]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/dynamic-user.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
test-cpu-set-util.c: fix typo in comment (#6916)
[thirdparty/systemd.git] / src / core / dynamic-user.c
1 /***
2 This file is part of systemd.
3
4 Copyright 2016 Lennart Poettering
5
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
10
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
18 ***/
19
20 #include <grp.h>
21 #include <pwd.h>
22 #include <sys/file.h>
23
24 #include "dynamic-user.h"
25 #include "fd-util.h"
26 #include "fileio.h"
27 #include "fs-util.h"
28 #include "io-util.h"
29 #include "parse-util.h"
30 #include "random-util.h"
31 #include "stdio-util.h"
32 #include "string-util.h"
33 #include "user-util.h"
34
35 /* Takes a value generated randomly or by hashing and turns it into a UID in the right range */
36 #define UID_CLAMP_INTO_RANGE(rnd) (((uid_t) (rnd) % (DYNAMIC_UID_MAX - DYNAMIC_UID_MIN + 1)) + DYNAMIC_UID_MIN)
37
38 static DynamicUser* dynamic_user_free(DynamicUser *d) {
39 if (!d)
40 return NULL;
41
42 if (d->manager)
43 (void) hashmap_remove(d->manager->dynamic_users, d->name);
44
45 safe_close_pair(d->storage_socket);
46 return mfree(d);
47 }
48
49 static int dynamic_user_add(Manager *m, const char *name, int storage_socket[2], DynamicUser **ret) {
50 DynamicUser *d = NULL;
51 int r;
52
53 assert(m);
54 assert(name);
55 assert(storage_socket);
56
57 r = hashmap_ensure_allocated(&m->dynamic_users, &string_hash_ops);
58 if (r < 0)
59 return r;
60
61 d = malloc0(offsetof(DynamicUser, name) + strlen(name) + 1);
62 if (!d)
63 return -ENOMEM;
64
65 strcpy(d->name, name);
66
67 d->storage_socket[0] = storage_socket[0];
68 d->storage_socket[1] = storage_socket[1];
69
70 r = hashmap_put(m->dynamic_users, d->name, d);
71 if (r < 0) {
72 free(d);
73 return r;
74 }
75
76 d->manager = m;
77
78 if (ret)
79 *ret = d;
80
81 return 0;
82 }
83
84 int dynamic_user_acquire(Manager *m, const char *name, DynamicUser** ret) {
85 _cleanup_close_pair_ int storage_socket[2] = { -1, -1 };
86 DynamicUser *d;
87 int r;
88
89 assert(m);
90 assert(name);
91
92 /* Return the DynamicUser structure for a specific user name. Note that this won't actually allocate a UID for
93 * it, but just prepare the data structure for it. The UID is allocated only on demand, when it's really
94 * needed, and in the child process we fork off, since allocation involves NSS checks which are not OK to do
95 * from PID 1. To allow the children and PID 1 share information about allocated UIDs we use an anonymous
96 * AF_UNIX/SOCK_DGRAM socket (called the "storage socket") that contains at most one datagram with the
97 * allocated UID number, plus an fd referencing the lock file for the UID
98 * (i.e. /run/systemd/dynamic-uid/$UID). Why involve the socket pair? So that PID 1 and all its children can
99 * share the same storage for the UID and lock fd, simply by inheriting the storage socket fds. The socket pair
100 * may exist in three different states:
101 *
102 * a) no datagram stored. This is the initial state. In this case the dynamic user was never realized.
103 *
104 * b) a datagram containing a UID stored, but no lock fd attached to it. In this case there was already a
105 * statically assigned UID by the same name, which we are reusing.
106 *
107 * c) a datagram containing a UID stored, and a lock fd is attached to it. In this case we allocated a dynamic
108 * UID and locked it in the file system, using the lock fd.
109 *
110 * As PID 1 and various children might access the socket pair simultaneously, and pop the datagram or push it
111 * back in any time, we also maintain a lock on the socket pair. Note one peculiarity regarding locking here:
112 * the UID lock on disk is protected via a BSD file lock (i.e. an fd-bound lock), so that the lock is kept in
113 * place as long as there's a reference to the fd open. The lock on the storage socket pair however is a POSIX
114 * file lock (i.e. a process-bound lock), as all users share the same fd of this (after all it is anonymous,
115 * nobody else could get any access to it except via our own fd) and we want to synchronize access between all
116 * processes that have access to it. */
117
118 d = hashmap_get(m->dynamic_users, name);
119 if (d) {
120 /* We already have a structure for the dynamic user, let's increase the ref count and reuse it */
121 d->n_ref++;
122 *ret = d;
123 return 0;
124 }
125
126 if (!valid_user_group_name_or_id(name))
127 return -EINVAL;
128
129 if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, storage_socket) < 0)
130 return -errno;
131
132 r = dynamic_user_add(m, name, storage_socket, &d);
133 if (r < 0)
134 return r;
135
136 storage_socket[0] = storage_socket[1] = -1;
137
138 if (ret) {
139 d->n_ref++;
140 *ret = d;
141 }
142
143 return 1;
144 }
145
146 static int make_uid_symlinks(uid_t uid, const char *name, bool b) {
147
148 char path1[strlen("/run/systemd/dynamic-uid/direct:") + DECIMAL_STR_MAX(uid_t) + 1];
149 const char *path2;
150 int r = 0, k;
151
152 /* Add direct additional symlinks for direct lookups of dynamic UIDs and their names by userspace code. The
153 * only reason we have this is because dbus-daemon cannot use D-Bus for resolving users and groups (since it
154 * would be its own client then). We hence keep these world-readable symlinks in place, so that the
155 * unprivileged dbus user can read the mappings when it needs them via these symlinks instead of having to go
156 * via the bus. Ideally, we'd use the lock files we keep for this anyway, but we can't since we use BSD locks
157 * on them and as those may be taken by any user with read access we can't make them world-readable. */
158
159 xsprintf(path1, "/run/systemd/dynamic-uid/direct:" UID_FMT, uid);
160 if (unlink(path1) < 0 && errno != ENOENT)
161 r = -errno;
162
163 if (b && symlink(name, path1) < 0) {
164 k = log_warning_errno(errno, "Failed to symlink \"%s\": %m", path1);
165 if (r == 0)
166 r = k;
167 }
168
169 path2 = strjoina("/run/systemd/dynamic-uid/direct:", name);
170 if (unlink(path2) < 0 && errno != ENOENT) {
171 k = -errno;
172 if (r == 0)
173 r = k;
174 }
175
176 if (b && symlink(path1 + strlen("/run/systemd/dynamic-uid/direct:"), path2) < 0) {
177 k = log_warning_errno(errno, "Failed to symlink \"%s\": %m", path2);
178 if (r == 0)
179 r = k;
180 }
181
182 return r;
183 }
184
185 static int pick_uid(const char *name, uid_t *ret_uid) {
186
187 static const uint8_t hash_key[] = {
188 0x37, 0x53, 0x7e, 0x31, 0xcf, 0xce, 0x48, 0xf5,
189 0x8a, 0xbb, 0x39, 0x57, 0x8d, 0xd9, 0xec, 0x59
190 };
191
192 unsigned n_tries = 100;
193 uid_t candidate;
194 int r;
195
196 /* A static user by this name does not exist yet. Let's find a free ID then, and use that. We start with a UID
197 * generated as hash from the user name. */
198 candidate = UID_CLAMP_INTO_RANGE(siphash24(name, strlen(name), hash_key));
199
200 (void) mkdir("/run/systemd/dynamic-uid", 0755);
201
202 for (;;) {
203 char lock_path[strlen("/run/systemd/dynamic-uid/") + DECIMAL_STR_MAX(uid_t) + 1];
204 _cleanup_close_ int lock_fd = -1;
205 ssize_t l;
206
207 if (--n_tries <= 0) /* Give up retrying eventually */
208 return -EBUSY;
209
210 if (!uid_is_dynamic(candidate))
211 goto next;
212
213 xsprintf(lock_path, "/run/systemd/dynamic-uid/" UID_FMT, candidate);
214
215 for (;;) {
216 struct stat st;
217
218 lock_fd = open(lock_path, O_CREAT|O_RDWR|O_NOFOLLOW|O_CLOEXEC|O_NOCTTY, 0600);
219 if (lock_fd < 0)
220 return -errno;
221
222 r = flock(lock_fd, LOCK_EX|LOCK_NB); /* Try to get a BSD file lock on the UID lock file */
223 if (r < 0) {
224 if (errno == EBUSY || errno == EAGAIN)
225 goto next; /* already in use */
226
227 return -errno;
228 }
229
230 if (fstat(lock_fd, &st) < 0)
231 return -errno;
232 if (st.st_nlink > 0)
233 break;
234
235 /* Oh, bummer, we got the lock, but the file was unlinked between the time we opened it and
236 * got the lock. Close it, and try again. */
237 lock_fd = safe_close(lock_fd);
238 }
239
240 /* Some superficial check whether this UID/GID might already be taken by some static user */
241 if (getpwuid(candidate) || getgrgid((gid_t) candidate)) {
242 (void) unlink(lock_path);
243 goto next;
244 }
245
246 /* Let's store the user name in the lock file, so that we can use it for looking up the username for a UID */
247 l = pwritev(lock_fd,
248 (struct iovec[2]) {
249 IOVEC_INIT_STRING(name),
250 IOVEC_INIT((char[1]) { '\n' }, 1),
251 }, 2, 0);
252 if (l < 0) {
253 (void) unlink(lock_path);
254 return -errno;
255 }
256
257 (void) ftruncate(lock_fd, l);
258 (void) make_uid_symlinks(candidate, name, true); /* also add direct lookup symlinks */
259
260 *ret_uid = candidate;
261 r = lock_fd;
262 lock_fd = -1;
263
264 return r;
265
266 next:
267 /* Pick another random UID, and see if that works for us. */
268 random_bytes(&candidate, sizeof(candidate));
269 candidate = UID_CLAMP_INTO_RANGE(candidate);
270 }
271 }
272
273 static int dynamic_user_pop(DynamicUser *d, uid_t *ret_uid, int *ret_lock_fd) {
274 uid_t uid = UID_INVALID;
275 struct iovec iov = IOVEC_INIT(&uid, sizeof(uid));
276 union {
277 struct cmsghdr cmsghdr;
278 uint8_t buf[CMSG_SPACE(sizeof(int))];
279 } control = {};
280 struct msghdr mh = {
281 .msg_control = &control,
282 .msg_controllen = sizeof(control),
283 .msg_iov = &iov,
284 .msg_iovlen = 1,
285 };
286 struct cmsghdr *cmsg;
287
288 ssize_t k;
289 int lock_fd = -1;
290
291 assert(d);
292 assert(ret_uid);
293 assert(ret_lock_fd);
294
295 /* Read the UID and lock fd that is stored in the storage AF_UNIX socket. This should be called with the lock
296 * on the socket taken. */
297
298 k = recvmsg(d->storage_socket[0], &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
299 if (k < 0)
300 return -errno;
301
302 cmsg = cmsg_find(&mh, SOL_SOCKET, SCM_RIGHTS, CMSG_LEN(sizeof(int)));
303 if (cmsg)
304 lock_fd = *(int*) CMSG_DATA(cmsg);
305 else
306 cmsg_close_all(&mh); /* just in case... */
307
308 *ret_uid = uid;
309 *ret_lock_fd = lock_fd;
310
311 return 0;
312 }
313
314 static int dynamic_user_push(DynamicUser *d, uid_t uid, int lock_fd) {
315 struct iovec iov = IOVEC_INIT(&uid, sizeof(uid));
316 union {
317 struct cmsghdr cmsghdr;
318 uint8_t buf[CMSG_SPACE(sizeof(int))];
319 } control = {};
320 struct msghdr mh = {
321 .msg_control = &control,
322 .msg_controllen = sizeof(control),
323 .msg_iov = &iov,
324 .msg_iovlen = 1,
325 };
326 ssize_t k;
327
328 assert(d);
329
330 /* Store the UID and lock_fd in the storage socket. This should be called with the socket pair lock taken. */
331
332 if (lock_fd >= 0) {
333 struct cmsghdr *cmsg;
334
335 cmsg = CMSG_FIRSTHDR(&mh);
336 cmsg->cmsg_level = SOL_SOCKET;
337 cmsg->cmsg_type = SCM_RIGHTS;
338 cmsg->cmsg_len = CMSG_LEN(sizeof(int));
339 memcpy(CMSG_DATA(cmsg), &lock_fd, sizeof(int));
340
341 mh.msg_controllen = CMSG_SPACE(sizeof(int));
342 } else {
343 mh.msg_control = NULL;
344 mh.msg_controllen = 0;
345 }
346
347 k = sendmsg(d->storage_socket[1], &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
348 if (k < 0)
349 return -errno;
350
351 return 0;
352 }
353
354 static void unlink_uid_lock(int lock_fd, uid_t uid, const char *name) {
355 char lock_path[strlen("/run/systemd/dynamic-uid/") + DECIMAL_STR_MAX(uid_t) + 1];
356
357 if (lock_fd < 0)
358 return;
359
360 xsprintf(lock_path, "/run/systemd/dynamic-uid/" UID_FMT, uid);
361 (void) unlink(lock_path);
362
363 (void) make_uid_symlinks(uid, name, false); /* remove direct lookup symlinks */
364 }
365
366 int dynamic_user_realize(DynamicUser *d, uid_t *ret) {
367
368 _cleanup_close_ int etc_passwd_lock_fd = -1, uid_lock_fd = -1;
369 uid_t uid = UID_INVALID;
370 int r;
371
372 assert(d);
373
374 /* Acquire a UID for the user name. This will allocate a UID for the user name if the user doesn't exist
375 * yet. If it already exists its existing UID/GID will be reused. */
376
377 if (lockf(d->storage_socket[0], F_LOCK, 0) < 0)
378 return -errno;
379
380 r = dynamic_user_pop(d, &uid, &uid_lock_fd);
381 if (r < 0) {
382 int new_uid_lock_fd;
383 uid_t new_uid;
384
385 if (r != -EAGAIN)
386 goto finish;
387
388 /* OK, nothing stored yet, let's try to find something useful. While we are working on this release the
389 * lock however, so that nobody else blocks on our NSS lookups. */
390 (void) lockf(d->storage_socket[0], F_ULOCK, 0);
391
392 /* Let's see if a proper, static user or group by this name exists. Try to take the lock on
393 * /etc/passwd, if that fails with EROFS then /etc is read-only. In that case it's fine if we don't
394 * take the lock, given that users can't be added there anyway in this case. */
395 etc_passwd_lock_fd = take_etc_passwd_lock(NULL);
396 if (etc_passwd_lock_fd < 0 && etc_passwd_lock_fd != -EROFS)
397 return etc_passwd_lock_fd;
398
399 /* First, let's parse this as numeric UID */
400 r = parse_uid(d->name, &uid);
401 if (r < 0) {
402 struct passwd *p;
403 struct group *g;
404
405 /* OK, this is not a numeric UID. Let's see if there's a user by this name */
406 p = getpwnam(d->name);
407 if (p)
408 uid = p->pw_uid;
409
410 /* Let's see if there's a group by this name */
411 g = getgrnam(d->name);
412 if (g) {
413 /* If the UID/GID of the user/group of the same don't match, refuse operation */
414 if (uid != UID_INVALID && uid != (uid_t) g->gr_gid)
415 return -EILSEQ;
416
417 uid = (uid_t) g->gr_gid;
418 }
419 }
420
421 if (uid == UID_INVALID) {
422 /* No static UID assigned yet, excellent. Let's pick a new dynamic one, and lock it. */
423
424 uid_lock_fd = pick_uid(d->name, &uid);
425 if (uid_lock_fd < 0)
426 return uid_lock_fd;
427 }
428
429 /* So, we found a working UID/lock combination. Let's see if we actually still need it. */
430 if (lockf(d->storage_socket[0], F_LOCK, 0) < 0) {
431 unlink_uid_lock(uid_lock_fd, uid, d->name);
432 return -errno;
433 }
434
435 r = dynamic_user_pop(d, &new_uid, &new_uid_lock_fd);
436 if (r < 0) {
437 if (r != -EAGAIN) {
438 /* OK, something bad happened, let's get rid of the bits we acquired. */
439 unlink_uid_lock(uid_lock_fd, uid, d->name);
440 goto finish;
441 }
442
443 /* Great! Nothing is stored here, still. Store our newly acquired data. */
444 } else {
445 /* Hmm, so as it appears there's now something stored in the storage socket. Throw away what we
446 * acquired, and use what's stored now. */
447
448 unlink_uid_lock(uid_lock_fd, uid, d->name);
449 safe_close(uid_lock_fd);
450
451 uid = new_uid;
452 uid_lock_fd = new_uid_lock_fd;
453 }
454 }
455
456 /* If the UID/GID was already allocated dynamically, push the data we popped out back in. If it was already
457 * allocated statically, push the UID back too, but do not push the lock fd in. If we allocated the UID
458 * dynamically right here, push that in along with the lock fd for it. */
459 r = dynamic_user_push(d, uid, uid_lock_fd);
460 if (r < 0)
461 goto finish;
462
463 *ret = uid;
464 r = 0;
465
466 finish:
467 (void) lockf(d->storage_socket[0], F_ULOCK, 0);
468 return r;
469 }
470
471 int dynamic_user_current(DynamicUser *d, uid_t *ret) {
472 _cleanup_close_ int lock_fd = -1;
473 uid_t uid;
474 int r;
475
476 assert(d);
477 assert(ret);
478
479 /* Get the currently assigned UID for the user, if there's any. This simply pops the data from the storage socket, and pushes it back in right-away. */
480
481 if (lockf(d->storage_socket[0], F_LOCK, 0) < 0)
482 return -errno;
483
484 r = dynamic_user_pop(d, &uid, &lock_fd);
485 if (r < 0)
486 goto finish;
487
488 r = dynamic_user_push(d, uid, lock_fd);
489 if (r < 0)
490 goto finish;
491
492 *ret = uid;
493 r = 0;
494
495 finish:
496 (void) lockf(d->storage_socket[0], F_ULOCK, 0);
497 return r;
498 }
499
500 DynamicUser* dynamic_user_ref(DynamicUser *d) {
501 if (!d)
502 return NULL;
503
504 assert(d->n_ref > 0);
505 d->n_ref++;
506
507 return d;
508 }
509
510 DynamicUser* dynamic_user_unref(DynamicUser *d) {
511 if (!d)
512 return NULL;
513
514 /* Note that this doesn't actually release any resources itself. If a dynamic user should be fully destroyed
515 * and its UID released, use dynamic_user_destroy() instead. NB: the dynamic user table may contain entries
516 * with no references, which is commonly the case right before a daemon reload. */
517
518 assert(d->n_ref > 0);
519 d->n_ref--;
520
521 return NULL;
522 }
523
524 static int dynamic_user_close(DynamicUser *d) {
525 _cleanup_close_ int lock_fd = -1;
526 uid_t uid;
527 int r;
528
529 /* Release the user ID, by releasing the lock on it, and emptying the storage socket. After this the user is
530 * unrealized again, much like it was after it the DynamicUser object was first allocated. */
531
532 if (lockf(d->storage_socket[0], F_LOCK, 0) < 0)
533 return -errno;
534
535 r = dynamic_user_pop(d, &uid, &lock_fd);
536 if (r == -EAGAIN) {
537 /* User wasn't realized yet, nothing to do. */
538 r = 0;
539 goto finish;
540 }
541 if (r < 0)
542 goto finish;
543
544 /* This dynamic user was realized and dynamically allocated. In this case, let's remove the lock file. */
545 unlink_uid_lock(lock_fd, uid, d->name);
546 r = 1;
547
548 finish:
549 (void) lockf(d->storage_socket[0], F_ULOCK, 0);
550 return r;
551 }
552
553 DynamicUser* dynamic_user_destroy(DynamicUser *d) {
554 if (!d)
555 return NULL;
556
557 /* Drop a reference to a DynamicUser object, and destroy the user completely if this was the last
558 * reference. This is called whenever a service is shut down and wants its dynamic UID gone. Note that
559 * dynamic_user_unref() is what is called whenever a service is simply freed, for example during a reload
560 * cycle, where the dynamic users should not be destroyed, but our datastructures should. */
561
562 dynamic_user_unref(d);
563
564 if (d->n_ref > 0)
565 return NULL;
566
567 (void) dynamic_user_close(d);
568 return dynamic_user_free(d);
569 }
570
571 int dynamic_user_serialize(Manager *m, FILE *f, FDSet *fds) {
572 DynamicUser *d;
573 Iterator i;
574
575 assert(m);
576 assert(f);
577 assert(fds);
578
579 /* Dump the dynamic user database into the manager serialization, to deal with daemon reloads. */
580
581 HASHMAP_FOREACH(d, m->dynamic_users, i) {
582 int copy0, copy1;
583
584 copy0 = fdset_put_dup(fds, d->storage_socket[0]);
585 if (copy0 < 0)
586 return copy0;
587
588 copy1 = fdset_put_dup(fds, d->storage_socket[1]);
589 if (copy1 < 0)
590 return copy1;
591
592 fprintf(f, "dynamic-user=%s %i %i\n", d->name, copy0, copy1);
593 }
594
595 return 0;
596 }
597
598 void dynamic_user_deserialize_one(Manager *m, const char *value, FDSet *fds) {
599 _cleanup_free_ char *name = NULL, *s0 = NULL, *s1 = NULL;
600 int r, fd0, fd1;
601
602 assert(m);
603 assert(value);
604 assert(fds);
605
606 /* Parse the serialization again, after a daemon reload */
607
608 r = extract_many_words(&value, NULL, 0, &name, &s0, &s1, NULL);
609 if (r != 3 || !isempty(value)) {
610 log_debug("Unable to parse dynamic user line.");
611 return;
612 }
613
614 if (safe_atoi(s0, &fd0) < 0 || !fdset_contains(fds, fd0)) {
615 log_debug("Unable to process dynamic user fd specification.");
616 return;
617 }
618
619 if (safe_atoi(s1, &fd1) < 0 || !fdset_contains(fds, fd1)) {
620 log_debug("Unable to process dynamic user fd specification.");
621 return;
622 }
623
624 r = dynamic_user_add(m, name, (int[]) { fd0, fd1 }, NULL);
625 if (r < 0) {
626 log_debug_errno(r, "Failed to add dynamic user: %m");
627 return;
628 }
629
630 (void) fdset_remove(fds, fd0);
631 (void) fdset_remove(fds, fd1);
632 }
633
634 void dynamic_user_vacuum(Manager *m, bool close_user) {
635 DynamicUser *d;
636 Iterator i;
637
638 assert(m);
639
640 /* Empty the dynamic user database, optionally cleaning up orphaned dynamic users, i.e. destroy and free users
641 * to which no reference exist. This is called after a daemon reload finished, in order to destroy users which
642 * might not be referenced anymore. */
643
644 HASHMAP_FOREACH(d, m->dynamic_users, i) {
645 if (d->n_ref > 0)
646 continue;
647
648 if (close_user) {
649 log_debug("Removing orphaned dynamic user %s", d->name);
650 (void) dynamic_user_close(d);
651 }
652
653 dynamic_user_free(d);
654 }
655 }
656
657 int dynamic_user_lookup_uid(Manager *m, uid_t uid, char **ret) {
658 char lock_path[strlen("/run/systemd/dynamic-uid/") + DECIMAL_STR_MAX(uid_t) + 1];
659 _cleanup_free_ char *user = NULL;
660 uid_t check_uid;
661 int r;
662
663 assert(m);
664 assert(ret);
665
666 /* A friendly way to translate a dynamic user's UID into a name. */
667 if (!uid_is_dynamic(uid))
668 return -ESRCH;
669
670 xsprintf(lock_path, "/run/systemd/dynamic-uid/" UID_FMT, uid);
671 r = read_one_line_file(lock_path, &user);
672 if (r == -ENOENT)
673 return -ESRCH;
674 if (r < 0)
675 return r;
676
677 /* The lock file might be stale, hence let's verify the data before we return it */
678 r = dynamic_user_lookup_name(m, user, &check_uid);
679 if (r < 0)
680 return r;
681 if (check_uid != uid) /* lock file doesn't match our own idea */
682 return -ESRCH;
683
684 *ret = user;
685 user = NULL;
686
687 return 0;
688 }
689
690 int dynamic_user_lookup_name(Manager *m, const char *name, uid_t *ret) {
691 DynamicUser *d;
692 int r;
693
694 assert(m);
695 assert(name);
696 assert(ret);
697
698 /* A friendly call for translating a dynamic user's name into its UID */
699
700 d = hashmap_get(m->dynamic_users, name);
701 if (!d)
702 return -ESRCH;
703
704 r = dynamic_user_current(d, ret);
705 if (r == -EAGAIN) /* not realized yet? */
706 return -ESRCH;
707
708 return r;
709 }
710
711 int dynamic_creds_acquire(DynamicCreds *creds, Manager *m, const char *user, const char *group) {
712 bool acquired = false;
713 int r;
714
715 assert(creds);
716 assert(m);
717
718 /* A DynamicUser object encapsulates an allocation of both a UID and a GID for a specific name. However, some
719 * services use different user and groups. For cases like that there's DynamicCreds containing a pair of user
720 * and group. This call allocates a pair. */
721
722 if (!creds->user && user) {
723 r = dynamic_user_acquire(m, user, &creds->user);
724 if (r < 0)
725 return r;
726
727 acquired = true;
728 }
729
730 if (!creds->group) {
731
732 if (creds->user && (!group || streq_ptr(user, group)))
733 creds->group = dynamic_user_ref(creds->user);
734 else {
735 r = dynamic_user_acquire(m, group, &creds->group);
736 if (r < 0) {
737 if (acquired)
738 creds->user = dynamic_user_unref(creds->user);
739 return r;
740 }
741 }
742 }
743
744 return 0;
745 }
746
747 int dynamic_creds_realize(DynamicCreds *creds, uid_t *uid, gid_t *gid) {
748 uid_t u = UID_INVALID;
749 gid_t g = GID_INVALID;
750 int r;
751
752 assert(creds);
753 assert(uid);
754 assert(gid);
755
756 /* Realize both the referenced user and group */
757
758 if (creds->user) {
759 r = dynamic_user_realize(creds->user, &u);
760 if (r < 0)
761 return r;
762 }
763
764 if (creds->group && creds->group != creds->user) {
765 r = dynamic_user_realize(creds->group, &g);
766 if (r < 0)
767 return r;
768 } else
769 g = u;
770
771 *uid = u;
772 *gid = g;
773
774 return 0;
775 }
776
777 void dynamic_creds_unref(DynamicCreds *creds) {
778 assert(creds);
779
780 creds->user = dynamic_user_unref(creds->user);
781 creds->group = dynamic_user_unref(creds->group);
782 }
783
784 void dynamic_creds_destroy(DynamicCreds *creds) {
785 assert(creds);
786
787 creds->user = dynamic_user_destroy(creds->user);
788 creds->group = dynamic_user_destroy(creds->group);
789 }
Unnamed repository; edit this file 'description' to name the repository.