[PATCH 1/1] settings: add support to pass user and group by name

[Felix Moessbauer]

The downloader and suricatta webserver already allow to switch
the user / group before executing, which reduces the attack surface.
Currently, the userid / groupid of the new user need to be known
upfront and added to the configuration. This is tricky to achieve in
case the user / group is dynamically created or different across
systems.

To simplify this configuration, we add support to specify the user /
group by name. This setting is only active, if the userid (groupid) is
0 or unset.

Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
---
Note on testing: This patch has been tested on the isar-cip-core
layer with the following configuration:

suricatta :
{
user = "nobody";
group = "swupdate";
};

Best regards,
Felix Moessbauer
Siemens AG

corelib/swupdate_settings.c | 23 +++++++++++++++++++++++
examples/configuration/swupdate.cfg | 8 ++++++++
2 files changed, 31 insertions(+)

diff --git a/corelib/swupdate_settings.c b/corelib/swupdate_settings.c
index 681efb93..229fac9d 100644
--- a/corelib/swupdate_settings.c
+++ b/corelib/swupdate_settings.c
@@ -20,6 +20,8 @@
#include <errno.h>
#include <sys/stat.h>
#include <assert.h>
+#include <grp.h>
+#include <pwd.h>
#include "generated/autoconf.h"
#include "bsdqueue.h"
#include "util.h"
@@ -74,9 +76,30 @@ static int read_settings_file(config_t *cfg, const char *filename)
static int get_run_as(void *elem, void *data)
{
struct run_as *pid = (struct run_as *)data;
+ char tmp[SWUPDATE_GENERAL_STRING_SIZE] = "";
+ struct group *grp;
+ struct passwd *pwd;

GET_FIELD_INT(LIBCFG_PARSER, elem, "userid", (int *)&pid->userid);
GET_FIELD_INT(LIBCFG_PARSER, elem, "groupid", (int *)&pid->groupid);
+ if (!pid->groupid) {
+ GET_FIELD_STRING_RESET(LIBCFG_PARSER, elem, "group", tmp);
+ if (tmp[0] != '\0') {
+ grp = getgrnam(tmp);
+ if (grp) {
+ pid->groupid = grp->gr_gid;
+ }
+ }
+ }
+ if (!pid->userid) {
+ GET_FIELD_STRING_RESET(LIBCFG_PARSER, elem, "user", tmp);
+ if (tmp[0] != '\0') {
+ pwd = getpwnam(tmp);
+ if (pwd) {
+ pid->userid = pwd->pw_uid;
+ }
+ }
+ }

return 0;
}
diff --git a/examples/configuration/swupdate.cfg b/examples/configuration/swupdate.cfg
index adeec81f..f040155c 100644
--- a/examples/configuration/swupdate.cfg
+++ b/examples/configuration/swupdate.cfg
@@ -158,6 +158,10 @@ logcolors : {
# userID for Webserver process
# groupid : integer
# groupId for Webserver process
+# user : string
+# user name for Webserver process, only if userid is 0 or unset
+# group : string
+# group name for Webserver process, only if groupid is 0 or unset
# timeout : integer
# it is the number of seconds that can be accepted without
# receiving any packets. If it elapses, the connection is
@@ -228,6 +232,10 @@ identify : (
# userID for Webserver process
# groupid : integer
# groupId for Webserver process
+# user : string
+# user name for Webserver process, only if userid is 0 or unset
+# group : string
+# group name for Webserver process, only if groupid is 0 or unset
# enable : bool
# default=true
# If set to false, suricatta do not try to connect to the server
--
2.53.0

[Stefano Babic]

Hi Felix,

Reviewed-by : Stefano Babic <stefan...@swupdate.org>