vmd(8): enable pause / unpause for vm owners

Patch from Mohamed Aslan.  Thanks!
ok kn@

3 files changed, 29 insertions, 8 deletions

diff --git a/usr.sbin/vmd/control.c b/usr.sbin/vmd/control.c
index 1a3aefe7d49..82693d6adc6 100644
--- a/usr.sbin/vmd/control.c
+++ b/usr.sbin/vmd/control.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: control.c,v 1.22 2017/09/08 06:24:31 mlarkin Exp $	*/
+/*	$OpenBSD: control.c,v 1.23 2018/05/13 22:48:11 pd Exp $	*/
 
 /*
  * Copyright (c) 2010-2015 Reyk Floeter <reyk@openbsd.org>
@@ -340,6 +340,8 @@ control_dispatch_imsg(int fd, short event, void *arg)
 		case IMSG_VMDOP_GET_INFO_VM_REQUEST:
 		case IMSG_VMDOP_TERMINATE_VM_REQUEST:
 		case IMSG_VMDOP_START_VM_REQUEST:
+		case IMSG_VMDOP_PAUSE_VM:
+		case IMSG_VMDOP_UNPAUSE_VM:
 			break;
 		default:
 			if (c->peercred.uid != 0) {
@@ -373,8 +375,6 @@ control_dispatch_imsg(int fd, short event, void *arg)
 			/* FALLTHROUGH */
 		case IMSG_VMDOP_RECEIVE_VM_REQUEST:
 		case IMSG_VMDOP_SEND_VM_REQUEST:
-		case IMSG_VMDOP_PAUSE_VM:
-		case IMSG_VMDOP_UNPAUSE_VM:
 		case IMSG_VMDOP_LOAD:
 		case IMSG_VMDOP_RELOAD:
 		case IMSG_CTL_RESET:
@@ -422,6 +422,21 @@ control_dispatch_imsg(int fd, short event, void *arg)
 				return;
 			}
 			break;
+		case IMSG_VMDOP_PAUSE_VM:
+		case IMSG_VMDOP_UNPAUSE_VM:
+			if (IMSG_DATA_SIZE(&imsg) < sizeof(vid))
+				goto fail;
+			memcpy(&vid, imsg.data, sizeof(vid));
+			vid.vid_uid = c->peercred.uid;
+			log_debug("%s id: %d, name: %s, uid: %d",
+			    __func__, vid.vid_id, vid.vid_name,
+			    vid.vid_uid);
+
+			if (proc_compose_imsg(ps, PROC_PARENT, -1,
+			    imsg.hdr.type, fd, imsg.fd,
+			    &vid, sizeof(vid)) == -1)
+				goto fail;
+			break;
 		default:
 			log_debug("%s: error handling imsg %d",
 			    __func__, imsg.hdr.type);
diff --git a/usr.sbin/vmd/vm.conf.5 b/usr.sbin/vmd/vm.conf.5
index 9119ac30d4d..60cae9c5ce2 100644
--- a/usr.sbin/vmd/vm.conf.5
+++ b/usr.sbin/vmd/vm.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: vm.conf.5,v 1.27 2018/01/03 05:39:56 ccardenas Exp $
+.\" $OpenBSD: vm.conf.5,v 1.28 2018/05/13 22:48:11 pd Exp $
 .\"
 .\" Copyright (c) 2015 Mike Larkin <mlarkin@openbsd.org>
 .\" Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: January 3 2018 $
+.Dd $Mdocdate: May 13 2018 $
 .Dt VM.CONF 5
 .Os
 .Sh NAME
@@ -206,7 +206,8 @@ Memory size of the VM, in bytes, rounded to megabytes.
 The default is 512M.
 .It Cm owner Ar user Ns Op : Ns Ar group
 Set the owner of the VM to the specified user or group.
-The owner will be allowed to start or stop the VM and open the VM's console.
+The owner will be allowed to start or stop the VM, pause or unpause the VM,
+and open the VM's console.
 .It Cm owner Pf : Ar group
 Set the owner to the specified group.
 .El
diff --git a/usr.sbin/vmd/vmd.c b/usr.sbin/vmd/vmd.c
index 0eea5d8e4d5..0aa3424208d 100644
--- a/usr.sbin/vmd/vmd.c
+++ b/usr.sbin/vmd/vmd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: vmd.c,v 1.84 2018/04/25 15:49:48 mlarkin Exp $	*/
+/*	$OpenBSD: vmd.c,v 1.85 2018/05/13 22:48:11 pd Exp $	*/
 
 /*
  * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@@ -186,11 +186,16 @@ vmd_dispatch_control(int fd, struct privsep_proc *p, struct imsg *imsg)
 			} else {
 				vid.vid_id = vm->vm_vmid;
 			}
-		} else if (vm_getbyid(vid.vid_id) == NULL) {
+		} else if ((vm = vm_getbyid(vid.vid_id)) == NULL) {
 			res = ENOENT;
 			cmd = IMSG_VMDOP_PAUSE_VM_RESPONSE;
 			break;
 		}
+		if (vm_checkperm(vm, vid.vid_uid) != 0) {
+			res = EPERM;
+			cmd = IMSG_VMDOP_PAUSE_VM_RESPONSE;
+			break;
+		}
 		proc_compose_imsg(ps, PROC_VMM, -1, imsg->hdr.type,
 		    imsg->hdr.peerid, -1, &vid, sizeof(vid));
 		break;