174 lines
4.3 KiB
Go
174 lines
4.3 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package users
|
|
|
|
import (
|
|
"fmt"
|
|
"net"
|
|
"os"
|
|
"os/user"
|
|
"strconv"
|
|
"sync"
|
|
|
|
"github.com/hashicorp/go-hclog"
|
|
"github.com/hashicorp/go-multierror"
|
|
)
|
|
|
|
var globalCache = newCache()
|
|
|
|
// Lookup returns the user.User entry associated with the given username.
|
|
//
|
|
// Values are cached up to 1 hour, or 1 minute for failure cases.
|
|
func Lookup(username string) (*user.User, error) {
|
|
return globalCache.GetUser(username)
|
|
}
|
|
|
|
// lock is used to serialize all user lookup at the process level, because
|
|
// some NSS implementations are not concurrency safe
|
|
var lock sync.Mutex
|
|
|
|
// internalLookupUser username while holding a global process lock.
|
|
func internalLookupUser(username string) (*user.User, error) {
|
|
lock.Lock()
|
|
defer lock.Unlock()
|
|
return user.Lookup(username)
|
|
}
|
|
|
|
// Current returns the current user, acquired while holding a global process
|
|
// lock.
|
|
func Current() (*user.User, error) {
|
|
lock.Lock()
|
|
defer lock.Unlock()
|
|
return user.Current()
|
|
}
|
|
|
|
// UIDforUser returns the UID for the specified username or returns an error.
|
|
//
|
|
// Will always fail on Windows and Plan 9.
|
|
func UIDforUser(username string) (int, error) {
|
|
u, err := Lookup(username)
|
|
if err != nil {
|
|
return 0, err
|
|
}
|
|
|
|
uid, err := strconv.Atoi(u.Uid)
|
|
if err != nil {
|
|
return 0, fmt.Errorf("error parsing uid: %w", err)
|
|
}
|
|
|
|
return uid, nil
|
|
}
|
|
|
|
// WriteFileFor is like os.WriteFile except if possible it chowns the file to
|
|
// the specified user (possibly from Task.User) and sets the permissions to
|
|
// 0o600.
|
|
//
|
|
// If chowning fails (either due to OS or Nomad being unprivileged), the file
|
|
// will be left world readable (0o666).
|
|
//
|
|
// On failure a multierror with both the original and fallback errors will be
|
|
// returned.
|
|
//
|
|
// See SocketFileFor if writing a unix socket file.
|
|
func WriteFileFor(path string, contents []byte, username string) error {
|
|
// Don't even bother trying to chown to an empty username
|
|
var origErr error
|
|
if username != "" {
|
|
origErr := writeFileFor(path, contents, username)
|
|
if origErr == nil {
|
|
// Success!
|
|
return nil
|
|
}
|
|
}
|
|
|
|
// Fallback to world readable
|
|
if err := os.WriteFile(path, contents, 0o666); err != nil {
|
|
if origErr != nil {
|
|
// Return both errors
|
|
return &multierror.Error{
|
|
Errors: []error{origErr, err},
|
|
}
|
|
} else {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func writeFileFor(path string, contents []byte, username string) error {
|
|
uid, err := UIDforUser(username)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := os.WriteFile(path, contents, 0o600); err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := os.Chown(path, uid, -1); err != nil {
|
|
// Delete the file so that the fallback method properly resets
|
|
// permissions.
|
|
_ = os.Remove(path)
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// SocketFileFor creates a unix domain socket file on the specified path and,
|
|
// if possible, makes it usable by only the specified user. Failing that it
|
|
// will leave the socket open to all users. Non-fatal errors are logged.
|
|
//
|
|
// See WriteFileFor if writing a regular file.
|
|
func SocketFileFor(logger hclog.Logger, path, username string) (net.Listener, error) {
|
|
if err := os.RemoveAll(path); err != nil {
|
|
logger.Warn("error removing socket", "path", path, "error", err)
|
|
}
|
|
|
|
udsln, err := net.Listen("unix", path)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if username != "" {
|
|
// Try to set perms on socket file to least privileges.
|
|
if err := setSocketOwner(path, username); err == nil {
|
|
// Success! Exit early
|
|
return udsln, nil
|
|
}
|
|
|
|
// This error is expected to always occur in some environments (Windows,
|
|
// non-root agents), so don't log above Trace.
|
|
logger.Trace("failed to set user on socket", "path", path, "user", username, "error", err)
|
|
}
|
|
|
|
// Opportunistic least privileges failed above, so make sure anyone can use
|
|
// the socket.
|
|
if err := os.Chmod(path, 0o666); err != nil {
|
|
logger.Warn("error setting socket permissions", "path", path, "error", err)
|
|
}
|
|
|
|
return udsln, nil
|
|
}
|
|
|
|
func setSocketOwner(path, username string) error {
|
|
uid, err := UIDforUser(username)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := os.Chown(path, uid, -1); err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := os.Chmod(path, 0o600); err != nil {
|
|
// Awkward situation that is hopefully impossible to reach where we could
|
|
// chown the socket but not change its mode.
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|