along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
-#include <sys/types.h>
#include <pwd.h>
#include <grp.h>
#include <shadow.h>
#include "conf-files.h"
#include "copy.h"
#include "utf8.h"
-#include "label.h"
#include "fileio-label.h"
#include "uid-range.h"
+#include "selinux-util.h"
+#include "formats-util.h"
typedef enum ItemType {
ADD_USER = 'u',
static char *arg_root = NULL;
-static const char conf_file_dirs[] =
- "/etc/sysusers.d\0"
- "/run/sysusers.d\0"
- "/usr/local/lib/sysusers.d\0"
- "/usr/lib/sysusers.d\0"
-#ifdef HAVE_SPLIT_USR
- "/lib/sysusers.d\0"
-#endif
- ;
+static const char conf_file_dirs[] = CONF_DIRS_NULSTR("sysusers");
static Hashmap *users = NULL, *groups = NULL;
static Hashmap *todo_uids = NULL, *todo_gids = NULL;
static Hashmap *database_uid = NULL, *database_user = NULL;
static Hashmap *database_gid = NULL, *database_group = NULL;
-static uid_t search_uid = (uid_t) -1;
+static uid_t search_uid = UID_INVALID;
static UidRange *uid_range = NULL;
static unsigned n_uid_range = 0;
-#define UID_TO_PTR(u) (ULONG_TO_PTR(u+1))
-#define PTR_TO_UID(u) ((uid_t) (PTR_TO_ULONG(u)-1))
-
-#define GID_TO_PTR(g) (ULONG_TO_PTR(g+1))
-#define PTR_TO_GID(g) ((gid_t) (PTR_TO_ULONG(g)-1))
-
-#define fix_root(x) (arg_root ? strappenda(arg_root, x) : x)
-
static int load_user_database(void) {
_cleanup_fclose_ FILE *f = NULL;
const char *passwd_path;
struct passwd *pw;
int r;
- passwd_path = fix_root("/etc/passwd");
+ passwd_path = prefix_roota(arg_root, "/etc/passwd");
f = fopen(passwd_path, "re");
if (!f)
return errno == ENOENT ? 0 : -errno;
struct group *gr;
int r;
- group_path = fix_root("/etc/group");
+ group_path = prefix_roota(arg_root, "/etc/group");
f = fopen(group_path, "re");
if (!f)
return errno == ENOENT ? 0 : -errno;
if (r < 0)
return r;
- r = copy_bytes(src, fileno(dst), (off_t) -1);
+ r = copy_bytes(src, fileno(dst), (uint64_t) -1, true);
if (r < 0)
goto fail;
/* Don't fail on chmod() or chown(). If it stays owned by us
* and/or unreadable by others, then it isn't too bad... */
- backup = strappenda(x, "-");
+ backup = strjoina(x, "-");
/* Copy over the access mask */
if (fchmod(fileno(dst), st.st_mode & 07777) < 0)
- log_warning("Failed to change mode on %s: %m", backup);
+ log_warning_errno(errno, "Failed to change mode on %s: %m", backup);
if (fchown(fileno(dst), st.st_uid, st.st_gid)< 0)
- log_warning("Failed to change ownership of %s: %m", backup);
+ log_warning_errno(errno, "Failed to change ownership of %s: %m", backup);
ts[0] = st.st_atim;
ts[1] = st.st_mtim;
if (futimens(fileno(dst), ts) < 0)
- log_warning("Failed to fix access and modification time of %s: %m", backup);
+ log_warning_errno(errno, "Failed to fix access and modification time of %s: %m", backup);
if (rename(temp, backup) < 0)
goto fail;
_cleanup_fclose_ FILE *original = NULL;
/* First we update the actual group list file */
- group_path = fix_root("/etc/group");
+ group_path = prefix_roota(arg_root, "/etc/group");
r = fopen_temporary_label("/etc/group", group_path, &group, &group_tmp);
if (r < 0)
goto finish;
}
/* OK, now also update the shadow file for the group list */
- gshadow_path = fix_root("/etc/gshadow");
+ gshadow_path = prefix_roota(arg_root, "/etc/gshadow");
r = fopen_temporary_label("/etc/gshadow", gshadow_path, &gshadow, &gshadow_tmp);
if (r < 0)
goto finish;
long lstchg;
/* First we update the user database itself */
- passwd_path = fix_root("/etc/passwd");
+ passwd_path = prefix_roota(arg_root, "/etc/passwd");
r = fopen_temporary_label("/etc/passwd", passwd_path, &passwd, &passwd_tmp);
if (r < 0)
goto finish;
}
/* The we update the shadow database */
- shadow_path = fix_root("/etc/shadow");
+ shadow_path = prefix_roota(arg_root, "/etc/shadow");
r = fopen_temporary_label("/etc/shadow", shadow_path, &shadow, &shadow_tmp);
if (r < 0)
goto finish;
+ lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY);
+
original = fopen(shadow_path, "re");
if (original) {
struct spwd *sp;
i = hashmap_get(users, sp->sp_namp);
if (i && i->todo_user) {
- r = -EEXIST;
- goto finish;
+ /* we will update the existing entry */
+ sp->sp_lstchg = lstchg;
+
+ /* only the /etc/shadow stage is left, so we can
+ * safely remove the item from the todo set */
+ i->todo_user = false;
+ hashmap_remove(todo_uids, UID_TO_PTR(i->uid));
}
errno = 0;
goto finish;
}
- lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY);
HASHMAP_FOREACH(i, todo_uids, iterator) {
struct spwd n = {
.sp_namp = i->name,
goto finish;
}
- free(group_tmp);
- group_tmp = NULL;
+ group_tmp = mfree(group_tmp);
}
if (gshadow) {
if (rename(gshadow_tmp, gshadow_path) < 0) {
goto finish;
}
- free(gshadow_tmp);
- gshadow_tmp = NULL;
+ gshadow_tmp = mfree(gshadow_tmp);
}
}
goto finish;
}
- free(passwd_tmp);
- passwd_tmp = NULL;
+ passwd_tmp = mfree(passwd_tmp);
}
if (shadow) {
if (rename(shadow_tmp, shadow_path) < 0) {
goto finish;
}
- free(shadow_tmp);
- shadow_tmp = NULL;
+ shadow_tmp = mfree(shadow_tmp);
}
r = 0;
static int root_stat(const char *p, struct stat *st) {
const char *fix;
- fix = fix_root(p);
+ fix = prefix_roota(arg_root, p);
if (stat(fix, st) < 0)
return -errno;
if (!arg_root) {
struct passwd *p;
- struct spwd *sp;
/* Also check NSS */
errno = 0;
i->uid = p->pw_uid;
i->uid_set = true;
- free(i->description);
- i->description = strdup(p->pw_gecos);
- return 0;
- }
- if (!IN_SET(errno, 0, ENOENT)) {
- log_error("Failed to check if user %s already exists: %m", i->name);
- return -errno;
- }
+ r = free_and_strdup(&i->description, p->pw_gecos);
+ if (r < 0)
+ return log_oom();
- /* And shadow too, just to be sure */
- errno = 0;
- sp = getspnam(i->name);
- if (sp) {
- log_error("User %s already exists in shadow database, but not in user database.", i->name);
- return -EBADMSG;
- }
- if (!IN_SET(errno, 0, ENOENT)) {
- log_error("Failed to check if user %s already exists in shadow database: %m", i->name);
- return -errno;
+ return 0;
}
+ if (!IN_SET(errno, 0, ENOENT))
+ return log_error_errno(errno, "Failed to check if user %s already exists: %m", i->name);
}
/* Try to use the suggested numeric uid */
if (i->uid_set) {
r = uid_is_ok(i->uid, i->name);
- if (r < 0) {
- log_error("Failed to verify uid " UID_FMT ": %s", i->uid, strerror(-r));
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to verify uid " UID_FMT ": %m", i->uid);
if (r == 0) {
log_debug("Suggested user ID " UID_FMT " for %s already used.", i->uid, i->name);
i->uid_set = false;
log_debug("User ID " UID_FMT " of file not suitable for %s.", c, i->name);
else {
r = uid_is_ok(c, i->name);
- if (r < 0) {
- log_error("Failed to verify uid " UID_FMT ": %s", i->uid, strerror(-r));
- return r;
- } else if (r > 0) {
+ if (r < 0)
+ return log_error_errno(r, "Failed to verify uid " UID_FMT ": %m", i->uid);
+ else if (r > 0) {
i->uid = c;
i->uid_set = true;
} else
/* Otherwise try to reuse the group ID */
if (!i->uid_set && i->gid_set) {
r = uid_is_ok((uid_t) i->gid, i->name);
- if (r < 0) {
- log_error("Failed to verify uid " UID_FMT ": %s", i->uid, strerror(-r));
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to verify uid " UID_FMT ": %m", i->uid);
if (r > 0) {
i->uid = (uid_t) i->gid;
i->uid_set = true;
}
r = uid_is_ok(search_uid, i->name);
- if (r < 0) {
- log_error("Failed to verify uid " UID_FMT ": %s", i->uid, strerror(-r));
- return r;
- } else if (r > 0)
+ if (r < 0)
+ return log_error_errno(r, "Failed to verify uid " UID_FMT ": %m", i->uid);
+ else if (r > 0)
break;
}
i->gid_set = true;
return 0;
}
- if (!IN_SET(errno, 0, ENOENT)) {
- log_error("Failed to check if group %s already exists: %m", i->name);
- return -errno;
- }
+ if (!IN_SET(errno, 0, ENOENT))
+ return log_error_errno(errno, "Failed to check if group %s already exists: %m", i->name);
}
/* Try to use the suggested numeric gid */
if (i->gid_set) {
r = gid_is_ok(i->gid);
- if (r < 0) {
- log_error("Failed to verify gid " GID_FMT ": %s", i->gid, strerror(-r));
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to verify gid " GID_FMT ": %m", i->gid);
if (r == 0) {
log_debug("Suggested group ID " GID_FMT " for %s already used.", i->gid, i->name);
i->gid_set = false;
/* Try to reuse the numeric uid, if there's one */
if (!i->gid_set && i->uid_set) {
r = gid_is_ok((gid_t) i->uid);
- if (r < 0) {
- log_error("Failed to verify gid " GID_FMT ": %s", i->gid, strerror(-r));
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to verify gid " GID_FMT ": %m", i->gid);
if (r > 0) {
i->gid = (gid_t) i->uid;
i->gid_set = true;
log_debug("Group ID " GID_FMT " of file not suitable for %s.", c, i->name);
else {
r = gid_is_ok(c);
- if (r < 0) {
- log_error("Failed to verify gid " GID_FMT ": %s", i->gid, strerror(-r));
- return r;
- } else if (r > 0) {
+ if (r < 0)
+ return log_error_errno(r, "Failed to verify gid " GID_FMT ": %m", i->gid);
+ else if (r > 0) {
i->gid = c;
i->gid_set = true;
} else
}
r = gid_is_ok(search_uid);
- if (r < 0) {
- log_error("Failed to verify gid " GID_FMT ": %s", i->gid, strerror(-r));
- return r;
- } else if (r > 0)
+ if (r < 0)
+ return log_error_errno(r, "Failed to verify gid " GID_FMT ": %m", i->gid);
+ else if (r > 0)
break;
}
}
if (i->gid_path) {
- free(j->gid_path);
- j->gid_path = strdup(i->gid_path);
- if (!j->gid_path)
+ r = free_and_strdup(&j->gid_path, i->gid_path);
+ if (r < 0)
return log_oom();
}
/* Parse columns */
p = buffer;
- r = unquote_many_words(&p, &action, &name, &id, &description, &home, NULL);
+ r = extract_many_words(&p, NULL, EXTRACT_QUOTES, &action, &name, &id, &description, &home, NULL);
if (r < 0) {
log_error("[%s:%u] Syntax error.", fname, line);
return r;
log_error("[%s:%u] Missing action and name columns.", fname, line);
return -EINVAL;
}
- if (*p != 0) {
+ if (!isempty(p)) {
log_error("[%s:%u] Trailing garbage.", fname, line);
return -EINVAL;
}
}
/* Verify name */
- if (isempty(name) || streq(name, "-")) {
- free(name);
- name = NULL;
- }
+ if (isempty(name) || streq(name, "-"))
+ name = mfree(name);
if (name) {
r = specifier_printf(name, specifier_table, NULL, &resolved_name);
}
/* Verify id */
- if (isempty(id) || streq(id, "-")) {
- free(id);
- id = NULL;
- }
+ if (isempty(id) || streq(id, "-"))
+ id = mfree(id);
if (id) {
r = specifier_printf(id, specifier_table, NULL, &resolved_id);
}
/* Verify description */
- if (isempty(description) || streq(description, "-")) {
- free(description);
- description = NULL;
- }
+ if (isempty(description) || streq(description, "-"))
+ description = mfree(description);
if (description) {
if (!valid_gecos(description)) {
}
/* Verify home */
- if (isempty(home) || streq(home, "-")) {
- free(home);
- home = NULL;
- }
+ if (isempty(home) || streq(home, "-"))
+ home = mfree(home);
if (home) {
if (!valid_home(home)) {
if (ignore_enoent && r == -ENOENT)
return 0;
- log_error("Failed to open '%s', ignoring: %s", fn, strerror(-r));
- return r;
+ return log_error_errno(r, "Failed to open '%s', ignoring: %m", fn);
}
f = rf;
}
if (ferror(f)) {
- log_error("Failed to read from file %s: %m", fn);
+ log_error_errno(errno, "Failed to read from file %s: %m", fn);
if (r == 0)
r = -EIO;
}
r = mac_selinux_init(NULL);
if (r < 0) {
- log_error("SELinux setup failed: %s", strerror(-r));
+ log_error_errno(r, "SELinux setup failed: %m");
goto finish;
}
r = conf_files_list_nulstr(&files, ".conf", arg_root, conf_file_dirs);
if (r < 0) {
- log_error("Failed to enumerate sysusers.d files: %s", strerror(-r));
+ log_error_errno(r, "Failed to enumerate sysusers.d files: %m");
goto finish;
}
lock = take_password_lock(arg_root);
if (lock < 0) {
- log_error("Failed to take lock: %s", strerror(-lock));
+ log_error_errno(lock, "Failed to take lock: %m");
goto finish;
}
r = load_user_database();
if (r < 0) {
- log_error("Failed to load user database: %s", strerror(-r));
+ log_error_errno(r, "Failed to load user database: %m");
goto finish;
}
r = load_group_database();
if (r < 0) {
- log_error("Failed to read group database: %s", strerror(-r));
+ log_error_errno(r, "Failed to read group database: %m");
goto finish;
}
r = write_files();
if (r < 0)
- log_error("Failed to write files: %s", strerror(-r));
+ log_error_errno(r, "Failed to write files: %m");
finish:
while ((i = hashmap_steal_first(groups)))