]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
1604937f LP |
2 | |
3 | #include <getopt.h> | |
4 | #include <utmp.h> | |
5 | ||
6 | #include "dirent-util.h" | |
7 | #include "errno-list.h" | |
8 | #include "fd-util.h" | |
9 | #include "format-table.h" | |
10 | #include "format-util.h" | |
1604937f LP |
11 | #include "main-func.h" |
12 | #include "pager.h" | |
c3470872 | 13 | #include "parse-argument.h" |
1604937f LP |
14 | #include "parse-util.h" |
15 | #include "pretty-print.h" | |
16 | #include "socket-util.h" | |
17 | #include "strv.h" | |
18 | #include "terminal-util.h" | |
19 | #include "user-record-show.h" | |
20 | #include "user-util.h" | |
21 | #include "userdb.h" | |
22 | #include "verbs.h" | |
23 | ||
24 | static enum { | |
25 | OUTPUT_CLASSIC, | |
26 | OUTPUT_TABLE, | |
27 | OUTPUT_FRIENDLY, | |
28 | OUTPUT_JSON, | |
2d93c20e | 29 | _OUTPUT_INVALID = -EINVAL, |
1604937f LP |
30 | } arg_output = _OUTPUT_INVALID; |
31 | ||
32 | static PagerFlags arg_pager_flags = 0; | |
33 | static bool arg_legend = true; | |
34 | static char** arg_services = NULL; | |
35 | static UserDBFlags arg_userdb_flags = 0; | |
36 | ||
37 | STATIC_DESTRUCTOR_REGISTER(arg_services, strv_freep); | |
38 | ||
39 | static int show_user(UserRecord *ur, Table *table) { | |
40 | int r; | |
41 | ||
42 | assert(ur); | |
43 | ||
44 | switch (arg_output) { | |
45 | ||
46 | case OUTPUT_CLASSIC: | |
47 | if (!uid_is_valid(ur->uid)) | |
48 | break; | |
49 | ||
50 | printf("%s:x:" UID_FMT ":" GID_FMT ":%s:%s:%s\n", | |
51 | ur->user_name, | |
52 | ur->uid, | |
53 | user_record_gid(ur), | |
54 | strempty(user_record_real_name(ur)), | |
55 | user_record_home_directory(ur), | |
56 | user_record_shell(ur)); | |
57 | ||
58 | break; | |
59 | ||
60 | case OUTPUT_JSON: | |
61 | json_variant_dump(ur->json, JSON_FORMAT_COLOR_AUTO|JSON_FORMAT_PRETTY, NULL, 0); | |
62 | break; | |
63 | ||
64 | case OUTPUT_FRIENDLY: | |
65 | user_record_show(ur, true); | |
66 | ||
67 | if (ur->incomplete) { | |
68 | fflush(stdout); | |
69 | log_warning("Warning: lacking rights to acquire privileged fields of user record of '%s', output incomplete.", ur->user_name); | |
70 | } | |
71 | ||
72 | break; | |
73 | ||
74 | case OUTPUT_TABLE: | |
75 | assert(table); | |
76 | ||
77 | r = table_add_many( | |
78 | table, | |
79 | TABLE_STRING, ur->user_name, | |
80 | TABLE_STRING, user_disposition_to_string(user_record_disposition(ur)), | |
81 | TABLE_UID, ur->uid, | |
82 | TABLE_GID, user_record_gid(ur), | |
83 | TABLE_STRING, empty_to_null(ur->real_name), | |
84 | TABLE_STRING, user_record_home_directory(ur), | |
85 | TABLE_STRING, user_record_shell(ur), | |
86 | TABLE_INT, (int) user_record_disposition(ur)); | |
87 | if (r < 0) | |
f987a261 | 88 | return table_log_add_error(r); |
1604937f LP |
89 | |
90 | break; | |
91 | ||
92 | default: | |
93 | assert_not_reached("Unexpected output mode"); | |
94 | } | |
95 | ||
96 | return 0; | |
97 | } | |
98 | ||
99 | static int display_user(int argc, char *argv[], void *userdata) { | |
100 | _cleanup_(table_unrefp) Table *table = NULL; | |
101 | bool draw_separator = false; | |
102 | int ret = 0, r; | |
103 | ||
104 | if (arg_output < 0) | |
105 | arg_output = argc > 1 ? OUTPUT_FRIENDLY : OUTPUT_TABLE; | |
106 | ||
107 | if (arg_output == OUTPUT_TABLE) { | |
108 | table = table_new("name", "disposition", "uid", "gid", "realname", "home", "shell", "disposition-numeric"); | |
109 | if (!table) | |
110 | return log_oom(); | |
111 | ||
112 | (void) table_set_align_percent(table, table_get_cell(table, 0, 2), 100); | |
113 | (void) table_set_align_percent(table, table_get_cell(table, 0, 3), 100); | |
114 | (void) table_set_empty_string(table, "-"); | |
ef1e0b9a YW |
115 | (void) table_set_sort(table, (size_t) 7, (size_t) 2); |
116 | (void) table_set_display(table, (size_t) 0, (size_t) 1, (size_t) 2, (size_t) 3, (size_t) 4, (size_t) 5, (size_t) 6); | |
1604937f LP |
117 | } |
118 | ||
119 | if (argc > 1) { | |
120 | char **i; | |
121 | ||
122 | STRV_FOREACH(i, argv + 1) { | |
123 | _cleanup_(user_record_unrefp) UserRecord *ur = NULL; | |
124 | uid_t uid; | |
125 | ||
126 | if (parse_uid(*i, &uid) >= 0) | |
127 | r = userdb_by_uid(uid, arg_userdb_flags, &ur); | |
128 | else | |
129 | r = userdb_by_name(*i, arg_userdb_flags, &ur); | |
130 | if (r < 0) { | |
131 | if (r == -ESRCH) | |
132 | log_error_errno(r, "User %s does not exist.", *i); | |
133 | else if (r == -EHOSTDOWN) | |
134 | log_error_errno(r, "Selected user database service is not available for this request."); | |
135 | else | |
136 | log_error_errno(r, "Failed to find user %s: %m", *i); | |
137 | ||
138 | if (ret >= 0) | |
139 | ret = r; | |
140 | } else { | |
141 | if (draw_separator && arg_output == OUTPUT_FRIENDLY) | |
142 | putchar('\n'); | |
143 | ||
144 | r = show_user(ur, table); | |
145 | if (r < 0) | |
146 | return r; | |
147 | ||
148 | draw_separator = true; | |
149 | } | |
150 | } | |
151 | } else { | |
152 | _cleanup_(userdb_iterator_freep) UserDBIterator *iterator = NULL; | |
153 | ||
154 | r = userdb_all(arg_userdb_flags, &iterator); | |
155 | if (r < 0) | |
156 | return log_error_errno(r, "Failed to enumerate users: %m"); | |
157 | ||
158 | for (;;) { | |
159 | _cleanup_(user_record_unrefp) UserRecord *ur = NULL; | |
160 | ||
161 | r = userdb_iterator_get(iterator, &ur); | |
162 | if (r == -ESRCH) | |
163 | break; | |
164 | if (r == -EHOSTDOWN) | |
165 | return log_error_errno(r, "Selected user database service is not available for this request."); | |
166 | if (r < 0) | |
167 | return log_error_errno(r, "Failed acquire next user: %m"); | |
168 | ||
169 | if (draw_separator && arg_output == OUTPUT_FRIENDLY) | |
170 | putchar('\n'); | |
171 | ||
172 | r = show_user(ur, table); | |
173 | if (r < 0) | |
174 | return r; | |
175 | ||
176 | draw_separator = true; | |
177 | } | |
178 | } | |
179 | ||
180 | if (table) { | |
181 | r = table_print(table, NULL); | |
182 | if (r < 0) | |
4b6607d9 | 183 | return table_log_print_error(r); |
1604937f LP |
184 | } |
185 | ||
186 | return ret; | |
187 | } | |
188 | ||
189 | static int show_group(GroupRecord *gr, Table *table) { | |
190 | int r; | |
191 | ||
192 | assert(gr); | |
193 | ||
194 | switch (arg_output) { | |
195 | ||
196 | case OUTPUT_CLASSIC: { | |
197 | _cleanup_free_ char *m = NULL; | |
198 | ||
199 | if (!gid_is_valid(gr->gid)) | |
200 | break; | |
201 | ||
202 | m = strv_join(gr->members, ","); | |
203 | if (!m) | |
204 | return log_oom(); | |
205 | ||
206 | printf("%s:x:" GID_FMT ":%s\n", | |
207 | gr->group_name, | |
208 | gr->gid, | |
209 | m); | |
210 | break; | |
211 | } | |
212 | ||
213 | case OUTPUT_JSON: | |
214 | json_variant_dump(gr->json, JSON_FORMAT_COLOR_AUTO|JSON_FORMAT_PRETTY, NULL, 0); | |
215 | break; | |
216 | ||
217 | case OUTPUT_FRIENDLY: | |
218 | group_record_show(gr, true); | |
219 | ||
220 | if (gr->incomplete) { | |
221 | fflush(stdout); | |
222 | log_warning("Warning: lacking rights to acquire privileged fields of group record of '%s', output incomplete.", gr->group_name); | |
223 | } | |
224 | ||
225 | break; | |
226 | ||
227 | case OUTPUT_TABLE: | |
228 | assert(table); | |
229 | ||
230 | r = table_add_many( | |
231 | table, | |
232 | TABLE_STRING, gr->group_name, | |
233 | TABLE_STRING, user_disposition_to_string(group_record_disposition(gr)), | |
234 | TABLE_GID, gr->gid, | |
0bb43080 | 235 | TABLE_STRING, gr->description, |
1604937f LP |
236 | TABLE_INT, (int) group_record_disposition(gr)); |
237 | if (r < 0) | |
f987a261 | 238 | return table_log_add_error(r); |
1604937f LP |
239 | |
240 | break; | |
241 | ||
242 | default: | |
162392b7 | 243 | assert_not_reached("Unexpected display mode"); |
1604937f LP |
244 | } |
245 | ||
246 | return 0; | |
247 | } | |
248 | ||
249 | ||
250 | static int display_group(int argc, char *argv[], void *userdata) { | |
251 | _cleanup_(table_unrefp) Table *table = NULL; | |
252 | bool draw_separator = false; | |
253 | int ret = 0, r; | |
254 | ||
255 | if (arg_output < 0) | |
256 | arg_output = argc > 1 ? OUTPUT_FRIENDLY : OUTPUT_TABLE; | |
257 | ||
258 | if (arg_output == OUTPUT_TABLE) { | |
0bb43080 | 259 | table = table_new("name", "disposition", "gid", "description", "disposition-numeric"); |
1604937f LP |
260 | if (!table) |
261 | return log_oom(); | |
262 | ||
263 | (void) table_set_align_percent(table, table_get_cell(table, 0, 2), 100); | |
0bb43080 | 264 | (void) table_set_empty_string(table, "-"); |
ef1e0b9a YW |
265 | (void) table_set_sort(table, (size_t) 3, (size_t) 2); |
266 | (void) table_set_display(table, (size_t) 0, (size_t) 1, (size_t) 2, (size_t) 3); | |
1604937f LP |
267 | } |
268 | ||
269 | if (argc > 1) { | |
270 | char **i; | |
271 | ||
272 | STRV_FOREACH(i, argv + 1) { | |
273 | _cleanup_(group_record_unrefp) GroupRecord *gr = NULL; | |
274 | gid_t gid; | |
275 | ||
276 | if (parse_gid(*i, &gid) >= 0) | |
277 | r = groupdb_by_gid(gid, arg_userdb_flags, &gr); | |
278 | else | |
279 | r = groupdb_by_name(*i, arg_userdb_flags, &gr); | |
280 | if (r < 0) { | |
281 | if (r == -ESRCH) | |
282 | log_error_errno(r, "Group %s does not exist.", *i); | |
283 | else if (r == -EHOSTDOWN) | |
284 | log_error_errno(r, "Selected group database service is not available for this request."); | |
285 | else | |
286 | log_error_errno(r, "Failed to find group %s: %m", *i); | |
287 | ||
288 | if (ret >= 0) | |
289 | ret = r; | |
290 | } else { | |
291 | if (draw_separator && arg_output == OUTPUT_FRIENDLY) | |
292 | putchar('\n'); | |
293 | ||
294 | r = show_group(gr, table); | |
295 | if (r < 0) | |
296 | return r; | |
297 | ||
298 | draw_separator = true; | |
299 | } | |
300 | } | |
301 | ||
302 | } else { | |
303 | _cleanup_(userdb_iterator_freep) UserDBIterator *iterator = NULL; | |
304 | ||
305 | r = groupdb_all(arg_userdb_flags, &iterator); | |
306 | if (r < 0) | |
307 | return log_error_errno(r, "Failed to enumerate groups: %m"); | |
308 | ||
309 | for (;;) { | |
310 | _cleanup_(group_record_unrefp) GroupRecord *gr = NULL; | |
311 | ||
312 | r = groupdb_iterator_get(iterator, &gr); | |
313 | if (r == -ESRCH) | |
314 | break; | |
315 | if (r == -EHOSTDOWN) | |
316 | return log_error_errno(r, "Selected group database service is not available for this request."); | |
317 | if (r < 0) | |
318 | return log_error_errno(r, "Failed acquire next group: %m"); | |
319 | ||
320 | if (draw_separator && arg_output == OUTPUT_FRIENDLY) | |
321 | putchar('\n'); | |
322 | ||
323 | r = show_group(gr, table); | |
324 | if (r < 0) | |
325 | return r; | |
326 | ||
327 | draw_separator = true; | |
328 | } | |
329 | ||
330 | } | |
331 | ||
332 | if (table) { | |
333 | r = table_print(table, NULL); | |
334 | if (r < 0) | |
4b6607d9 | 335 | return table_log_print_error(r); |
1604937f LP |
336 | } |
337 | ||
338 | return ret; | |
339 | } | |
340 | ||
341 | static int show_membership(const char *user, const char *group, Table *table) { | |
342 | int r; | |
343 | ||
344 | assert(user); | |
345 | assert(group); | |
346 | ||
347 | switch (arg_output) { | |
348 | ||
349 | case OUTPUT_CLASSIC: | |
350 | /* Strictly speaking there's no 'classic' output for this concept, but let's output it in | |
351 | * similar style to the classic output for user/group info */ | |
352 | ||
353 | printf("%s:%s\n", user, group); | |
354 | break; | |
355 | ||
356 | case OUTPUT_JSON: { | |
357 | _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; | |
358 | ||
359 | r = json_build(&v, JSON_BUILD_OBJECT( | |
360 | JSON_BUILD_PAIR("user", JSON_BUILD_STRING(user)), | |
361 | JSON_BUILD_PAIR("group", JSON_BUILD_STRING(group)))); | |
362 | if (r < 0) | |
363 | return log_error_errno(r, "Failed to build JSON object: %m"); | |
364 | ||
365 | json_variant_dump(v, JSON_FORMAT_PRETTY|JSON_FORMAT_COLOR_AUTO, NULL, NULL); | |
366 | break; | |
367 | } | |
368 | ||
369 | case OUTPUT_FRIENDLY: | |
370 | /* Hmm, this is not particularly friendly, but not sure how we could do this better */ | |
371 | printf("%s: %s\n", group, user); | |
372 | break; | |
373 | ||
374 | case OUTPUT_TABLE: | |
375 | assert(table); | |
376 | ||
377 | r = table_add_many( | |
378 | table, | |
379 | TABLE_STRING, user, | |
380 | TABLE_STRING, group); | |
381 | if (r < 0) | |
f987a261 | 382 | return table_log_add_error(r); |
1604937f LP |
383 | |
384 | break; | |
385 | ||
386 | default: | |
387 | assert_not_reached("Unexpected output mode"); | |
388 | } | |
389 | ||
390 | return 0; | |
391 | } | |
392 | ||
393 | static int display_memberships(int argc, char *argv[], void *userdata) { | |
394 | _cleanup_(table_unrefp) Table *table = NULL; | |
395 | int ret = 0, r; | |
396 | ||
397 | if (arg_output < 0) | |
398 | arg_output = OUTPUT_TABLE; | |
399 | ||
400 | if (arg_output == OUTPUT_TABLE) { | |
401 | table = table_new("user", "group"); | |
402 | if (!table) | |
403 | return log_oom(); | |
404 | ||
ef1e0b9a | 405 | (void) table_set_sort(table, (size_t) 0, (size_t) 1); |
1604937f LP |
406 | } |
407 | ||
408 | if (argc > 1) { | |
409 | char **i; | |
410 | ||
411 | STRV_FOREACH(i, argv + 1) { | |
412 | _cleanup_(userdb_iterator_freep) UserDBIterator *iterator = NULL; | |
413 | ||
414 | if (streq(argv[0], "users-in-group")) { | |
415 | r = membershipdb_by_group(*i, arg_userdb_flags, &iterator); | |
416 | if (r < 0) | |
417 | return log_error_errno(r, "Failed to enumerate users in group: %m"); | |
418 | } else if (streq(argv[0], "groups-of-user")) { | |
419 | r = membershipdb_by_user(*i, arg_userdb_flags, &iterator); | |
420 | if (r < 0) | |
421 | return log_error_errno(r, "Failed to enumerate groups of user: %m"); | |
422 | } else | |
423 | assert_not_reached("Unexpected verb"); | |
424 | ||
425 | for (;;) { | |
426 | _cleanup_free_ char *user = NULL, *group = NULL; | |
427 | ||
428 | r = membershipdb_iterator_get(iterator, &user, &group); | |
429 | if (r == -ESRCH) | |
430 | break; | |
431 | if (r == -EHOSTDOWN) | |
432 | return log_error_errno(r, "Selected membership database service is not available for this request."); | |
433 | if (r < 0) | |
434 | return log_error_errno(r, "Failed acquire next membership: %m"); | |
435 | ||
436 | r = show_membership(user, group, table); | |
437 | if (r < 0) | |
438 | return r; | |
439 | } | |
440 | } | |
441 | } else { | |
442 | _cleanup_(userdb_iterator_freep) UserDBIterator *iterator = NULL; | |
443 | ||
444 | r = membershipdb_all(arg_userdb_flags, &iterator); | |
445 | if (r < 0) | |
446 | return log_error_errno(r, "Failed to enumerate memberships: %m"); | |
447 | ||
448 | for (;;) { | |
449 | _cleanup_free_ char *user = NULL, *group = NULL; | |
450 | ||
451 | r = membershipdb_iterator_get(iterator, &user, &group); | |
452 | if (r == -ESRCH) | |
453 | break; | |
454 | if (r == -EHOSTDOWN) | |
455 | return log_error_errno(r, "Selected membership database service is not available for this request."); | |
456 | if (r < 0) | |
457 | return log_error_errno(r, "Failed acquire next membership: %m"); | |
458 | ||
459 | r = show_membership(user, group, table); | |
460 | if (r < 0) | |
461 | return r; | |
462 | } | |
463 | } | |
464 | ||
465 | if (table) { | |
466 | r = table_print(table, NULL); | |
467 | if (r < 0) | |
4b6607d9 | 468 | return table_log_print_error(r); |
1604937f LP |
469 | } |
470 | ||
471 | return ret; | |
472 | } | |
473 | ||
474 | static int display_services(int argc, char *argv[], void *userdata) { | |
475 | _cleanup_(table_unrefp) Table *t = NULL; | |
476 | _cleanup_(closedirp) DIR *d = NULL; | |
477 | struct dirent *de; | |
478 | int r; | |
479 | ||
480 | d = opendir("/run/systemd/userdb/"); | |
481 | if (!d) { | |
482 | if (errno == ENOENT) { | |
483 | log_info("No services."); | |
484 | return 0; | |
485 | } | |
486 | ||
487 | return log_error_errno(errno, "Failed to open /run/systemd/userdb/: %m"); | |
488 | } | |
489 | ||
490 | t = table_new("service", "listening"); | |
491 | if (!t) | |
492 | return log_oom(); | |
493 | ||
ef1e0b9a | 494 | (void) table_set_sort(t, (size_t) 0); |
1604937f LP |
495 | |
496 | FOREACH_DIRENT(de, d, return -errno) { | |
497 | _cleanup_free_ char *j = NULL, *no = NULL; | |
498 | union sockaddr_union sockaddr; | |
f36a9d59 | 499 | socklen_t sockaddr_len; |
1604937f LP |
500 | _cleanup_close_ int fd = -1; |
501 | ||
502 | j = path_join("/run/systemd/userdb/", de->d_name); | |
503 | if (!j) | |
504 | return log_oom(); | |
505 | ||
506 | r = sockaddr_un_set_path(&sockaddr.un, j); | |
507 | if (r < 0) | |
508 | return log_error_errno(r, "Path %s does not fit in AF_UNIX socket address: %m", j); | |
f36a9d59 | 509 | sockaddr_len = r; |
1604937f LP |
510 | |
511 | fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0); | |
512 | if (fd < 0) | |
513 | return log_error_errno(r, "Failed to allocate AF_UNIX/SOCK_STREAM socket: %m"); | |
514 | ||
f36a9d59 | 515 | if (connect(fd, &sockaddr.un, sockaddr_len) < 0) { |
1604937f LP |
516 | no = strjoin("No (", errno_to_name(errno), ")"); |
517 | if (!no) | |
518 | return log_oom(); | |
519 | } | |
520 | ||
521 | r = table_add_many(t, | |
522 | TABLE_STRING, de->d_name, | |
523 | TABLE_STRING, no ?: "yes", | |
524 | TABLE_SET_COLOR, no ? ansi_highlight_red() : ansi_highlight_green()); | |
525 | if (r < 0) | |
f987a261 | 526 | return table_log_add_error(r); |
1604937f LP |
527 | } |
528 | ||
529 | if (table_get_rows(t) <= 0) { | |
530 | log_info("No services."); | |
531 | return 0; | |
532 | } | |
533 | ||
534 | if (arg_output == OUTPUT_JSON) | |
535 | table_print_json(t, NULL, JSON_FORMAT_PRETTY|JSON_FORMAT_COLOR_AUTO); | |
536 | else | |
537 | table_print(t, NULL); | |
538 | ||
539 | return 0; | |
540 | } | |
541 | ||
542 | static int ssh_authorized_keys(int argc, char *argv[], void *userdata) { | |
543 | _cleanup_(user_record_unrefp) UserRecord *ur = NULL; | |
544 | int r; | |
545 | ||
1604937f LP |
546 | r = userdb_by_name(argv[1], arg_userdb_flags, &ur); |
547 | if (r == -ESRCH) | |
2aea5883 | 548 | return log_error_errno(r, "User %s does not exist.", argv[1]); |
1604937f | 549 | else if (r == -EHOSTDOWN) |
2aea5883 LP |
550 | return log_error_errno(r, "Selected user database service is not available for this request."); |
551 | else if (r == -EINVAL) | |
552 | return log_error_errno(r, "Failed to find user %s: %m (Invalid user name?)", argv[1]); | |
1604937f | 553 | else if (r < 0) |
2aea5883 | 554 | return log_error_errno(r, "Failed to find user %s: %m", argv[1]); |
1604937f LP |
555 | |
556 | if (strv_isempty(ur->ssh_authorized_keys)) | |
557 | log_debug("User record for %s has no public SSH keys.", argv[1]); | |
558 | else { | |
559 | char **i; | |
560 | ||
561 | STRV_FOREACH(i, ur->ssh_authorized_keys) | |
562 | printf("%s\n", *i); | |
563 | } | |
564 | ||
565 | if (ur->incomplete) { | |
566 | fflush(stdout); | |
567 | log_warning("Warning: lacking rights to acquire privileged fields of user record of '%s', output incomplete.", ur->user_name); | |
568 | } | |
569 | ||
570 | return EXIT_SUCCESS; | |
571 | } | |
572 | ||
573 | static int help(int argc, char *argv[], void *userdata) { | |
574 | _cleanup_free_ char *link = NULL; | |
575 | int r; | |
576 | ||
577 | (void) pager_open(arg_pager_flags); | |
578 | ||
579 | r = terminal_urlify_man("userdbctl", "1", &link); | |
580 | if (r < 0) | |
581 | return log_oom(); | |
582 | ||
583 | printf("%s [OPTIONS...] COMMAND ...\n\n" | |
584 | "%sShow user and group information.%s\n" | |
585 | "\nCommands:\n" | |
7009610f ZJS |
586 | " user [USER…] Inspect user\n" |
587 | " group [GROUP…] Inspect group\n" | |
588 | " users-in-group [GROUP…] Show users that are members of specified group(s)\n" | |
589 | " groups-of-user [USER…] Show groups the specified user(s) is a member of\n" | |
590 | " services Show enabled database services\n" | |
1604937f | 591 | "\nOptions:\n" |
7009610f ZJS |
592 | " -h --help Show this help\n" |
593 | " --version Show package version\n" | |
594 | " --no-pager Do not pipe output into a pager\n" | |
595 | " --no-legend Do not show the headers and footers\n" | |
596 | " --output=MODE Select output mode (classic, friendly, table, json)\n" | |
597 | " -j Equivalent to --output=json\n" | |
1604937f | 598 | " -s --service=SERVICE[:SERVICE…]\n" |
7009610f ZJS |
599 | " Query the specified service\n" |
600 | " --with-nss=BOOL Control whether to include glibc NSS data\n" | |
601 | " -N Do not synthesize or include glibc NSS data\n" | |
602 | " (Same as --synthesize=no --with-nss=no)\n" | |
603 | " --synthesize=BOOL Synthesize root/nobody user\n" | |
bc556335 DDM |
604 | "\nSee the %s for details.\n", |
605 | program_invocation_short_name, | |
606 | ansi_highlight(), | |
607 | ansi_normal(), | |
608 | link); | |
1604937f LP |
609 | |
610 | return 0; | |
611 | } | |
612 | ||
613 | static int parse_argv(int argc, char *argv[]) { | |
614 | ||
615 | enum { | |
616 | ARG_VERSION = 0x100, | |
617 | ARG_NO_PAGER, | |
618 | ARG_NO_LEGEND, | |
619 | ARG_OUTPUT, | |
620 | ARG_WITH_NSS, | |
621 | ARG_SYNTHESIZE, | |
622 | }; | |
623 | ||
624 | static const struct option options[] = { | |
625 | { "help", no_argument, NULL, 'h' }, | |
626 | { "version", no_argument, NULL, ARG_VERSION }, | |
627 | { "no-pager", no_argument, NULL, ARG_NO_PAGER }, | |
628 | { "no-legend", no_argument, NULL, ARG_NO_LEGEND }, | |
629 | { "output", required_argument, NULL, ARG_OUTPUT }, | |
630 | { "service", required_argument, NULL, 's' }, | |
631 | { "with-nss", required_argument, NULL, ARG_WITH_NSS }, | |
632 | { "synthesize", required_argument, NULL, ARG_SYNTHESIZE }, | |
633 | {} | |
634 | }; | |
635 | ||
636 | const char *e; | |
637 | int r; | |
638 | ||
639 | assert(argc >= 0); | |
640 | assert(argv); | |
641 | ||
642 | /* We are going to update this environment variable with our own, hence let's first read what is already set */ | |
643 | e = getenv("SYSTEMD_ONLY_USERDB"); | |
644 | if (e) { | |
645 | char **l; | |
646 | ||
647 | l = strv_split(e, ":"); | |
648 | if (!l) | |
649 | return log_oom(); | |
650 | ||
651 | strv_free(arg_services); | |
652 | arg_services = l; | |
653 | } | |
654 | ||
655 | for (;;) { | |
656 | int c; | |
657 | ||
658 | c = getopt_long(argc, argv, "hjs:N", options, NULL); | |
659 | if (c < 0) | |
660 | break; | |
661 | ||
662 | switch (c) { | |
663 | ||
664 | case 'h': | |
665 | return help(0, NULL, NULL); | |
666 | ||
667 | case ARG_VERSION: | |
668 | return version(); | |
669 | ||
670 | case ARG_NO_PAGER: | |
671 | arg_pager_flags |= PAGER_DISABLE; | |
672 | break; | |
673 | ||
674 | case ARG_NO_LEGEND: | |
675 | arg_legend = false; | |
676 | break; | |
677 | ||
678 | case ARG_OUTPUT: | |
679 | if (streq(optarg, "classic")) | |
680 | arg_output = OUTPUT_CLASSIC; | |
681 | else if (streq(optarg, "friendly")) | |
682 | arg_output = OUTPUT_FRIENDLY; | |
683 | else if (streq(optarg, "json")) | |
684 | arg_output = OUTPUT_JSON; | |
685 | else if (streq(optarg, "table")) | |
686 | arg_output = OUTPUT_TABLE; | |
687 | else if (streq(optarg, "help")) { | |
688 | puts("classic\n" | |
689 | "friendly\n" | |
c4651e31 ZJS |
690 | "json\n" |
691 | "table"); | |
1604937f LP |
692 | return 0; |
693 | } else | |
694 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid --output= mode: %s", optarg); | |
695 | ||
696 | break; | |
697 | ||
698 | case 'j': | |
699 | arg_output = OUTPUT_JSON; | |
700 | break; | |
701 | ||
702 | case 's': | |
703 | if (isempty(optarg)) | |
704 | arg_services = strv_free(arg_services); | |
705 | else { | |
7c7c4485 | 706 | _cleanup_strv_free_ char **l = NULL; |
1604937f LP |
707 | |
708 | l = strv_split(optarg, ":"); | |
709 | if (!l) | |
710 | return log_oom(); | |
711 | ||
712 | r = strv_extend_strv(&arg_services, l, true); | |
713 | if (r < 0) | |
714 | return log_oom(); | |
715 | } | |
716 | ||
717 | break; | |
718 | ||
719 | case 'N': | |
720 | arg_userdb_flags |= USERDB_AVOID_NSS|USERDB_DONT_SYNTHESIZE; | |
721 | break; | |
722 | ||
723 | case ARG_WITH_NSS: | |
c3470872 | 724 | r = parse_boolean_argument("--with-nss=", optarg, NULL); |
1604937f | 725 | if (r < 0) |
c3470872 | 726 | return r; |
1604937f LP |
727 | |
728 | SET_FLAG(arg_userdb_flags, USERDB_AVOID_NSS, !r); | |
729 | break; | |
730 | ||
731 | case ARG_SYNTHESIZE: | |
c3470872 | 732 | r = parse_boolean_argument("--synthesize=", optarg, NULL); |
1604937f | 733 | if (r < 0) |
c3470872 | 734 | return r; |
1604937f LP |
735 | |
736 | SET_FLAG(arg_userdb_flags, USERDB_DONT_SYNTHESIZE, !r); | |
737 | break; | |
738 | ||
739 | case '?': | |
740 | return -EINVAL; | |
741 | ||
742 | default: | |
743 | assert_not_reached("Unhandled option"); | |
744 | } | |
745 | } | |
746 | ||
747 | return 1; | |
748 | } | |
749 | ||
750 | static int run(int argc, char *argv[]) { | |
751 | static const Verb verbs[] = { | |
752 | { "help", VERB_ANY, VERB_ANY, 0, help }, | |
753 | { "user", VERB_ANY, VERB_ANY, VERB_DEFAULT, display_user }, | |
754 | { "group", VERB_ANY, VERB_ANY, 0, display_group }, | |
755 | { "users-in-group", VERB_ANY, VERB_ANY, 0, display_memberships }, | |
756 | { "groups-of-user", VERB_ANY, VERB_ANY, 0, display_memberships }, | |
757 | { "services", VERB_ANY, 1, 0, display_services }, | |
758 | ||
759 | /* This one is a helper for sshd_config's AuthorizedKeysCommand= setting, it's not a | |
760 | * user-facing verb and thus should not appear in man pages or --help texts. */ | |
761 | { "ssh-authorized-keys", 2, 2, 0, ssh_authorized_keys }, | |
762 | {} | |
763 | }; | |
764 | ||
765 | int r; | |
766 | ||
d2acb93d | 767 | log_setup(); |
1604937f LP |
768 | |
769 | r = parse_argv(argc, argv); | |
770 | if (r <= 0) | |
771 | return r; | |
772 | ||
773 | if (arg_services) { | |
774 | _cleanup_free_ char *e = NULL; | |
775 | ||
776 | e = strv_join(arg_services, ":"); | |
777 | if (!e) | |
778 | return log_oom(); | |
779 | ||
780 | if (setenv("SYSTEMD_ONLY_USERDB", e, true) < 0) | |
781 | return log_error_errno(r, "Failed to set $SYSTEMD_ONLY_USERDB: %m"); | |
782 | ||
783 | log_info("Enabled services: %s", e); | |
44ee03d1 ZJS |
784 | } else |
785 | assert_se(unsetenv("SYSTEMD_ONLY_USERDB") == 0); | |
1604937f LP |
786 | |
787 | return dispatch_verb(argc, argv, verbs, NULL); | |
788 | } | |
789 | ||
790 | DEFINE_MAIN_FUNCTION(run); |