps/backend/backend_plugin_restconf.c index 4b4690de..c12769c1 100644 --- a/apps/backend/backend_plugin_restconf.c +++ b/apps/backend/backend_plugin_restconf.c @@ -314,7 +314,7 @@ restconf_pseudo_process_control(clicon_handle h) if (clixon_process_register(h, RESTCONF_PROCESS, "Clixon RESTCONF process", NULL /* XXX network namespace */, - -1, + -1, -1, restconf_rpc_wrapper, argv, nr) < 0) goto done; diff --git a/lib/clixon/clixon_proc.h b/lib/clixon/clixon_proc.h index ffd54440..399f8c5d 100644 --- a/lib/clixon/clixon_proc.h +++ b/lib/clixon/clixon_proc.h @@ -70,7 +70,7 @@ int clixon_proc_socket_close(pid_t pid, int sock); int clixon_process_pid(clicon_handle h, const char *name, pid_t *pid); proc_operation clixon_process_op_str2int(char *opstr); int clixon_process_argv_get(clicon_handle h, const char *name, char ***argv, int *argc); -int clixon_process_register(clicon_handle h, const char *name, const char *descr, const char *netns, uid_t uid, proc_cb_t *callback, char **argv, int argc); +int clixon_process_register(clicon_handle h, const char *name, const char *descr, const char *netns, uid_t uid, gid_t gid, proc_cb_t *callback, char **argv, int argc); int clixon_process_delete_all(clicon_handle h); int clixon_process_operation(clicon_handle h, const char *name, proc_operation op, const int wrapit); int clixon_process_status(clicon_handle h, const char *name, cbuf *cbret); diff --git a/lib/clixon/clixon_string.h b/lib/clixon/clixon_string.h index 9efb2834..73956db4 100644 --- a/lib/clixon/clixon_string.h +++ b/lib/clixon/clixon_string.h @@ -107,7 +107,6 @@ char *clixon_trim(char *str); char *clixon_trim2(char *str, char *trims); int clicon_strcmp(char *s1, char *s2); - #ifndef HAVE_STRNDUP char *clicon_strndup (const char *, size_t); #endif /* ! HAVE_STRNDUP */ diff --git a/lib/src/clixon_proc.c b/lib/src/clixon_proc.c index f82903a9..dbfbc3b1 100644 --- a/lib/src/clixon_proc.c +++ b/lib/src/clixon_proc.c @@ -146,6 +146,7 @@ struct process_entry_t { char *pe_description; /* Description of service */ char *pe_netns; /* Network namespace */ uid_t pe_uid; /* UID of process or -1 to keep same as backend */ + gid_t pe_gid; /* GID of process or -1 to keep same as backend */ char **pe_argv; /* argv with command as element 0 and NULL-terminated */ int pe_argc; /* Length of argc */ pid_t pe_pid; /* Running process id (state) or 0 if dead (pid is set if exiting=1) */ @@ -273,6 +274,7 @@ static int clixon_proc_background(char **argv, const char *netns, uid_t uid, + gid_t gid, pid_t *pid0) { int retval = -1; @@ -313,10 +315,7 @@ clixon_proc_background(char **argv, char nsfile[PATH_MAX]; int nsfd; #endif - if (uid != -1){ - if (drop_priv_perm(uid) < 0) - goto done; - } + clicon_debug(1, "%s child", __FUNCTION__); clicon_signal_unblock(0); signal(SIGTSTP, SIG_IGN); @@ -352,6 +351,16 @@ clixon_proc_background(char **argv, } } #endif /* HAVE_SETNS */ + if (gid != -1){ + if (setgid(gid) == -1) { + clicon_err(OE_DAEMON, errno, "setgid %d", gid); + goto done; + } + } + if (uid != -1){ + if (drop_priv_perm(uid) < 0) + goto done; + } if (execvp(argv[0], argv) < 0) { clicon_err(OE_UNIX, errno, "execv(%s)", argv[0]); exit(1); @@ -435,6 +444,7 @@ clixon_process_argv_get(clicon_handle h, * @param[in] description Description of process * @param[in] netns Namespace netspace (or NULL) * @param[in] uid UID of process (or -1 to keep same) + * @param[in] gid GID of process (or -1 to keep same) * @param[in] callback Wrapper function * @param[in] argv NULL-terminated vector of vectors * @param[in] argc Length of argv @@ -448,6 +458,7 @@ clixon_process_register(clicon_handle h, const char *description, const char *netns, const uid_t uid, + const gid_t gid, proc_cb_t *callback, char **argv, int argc) @@ -482,6 +493,7 @@ clixon_process_register(clicon_handle h, goto done; } pe->pe_uid = uid; + pe->pe_gid = gid; pe->pe_argc = argc; if ((pe->pe_argv = calloc(argc, sizeof(char *))) == NULL){ clicon_err(OE_UNIX, errno, "calloc"); @@ -852,7 +864,8 @@ clixon_process_sched(int fd, goto done; if (!isrunning) if (clixon_proc_background(pe->pe_argv, pe->pe_netns, - pe->pe_uid, &pe->pe_pid) < 0) + pe->pe_uid, pe->pe_gid, + &pe->pe_pid) < 0) goto done; clicon_debug(1, "%s %s(%d) %s --%s--> %s", __FUNCTION__, pe->pe_name, pe->pe_pid, @@ -878,7 +891,8 @@ clixon_process_sched(int fd, if (isrunning) /* Already runs */ break; if (clixon_proc_background(pe->pe_argv, pe->pe_netns, - pe->pe_uid, &pe->pe_pid) < 0) + pe->pe_uid, pe->pe_gid, + &pe->pe_pid) < 0) goto done; clicon_debug(1, "%s %s(%d) %s --%s--> %s", __FUNCTION__, pe->pe_name, pe->pe_pid, @@ -982,7 +996,8 @@ clixon_process_waitpid(clicon_handle h) /* This is the case where there is an existing process running. * it was killed above but still runs and needs to be reaped */ if (clixon_proc_background(pe->pe_argv, pe->pe_netns, - pe->pe_uid, &pe->pe_pid) < 0) + pe->pe_uid, pe->pe_gid, + &pe->pe_pid) < 0) goto done; gettimeofday(&pe->pe_starttime, NULL); clicon_debug(1, "%s %s(%d) %s --%s--> %s", __FUNCTION__, diff --git a/lib/src/clixon_string.c b/lib/src/clixon_string.c index b32dae95..737987d3 100644 --- a/lib/src/clixon_string.c +++ b/lib/src/clixon_string.c @@ -125,9 +125,9 @@ clicon_strsep(char *string, * @retval NULL Failure */ char * -clicon_strjoin(int argc, - char **argv, - char *delim) +clicon_strjoin(int argc, + char **argv, + char *delim) { int i; int len;