]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/dynamic-user.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tree-wide: use mfree more
[thirdparty/systemd.git] / src / core / dynamic-user.c
CommitLineData
29206d46
LP		 1/***
2 This file is part of systemd.
3
4 Copyright 2016 Lennart Poettering
5
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
10
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
18***/
19
20#include <grp.h>
21#include <pwd.h>
22#include <sys/file.h>
23
24#include "dynamic-user.h"
25#include "fd-util.h"
26#include "fs-util.h"
27#include "parse-util.h"
28#include "random-util.h"
29#include "stdio-util.h"
30#include "string-util.h"
31#include "user-util.h"
32#include "fileio.h"
33
29206d46 34/* Takes a value generated randomly or by hashing and turns it into a UID in the right range */
61755fda 35#define UID_CLAMP_INTO_RANGE(rnd) (((uid_t) (rnd) % (DYNAMIC_UID_MAX - DYNAMIC_UID_MIN + 1)) + DYNAMIC_UID_MIN)
29206d46
LP		 36
37static DynamicUser* dynamic_user_free(DynamicUser *d) {
38 if (!d)
39 return NULL;
40
41 if (d->manager)
42 (void) hashmap_remove(d->manager->dynamic_users, d->name);
43
44 safe_close_pair(d->storage_socket);
6b430fdb 45 return mfree(d);
29206d46
LP		 46}
47
48static int dynamic_user_add(Manager *m, const char *name, int storage_socket[2], DynamicUser **ret) {
49 DynamicUser *d = NULL;
50 int r;
51
52 assert(m);
53 assert(name);
54 assert(storage_socket);
55
56 r = hashmap_ensure_allocated(&m->dynamic_users, &string_hash_ops);
57 if (r < 0)
58 return r;
59
60 d = malloc0(offsetof(DynamicUser, name) + strlen(name) + 1);
61 if (!d)
62 return -ENOMEM;
63
64 strcpy(d->name, name);
65
66 d->storage_socket[0] = storage_socket[0];
67 d->storage_socket[1] = storage_socket[1];
68
69 r = hashmap_put(m->dynamic_users, d->name, d);
70 if (r < 0) {
71 free(d);
72 return r;
73 }
74
75 d->manager = m;
76
77 if (ret)
78 *ret = d;
79
80 return 0;
81}
82
83int dynamic_user_acquire(Manager *m, const char *name, DynamicUser** ret) {
84 _cleanup_close_pair_ int storage_socket[2] = { -1, -1 };
85 DynamicUser *d;
86 int r;
87
88 assert(m);
89 assert(name);
90
91 /* Return the DynamicUser structure for a specific user name. Note that this won't actually allocate a UID for
92 * it, but just prepare the data structure for it. The UID is allocated only on demand, when it's really
93 * needed, and in the child process we fork off, since allocation involves NSS checks which are not OK to do
94 * from PID 1. To allow the children and PID 1 share information about allocated UIDs we use an anonymous
95 * AF_UNIX/SOCK_DGRAM socket (called the "storage socket") that contains at most one datagram with the
96 * allocated UID number, plus an fd referencing the lock file for the UID
97 * (i.e. /run/systemd/dynamic-uid/$UID). Why involve the socket pair? So that PID 1 and all its children can
98 * share the same storage for the UID and lock fd, simply by inheriting the storage socket fds. The socket pair
99 * may exist in three different states:
100 *
101 * a) no datagram stored. This is the initial state. In this case the dynamic user was never realized.
102 *
103 * b) a datagram containing a UID stored, but no lock fd attached to it. In this case there was already a
104 * statically assigned UID by the same name, which we are reusing.
105 *
106 * c) a datagram containing a UID stored, and a lock fd is attached to it. In this case we allocated a dynamic
107 * UID and locked it in the file system, using the lock fd.
108 *
109 * As PID 1 and various children might access the socket pair simultaneously, and pop the datagram or push it
110 * back in any time, we also maintain a lock on the socket pair. Note one peculiarity regarding locking here:
111 * the UID lock on disk is protected via a BSD file lock (i.e. an fd-bound lock), so that the lock is kept in
112 * place as long as there's a reference to the fd open. The lock on the storage socket pair however is a POSIX
113 * file lock (i.e. a process-bound lock), as all users share the same fd of this (after all it is anonymous,
114 * nobody else could get any access to it except via our own fd) and we want to synchronize access between all
115 * processes that have access to it. */
116
117 d = hashmap_get(m->dynamic_users, name);
118 if (d) {
119 /* We already have a structure for the dynamic user, let's increase the ref count and reuse it */
120 d->n_ref++;
121 *ret = d;
122 return 0;
123 }
124
125 if (!valid_user_group_name_or_id(name))
126 return -EINVAL;
127
128 if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, storage_socket) < 0)
129 return -errno;
130
131 r = dynamic_user_add(m, name, storage_socket, &d);
132 if (r < 0)
133 return r;
134
135 storage_socket[0] = storage_socket[1] = -1;
136
137 if (ret) {
138 d->n_ref++;
139 *ret = d;
140 }
141
142 return 1;
143}
144
fd63e712
LP		 145static int make_uid_symlinks(uid_t uid, const char *name, bool b) {
146
147 char path1[strlen("/run/systemd/dynamic-uid/direct:") + DECIMAL_STR_MAX(uid_t) + 1];
148 const char *path2;
986a34a6 149 int r = 0, k;
fd63e712
LP		 150
151 /* Add direct additional symlinks for direct lookups of dynamic UIDs and their names by userspace code. The
152 * only reason we have this is because dbus-daemon cannot use D-Bus for resolving users and groups (since it
153 * would be its own client then). We hence keep these world-readable symlinks in place, so that the
154 * unprivileged dbus user can read the mappings when it needs them via these symlinks instead of having to go
155 * via the bus. Ideally, we'd use the lock files we keep for this anyway, but we can't since we use BSD locks
156 * on them and as those may be taken by any user with read access we can't make them world-readable. */
157
158 xsprintf(path1, "/run/systemd/dynamic-uid/direct:" UID_FMT, uid);
986a34a6
ZJS		 159 if (unlink(path1) < 0 && errno != ENOENT)
160 r = -errno;
161
162 if (b && symlink(name, path1) < 0) {
163 k = log_warning_errno(errno, "Failed to symlink \"%s\": %m", path1);
164 if (r == 0)
165 r = k;
fd63e712
LP		 166 }
167
168 path2 = strjoina("/run/systemd/dynamic-uid/direct:", name);
986a34a6
ZJS		 169 if (unlink(path2) < 0 && errno != ENOENT) {
170 k = -errno;
171 if (r == 0)
172 r = k;
fd63e712 173 }
986a34a6
ZJS		 174
175 if (b && symlink(path1 + strlen("/run/systemd/dynamic-uid/direct:"), path2) < 0) {
176 k = log_warning_errno(errno, "Failed to symlink \"%s\": %m", path2);
177 if (r == 0)
178 r = k;
fd63e712
LP		 179 }
180
181 return r;
182}
183
29206d46
LP		 184static int pick_uid(const char *name, uid_t *ret_uid) {
185
186 static const uint8_t hash_key[] = {
187 0x37, 0x53, 0x7e, 0x31, 0xcf, 0xce, 0x48, 0xf5,
188 0x8a, 0xbb, 0x39, 0x57, 0x8d, 0xd9, 0xec, 0x59
189 };
190
191 unsigned n_tries = 100;
192 uid_t candidate;
193 int r;
194
195 /* A static user by this name does not exist yet. Let's find a free ID then, and use that. We start with a UID
196 * generated as hash from the user name. */
197 candidate = UID_CLAMP_INTO_RANGE(siphash24(name, strlen(name), hash_key));
198
199 (void) mkdir("/run/systemd/dynamic-uid", 0755);
200
201 for (;;) {
202 char lock_path[strlen("/run/systemd/dynamic-uid/") + DECIMAL_STR_MAX(uid_t) + 1];
203 _cleanup_close_ int lock_fd = -1;
204 ssize_t l;
205
206 if (--n_tries <= 0) /* Give up retrying eventually */
207 return -EBUSY;
208
61755fda 209 if (!uid_is_dynamic(candidate))
29206d46
LP		 210 goto next;
211
212 xsprintf(lock_path, "/run/systemd/dynamic-uid/" UID_FMT, candidate);
213
214 for (;;) {
215 struct stat st;
216
217 lock_fd = open(lock_path, O_CREAT|O_RDWR|O_NOFOLLOW|O_CLOEXEC|O_NOCTTY, 0600);
218 if (lock_fd < 0)
219 return -errno;
220
221 r = flock(lock_fd, LOCK_EX|LOCK_NB); /* Try to get a BSD file lock on the UID lock file */
222 if (r < 0) {
223 if (errno == EBUSY || errno == EAGAIN)
224 goto next; /* already in use */
225
226 return -errno;
227 }
228
229 if (fstat(lock_fd, &st) < 0)
230 return -errno;
231 if (st.st_nlink > 0)
232 break;
233
629ff674 234 /* Oh, bummer, we got the lock, but the file was unlinked between the time we opened it and
29206d46
LP		 235 * got the lock. Close it, and try again. */
236 lock_fd = safe_close(lock_fd);
237 }
238
239 /* Some superficial check whether this UID/GID might already be taken by some static user */
240 if (getpwuid(candidate) || getgrgid((gid_t) candidate)) {
241 (void) unlink(lock_path);
242 goto next;
243 }
244
245 /* Let's store the user name in the lock file, so that we can use it for looking up the username for a UID */
246 l = pwritev(lock_fd,
247 (struct iovec[2]) {
248 { .iov_base = (char*) name, .iov_len = strlen(name) },
249 { .iov_base = (char[1]) { '\n' }, .iov_len = 1 }
250 }, 2, 0);
251 if (l < 0) {
252 (void) unlink(lock_path);
253 return -errno;
254 }
255
256 (void) ftruncate(lock_fd, l);
fd63e712 257 (void) make_uid_symlinks(candidate, name, true); /* also add direct lookup symlinks */
29206d46
LP		 258
259 *ret_uid = candidate;
260 r = lock_fd;
261 lock_fd = -1;
262
263 return r;
264
265 next:
266 /* Pick another random UID, and see if that works for us. */
267 random_bytes(&candidate, sizeof(candidate));
268 candidate = UID_CLAMP_INTO_RANGE(candidate);
269 }
270}
271
272static int dynamic_user_pop(DynamicUser *d, uid_t *ret_uid, int *ret_lock_fd) {
273 uid_t uid = UID_INVALID;
274 struct iovec iov = {
275 .iov_base = &uid,
276 .iov_len = sizeof(uid),
277 };
278 union {
279 struct cmsghdr cmsghdr;
280 uint8_t buf[CMSG_SPACE(sizeof(int))];
281 } control = {};
282 struct msghdr mh = {
283 .msg_control = &control,
284 .msg_controllen = sizeof(control),
285 .msg_iov = &iov,
286 .msg_iovlen = 1,
287 };
288 struct cmsghdr *cmsg;
289
290 ssize_t k;
291 int lock_fd = -1;
292
293 assert(d);
294 assert(ret_uid);
295 assert(ret_lock_fd);
296
297 /* Read the UID and lock fd that is stored in the storage AF_UNIX socket. This should be called with the lock
298 * on the socket taken. */
299
300 k = recvmsg(d->storage_socket[0], &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
301 if (k < 0)
302 return -errno;
303
304 cmsg = cmsg_find(&mh, SOL_SOCKET, SCM_RIGHTS, CMSG_LEN(sizeof(int)));
305 if (cmsg)
306 lock_fd = *(int*) CMSG_DATA(cmsg);
307 else
308 cmsg_close_all(&mh); /* just in case... */
309
310 *ret_uid = uid;
311 *ret_lock_fd = lock_fd;
312
313 return 0;
314}
315
316static int dynamic_user_push(DynamicUser *d, uid_t uid, int lock_fd) {
317 struct iovec iov = {
318 .iov_base = &uid,
319 .iov_len = sizeof(uid),
320 };
321 union {
322 struct cmsghdr cmsghdr;
323 uint8_t buf[CMSG_SPACE(sizeof(int))];
324 } control = {};
325 struct msghdr mh = {
326 .msg_control = &control,
327 .msg_controllen = sizeof(control),
328 .msg_iov = &iov,
329 .msg_iovlen = 1,
330 };
331 ssize_t k;
332
333 assert(d);
334
335 /* Store the UID and lock_fd in the storage socket. This should be called with the socket pair lock taken. */
336
337 if (lock_fd >= 0) {
338 struct cmsghdr *cmsg;
339
340 cmsg = CMSG_FIRSTHDR(&mh);
341 cmsg->cmsg_level = SOL_SOCKET;
342 cmsg->cmsg_type = SCM_RIGHTS;
343 cmsg->cmsg_len = CMSG_LEN(sizeof(int));
344 memcpy(CMSG_DATA(cmsg), &lock_fd, sizeof(int));
345
346 mh.msg_controllen = CMSG_SPACE(sizeof(int));
347 } else {
348 mh.msg_control = NULL;
349 mh.msg_controllen = 0;
350 }
351
352 k = sendmsg(d->storage_socket[1], &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
353 if (k < 0)
354 return -errno;
355
356 return 0;
357}
358
fd63e712 359static void unlink_uid_lock(int lock_fd, uid_t uid, const char *name) {
29206d46
LP		 360 char lock_path[strlen("/run/systemd/dynamic-uid/") + DECIMAL_STR_MAX(uid_t) + 1];
361
362 if (lock_fd < 0)
363 return;
364
365 xsprintf(lock_path, "/run/systemd/dynamic-uid/" UID_FMT, uid);
fd63e712
LP		 366 (void) unlink(lock_path);
367
368 (void) make_uid_symlinks(uid, name, false); /* remove direct lookup symlinks */
29206d46
LP		 369}
370
371int dynamic_user_realize(DynamicUser *d, uid_t *ret) {
372
373 _cleanup_close_ int etc_passwd_lock_fd = -1, uid_lock_fd = -1;
374 uid_t uid = UID_INVALID;
375 int r;
376
377 assert(d);
378
379 /* Acquire a UID for the user name. This will allocate a UID for the user name if the user doesn't exist
380 * yet. If it already exists its existing UID/GID will be reused. */
381
382 if (lockf(d->storage_socket[0], F_LOCK, 0) < 0)
383 return -errno;
384
385 r = dynamic_user_pop(d, &uid, &uid_lock_fd);
386 if (r < 0) {
387 int new_uid_lock_fd;
388 uid_t new_uid;
389
390 if (r != -EAGAIN)
391 goto finish;
392
393 /* OK, nothing stored yet, let's try to find something useful. While we are working on this release the
394 * lock however, so that nobody else blocks on our NSS lookups. */
395 (void) lockf(d->storage_socket[0], F_ULOCK, 0);
396
397 /* Let's see if a proper, static user or group by this name exists. Try to take the lock on
398 * /etc/passwd, if that fails with EROFS then /etc is read-only. In that case it's fine if we don't
399 * take the lock, given that users can't be added there anyway in this case. */
400 etc_passwd_lock_fd = take_etc_passwd_lock(NULL);
401 if (etc_passwd_lock_fd < 0 && etc_passwd_lock_fd != -EROFS)
402 return etc_passwd_lock_fd;
403
404 /* First, let's parse this as numeric UID */
405 r = parse_uid(d->name, &uid);
406 if (r < 0) {
407 struct passwd *p;
408 struct group *g;
409
410 /* OK, this is not a numeric UID. Let's see if there's a user by this name */
411 p = getpwnam(d->name);
412 if (p)
413 uid = p->pw_uid;
414
415 /* Let's see if there's a group by this name */
416 g = getgrnam(d->name);
417 if (g) {
418 /* If the UID/GID of the user/group of the same don't match, refuse operation */
419 if (uid != UID_INVALID && uid != (uid_t) g->gr_gid)
420 return -EILSEQ;
421
422 uid = (uid_t) g->gr_gid;
423 }
424 }
425
426 if (uid == UID_INVALID) {
427 /* No static UID assigned yet, excellent. Let's pick a new dynamic one, and lock it. */
428
429 uid_lock_fd = pick_uid(d->name, &uid);
430 if (uid_lock_fd < 0)
431 return uid_lock_fd;
432 }
433
434 /* So, we found a working UID/lock combination. Let's see if we actually still need it. */
435 if (lockf(d->storage_socket[0], F_LOCK, 0) < 0) {
fd63e712 436 unlink_uid_lock(uid_lock_fd, uid, d->name);
29206d46
LP		 437 return -errno;
438 }
439
440 r = dynamic_user_pop(d, &new_uid, &new_uid_lock_fd);
441 if (r < 0) {
442 if (r != -EAGAIN) {
443 /* OK, something bad happened, let's get rid of the bits we acquired. */
fd63e712 444 unlink_uid_lock(uid_lock_fd, uid, d->name);
29206d46
LP		 445 goto finish;
446 }
447
448 /* Great! Nothing is stored here, still. Store our newly acquired data. */
449 } else {
450 /* Hmm, so as it appears there's now something stored in the storage socket. Throw away what we
451 * acquired, and use what's stored now. */
452
fd63e712 453 unlink_uid_lock(uid_lock_fd, uid, d->name);
29206d46
LP		 454 safe_close(uid_lock_fd);
455
456 uid = new_uid;
457 uid_lock_fd = new_uid_lock_fd;
458 }
459 }
460
461 /* If the UID/GID was already allocated dynamically, push the data we popped out back in. If it was already
462 * allocated statically, push the UID back too, but do not push the lock fd in. If we allocated the UID
463 * dynamically right here, push that in along with the lock fd for it. */
464 r = dynamic_user_push(d, uid, uid_lock_fd);
465 if (r < 0)
466 goto finish;
467
468 *ret = uid;
469 r = 0;
470
471finish:
472 (void) lockf(d->storage_socket[0], F_ULOCK, 0);
473 return r;
474}
475
476int dynamic_user_current(DynamicUser *d, uid_t *ret) {
477 _cleanup_close_ int lock_fd = -1;
478 uid_t uid;
479 int r;
480
481 assert(d);
482 assert(ret);
483
484 /* Get the currently assigned UID for the user, if there's any. This simply pops the data from the storage socket, and pushes it back in right-away. */
485
486 if (lockf(d->storage_socket[0], F_LOCK, 0) < 0)
487 return -errno;
488
489 r = dynamic_user_pop(d, &uid, &lock_fd);
490 if (r < 0)
491 goto finish;
492
493 r = dynamic_user_push(d, uid, lock_fd);
494 if (r < 0)
495 goto finish;
496
497 *ret = uid;
498 r = 0;
499
500finish:
501 (void) lockf(d->storage_socket[0], F_ULOCK, 0);
502 return r;
503}
504
505DynamicUser* dynamic_user_ref(DynamicUser *d) {
506 if (!d)
507 return NULL;
508
509 assert(d->n_ref > 0);
510 d->n_ref++;
511
512 return d;
513}
514
515DynamicUser* dynamic_user_unref(DynamicUser *d) {
516 if (!d)
517 return NULL;
518
519 /* Note that this doesn't actually release any resources itself. If a dynamic user should be fully destroyed
520 * and its UID released, use dynamic_user_destroy() instead. NB: the dynamic user table may contain entries
521 * with no references, which is commonly the case right before a daemon reload. */
522
523 assert(d->n_ref > 0);
524 d->n_ref--;
525
526 return NULL;
527}
528
529static int dynamic_user_close(DynamicUser *d) {
530 _cleanup_close_ int lock_fd = -1;
531 uid_t uid;
532 int r;
533
534 /* Release the user ID, by releasing the lock on it, and emptying the storage socket. After this the user is
535 * unrealized again, much like it was after it the DynamicUser object was first allocated. */
536
537 if (lockf(d->storage_socket[0], F_LOCK, 0) < 0)
538 return -errno;
539
540 r = dynamic_user_pop(d, &uid, &lock_fd);
541 if (r == -EAGAIN) {
542 /* User wasn't realized yet, nothing to do. */
543 r = 0;
544 goto finish;
545 }
546 if (r < 0)
547 goto finish;
548
549 /* This dynamic user was realized and dynamically allocated. In this case, let's remove the lock file. */
fd63e712 550 unlink_uid_lock(lock_fd, uid, d->name);
29206d46
LP		 551 r = 1;
552
553finish:
554 (void) lockf(d->storage_socket[0], F_ULOCK, 0);
555 return r;
556}
557
558DynamicUser* dynamic_user_destroy(DynamicUser *d) {
559 if (!d)
560 return NULL;
561
562 /* Drop a reference to a DynamicUser object, and destroy the user completely if this was the last
563 * reference. This is called whenever a service is shut down and wants its dynamic UID gone. Note that
564 * dynamic_user_unref() is what is called whenever a service is simply freed, for example during a reload
565 * cycle, where the dynamic users should not be destroyed, but our datastructures should. */
566
567 dynamic_user_unref(d);
568
569 if (d->n_ref > 0)
570 return NULL;
571
572 (void) dynamic_user_close(d);
573 return dynamic_user_free(d);
574}
575
576int dynamic_user_serialize(Manager *m, FILE *f, FDSet *fds) {
577 DynamicUser *d;
578 Iterator i;
579
580 assert(m);
581 assert(f);
582 assert(fds);
583
584 /* Dump the dynamic user database into the manager serialization, to deal with daemon reloads. */
585
586 HASHMAP_FOREACH(d, m->dynamic_users, i) {
587 int copy0, copy1;
588
589 copy0 = fdset_put_dup(fds, d->storage_socket[0]);
590 if (copy0 < 0)
591 return copy0;
592
593 copy1 = fdset_put_dup(fds, d->storage_socket[1]);
594 if (copy1 < 0)
595 return copy1;
596
597 fprintf(f, "dynamic-user=%s %i %i\n", d->name, copy0, copy1);
598 }
599
600 return 0;
601}
602
603void dynamic_user_deserialize_one(Manager *m, const char *value, FDSet *fds) {
604 _cleanup_free_ char *name = NULL, *s0 = NULL, *s1 = NULL;
605 int r, fd0, fd1;
606
607 assert(m);
608 assert(value);
609 assert(fds);
610
611 /* Parse the serialization again, after a daemon reload */
612
613 r = extract_many_words(&value, NULL, 0, &name, &s0, &s1, NULL);
614 if (r != 3 || !isempty(value)) {
615 log_debug("Unable to parse dynamic user line.");
616 return;
617 }
618
619 if (safe_atoi(s0, &fd0) < 0 || !fdset_contains(fds, fd0)) {
620 log_debug("Unable to process dynamic user fd specification.");
621 return;
622 }
623
624 if (safe_atoi(s1, &fd1) < 0 || !fdset_contains(fds, fd1)) {
625 log_debug("Unable to process dynamic user fd specification.");
626 return;
627 }
628
629 r = dynamic_user_add(m, name, (int[]) { fd0, fd1 }, NULL);
630 if (r < 0) {
631 log_debug_errno(r, "Failed to add dynamic user: %m");
632 return;
633 }
634
635 (void) fdset_remove(fds, fd0);
636 (void) fdset_remove(fds, fd1);
637}
638
639void dynamic_user_vacuum(Manager *m, bool close_user) {
640 DynamicUser *d;
641 Iterator i;
642
643 assert(m);
644
645 /* Empty the dynamic user database, optionally cleaning up orphaned dynamic users, i.e. destroy and free users
646 * to which no reference exist. This is called after a daemon reload finished, in order to destroy users which
647 * might not be referenced anymore. */
648
649 HASHMAP_FOREACH(d, m->dynamic_users, i) {
650 if (d->n_ref > 0)
651 continue;
652
653 if (close_user) {
654 log_debug("Removing orphaned dynamic user %s", d->name);
655 (void) dynamic_user_close(d);
656 }
657
658 dynamic_user_free(d);
659 }
660}
661
662int dynamic_user_lookup_uid(Manager *m, uid_t uid, char **ret) {
663 char lock_path[strlen("/run/systemd/dynamic-uid/") + DECIMAL_STR_MAX(uid_t) + 1];
664 _cleanup_free_ char *user = NULL;
665 uid_t check_uid;
666 int r;
667
668 assert(m);
669 assert(ret);
670
61755fda
ZJS		 671 /* A friendly way to translate a dynamic user's UID into a name. */
672 if (!uid_is_dynamic(uid))
29206d46
LP		 673 return -ESRCH;
674
675 xsprintf(lock_path, "/run/systemd/dynamic-uid/" UID_FMT, uid);
676 r = read_one_line_file(lock_path, &user);
677 if (r == -ENOENT)
678 return -ESRCH;
679 if (r < 0)
680 return r;
681
682 /* The lock file might be stale, hence let's verify the data before we return it */
683 r = dynamic_user_lookup_name(m, user, &check_uid);
684 if (r < 0)
685 return r;
686 if (check_uid != uid) /* lock file doesn't match our own idea */
687 return -ESRCH;
688
689 *ret = user;
690 user = NULL;
691
692 return 0;
693}
694
695int dynamic_user_lookup_name(Manager *m, const char *name, uid_t *ret) {
696 DynamicUser *d;
697 int r;
698
699 assert(m);
700 assert(name);
701 assert(ret);
702
703 /* A friendly call for translating a dynamic user's name into its UID */
704
705 d = hashmap_get(m->dynamic_users, name);
706 if (!d)
707 return -ESRCH;
708
709 r = dynamic_user_current(d, ret);
710 if (r == -EAGAIN) /* not realized yet? */
711 return -ESRCH;
712
713 return r;
714}
715
716int dynamic_creds_acquire(DynamicCreds *creds, Manager *m, const char *user, const char *group) {
717 bool acquired = false;
718 int r;
719
720 assert(creds);
721 assert(m);
722
723 /* A DynamicUser object encapsulates an allocation of both a UID and a GID for a specific name. However, some
724 * services use different user and groups. For cases like that there's DynamicCreds containing a pair of user
725 * and group. This call allocates a pair. */
726
727 if (!creds->user && user) {
728 r = dynamic_user_acquire(m, user, &creds->user);
729 if (r < 0)
730 return r;
731
732 acquired = true;
733 }
734
735 if (!creds->group) {
736
737 if (creds->user && (!group || streq_ptr(user, group)))
738 creds->group = dynamic_user_ref(creds->user);
739 else {
740 r = dynamic_user_acquire(m, group, &creds->group);
741 if (r < 0) {
742 if (acquired)
743 creds->user = dynamic_user_unref(creds->user);
744 return r;
745 }
746 }
747 }
748
749 return 0;
750}
751
752int dynamic_creds_realize(DynamicCreds *creds, uid_t *uid, gid_t *gid) {
753 uid_t u = UID_INVALID;
754 gid_t g = GID_INVALID;
755 int r;
756
757 assert(creds);
758 assert(uid);
759 assert(gid);
760
761 /* Realize both the referenced user and group */
762
763 if (creds->user) {
764 r = dynamic_user_realize(creds->user, &u);
765 if (r < 0)
766 return r;
767 }
768
769 if (creds->group && creds->group != creds->user) {
770 r = dynamic_user_realize(creds->group, &g);
771 if (r < 0)
772 return r;
773 } else
774 g = u;
775
776 *uid = u;
777 *gid = g;
778
779 return 0;
780}
781
782void dynamic_creds_unref(DynamicCreds *creds) {
783 assert(creds);
784
785 creds->user = dynamic_user_unref(creds->user);
786 creds->group = dynamic_user_unref(creds->group);
787}
788
789void dynamic_creds_destroy(DynamicCreds *creds) {
790 assert(creds);
791
792 creds->user = dynamic_user_destroy(creds->user);
793 creds->group = dynamic_user_destroy(creds->group);
794}
Unnamed repository; edit this file 'description' to name the repository.