diff options
| author | Sean Whitton <spwhitton@spwhitton.name> | 2021-08-19 15:11:37 -0700 |
|---|---|---|
| committer | Sean Whitton <spwhitton@spwhitton.name> | 2021-09-09 11:19:43 -0700 |
| commit | a94d623ccc698501e8b0483203aa8b1155c57a9a (patch) | |
| tree | 5c5ee822ef5ef62c2c0d5900b71c3c69a30f5d14 /src/connection | |
| parent | 48c516a33dbd6a56e7082c498c62b888d9e12fb9 (diff) | |
| download | consfigurator-a94d623ccc698501e8b0483203aa8b1155c57a9a.tar.gz | |
:SETUID: use OSICAT:USER-INFO rather than parsing id(1) output
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
Diffstat (limited to 'src/connection')
| -rw-r--r-- | src/connection/setuid.lisp | 46 |
1 files changed, 21 insertions, 25 deletions
diff --git a/src/connection/setuid.lisp b/src/connection/setuid.lisp index f0e17d8..2bc3baa 100644 --- a/src/connection/setuid.lisp +++ b/src/connection/setuid.lisp @@ -24,31 +24,27 @@ (unless (and (lisp-connection-p) (zerop (nix:geteuid))) (error "~&SETUIDing requires a Lisp image running as root")) (informat 1 "~&SETUIDing to ~A" to) - (multiple-value-bind (match groups) - (re:scan-to-strings #?/uid=([0-9]+).+gid=([0-9]+)/ (run "id" to)) - (unless match - (error "Could not determine UID and GID of ~A" to)) - (let* ((uid (parse-integer (elt groups 0))) - (gid (parse-integer (elt groups 1))) - (home - ;; tilde expansion is POSIX - (ensure-directory-pathname (stripln (run (strcat "echo ~" to))))) - (xdg-cache-home - (ensure-directory-pathname - (stripln - ;; su(1) is not POSIX but very likely to be present. Note that - ;; the -c argument here is to the user's login shell, not the - ;; -c argument to su(1) on, e.g., FreeBSD. So should be fairly - ;; portable. - (mrun "su" to "-c" "echo ${XDG_CACHE_HOME:-$HOME/.cache}"))))) - (continue-connection - (make-instance - 'setuid-connection - :datadir (merge-pathnames "consfigurator/data/" xdg-cache-home) - :connattrs `(:remote-uid ,uid :remote-gid ,gid - :remote-user ,to :remote-home ,home - :XDG-CACHE-HOME ,xdg-cache-home)) - remaining)))) + (let* ((ent (osicat:user-info to)) + (xdg-cache-home + (ensure-directory-pathname + (stripln + ;; su(1) is not POSIX but very likely to be present. Note that + ;; the -c argument here is to the user's login shell, not the -c + ;; argument to su(1) on, e.g., FreeBSD. So should be fairly + ;; portable. + (mrun "su" (cdr (assoc :name ent)) + "-c" "echo ${XDG_CACHE_HOME:-$HOME/.cache}"))))) + (continue-connection + (make-instance + 'setuid-connection + :datadir (merge-pathnames "consfigurator/data/" xdg-cache-home) + :connattrs `(:remote-uid ,(cdr (assoc :user-id ent)) + :remote-gid ,(cdr (assoc :group-id ent)) + :remote-user ,(cdr (assoc :name ent)) + :remote-home ,(ensure-directory-pathname + (cdr (assoc :home ent))) + :XDG-CACHE-HOME ,xdg-cache-home)) + remaining))) (defmethod post-fork ((connection setuid-connection)) (let ((uid (connection-connattr connection :remote-uid)) |