]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/user-util.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
util-lib: split out user/group/uid/gid calls into user-util.[ch]
[thirdparty/systemd.git] / src / basic / user-util.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <pwd.h>
23 #include <grp.h>
24
25 #include "user-util.h"
26 #include "macro.h"
27 #include "util.h"
28 #include "string-util.h"
29 #include "path-util.h"
30
31 bool uid_is_valid(uid_t uid) {
32
33 /* Some libc APIs use UID_INVALID as special placeholder */
34 if (uid == (uid_t) 0xFFFFFFFF)
35 return false;
36
37 /* A long time ago UIDs where 16bit, hence explicitly avoid the 16bit -1 too */
38 if (uid == (uid_t) 0xFFFF)
39 return false;
40
41 return true;
42 }
43
44 int parse_uid(const char *s, uid_t* ret_uid) {
45 unsigned long ul = 0;
46 uid_t uid;
47 int r;
48
49 assert(s);
50
51 r = safe_atolu(s, &ul);
52 if (r < 0)
53 return r;
54
55 uid = (uid_t) ul;
56
57 if ((unsigned long) uid != ul)
58 return -ERANGE;
59
60 if (!uid_is_valid(uid))
61 return -ENXIO; /* we return ENXIO instead of EINVAL
62 * here, to make it easy to distuingish
63 * invalid numeric uids invalid
64 * strings. */
65
66 if (ret_uid)
67 *ret_uid = uid;
68
69 return 0;
70 }
71
72 char *lookup_uid(uid_t uid) {
73 long bufsize;
74 char *name;
75 _cleanup_free_ char *buf = NULL;
76 struct passwd pwbuf, *pw = NULL;
77
78 /* Shortcut things to avoid NSS lookups */
79 if (uid == 0)
80 return strdup("root");
81
82 bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
83 if (bufsize <= 0)
84 bufsize = 4096;
85
86 buf = malloc(bufsize);
87 if (!buf)
88 return NULL;
89
90 if (getpwuid_r(uid, &pwbuf, buf, bufsize, &pw) == 0 && pw)
91 return strdup(pw->pw_name);
92
93 if (asprintf(&name, UID_FMT, uid) < 0)
94 return NULL;
95
96 return name;
97 }
98
99 char* getlogname_malloc(void) {
100 uid_t uid;
101 struct stat st;
102
103 if (isatty(STDIN_FILENO) && fstat(STDIN_FILENO, &st) >= 0)
104 uid = st.st_uid;
105 else
106 uid = getuid();
107
108 return lookup_uid(uid);
109 }
110
111 char *getusername_malloc(void) {
112 const char *e;
113
114 e = getenv("USER");
115 if (e)
116 return strdup(e);
117
118 return lookup_uid(getuid());
119 }
120
121 int get_user_creds(
122 const char **username,
123 uid_t *uid, gid_t *gid,
124 const char **home,
125 const char **shell) {
126
127 struct passwd *p;
128 uid_t u;
129
130 assert(username);
131 assert(*username);
132
133 /* We enforce some special rules for uid=0: in order to avoid
134 * NSS lookups for root we hardcode its data. */
135
136 if (streq(*username, "root") || streq(*username, "0")) {
137 *username = "root";
138
139 if (uid)
140 *uid = 0;
141
142 if (gid)
143 *gid = 0;
144
145 if (home)
146 *home = "/root";
147
148 if (shell)
149 *shell = "/bin/sh";
150
151 return 0;
152 }
153
154 if (parse_uid(*username, &u) >= 0) {
155 errno = 0;
156 p = getpwuid(u);
157
158 /* If there are multiple users with the same id, make
159 * sure to leave $USER to the configured value instead
160 * of the first occurrence in the database. However if
161 * the uid was configured by a numeric uid, then let's
162 * pick the real username from /etc/passwd. */
163 if (p)
164 *username = p->pw_name;
165 } else {
166 errno = 0;
167 p = getpwnam(*username);
168 }
169
170 if (!p)
171 return errno > 0 ? -errno : -ESRCH;
172
173 if (uid)
174 *uid = p->pw_uid;
175
176 if (gid)
177 *gid = p->pw_gid;
178
179 if (home)
180 *home = p->pw_dir;
181
182 if (shell)
183 *shell = p->pw_shell;
184
185 return 0;
186 }
187
188 int get_group_creds(const char **groupname, gid_t *gid) {
189 struct group *g;
190 gid_t id;
191
192 assert(groupname);
193
194 /* We enforce some special rules for gid=0: in order to avoid
195 * NSS lookups for root we hardcode its data. */
196
197 if (streq(*groupname, "root") || streq(*groupname, "0")) {
198 *groupname = "root";
199
200 if (gid)
201 *gid = 0;
202
203 return 0;
204 }
205
206 if (parse_gid(*groupname, &id) >= 0) {
207 errno = 0;
208 g = getgrgid(id);
209
210 if (g)
211 *groupname = g->gr_name;
212 } else {
213 errno = 0;
214 g = getgrnam(*groupname);
215 }
216
217 if (!g)
218 return errno > 0 ? -errno : -ESRCH;
219
220 if (gid)
221 *gid = g->gr_gid;
222
223 return 0;
224 }
225
226 char* uid_to_name(uid_t uid) {
227 struct passwd *p;
228 char *r;
229
230 if (uid == 0)
231 return strdup("root");
232
233 p = getpwuid(uid);
234 if (p)
235 return strdup(p->pw_name);
236
237 if (asprintf(&r, UID_FMT, uid) < 0)
238 return NULL;
239
240 return r;
241 }
242
243 char* gid_to_name(gid_t gid) {
244 struct group *p;
245 char *r;
246
247 if (gid == 0)
248 return strdup("root");
249
250 p = getgrgid(gid);
251 if (p)
252 return strdup(p->gr_name);
253
254 if (asprintf(&r, GID_FMT, gid) < 0)
255 return NULL;
256
257 return r;
258 }
259
260 int in_gid(gid_t gid) {
261 gid_t *gids;
262 int ngroups_max, r, i;
263
264 if (getgid() == gid)
265 return 1;
266
267 if (getegid() == gid)
268 return 1;
269
270 ngroups_max = sysconf(_SC_NGROUPS_MAX);
271 assert(ngroups_max > 0);
272
273 gids = alloca(sizeof(gid_t) * ngroups_max);
274
275 r = getgroups(ngroups_max, gids);
276 if (r < 0)
277 return -errno;
278
279 for (i = 0; i < r; i++)
280 if (gids[i] == gid)
281 return 1;
282
283 return 0;
284 }
285
286 int in_group(const char *name) {
287 int r;
288 gid_t gid;
289
290 r = get_group_creds(&name, &gid);
291 if (r < 0)
292 return r;
293
294 return in_gid(gid);
295 }
296
297 int get_home_dir(char **_h) {
298 struct passwd *p;
299 const char *e;
300 char *h;
301 uid_t u;
302
303 assert(_h);
304
305 /* Take the user specified one */
306 e = secure_getenv("HOME");
307 if (e && path_is_absolute(e)) {
308 h = strdup(e);
309 if (!h)
310 return -ENOMEM;
311
312 *_h = h;
313 return 0;
314 }
315
316 /* Hardcode home directory for root to avoid NSS */
317 u = getuid();
318 if (u == 0) {
319 h = strdup("/root");
320 if (!h)
321 return -ENOMEM;
322
323 *_h = h;
324 return 0;
325 }
326
327 /* Check the database... */
328 errno = 0;
329 p = getpwuid(u);
330 if (!p)
331 return errno > 0 ? -errno : -ESRCH;
332
333 if (!path_is_absolute(p->pw_dir))
334 return -EINVAL;
335
336 h = strdup(p->pw_dir);
337 if (!h)
338 return -ENOMEM;
339
340 *_h = h;
341 return 0;
342 }
343
344 int get_shell(char **_s) {
345 struct passwd *p;
346 const char *e;
347 char *s;
348 uid_t u;
349
350 assert(_s);
351
352 /* Take the user specified one */
353 e = getenv("SHELL");
354 if (e) {
355 s = strdup(e);
356 if (!s)
357 return -ENOMEM;
358
359 *_s = s;
360 return 0;
361 }
362
363 /* Hardcode home directory for root to avoid NSS */
364 u = getuid();
365 if (u == 0) {
366 s = strdup("/bin/sh");
367 if (!s)
368 return -ENOMEM;
369
370 *_s = s;
371 return 0;
372 }
373
374 /* Check the database... */
375 errno = 0;
376 p = getpwuid(u);
377 if (!p)
378 return errno > 0 ? -errno : -ESRCH;
379
380 if (!path_is_absolute(p->pw_shell))
381 return -EINVAL;
382
383 s = strdup(p->pw_shell);
384 if (!s)
385 return -ENOMEM;
386
387 *_s = s;
388 return 0;
389 }
390
391 int reset_uid_gid(void) {
392
393 if (setgroups(0, NULL) < 0)
394 return -errno;
395
396 if (setresgid(0, 0, 0) < 0)
397 return -errno;
398
399 if (setresuid(0, 0, 0) < 0)
400 return -errno;
401
402 return 0;
403 }
Unnamed repository; edit this file 'description' to name the repository.