[hurd] 07/31: utils/settrans: get an authenticated root node in chroot m

commit-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[hurd] 07/31: utils/settrans: get an authenticated root node in chroot m

From:	Samuel Thibault
Subject:	[hurd] 07/31: utils/settrans: get an authenticated root node in chroot mode
Date:	Mon, 02 May 2016 23:48:31 +0000

This is an automated email from the git hooks/post-receive script.

sthibault pushed a commit to branch upstream
in repository hurd.

commit f5e6769c33723a1d4b72722eff8bb68245ca3803
Author: Justus Winter <address@hidden>
Date:   Sat Apr 16 16:12:35 2016 +0200

    utils/settrans: get an authenticated root node in chroot mode
    
    * utils/settrans.c (get_credentials): New function.
    (main): Get an authenticated root node for the process we are
    chrooting.
    
    Signed-off-by: Justus Winter <address@hidden>
---
 utils/settrans.c | 45 ++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 44 insertions(+), 1 deletion(-)

diff --git a/utils/settrans.c b/utils/settrans.c
index 00cc358..399bd12 100644
--- a/utils/settrans.c
+++ b/utils/settrans.c
@@ -88,6 +88,44 @@ static char *args_doc = "NODE [TRANSLATOR ARG...]";
 static char *doc = "Set the passive/active translator on NODE."
 "\vBy default the passive translator is set.";
 
+/* Authentication of the current process.  */
+uid_t *uids;
+gid_t *gids;
+size_t uids_len, gids_len;
+
+/* Initialize and populate the uids and gids vectors.  */
+error_t
+get_credentials (void)
+{
+  /* Fetch uids...  */
+  uids_len = geteuids (0, 0);
+  if (uids_len < 0)
+    return errno;
+
+  uids = malloc (uids_len * sizeof (uid_t));
+  if (! uids)
+    return ENOMEM;
+
+  uids_len = geteuids (uids_len, uids);
+  if (uids_len < 0)
+    return errno;
+
+  /* ... and gids.  */
+  gids_len = getgroups (0, 0);
+  if (gids_len < 0)
+    return errno;
+
+  gids = malloc (gids_len * sizeof (gid_t));
+  if (! uids)
+    return ENOMEM;
+
+  gids_len = getgroups (gids_len, gids);
+  if (gids_len < 0)
+    return errno;
+
+  return 0;
+}
+
 /* ---------------------------------------------------------------- */
 
 int
@@ -340,9 +378,14 @@ main(int argc, char *argv[])
          mach_port_t root;
          file_t executable;
          char *prefixed_name;
+
+         err = get_credentials ();
+         if (err)
+           error (6, err, "getting credentials");
+
          err = fsys_getroot (active_control,
                              MACH_PORT_NULL, MACH_MSG_TYPE_COPY_SEND,
-                             NULL, 0, NULL, 0, 0,
+                             uids, uids_len, gids, gids_len, 0,
                              &do_retry, retry_name, &root);
          mach_port_deallocate (mach_task_self (), active_control);
          if (err)

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-hurd/hurd.git

[Prev in Thread]

Current Thread

[Next in Thread]

[hurd] 22/31: Unify and document the way fsids are handled in trivfs translators, (continued)
- [hurd] 22/31: Unify and document the way fsids are handled in trivfs translators, Samuel Thibault, 2016/05/02
- [hurd] 21/31: libshouldbeinlibc: use the new assert in the refcount primitives, Samuel Thibault, 2016/05/02
- [hurd] 12/31: Fix access mode of temporary files, Samuel Thibault, 2016/05/02
- [hurd] 02/31: Fix swap information numbers, Samuel Thibault, 2016/05/02
- [hurd] 19/31: libpager: add missing include, Samuel Thibault, 2016/05/02
- [hurd] 09/31: Make make install idempotent, Samuel Thibault, 2016/05/02
- [hurd] 23/31: startup: implement bits of the fs and io protocols, Samuel Thibault, 2016/05/02
- [hurd] 11/31: libfshelp: pass cookie to the callback function, Samuel Thibault, 2016/05/02
- [hurd] 13/31: Merge branch 'master' of git.savannah.gnu.org:/srv/git/hurd/hurd, Samuel Thibault, 2016/05/02
- [hurd] 20/31: libshouldbeinlibc: add assert(3) variant that prints backtraces, Samuel Thibault, 2016/05/02
- [hurd] 07/31: utils/settrans: get an authenticated root node in chroot mode, Samuel Thibault <=
- [hurd] 06/31: isofs: make superblock detection more robust, Samuel Thibault, 2016/05/02
- [hurd] 08/31: utils/settrans: add option to specify the underlying node, Samuel Thibault, 2016/05/02
- [hurd] 31/31: Fix build, Samuel Thibault, 2016/05/02
- [hurd] 29/31: libihash: keep track of free slots, Samuel Thibault, 2016/05/02
- [hurd] 10/31: mach-defpager: fix error handling, Samuel Thibault, 2016/05/02
- [hurd] 30/31: libihash: rehash if effective load exceeds the threshold, Samuel Thibault, 2016/05/02
- [hurd] 26/31: startup: write all messages to stderr, Samuel Thibault, 2016/05/02
- [hurd] 27/31: Fix root operations on trivfs-translated nodes, Samuel Thibault, 2016/05/02
- [hurd] 16/31: libtrivfs: fix notion of privileged user, Samuel Thibault, 2016/05/02
- [hurd] 28/31: libihash: fix index computation, Samuel Thibault, 2016/05/02

Prev by Date: [hurd] 20/31: libshouldbeinlibc: add assert(3) variant that prints backtraces
Next by Date: [hurd] 06/31: isofs: make superblock detection more robust
Previous by thread: [hurd] 20/31: libshouldbeinlibc: add assert(3) variant that prints backtraces
Next by thread: [hurd] 06/31: isofs: make superblock detection more robust
Index(es):
- Date
- Thread