From: Zbigniew Jędrzejewski-Szmek Date: Thu, 1 Aug 2019 07:58:27 +0000 (+0200) Subject: shared/user-util: allow usernames with dots in specific fields X-Git-Tag: v243~23^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ae480f0b09aec815b64579bb1828ea935d8ee236;p=thirdparty%2Fsystemd.git shared/user-util: allow usernames with dots in specific fields People do have usernames with dots, and it makes them very unhappy that systemd doesn't like their that. It seems that there is no actual problem with allowing dots in the username. In particular chown declares ":" as the official separator, and internally in systemd we never rely on "." as the seperator between user and group (nor do we call chown directly). Using dots in the name is probably not a very good idea, but we don't need to care. Debian tools (adduser) do not allow users with dots to be created. This patch allows *existing* names with dots to be used in User, Group, SupplementaryGroups, SocketUser, SocketGroup fields, both in unit files and on the command line. DynamicUsers and sysusers still follow the strict policy. user@.service and tmpfiles already allowed arbitrary user names, and this remains unchanged. Fixes #12754. --- diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c index a92897081e0..68726c2cc0c 100644 --- a/src/core/dbus-execute.c +++ b/src/core/dbus-execute.c @@ -1187,10 +1187,10 @@ int bus_exec_context_set_transient_property( flags |= UNIT_PRIVATE; if (streq(name, "User")) - return bus_set_transient_user(u, name, &c->user, message, flags, error); + return bus_set_transient_user_compat(u, name, &c->user, message, flags, error); if (streq(name, "Group")) - return bus_set_transient_user(u, name, &c->group, message, flags, error); + return bus_set_transient_user_compat(u, name, &c->group, message, flags, error); if (streq(name, "TTYPath")) return bus_set_transient_path(u, name, &c->tty_path, message, flags, error); @@ -1369,7 +1369,7 @@ int bus_exec_context_set_transient_property( return r; STRV_FOREACH(p, l) - if (!isempty(*p) && !valid_user_group_name_or_id(*p)) + if (!isempty(*p) && !valid_user_group_name_or_id_compat(*p)) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid supplementary group names"); diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c index e895c94e12a..25d3d71391b 100644 --- a/src/core/dbus-socket.c +++ b/src/core/dbus-socket.c @@ -277,10 +277,10 @@ static int bus_socket_set_transient_property( return bus_set_transient_fdname(u, name, &s->fdname, message, flags, error); if (streq(name, "SocketUser")) - return bus_set_transient_user(u, name, &s->user, message, flags, error); + return bus_set_transient_user_compat(u, name, &s->user, message, flags, error); if (streq(name, "SocketGroup")) - return bus_set_transient_user(u, name, &s->group, message, flags, error); + return bus_set_transient_user_compat(u, name, &s->group, message, flags, error); if (streq(name, "BindIPv6Only")) return bus_set_transient_bind_ipv6_only(u, name, &s->bind_ipv6_only, message, flags, error); diff --git a/src/core/dbus-util.c b/src/core/dbus-util.c index f4fbb72cb99..7862beaacb6 100644 --- a/src/core/dbus-util.c +++ b/src/core/dbus-util.c @@ -30,7 +30,7 @@ int bus_property_get_triggered_unit( BUS_DEFINE_SET_TRANSIENT(mode_t, "u", uint32_t, mode_t, "%040o"); BUS_DEFINE_SET_TRANSIENT(unsigned, "u", uint32_t, unsigned, "%" PRIu32); -BUS_DEFINE_SET_TRANSIENT_STRING_WITH_CHECK(user, valid_user_group_name_or_id); +BUS_DEFINE_SET_TRANSIENT_STRING_WITH_CHECK(user_compat, valid_user_group_name_or_id_compat); BUS_DEFINE_SET_TRANSIENT_STRING_WITH_CHECK(path, path_is_absolute); int bus_set_transient_string( diff --git a/src/core/dbus-util.h b/src/core/dbus-util.h index 12b055e4ac9..a3316c67018 100644 --- a/src/core/dbus-util.h +++ b/src/core/dbus-util.h @@ -235,7 +235,7 @@ int bus_property_get_triggered_unit(sd_bus *bus, const char *path, const char *i int bus_set_transient_mode_t(Unit *u, const char *name, mode_t *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error); int bus_set_transient_unsigned(Unit *u, const char *name, unsigned *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error); -int bus_set_transient_user(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error); +int bus_set_transient_user_compat(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error); int bus_set_transient_path(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error); int bus_set_transient_string(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error); int bus_set_transient_bool(Unit *u, const char *name, bool *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error); diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4 index 10e4801cfe6..58a28e3241e 100644 --- a/src/core/load-fragment-gperf.gperf.m4 +++ b/src/core/load-fragment-gperf.gperf.m4 @@ -25,9 +25,9 @@ m4_define(`EXEC_CONTEXT_CONFIG_ITEMS', `$1.WorkingDirectory, config_parse_working_directory, 0, offsetof($1, exec_context) $1.RootDirectory, config_parse_unit_path_printf, true, offsetof($1, exec_context.root_directory) $1.RootImage, config_parse_unit_path_printf, true, offsetof($1, exec_context.root_image) -$1.User, config_parse_user_group, 0, offsetof($1, exec_context.user) -$1.Group, config_parse_user_group, 0, offsetof($1, exec_context.group) -$1.SupplementaryGroups, config_parse_user_group_strv, 0, offsetof($1, exec_context.supplementary_groups) +$1.User, config_parse_user_group_compat, 0, offsetof($1, exec_context.user) +$1.Group, config_parse_user_group_compat, 0, offsetof($1, exec_context.group) +$1.SupplementaryGroups, config_parse_user_group_strv_compat, 0, offsetof($1, exec_context.supplementary_groups) $1.Nice, config_parse_exec_nice, 0, offsetof($1, exec_context) $1.OOMScoreAdjust, config_parse_exec_oom_score_adjust, 0, offsetof($1, exec_context) $1.IOSchedulingClass, config_parse_exec_io_class, 0, offsetof($1, exec_context) @@ -365,8 +365,8 @@ Socket.ExecStartPost, config_parse_exec, SOCKET_EXEC Socket.ExecStopPre, config_parse_exec, SOCKET_EXEC_STOP_PRE, offsetof(Socket, exec_command) Socket.ExecStopPost, config_parse_exec, SOCKET_EXEC_STOP_POST, offsetof(Socket, exec_command) Socket.TimeoutSec, config_parse_sec_fix_0, 0, offsetof(Socket, timeout_usec) -Socket.SocketUser, config_parse_user_group, 0, offsetof(Socket, user) -Socket.SocketGroup, config_parse_user_group, 0, offsetof(Socket, group) +Socket.SocketUser, config_parse_user_group_compat, 0, offsetof(Socket, user) +Socket.SocketGroup, config_parse_user_group_compat, 0, offsetof(Socket, group) Socket.SocketMode, config_parse_mode, 0, offsetof(Socket, socket_mode) Socket.DirectoryMode, config_parse_mode, 0, offsetof(Socket, directory_mode) Socket.Accept, config_parse_bool, 0, offsetof(Socket, accept) diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index 20079e1fb12..a4564f8a9d2 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -2004,7 +2004,7 @@ int config_parse_sec_fix_0( return 0; } -int config_parse_user_group( +int config_parse_user_group_compat( const char *unit, const char *filename, unsigned line, @@ -2037,7 +2037,7 @@ int config_parse_user_group( return -ENOEXEC; } - if (!valid_user_group_name_or_id(k)) { + if (!valid_user_group_name_or_id_compat(k)) { log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k); return -ENOEXEC; } @@ -2045,7 +2045,7 @@ int config_parse_user_group( return free_and_replace(*user, k); } -int config_parse_user_group_strv( +int config_parse_user_group_strv_compat( const char *unit, const char *filename, unsigned line, @@ -2091,7 +2091,7 @@ int config_parse_user_group_strv( return -ENOEXEC; } - if (!valid_user_group_name_or_id(k)) { + if (!valid_user_group_name_or_id_compat(k)) { log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k); return -ENOEXEC; } diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h index 326e80893bd..664643f08ec 100644 --- a/src/core/load-fragment.h +++ b/src/core/load-fragment.h @@ -99,8 +99,8 @@ CONFIG_PARSER_PROTOTYPE(config_parse_exec_utmp_mode); CONFIG_PARSER_PROTOTYPE(config_parse_working_directory); CONFIG_PARSER_PROTOTYPE(config_parse_fdname); CONFIG_PARSER_PROTOTYPE(config_parse_sec_fix_0); -CONFIG_PARSER_PROTOTYPE(config_parse_user_group); -CONFIG_PARSER_PROTOTYPE(config_parse_user_group_strv); +CONFIG_PARSER_PROTOTYPE(config_parse_user_group_compat); +CONFIG_PARSER_PROTOTYPE(config_parse_user_group_strv_compat); CONFIG_PARSER_PROTOTYPE(config_parse_restrict_namespaces); CONFIG_PARSER_PROTOTYPE(config_parse_bind_paths); CONFIG_PARSER_PROTOTYPE(config_parse_exec_keyring_mode);