]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/home/home-util.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 #include "dns-domain.h"
5 #include "libcrypt-util.h"
6 #include "memory-util.h"
8 #include "string-util.h"
10 #include "user-util.h"
12 bool suitable_user_name(const char *name
) {
14 /* Checks whether the specified name is suitable for management via homed. Note that client-side
15 * we usually validate with the simple valid_user_group_name(), while server-side we are a bit more
16 * restrictive, so that we can change the rules server-side without having to update things
19 if (!valid_user_group_name(name
, 0))
22 /* We generally rely on NSS to tell us which users not to care for, but let's filter out some
23 * particularly well-known users. */
27 NOBODY_USER_NAME
, NOBODY_GROUP_NAME
))
30 /* Let's also defend our own namespace, as well as Debian's (unwritten?) logic of prefixing system
31 * users with underscores. */
32 if (STARTSWITH_SET(name
, "systemd-", "_"))
38 int suitable_realm(const char *realm
) {
39 _cleanup_free_
char *normalized
= NULL
;
42 /* Similar to the above: let's validate the realm a bit stricter server-side than client side */
44 r
= dns_name_normalize(realm
, 0, &normalized
); /* this also checks general validity */
50 if (!streq(realm
, normalized
)) /* is this normalized? */
53 if (dns_name_is_root(realm
)) /* Don't allow top level domain */
59 int suitable_image_path(const char *path
) {
61 return !empty_or_root(path
) &&
62 path_is_valid(path
) &&
63 path_is_absolute(path
);
66 bool supported_fstype(const char *fstype
) {
67 /* Limit the set of supported file systems a bit, as protection against little tested kernel file
68 * systems. Also, we only support the resize ioctls for these file systems. */
69 return STR_IN_SET(fstype
, "ext4", "btrfs", "xfs");
72 int split_user_name_realm(const char *t
, char **ret_user_name
, char **ret_realm
) {
73 _cleanup_free_
char *user_name
= NULL
, *realm
= NULL
;
78 assert(ret_user_name
);
83 user_name
= strdup(t
);
87 user_name
= strndup(t
, c
- t
);
91 realm
= strdup(c
+ 1);
96 if (!suitable_user_name(user_name
))
100 r
= suitable_realm(realm
);
107 *ret_user_name
= TAKE_PTR(user_name
);
108 *ret_realm
= TAKE_PTR(realm
);
113 int bus_message_append_secret(sd_bus_message
*m
, UserRecord
*secret
) {
114 _cleanup_(erase_and_freep
) char *formatted
= NULL
;
121 if (!FLAGS_SET(secret
->mask
, USER_RECORD_SECRET
))
122 return sd_bus_message_append(m
, "s", "{}");
124 v
= json_variant_by_key(secret
->json
, "secret");
128 r
= json_variant_format(v
, 0, &formatted
);
132 (void) sd_bus_message_sensitive(m
);
134 return sd_bus_message_append(m
, "s", formatted
);