user-record: add helper that checks if a user record is root or the nobody user

diff --git a/src/nspawn/nspawn-bind-user.c b/src/nspawn/nspawn-bind-user.c
index 1668656dabf5f0dc1948fbd2724957f0e37fca6f..0960a6dcea64adf6f4ba11856afa42f1b3bc1d7e 100644 (file)
--- a/src/nspawn/nspawn-bind-user.c
+++ b/src/nspawn/nspawn-bind-user.c
@@ -245,9 +245,9 @@ int bind_user_prepare(
                  * and the user/group databases fully synthesized at runtime. Moreover, the name of the
                  * user/group name of the "nobody" account differs between distros, hence a check by numeric
                  * UID is safer. */
-                if (u->uid == 0 || streq(u->user_name, "root"))
+                if (user_record_is_root(u))
                         return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Mapping 'root' user not supported, sorry.");
-                if (u->uid == UID_NOBODY || STR_IN_SET(u->user_name, NOBODY_USER_NAME, "nobody"))
+                if (user_record_is_nobody(u))
                         return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Mapping 'nobody' user not supported, sorry.");
 
                 if (u->uid >= uid_shift && u->uid < uid_shift + uid_range)

diff --git a/src/shared/user-record.c b/src/shared/user-record.c
index e1cbdbd5dc2459f7803c0d653e5e21ffa0d6fcc9..dccf455ba5c29669bb18cc9de99a4e9bd81539b9 100644 (file)
--- a/src/shared/user-record.c
+++ b/src/shared/user-record.c
@@ -1805,7 +1805,7 @@ static const char *user_record_home_directory_real(UserRecord *h) {
                 return h->home_directory_auto;
 
         /* The root user is special, hence be special about it */
-        if (streq_ptr(h->user_name, "root"))
+        if (user_record_is_root(h))
                 return "/root";
 
         return "/";
@@ -1853,7 +1853,7 @@ static const char *user_record_shell_real(UserRecord *h) {
         if (h->shell)
                 return h->shell;
 
-        if (streq_ptr(h->user_name, "root"))
+        if (user_record_is_root(h))
                 return "/bin/sh";
 
         if (user_record_disposition(h) == USER_REGULAR)
@@ -2033,7 +2033,7 @@ UserDisposition user_record_disposition(UserRecord *h) {
         if (!uid_is_valid(h->uid))
                 return _USER_DISPOSITION_INVALID;
 
-        if (h->uid == 0 || h->uid == UID_NOBODY)
+        if (user_record_is_root(h) || user_record_is_nobody(h))
                 return USER_INTRINSIC;
 
         if (uid_is_system(h->uid))
@@ -2411,6 +2411,18 @@ int user_record_test_password_change_required(UserRecord *h) {
         return change_permitted ? 0 : -EROFS;
 }
 
+int user_record_is_root(const UserRecord *u) {
+        assert(u);
+
+        return u->uid == 0 || streq_ptr(u->user_name, "root");
+}
+
+int user_record_is_nobody(const UserRecord *u) {
+        assert(u);
+
+        return u->uid == UID_NOBODY || STRPTR_IN_SET(u->user_name, NOBODY_USER_NAME, "nobody");
+}
+
 int suitable_blob_filename(const char *name) {
         /* Enforces filename requirements as described in docs/USER_RECORD_BULK_DIRS.md */
         return filename_is_valid(name) &&

diff --git a/src/shared/user-record.h b/src/shared/user-record.h
index 7cbf9371c6f9afd535f083eb121b89741a4ece89..2a0e92d69ad2729521ccb33d753d0541456938a1 100644 (file)
--- a/src/shared/user-record.h
+++ b/src/shared/user-record.h
@@ -445,6 +445,9 @@ int user_record_masked_equal(UserRecord *a, UserRecord *b, UserRecordMask mask);
 int user_record_test_blocked(UserRecord *h);
 int user_record_test_password_change_required(UserRecord *h);
 
+int user_record_is_root(const UserRecord *u);
+int user_record_is_nobody(const UserRecord *u);
+
 /* The following six are user by group-record.c, that's why we export them here */
 int json_dispatch_realm(const char *name, sd_json_variant *variant, sd_json_dispatch_flags_t flags, void *userdata);
 int json_dispatch_gecos(const char *name, sd_json_variant *variant, sd_json_dispatch_flags_t flags, void *userdata);