From 7cb4ddc0693e0e00bed384e1f4eae890de4de3ee Mon Sep 17 00:00:00 2001
From: Chalith Desaman <desaman.chalith@gmail.com>
Date: Mon, 19 Jul 2021 15:32:10 +0530
Subject: [PATCH] Adding a low previledged user for the hotpocket contract
 (#35)

---
 dependencies/user-install.sh   | 27 +++++++++++++++++----------
 dependencies/user-uninstall.sh | 19 ++++++++++++-------
 src/hp_manager.cpp             |  5 +----
 3 files changed, 30 insertions(+), 21 deletions(-)

diff --git a/dependencies/user-install.sh b/dependencies/user-install.sh
index 5ef281d..9fab454 100755
--- a/dependencies/user-install.sh
+++ b/dependencies/user-install.sh
@@ -17,6 +17,7 @@ fi
 prefix="sashi"
 suffix=$(date +%s%N) # Epoch nanoseconds
 user="$prefix$suffix"
+contract_user="$user-secuser"
 group="sashimonousers"
 cgroupsuffix="-cg"
 user_dir=/home/$user
@@ -44,6 +45,21 @@ loginctl enable-linger "$user" # Enable lingering to support rootless dockerd se
 chmod o-rwx "$user_dir"
 echo "Created '$user' user."
 
+# Creating a secondary user for the contract.
+# This is the respective host user for the child user of the sashimono user inside docker container.
+# Taking the uid and gid offsets.
+uoffset=$(grep "^$user:[0-9]\+:[0-9]\+$" /etc/subuid | cut -d: -f2)
+[ -z $uoffset ] && rollback "SUBUID_ERR"
+goffset=$(grep "^$user:[0-9]\+:[0-9]\+$" /etc/subgid | cut -d: -f2)
+[ -z $goffset ] && rollback "SUBGID_ERR"
+contract_host_uid=$(expr $uoffset + $contract_uid - 1)
+contract_host_gid=$(expr $goffset + $contract_gid - 1)
+
+groupadd -g "$contract_host_gid" "$contract_user"
+useradd --shell /usr/sbin/nologin -M -g "$contract_host_gid" -u "$contract_host_uid" "$contract_user"
+usermod --lock "$contract_user"
+echo "Created '$contract_user' contract user."
+
 user_id=$(id -u "$user")
 user_runtime_dir="/run/user/$user_id"
 dockerd_socket="unix://$user_runtime_dir/docker.sock"
@@ -86,22 +102,13 @@ echo "Installed rootless dockerd."
 
 echo "Adding hpfs services for the instance."
 
-# Taking the uid and gid offsets
-uoffset=$(grep "^$user:[0-9]\+:[0-9]\+$" /etc/subuid | cut -d: -f2)
-[ -z $uoffset ] && rollback "SUBUID_ERR"
-goffset=$(grep "^$user:[0-9]\+:[0-9]\+$" /etc/subgid | cut -d: -f2)
-[ -z $goffset ] && rollback "SUBGID_ERR"
-hpfs_uid=$(expr $uoffset + $contract_uid)
-hpfs_gid=$(expr $goffset + $contract_gid)
-
-# UGID will be passed to hpfs in next PBI, with resolving cgroup issue.
 echo "[Unit]
 Description=Running and monitoring contract fs.
 StartLimitIntervalSec=0
 [Service]
 Type=simple
 EnvironmentFile=-$user_dir/.serviceconf
-ExecStart=$script_dir/hpfs fs $user_dir/$contract_dir/contract_fs $user_dir/$contract_dir/contract_fs/mnt merge=\${HPFS_MERGE} ugid= trace=\${HPFS_TRACE}
+ExecStart=$script_dir/hpfs fs $user_dir/$contract_dir/contract_fs $user_dir/$contract_dir/contract_fs/mnt merge=\${HPFS_MERGE} ugid=$contract_host_uid:$contract_host_gid trace=\${HPFS_TRACE}
 Restart=on-failure
 RestartSec=5
 [Install]
diff --git a/dependencies/user-uninstall.sh b/dependencies/user-uninstall.sh
index 4778715..4c3676d 100755
--- a/dependencies/user-uninstall.sh
+++ b/dependencies/user-uninstall.sh
@@ -3,9 +3,10 @@
 # This is intended to be called by Sashimono agent or via the user-install script for rollback.
 
 user=$1
+contract_user="$user-secuser"
 # Check whether this is a valid sashimono username.
 prefix="sashi"
-[ ${#user} -lt 24 ] || [ ${#user} -gt 32 ] ||  [[ ! "$user" =~ ^$prefix[0-9]+$ ]] && echo "ARGS,UNINST_ERR" && exit 1
+[ ${#user} -lt 24 ] || [ ${#user} -gt 32 ] || [[ ! "$user" =~ ^$prefix[0-9]+$ ]] && echo "ARGS,UNINST_ERR" && exit 1
 cgroupsuffix="-cg"
 
 user_dir=/home/$user
@@ -16,10 +17,10 @@ docker_bin=$script_dir/dockerbin
 
 # Check if users exists.
 if [[ $(id -u "$user" 2>/dev/null || echo -1) -ge 0 ]]; then
-        :
+    :
 else
-        echo "NO_USER,UNINST_ERR"
-        exit 1
+    echo "NO_USER,UNINST_ERR"
+    exit 1
 fi
 
 echo "Uninstalling user '$user'."
@@ -46,9 +47,8 @@ sleep 0.5
 echo "Unmounting user filesystems."
 fsmounts=$(cat /proc/mounts | cut -d ' ' -f 2 | grep "/home/$user")
 readarray -t mntarr <<<"$fsmounts"
-for mnt in "${mntarr[@]}"
-do
-   [ -z "$mnt" ] || umount "$mnt"
+for mnt in "${mntarr[@]}"; do
+    [ -z "$mnt" ] || umount "$mnt"
 done
 
 # Force kill user processes.
@@ -73,9 +73,14 @@ cgdelete -g memory:$user$cgroupsuffix
 # Removing applied disk quota of the user before deleting.
 setquota -u -F vfsv0 "$user" 0 0 0 0 /
 
+echo "Deleting contract user '$contract_user'"
+userdel "$contract_user"
+
 echo "Deleting user '$user'"
 userdel "$user"
 rm -r /home/"${user:?}"
+# Even though we are creating a group specifically,
+# It'll be automatically deleted when we delete the user.
 
 [ -d /home/"$user" ] && echo "NOT_CLEAN,UNINST_ERR" && exit 1
 
diff --git a/src/hp_manager.cpp b/src/hp_manager.cpp
index 9ef6683..ed734a5 100644
--- a/src/hp_manager.cpp
+++ b/src/hp_manager.cpp
@@ -562,10 +562,7 @@ namespace hp
         d["node"]["public_key"] = pubkey_hex;
         d["node"]["private_key"] = util::to_hex(seckey);
         d["contract"]["id"] = contract_id;
-        
-        // Contract UGID will be passed to hpcore in next PBI, with resolving cgroup issue.
-        // d["contract"]["run_as"] = contract_ugid.to_string();
-        
+        d["contract"]["run_as"] = contract_ugid.to_string();
         jsoncons::ojson unl(jsoncons::json_array_arg);
         unl.push_back(util::to_hex(pubkey));
         d["contract"]["unl"] = unl;