From 7016f840f1193399f6ac59fab7faa721049229e8 Mon Sep 17 00:00:00 2001
From: John Estabrook <jestabro@vyos.io>
Date: Fri, 21 Jun 2024 21:55:47 -0500
Subject: configd: T6504: send sudo_user on session init and set env variable

The environment variable SUDO_USER is checked by system_login.py so as
to prevent deleting the current user. Provide from config session and
set within configd environment.
---
 src/services/vyos-configd | 10 +++++++---
 src/shim/vyshim.c         | 11 +++++++++++
 2 files changed, 18 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/services/vyos-configd b/src/services/vyos-configd
index c89c486e5..d92b539c8 100755
--- a/src/services/vyos-configd
+++ b/src/services/vyos-configd
@@ -179,8 +179,13 @@ def initialization(socket):
     pid_string = socket.recv().decode("utf-8", "ignore")
     resp = "pid"
     socket.send(resp.encode())
+    sudo_user_string = socket.recv().decode("utf-8", "ignore")
+    resp = "sudo_user"
+    socket.send(resp.encode())
 
     logger.debug(f"config session pid is {pid_string}")
+    logger.debug(f"config session sudo_user is {sudo_user_string}")
+
     try:
         session_out = os.readlink(f"/proc/{pid_string}/fd/1")
         session_mode = 'w'
@@ -192,6 +197,8 @@ def initialization(socket):
         session_out = script_stdout_log
         session_mode = 'a'
 
+    os.environ['SUDO_USER'] = sudo_user_string
+
     try:
         configsource = ConfigSourceString(running_config_text=active_string,
                                           session_config_text=session_string)
@@ -266,9 +273,6 @@ if __name__ == '__main__':
     cfg_group = grp.getgrnam(CFG_GROUP)
     os.setgid(cfg_group.gr_gid)
 
-    os.environ['SUDO_USER'] = 'vyos'
-    os.environ['SUDO_GID'] = str(cfg_group.gr_gid)
-
     def sig_handler(signum, frame):
         shutdown()
 
diff --git a/src/shim/vyshim.c b/src/shim/vyshim.c
index 41723e7a4..4d836127d 100644
--- a/src/shim/vyshim.c
+++ b/src/shim/vyshim.c
@@ -178,6 +178,13 @@ int initialization(void* Requester)
     strsep(&pid_val, "_");
     debug_print("config session pid: %s\n", pid_val);
 
+    char *sudo_user = getenv("SUDO_USER");
+    if (!sudo_user) {
+        char nobody[] = "nobody";
+        sudo_user = nobody;
+    }
+    debug_print("sudo_user is %s\n", sudo_user);
+
     debug_print("Sending init announcement\n");
     char *init_announce = mkjson(MKJSON_OBJ, 1,
                                  MKJSON_STRING, "type", "init");
@@ -240,6 +247,10 @@ int initialization(void* Requester)
     zmq_recv(Requester, buffer, 16, 0);
     debug_print("Received pid receipt\n");
 
+    debug_print("Sending config session sudo_user\n");
+    zmq_send(Requester, sudo_user, strlen(sudo_user), 0);
+    zmq_recv(Requester, buffer, 16, 0);
+    debug_print("Received sudo_user receipt\n");
 
     return 0;
 }
-- 
cgit v1.2.3