mirror of https://github.com/tailscale/tailscale/
ssh/tailssh,util: extract new osuser package from ssh code (#10170)
This package is a wrapper for os/user that handles non-cgo builds, gokrazy and user shells. Updates tailscale/corp#15405 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>pull/10163/head
parent
09de240934
commit
1fc1077052
@ -0,0 +1,139 @@
|
||||
// Copyright (c) Tailscale Inc & AUTHORS
|
||||
// SPDX-License-Identifier: BSD-3-Clause
|
||||
|
||||
// Package osuser implements OS user lookup. It's a wrapper around os/user that
|
||||
// works on non-cgo builds.
|
||||
package osuser
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"log"
|
||||
"os/exec"
|
||||
"os/user"
|
||||
"runtime"
|
||||
"strings"
|
||||
"time"
|
||||
"unicode/utf8"
|
||||
|
||||
"tailscale.com/version/distro"
|
||||
)
|
||||
|
||||
// LookupByUIDWithShell is like os/user.LookupId but handles a few edge cases
|
||||
// like gokrazy and non-cgo lookups, and returns the user shell. The user shell
|
||||
// lookup is best-effort and may be empty.
|
||||
func LookupByUIDWithShell(uid string) (u *user.User, shell string, err error) {
|
||||
return lookup(uid, user.LookupId, true)
|
||||
}
|
||||
|
||||
// LookupByUsernameWithShell is like os/user.Lookup but handles a few edge
|
||||
// cases like gokrazy and non-cgo lookups, and returns the user shell. The user
|
||||
// shell lookup is best-effort and may be empty.
|
||||
func LookupByUsernameWithShell(username string) (u *user.User, shell string, err error) {
|
||||
return lookup(username, user.Lookup, true)
|
||||
}
|
||||
|
||||
// LookupByUID is like os/user.LookupId but handles a few edge cases like
|
||||
// gokrazy and non-cgo lookups.
|
||||
func LookupByUID(uid string) (*user.User, error) {
|
||||
u, _, err := lookup(uid, user.LookupId, false)
|
||||
return u, err
|
||||
}
|
||||
|
||||
// LookupByUsername is like os/user.Lookup but handles a few edge cases like
|
||||
// gokrazy and non-cgo lookups.
|
||||
func LookupByUsername(username string) (*user.User, error) {
|
||||
u, _, err := lookup(username, user.Lookup, false)
|
||||
return u, err
|
||||
}
|
||||
|
||||
// lookupStd is either user.Lookup or user.LookupId.
|
||||
type lookupStd func(string) (*user.User, error)
|
||||
|
||||
func lookup(usernameOrUID string, std lookupStd, wantShell bool) (*user.User, string, error) {
|
||||
// TODO(awly): we should use genet on more platforms, like FreeBSD.
|
||||
if runtime.GOOS != "linux" {
|
||||
u, err := std(usernameOrUID)
|
||||
return u, "", err
|
||||
}
|
||||
|
||||
// No getent on Gokrazy. So hard-code the login shell.
|
||||
if distro.Get() == distro.Gokrazy {
|
||||
var shell string
|
||||
if wantShell {
|
||||
shell = "/tmp/serial-busybox/ash"
|
||||
}
|
||||
u, err := std(usernameOrUID)
|
||||
if err != nil {
|
||||
return &user.User{
|
||||
Uid: "0",
|
||||
Gid: "0",
|
||||
Username: "root",
|
||||
Name: "Gokrazy",
|
||||
HomeDir: "/",
|
||||
}, shell, nil
|
||||
}
|
||||
return u, shell, nil
|
||||
}
|
||||
|
||||
// Start with getent if caller wants to get the user shell.
|
||||
if wantShell {
|
||||
return userLookupGetent(usernameOrUID, std)
|
||||
}
|
||||
// If shell is not required, try os/user.Lookup* first and only use getent
|
||||
// if that fails. This avoids spawning a child process when os/user lookup
|
||||
// succeeds.
|
||||
if u, err := std(usernameOrUID); err == nil {
|
||||
return u, "", nil
|
||||
}
|
||||
return userLookupGetent(usernameOrUID, std)
|
||||
}
|
||||
|
||||
func checkGetentInput(usernameOrUID string) bool {
|
||||
maxUid := 32
|
||||
if runtime.GOOS == "linux" {
|
||||
maxUid = 256
|
||||
}
|
||||
if len(usernameOrUID) > maxUid || len(usernameOrUID) == 0 {
|
||||
return false
|
||||
}
|
||||
for _, r := range usernameOrUID {
|
||||
if r < ' ' || r == 0x7f || r == utf8.RuneError { // TODO(bradfitz): more?
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
// userLookupGetent uses "getent" to look up users so that even with static
|
||||
// tailscaled binaries without cgo (as we distribute), we can still look up
|
||||
// PAM/NSS users which the standard library's os/user without cgo won't get
|
||||
// (because of no libc hooks). If "getent" fails, userLookupGetent falls back
|
||||
// to the standard library.
|
||||
func userLookupGetent(usernameOrUID string, std lookupStd) (*user.User, string, error) {
|
||||
// Do some basic validation before passing this string to "getent", even though
|
||||
// getent should do its own validation.
|
||||
if !checkGetentInput(usernameOrUID) {
|
||||
return nil, "", errors.New("invalid username or UID")
|
||||
}
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
||||
defer cancel()
|
||||
out, err := exec.CommandContext(ctx, "getent", "passwd", usernameOrUID).Output()
|
||||
if err != nil {
|
||||
log.Printf("error calling getent for user %q: %v", usernameOrUID, err)
|
||||
u, err := std(usernameOrUID)
|
||||
return u, "", err
|
||||
}
|
||||
// output is "alice:x:1001:1001:Alice Smith,,,:/home/alice:/bin/bash"
|
||||
f := strings.SplitN(strings.TrimSpace(string(out)), ":", 10)
|
||||
for len(f) < 7 {
|
||||
f = append(f, "")
|
||||
}
|
||||
return &user.User{
|
||||
Username: f[0],
|
||||
Uid: f[2],
|
||||
Gid: f[3],
|
||||
Name: f[4],
|
||||
HomeDir: f[5],
|
||||
}, f[6], nil
|
||||
}
|
Loading…
Reference in New Issue