From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:53436)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <prvs=4438c69fc=Ian.Jackson@citrix.com>)
	id 1dzmNX-000415-7H
	for qemu-devel@nongnu.org; Wed, 04 Oct 2017 12:18:36 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <prvs=4438c69fc=Ian.Jackson@citrix.com>)
	id 1dzmNV-0004LY-1h
	for qemu-devel@nongnu.org; Wed, 04 Oct 2017 12:18:35 -0400
Received: from smtp.citrix.com ([66.165.176.89]:50333)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.71)
	(envelope-from <prvs=4438c69fc=Ian.Jackson@citrix.com>)
	id 1dzmNU-0004LE-Si
	for qemu-devel@nongnu.org; Wed, 04 Oct 2017 12:18:32 -0400
From: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Wed, 4 Oct 2017 17:18:10 +0100
Message-ID: <1507133891-26013-8-git-send-email-ian.jackson@eu.citrix.com>
In-Reply-To: <1507133891-26013-1-git-send-email-ian.jackson@eu.citrix.com>
References: <1507133891-26013-1-git-send-email-ian.jackson@eu.citrix.com>
MIME-Version: 1.0
Content-Type: text/plain
Subject: [Qemu-devel] [PATCH 7/8] os-posix: Provide new -runasid option
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Ross Lagerwall <ross.lagerwall@citrix.com>, Anthony PERARD <anthony.perard@citrix.com>, xen-devel@lists.xenproject.org, Juergen Gross <jgross@suse.com>, Stefano Stabellini <sstabellini@kernel.org>, Ian Jackson <ian.jackson@eu.citrix.com>, xen-devel@nongnu.org, Ian Jackson <Ian.Jackson@eu.citrix.com>

This allows the caller to specify a uid and gid to use, even if there
is no corresponding password entry.  This will be useful in certain
Xen configurations.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
---
v2: Coding style fixes.
---
 os-posix.c      | 31 +++++++++++++++++++++++++++----
 qemu-options.hx | 12 ++++++++++++
 2 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/os-posix.c b/os-posix.c
index 92e9d85..d63680b 100644
--- a/os-posix.c
+++ b/os-posix.c
@@ -43,6 +43,8 @@
 #endif
 
 static struct passwd *user_pwd;
+static uid_t user_uid = (uid_t)-1;
+static gid_t user_gid = (gid_t)-1;
 static const char *chroot_dir;
 static int daemonize;
 static int daemon_pipe;
@@ -134,6 +136,9 @@ void os_set_proc_name(const char *s)
  */
 void os_parse_cmd_args(int index, const char *optarg)
 {
+    unsigned long lv;
+    char *ep;
+    int rc;
     switch (index) {
 #ifdef CONFIG_SLIRP
     case QEMU_OPTION_smb:
@@ -150,6 +155,22 @@ void os_parse_cmd_args(int index, const char *optarg)
             exit(1);
         }
         break;
+    case QEMU_OPTION_runasid:
+        errno = 0;
+        lv = strtoul(optarg, &ep, 0); /* can't qemu_strtoul, want *ep=='.' */
+        user_uid = lv; /* overflow here is ID in C99 */
+        if (errno || *ep != '.' || user_uid != lv || user_uid == (uid_t)-1) {
+            fprintf(stderr, "Could not obtain uid from \"%s\"", optarg);
+            exit(1);
+        }
+        lv = 0;
+        rc = qemu_strtoul(ep + 1, 0, 0, &lv);
+        user_gid = lv; /* overflow here is ID in C99 */
+        if (rc || user_gid != lv || user_gid == (gid_t)-1) {
+            fprintf(stderr, "Could not obtain gid from \"%s\"", optarg);
+            exit(1);
+        }
+        break;
     case QEMU_OPTION_chroot:
         chroot_dir = optarg;
         break;
@@ -166,17 +187,19 @@ void os_parse_cmd_args(int index, const char *optarg)
 
 static void change_process_uid(void)
 {
-    if (user_pwd) {
-        if (setgid(user_pwd->pw_gid) < 0) {
+    if (user_pwd || user_uid != (uid_t)-1) {
+        if (setgid(user_pwd ? user_pwd->pw_gid : user_gid) < 0) {
             fprintf(stderr, "Failed to setgid(%d)\n", user_pwd->pw_gid);
             exit(1);
         }
-        if (initgroups(user_pwd->pw_name, user_pwd->pw_gid) < 0) {
+        if ((user_pwd
+             ? initgroups(user_pwd->pw_name, user_pwd->pw_gid)
+             : setgroups(1, &user_gid)) < 0) {
             fprintf(stderr, "Failed to initgroups(\"%s\", %d)\n",
                     user_pwd->pw_name, user_pwd->pw_gid);
             exit(1);
         }
-        if (setuid(user_pwd->pw_uid) < 0) {
+        if (setuid(user_pwd ? user_pwd->pw_uid : user_gid) < 0) {
             fprintf(stderr, "Failed to setuid(%d)\n", user_pwd->pw_uid);
             exit(1);
         }
diff --git a/qemu-options.hx b/qemu-options.hx
index 9f6e2ad..34a5329 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -3968,6 +3968,18 @@ Immediately before starting guest execution, drop root privileges, switching
 to the specified user.
 ETEXI
 
+#ifndef _WIN32
+DEF("runasid", HAS_ARG, QEMU_OPTION_runasid, \
+    "-runasid uid.gid     change to numeric uid and gid just before starting the VM\n",
+    QEMU_ARCH_ALL)
+#endif
+STEXI
+@item -runasid @var{uid}.@var{gid}
+@findex -runasid
+Immediately before starting guest execution, drop root privileges, switching
+to the specified uid and gid.
+ETEXI
+
 DEF("prom-env", HAS_ARG, QEMU_OPTION_prom_env,
     "-prom-env variable=value\n"
     "                set OpenBIOS nvram variables\n",
-- 
2.1.4

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ian Jackson <ian.jackson@eu.citrix.com>
Subject: [PATCH 7/8] os-posix: Provide new -runasid option
Date: Wed, 4 Oct 2017 17:18:10 +0100
Message-ID: <1507133891-26013-8-git-send-email-ian.jackson@eu.citrix.com>
References: <1507133891-26013-1-git-send-email-ian.jackson@eu.citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta6.messagelabs.com ([193.109.254.103])
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <prvs=4438c69fc=Ian.Jackson@citrix.com>)
 id 1dzmNX-0006vI-Jt
 for xen-devel@lists.xenproject.org; Wed, 04 Oct 2017 16:18:35 +0000
In-Reply-To: <1507133891-26013-1-git-send-email-ian.jackson@eu.citrix.com>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
To: qemu-devel@nongnu.org
Cc: Juergen Gross <jgross@suse.com>, Stefano Stabellini <sstabellini@kernel.org>, Ian Jackson <Ian.Jackson@eu.citrix.com>, Ross Lagerwall <ross.lagerwall@citrix.com>, Anthony PERARD <anthony.perard@citrix.com>, xen-devel@lists.xenproject.org, xen-devel@nongnu.org
List-Id: xen-devel@lists.xenproject.org

VGhpcyBhbGxvd3MgdGhlIGNhbGxlciB0byBzcGVjaWZ5IGEgdWlkIGFuZCBnaWQgdG8gdXNlLCBl
dmVuIGlmIHRoZXJlCmlzIG5vIGNvcnJlc3BvbmRpbmcgcGFzc3dvcmQgZW50cnkuICBUaGlzIHdp
bGwgYmUgdXNlZnVsIGluIGNlcnRhaW4KWGVuIGNvbmZpZ3VyYXRpb25zLgoKU2lnbmVkLW9mZi1i
eTogSWFuIEphY2tzb24gPElhbi5KYWNrc29uQGV1LmNpdHJpeC5jb20+Ci0tLQp2MjogQ29kaW5n
IHN0eWxlIGZpeGVzLgotLS0KIG9zLXBvc2l4LmMgICAgICB8IDMxICsrKysrKysrKysrKysrKysr
KysrKysrKysrKy0tLS0KIHFlbXUtb3B0aW9ucy5oeCB8IDEyICsrKysrKysrKysrKwogMiBmaWxl
cyBjaGFuZ2VkLCAzOSBpbnNlcnRpb25zKCspLCA0IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBh
L29zLXBvc2l4LmMgYi9vcy1wb3NpeC5jCmluZGV4IDkyZTlkODUuLmQ2MzY4MGIgMTAwNjQ0Ci0t
LSBhL29zLXBvc2l4LmMKKysrIGIvb3MtcG9zaXguYwpAQCAtNDMsNiArNDMsOCBAQAogI2VuZGlm
CiAKIHN0YXRpYyBzdHJ1Y3QgcGFzc3dkICp1c2VyX3B3ZDsKK3N0YXRpYyB1aWRfdCB1c2VyX3Vp
ZCA9ICh1aWRfdCktMTsKK3N0YXRpYyBnaWRfdCB1c2VyX2dpZCA9IChnaWRfdCktMTsKIHN0YXRp
YyBjb25zdCBjaGFyICpjaHJvb3RfZGlyOwogc3RhdGljIGludCBkYWVtb25pemU7CiBzdGF0aWMg
aW50IGRhZW1vbl9waXBlOwpAQCAtMTM0LDYgKzEzNiw5IEBAIHZvaWQgb3Nfc2V0X3Byb2NfbmFt
ZShjb25zdCBjaGFyICpzKQogICovCiB2b2lkIG9zX3BhcnNlX2NtZF9hcmdzKGludCBpbmRleCwg
Y29uc3QgY2hhciAqb3B0YXJnKQogeworICAgIHVuc2lnbmVkIGxvbmcgbHY7CisgICAgY2hhciAq
ZXA7CisgICAgaW50IHJjOwogICAgIHN3aXRjaCAoaW5kZXgpIHsKICNpZmRlZiBDT05GSUdfU0xJ
UlAKICAgICBjYXNlIFFFTVVfT1BUSU9OX3NtYjoKQEAgLTE1MCw2ICsxNTUsMjIgQEAgdm9pZCBv
c19wYXJzZV9jbWRfYXJncyhpbnQgaW5kZXgsIGNvbnN0IGNoYXIgKm9wdGFyZykKICAgICAgICAg
ICAgIGV4aXQoMSk7CiAgICAgICAgIH0KICAgICAgICAgYnJlYWs7CisgICAgY2FzZSBRRU1VX09Q
VElPTl9ydW5hc2lkOgorICAgICAgICBlcnJubyA9IDA7CisgICAgICAgIGx2ID0gc3RydG91bChv
cHRhcmcsICZlcCwgMCk7IC8qIGNhbid0IHFlbXVfc3RydG91bCwgd2FudCAqZXA9PScuJyAqLwor
ICAgICAgICB1c2VyX3VpZCA9IGx2OyAvKiBvdmVyZmxvdyBoZXJlIGlzIElEIGluIEM5OSAqLwor
ICAgICAgICBpZiAoZXJybm8gfHwgKmVwICE9ICcuJyB8fCB1c2VyX3VpZCAhPSBsdiB8fCB1c2Vy
X3VpZCA9PSAodWlkX3QpLTEpIHsKKyAgICAgICAgICAgIGZwcmludGYoc3RkZXJyLCAiQ291bGQg
bm90IG9idGFpbiB1aWQgZnJvbSBcIiVzXCIiLCBvcHRhcmcpOworICAgICAgICAgICAgZXhpdCgx
KTsKKyAgICAgICAgfQorICAgICAgICBsdiA9IDA7CisgICAgICAgIHJjID0gcWVtdV9zdHJ0b3Vs
KGVwICsgMSwgMCwgMCwgJmx2KTsKKyAgICAgICAgdXNlcl9naWQgPSBsdjsgLyogb3ZlcmZsb3cg
aGVyZSBpcyBJRCBpbiBDOTkgKi8KKyAgICAgICAgaWYgKHJjIHx8IHVzZXJfZ2lkICE9IGx2IHx8
IHVzZXJfZ2lkID09IChnaWRfdCktMSkgeworICAgICAgICAgICAgZnByaW50ZihzdGRlcnIsICJD
b3VsZCBub3Qgb2J0YWluIGdpZCBmcm9tIFwiJXNcIiIsIG9wdGFyZyk7CisgICAgICAgICAgICBl
eGl0KDEpOworICAgICAgICB9CisgICAgICAgIGJyZWFrOwogICAgIGNhc2UgUUVNVV9PUFRJT05f
Y2hyb290OgogICAgICAgICBjaHJvb3RfZGlyID0gb3B0YXJnOwogICAgICAgICBicmVhazsKQEAg
LTE2NiwxNyArMTg3LDE5IEBAIHZvaWQgb3NfcGFyc2VfY21kX2FyZ3MoaW50IGluZGV4LCBjb25z
dCBjaGFyICpvcHRhcmcpCiAKIHN0YXRpYyB2b2lkIGNoYW5nZV9wcm9jZXNzX3VpZCh2b2lkKQog
ewotICAgIGlmICh1c2VyX3B3ZCkgewotICAgICAgICBpZiAoc2V0Z2lkKHVzZXJfcHdkLT5wd19n
aWQpIDwgMCkgeworICAgIGlmICh1c2VyX3B3ZCB8fCB1c2VyX3VpZCAhPSAodWlkX3QpLTEpIHsK
KyAgICAgICAgaWYgKHNldGdpZCh1c2VyX3B3ZCA/IHVzZXJfcHdkLT5wd19naWQgOiB1c2VyX2dp
ZCkgPCAwKSB7CiAgICAgICAgICAgICBmcHJpbnRmKHN0ZGVyciwgIkZhaWxlZCB0byBzZXRnaWQo
JWQpXG4iLCB1c2VyX3B3ZC0+cHdfZ2lkKTsKICAgICAgICAgICAgIGV4aXQoMSk7CiAgICAgICAg
IH0KLSAgICAgICAgaWYgKGluaXRncm91cHModXNlcl9wd2QtPnB3X25hbWUsIHVzZXJfcHdkLT5w
d19naWQpIDwgMCkgeworICAgICAgICBpZiAoKHVzZXJfcHdkCisgICAgICAgICAgICAgPyBpbml0
Z3JvdXBzKHVzZXJfcHdkLT5wd19uYW1lLCB1c2VyX3B3ZC0+cHdfZ2lkKQorICAgICAgICAgICAg
IDogc2V0Z3JvdXBzKDEsICZ1c2VyX2dpZCkpIDwgMCkgewogICAgICAgICAgICAgZnByaW50Zihz
dGRlcnIsICJGYWlsZWQgdG8gaW5pdGdyb3VwcyhcIiVzXCIsICVkKVxuIiwKICAgICAgICAgICAg
ICAgICAgICAgdXNlcl9wd2QtPnB3X25hbWUsIHVzZXJfcHdkLT5wd19naWQpOwogICAgICAgICAg
ICAgZXhpdCgxKTsKICAgICAgICAgfQotICAgICAgICBpZiAoc2V0dWlkKHVzZXJfcHdkLT5wd191
aWQpIDwgMCkgeworICAgICAgICBpZiAoc2V0dWlkKHVzZXJfcHdkID8gdXNlcl9wd2QtPnB3X3Vp
ZCA6IHVzZXJfZ2lkKSA8IDApIHsKICAgICAgICAgICAgIGZwcmludGYoc3RkZXJyLCAiRmFpbGVk
IHRvIHNldHVpZCglZClcbiIsIHVzZXJfcHdkLT5wd191aWQpOwogICAgICAgICAgICAgZXhpdCgx
KTsKICAgICAgICAgfQpkaWZmIC0tZ2l0IGEvcWVtdS1vcHRpb25zLmh4IGIvcWVtdS1vcHRpb25z
Lmh4CmluZGV4IDlmNmUyYWQuLjM0YTUzMjkgMTAwNjQ0Ci0tLSBhL3FlbXUtb3B0aW9ucy5oeAor
KysgYi9xZW11LW9wdGlvbnMuaHgKQEAgLTM5NjgsNiArMzk2OCwxOCBAQCBJbW1lZGlhdGVseSBi
ZWZvcmUgc3RhcnRpbmcgZ3Vlc3QgZXhlY3V0aW9uLCBkcm9wIHJvb3QgcHJpdmlsZWdlcywgc3dp
dGNoaW5nCiB0byB0aGUgc3BlY2lmaWVkIHVzZXIuCiBFVEVYSQogCisjaWZuZGVmIF9XSU4zMgor
REVGKCJydW5hc2lkIiwgSEFTX0FSRywgUUVNVV9PUFRJT05fcnVuYXNpZCwgXAorICAgICItcnVu
YXNpZCB1aWQuZ2lkICAgICBjaGFuZ2UgdG8gbnVtZXJpYyB1aWQgYW5kIGdpZCBqdXN0IGJlZm9y
ZSBzdGFydGluZyB0aGUgVk1cbiIsCisgICAgUUVNVV9BUkNIX0FMTCkKKyNlbmRpZgorU1RFWEkK
K0BpdGVtIC1ydW5hc2lkIEB2YXJ7dWlkfS5AdmFye2dpZH0KK0BmaW5kZXggLXJ1bmFzaWQKK0lt
bWVkaWF0ZWx5IGJlZm9yZSBzdGFydGluZyBndWVzdCBleGVjdXRpb24sIGRyb3Agcm9vdCBwcml2
aWxlZ2VzLCBzd2l0Y2hpbmcKK3RvIHRoZSBzcGVjaWZpZWQgdWlkIGFuZCBnaWQuCitFVEVYSQor
CiBERUYoInByb20tZW52IiwgSEFTX0FSRywgUUVNVV9PUFRJT05fcHJvbV9lbnYsCiAgICAgIi1w
cm9tLWVudiB2YXJpYWJsZT12YWx1ZVxuIgogICAgICIgICAgICAgICAgICAgICAgc2V0IE9wZW5C
SU9TIG52cmFtIHZhcmlhYmxlc1xuIiwKLS0gCjIuMS40CgoKX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWRldmVsIG1haWxpbmcgbGlzdApYZW4tZGV2
ZWxAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3RzLnhlbi5vcmcveGVuLWRldmVsCg==