diff options
| -rw-r--r-- | sys/include/ape/auth.h | 2 | ||||
| -rw-r--r-- | sys/include/auth.h | 2 | ||||
| -rw-r--r-- | sys/man/2/auth | 16 | ||||
| -rw-r--r-- | sys/src/ape/lib/auth/mkfile | 1 | ||||
| -rw-r--r-- | sys/src/libauth/mkfile | 1 | ||||
| -rw-r--r-- | sys/src/libauth/procsetuser.c | 20 |
6 files changed, 40 insertions, 2 deletions
diff --git a/sys/include/ape/auth.h b/sys/include/ape/auth.h index eef5d90c1..02c61fd94 100644 --- a/sys/include/ape/auth.h +++ b/sys/include/ape/auth.h @@ -102,6 +102,8 @@ extern int amount(int, char*, int, char*); extern int login(char*, char*, char*); +extern int procsetuser(char*); + typedef struct Attr Attr; enum { AttrNameval, /* name=val -- when matching, must have name=val */ diff --git a/sys/include/auth.h b/sys/include/auth.h index 8b350a64c..516205eb0 100644 --- a/sys/include/auth.h +++ b/sys/include/auth.h @@ -92,6 +92,8 @@ extern int amount(int, char*, int, char*); extern int login(char*, char*, char*); +extern int procsetuser(char*); + typedef struct Attr Attr; enum { AttrNameval, /* name=val -- when matching, must have name=val */ diff --git a/sys/man/2/auth b/sys/man/2/auth index 739d5b965..1583d7bc1 100644 --- a/sys/man/2/auth +++ b/sys/man/2/auth @@ -1,6 +1,6 @@ .TH AUTH 2 .SH NAME -amount, newns, addns, login, noworld, auth_proxy, fauth_proxy, auth_allocrpc, auth_freerpc, auth_rpc, auth_getkey, amount_getkey, auth_freeAI, auth_chuid, auth_challenge, auth_response, auth_freechal, auth_respond, auth_respondAI, auth_userpasswd, auth_getuserpasswd, auth_getinfo \- routines for authenticating users +amount, newns, addns, login, noworld, procsetuser, auth_proxy, fauth_proxy, auth_allocrpc, auth_freerpc, auth_rpc, auth_getkey, amount_getkey, auth_freeAI, auth_chuid, auth_challenge, auth_response, auth_freechal, auth_respond, auth_respondAI, auth_userpasswd, auth_getuserpasswd, auth_getinfo \- routines for authenticating users .SH SYNOPSIS .nf .PP @@ -27,6 +27,9 @@ int login(char *user, char *password, char *namespace); int noworld(char *user); .PP .B +int procsetuser(char *user); +.PP +.B AuthInfo* auth_proxy(int fd, AuthGetkey *getkey, char *fmt, ...); .PP .B @@ -130,7 +133,7 @@ and .IR amount . .PP .I Login -changes the user id of the process +changes the user id of the process to .I user and recreates the namespace using the file .I namespace @@ -151,6 +154,15 @@ Otherwise, it returns 0. is used by telnetd and ftpd to provide sandboxed access for some users. .PP +.I Procsetuser +changes the user id of the process to +.I user +but keeps the namespace unchanged. +Only hostowner can change the user to +anything other than the +.B none +user. +.PP The following routines use the .B AuthInfo structure returned after a successful authentication by diff --git a/sys/src/ape/lib/auth/mkfile b/sys/src/ape/lib/auth/mkfile index 4c292db38..a7a07ee87 100644 --- a/sys/src/ape/lib/auth/mkfile +++ b/sys/src/ape/lib/auth/mkfile @@ -18,6 +18,7 @@ OFILES=\ login.$O\ newns.$O\ noworld.$O\ + procsetuser.$O\ passtokey.$O\ HFILES=\ diff --git a/sys/src/libauth/mkfile b/sys/src/libauth/mkfile index 2030db8f1..65505703e 100644 --- a/sys/src/libauth/mkfile +++ b/sys/src/libauth/mkfile @@ -17,6 +17,7 @@ OFILES=\ login.$O\ newns.$O\ noworld.$O\ + procsetuser.$O\ HFILES=\ /sys/include/auth.h\ diff --git a/sys/src/libauth/procsetuser.c b/sys/src/libauth/procsetuser.c new file mode 100644 index 000000000..f9cac306b --- /dev/null +++ b/sys/src/libauth/procsetuser.c @@ -0,0 +1,20 @@ +#include <u.h> +#include <libc.h> +#include <auth.h> + +int +procsetuser(char *user) +{ + int fd, n; + + fd = open("#c/user", OWRITE|OCEXEC); + if(fd < 0) + return -1; + n = strlen(user); + if(write(fd, user, n) != n){ + close(fd); + return -1; + } + close(fd); + return 0; +} |