commit ca17f290091c402164b808c3a6eff13211fc43ad
parent cdee66d1f22cf3ecaaeca2ec468ec91de089ca78
Author: Laurent Bercot <ska-skaware@skarnet.org>
Date: Fri, 13 Nov 2015 05:43:55 +0000
- new options to s6-envuidgid
- rc for 2.2.4.0
Diffstat:
5 files changed, 98 insertions(+), 41 deletions(-)
diff --git a/doc/index.html b/doc/index.html
@@ -100,7 +100,7 @@ library. </li>
<h3> Download </h3>
<ul>
- <li> The current released version of s6 is <a href="s6-2.2.3.1.tar.gz">2.2.3.1</a>. </li>
+ <li> The current released version of s6 is <a href="s6-2.2.4.0.tar.gz">2.2.4.0</a>. </li>
<li> Alternatively, you can checkout a copy of the s6 git repository:
<pre> git clone git://git.skarnet.org/s6 </pre> </li>
<li> There's also a
diff --git a/doc/s6-envuidgid.html b/doc/s6-envuidgid.html
@@ -19,14 +19,15 @@
<h1> The s6-envuidgid program </h1>
<p>
-s6-envuidgid sets the UID, GID and GIDLIST environment variables,
-then executes into another program.
+s6-envuidgid potentially sets the UID, GID and GIDLIST environment
+variables according to the options and arguments it is given; then it
+executes into another program.
</p>
<h2> Interface </h2>
<pre>
- s6-envuidgid [ -g ] [ -i | -D <em>uid</em>:<em>gid</em> ] <em>account</em> <em>prog...</em>
+ s6-envuidgid [ -u | -g | -B ] [ -n ] [ -i | -D <em>uid</em>:<em>gid</em> ] <em>account</em> <em>prog...</em>
</pre>
<ul>
@@ -43,14 +44,26 @@ primary group, GIDLIST is still set, but empty.) </li>
<h2> Options </h2>
<ul>
+ <li> <tt>-u</tt> : user. <em>account</em> will be interpreted as a
+user name; the UID environment variable will be set to its numerical
+value, and the GID and GIDLIST variables will not be touched. </li>
<li> <tt>-g</tt> : group. <em>account</em> will be interpreted as a
group name instead of a user name; the GID environment variable will be set
to its numerical value, and the UID and GIDLIST variables will not be touched. </li>
+ <li> <tt>-B</tt> : both user and group. <em>account</em> will be
+interpreted as <em>user<tt>:</tt>group</em>. The GIDLIST variable will not be
+touched. If <em>user</em> exists, the UID variable will be set; if
+<em>group</em> exists, the GID variable will be set. </li>
+ <li> <tt>-n</tt> : numerical fallback. If <em>account</em> cannot be
+found in the user or group database, try to interpret the given values literally.
+For instance, <tt>s6-envuidgid -B root:42</tt> will fail if there's no group
+named <tt>42</tt> in the group database, but <tt>s6-envuidgid -nB root:42</tt>
+will set UID to 0 and GID to 42. This option implies <tt>-B</tt>. </li>
<li> <tt>-i</tt> : insist. If <em>account</em> is unknown, exit 1 with
an error message. This is the default. </li>
<li> <tt>-D <em>uid</em>:<em>gid</em></tt> : if <em>account</em>
-is unknown, use <em>uid</em>, <em>gid</em>, and the empty list as the values
-for UID, GID and GIDLIST. </li>
+is unknown, use <em>uid</em> and <em>gid</em> as the values for UID and GID.
+This options implies <tt>-B</tt>. </li>
</ul>
<h2> Notes </h2>
@@ -64,6 +77,11 @@ drop its privileges later. Such a program can read its new uid/gid/groups info
from the UID, GID and GIDLIST environment variables. Superservers such as
<a href="http://skarnet.org/software/s6-networking/s6-tcpserver4.html">s6-tcpserver4</a>
make use of this. </li>
+ <li> s6-envuidgid only sets GIDLIST when no option (or only <tt>-i</tt>) is
+given. If s6-envuidgid risks defaulting to a given numerical value for
+UID or GID, it will not interpret <em>account</em> as a complete account name
+with uid, gid and supplementary group list; instead, it interprets it as an
+arbitrary combination of user name and group name. </li>
</ul>
</body>
diff --git a/doc/upgrade.html b/doc/upgrade.html
@@ -18,6 +18,13 @@
<h1> What has changed in s6 </h1>
+<h2> in 2.2.4.0 </h2>
+
+<ul>
+ <li> Additional options to
+<a href="s6-envuidgid.html">s6-envuidgid</a> for more flexibility </li>
+</ul>
+
<h2> in 2.2.3.1 </h2>
<ul>
diff --git a/package/info b/package/info
@@ -1,4 +1,4 @@
package=s6
-version=2.2.3.1
+version=2.2.4.0
category=admin
package_macro_name=S6
diff --git a/src/daemontools-extras/s6-envuidgid.c b/src/daemontools-extras/s6-envuidgid.c
@@ -13,27 +13,33 @@
#include <skalibs/fmtscan.h>
#include <skalibs/djbunix.h>
-#define USAGE "s6-envuidgid [ -i | -D defaultuid:defaultgid ] [ -g ] username prog..."
+#define USAGE "s6-envuidgid [ -i | -D defaultuid:defaultgid ] [ -u | -g | -B ] [ -n ] account prog..."
#define dieusage() strerr_dieusage(100, USAGE)
-int main (int argc, char const *const *argv, char const *const *envp)
+int main (int argc, char *const *argv, char const *const *envp)
{
+ char const *user = 0 ;
+ char const *group = 0 ;
+ int what = 0 ;
+ int numfallback = 0 ;
+ int insist = 1 ;
+ unsigned int pos ;
uint64 uid ;
gid_t gid ;
- gid_t tab[NGROUPS_MAX] ;
- int n = 0 ;
- int dogroup = 0 ;
- int insist = 1 ;
+ char fmt[19 + UINT64_FMT + (NGROUPS_MAX+1) * GID_FMT] ;
PROG = "s6-envuidgid" ;
{
subgetopt_t l = SUBGETOPT_ZERO ;
for (;;)
{
- register int opt = subgetopt_r(argc, argv, "giD:", &l) ;
+ register int opt = subgetopt_r(argc, (char const *const *)argv, "ugBniD:", &l) ;
if (opt == -1) break ;
switch (opt)
{
- case 'g' : dogroup = 1 ; break ;
+ case 'u' : what = 1 ; break ;
+ case 'g' : what = 2 ; break ;
+ case 'B' : what = 3 ; break ;
+ case 'n' : what = 3 ; numfallback = 1 ; break ;
case 'i' : insist = 1 ; break ;
case 'D' :
{
@@ -51,6 +57,7 @@ int main (int argc, char const *const *argv, char const *const *envp)
else if (!gid0_scan(l.arg + pos, &gid)) dieusage() ;
}
insist = 0 ;
+ what = 3 ;
break ;
}
default : dieusage() ;
@@ -60,42 +67,67 @@ int main (int argc, char const *const *argv, char const *const *envp)
}
if (argc < 2) dieusage() ;
- if (dogroup)
+ switch (what)
+ {
+ case 0 : /* account */
+ case 1 : /* user */
+ user = argv[0] ;
+ break ;
+ case 2 : /* group */
+ group = argv[0] ;
+ break ;
+ case 3 : /* both */
+ user = argv[0] ;
+ pos = str_chr(argv[0], ':') ;
+ if (argv[0][pos])
+ {
+ argv[0][pos] = 0 ;
+ group = argv[0] + pos + 1 ;
+ if (!pos) user = 0 ;
+ }
+ break ;
+ default : strerr_dief1x(101, "inconsistent option management - please submit a bug-report") ;
+ }
+
+ pos = 0 ;
+
+ if (group)
{
- struct group *gr = getgrnam(argv[0]) ;
- unsigned int pos = 4 ;
- char fmt[4 + GID_FMT] = "GID=" ;
+ struct group *gr = getgrnam(group) ;
if (gr) gid = gr->gr_gid ;
- else if (insist) strerr_dief2x(1, "unknown group: ", argv[0]) ;
+ else if (numfallback && gid_scan(group, &gid)) ;
+ else if (insist) strerr_dief2x(1, "unknown group: ", group) ;
+ byte_copy(fmt + pos, 4, "GID=") ; pos += 4 ;
pos += gid_fmt(fmt + pos, gid) ;
fmt[pos++] = 0 ;
- pathexec_r(argv+1, envp, env_len(envp), fmt, pos) ;
}
- else
+
+ if (user)
{
- struct passwd *pw = getpwnam(argv[0]) ;
+ struct passwd *pw = getpwnam(user) ;
if (pw)
{
uid = pw->pw_uid ;
- gid = pw->pw_gid ;
- n = prot_readgroups(argv[0], tab, NGROUPS_MAX) ;
- if (n < 0)
- strerr_diefu2sys(111, "get supplementary groups for ", argv[0]) ;
- }
- else if (insist) strerr_dief2x(1, "unknown user: ", argv[0]) ;
-
- {
- unsigned int pos = 0 ;
- char fmt[19 + UINT64_FMT + (n+1) * GID_FMT] ;
- byte_copy(fmt + pos, 4, "UID=") ; pos += 4 ;
- pos += uint64_fmt(fmt + pos, uid) ;
- byte_copy(fmt + pos, 5, "\0GID=") ; pos += 5 ;
- pos += gid_fmt(fmt + pos, gid) ;
- byte_copy(fmt + pos, 9, "\0GIDLIST=") ; pos += 9 ;
- pos += gid_fmtlist(fmt + pos, tab, n) ;
- fmt[pos++] = 0 ;
- pathexec_r(argv+1, envp, env_len(envp), fmt, pos) ;
+ if (!what)
+ {
+ gid_t tab[NGROUPS_MAX] ;
+ int n = prot_readgroups(argv[0], tab, NGROUPS_MAX) ;
+ if (n < 0)
+ strerr_diefu2sys(111, "get supplementary groups for ", argv[0]) ;
+ byte_copy(fmt + pos, 4, "GID=") ; pos += 4 ;
+ pos += gid_fmt(fmt + pos, pw->pw_gid) ;
+ byte_copy(fmt + pos, 9, "\0GIDLIST=") ; pos += 9 ;
+ pos += gid_fmtlist(fmt + pos, tab, n) ;
+ fmt[pos++] = 0 ;
+ }
}
+ else if (numfallback && uint64_scan(user, &uid)) ;
+ else if (insist) strerr_dief2x(1, "unknown user: ", user) ;
+ byte_copy(fmt + pos, 4, "UID=") ; pos += 4 ;
+ pos += uint64_fmt(fmt + pos, uid) ;
+ fmt[pos++] = 0 ;
}
+
+ pathexec_r((char const *const *)argv + 1, envp, env_len(envp), fmt, pos) ;
strerr_dieexec(111, argv[1]) ;
}