translation/Protocol: add packet MAPPED_UID_GID

CM4all · Nov 14, 2023 · 199ce13 · 199ce13
1 parent 3009890
commit 199ce13
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 0 deletions.
diff --git a/src/translation/Parser.cxx b/src/translation/Parser.cxx
@@ -952,6 +952,23 @@ TranslateParser::HandleUidGid(std::span<const std::byte> _payload)
 		uid_gid.groups[n_groups] = 0;
 }
 
+inline void
+TranslateParser::HandleMappedUidGid(std::span<const std::byte> payload)
+{
+	if (child_options == nullptr || child_options->uid_gid.uid == 0 ||
+	    ns_options == nullptr || !ns_options->enable_user)
+		throw std::runtime_error{"misplaced MAPPED_UID_GID packet"};
+
+	const auto *value = (const uint32_t *)(const void *)payload.data();
+	if (payload.size() != sizeof(*value) || *value <= 0)
+		throw std::runtime_error{"malformed MAPPED_UID_GID packet"};
+
+	if (ns_options->mapped_uid != 0)
+		throw std::runtime_error{"duplicate MAPPED_UID_GID packet"};
+
+	ns_options->mapped_uid = *value;
+}
+
 inline void
 TranslateParser::HandleUmask(std::span<const std::byte> payload)
 {
@@ -4020,6 +4037,10 @@ TranslateParser::HandleRegularPacket(TranslationCommand command,
 #else
 		break;
 #endif
+
+	case TranslationCommand::MAPPED_UID_GID:
+		HandleMappedUidGid(payload);
+		return;
 	}
 
 	throw FmtRuntimeError("unknown translation packet: {}", (unsigned)command);

diff --git a/src/translation/Parser.hxx b/src/translation/Parser.hxx
@@ -250,6 +250,7 @@ private:
 				 std::span<const std::byte> payload);
 
 	void HandleUidGid(std::span<const std::byte> payload);
+	void HandleMappedUidGid(std::span<const std::byte> payload);
 	void HandleUmask(std::span<const std::byte> payload);
 
 	void HandleCgroupSet(std::string_view payload);

diff --git a/src/translation/Protocol.hxx b/src/translation/Protocol.hxx
@@ -1212,6 +1212,15 @@ enum class TranslationCommand : uint16_t {
 	 * Limit file access to files beneath this directory.
 	 */
 	BENEATH = 253,
+
+	/**
+	 * Like #UID_GID, but these are the numbers visible inside the
+	 * user namespace.
+	 *
+	 * Currently, only the uid is implemented, therefore the
+	 * payload must be a 32-bit integer.
+	 */
+	MAPPED_UID_GID = 254,
 };
 
 struct TranslationHeader {

diff --git a/src/translation/server/Response.hxx b/src/translation/server/Response.hxx
@@ -1039,6 +1039,11 @@ public:
 			return *this;
 		}
 
+		auto MappedUid(const uint32_t &uid) noexcept {
+			response.PacketT(TranslationCommand::MAPPED_UID_GID, uid);
+			return *this;
+		}
+
 		auto Umask(uint16_t mask) noexcept {
 			response.PacketT(TranslationCommand::UMASK, mask);
 			return *this;