libauth: add procsetuser() function to change user id of the calling process

Provide a central function to change the user id
of the calling process.

This is mostly used by programs to become the none
user, followed by a call to newns().

6 files changed, 40 insertions, 2 deletions

diff --git a/sys/include/ape/auth.h b/sys/include/ape/auth.h
index eef5d90c1..02c61fd94 100644
--- a/sys/include/ape/auth.h
+++ b/sys/include/ape/auth.h
@@ -102,6 +102,8 @@ extern	int	amount(int, char*, int, char*);
 
 extern	int	login(char*, char*, char*);
 
+extern	int	procsetuser(char*);
+
 typedef struct Attr Attr;
 enum {
 	AttrNameval,		/* name=val -- when matching, must have name=val */
diff --git a/sys/include/auth.h b/sys/include/auth.h
index 8b350a64c..516205eb0 100644
--- a/sys/include/auth.h
+++ b/sys/include/auth.h
@@ -92,6 +92,8 @@ extern	int	amount(int, char*, int, char*);
 
 extern	int	login(char*, char*, char*);
 
+extern	int	procsetuser(char*);
+
 typedef struct Attr Attr;
 enum {
 	AttrNameval,		/* name=val -- when matching, must have name=val */
diff --git a/sys/man/2/auth b/sys/man/2/auth
index 739d5b965..1583d7bc1 100644
--- a/sys/man/2/auth
+++ b/sys/man/2/auth
@@ -1,6 +1,6 @@
 .TH AUTH 2
 .SH NAME
-amount, newns, addns, login, noworld, auth_proxy, fauth_proxy, auth_allocrpc, auth_freerpc, auth_rpc, auth_getkey, amount_getkey, auth_freeAI, auth_chuid, auth_challenge, auth_response, auth_freechal, auth_respond, auth_respondAI, auth_userpasswd, auth_getuserpasswd, auth_getinfo \- routines for authenticating users
+amount, newns, addns, login, noworld, procsetuser, auth_proxy, fauth_proxy, auth_allocrpc, auth_freerpc, auth_rpc, auth_getkey, amount_getkey, auth_freeAI, auth_chuid, auth_challenge, auth_response, auth_freechal, auth_respond, auth_respondAI, auth_userpasswd, auth_getuserpasswd, auth_getinfo \- routines for authenticating users
 .SH SYNOPSIS
 .nf
 .PP
@@ -27,6 +27,9 @@ int		login(char *user, char *password, char *namespace);
 int		noworld(char *user);
 .PP
 .B
+int		procsetuser(char *user);
+.PP
+.B
 AuthInfo*	auth_proxy(int fd, AuthGetkey *getkey, char *fmt, ...);
 .PP
 .B
@@ -130,7 +133,7 @@ and
 .IR amount .
 .PP
 .I Login
-changes the user id of the process
+changes the user id of the process to
 .I user
 and recreates the namespace using the file
 .I namespace
@@ -151,6 +154,15 @@ Otherwise, it returns 0.
 is used by telnetd and ftpd to provide sandboxed
 access for some users.
 .PP
+.I Procsetuser
+changes the user id of the process to
+.I user
+but keeps the namespace unchanged.
+Only hostowner can change the user to
+anything other than the
+.B none
+user.
+.PP
 The following routines use the
 .B AuthInfo
 structure returned after a successful authentication by
diff --git a/sys/src/ape/lib/auth/mkfile b/sys/src/ape/lib/auth/mkfile
index 4c292db38..a7a07ee87 100644
--- a/sys/src/ape/lib/auth/mkfile
+++ b/sys/src/ape/lib/auth/mkfile
@@ -18,6 +18,7 @@ OFILES=\
 	login.$O\
 	newns.$O\
 	noworld.$O\
+	procsetuser.$O\
 	passtokey.$O\
 
 HFILES=\
diff --git a/sys/src/libauth/mkfile b/sys/src/libauth/mkfile
index 2030db8f1..65505703e 100644
--- a/sys/src/libauth/mkfile
+++ b/sys/src/libauth/mkfile
@@ -17,6 +17,7 @@ OFILES=\
 	login.$O\
 	newns.$O\
 	noworld.$O\
+	procsetuser.$O\
 
 HFILES=\
 	/sys/include/auth.h\
diff --git a/sys/src/libauth/procsetuser.c b/sys/src/libauth/procsetuser.c
new file mode 100644
index 000000000..f9cac306b
--- /dev/null
+++ b/sys/src/libauth/procsetuser.c
@@ -0,0 +1,20 @@
+#include <u.h>
+#include <libc.h>
+#include <auth.h>
+
+int
+procsetuser(char *user)
+{
+	int fd, n;
+
+	fd = open("#c/user", OWRITE|OCEXEC);
+	if(fd < 0)
+		return -1;
+	n = strlen(user);
+	if(write(fd, user, n) != n){
+		close(fd);
+		return -1;
+	}
+	close(fd);
+	return 0;
+}