summaryrefslogtreecommitdiff
path: root/src/shared/userdb.c
Commit message (Collapse)AuthorAgeFilesLines
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* shared: merge {user,group}-record-nss.{c,h}Zbigniew Jędrzejewski-Szmek2020-09-011-1/+0
| | | | | They both are both short and contain similar parts and various helper will be shared between both parts of the code so it's easier to use a single file.
* docs: permit user/group services that do not support enumerationLennart Poettering2020-07-141-0/+2
| | | | | | | | sssd people don't like enumeration and for some other cases it's not nice to support either, in particular when synthesizing records for container/userns UID/GID ranges. Hence, let's make enumeration optional.
* userdb: fix dlopen callZbigniew Jędrzejewski-Szmek2020-07-091-1/+1
| | | | | The call would always fail with: systemd-userwork[780]: Failed to dlopen(libnss_systemd.so.2), ignoring: /usr/lib64libnss_systemd.so.2: cannot open shared object file: No such file or directory
* Merge pull request #16238 from keszybz/set-handling-moreZbigniew Jędrzejewski-Szmek2020-06-241-7/+1
|\ | | | | Fix handling of cases where a duplicate item is added to a set and related cleanups
| * tree-wide: use set_ensure_consume() in various placesZbigniew Jędrzejewski-Szmek2020-06-241-3/+1
| | | | | | | | No funtional change.
| * tree-wide: use set_ensure_put()Zbigniew Jędrzejewski-Szmek2020-06-221-5/+1
| | | | | | | | | | | | | | | | | | Patch contains a coccinelle script, but it only works in some cases. Many parts were converted by hand. Note: I did not fix errors in return value handing. This will be done separate to keep the patch comprehensible. No functional change is intended in this patch.
* | userdb: replace recursion lockLennart Poettering2020-06-231-143/+62
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously we'd used the existance of a specific AF_UNIX socket in the abstract namespace as lock for disabling lookup recursions. (for breaking out of the loop: userdb synthesized from nss → nss synthesized from userdb → userdb synthesized from nss → …) I did it like that because it promised to work the same both in static and in dynmically linked environments and is accessible easily from any programming language. However, it has a weakness regarding reuse attacks: the socket is securely hashed (siphash) from the thread ID in combination with the AT_RANDOM secret. Thus it should not be guessable from an attacker in advance. That's only true if a thread takes the lock only once and keeps it forever. However, if a thread takes and releases it multiple times an attacker might monitor that and quickly take the lock after the first iteration for follow-up iterations. It's not a big issue given that userdb (as the primary user for this) never released the lock and we never made the concept a public interface, and it was only included in one release so far, but it's something that deserves fixing. (moreover it's a local DoS only, only permitting to disable native userdb lookups) With this rework the libnss_systemd.so.2 module will now export two additional symbols. These symbols are not used by glibc, but can be used by arbitrary programs: one can be used to disable nss-systemd, the other to check if it is currently disabled. The lock is per-thread. It's slightly less pretty, since it requires people to manually link against C code via dlopen()/dlsym(), but it should work safely without the aforementioned weakness.
* Merge pull request #15377 from poettering/userdb-no-shadowZbigniew Jędrzejewski-Szmek2020-04-111-5/+5
|\ | | | | don't try to access shadow from logind
| * userdb: when doing client-side NSS look-ups optionally avoid shadow look-upsLennart Poettering2020-04-091-5/+5
| |
* | user-util: rework how we validate user namesLennart Poettering2020-04-081-4/+4
|/ | | | | | | | | | | | | | | | | | | | | | | | | This reworks the user validation infrastructure. There are now two modes. In regular mode we are strict and test against a strict set of valid chars. And in "relaxed" mode we just filter out some really obvious, dangerous stuff. i.e. strict is whitelisting what is OK, but "relaxed" is blacklisting what is really not OK. The idea is that we use strict mode whenver we allocate a new user (i.e. in sysusers.d or homed), while "relaxed" mode is when we process users registered elsewhere, (i.e. userdb, logind, …) The requirements on user name validity vary wildly. SSSD thinks its fine to embedd "@" for example, while the suggested NAME_REGEX field on Debian does not even allow uppercase chars… This effectively liberaralizes a lot what we expect from usernames. The code that warns about questionnable user names is now optional and only used at places such as unit file parsing, so that it doesn't show up on every userdb query, but only when processing configuration files that know better. Fixes: #15149 #15090
* Merge pull request #14953 from yuwata/userdb-fix-groupdbYu Watanabe2020-02-271-10/+2
|\ | | | | userdb: make groupdb_all() always set iterator when it returns >= 0
| * userdb: make groupdb_all() always set iterator when it returns >= 0Yu Watanabe2020-02-271-8/+2
| |
| * userdb: drop unnecessary gotoYu Watanabe2020-02-271-2/+0
| |
* | userdb: allow dots in usernameMike Gilbert2020-02-271-4/+4
|/ | | | | | | | | This prevents an error in pam_systemd when logging in. sshd[2623165]: pam_unix(sshd:session): session opened for user tony.stark(uid=10001) by (uid=0) sshd[2623165]: pam_systemd(sshd:session): Failed to get user record: Invalid argument Bug: https://bugs.gentoo.org/708824
* userdb: make userdb_all() always set iterator when it returns >= 0Yu Watanabe2020-02-261-6/+2
| | | | Fixes #14868.
* Various typo fixes and grammar correctionsZbigniew Jędrzejewski-Szmek2020-01-301-1/+1
|
* shared: add internal API for querying JSON user records via varlinkLennart Poettering2020-01-151-0/+1347
This new API can be used in place of NSS by our own internal code if more than the classic UNIX records are needed.
View Lorry Controller Status