1 /******************************************************************************* 2 3 Config extension to drop privileges. 4 5 Copyright: 6 Copyright (c) 2009-2016 dunnhumby Germany GmbH. 7 All rights reserved. 8 9 License: 10 Boost Software License Version 1.0. See LICENSE_BOOST.txt for details. 11 Alternatively, this file may be distributed under the terms of the Tango 12 3-Clause BSD License (see LICENSE_BSD.txt for details). 13 14 *******************************************************************************/ 15 16 module ocean.util.app.ext.DropPrivilegesExt; 17 18 19 import ocean.core.array.Mutation; 20 import ocean.meta.types.Qualifiers; 21 import ocean.core.TypeConvert: assumeUnique; 22 import ocean.text.util.StringC; 23 import ConfigFiller = ocean.util.config.ConfigFiller; 24 import ocean.util.app.ext.model.IConfigExtExtension; 25 import ocean.util.app.model.IApplicationExtension; 26 27 import core.stdc.errno; 28 import core.stdc..string; 29 import core.sys.posix.grp; 30 import core.sys.posix.pwd; 31 import core.sys.posix.unistd; 32 33 34 /******************************************************************************* 35 36 Config extension to drop privileges files. 37 38 User and group must be specified in the configfile under the PERMISSION 39 section. If root starts the program, it will drop privileges after 40 reading the config. If it is started with the configured user, 41 nothing happens. If it is started as a different user, it will exit 42 with an error. 43 44 Config example: 45 ---- 46 [PERMISSIONS] 47 user = john 48 group = john 49 ---- 50 51 *******************************************************************************/ 52 53 class DropPrivilegesExt : IConfigExtExtension 54 { 55 static class Config 56 { 57 /*********************************************************************** 58 59 User to run as, mandatory setting 60 61 ***********************************************************************/ 62 63 ConfigFiller.Required!(istring) user; 64 65 /*********************************************************************** 66 67 Group to run as, mandatory setting 68 69 ***********************************************************************/ 70 71 ConfigFiller.Required!(istring) group; 72 } 73 74 75 /*************************************************************************** 76 77 Extension order. This extension uses -5_000 because it should be 78 called pretty early, but after the ConfigExt extension. 79 80 Returns: 81 the extension order 82 83 ***************************************************************************/ 84 85 public override int order ( ) 86 { 87 return -5000; 88 } 89 90 91 /*************************************************************************** 92 93 Function executed before the program runs. 94 95 Params: 96 app = the application instance that will run 97 config = configuration instance to be filled 98 99 ***************************************************************************/ 100 101 override void processConfig ( IApplication app, ConfigParser config ) 102 { 103 auto conf = ConfigFiller.fill!(Config)("PERMISSIONS", config); 104 105 if ( conf.group() == "root" ) throw new Exception("Group can not be root!"); 106 if ( conf.user() == "root" ) throw new Exception("User can not be root!"); 107 108 setGroup(conf.group()); 109 setUser(conf.user()); 110 } 111 112 113 /*************************************************************************** 114 115 Change user permissions to usr 116 117 Params: 118 usr = User to become 119 120 ***************************************************************************/ 121 122 private void setUser ( istring usr ) 123 { 124 passwd* result; 125 passwd passwd_buf; 126 static mstring user_buf; 127 char[2048] buf; 128 129 user_buf.copy(usr); 130 auto res = getpwnam_r(StringC.toCString(user_buf), &passwd_buf, 131 buf.ptr, buf.length, &result); 132 133 if ( result == null ) 134 { 135 if ( res == 0 ) 136 { 137 throw new Exception("User " ~ usr ~ " not found!"); 138 } 139 else 140 { 141 char* err = strerror(res); 142 auto msg = "Error while getting user " ~ usr ~ 143 ": " ~ StringC.toDString(err); 144 throw new Exception(assumeUnique(msg)); 145 } 146 } 147 148 if ( result.pw_uid == geteuid() ) return; 149 150 res = setuid(result.pw_uid); 151 152 if ( res != 0 ) 153 { 154 char* err = strerror(errno()); 155 auto msg = "Failed to set process user id to " ~ usr 156 ~ ": " ~ StringC.toDString(err); 157 throw new Exception(assumeUnique(msg)); 158 } 159 } 160 161 162 /*************************************************************************** 163 164 Change group permissions to grp 165 166 Params: 167 grp = Group to become 168 169 ***************************************************************************/ 170 171 private void setGroup ( istring grp ) 172 { 173 group* result; 174 group group_buf; 175 static mstring grp_buf; 176 char[2048] buf; 177 178 grp_buf.copy(grp); 179 auto res = getgrnam_r(StringC.toCString(grp_buf), &group_buf, 180 buf.ptr, buf.length, &result); 181 182 if ( result == null ) 183 { 184 if ( res == 0 ) 185 { 186 throw new Exception("Group " ~ grp ~ " not found!"); 187 } 188 else 189 { 190 char* err = strerror(res); 191 auto msg = "Error while getting group " ~ grp ~ 192 ": " ~ StringC.toDString(err); 193 throw new Exception(assumeUnique(msg)); 194 } 195 } 196 197 if ( result.gr_gid == getegid() ) return; 198 199 res = setgid(result.gr_gid); 200 201 if ( res != 0 ) 202 { 203 char* err = strerror(errno()); 204 auto msg = "Failed to set process user group to " ~ grp 205 ~ ": " ~ StringC.toDString(err); 206 throw new Exception(assumeUnique(msg)); 207 } 208 } 209 210 /*************************************************************************** 211 212 Function executed before the configuration files are parsed. 213 Only present to satisfy the interface 214 215 Params: 216 app = application instance 217 config = configuration parser 218 219 ***************************************************************************/ 220 221 override void preParseConfig ( IApplication app, ConfigParser config ) {} 222 223 224 /*************************************************************************** 225 226 Function to filter the list of configuration files to parse. 227 Only present to satisfy the interface 228 229 Params: 230 app = application instance 231 config = configuration parser 232 files = current list of configuration files to parse 233 234 Returns: 235 new list of configuration files to parse 236 237 ***************************************************************************/ 238 239 override istring[] filterConfigFiles ( IApplication app, ConfigParser config, 240 istring[] files ) { return files; } 241 }