]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/user-util.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #1676 from poettering/util-lib-2
[thirdparty/systemd.git] / src / basic / user-util.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <pwd.h>
23 #include <grp.h>
24
25 #include "user-util.h"
26 #include "macro.h"
27 #include "util.h"
28 #include "string-util.h"
29 #include "path-util.h"
30
31 bool uid_is_valid(uid_t uid) {
32
33 /* Some libc APIs use UID_INVALID as special placeholder */
34 if (uid == (uid_t) UINT32_C(0xFFFFFFFF))
35 return false;
36
37 /* A long time ago UIDs where 16bit, hence explicitly avoid the 16bit -1 too */
38 if (uid == (uid_t) UINT32_C(0xFFFF))
39 return false;
40
41 return true;
42 }
43
44 int parse_uid(const char *s, uid_t *ret) {
45 uint32_t uid = 0;
46 int r;
47
48 assert(s);
49
50 assert_cc(sizeof(uid_t) == sizeof(uint32_t));
51 r = safe_atou32(s, &uid);
52 if (r < 0)
53 return r;
54
55 if (!uid_is_valid(uid))
56 return -ENXIO; /* we return ENXIO instead of EINVAL
57 * here, to make it easy to distuingish
58 * invalid numeric uids invalid
59 * strings. */
60
61 if (ret)
62 *ret = uid;
63
64 return 0;
65 }
66
67 char* getlogname_malloc(void) {
68 uid_t uid;
69 struct stat st;
70
71 if (isatty(STDIN_FILENO) && fstat(STDIN_FILENO, &st) >= 0)
72 uid = st.st_uid;
73 else
74 uid = getuid();
75
76 return uid_to_name(uid);
77 }
78
79 char *getusername_malloc(void) {
80 const char *e;
81
82 e = getenv("USER");
83 if (e)
84 return strdup(e);
85
86 return uid_to_name(getuid());
87 }
88
89 int get_user_creds(
90 const char **username,
91 uid_t *uid, gid_t *gid,
92 const char **home,
93 const char **shell) {
94
95 struct passwd *p;
96 uid_t u;
97
98 assert(username);
99 assert(*username);
100
101 /* We enforce some special rules for uid=0: in order to avoid
102 * NSS lookups for root we hardcode its data. */
103
104 if (streq(*username, "root") || streq(*username, "0")) {
105 *username = "root";
106
107 if (uid)
108 *uid = 0;
109
110 if (gid)
111 *gid = 0;
112
113 if (home)
114 *home = "/root";
115
116 if (shell)
117 *shell = "/bin/sh";
118
119 return 0;
120 }
121
122 if (parse_uid(*username, &u) >= 0) {
123 errno = 0;
124 p = getpwuid(u);
125
126 /* If there are multiple users with the same id, make
127 * sure to leave $USER to the configured value instead
128 * of the first occurrence in the database. However if
129 * the uid was configured by a numeric uid, then let's
130 * pick the real username from /etc/passwd. */
131 if (p)
132 *username = p->pw_name;
133 } else {
134 errno = 0;
135 p = getpwnam(*username);
136 }
137
138 if (!p)
139 return errno > 0 ? -errno : -ESRCH;
140
141 if (uid) {
142 if (!uid_is_valid(p->pw_uid))
143 return -EBADMSG;
144
145 *uid = p->pw_uid;
146 }
147
148 if (gid) {
149 if (!gid_is_valid(p->pw_gid))
150 return -EBADMSG;
151
152 *gid = p->pw_gid;
153 }
154
155 if (home)
156 *home = p->pw_dir;
157
158 if (shell)
159 *shell = p->pw_shell;
160
161 return 0;
162 }
163
164 int get_group_creds(const char **groupname, gid_t *gid) {
165 struct group *g;
166 gid_t id;
167
168 assert(groupname);
169
170 /* We enforce some special rules for gid=0: in order to avoid
171 * NSS lookups for root we hardcode its data. */
172
173 if (streq(*groupname, "root") || streq(*groupname, "0")) {
174 *groupname = "root";
175
176 if (gid)
177 *gid = 0;
178
179 return 0;
180 }
181
182 if (parse_gid(*groupname, &id) >= 0) {
183 errno = 0;
184 g = getgrgid(id);
185
186 if (g)
187 *groupname = g->gr_name;
188 } else {
189 errno = 0;
190 g = getgrnam(*groupname);
191 }
192
193 if (!g)
194 return errno > 0 ? -errno : -ESRCH;
195
196 if (gid) {
197 if (!gid_is_valid(g->gr_gid))
198 return -EBADMSG;
199
200 *gid = g->gr_gid;
201 }
202
203 return 0;
204 }
205
206 char* uid_to_name(uid_t uid) {
207 char *ret;
208 int r;
209
210 /* Shortcut things to avoid NSS lookups */
211 if (uid == 0)
212 return strdup("root");
213
214 if (uid_is_valid(uid)) {
215 long bufsize;
216
217 bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
218 if (bufsize <= 0)
219 bufsize = 4096;
220
221 for (;;) {
222 struct passwd pwbuf, *pw = NULL;
223 _cleanup_free_ char *buf = NULL;
224
225 buf = malloc(bufsize);
226 if (!buf)
227 return NULL;
228
229 r = getpwuid_r(uid, &pwbuf, buf, (size_t) bufsize, &pw);
230 if (r == 0 && pw)
231 return strdup(pw->pw_name);
232 if (r != ERANGE)
233 break;
234
235 bufsize *= 2;
236 }
237 }
238
239 if (asprintf(&ret, UID_FMT, uid) < 0)
240 return NULL;
241
242 return ret;
243 }
244
245 char* gid_to_name(gid_t gid) {
246 char *ret;
247 int r;
248
249 if (gid == 0)
250 return strdup("root");
251
252 if (gid_is_valid(gid)) {
253 long bufsize;
254
255 bufsize = sysconf(_SC_GETGR_R_SIZE_MAX);
256 if (bufsize <= 0)
257 bufsize = 4096;
258
259 for (;;) {
260 struct group grbuf, *gr = NULL;
261 _cleanup_free_ char *buf = NULL;
262
263 buf = malloc(bufsize);
264 if (!buf)
265 return NULL;
266
267 r = getgrgid_r(gid, &grbuf, buf, (size_t) bufsize, &gr);
268 if (r == 0 && gr)
269 return strdup(gr->gr_name);
270 if (r != ERANGE)
271 break;
272
273 bufsize *= 2;
274 }
275 }
276
277 if (asprintf(&ret, GID_FMT, gid) < 0)
278 return NULL;
279
280 return ret;
281 }
282
283 int in_gid(gid_t gid) {
284 gid_t *gids;
285 int ngroups_max, r, i;
286
287 if (getgid() == gid)
288 return 1;
289
290 if (getegid() == gid)
291 return 1;
292
293 if (!gid_is_valid(gid))
294 return -EINVAL;
295
296 ngroups_max = sysconf(_SC_NGROUPS_MAX);
297 assert(ngroups_max > 0);
298
299 gids = alloca(sizeof(gid_t) * ngroups_max);
300
301 r = getgroups(ngroups_max, gids);
302 if (r < 0)
303 return -errno;
304
305 for (i = 0; i < r; i++)
306 if (gids[i] == gid)
307 return 1;
308
309 return 0;
310 }
311
312 int in_group(const char *name) {
313 int r;
314 gid_t gid;
315
316 r = get_group_creds(&name, &gid);
317 if (r < 0)
318 return r;
319
320 return in_gid(gid);
321 }
322
323 int get_home_dir(char **_h) {
324 struct passwd *p;
325 const char *e;
326 char *h;
327 uid_t u;
328
329 assert(_h);
330
331 /* Take the user specified one */
332 e = secure_getenv("HOME");
333 if (e && path_is_absolute(e)) {
334 h = strdup(e);
335 if (!h)
336 return -ENOMEM;
337
338 *_h = h;
339 return 0;
340 }
341
342 /* Hardcode home directory for root to avoid NSS */
343 u = getuid();
344 if (u == 0) {
345 h = strdup("/root");
346 if (!h)
347 return -ENOMEM;
348
349 *_h = h;
350 return 0;
351 }
352
353 /* Check the database... */
354 errno = 0;
355 p = getpwuid(u);
356 if (!p)
357 return errno > 0 ? -errno : -ESRCH;
358
359 if (!path_is_absolute(p->pw_dir))
360 return -EINVAL;
361
362 h = strdup(p->pw_dir);
363 if (!h)
364 return -ENOMEM;
365
366 *_h = h;
367 return 0;
368 }
369
370 int get_shell(char **_s) {
371 struct passwd *p;
372 const char *e;
373 char *s;
374 uid_t u;
375
376 assert(_s);
377
378 /* Take the user specified one */
379 e = getenv("SHELL");
380 if (e) {
381 s = strdup(e);
382 if (!s)
383 return -ENOMEM;
384
385 *_s = s;
386 return 0;
387 }
388
389 /* Hardcode home directory for root to avoid NSS */
390 u = getuid();
391 if (u == 0) {
392 s = strdup("/bin/sh");
393 if (!s)
394 return -ENOMEM;
395
396 *_s = s;
397 return 0;
398 }
399
400 /* Check the database... */
401 errno = 0;
402 p = getpwuid(u);
403 if (!p)
404 return errno > 0 ? -errno : -ESRCH;
405
406 if (!path_is_absolute(p->pw_shell))
407 return -EINVAL;
408
409 s = strdup(p->pw_shell);
410 if (!s)
411 return -ENOMEM;
412
413 *_s = s;
414 return 0;
415 }
416
417 int reset_uid_gid(void) {
418
419 if (setgroups(0, NULL) < 0)
420 return -errno;
421
422 if (setresgid(0, 0, 0) < 0)
423 return -errno;
424
425 if (setresuid(0, 0, 0) < 0)
426 return -errno;
427
428 return 0;
429 }
Unnamed repository; edit this file 'description' to name the repository.