process: add get/set resuid

WenheLI · WenheLI · commit 3690aaa46da5 · 2021-10-23T21:05:51.000-04:00
This PR adds support for getresuid and setresuid for js side
diff --git a/doc/api/process.md b/doc/api/process.md
@@ -1966,6 +1966,36 @@ if (process.getuid) {
 This function is only available on POSIX platforms (i.e. not Windows or
 Android).
 
+## `process.getresuid()`
+
+<!-- YAML
+added: v18.0.0
+-->
+
+The `process.getresuid()` method returns an array with the real, effective,
+and saved user IDs.
+
+* Returns: {integer\[]}
+
+```mjs
+import process from 'process';
+
+if (process.getresuid) {
+  console.log(process.getresuid()); // [ 0, 0, 0 ]
+}
+```
+
+```cjs
+const process = require('process');
+
+if (process.getresuid) {
+  console.log(process.getresuid()); // [ 0, 0, 0 ]
+}
+```
+
+This function is only available on POSIX platforms (i.e. not Windows or
+Android).
+
 ## `process.hasUncaughtExceptionCaptureCallback()`
 
 <!-- YAML
@@ -3333,6 +3363,51 @@ This function is only available on POSIX platforms (i.e. not Windows or
 Android).
 This feature is not available in [`Worker`][] threads.
 
+## `process.setresuid(ruid, euid, suid)`
+
+<!-- YAML
+added: v18.0.0
+-->
+
+The `process.setresuid(ruid, euid, suid)` method sets the real, effective,
+and saved user IDs.
+
+* `ruid` {string|number} The real user ID
+* `euid` {string|number} The effective user ID
+* `suid` {string|number} The saved user ID
+
+```mjs
+import process from 'process';
+
+if (process.getresuid && process.setresuid) {
+  console.log(`Current ids: ${process.getresuid()[0]}`);
+  try {
+    process.setresuid(501, 501, 501);
+    console.log(`New ids: ${process.getresuid()}`);
+  } catch (err) {
+    console.log(`Failed to set ids: ${err}`);
+  }
+}
+```
+
+```cjs
+const process = require('process');
+
+if (process.getresuid && process.setresuid) {
+  console.log(`Current ids: ${process.getresuid()[0]}`);
+  try {
+    process.setresuid(501, 501, 501);
+    console.log(`New ids: ${process.getresuid()}`);
+  } catch (err) {
+    console.log(`Failed to set ids: ${err}`);
+  }
+}
+```
+
+This function is only available on POSIX platforms (i.e. not Windows or
+Android).
+This feature is not available in [`Worker`][] threads.
+
 ## `process.setSourceMapsEnabled(val)`
 
 <!-- YAML
diff --git a/lib/internal/bootstrap/node.js b/lib/internal/bootstrap/node.js
@@ -175,6 +175,7 @@ if (credentials.implementsPosixCredentials) {
   process.getgid = credentials.getgid;
   process.getegid = credentials.getegid;
   process.getgroups = credentials.getgroups;
+  process.getresuid = credentials.getresuid;
 }
 
 // Setup the callbacks that node::AsyncWrap will call when there are hooks to
diff --git a/lib/internal/bootstrap/switches/does_own_process_state.js b/lib/internal/bootstrap/switches/does_own_process_state.js
@@ -10,13 +10,14 @@ process.cwd = wrappedCwd;
 
 if (credentials.implementsPosixCredentials) {
   const wrapped = wrapPosixCredentialSetters(credentials);
-
+  
   process.initgroups = wrapped.initgroups;
   process.setgroups = wrapped.setgroups;
   process.setegid = wrapped.setegid;
   process.seteuid = wrapped.seteuid;
   process.setgid = wrapped.setgid;
   process.setuid = wrapped.setuid;
+  process.setresuid = wrapped.setresuid;
 }
 
 // ---- keep the attachment of the wrappers above so that it's easier to ----
@@ -45,7 +46,8 @@ function wrapPosixCredentialSetters(credentials) {
     setegid: _setegid,
     seteuid: _seteuid,
     setgid: _setgid,
-    setuid: _setuid
+    setuid: _setuid,
+    setresuid: _setresuid
   } = credentials;
 
   function initgroups(user, extraGroup) {
@@ -73,6 +75,37 @@ function wrapPosixCredentialSetters(credentials) {
     }
   }
 
+  function setresuid(ruid, euid, suid) {
+    const [oldRuid, oldEuid, oldSuid] = credentials.getresuid();
+    if (ruid === -1) ruid = oldRuid;
+    else {
+      validateId(ruid, 'ruid');
+      if (typeof ruid === 'number') ruid |= 0;
+    }
+
+    if (euid === -1) euid = oldEuid;
+    else {
+      validateId(euid, 'euid');
+      if (typeof euid === 'number') euid |= 0;
+    }
+
+    if (suid === -1) suid = oldSuid;
+    else {
+      validateId(suid, 'suid');
+      if (typeof suid === 'number') suid |= 0;
+    }
+
+    // Result is 0 on success, 0b1xxx if credential is unknown.
+    const result = _setresuid(ruid, euid, suid);
+    if (result >= 0b1000) {
+      const failures = [];
+      if (result & 0b0001) failures.push(ruid);
+      if (result & 0b0010) failures.push(euid);
+      if (result & 0b0100) failures.push(suid);
+      throw new ERR_UNKNOWN_CREDENTIAL('User', failures);
+    }
+  }
+
   function wrapIdSetter(type, method) {
     return function(id) {
       validateId(id, 'id');
@@ -96,6 +129,7 @@ function wrapPosixCredentialSetters(credentials) {
   return {
     initgroups,
     setgroups,
+    setresuid,
     setegid: wrapIdSetter('Group', _setegid),
     seteuid: wrapIdSetter('User', _seteuid),
     setgid: wrapIdSetter('Group', _setgid),
diff --git a/src/node_credentials.cc b/src/node_credentials.cc
@@ -375,6 +375,43 @@ static void SetGroups(const FunctionCallbackInfo<Value>& args) {
   args.GetReturnValue().Set(0);
 }
 
+static void GetRESUid(const FunctionCallbackInfo<Value>& args) {
+  Environment* env = Environment::GetCurrent(args);
+  CHECK(env->has_run_bootstrapping_code());
+  uid_t ruid, euid, suid;
+  getresuid(&ruid, &euid, &suid);
+  MaybeLocal<Value> array = ToV8Value(env->context(), std::vector<uid_t>{ruid, euid, suid});
+  args.GetReturnValue().Set(array.ToLocalChecked());
+}
+
+static void SetRESUid(const FunctionCallbackInfo<Value>& args) {
+  Environment* env = Environment::GetCurrent(args);
+  CHECK(env->owns_process_state());
+
+  CHECK_EQ(args.Length(), 3);
+  for (int i = 0; i < 3; i++) {
+    CHECK(args[i]->IsUint32() || args[i]->IsString());
+  }
+
+  uid_t ruid = uid_by_name(env->isolate(), args[0]);
+  uid_t euid = uid_by_name(env->isolate(), args[1]);
+  uid_t suid = uid_by_name(env->isolate(), args[2]);
+
+  if (ruid == uid_not_found || euid == uid_not_found ||
+      suid == uid_not_found) {
+    // Tells JS to throw ERR_INVALID_CREDENTIAL
+    int flag = 0b1000;
+    if (ruid == uid_not_found) flag |= 0b0001;
+    if (euid == uid_not_found) flag |= 0b0010;
+    if (suid == uid_not_found) flag |= 0b0100;
+    args.GetReturnValue().Set(flag);
+  } else if (setresuid(ruid, euid, suid)) {
+    env->ThrowErrnoException(errno, "setresuid");
+  } else {
+    args.GetReturnValue().Set(0);
+  }
+}
+
 static void InitGroups(const FunctionCallbackInfo<Value>& args) {
   Environment* env = Environment::GetCurrent(args);
 
@@ -429,6 +466,9 @@ void RegisterExternalReferences(ExternalReferenceRegistry* registry) {
   registry->Register(GetEGid);
   registry->Register(GetGroups);
 
+  registry->Register(SetRESUid);
+  registry->Register(GetRESUid);
+
   registry->Register(InitGroups);
   registry->Register(SetEGid);
   registry->Register(SetEUid);
@@ -454,6 +494,7 @@ static void Initialize(Local<Object> target,
   env->SetMethodNoSideEffect(target, "getgid", GetGid);
   env->SetMethodNoSideEffect(target, "getegid", GetEGid);
   env->SetMethodNoSideEffect(target, "getgroups", GetGroups);
+  env->SetMethodNoSideEffect(target, "getresuid", GetRESUid);
 
   if (env->owns_process_state()) {
     env->SetMethod(target, "initgroups", InitGroups);
@@ -462,6 +503,7 @@ static void Initialize(Local<Object> target,
     env->SetMethod(target, "setgid", SetGid);
     env->SetMethod(target, "setuid", SetUid);
     env->SetMethod(target, "setgroups", SetGroups);
+    env->SetMethod(target, "setresuid", SetRESUid);
   }
 #endif  // NODE_IMPLEMENTS_POSIX_CREDENTIALS
 }
diff --git a/test/parallel/test-process-uid-gid.js b/test/parallel/test-process-uid-gid.js
@@ -30,6 +30,8 @@ if (common.isWindows) {
   assert.strictEqual(process.getgid, undefined);
   assert.strictEqual(process.setuid, undefined);
   assert.strictEqual(process.setgid, undefined);
+  assert.strictEqual(process.getresuid, undefined);
+  assert.strictEqual(process.setresuid, undefined);
   return;
 }
 
@@ -51,6 +53,30 @@ assert.throws(() => {
   message: 'User identifier does not exist: fhqwhgadshgnsdhjsdbkhsdabkfabkveyb'
 });
 
+assert.throws(() => {
+  process.setresuid({}, 0, 0);
+}, {
+  code: 'ERR_INVALID_ARG_TYPE',
+  message: 'The "ruid" argument must be one of type ' +
+    'number or string. Received an instance of Object'
+});
+
+assert.throws(() => {
+  process.setresuid(0, {}, 0);
+}, {
+  code: 'ERR_INVALID_ARG_TYPE',
+  message: 'The "euid" argument must be one of type ' +
+    'number or string. Received an instance of Object'
+});
+
+assert.throws(() => {
+  process.setresuid(0, 0, {});
+}, {
+  code: 'ERR_INVALID_ARG_TYPE',
+  message: 'The "suid" argument must be one of type ' +
+    'number or string. Received an instance of Object'
+});
+
 // Passing -0 shouldn't crash the process
 // Refs: https://github.com/nodejs/node/issues/32750
 try { process.setuid(-0); } catch {}
@@ -63,6 +89,7 @@ if (process.getuid() !== 0) {
   // Should not throw.
   process.getgid();
   process.getuid();
+  process.getresuid();
 
   assert.throws(
     () => { process.setgid('nobody'); },
@@ -73,6 +100,11 @@ if (process.getuid() !== 0) {
     () => { process.setuid('nobody'); },
     /(?:EPERM, .+|User identifier does not exist: nobody)$/
   );
+
+  assert.throws(
+    () => { process.setresuid('nobody', 1, 2); },
+    /(?:EPERM, .+|Group identifier does not exist: \[ 'nobody' \])$/
+  );
   return;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -175,6 +175,7 @@ if (credentials.implementsPosixCredentials) {`
`175`	`175`	`process.getgid = credentials.getgid;`
`176`	`176`	`process.getegid = credentials.getegid;`
`177`	`177`	`process.getgroups = credentials.getgroups;`
	`178`	`+ process.getresuid = credentials.getresuid;`
`178`	`179`	`}`
`179`	`180`
`180`	`181`	`// Setup the callbacks that node::AsyncWrap will call when there are hooks to`