]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/user-util.h
52f3df792d7754e9efdc1b3246bf18f82007b278
[thirdparty/systemd.git] / src / basic / user-util.h
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 #pragma once
3
4 #include <grp.h>
5 #if ENABLE_GSHADOW
6 #include <gshadow.h>
7 #endif
8 #include <pwd.h>
9 #include <shadow.h>
10 #include <stdbool.h>
11 #include <stdint.h>
12 #include <sys/types.h>
13 #include <unistd.h>
14
15 bool uid_is_valid(uid_t uid);
16
17 static inline bool gid_is_valid(gid_t gid) {
18 return uid_is_valid((uid_t) gid);
19 }
20
21 int parse_uid(const char *s, uid_t* ret_uid);
22
23 static inline int parse_gid(const char *s, gid_t *ret_gid) {
24 return parse_uid(s, (uid_t*) ret_gid);
25 }
26
27 char* getlogname_malloc(void);
28 char* getusername_malloc(void);
29
30 typedef enum UserCredsFlags {
31 USER_CREDS_PREFER_NSS = 1 << 0, /* if set, only synthesize user records if database lacks them. Normally we bypass the userdb entirely for the records we can synthesize */
32 USER_CREDS_ALLOW_MISSING = 1 << 1, /* if a numeric UID string is resolved, be OK if there's no record for it */
33 USER_CREDS_CLEAN = 1 << 2, /* try to clean up shell and home fields with invalid data */
34 } UserCredsFlags;
35
36 int get_user_creds(const char **username, uid_t *uid, gid_t *gid, const char **home, const char **shell, UserCredsFlags flags);
37 int get_group_creds(const char **groupname, gid_t *gid, UserCredsFlags flags);
38
39 char* uid_to_name(uid_t uid);
40 char* gid_to_name(gid_t gid);
41
42 int in_gid(gid_t gid);
43 int in_group(const char *name);
44
45 int get_home_dir(char **ret);
46 int get_shell(char **_ret);
47
48 int reset_uid_gid(void);
49
50 int take_etc_passwd_lock(const char *root);
51
52 #define UID_INVALID ((uid_t) -1)
53 #define GID_INVALID ((gid_t) -1)
54
55 #define UID_NOBODY ((uid_t) 65534U)
56 #define GID_NOBODY ((gid_t) 65534U)
57
58 #define ETC_PASSWD_LOCK_PATH "/etc/.pwd.lock"
59
60 static inline bool uid_is_dynamic(uid_t uid) {
61 return DYNAMIC_UID_MIN <= uid && uid <= DYNAMIC_UID_MAX;
62 }
63
64 static inline bool gid_is_dynamic(gid_t gid) {
65 return uid_is_dynamic((uid_t) gid);
66 }
67
68 static inline bool uid_is_system(uid_t uid) {
69 return uid <= SYSTEM_UID_MAX;
70 }
71
72 static inline bool gid_is_system(gid_t gid) {
73 return gid <= SYSTEM_GID_MAX;
74 }
75
76 /* The following macros add 1 when converting things, since UID 0 is a valid UID, while the pointer
77 * NULL is special */
78 #define PTR_TO_UID(p) ((uid_t) (((uintptr_t) (p))-1))
79 #define UID_TO_PTR(u) ((void*) (((uintptr_t) (u))+1))
80
81 #define PTR_TO_GID(p) ((gid_t) (((uintptr_t) (p))-1))
82 #define GID_TO_PTR(u) ((void*) (((uintptr_t) (u))+1))
83
84 static inline bool userns_supported(void) {
85 return access("/proc/self/uid_map", F_OK) >= 0;
86 }
87
88 bool valid_user_group_name(const char *u);
89 bool valid_user_group_name_or_id(const char *u);
90 bool valid_gecos(const char *d);
91 bool valid_home(const char *p);
92
93 static inline bool valid_shell(const char *p) {
94 /* We have the same requirements, so just piggy-back on the home check.
95 *
96 * Let's ignore /etc/shells because this is only applicable to real and
97 * not system users. It is also incompatible with the idea of empty /etc.
98 */
99 return valid_home(p);
100 }
101
102 int maybe_setgroups(size_t size, const gid_t *list);
103
104 bool synthesize_nobody(void);
105
106 int fgetpwent_sane(FILE *stream, struct passwd **pw);
107 int fgetspent_sane(FILE *stream, struct spwd **sp);
108 int fgetgrent_sane(FILE *stream, struct group **gr);
109 int putpwent_sane(const struct passwd *pw, FILE *stream);
110 int putspent_sane(const struct spwd *sp, FILE *stream);
111 int putgrent_sane(const struct group *gr, FILE *stream);
112 #if ENABLE_GSHADOW
113 int fgetsgent_sane(FILE *stream, struct sgrp **sg);
114 int putsgent_sane(const struct sgrp *sg, FILE *stream);
115 #endif
116
117 int make_salt(char **ret);