]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/userdb/userdbctl.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Define FOREACH_DIRENT through FOREACH_DIRENT_ALL
[thirdparty/systemd.git] / src / userdb / userdbctl.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <getopt.h>
4 #include <utmp.h>
5
6 #include "dirent-util.h"
7 #include "errno-list.h"
8 #include "escape.h"
9 #include "fd-util.h"
10 #include "format-table.h"
11 #include "format-util.h"
12 #include "main-func.h"
13 #include "pager.h"
14 #include "parse-argument.h"
15 #include "parse-util.h"
16 #include "pretty-print.h"
17 #include "socket-util.h"
18 #include "strv.h"
19 #include "terminal-util.h"
20 #include "user-record-show.h"
21 #include "user-util.h"
22 #include "userdb.h"
23 #include "verbs.h"
24
25 static enum {
26 OUTPUT_CLASSIC,
27 OUTPUT_TABLE,
28 OUTPUT_FRIENDLY,
29 OUTPUT_JSON,
30 _OUTPUT_INVALID = -EINVAL,
31 } arg_output = _OUTPUT_INVALID;
32
33 static PagerFlags arg_pager_flags = 0;
34 static bool arg_legend = true;
35 static char** arg_services = NULL;
36 static UserDBFlags arg_userdb_flags = 0;
37 static JsonFormatFlags arg_json_format_flags = JSON_FORMAT_OFF;
38 static bool arg_chain = false;
39
40 STATIC_DESTRUCTOR_REGISTER(arg_services, strv_freep);
41
42 static int show_user(UserRecord *ur, Table *table) {
43 int r;
44
45 assert(ur);
46
47 switch (arg_output) {
48
49 case OUTPUT_CLASSIC:
50 if (!uid_is_valid(ur->uid))
51 break;
52
53 printf("%s:x:" UID_FMT ":" GID_FMT ":%s:%s:%s\n",
54 ur->user_name,
55 ur->uid,
56 user_record_gid(ur),
57 strempty(user_record_real_name(ur)),
58 user_record_home_directory(ur),
59 user_record_shell(ur));
60
61 break;
62
63 case OUTPUT_JSON:
64 json_variant_dump(ur->json, arg_json_format_flags, NULL, 0);
65 break;
66
67 case OUTPUT_FRIENDLY:
68 user_record_show(ur, true);
69
70 if (ur->incomplete) {
71 fflush(stdout);
72 log_warning("Warning: lacking rights to acquire privileged fields of user record of '%s', output incomplete.", ur->user_name);
73 }
74
75 break;
76
77 case OUTPUT_TABLE:
78 assert(table);
79
80 r = table_add_many(
81 table,
82 TABLE_STRING, ur->user_name,
83 TABLE_STRING, user_disposition_to_string(user_record_disposition(ur)),
84 TABLE_UID, ur->uid,
85 TABLE_GID, user_record_gid(ur),
86 TABLE_STRING, empty_to_null(ur->real_name),
87 TABLE_STRING, user_record_home_directory(ur),
88 TABLE_STRING, user_record_shell(ur),
89 TABLE_INT, (int) user_record_disposition(ur));
90 if (r < 0)
91 return table_log_add_error(r);
92
93 break;
94
95 default:
96 assert_not_reached();
97 }
98
99 return 0;
100 }
101
102 static int display_user(int argc, char *argv[], void *userdata) {
103 _cleanup_(table_unrefp) Table *table = NULL;
104 bool draw_separator = false;
105 int ret = 0, r;
106
107 if (arg_output < 0)
108 arg_output = argc > 1 ? OUTPUT_FRIENDLY : OUTPUT_TABLE;
109
110 if (arg_output == OUTPUT_TABLE) {
111 table = table_new("name", "disposition", "uid", "gid", "realname", "home", "shell", "disposition-numeric");
112 if (!table)
113 return log_oom();
114
115 (void) table_set_align_percent(table, table_get_cell(table, 0, 2), 100);
116 (void) table_set_align_percent(table, table_get_cell(table, 0, 3), 100);
117 (void) table_set_empty_string(table, "-");
118 (void) table_set_sort(table, (size_t) 7, (size_t) 2);
119 (void) table_set_display(table, (size_t) 0, (size_t) 1, (size_t) 2, (size_t) 3, (size_t) 4, (size_t) 5, (size_t) 6);
120 }
121
122 if (argc > 1) {
123 char **i;
124
125 STRV_FOREACH(i, argv + 1) {
126 _cleanup_(user_record_unrefp) UserRecord *ur = NULL;
127 uid_t uid;
128
129 if (parse_uid(*i, &uid) >= 0)
130 r = userdb_by_uid(uid, arg_userdb_flags, &ur);
131 else
132 r = userdb_by_name(*i, arg_userdb_flags, &ur);
133 if (r < 0) {
134 if (r == -ESRCH)
135 log_error_errno(r, "User %s does not exist.", *i);
136 else if (r == -EHOSTDOWN)
137 log_error_errno(r, "Selected user database service is not available for this request.");
138 else
139 log_error_errno(r, "Failed to find user %s: %m", *i);
140
141 if (ret >= 0)
142 ret = r;
143 } else {
144 if (draw_separator && arg_output == OUTPUT_FRIENDLY)
145 putchar('\n');
146
147 r = show_user(ur, table);
148 if (r < 0)
149 return r;
150
151 draw_separator = true;
152 }
153 }
154 } else {
155 _cleanup_(userdb_iterator_freep) UserDBIterator *iterator = NULL;
156
157 r = userdb_all(arg_userdb_flags, &iterator);
158 if (r == -ENOLINK) /* ENOLINK → Didn't find answer without Varlink, and didn't try Varlink because was configured to off. */
159 log_debug_errno(r, "No entries found. (Didn't check via Varlink.)");
160 else if (r == -ESRCH) /* ESRCH → Couldn't find any suitable entry, but we checked all sources */
161 log_debug_errno(r, "No entries found.");
162 else if (r < 0)
163 return log_error_errno(r, "Failed to enumerate users: %m");
164 else {
165 for (;;) {
166 _cleanup_(user_record_unrefp) UserRecord *ur = NULL;
167
168 r = userdb_iterator_get(iterator, &ur);
169 if (r == -ESRCH)
170 break;
171 if (r == -EHOSTDOWN)
172 return log_error_errno(r, "Selected user database service is not available for this request.");
173 if (r < 0)
174 return log_error_errno(r, "Failed acquire next user: %m");
175
176 if (draw_separator && arg_output == OUTPUT_FRIENDLY)
177 putchar('\n');
178
179 r = show_user(ur, table);
180 if (r < 0)
181 return r;
182
183 draw_separator = true;
184 }
185 }
186 }
187
188 if (table) {
189 if (table_get_rows(table) > 1) {
190 r = table_print_with_pager(table, arg_json_format_flags, arg_pager_flags, arg_legend);
191 if (r < 0)
192 return table_log_print_error(r);
193 }
194
195 if (arg_legend) {
196 if (table_get_rows(table) > 1)
197 printf("\n%zu users listed.\n", table_get_rows(table) - 1);
198 else
199 printf("No users.\n");
200 }
201 }
202
203 return ret;
204 }
205
206 static int show_group(GroupRecord *gr, Table *table) {
207 int r;
208
209 assert(gr);
210
211 switch (arg_output) {
212
213 case OUTPUT_CLASSIC: {
214 _cleanup_free_ char *m = NULL;
215
216 if (!gid_is_valid(gr->gid))
217 break;
218
219 m = strv_join(gr->members, ",");
220 if (!m)
221 return log_oom();
222
223 printf("%s:x:" GID_FMT ":%s\n",
224 gr->group_name,
225 gr->gid,
226 m);
227 break;
228 }
229
230 case OUTPUT_JSON:
231 json_variant_dump(gr->json, arg_json_format_flags, NULL, 0);
232 break;
233
234 case OUTPUT_FRIENDLY:
235 group_record_show(gr, true);
236
237 if (gr->incomplete) {
238 fflush(stdout);
239 log_warning("Warning: lacking rights to acquire privileged fields of group record of '%s', output incomplete.", gr->group_name);
240 }
241
242 break;
243
244 case OUTPUT_TABLE:
245 assert(table);
246
247 r = table_add_many(
248 table,
249 TABLE_STRING, gr->group_name,
250 TABLE_STRING, user_disposition_to_string(group_record_disposition(gr)),
251 TABLE_GID, gr->gid,
252 TABLE_STRING, gr->description,
253 TABLE_INT, (int) group_record_disposition(gr));
254 if (r < 0)
255 return table_log_add_error(r);
256
257 break;
258
259 default:
260 assert_not_reached();
261 }
262
263 return 0;
264 }
265
266
267 static int display_group(int argc, char *argv[], void *userdata) {
268 _cleanup_(table_unrefp) Table *table = NULL;
269 bool draw_separator = false;
270 int ret = 0, r;
271
272 if (arg_output < 0)
273 arg_output = argc > 1 ? OUTPUT_FRIENDLY : OUTPUT_TABLE;
274
275 if (arg_output == OUTPUT_TABLE) {
276 table = table_new("name", "disposition", "gid", "description", "disposition-numeric");
277 if (!table)
278 return log_oom();
279
280 (void) table_set_align_percent(table, table_get_cell(table, 0, 2), 100);
281 (void) table_set_empty_string(table, "-");
282 (void) table_set_sort(table, (size_t) 3, (size_t) 2);
283 (void) table_set_display(table, (size_t) 0, (size_t) 1, (size_t) 2, (size_t) 3);
284 }
285
286 if (argc > 1) {
287 char **i;
288
289 STRV_FOREACH(i, argv + 1) {
290 _cleanup_(group_record_unrefp) GroupRecord *gr = NULL;
291 gid_t gid;
292
293 if (parse_gid(*i, &gid) >= 0)
294 r = groupdb_by_gid(gid, arg_userdb_flags, &gr);
295 else
296 r = groupdb_by_name(*i, arg_userdb_flags, &gr);
297 if (r < 0) {
298 if (r == -ESRCH)
299 log_error_errno(r, "Group %s does not exist.", *i);
300 else if (r == -EHOSTDOWN)
301 log_error_errno(r, "Selected group database service is not available for this request.");
302 else
303 log_error_errno(r, "Failed to find group %s: %m", *i);
304
305 if (ret >= 0)
306 ret = r;
307 } else {
308 if (draw_separator && arg_output == OUTPUT_FRIENDLY)
309 putchar('\n');
310
311 r = show_group(gr, table);
312 if (r < 0)
313 return r;
314
315 draw_separator = true;
316 }
317 }
318
319 } else {
320 _cleanup_(userdb_iterator_freep) UserDBIterator *iterator = NULL;
321
322 r = groupdb_all(arg_userdb_flags, &iterator);
323 if (r == -ENOLINK)
324 log_debug_errno(r, "No entries found. (Didn't check via Varlink.)");
325 else if (r == -ESRCH)
326 log_debug_errno(r, "No entries found.");
327 else if (r < 0)
328 return log_error_errno(r, "Failed to enumerate groups: %m");
329 else {
330 for (;;) {
331 _cleanup_(group_record_unrefp) GroupRecord *gr = NULL;
332
333 r = groupdb_iterator_get(iterator, &gr);
334 if (r == -ESRCH)
335 break;
336 if (r == -EHOSTDOWN)
337 return log_error_errno(r, "Selected group database service is not available for this request.");
338 if (r < 0)
339 return log_error_errno(r, "Failed acquire next group: %m");
340
341 if (draw_separator && arg_output == OUTPUT_FRIENDLY)
342 putchar('\n');
343
344 r = show_group(gr, table);
345 if (r < 0)
346 return r;
347
348 draw_separator = true;
349 }
350 }
351 }
352
353 if (table) {
354 if (table_get_rows(table) > 1) {
355 r = table_print_with_pager(table, arg_json_format_flags, arg_pager_flags, arg_legend);
356 if (r < 0)
357 return table_log_print_error(r);
358 }
359
360 if (arg_legend) {
361 if (table_get_rows(table) > 1)
362 printf("\n%zu groups listed.\n", table_get_rows(table) - 1);
363 else
364 printf("No groups.\n");
365 }
366 }
367
368 return ret;
369 }
370
371 static int show_membership(const char *user, const char *group, Table *table) {
372 int r;
373
374 assert(user);
375 assert(group);
376
377 switch (arg_output) {
378
379 case OUTPUT_CLASSIC:
380 /* Strictly speaking there's no 'classic' output for this concept, but let's output it in
381 * similar style to the classic output for user/group info */
382
383 printf("%s:%s\n", user, group);
384 break;
385
386 case OUTPUT_JSON: {
387 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
388
389 r = json_build(&v, JSON_BUILD_OBJECT(
390 JSON_BUILD_PAIR("user", JSON_BUILD_STRING(user)),
391 JSON_BUILD_PAIR("group", JSON_BUILD_STRING(group))));
392 if (r < 0)
393 return log_error_errno(r, "Failed to build JSON object: %m");
394
395 json_variant_dump(v, arg_json_format_flags, NULL, NULL);
396 break;
397 }
398
399 case OUTPUT_FRIENDLY:
400 /* Hmm, this is not particularly friendly, but not sure how we could do this better */
401 printf("%s: %s\n", group, user);
402 break;
403
404 case OUTPUT_TABLE:
405 assert(table);
406
407 r = table_add_many(
408 table,
409 TABLE_STRING, user,
410 TABLE_STRING, group);
411 if (r < 0)
412 return table_log_add_error(r);
413
414 break;
415
416 default:
417 assert_not_reached();
418 }
419
420 return 0;
421 }
422
423 static int display_memberships(int argc, char *argv[], void *userdata) {
424 _cleanup_(table_unrefp) Table *table = NULL;
425 int ret = 0, r;
426
427 if (arg_output < 0)
428 arg_output = OUTPUT_TABLE;
429
430 if (arg_output == OUTPUT_TABLE) {
431 table = table_new("user", "group");
432 if (!table)
433 return log_oom();
434
435 (void) table_set_sort(table, (size_t) 0, (size_t) 1);
436 }
437
438 if (argc > 1) {
439 char **i;
440
441 STRV_FOREACH(i, argv + 1) {
442 _cleanup_(userdb_iterator_freep) UserDBIterator *iterator = NULL;
443
444 if (streq(argv[0], "users-in-group")) {
445 r = membershipdb_by_group(*i, arg_userdb_flags, &iterator);
446 if (r < 0)
447 return log_error_errno(r, "Failed to enumerate users in group: %m");
448 } else if (streq(argv[0], "groups-of-user")) {
449 r = membershipdb_by_user(*i, arg_userdb_flags, &iterator);
450 if (r < 0)
451 return log_error_errno(r, "Failed to enumerate groups of user: %m");
452 } else
453 assert_not_reached();
454
455 for (;;) {
456 _cleanup_free_ char *user = NULL, *group = NULL;
457
458 r = membershipdb_iterator_get(iterator, &user, &group);
459 if (r == -ESRCH)
460 break;
461 if (r == -EHOSTDOWN)
462 return log_error_errno(r, "Selected membership database service is not available for this request.");
463 if (r < 0)
464 return log_error_errno(r, "Failed acquire next membership: %m");
465
466 r = show_membership(user, group, table);
467 if (r < 0)
468 return r;
469 }
470 }
471 } else {
472 _cleanup_(userdb_iterator_freep) UserDBIterator *iterator = NULL;
473
474 r = membershipdb_all(arg_userdb_flags, &iterator);
475 if (r == -ENOLINK)
476 log_debug_errno(r, "No entries found. (Didn't check via Varlink.)");
477 else if (r == -ESRCH)
478 log_debug_errno(r, "No entries found.");
479 else if (r < 0)
480 return log_error_errno(r, "Failed to enumerate memberships: %m");
481 else {
482 for (;;) {
483 _cleanup_free_ char *user = NULL, *group = NULL;
484
485 r = membershipdb_iterator_get(iterator, &user, &group);
486 if (r == -ESRCH)
487 break;
488 if (r == -EHOSTDOWN)
489 return log_error_errno(r, "Selected membership database service is not available for this request.");
490 if (r < 0)
491 return log_error_errno(r, "Failed acquire next membership: %m");
492
493 r = show_membership(user, group, table);
494 if (r < 0)
495 return r;
496 }
497 }
498 }
499
500 if (table) {
501 if (table_get_rows(table) > 1) {
502 r = table_print_with_pager(table, arg_json_format_flags, arg_pager_flags, arg_legend);
503 if (r < 0)
504 return table_log_print_error(r);
505 }
506
507 if (arg_legend) {
508 if (table_get_rows(table) > 1)
509 printf("\n%zu memberships listed.\n", table_get_rows(table) - 1);
510 else
511 printf("No memberships.\n");
512 }
513 }
514
515 return ret;
516 }
517
518 static int display_services(int argc, char *argv[], void *userdata) {
519 _cleanup_(table_unrefp) Table *t = NULL;
520 _cleanup_(closedirp) DIR *d = NULL;
521 int r;
522
523 d = opendir("/run/systemd/userdb/");
524 if (!d) {
525 if (errno == ENOENT) {
526 log_info("No services.");
527 return 0;
528 }
529
530 return log_error_errno(errno, "Failed to open /run/systemd/userdb/: %m");
531 }
532
533 t = table_new("service", "listening");
534 if (!t)
535 return log_oom();
536
537 (void) table_set_sort(t, (size_t) 0);
538
539 FOREACH_DIRENT(de, d, return -errno) {
540 _cleanup_free_ char *j = NULL, *no = NULL;
541 union sockaddr_union sockaddr;
542 socklen_t sockaddr_len;
543 _cleanup_close_ int fd = -1;
544
545 j = path_join("/run/systemd/userdb/", de->d_name);
546 if (!j)
547 return log_oom();
548
549 r = sockaddr_un_set_path(&sockaddr.un, j);
550 if (r < 0)
551 return log_error_errno(r, "Path %s does not fit in AF_UNIX socket address: %m", j);
552 sockaddr_len = r;
553
554 fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
555 if (fd < 0)
556 return log_error_errno(r, "Failed to allocate AF_UNIX/SOCK_STREAM socket: %m");
557
558 if (connect(fd, &sockaddr.sa, sockaddr_len) < 0) {
559 no = strjoin("No (", errno_to_name(errno), ")");
560 if (!no)
561 return log_oom();
562 }
563
564 r = table_add_many(t,
565 TABLE_STRING, de->d_name,
566 TABLE_STRING, no ?: "yes",
567 TABLE_SET_COLOR, no ? ansi_highlight_red() : ansi_highlight_green());
568 if (r < 0)
569 return table_log_add_error(r);
570 }
571
572 if (table_get_rows(t) > 1) {
573 r = table_print_with_pager(t, arg_json_format_flags, arg_pager_flags, arg_legend);
574 if (r < 0)
575 return table_log_print_error(r);
576 }
577
578 if (arg_legend) {
579 if (table_get_rows(t) > 1)
580 printf("\n%zu services listed.\n", table_get_rows(t) - 1);
581 else
582 printf("No services.\n");
583 }
584
585 return 0;
586 }
587
588 static int ssh_authorized_keys(int argc, char *argv[], void *userdata) {
589 _cleanup_(user_record_unrefp) UserRecord *ur = NULL;
590 char **chain_invocation;
591 int r;
592
593 assert(argc >= 2);
594
595 if (arg_chain) {
596 /* If --chain is specified, the rest of the command line is the chain command */
597
598 if (argc < 3)
599 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
600 "No chain command line specified, refusing.");
601
602 /* Make similar restrictions on the chain command as OpenSSH itself makes on the primary command. */
603 if (!path_is_absolute(argv[2]))
604 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
605 "Chain invocation of ssh-authorized-keys commands requires an absolute binary path argument.");
606
607 if (!path_is_normalized(argv[2]))
608 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
609 "Chain invocation of ssh-authorized-keys commands requires an normalized binary path argument.");
610
611 chain_invocation = argv + 2;
612 } else {
613 /* If --chain is not specified, then refuse any further arguments */
614
615 if (argc > 2)
616 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Too many arguments.");
617
618 chain_invocation = NULL;
619 }
620
621 r = userdb_by_name(argv[1], arg_userdb_flags, &ur);
622 if (r == -ESRCH)
623 log_error_errno(r, "User %s does not exist.", argv[1]);
624 else if (r == -EHOSTDOWN)
625 log_error_errno(r, "Selected user database service is not available for this request.");
626 else if (r == -EINVAL)
627 log_error_errno(r, "Failed to find user %s: %m (Invalid user name?)", argv[1]);
628 else if (r < 0)
629 log_error_errno(r, "Failed to find user %s: %m", argv[1]);
630 else {
631 if (strv_isempty(ur->ssh_authorized_keys))
632 log_debug("User record for %s has no public SSH keys.", argv[1]);
633 else {
634 char **i;
635
636 STRV_FOREACH(i, ur->ssh_authorized_keys)
637 printf("%s\n", *i);
638 }
639
640 if (ur->incomplete) {
641 fflush(stdout);
642 log_warning("Warning: lacking rights to acquire privileged fields of user record of '%s', output incomplete.", ur->user_name);
643 }
644 }
645
646 if (chain_invocation) {
647 if (DEBUG_LOGGING) {
648 _cleanup_free_ char *s = NULL;
649
650 s = quote_command_line(chain_invocation, SHELL_ESCAPE_EMPTY);
651 if (!s)
652 return log_oom();
653
654 log_debug("Chain invoking: %s", s);
655 }
656
657 execv(chain_invocation[0], chain_invocation);
658 if (errno == ENOENT) /* Let's handle ENOENT gracefully */
659 log_warning_errno(errno, "Chain executable '%s' does not exist, ignoring chain invocation.", chain_invocation[0]);
660 else {
661 log_error_errno(errno, "Failed to invoke chain executable '%s': %m", chain_invocation[0]);
662 if (r >= 0)
663 r = -errno;
664 }
665 }
666
667 return r;
668 }
669
670 static int help(int argc, char *argv[], void *userdata) {
671 _cleanup_free_ char *link = NULL;
672 int r;
673
674 pager_open(arg_pager_flags);
675
676 r = terminal_urlify_man("userdbctl", "1", &link);
677 if (r < 0)
678 return log_oom();
679
680 printf("%s [OPTIONS...] COMMAND ...\n\n"
681 "%sShow user and group information.%s\n"
682 "\nCommands:\n"
683 " user [USER…] Inspect user\n"
684 " group [GROUP…] Inspect group\n"
685 " users-in-group [GROUP…] Show users that are members of specified group(s)\n"
686 " groups-of-user [USER…] Show groups the specified user(s) is a member of\n"
687 " services Show enabled database services\n"
688 " ssh-authorized-keys USER Show SSH authorized keys for user\n"
689 "\nOptions:\n"
690 " -h --help Show this help\n"
691 " --version Show package version\n"
692 " --no-pager Do not pipe output into a pager\n"
693 " --no-legend Do not show the headers and footers\n"
694 " --output=MODE Select output mode (classic, friendly, table, json)\n"
695 " -j Equivalent to --output=json\n"
696 " -s --service=SERVICE[:SERVICE…]\n"
697 " Query the specified service\n"
698 " --with-nss=BOOL Control whether to include glibc NSS data\n"
699 " -N Do not synthesize or include glibc NSS data\n"
700 " (Same as --synthesize=no --with-nss=no)\n"
701 " --synthesize=BOOL Synthesize root/nobody user\n"
702 " --with-dropin=BOOL Control whether to include drop-in records\n"
703 " --with-varlink=BOOL Control whether to talk to services at all\n"
704 " --multiplexer=BOOL Control whether to use the multiplexer\n"
705 " --json=pretty|short JSON output mode\n"
706 " --chain Chain another command\n"
707 "\nSee the %s for details.\n",
708 program_invocation_short_name,
709 ansi_highlight(),
710 ansi_normal(),
711 link);
712
713 return 0;
714 }
715
716 static int parse_argv(int argc, char *argv[]) {
717
718 enum {
719 ARG_VERSION = 0x100,
720 ARG_NO_PAGER,
721 ARG_NO_LEGEND,
722 ARG_OUTPUT,
723 ARG_WITH_NSS,
724 ARG_WITH_DROPIN,
725 ARG_WITH_VARLINK,
726 ARG_SYNTHESIZE,
727 ARG_MULTIPLEXER,
728 ARG_JSON,
729 ARG_CHAIN,
730 };
731
732 static const struct option options[] = {
733 { "help", no_argument, NULL, 'h' },
734 { "version", no_argument, NULL, ARG_VERSION },
735 { "no-pager", no_argument, NULL, ARG_NO_PAGER },
736 { "no-legend", no_argument, NULL, ARG_NO_LEGEND },
737 { "output", required_argument, NULL, ARG_OUTPUT },
738 { "service", required_argument, NULL, 's' },
739 { "with-nss", required_argument, NULL, ARG_WITH_NSS },
740 { "with-dropin", required_argument, NULL, ARG_WITH_DROPIN },
741 { "with-varlink", required_argument, NULL, ARG_WITH_VARLINK },
742 { "synthesize", required_argument, NULL, ARG_SYNTHESIZE },
743 { "multiplexer", required_argument, NULL, ARG_MULTIPLEXER },
744 { "json", required_argument, NULL, ARG_JSON },
745 { "chain", no_argument, NULL, ARG_CHAIN },
746 {}
747 };
748
749 const char *e;
750 int r;
751
752 assert(argc >= 0);
753 assert(argv);
754
755 /* We are going to update this environment variable with our own, hence let's first read what is already set */
756 e = getenv("SYSTEMD_ONLY_USERDB");
757 if (e) {
758 char **l;
759
760 l = strv_split(e, ":");
761 if (!l)
762 return log_oom();
763
764 strv_free(arg_services);
765 arg_services = l;
766 }
767
768 for (;;) {
769 int c;
770
771 c = getopt_long(argc, argv,
772 arg_chain ? "+hjs:N" : "hjs:N", /* When --chain was used disable parsing of further switches */
773 options, NULL);
774 if (c < 0)
775 break;
776
777 switch (c) {
778
779 case 'h':
780 return help(0, NULL, NULL);
781
782 case ARG_VERSION:
783 return version();
784
785 case ARG_NO_PAGER:
786 arg_pager_flags |= PAGER_DISABLE;
787 break;
788
789 case ARG_NO_LEGEND:
790 arg_legend = false;
791 break;
792
793 case ARG_OUTPUT:
794 if (isempty(optarg))
795 arg_output = _OUTPUT_INVALID;
796 else if (streq(optarg, "classic"))
797 arg_output = OUTPUT_CLASSIC;
798 else if (streq(optarg, "friendly"))
799 arg_output = OUTPUT_FRIENDLY;
800 else if (streq(optarg, "json"))
801 arg_output = OUTPUT_JSON;
802 else if (streq(optarg, "table"))
803 arg_output = OUTPUT_TABLE;
804 else if (streq(optarg, "help")) {
805 puts("classic\n"
806 "friendly\n"
807 "json\n"
808 "table");
809 return 0;
810 } else
811 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid --output= mode: %s", optarg);
812
813 arg_json_format_flags = arg_output == OUTPUT_JSON ? JSON_FORMAT_PRETTY|JSON_FORMAT_COLOR_AUTO : JSON_FORMAT_OFF;
814 break;
815
816 case ARG_JSON:
817 r = parse_json_argument(optarg, &arg_json_format_flags);
818 if (r <= 0)
819 return r;
820
821 arg_output = FLAGS_SET(arg_json_format_flags, JSON_FORMAT_OFF) ? _OUTPUT_INVALID : OUTPUT_JSON;
822 break;
823
824 case 'j':
825 arg_json_format_flags = JSON_FORMAT_PRETTY|JSON_FORMAT_COLOR_AUTO;
826 arg_output = OUTPUT_JSON;
827 break;
828
829 case 's':
830 if (isempty(optarg))
831 arg_services = strv_free(arg_services);
832 else {
833 _cleanup_strv_free_ char **l = NULL;
834
835 l = strv_split(optarg, ":");
836 if (!l)
837 return log_oom();
838
839 r = strv_extend_strv(&arg_services, l, true);
840 if (r < 0)
841 return log_oom();
842 }
843
844 break;
845
846 case 'N':
847 arg_userdb_flags |= USERDB_EXCLUDE_NSS|USERDB_DONT_SYNTHESIZE;
848 break;
849
850 case ARG_WITH_NSS:
851 r = parse_boolean_argument("--with-nss=", optarg, NULL);
852 if (r < 0)
853 return r;
854
855 SET_FLAG(arg_userdb_flags, USERDB_EXCLUDE_NSS, !r);
856 break;
857
858 case ARG_WITH_DROPIN:
859 r = parse_boolean_argument("--with-dropin=", optarg, NULL);
860 if (r < 0)
861 return r;
862
863 SET_FLAG(arg_userdb_flags, USERDB_EXCLUDE_DROPIN, !r);
864 break;
865
866 case ARG_WITH_VARLINK:
867 r = parse_boolean_argument("--with-varlink=", optarg, NULL);
868 if (r < 0)
869 return r;
870
871 SET_FLAG(arg_userdb_flags, USERDB_EXCLUDE_VARLINK, !r);
872 break;
873
874 case ARG_SYNTHESIZE:
875 r = parse_boolean_argument("--synthesize=", optarg, NULL);
876 if (r < 0)
877 return r;
878
879 SET_FLAG(arg_userdb_flags, USERDB_DONT_SYNTHESIZE, !r);
880 break;
881
882 case ARG_MULTIPLEXER:
883 r = parse_boolean_argument("--multiplexer=", optarg, NULL);
884 if (r < 0)
885 return r;
886
887 SET_FLAG(arg_userdb_flags, USERDB_AVOID_MULTIPLEXER, !r);
888 break;
889
890 case ARG_CHAIN:
891 arg_chain = true;
892 break;
893
894 case '?':
895 return -EINVAL;
896
897 default:
898 assert_not_reached();
899 }
900 }
901
902 return 1;
903 }
904
905 static int run(int argc, char *argv[]) {
906 static const Verb verbs[] = {
907 { "help", VERB_ANY, VERB_ANY, 0, help },
908 { "user", VERB_ANY, VERB_ANY, VERB_DEFAULT, display_user },
909 { "group", VERB_ANY, VERB_ANY, 0, display_group },
910 { "users-in-group", VERB_ANY, VERB_ANY, 0, display_memberships },
911 { "groups-of-user", VERB_ANY, VERB_ANY, 0, display_memberships },
912 { "services", VERB_ANY, 1, 0, display_services },
913
914 /* This one is a helper for sshd_config's AuthorizedKeysCommand= setting, it's not a
915 * user-facing verb and thus should not appear in man pages or --help texts. */
916 { "ssh-authorized-keys", 2, VERB_ANY, 0, ssh_authorized_keys },
917 {}
918 };
919
920 int r;
921
922 log_setup();
923
924 r = parse_argv(argc, argv);
925 if (r <= 0)
926 return r;
927
928 if (arg_services) {
929 _cleanup_free_ char *e = NULL;
930
931 e = strv_join(arg_services, ":");
932 if (!e)
933 return log_oom();
934
935 if (setenv("SYSTEMD_ONLY_USERDB", e, true) < 0)
936 return log_error_errno(r, "Failed to set $SYSTEMD_ONLY_USERDB: %m");
937
938 log_info("Enabled services: %s", e);
939 } else
940 assert_se(unsetenv("SYSTEMD_ONLY_USERDB") == 0);
941
942 return dispatch_verb(argc, argv, verbs, NULL);
943 }
944
945 DEFINE_MAIN_FUNCTION(run);
Unnamed repository; edit this file 'description' to name the repository.