From: Lennart Poettering Date: Mon, 26 Aug 2024 14:38:59 +0000 (+0200) Subject: user-record: add helper that checks if a user record is root or the nobody user X-Git-Tag: v257-rc1~606 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=313c178b1b856046e314e8b2a7ef6436f7823328;p=thirdparty%2Fsystemd.git user-record: add helper that checks if a user record is root or the nobody user --- diff --git a/src/nspawn/nspawn-bind-user.c b/src/nspawn/nspawn-bind-user.c index 1668656dabf..0960a6dcea6 100644 --- a/src/nspawn/nspawn-bind-user.c +++ b/src/nspawn/nspawn-bind-user.c @@ -245,9 +245,9 @@ int bind_user_prepare( * and the user/group databases fully synthesized at runtime. Moreover, the name of the * user/group name of the "nobody" account differs between distros, hence a check by numeric * UID is safer. */ - if (u->uid == 0 || streq(u->user_name, "root")) + if (user_record_is_root(u)) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Mapping 'root' user not supported, sorry."); - if (u->uid == UID_NOBODY || STR_IN_SET(u->user_name, NOBODY_USER_NAME, "nobody")) + if (user_record_is_nobody(u)) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Mapping 'nobody' user not supported, sorry."); if (u->uid >= uid_shift && u->uid < uid_shift + uid_range) diff --git a/src/shared/user-record.c b/src/shared/user-record.c index e1cbdbd5dc2..dccf455ba5c 100644 --- a/src/shared/user-record.c +++ b/src/shared/user-record.c @@ -1805,7 +1805,7 @@ static const char *user_record_home_directory_real(UserRecord *h) { return h->home_directory_auto; /* The root user is special, hence be special about it */ - if (streq_ptr(h->user_name, "root")) + if (user_record_is_root(h)) return "/root"; return "/"; @@ -1853,7 +1853,7 @@ static const char *user_record_shell_real(UserRecord *h) { if (h->shell) return h->shell; - if (streq_ptr(h->user_name, "root")) + if (user_record_is_root(h)) return "/bin/sh"; if (user_record_disposition(h) == USER_REGULAR) @@ -2033,7 +2033,7 @@ UserDisposition user_record_disposition(UserRecord *h) { if (!uid_is_valid(h->uid)) return _USER_DISPOSITION_INVALID; - if (h->uid == 0 || h->uid == UID_NOBODY) + if (user_record_is_root(h) || user_record_is_nobody(h)) return USER_INTRINSIC; if (uid_is_system(h->uid)) @@ -2411,6 +2411,18 @@ int user_record_test_password_change_required(UserRecord *h) { return change_permitted ? 0 : -EROFS; } +int user_record_is_root(const UserRecord *u) { + assert(u); + + return u->uid == 0 || streq_ptr(u->user_name, "root"); +} + +int user_record_is_nobody(const UserRecord *u) { + assert(u); + + return u->uid == UID_NOBODY || STRPTR_IN_SET(u->user_name, NOBODY_USER_NAME, "nobody"); +} + int suitable_blob_filename(const char *name) { /* Enforces filename requirements as described in docs/USER_RECORD_BULK_DIRS.md */ return filename_is_valid(name) && diff --git a/src/shared/user-record.h b/src/shared/user-record.h index 7cbf9371c6f..2a0e92d69ad 100644 --- a/src/shared/user-record.h +++ b/src/shared/user-record.h @@ -445,6 +445,9 @@ int user_record_masked_equal(UserRecord *a, UserRecord *b, UserRecordMask mask); int user_record_test_blocked(UserRecord *h); int user_record_test_password_change_required(UserRecord *h); +int user_record_is_root(const UserRecord *u); +int user_record_is_nobody(const UserRecord *u); + /* The following six are user by group-record.c, that's why we export them here */ int json_dispatch_realm(const char *name, sd_json_variant *variant, sd_json_dispatch_flags_t flags, void *userdata); int json_dispatch_gecos(const char *name, sd_json_variant *variant, sd_json_dispatch_flags_t flags, void *userdata);