diff options
author | Lennart Poettering <lennart@poettering.net> | 2021-11-12 18:50:44 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2021-11-13 08:10:11 +0100 |
commit | b085d2240658bed3eb313777fe7b766797fff71d (patch) | |
tree | bb1fc9b7face6f1eae01e2f498f28141419dcc1e /src/shared/user-record.c | |
parent | bb562024a57d2e183d85a2e62639f9fb63281969 (diff) | |
download | systemd-b085d2240658bed3eb313777fe7b766797fff71d.tar.gz |
shared: split out UID allocation range stuff from user-record.h
user-record.[ch] are about the UserRecord JSON stuff, and the UID
allocation range stuff (i.e. login.defs handling) is a very different
thing, and complex enough on its own, let's give it its own c/h files.
No code changes, just some splitting out of code.
Diffstat (limited to 'src/shared/user-record.c')
-rw-r--r-- | src/shared/user-record.c | 121 |
1 files changed, 1 insertions, 120 deletions
diff --git a/src/shared/user-record.c b/src/shared/user-record.c index 2fbe6ad5bd..b68b6a98d2 100644 --- a/src/shared/user-record.c +++ b/src/shared/user-record.c @@ -3,11 +3,8 @@ #include <sys/mount.h> #include "cgroup-util.h" -#include "chase-symlinks.h" #include "dns-domain.h" #include "env-util.h" -#include "fd-util.h" -#include "fileio.h" #include "fs-util.h" #include "hexdecoct.h" #include "hostname-util.h" @@ -15,131 +12,15 @@ #include "path-util.h" #include "pkcs11-util.h" #include "rlimit-util.h" -#include "stat-util.h" #include "string-table.h" #include "strv.h" +#include "uid-alloc-range.h" #include "user-record.h" #include "user-util.h" #define DEFAULT_RATELIMIT_BURST 30 #define DEFAULT_RATELIMIT_INTERVAL_USEC (1*USEC_PER_MINUTE) -#if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES -static int parse_alloc_uid(const char *path, const char *name, const char *t, uid_t *ret_uid) { - uid_t uid; - int r; - - r = parse_uid(t, &uid); - if (r < 0) - return log_debug_errno(r, "%s: failed to parse %s %s, ignoring: %m", path, name, t); - if (uid == 0) - uid = 1; - - *ret_uid = uid; - return 0; -} -#endif - -int read_login_defs(UGIDAllocationRange *ret_defs, const char *path, const char *root) { - UGIDAllocationRange defs = { - .system_alloc_uid_min = SYSTEM_ALLOC_UID_MIN, - .system_uid_max = SYSTEM_UID_MAX, - .system_alloc_gid_min = SYSTEM_ALLOC_GID_MIN, - .system_gid_max = SYSTEM_GID_MAX, - }; - -#if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES - _cleanup_fclose_ FILE *f = NULL; - int r; - - if (!path) - path = "/etc/login.defs"; - - r = chase_symlinks_and_fopen_unlocked(path, root, CHASE_PREFIX_ROOT, "re", NULL, &f); - if (r == -ENOENT) - goto assign; - if (r < 0) - return log_debug_errno(r, "Failed to open %s: %m", path); - - for (;;) { - _cleanup_free_ char *line = NULL; - char *t; - - r = read_line(f, LINE_MAX, &line); - if (r < 0) - return log_debug_errno(r, "Failed to read %s: %m", path); - if (r == 0) - break; - - if ((t = first_word(line, "SYS_UID_MIN"))) - (void) parse_alloc_uid(path, "SYS_UID_MIN", t, &defs.system_alloc_uid_min); - else if ((t = first_word(line, "SYS_UID_MAX"))) - (void) parse_alloc_uid(path, "SYS_UID_MAX", t, &defs.system_uid_max); - else if ((t = first_word(line, "SYS_GID_MIN"))) - (void) parse_alloc_uid(path, "SYS_GID_MIN", t, &defs.system_alloc_gid_min); - else if ((t = first_word(line, "SYS_GID_MAX"))) - (void) parse_alloc_uid(path, "SYS_GID_MAX", t, &defs.system_gid_max); - } - - assign: - if (defs.system_alloc_uid_min > defs.system_uid_max) { - log_debug("%s: SYS_UID_MIN > SYS_UID_MAX, resetting.", path); - defs.system_alloc_uid_min = MIN(defs.system_uid_max - 1, (uid_t) SYSTEM_ALLOC_UID_MIN); - /* Look at sys_uid_max to make sure sys_uid_min..sys_uid_max remains a valid range. */ - } - if (defs.system_alloc_gid_min > defs.system_gid_max) { - log_debug("%s: SYS_GID_MIN > SYS_GID_MAX, resetting.", path); - defs.system_alloc_gid_min = MIN(defs.system_gid_max - 1, (gid_t) SYSTEM_ALLOC_GID_MIN); - /* Look at sys_gid_max to make sure sys_gid_min..sys_gid_max remains a valid range. */ - } -#endif - - *ret_defs = defs; - return 0; -} - -const UGIDAllocationRange *acquire_ugid_allocation_range(void) { -#if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES - static thread_local UGIDAllocationRange defs = { -#else - static const UGIDAllocationRange defs = { -#endif - .system_alloc_uid_min = SYSTEM_ALLOC_UID_MIN, - .system_uid_max = SYSTEM_UID_MAX, - .system_alloc_gid_min = SYSTEM_ALLOC_GID_MIN, - .system_gid_max = SYSTEM_GID_MAX, - }; - -#if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES - /* This function will ignore failure to read the file, so it should only be called from places where - * we don't crucially depend on the answer. In other words, it's appropriate for journald, but - * probably not for sysusers. */ - - static thread_local bool initialized = false; - - if (!initialized) { - (void) read_login_defs(&defs, NULL, NULL); - initialized = true; - } -#endif - - return &defs; -} - -bool uid_is_system(uid_t uid) { - const UGIDAllocationRange *defs; - assert_se(defs = acquire_ugid_allocation_range()); - - return uid <= defs->system_uid_max; -} - -bool gid_is_system(gid_t gid) { - const UGIDAllocationRange *defs; - assert_se(defs = acquire_ugid_allocation_range()); - - return gid <= defs->system_gid_max; -} - UserRecord* user_record_new(void) { UserRecord *h; |