projects / systemd.git / blame
| Commit | Line | Data |
|---|---|---|
| a032b68d | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
| db2df898 MP |
2 | #pragma once |
| 3 | ||
| b012e921 | 4 | #include <grp.h> |
| 6e866b33 | 5 | #if ENABLE_GSHADOW |
| a032b68d | 6 | # include <gshadow.h> |
| 6e866b33 | 7 | #endif |
| b012e921 MB |
8 | #include <pwd.h> |
| 9 | #include <shadow.h> | |
| db2df898 | 10 | #include <stdbool.h> |
| 8a584da2 | 11 | #include <stdint.h> |
| 4c89c718 | 12 | #include <sys/types.h> |
| aa27b158 | 13 | #include <unistd.h> |
| db2df898 MP |
14 | |
| 15 | bool uid_is_valid(uid_t uid); | |
| 16 | ||
| 17 | static inline bool gid_is_valid(gid_t gid) { | |
| 18 | return uid_is_valid((uid_t) gid); | |
| 19 | } | |
| 20 | ||
| 21 | int parse_uid(const char *s, uid_t* ret_uid); | |
| 46cdbd49 | 22 | int parse_uid_range(const char *s, uid_t *ret_lower, uid_t *ret_upper); |
| db2df898 MP |
23 | |
| 24 | static inline int parse_gid(const char *s, gid_t *ret_gid) { | |
| 25 | return parse_uid(s, (uid_t*) ret_gid); | |
| 26 | } | |
| 27 | ||
| 28 | char* getlogname_malloc(void); | |
| 29 | char* getusername_malloc(void); | |
| 30 | ||
| 6e866b33 MB |
31 | typedef enum UserCredsFlags { |
| 32 | USER_CREDS_PREFER_NSS = 1 << 0, /* if set, only synthesize user records if database lacks them. Normally we bypass the userdb entirely for the records we can synthesize */ | |
| 33 | USER_CREDS_ALLOW_MISSING = 1 << 1, /* if a numeric UID string is resolved, be OK if there's no record for it */ | |
| 34 | USER_CREDS_CLEAN = 1 << 2, /* try to clean up shell and home fields with invalid data */ | |
| 35 | } UserCredsFlags; | |
| 36 | ||
| 37 | int get_user_creds(const char **username, uid_t *uid, gid_t *gid, const char **home, const char **shell, UserCredsFlags flags); | |
| 38 | int get_group_creds(const char **groupname, gid_t *gid, UserCredsFlags flags); | |
| db2df898 MP |
39 | |
| 40 | char* uid_to_name(uid_t uid); | |
| 41 | char* gid_to_name(gid_t gid); | |
| 42 | ||
| 43 | int in_gid(gid_t gid); | |
| 44 | int in_group(const char *name); | |
| 45 | ||
| 46cdbd49 BR |
46 | int merge_gid_lists(const gid_t *list1, size_t size1, const gid_t *list2, size_t size2, gid_t **result); |
| 47 | int getgroups_alloc(gid_t** gids); | |
| 48 | ||
| db2df898 MP |
49 | int get_home_dir(char **ret); |
| 50 | int get_shell(char **_ret); | |
| 51 | ||
| 52 | int reset_uid_gid(void); | |
| 53 | ||
| 54 | int take_etc_passwd_lock(const char *root); | |
| 55 | ||
| 56 | #define UID_INVALID ((uid_t) -1) | |
| 57 | #define GID_INVALID ((gid_t) -1) | |
| 58 | ||
| 52ad194e MB |
59 | #define UID_NOBODY ((uid_t) 65534U) |
| 60 | #define GID_NOBODY ((gid_t) 65534U) | |
| 8a584da2 | 61 | |
| 98393f85 MB |
62 | #define ETC_PASSWD_LOCK_PATH "/etc/.pwd.lock" |
| 63 | ||
| 8a584da2 MP |
64 | /* The following macros add 1 when converting things, since UID 0 is a valid UID, while the pointer |
| 65 | * NULL is special */ | |
| db2df898 MP |
66 | #define PTR_TO_UID(p) ((uid_t) (((uintptr_t) (p))-1)) |
| 67 | #define UID_TO_PTR(u) ((void*) (((uintptr_t) (u))+1)) | |
| 68 | ||
| 69 | #define PTR_TO_GID(p) ((gid_t) (((uintptr_t) (p))-1)) | |
| 70 | #define GID_TO_PTR(u) ((void*) (((uintptr_t) (u))+1)) | |
| aa27b158 MP |
71 | |
| 72 | static inline bool userns_supported(void) { | |
| 73 | return access("/proc/self/uid_map", F_OK) >= 0; | |
| 74 | } | |
| 8a584da2 | 75 | |
| d0648cfe MB |
76 | typedef enum ValidUserFlags { |
| 77 | VALID_USER_RELAX = 1 << 0, | |
| 78 | VALID_USER_WARN = 1 << 1, | |
| 79 | VALID_USER_ALLOW_NUMERIC = 1 << 2, | |
| 80 | } ValidUserFlags; | |
| 81 | ||
| 82 | bool valid_user_group_name(const char *u, ValidUserFlags flags); | |
| 8a584da2 | 83 | bool valid_gecos(const char *d); |
| e80c5e53 | 84 | char *mangle_gecos(const char *d); |
| 8a584da2 MP |
85 | bool valid_home(const char *p); |
| 86 | ||
| 98393f85 MB |
87 | static inline bool valid_shell(const char *p) { |
| 88 | /* We have the same requirements, so just piggy-back on the home check. | |
| 89 | * | |
| 90 | * Let's ignore /etc/shells because this is only applicable to real and | |
| 91 | * not system users. It is also incompatible with the idea of empty /etc. | |
| 92 | */ | |
| 93 | return valid_home(p); | |
| 94 | } | |
| 95 | ||
| 8a584da2 | 96 | int maybe_setgroups(size_t size, const gid_t *list); |
| 1d42b86d MB |
97 | |
| 98 | bool synthesize_nobody(void); | |
| b012e921 MB |
99 | |
| 100 | int fgetpwent_sane(FILE *stream, struct passwd **pw); | |
| 101 | int fgetspent_sane(FILE *stream, struct spwd **sp); | |
| 102 | int fgetgrent_sane(FILE *stream, struct group **gr); | |
| 103 | int putpwent_sane(const struct passwd *pw, FILE *stream); | |
| 104 | int putspent_sane(const struct spwd *sp, FILE *stream); | |
| 105 | int putgrent_sane(const struct group *gr, FILE *stream); | |
| 6e866b33 | 106 | #if ENABLE_GSHADOW |
| b012e921 MB |
107 | int fgetsgent_sane(FILE *stream, struct sgrp **sg); |
| 108 | int putsgent_sane(const struct sgrp *sg, FILE *stream); | |
| 109 | #endif | |
| f2dec872 | 110 | |
| 46cdbd49 | 111 | bool is_nologin_shell(const char *shell); |
| 8b3d4ff0 MB |
112 | |
| 113 | int is_this_me(const char *username); | |
| 114 | ||
| 115 | /* A locked *and* invalid password for "struct spwd"'s .sp_pwdp and "struct passwd"'s .pw_passwd field */ | |
| 116 | #define PASSWORD_LOCKED_AND_INVALID "!*" | |
| 117 | ||
| 118 | /* A password indicating "look in shadow file, please!" for "struct passwd"'s .pw_passwd */ | |
| 119 | #define PASSWORD_SEE_SHADOW "x" | |
| 120 | ||
| 121 | /* A password indicating "hey, no password required for login" */ | |
| 122 | #define PASSWORD_NONE "" |