summaryrefslogtreecommitdiff
path: root/src/userdb
Commit message (Collapse)AuthorAgeFilesLines
* tree-wide: reset optind to 0 when GNU extensions in optstring are usedYu Watanabe2023-03-291-0/+4
| | | | | | | | | | Otherwise, if getopt() and friends are used before parse_argv(), then the GNU extensions may be ignored. This should not change any behavior at least now, as we usually use getopt_long() only once per invocation. But in the next commit, getopt_long() will be used for other arrays, hence this change will become necessary.
* userdbctl: flush stdout before running the chain commandFrantisek Sumsal2023-03-241-0/+1
| | | | | | | | | | | Otherwise it's quite difficult to capture the entire output: $ userdbctl ssh-authorized-keys dropinuser --chain /bin/echo hello ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA//dxI2xLg4MgxIKKZv1nqwTEIlE/fdakii2Fb75pG+ foo@bar.tld ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMlaqG2rTMje5CQnfjXJKmoSpEVJ2gWtx4jBvsQbmee2XbU/Qdq5+SRisssR9zVuxgg5NA5fv08MgjwJQMm+csc= hello@world.tld hello $ userdbctl ssh-authorized-keys dropinuser --chain /bin/echo hello | tee hello
* userdbctl: don't show legend when dumping JSON with servicesFrantisek Sumsal2023-03-241-1/+1
|
* userdbd: make static const what we can make soLennart Poettering2023-03-151-1/+1
|
* userdbd: rework to use sd_event_add_child() instead of manual SIGCHLDLennart Poettering2023-03-151-50/+32
| | | | | | | Let's modernize userdbd furzer, and use the common child handling we nowadays have in sd-event, instead of rolling our own. This also means we'll start using pidfds where we can.
* userdbd: make use of FORK_CLOSE_ALL_FDS + FORK_REOPEN_LOG where we canLennart Poettering2023-03-151-11/+6
|
* userdbd: modernize signal handlingLennart Poettering2023-03-153-16/+8
| | | | | | | | | Let's make use of SD_EVENT_SIGNAL_PROCMASK so that we don't have to mask the signals manually. Let's use sd_event_set_exit_signal() instead of rolling our own SIGTERM/SIGINT handling. Let's use "floating" event sources instead of keeping references on our own. Let's also debug log if we can't enable watchdog handling.
* userbd: manager doesn't actually use varlink, only workers doLennart Poettering2023-03-131-1/+0
|
* userdbd: hook up memory pressure and sigrtmin18Lennart Poettering2023-03-012-1/+10
|
* meson: Do not include headers in source listsJan Janssen2023-01-241-1/+0
| | | | | | Meson+ninja+compiler do this for us and are better at it. https://mesonbuild.com/FAQ.html#do-i-need-to-add-my-headers-to-the-sources-list-like-in-autotools
* tree-wide: use -EBADF for fd initializationZbigniew Jędrzejewski-Szmek2022-12-193-3/+3
| | | | | | | | | | | | | | | | -1 was used everywhere, but -EBADF or -EBADFD started being used in various places. Let's make things consistent in the new style. Note that there are two candidates: EBADF 9 Bad file descriptor EBADFD 77 File descriptor in bad state Since we're initializating the fd, we're just assigning a value that means "no fd yet", so it's just a bad file descriptor, and the first errno fits better. If instead we had a valid file descriptor that became invalid because of some operation or state change, the other errno would fit better. In some places, initialization is dropped if unnecessary.
* treewide: drop "RUN_" from "RUN_WITH_UMASK"Zbigniew Jędrzejewski-Szmek2022-12-131-1/+1
| | | | | | RUN_WITH_UMASK was initially conceived for spawning externals progs with the umask set. But nowadays we use it various syscalls and stuff that doesn't "run" anything, so the "RUN_" prefix has outlived its usefulness.
* basic: move version() to build.h+cZbigniew Jędrzejewski-Szmek2022-11-081-0/+1
|
* tree-wide: replace "plural(s)" by "plurals"Zbigniew Jędrzejewski-Szmek2022-10-171-2/+2
| | | | | | | | (s) is just ugly with a vibe of DOS. In most cases just using the normal plural form is more natural and gramatically correct. There are some log_debug() statements left, and texts in foreign licenses or headers. Those are not touched on purpose.
* shared/format-table: use enum instead of Table.empty_stringZbigniew Jędrzejewski-Szmek2022-09-221-2/+2
| | | | | | | | | | | | All users were setting this to some static string (usually "-"), so let's simplify things by not doing strdup, but instead limiting callers to a fixed set of values. In preparation for the next commit, the function is renamed from "empty" to "replacement", because it'll be used for more than empty fields. I didn't do the whole string-table setup, because it's all used internally in one file and this way we can immediately assert if an invalid value is passed in. Some callers were (void)ing the error, others were ignoring it, and others propagating. It's nicer to remove the boilerplate.
* uid-range: tie up number and array of uid range entriesYu Watanabe2022-09-161-29/+19
| | | | | | This renames UidRange -> UidRangeEntry, and reintroduces UidRange which contains the array of UidRangeEntry and its size. No fucntional changes, just refactoring.
* userdbctl: fix arrow directionYu Watanabe2022-09-161-4/+4
|
* userdbctl: do not show meaningless boundaries when no uid range availableYu Watanabe2022-09-161-4/+2
|
* tree-wide: use ASSERT_PTR moreDavid Tardon2022-09-131-4/+2
|
* userwork: use a better errno valueZbigniew Jędrzejewski-Szmek2022-06-021-1/+1
| | | | ESRCH is literally "No such process".
* various: add %m in messagesZbigniew Jędrzejewski-Szmek2022-06-021-1/+1
| | | | | Sometimes we want to suppress strerror() message because the are providing something better. But in those cases, it seems it was just forgotten.
* tree-wide: port various users over to connect_unix_path()Lennart Poettering2022-05-141-9/+3
| | | | Let's make use of our new helper, and thus allow longer paths.
* userdb: fix error handlingYu Watanabe2022-05-131-1/+1
|
* userdbctl: initialize parameter `n` for uid_range_load_userns()Thomas Weißschuh2022-05-061-2/+2
| | | | | | | uid_range_load_userns() dereferences the n parameter. Passing unitialized memory may lead to crashes, for example with version 251rc2-1 on ArchLinux.
* userdbctl: also show available UID range in current usernsLennart Poettering2022-04-011-14/+206
| | | | | | | | | | | | | Containers generally have a smaller UID range assigned than host systems. Let's visualize this in the user/group tables. We insert markers for unavailable regions. This way display is identical to status quo ante on host systems, but in containers unavailable ranges will be shown as that. And while we are at it, also hide well-known UID ranges when they are outside of userns uid_map range. This is mostly about the "container" range. It's pointless showing the cotnainer range (i.e. a range UID > 65535) if that range isn#t available in the container anyway.
* strv: make iterator in STRV_FOREACH() declaread in the loopYu Watanabe2022-03-191-17/+7
| | | | This also avoids multiple evaluations in STRV_FOREACH_BACKWARDS()
* time-util: add macros around timespec_store() that operates on compund ↵Lennart Poettering2022-03-181-2/+1
| | | | | | | | literal allocated timespec struct This way we can convert usec_t to timespec on-the-fly, without a buffer. No actual behaviour change just some shortening of code.
* meson: move files' closing brace to separate lineZbigniew Jędrzejewski-Szmek2022-03-031-1/+2
|
* meson: do not use split() in file listsZbigniew Jędrzejewski-Szmek2022-03-021-11/+6
| | | | | | | | | | | The approach to use '''…'''.split() instead of a list of strings was initially used when converting from automake because it allowed identical blocks of lines to be used for both, making the conversion easier. But over the years we have been using normal lists more and more, especially when there were just a few filenames listed. This converts the rest. No functional change.
* userdbctl: add a dash of color to users of different dispositionsLennart Poettering2022-02-161-4/+37
|
* userdbctl: show min/max UID boundaries in userdbctl outputLennart Poettering2022-02-161-12/+198
|
* Define FOREACH_DIRENT through FOREACH_DIRENT_ALLZbigniew Jędrzejewski-Szmek2021-12-151-1/+0
| | | | As in the previous commit, 'de' is used as the iterator variable name.
* tree-wide: use new RET_NERRNO() helper at various placesLennart Poettering2021-11-161-5/+1
|
* userdbctl: add support for chaining command lines in "authorized-keys" verbLennart Poettering2021-11-111-16/+79
|
* userwork: make sure to return correct errors when service is not specified ↵Lennart Poettering2021-11-081-4/+4
| | | | | | correctly Fixes: #21215 #21222
* userdbctl: always show summary after printing table (unless legend is off)Lennart Poettering2021-11-081-15/+46
| | | | | We do this in many (most?) other tools, do so here too. It's quite useful info to count users/groups/…
* userdbctl: add a switch for explicitly enabling/disabling multiplexer-based ↵Lennart Poettering2021-11-081-0/+11
| | | | | | lookups This is incredibly useful for debugging.
* userdbctl: make JSON output mode details configurable like in the other toolsLennart Poettering2021-11-081-20/+35
| | | | | Let's add --json= with the same parser as in the other tools, and honour it.
* userdbctl: explicitly handle ESRCH/ENOLINK from userdb_all()Lennart Poettering2021-11-081-49/+63
| | | | | | | Similar in style to previous commit, let's handle these two errors properly, i.e. as equivalent to no entries found. Let's debug log about them, to make things either to deal with when debugging (after all userdbctl to a large degree are debugging tools).
* userwork: properly handle ENOLINK error from lower-level userdb codeLennart Poettering2021-11-081-0/+12
| | | | | | | | | | | | | The lower-level userdb code will return ENOLINK if varlink lookups are disabled explicitly and we couldn#t find an answer any other way. Let's not propagate this to clients, since they don't have control over this feature anyway: we decide internally when to disable varlink lookups (e.g. if DropIn lookups are requested we disable them) and to the client side that should not be visible: if we can't find a record with the flags we pick then we should report then we can't find any, and that's it. Fixes: #21223
* Make pager_open() return voidZbigniew Jędrzejewski-Szmek2021-11-031-1/+1
|
* userdb: fix type to pass to connect()Yu Watanabe2021-10-161-1/+1
| | | | Fixes https://github.com/systemd/systemd/pull/20613#issuecomment-944621275.
* userdb: fix if-else to allow NameServiceSwitch lookupsDan Streetman2021-09-221-1/+1
| | | | Fixes: #20809. Bug introduced in 8fbb1941f1a8c3d9eda920891b2b51a67f2a2375
* tree-wide: mark set-but-not-used variables as unused to make LLVM happyFrantisek Sumsal2021-09-151-1/+1
| | | | | | | | | | | | | | LLVM 13 introduced `-Wunused-but-set-variable` diagnostic flag, which trips over some intentionally set-but-not-used variables or variables attached to cleanup handlers with side effects (`_cleanup_umask_`, `_cleanup_(notify_on_cleanup)`, `_cleanup_(restore_sigsetp)`, etc.): ``` ../src/basic/process-util.c:1257:46: error: variable 'saved_ssp' set but not used [-Werror,-Wunused-but-set-variable] _cleanup_(restore_sigsetp) sigset_t *saved_ssp = NULL; ^ 1 error generated. ```
* tree-wide: port everything over to new sd-id128 compund literal blissLennart Poettering2021-08-201-3/+2
|
* Drop the text argument from assert_not_reached()Zbigniew Jędrzejewski-Szmek2021-08-031-5/+5
| | | | | | | | | | | | | | | | | In general we almost never hit those asserts in production code, so users see them very rarely, if ever. But either way, we just need something that users can pass to the developers. We have quite a few of those asserts, and some have fairly nice messages, but many are like "WTF?" or "???" or "unexpected something". The error that is printed includes the file location, and function name. In almost all functions there's at most one assert, so the function name alone is enough to identify the failure for a developer. So we don't get much extra from the message, and we might just as well drop them. Dropping them makes our code a tiny bit smaller, and most importantly, improves development experience by making it easy to insert such an assert in the code without thinking how to phrase the argument.
* tree-wide: add FORMAT_TIMESPAN()Zbigniew Jędrzejewski-Szmek2021-07-091-4/+2
|
* userdb: make most loading of JSON user record data "permissive"Lennart Poettering2021-06-011-2/+2
| | | | | | | | | | | | | We want user records to be extensible, hence we shouldn't complain about fields we can't parse. In particular we want them to be extensible for our own future extensions. Some code already turned the permissive flag when parsing the JSON data, but most did not. Fix that. A few select cases remain where the bit is not set: where we just gnerated the JSON data ourselves, and thus can be reasonably sure that if we can't parse it it's our immediate programming error and not just us processing a user record from some other tool or a newer version of ourselves.
* userdbctl: add two new switches --with-dropin=/--with-varlink=Lennart Poettering2021-05-101-8/+30
| | | | | These directly correspond to the underlying flags. They are useful for testing.
* userdbd: also listen on a varlink socket io.systemd.DropInLennart Poettering2021-05-103-2/+12
| | | | | Let's explicitly support looking things up via dropin as a varlink service.
View Lorry Controller Status