src/basic/user-util.h

   1 /* SPDX-License-Identifier: LGPL-2.1+ */
   2 #pragma once
   3
   4 #include <grp.h>
   5 #include <gshadow.h>
   6 #include <pwd.h>
   7 #include <shadow.h>
   8 #include <stdbool.h>
   9 #include <stdint.h>
  10 #include <sys/types.h>
  11 #include <unistd.h>
  12
  13 bool uid_is_valid(uid_t uid);
  14
  15 static inline bool gid_is_valid(gid_t gid) {
  16         return uid_is_valid((uid_t) gid);
  17 }
  18
  19 int parse_uid(const char *s, uid_t* ret_uid);
  20
  21 static inline int parse_gid(const char *s, gid_t *ret_gid) {
  22         return parse_uid(s, (uid_t*) ret_gid);
  23 }
  24
  25 char* getlogname_malloc(void);
  26 char* getusername_malloc(void);
  27
  28 int get_user_creds(const char **username, uid_t *uid, gid_t *gid, const char **home, const char **shell);
  29 int get_user_creds_clean(const char **username, uid_t *uid, gid_t *gid, const char **home, const char **shell);
  30 int get_group_creds(const char **groupname, gid_t *gid);
  31
  32 char* uid_to_name(uid_t uid);
  33 char* gid_to_name(gid_t gid);
  34
  35 int in_gid(gid_t gid);
  36 int in_group(const char *name);
  37
  38 int get_home_dir(char **ret);
  39 int get_shell(char **_ret);
  40
  41 int reset_uid_gid(void);
  42
  43 int take_etc_passwd_lock(const char *root);
  44
  45 #define UID_INVALID ((uid_t) -1)
  46 #define GID_INVALID ((gid_t) -1)
  47
  48 #define UID_NOBODY ((uid_t) 65534U)
  49 #define GID_NOBODY ((gid_t) 65534U)
  50
  51 #define ETC_PASSWD_LOCK_PATH "/etc/.pwd.lock"
  52
  53 static inline bool uid_is_dynamic(uid_t uid) {
  54         return DYNAMIC_UID_MIN <= uid && uid <= DYNAMIC_UID_MAX;
  55 }
  56
  57 static inline bool gid_is_dynamic(gid_t gid) {
  58         return uid_is_dynamic((uid_t) gid);
  59 }
  60
  61 static inline bool uid_is_system(uid_t uid) {
  62         return uid <= SYSTEM_UID_MAX;
  63 }
  64
  65 static inline bool gid_is_system(gid_t gid) {
  66         return gid <= SYSTEM_GID_MAX;
  67 }
  68
  69 /* The following macros add 1 when converting things, since UID 0 is a valid UID, while the pointer
  70  * NULL is special */
  71 #define PTR_TO_UID(p) ((uid_t) (((uintptr_t) (p))-1))
  72 #define UID_TO_PTR(u) ((void*) (((uintptr_t) (u))+1))
  73
  74 #define PTR_TO_GID(p) ((gid_t) (((uintptr_t) (p))-1))
  75 #define GID_TO_PTR(u) ((void*) (((uintptr_t) (u))+1))
  76
  77 static inline bool userns_supported(void) {
  78         return access("/proc/self/uid_map", F_OK) >= 0;
  79 }
  80
  81 bool valid_user_group_name(const char *u);
  82 bool valid_user_group_name_or_id(const char *u);
  83 bool valid_gecos(const char *d);
  84 bool valid_home(const char *p);
  85
  86 static inline bool valid_shell(const char *p) {
  87         /* We have the same requirements, so just piggy-back on the home check.
  88          *
  89          * Let's ignore /etc/shells because this is only applicable to real and
  90          * not system users. It is also incompatible with the idea of empty /etc.
  91          */
  92         return valid_home(p);
  93 }
  94
  95 int maybe_setgroups(size_t size, const gid_t *list);
  96
  97 bool synthesize_nobody(void);
  98
  99 int fgetpwent_sane(FILE *stream, struct passwd **pw);
 100 int fgetspent_sane(FILE *stream, struct spwd **sp);
 101 int fgetgrent_sane(FILE *stream, struct group **gr);
 102 int putpwent_sane(const struct passwd *pw, FILE *stream);
 103 int putspent_sane(const struct spwd *sp, FILE *stream);
 104 int putgrent_sane(const struct group *gr, FILE *stream);
 105 #if ENABLE_GSHADOW
 106 int fgetsgent_sane(FILE *stream, struct sgrp **sg);
 107 int putsgent_sane(const struct sgrp *sg, FILE *stream);
 108 #endif