/* SPDX-License-Identifier: LGPL-2.1+ */
-/***
- This file is part of systemd.
-
- Copyright 2014 Lennart Poettering
-***/
#include <getopt.h>
#include <utmp.h>
#include "copy.h"
#include "def.h"
#include "fd-util.h"
-#include "fs-util.h"
-#include "fileio-label.h"
+#include "fileio.h"
#include "format-util.h"
+#include "fs-util.h"
#include "hashmap.h"
+#include "main-func.h"
+#include "pager.h"
#include "path-util.h"
+#include "pretty-print.h"
+#include "set.h"
#include "selinux-util.h"
#include "smack-util.h"
#include "specifier.h"
#include "string-util.h"
#include "strv.h"
+#include "tmpfile-util-label.h"
#include "uid-range.h"
#include "user-util.h"
#include "utf8.h"
ADD_MEMBER = 'm',
ADD_RANGE = 'r',
} ItemType;
+
typedef struct Item {
ItemType type;
} Item;
static char *arg_root = NULL;
+static bool arg_cat_config = false;
static const char *arg_replace = NULL;
static bool arg_inline = false;
-
-static const char conf_file_dirs[] = CONF_PATHS_NULSTR("sysusers.d");
+static PagerFlags arg_pager_flags = 0;
static OrderedHashmap *users = NULL, *groups = NULL;
static OrderedHashmap *todo_uids = NULL, *todo_gids = NULL;
static OrderedHashmap *members = NULL;
-static Hashmap *database_uid = NULL, *database_user = NULL;
-static Hashmap *database_gid = NULL, *database_group = NULL;
+static Hashmap *database_by_uid = NULL, *database_by_username = NULL;
+static Hashmap *database_by_gid = NULL, *database_by_groupname = NULL;
+static Set *database_users = NULL, *database_groups = NULL;
static uid_t search_uid = UID_INVALID;
static UidRange *uid_range = NULL;
static unsigned n_uid_range = 0;
+STATIC_DESTRUCTOR_REGISTER(groups, ordered_hashmap_freep);
+STATIC_DESTRUCTOR_REGISTER(users, ordered_hashmap_freep);
+STATIC_DESTRUCTOR_REGISTER(members, ordered_hashmap_freep);
+STATIC_DESTRUCTOR_REGISTER(todo_uids, ordered_hashmap_freep);
+STATIC_DESTRUCTOR_REGISTER(todo_gids, ordered_hashmap_freep);
+STATIC_DESTRUCTOR_REGISTER(database_by_uid, hashmap_freep);
+STATIC_DESTRUCTOR_REGISTER(database_by_username, hashmap_freep);
+STATIC_DESTRUCTOR_REGISTER(database_users, set_free_freep);
+STATIC_DESTRUCTOR_REGISTER(database_by_gid, hashmap_freep);
+STATIC_DESTRUCTOR_REGISTER(database_by_groupname, hashmap_freep);
+STATIC_DESTRUCTOR_REGISTER(database_groups, set_free_freep);
+STATIC_DESTRUCTOR_REGISTER(uid_range, freep);
+STATIC_DESTRUCTOR_REGISTER(arg_root, freep);
+
static int load_user_database(void) {
_cleanup_fclose_ FILE *f = NULL;
const char *passwd_path;
if (!f)
return errno == ENOENT ? 0 : -errno;
- r = hashmap_ensure_allocated(&database_user, &string_hash_ops);
+ r = hashmap_ensure_allocated(&database_by_username, &string_hash_ops);
if (r < 0)
return r;
- r = hashmap_ensure_allocated(&database_uid, NULL);
+ r = hashmap_ensure_allocated(&database_by_uid, NULL);
+ if (r < 0)
+ return r;
+
+ r = set_ensure_allocated(&database_users, NULL);
if (r < 0)
return r;
if (!n)
return -ENOMEM;
- k = hashmap_put(database_user, n, UID_TO_PTR(pw->pw_uid));
- if (k < 0 && k != -EEXIST) {
+ k = set_put(database_users, n);
+ if (k < 0) {
free(n);
return k;
}
- q = hashmap_put(database_uid, UID_TO_PTR(pw->pw_uid), n);
- if (q < 0 && q != -EEXIST) {
- if (k <= 0)
- free(n);
- return q;
- }
+ k = hashmap_put(database_by_username, n, UID_TO_PTR(pw->pw_uid));
+ if (k < 0 && k != -EEXIST)
+ return k;
- if (k <= 0 && q <= 0)
- free(n);
+ q = hashmap_put(database_by_uid, UID_TO_PTR(pw->pw_uid), n);
+ if (q < 0 && q != -EEXIST)
+ return q;
}
return r;
}
if (!f)
return errno == ENOENT ? 0 : -errno;
- r = hashmap_ensure_allocated(&database_group, &string_hash_ops);
+ r = hashmap_ensure_allocated(&database_by_groupname, &string_hash_ops);
if (r < 0)
return r;
- r = hashmap_ensure_allocated(&database_gid, NULL);
+ r = hashmap_ensure_allocated(&database_by_gid, NULL);
if (r < 0)
return r;
- errno = 0;
- while ((gr = fgetgrent(f))) {
+ r = set_ensure_allocated(&database_groups, NULL);
+ if (r < 0)
+ return r;
+
+ while ((r = fgetgrent_sane(f, &gr)) > 0) {
char *n;
int k, q;
if (!n)
return -ENOMEM;
- k = hashmap_put(database_group, n, GID_TO_PTR(gr->gr_gid));
- if (k < 0 && k != -EEXIST) {
+ k = set_put(database_groups, n);
+ if (k < 0) {
free(n);
return k;
}
- q = hashmap_put(database_gid, GID_TO_PTR(gr->gr_gid), n);
- if (q < 0 && q != -EEXIST) {
- if (k <= 0)
- free(n);
- return q;
- }
-
- if (k <= 0 && q <= 0)
- free(n);
+ k = hashmap_put(database_by_groupname, n, GID_TO_PTR(gr->gr_gid));
+ if (k < 0 && k != -EEXIST)
+ return k;
- errno = 0;
+ q = hashmap_put(database_by_gid, GID_TO_PTR(gr->gr_gid), n);
+ if (q < 0 && q != -EEXIST)
+ return q;
}
- if (!IN_SET(errno, 0, ENOENT))
- return -errno;
-
- return 0;
+ return r;
}
static int make_backup(const char *target, const char *x) {
backup = strjoina(x, "-");
/* Copy over the access mask */
- if (fchmod(fileno(dst), st.st_mode & 07777) < 0)
- log_warning_errno(errno, "Failed to change mode on %s: %m", backup);
-
- if (fchown(fileno(dst), st.st_uid, st.st_gid)< 0)
- log_warning_errno(errno, "Failed to change ownership of %s: %m", backup);
+ r = fchmod_and_chown(fileno(dst), st.st_mode & 07777, st.st_uid, st.st_gid);
+ if (r < 0)
+ log_warning_errno(r, "Failed to change access mode or ownership of %s: %m", backup);
ts[0] = st.st_atim;
ts[1] = st.st_mtim;
if (fstat(fileno(from), &st) < 0)
return -errno;
- if (fchmod(fileno(to), st.st_mode & 07777) < 0)
- return -errno;
-
- if (fchown(fileno(to), st.st_uid, st.st_gid) < 0)
- return -errno;
-
- return 0;
+ return fchmod_and_chown(fileno(to), st.st_mode & 07777, st.st_uid, st.st_gid);
}
static int rename_and_apply_smack(const char *temp_path, const char *dest_path) {
}
/* Let's check the files directly */
- if (hashmap_contains(database_uid, UID_TO_PTR(uid)))
+ if (hashmap_contains(database_by_uid, UID_TO_PTR(uid)))
return 0;
if (check_with_gid) {
- n = hashmap_get(database_gid, GID_TO_PTR(uid));
+ n = hashmap_get(database_by_gid, GID_TO_PTR(uid));
if (n && !streq(n, name))
return 0;
}
assert(i);
/* Check the database directly */
- z = hashmap_get(database_user, i->name);
+ z = hashmap_get(database_by_username, i->name);
if (z) {
log_debug("User %s already exists.", i->name);
i->uid = PTR_TO_UID(z);
if (ordered_hashmap_get(todo_uids, UID_TO_PTR(gid)))
return 0;
- if (hashmap_contains(database_gid, GID_TO_PTR(gid)))
+ if (hashmap_contains(database_by_gid, GID_TO_PTR(gid)))
return 0;
- if (hashmap_contains(database_uid, UID_TO_PTR(gid)))
+ if (hashmap_contains(database_by_uid, UID_TO_PTR(gid)))
return 0;
if (!arg_root) {
assert(i);
/* Check the database directly */
- z = hashmap_get(database_group, i->name);
+ z = hashmap_get(database_by_groupname, i->name);
if (z) {
log_debug("Group %s already exists.", i->name);
i->gid = PTR_TO_GID(z);
* r > 0: means the gid does not exist -> fail
* r == 0: means the gid exists -> nothing more to do.
*/
- if (r > 0) {
- log_error("Failed to create %s: please create GID %d", i->name, i->gid);
- return -EINVAL;
- }
+ if (r > 0)
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+ "Failed to create %s: please create GID %d",
+ i->name, i->gid);
if (r == 0)
return 0;
}
}
}
-static void item_free(Item *i) {
-
+static Item* item_free(Item *i) {
if (!i)
- return;
+ return NULL;
free(i->name);
free(i->uid_path);
free(i->description);
free(i->home);
free(i->shell);
- free(i);
+ return mfree(i);
}
DEFINE_TRIVIAL_CLEANUP_FUNC(Item*, item_free);
+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(item_hash_ops, char, string_hash_func, string_compare_func, Item, item_free);
static int add_implicit(void) {
char *g, **l;
if (!ordered_hashmap_get(users, *m)) {
_cleanup_(item_freep) Item *j = NULL;
- r = ordered_hashmap_ensure_allocated(&users, &string_hash_ops);
+ r = ordered_hashmap_ensure_allocated(&users, &item_hash_ops);
if (r < 0)
return log_oom();
ordered_hashmap_get(groups, g))) {
_cleanup_(item_freep) Item *j = NULL;
- r = ordered_hashmap_ensure_allocated(&groups, &string_hash_ops);
+ r = ordered_hashmap_ensure_allocated(&groups, &item_hash_ops);
if (r < 0)
return log_oom();
return true;
}
+DEFINE_PRIVATE_HASH_OPS_FULL(members_hash_ops, char, string_hash_func, string_compare_func, free, char*, strv_free);
+
static int parse_line(const char *fname, unsigned line, const char *buffer) {
static const Specifier specifier_table[] = {
- { 'm', specifier_machine_id, NULL },
- { 'b', specifier_boot_id, NULL },
- { 'H', specifier_host_name, NULL },
+ { 'm', specifier_machine_id, NULL },
+ { 'b', specifier_boot_id, NULL },
+ { 'H', specifier_host_name, NULL },
{ 'v', specifier_kernel_release, NULL },
+ { 'T', specifier_tmp_dir, NULL },
+ { 'V', specifier_var_tmp_dir, NULL },
{}
};
_cleanup_free_ char *action = NULL,
*name = NULL, *resolved_name = NULL,
*id = NULL, *resolved_id = NULL,
- *description = NULL,
- *home = NULL,
+ *description = NULL, *resolved_description = NULL,
+ *home = NULL, *resolved_home = NULL,
*shell, *resolved_shell = NULL;
_cleanup_(item_freep) Item *i = NULL;
Item *existing;
description = mfree(description);
if (description) {
- if (!valid_gecos(description)) {
- log_error("[%s:%u] '%s' is not a valid GECOS field.", fname, line, description);
+ r = specifier_printf(description, specifier_table, NULL, &resolved_description);
+ if (r < 0) {
+ log_error("[%s:%u] Failed to replace specifiers: %s", fname, line, description);
+ return r;
+ }
+
+ if (!valid_gecos(resolved_description)) {
+ log_error("[%s:%u] '%s' is not a valid GECOS field.", fname, line, resolved_description);
return -EINVAL;
}
}
home = mfree(home);
if (home) {
- if (!valid_home(home)) {
- log_error("[%s:%u] '%s' is not a valid home directory field.", fname, line, home);
+ r = specifier_printf(home, specifier_table, NULL, &resolved_home);
+ if (r < 0) {
+ log_error("[%s:%u] Failed to replace specifiers: %s", fname, line, home);
+ return r;
+ }
+
+ if (!valid_home(resolved_home)) {
+ log_error("[%s:%u] '%s' is not a valid home directory field.", fname, line, resolved_home);
return -EINVAL;
}
}
return -EINVAL;
}
- r = ordered_hashmap_ensure_allocated(&members, &string_hash_ops);
+ r = ordered_hashmap_ensure_allocated(&members, &members_hash_ops);
if (r < 0)
return log_oom();
return -EINVAL;
}
- r = ordered_hashmap_ensure_allocated(&users, &string_hash_ops);
+ r = ordered_hashmap_ensure_allocated(&users, &item_hash_ops);
if (r < 0)
return log_oom();
if (resolved_id) {
if (path_is_absolute(resolved_id)) {
i->uid_path = TAKE_PTR(resolved_id);
-
- path_kill_slashes(i->uid_path);
+ path_simplify(i->uid_path, false);
} else {
_cleanup_free_ char *uid = NULL, *gid = NULL;
if (split_pair(resolved_id, ":", &uid, &gid) == 0) {
}
}
- i->description = TAKE_PTR(description);
- i->home = TAKE_PTR(home);
+ i->description = TAKE_PTR(resolved_description);
+ i->home = TAKE_PTR(resolved_home);
i->shell = TAKE_PTR(resolved_shell);
h = users;
return -EINVAL;
}
- r = ordered_hashmap_ensure_allocated(&groups, &string_hash_ops);
+ r = ordered_hashmap_ensure_allocated(&groups, &item_hash_ops);
if (r < 0)
return log_oom();
if (resolved_id) {
if (path_is_absolute(resolved_id)) {
i->gid_path = TAKE_PTR(resolved_id);
-
- path_kill_slashes(i->gid_path);
+ path_simplify(i->gid_path, false);
} else {
r = parse_gid(resolved_id, &i->gid);
if (r < 0)
static int read_config_file(const char *fn, bool ignore_enoent) {
_cleanup_fclose_ FILE *rf = NULL;
FILE *f = NULL;
- char line[LINE_MAX];
unsigned v = 0;
int r = 0;
if (streq(fn, "-"))
f = stdin;
else {
- r = search_and_fopen_nulstr(fn, "re", arg_root, conf_file_dirs, &rf);
+ r = search_and_fopen(fn, "re", arg_root, (const char**) CONF_PATHS_STRV("sysusers.d"), &rf);
if (r < 0) {
if (ignore_enoent && r == -ENOENT)
return 0;
f = rf;
}
- FOREACH_LINE(line, f, break) {
+ for (;;) {
+ _cleanup_free_ char *line = NULL;
char *l;
int k;
+ k = read_line(f, LONG_LINE_MAX, &line);
+ if (k < 0)
+ return log_error_errno(k, "Failed to read '%s': %m", fn);
+ if (k == 0)
+ break;
+
v++;
l = strstrip(line);
return r;
}
-static void free_database(Hashmap *by_name, Hashmap *by_id) {
- char *name;
+static int cat_config(void) {
+ _cleanup_strv_free_ char **files = NULL;
+ int r;
- for (;;) {
- name = hashmap_first(by_id);
- if (!name)
- break;
+ r = conf_files_list_with_replacement(arg_root, CONF_PATHS_STRV("sysusers.d"), arg_replace, &files, NULL);
+ if (r < 0)
+ return r;
- hashmap_remove(by_name, name);
+ (void) pager_open(arg_pager_flags);
- hashmap_steal_first_key(by_id);
- free(name);
- }
+ return cat_files(NULL, files, 0);
+}
- while ((name = hashmap_steal_first_key(by_name)))
- free(name);
+static int help(void) {
+ _cleanup_free_ char *link = NULL;
+ int r;
- hashmap_free(by_name);
- hashmap_free(by_id);
-}
+ r = terminal_urlify_man("systemd-sysusers.service", "8", &link);
+ if (r < 0)
+ return log_oom();
-static void help(void) {
printf("%s [OPTIONS...] [CONFIGURATION FILE...]\n\n"
"Creates system user accounts.\n\n"
" -h --help Show this help\n"
" --version Show package version\n"
+ " --cat-config Show configuration files\n"
" --root=PATH Operate on an alternate filesystem root\n"
" --replace=PATH Treat arguments as replacement for PATH\n"
" --inline Treat arguments as configuration lines\n"
- , program_invocation_short_name);
+ " --no-pager Do not pipe output into a pager\n"
+ "\nSee the %s for details.\n"
+ , program_invocation_short_name
+ , link
+ );
+
+ return 0;
}
static int parse_argv(int argc, char *argv[]) {
enum {
ARG_VERSION = 0x100,
+ ARG_CAT_CONFIG,
ARG_ROOT,
ARG_REPLACE,
ARG_INLINE,
+ ARG_NO_PAGER,
};
static const struct option options[] = {
- { "help", no_argument, NULL, 'h' },
- { "version", no_argument, NULL, ARG_VERSION },
- { "root", required_argument, NULL, ARG_ROOT },
- { "replace", required_argument, NULL, ARG_REPLACE },
- { "inline", no_argument, NULL, ARG_INLINE },
+ { "help", no_argument, NULL, 'h' },
+ { "version", no_argument, NULL, ARG_VERSION },
+ { "cat-config", no_argument, NULL, ARG_CAT_CONFIG },
+ { "root", required_argument, NULL, ARG_ROOT },
+ { "replace", required_argument, NULL, ARG_REPLACE },
+ { "inline", no_argument, NULL, ARG_INLINE },
+ { "no-pager", no_argument, NULL, ARG_NO_PAGER },
{}
};
switch (c) {
case 'h':
- help();
- return 0;
+ return help();
case ARG_VERSION:
return version();
+ case ARG_CAT_CONFIG:
+ arg_cat_config = true;
+ break;
+
case ARG_ROOT:
r = parse_path_argument_and_warn(optarg, true, &arg_root);
if (r < 0)
case ARG_REPLACE:
if (!path_is_absolute(optarg) ||
- !endswith(optarg, ".conf")) {
- log_error("The argument to --replace= must an absolute path to a config file");
- return -EINVAL;
- }
+ !endswith(optarg, ".conf"))
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+ "The argument to --replace= must an absolute path to a config file");
arg_replace = optarg;
break;
arg_inline = true;
break;
+ case ARG_NO_PAGER:
+ arg_pager_flags |= PAGER_DISABLE;
+ break;
+
case '?':
return -EINVAL;
assert_not_reached("Unhandled option");
}
- if (arg_replace && optind >= argc) {
- log_error("When --replace= is given, some configuration items must be specified");
- return -EINVAL;
- }
+ if (arg_replace && arg_cat_config)
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+ "Option --replace= is not supported with --cat-config");
+
+ if (arg_replace && optind >= argc)
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+ "When --replace= is given, some configuration items must be specified");
return 1;
}
return 0;
}
-static int read_config_files(const char* dirs, char **args) {
+static int read_config_files(char **args) {
_cleanup_strv_free_ char **files = NULL;
_cleanup_free_ char *p = NULL;
char **f;
int r;
- r = conf_files_list_nulstr(&files, ".conf", arg_root, 0, dirs);
+ r = conf_files_list_with_replacement(arg_root, CONF_PATHS_STRV("sysusers.d"), arg_replace, &files, &p);
if (r < 0)
- return log_error_errno(r, "Failed to enumerate sysusers.d files: %m");
-
- if (arg_replace) {
- r = conf_files_insert_nulstr(&files, arg_root, dirs, arg_replace);
- if (r < 0)
- return log_error_errno(r, "Failed to extend sysusers.d file list: %m");
-
- p = path_join(arg_root, arg_replace, NULL);
- if (!p)
- return log_oom();
- }
+ return r;
STRV_FOREACH(f, files)
if (p && path_equal(*f, p)) {
return 0;
}
-int main(int argc, char *argv[]) {
-
+static int run(int argc, char *argv[]) {
_cleanup_close_ int lock = -1;
Iterator iterator;
- int r;
Item *i;
- char *n;
+ int r;
r = parse_argv(argc, argv);
if (r <= 0)
- goto finish;
+ return r;
+
+ log_setup_service();
- log_set_target(LOG_TARGET_AUTO);
- log_parse_environment();
- log_open();
+ if (arg_cat_config)
+ return cat_config();
umask(0022);
r = mac_selinux_init();
- if (r < 0) {
- log_error_errno(r, "SELinux setup failed: %m");
- goto finish;
- }
+ if (r < 0)
+ return log_error_errno(r, "SELinux setup failed: %m");
/* If command line arguments are specified along with --replace, read all
* configuration files and insert the positional arguments at the specified
* read configuration and execute it.
*/
if (arg_replace || optind >= argc)
- r = read_config_files(conf_file_dirs, argv + optind);
+ r = read_config_files(argv + optind);
else
r = parse_arguments(argv + optind);
if (r < 0)
- goto finish;
+ return r;
/* Let's tell nss-systemd not to synthesize the "root" and "nobody" entries for it, so that our detection
* whether the names or UID/GID area already used otherwise doesn't get confused. After all, even though
* nss-systemd synthesizes these users/groups, they should still appear in /etc/passwd and /etc/group, as the
* synthesizing logic is merely supposed to be fallback for cases where we run with a completely unpopulated
* /etc. */
- if (setenv("SYSTEMD_NSS_BYPASS_SYNTHETIC", "1", 1) < 0) {
- r = log_error_errno(errno, "Failed to set SYSTEMD_NSS_BYPASS_SYNTHETIC environment variable: %m");
- goto finish;
- }
+ if (setenv("SYSTEMD_NSS_BYPASS_SYNTHETIC", "1", 1) < 0)
+ return log_error_errno(errno, "Failed to set SYSTEMD_NSS_BYPASS_SYNTHETIC environment variable: %m");
if (!uid_range) {
/* Default to default range of 1..SYSTEM_UID_MAX */
r = uid_range_add(&uid_range, &n_uid_range, 1, SYSTEM_UID_MAX);
- if (r < 0) {
- log_oom();
- goto finish;
- }
+ if (r < 0)
+ return log_oom();
}
r = add_implicit();
if (r < 0)
- goto finish;
+ return r;
lock = take_etc_passwd_lock(arg_root);
- if (lock < 0) {
- log_error_errno(lock, "Failed to take /etc/passwd lock: %m");
- goto finish;
- }
+ if (lock < 0)
+ return log_error_errno(lock, "Failed to take /etc/passwd lock: %m");
r = load_user_database();
- if (r < 0) {
- log_error_errno(r, "Failed to load user database: %m");
- goto finish;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to load user database: %m");
r = load_group_database();
- if (r < 0) {
- log_error_errno(r, "Failed to read group database: %m");
- goto finish;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to read group database: %m");
ORDERED_HASHMAP_FOREACH(i, groups, iterator)
(void) process_item(i);
r = write_files();
if (r < 0)
- log_error_errno(r, "Failed to write files: %m");
-
-finish:
- ordered_hashmap_free_with_destructor(groups, item_free);
- ordered_hashmap_free_with_destructor(users, item_free);
-
- while ((n = ordered_hashmap_first_key(members))) {
- strv_free(ordered_hashmap_steal_first(members));
- free(n);
- }
- ordered_hashmap_free(members);
-
- ordered_hashmap_free(todo_uids);
- ordered_hashmap_free(todo_gids);
-
- free_database(database_user, database_uid);
- free_database(database_group, database_gid);
-
- free(uid_range);
+ return log_error_errno(r, "Failed to write files: %m");
- free(arg_root);
-
- return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+ return 0;
}
+
+DEFINE_MAIN_FUNCTION(run);