[thirdparty/systemd.git] / src / shared / user-record-nss.c

/* SPDX-License-Identifier: LGPL-2.1+ */

#include "errno-util.h"
#include "format-util.h"
#include "libcrypt-util.h"
#include "strv.h"
#include "user-record-nss.h"

#define SET_IF(field, condition, value, fallback)  \
        field = (condition) ? (value) : (fallback)

int nss_passwd_to_user_record(
                const struct passwd *pwd,
                const struct spwd *spwd,
                UserRecord **ret) {

        _cleanup_(user_record_unrefp) UserRecord *hr = NULL;
        int r;

        assert(pwd);
        assert(ret);

        if (isempty(pwd->pw_name))
                return -EINVAL;

        if (spwd && !streq_ptr(spwd->sp_namp, pwd->pw_name))
                return -EINVAL;

        hr = user_record_new();
        if (!hr)
                return -ENOMEM;

        r = free_and_strdup(&hr->user_name, pwd->pw_name);
        if (r < 0)
                return r;

        r = free_and_strdup(&hr->real_name,
                            streq_ptr(pwd->pw_gecos, hr->user_name) ? NULL : empty_to_null(pwd->pw_gecos));
        if (r < 0)
                return r;

        r = free_and_strdup(&hr->home_directory, empty_to_null(pwd->pw_dir));
        if (r < 0)
                return r;

        r = free_and_strdup(&hr->shell, empty_to_null(pwd->pw_shell));
        if (r < 0)
                return r;

        hr->uid = pwd->pw_uid;
        hr->gid = pwd->pw_gid;

        if (spwd && hashed_password_valid(spwd->sp_pwdp)) {
                strv_free_erase(hr->hashed_password);
                hr->hashed_password = strv_new(spwd->sp_pwdp);
                if (!hr->hashed_password)
                        return -ENOMEM;
        } else
                hr->hashed_password = strv_free_erase(hr->hashed_password);

        /* shadow-utils suggests using "chage -E 0" (or -E 1, depending on which man page you check)
         * for locking a whole account, hence check for that. Note that it also defines a way to lock
         * just a password instead of the whole account, but that's mostly pointless in times of
         * password-less authorization, hence let's not bother. */

         SET_IF(hr->locked,
                spwd && spwd->sp_expire >= 0,
                spwd->sp_expire <= 1, -1);

         SET_IF(hr->not_after_usec,
                spwd && spwd->sp_expire > 1 && (uint64_t) spwd->sp_expire < (UINT64_MAX-1)/USEC_PER_DAY,
                spwd->sp_expire * USEC_PER_DAY, UINT64_MAX);

         SET_IF(hr->password_change_now,
                spwd && spwd->sp_lstchg >= 0,
                spwd->sp_lstchg == 0, -1);

         SET_IF(hr->last_password_change_usec,
                spwd && spwd->sp_lstchg > 0 && (uint64_t) spwd->sp_lstchg <= (UINT64_MAX-1)/USEC_PER_DAY,
                spwd->sp_lstchg * USEC_PER_DAY, UINT64_MAX);

         SET_IF(hr->password_change_min_usec,
                spwd && spwd->sp_min > 0 && (uint64_t) spwd->sp_min <= (UINT64_MAX-1)/USEC_PER_DAY,
                spwd->sp_min * USEC_PER_DAY, UINT64_MAX);

         SET_IF(hr->password_change_max_usec,
                spwd && spwd->sp_max > 0 && (uint64_t) spwd->sp_max <= (UINT64_MAX-1)/USEC_PER_DAY,
                spwd->sp_max * USEC_PER_DAY, UINT64_MAX);

         SET_IF(hr->password_change_warn_usec,
                spwd && spwd->sp_warn > 0 && (uint64_t) spwd->sp_warn <= (UINT64_MAX-1)/USEC_PER_DAY,
                spwd->sp_warn * USEC_PER_DAY, UINT64_MAX);

         SET_IF(hr->password_change_inactive_usec,
                spwd && spwd->sp_inact > 0 && (uint64_t) spwd->sp_inact <= (UINT64_MAX-1)/USEC_PER_DAY,
                spwd->sp_inact * USEC_PER_DAY, UINT64_MAX);

        hr->json = json_variant_unref(hr->json);
        r = json_build(&hr->json, JSON_BUILD_OBJECT(
                                       JSON_BUILD_PAIR("userName", JSON_BUILD_STRING(hr->user_name)),
                                       JSON_BUILD_PAIR("uid", JSON_BUILD_UNSIGNED(hr->uid)),
                                       JSON_BUILD_PAIR("gid", JSON_BUILD_UNSIGNED(hr->gid)),
                                       JSON_BUILD_PAIR_CONDITION(hr->real_name, "realName", JSON_BUILD_STRING(hr->real_name)),
                                       JSON_BUILD_PAIR_CONDITION(hr->home_directory, "homeDirectory", JSON_BUILD_STRING(hr->home_directory)),
                                       JSON_BUILD_PAIR_CONDITION(hr->shell, "shell", JSON_BUILD_STRING(hr->shell)),
                                       JSON_BUILD_PAIR_CONDITION(!strv_isempty(hr->hashed_password), "privileged", JSON_BUILD_OBJECT(JSON_BUILD_PAIR("hashedPassword", JSON_BUILD_STRV(hr->hashed_password)))),
                                       JSON_BUILD_PAIR_CONDITION(hr->locked >= 0, "locked", JSON_BUILD_BOOLEAN(hr->locked)),
                                       JSON_BUILD_PAIR_CONDITION(hr->not_after_usec != UINT64_MAX, "notAfterUSec", JSON_BUILD_UNSIGNED(hr->not_after_usec)),
                                       JSON_BUILD_PAIR_CONDITION(hr->password_change_now >= 0, "passwordChangeNow", JSON_BUILD_BOOLEAN(hr->password_change_now)),
                                       JSON_BUILD_PAIR_CONDITION(hr->last_password_change_usec != UINT64_MAX, "lastPasswordChangeUSec", JSON_BUILD_UNSIGNED(hr->last_password_change_usec)),
                                       JSON_BUILD_PAIR_CONDITION(hr->password_change_min_usec != UINT64_MAX, "passwordChangeMinUSec", JSON_BUILD_UNSIGNED(hr->password_change_min_usec)),
                                       JSON_BUILD_PAIR_CONDITION(hr->password_change_max_usec != UINT64_MAX, "passwordChangeMaxUSec", JSON_BUILD_UNSIGNED(hr->password_change_max_usec)),
                                       JSON_BUILD_PAIR_CONDITION(hr->password_change_warn_usec != UINT64_MAX, "passwordChangeWarnUSec", JSON_BUILD_UNSIGNED(hr->password_change_warn_usec)),
                                       JSON_BUILD_PAIR_CONDITION(hr->password_change_inactive_usec != UINT64_MAX, "passwordChangeInactiveUSec", JSON_BUILD_UNSIGNED(hr->password_change_inactive_usec))));

        if (r < 0)
                return r;

        hr->mask = USER_RECORD_REGULAR |
                (!strv_isempty(hr->hashed_password) ? USER_RECORD_PRIVILEGED : 0);

        *ret = TAKE_PTR(hr);
        return 0;
}

int nss_spwd_for_passwd(const struct passwd *pwd, struct spwd *ret_spwd, char **ret_buffer) {
        size_t buflen = 4096;
        int r;

        assert(pwd);
        assert(ret_spwd);
        assert(ret_buffer);

        for (;;) {
                _cleanup_free_ char *buf = NULL;
                struct spwd spwd, *result;

                buf = malloc(buflen);
                if (!buf)
                        return -ENOMEM;

                r = getspnam_r(pwd->pw_name, &spwd, buf, buflen, &result);
                if (r == 0) {
                        if (!result)
                                return -ESRCH;

                        *ret_spwd = *result;
                        *ret_buffer = TAKE_PTR(buf);
                        return 0;
                }
                if (r < 0)
                        return -EIO; /* Weird, this should not return negative! */
                if (r != ERANGE)
                        return -r;

                if (buflen > SIZE_MAX / 2)
                        return -ERANGE;

                buflen *= 2;
                buf = mfree(buf);
        }
}

int nss_user_record_by_name(
                const char *name,
                bool with_shadow,
                UserRecord **ret) {

        _cleanup_free_ char *buf = NULL, *sbuf = NULL;
        struct passwd pwd, *result;
        bool incomplete = false;
        size_t buflen = 4096;
        struct spwd spwd, *sresult = NULL;
        int r;

        assert(name);
        assert(ret);

        for (;;) {
                buf = malloc(buflen);
                if (!buf)
                        return -ENOMEM;

                r = getpwnam_r(name, &pwd, buf, buflen, &result);
                if (r == 0)  {
                        if (!result)
                                return -ESRCH;

                        break;
                }

                if (r < 0)
                        return log_debug_errno(SYNTHETIC_ERRNO(EIO), "getpwnam_r() returned a negative value");
                if (r != ERANGE)
                        return -r;

                if (buflen > SIZE_MAX / 2)
                        return -ERANGE;

                buflen *= 2;
                buf = mfree(buf);
        }

        if (with_shadow) {
                r = nss_spwd_for_passwd(result, &spwd, &sbuf);
                if (r < 0) {
                        log_debug_errno(r, "Failed to do shadow lookup for user %s, ignoring: %m", name);
                        incomplete = ERRNO_IS_PRIVILEGE(r);
                } else
                        sresult = &spwd;
        } else
                incomplete = true;

        r = nss_passwd_to_user_record(result, sresult, ret);
        if (r < 0)
                return r;

        (*ret)->incomplete = incomplete;
        return 0;
}

int nss_user_record_by_uid(
                uid_t uid,
                bool with_shadow,
                UserRecord **ret) {

        _cleanup_free_ char *buf = NULL, *sbuf = NULL;
        struct passwd pwd, *result;
        bool incomplete = false;
        size_t buflen = 4096;
        struct spwd spwd, *sresult = NULL;
        int r;

        assert(ret);

        for (;;) {
                buf = malloc(buflen);
                if (!buf)
                        return -ENOMEM;

                r = getpwuid_r(uid, &pwd, buf, buflen, &result);
                if (r == 0)  {
                        if (!result)
                                return -ESRCH;

                        break;
                }
                if (r < 0)
                        return log_debug_errno(SYNTHETIC_ERRNO(EIO), "getpwuid_r() returned a negative value");
                if (r != ERANGE)
                        return -r;

                if (buflen > SIZE_MAX / 2)
                        return -ERANGE;

                buflen *= 2;
                buf = mfree(buf);
        }

        if (with_shadow)  {
                r = nss_spwd_for_passwd(result, &spwd, &sbuf);
                if (r < 0) {
                        log_debug_errno(r, "Failed to do shadow lookup for UID " UID_FMT ", ignoring: %m", uid);
                        incomplete = ERRNO_IS_PRIVILEGE(r);
                } else
                        sresult = &spwd;
        } else
                incomplete = true;

        r = nss_passwd_to_user_record(result, sresult, ret);
        if (r < 0)
                return r;

        (*ret)->incomplete = incomplete;
        return 0;
}
Commit	Line	Data
9b2d9078 LP	1	/* SPDX-License-Identifier: LGPL-2.1+ */
	2
	3	#include "errno-util.h"
	4	#include "format-util.h"
	5	#include "libcrypt-util.h"
	6	#include "strv.h"
	7	#include "user-record-nss.h"
	8
ddee3ada ZJS	9	#define SET_IF(field, condition, value, fallback) \
	10	field = (condition) ? (value) : (fallback)
	11
9b2d9078 LP	12	int nss_passwd_to_user_record(
	13	const struct passwd *pwd,
	14	const struct spwd *spwd,
	15	UserRecord **ret) {
	16
	17	_cleanup_(user_record_unrefp) UserRecord *hr = NULL;
	18	int r;
	19
	20	assert(pwd);
	21	assert(ret);
	22
	23	if (isempty(pwd->pw_name))
	24	return -EINVAL;
	25
	26	if (spwd && !streq_ptr(spwd->sp_namp, pwd->pw_name))
	27	return -EINVAL;
	28
	29	hr = user_record_new();
	30	if (!hr)
	31	return -ENOMEM;
	32
	33	r = free_and_strdup(&hr->user_name, pwd->pw_name);
	34	if (r < 0)
	35	return r;
	36
192aee3c ZJS	37	r = free_and_strdup(&hr->real_name,
	38	streq_ptr(pwd->pw_gecos, hr->user_name) ? NULL : empty_to_null(pwd->pw_gecos));
	39	if (r < 0)
	40	return r;
9b2d9078	41
192aee3c ZJS	42	r = free_and_strdup(&hr->home_directory, empty_to_null(pwd->pw_dir));
	43	if (r < 0)
	44	return r;
9b2d9078	45
192aee3c ZJS	46	r = free_and_strdup(&hr->shell, empty_to_null(pwd->pw_shell));
	47	if (r < 0)
	48	return r;
9b2d9078 LP	49
	50	hr->uid = pwd->pw_uid;
	51	hr->gid = pwd->pw_gid;
	52
ddee3ada ZJS	53	if (spwd && hashed_password_valid(spwd->sp_pwdp)) {
	54	strv_free_erase(hr->hashed_password);
	55	hr->hashed_password = strv_new(spwd->sp_pwdp);
	56	if (!hr->hashed_password)
	57	return -ENOMEM;
	58	} else
9b2d9078	59	hr->hashed_password = strv_free_erase(hr->hashed_password);
ddee3ada ZJS	60
	61	/* shadow-utils suggests using "chage -E 0" (or -E 1, depending on which man page you check)
	62	* for locking a whole account, hence check for that. Note that it also defines a way to lock
	63	* just a password instead of the whole account, but that's mostly pointless in times of
	64	* password-less authorization, hence let's not bother. */
	65
	66	SET_IF(hr->locked,
	67	spwd && spwd->sp_expire >= 0,
	68	spwd->sp_expire <= 1, -1);
	69
	70	SET_IF(hr->not_after_usec,
	71	spwd && spwd->sp_expire > 1 && (uint64_t) spwd->sp_expire < (UINT64_MAX-1)/USEC_PER_DAY,
	72	spwd->sp_expire * USEC_PER_DAY, UINT64_MAX);
	73
	74	SET_IF(hr->password_change_now,
	75	spwd && spwd->sp_lstchg >= 0,
	76	spwd->sp_lstchg == 0, -1);
	77
	78	SET_IF(hr->last_password_change_usec,
	79	spwd && spwd->sp_lstchg > 0 && (uint64_t) spwd->sp_lstchg <= (UINT64_MAX-1)/USEC_PER_DAY,
	80	spwd->sp_lstchg * USEC_PER_DAY, UINT64_MAX);
	81
	82	SET_IF(hr->password_change_min_usec,
	83	spwd && spwd->sp_min > 0 && (uint64_t) spwd->sp_min <= (UINT64_MAX-1)/USEC_PER_DAY,
	84	spwd->sp_min * USEC_PER_DAY, UINT64_MAX);
	85
	86	SET_IF(hr->password_change_max_usec,
	87	spwd && spwd->sp_max > 0 && (uint64_t) spwd->sp_max <= (UINT64_MAX-1)/USEC_PER_DAY,
	88	spwd->sp_max * USEC_PER_DAY, UINT64_MAX);
	89
	90	SET_IF(hr->password_change_warn_usec,
	91	spwd && spwd->sp_warn > 0 && (uint64_t) spwd->sp_warn <= (UINT64_MAX-1)/USEC_PER_DAY,
	92	spwd->sp_warn * USEC_PER_DAY, UINT64_MAX);
	93
	94	SET_IF(hr->password_change_inactive_usec,
	95	spwd && spwd->sp_inact > 0 && (uint64_t) spwd->sp_inact <= (UINT64_MAX-1)/USEC_PER_DAY,
	96	spwd->sp_inact * USEC_PER_DAY, UINT64_MAX);
9b2d9078 LP	97
	98	hr->json = json_variant_unref(hr->json);
	99	r = json_build(&hr->json, JSON_BUILD_OBJECT(
	100	JSON_BUILD_PAIR("userName", JSON_BUILD_STRING(hr->user_name)),
	101	JSON_BUILD_PAIR("uid", JSON_BUILD_UNSIGNED(hr->uid)),
	102	JSON_BUILD_PAIR("gid", JSON_BUILD_UNSIGNED(hr->gid)),
	103	JSON_BUILD_PAIR_CONDITION(hr->real_name, "realName", JSON_BUILD_STRING(hr->real_name)),
	104	JSON_BUILD_PAIR_CONDITION(hr->home_directory, "homeDirectory", JSON_BUILD_STRING(hr->home_directory)),
	105	JSON_BUILD_PAIR_CONDITION(hr->shell, "shell", JSON_BUILD_STRING(hr->shell)),
	106	JSON_BUILD_PAIR_CONDITION(!strv_isempty(hr->hashed_password), "privileged", JSON_BUILD_OBJECT(JSON_BUILD_PAIR("hashedPassword", JSON_BUILD_STRV(hr->hashed_password)))),
	107	JSON_BUILD_PAIR_CONDITION(hr->locked >= 0, "locked", JSON_BUILD_BOOLEAN(hr->locked)),
	108	JSON_BUILD_PAIR_CONDITION(hr->not_after_usec != UINT64_MAX, "notAfterUSec", JSON_BUILD_UNSIGNED(hr->not_after_usec)),
	109	JSON_BUILD_PAIR_CONDITION(hr->password_change_now >= 0, "passwordChangeNow", JSON_BUILD_BOOLEAN(hr->password_change_now)),
	110	JSON_BUILD_PAIR_CONDITION(hr->last_password_change_usec != UINT64_MAX, "lastPasswordChangeUSec", JSON_BUILD_UNSIGNED(hr->last_password_change_usec)),
	111	JSON_BUILD_PAIR_CONDITION(hr->password_change_min_usec != UINT64_MAX, "passwordChangeMinUSec", JSON_BUILD_UNSIGNED(hr->password_change_min_usec)),
	112	JSON_BUILD_PAIR_CONDITION(hr->password_change_max_usec != UINT64_MAX, "passwordChangeMaxUSec", JSON_BUILD_UNSIGNED(hr->password_change_max_usec)),
	113	JSON_BUILD_PAIR_CONDITION(hr->password_change_warn_usec != UINT64_MAX, "passwordChangeWarnUSec", JSON_BUILD_UNSIGNED(hr->password_change_warn_usec)),
	114	JSON_BUILD_PAIR_CONDITION(hr->password_change_inactive_usec != UINT64_MAX, "passwordChangeInactiveUSec", JSON_BUILD_UNSIGNED(hr->password_change_inactive_usec))));
	115
	116	if (r < 0)
	117	return r;
	118
	119	hr->mask = USER_RECORD_REGULAR \|
	120	(!strv_isempty(hr->hashed_password) ? USER_RECORD_PRIVILEGED : 0);
	121
	122	*ret = TAKE_PTR(hr);
	123	return 0;
	124	}
	125
	126	int nss_spwd_for_passwd(const struct passwd pwd, struct spwd ret_spwd, char **ret_buffer) {
	127	size_t buflen = 4096;
	128	int r;
	129
	130	assert(pwd);
	131	assert(ret_spwd);
	132	assert(ret_buffer);
	133
	134	for (;;) {
	135	_cleanup_free_ char *buf = NULL;
	136	struct spwd spwd, *result;
	137
	138	buf = malloc(buflen);
	139	if (!buf)
	140	return -ENOMEM;
	141
	142	r = getspnam_r(pwd->pw_name, &spwd, buf, buflen, &result);
	143	if (r == 0) {
	144	if (!result)
	145	return -ESRCH;
	146
	147	ret_spwd = result;
	148	*ret_buffer = TAKE_PTR(buf);
	149	return 0;
	150	}
	151	if (r < 0)
	152	return -EIO; /* Weird, this should not return negative! */
	153	if (r != ERANGE)
	154	return -r;
	155
	156	if (buflen > SIZE_MAX / 2)
	157	return -ERANGE;
	158
	159	buflen *= 2;
	160	buf = mfree(buf);
161	}
162	}
163
ed30170e LP	164	int nss_user_record_by_name(
	165	const char *name,
	166	bool with_shadow,
	167	UserRecord **ret) {
	168
9b2d9078 LP	169	_cleanup_free_ char buf = NULL, sbuf = NULL;
	170	struct passwd pwd, *result;
	171	bool incomplete = false;
	172	size_t buflen = 4096;
ed30170e	173	struct spwd spwd, *sresult = NULL;
9b2d9078 LP	174	int r;
	175
	176	assert(name);
	177	assert(ret);
	178
	179	for (;;) {
	180	buf = malloc(buflen);
	181	if (!buf)
	182	return -ENOMEM;
	183
	184	r = getpwnam_r(name, &pwd, buf, buflen, &result);
	185	if (r == 0) {
	186	if (!result)
	187	return -ESRCH;
	188
	189	break;
	190	}
	191
	192	if (r < 0)
	193	return log_debug_errno(SYNTHETIC_ERRNO(EIO), "getpwnam_r() returned a negative value");
	194	if (r != ERANGE)
	195	return -r;
	196
	197	if (buflen > SIZE_MAX / 2)
	198	return -ERANGE;
	199
	200	buflen *= 2;
	201	buf = mfree(buf);
	202	}
	203
ed30170e LP	204	if (with_shadow) {
	205	r = nss_spwd_for_passwd(result, &spwd, &sbuf);
	206	if (r < 0) {
	207	log_debug_errno(r, "Failed to do shadow lookup for user %s, ignoring: %m", name);
	208	incomplete = ERRNO_IS_PRIVILEGE(r);
	209	} else
	210	sresult = &spwd;
	211	} else
	212	incomplete = true;
9b2d9078	213
ed30170e	214	r = nss_passwd_to_user_record(result, sresult, ret);
9b2d9078 LP	215	if (r < 0)
	216	return r;
	217
	218	(*ret)->incomplete = incomplete;
	219	return 0;
	220	}
	221
ed30170e LP	222	int nss_user_record_by_uid(
	223	uid_t uid,
	224	bool with_shadow,
	225	UserRecord **ret) {
	226
9b2d9078 LP	227	_cleanup_free_ char buf = NULL, sbuf = NULL;
	228	struct passwd pwd, *result;
	229	bool incomplete = false;
	230	size_t buflen = 4096;
ed30170e	231	struct spwd spwd, *sresult = NULL;
9b2d9078 LP	232	int r;
	233
	234	assert(ret);
	235
	236	for (;;) {
	237	buf = malloc(buflen);
	238	if (!buf)
	239	return -ENOMEM;
	240
	241	r = getpwuid_r(uid, &pwd, buf, buflen, &result);
	242	if (r == 0) {
	243	if (!result)
	244	return -ESRCH;
	245
	246	break;
	247	}
	248	if (r < 0)
	249	return log_debug_errno(SYNTHETIC_ERRNO(EIO), "getpwuid_r() returned a negative value");
	250	if (r != ERANGE)
	251	return -r;
	252
	253	if (buflen > SIZE_MAX / 2)
	254	return -ERANGE;
	255
	256	buflen *= 2;
	257	buf = mfree(buf);
	258	}
	259
ed30170e LP	260	if (with_shadow) {
	261	r = nss_spwd_for_passwd(result, &spwd, &sbuf);
	262	if (r < 0) {
	263	log_debug_errno(r, "Failed to do shadow lookup for UID " UID_FMT ", ignoring: %m", uid);
	264	incomplete = ERRNO_IS_PRIVILEGE(r);
	265	} else
	266	sresult = &spwd;
	267	} else
	268	incomplete = true;
9b2d9078	269
ed30170e	270	r = nss_passwd_to_user_record(result, sresult, ret);
9b2d9078 LP	271	if (r < 0)
	272	return r;
	273
	274	(*ret)->incomplete = incomplete;
	275	return 0;
	276	}