#include "utf8.h"
#include "label.h"
#include "fileio-label.h"
+#include "uid-range.h"
typedef enum ItemType {
ADD_USER = 'u',
ADD_GROUP = 'g',
ADD_MEMBER = 'm',
+ ADD_RANGE = 'r',
} ItemType;
typedef struct Item {
ItemType type;
char *uid_path;
char *gid_path;
char *description;
+ char *home;
gid_t gid;
uid_t uid;
static char *arg_root = NULL;
-static const char conf_file_dirs[] =
- "/etc/sysusers.d\0"
- "/run/sysusers.d\0"
- "/usr/local/lib/sysusers.d\0"
- "/usr/lib/sysusers.d\0"
-#ifdef HAVE_SPLIT_USR
- "/lib/sysusers.d\0"
-#endif
- ;
+static const char conf_file_dirs[] = CONF_DIRS_NULSTR("sysusers");
static Hashmap *users = NULL, *groups = NULL;
static Hashmap *todo_uids = NULL, *todo_gids = NULL;
static Hashmap *database_uid = NULL, *database_user = NULL;
static Hashmap *database_gid = NULL, *database_group = NULL;
-static uid_t search_uid = SYSTEM_UID_MAX;
-static gid_t search_gid = SYSTEM_GID_MAX;
+static uid_t search_uid = UID_INVALID;
+static UidRange *uid_range = NULL;
+static unsigned n_uid_range = 0;
#define UID_TO_PTR(u) (ULONG_TO_PTR(u+1))
#define PTR_TO_UID(u) ((uid_t) (PTR_TO_ULONG(u)-1))
if (!f)
return errno == ENOENT ? 0 : -errno;
- r = hashmap_ensure_allocated(&database_user, string_hash_func, string_compare_func);
+ r = hashmap_ensure_allocated(&database_user, &string_hash_ops);
if (r < 0)
return r;
- r = hashmap_ensure_allocated(&database_uid, trivial_hash_func, trivial_compare_func);
+ r = hashmap_ensure_allocated(&database_uid, NULL);
if (r < 0)
return r;
if (!f)
return errno == ENOENT ? 0 : -errno;
- r = hashmap_ensure_allocated(&database_group, string_hash_func, string_compare_func);
+ r = hashmap_ensure_allocated(&database_group, &string_hash_ops);
if (r < 0)
return r;
- r = hashmap_ensure_allocated(&database_gid, trivial_hash_func, trivial_compare_func);
+ r = hashmap_ensure_allocated(&database_gid, NULL);
if (r < 0)
return r;
/* Copy over the access mask */
if (fchmod(fileno(dst), st.st_mode & 07777) < 0)
- log_warning("Failed to change mode on %s: %m", backup);
+ log_warning_errno(errno, "Failed to change mode on %s: %m", backup);
if (fchown(fileno(dst), st.st_uid, st.st_gid)< 0)
- log_warning("Failed to change ownership of %s: %m", backup);
+ log_warning_errno(errno, "Failed to change ownership of %s: %m", backup);
ts[0] = st.st_atim;
ts[1] = st.st_mtim;
- futimens(fileno(dst), ts);
+ if (futimens(fileno(dst), ts) < 0)
+ log_warning_errno(errno, "Failed to fix access and modification time of %s: %m", backup);
if (rename(temp, backup) < 0)
goto fail;
return 0;
}
+static int sync_rights(FILE *from, FILE *to) {
+ struct stat st;
+
+ if (fstat(fileno(from), &st) < 0)
+ return -errno;
+
+ if (fchmod(fileno(to), st.st_mode & 07777) < 0)
+ return -errno;
+
+ if (fchown(fileno(to), st.st_uid, st.st_gid) < 0)
+ return -errno;
+
+ return 0;
+}
+
static int write_files(void) {
_cleanup_fclose_ FILE *passwd = NULL, *group = NULL, *shadow = NULL, *gshadow = NULL;
if (r < 0)
goto finish;
- if (fchmod(fileno(group), 0644) < 0) {
- r = -errno;
- goto finish;
- }
-
original = fopen(group_path, "re");
if (original) {
struct group *gr;
+ r = sync_rights(original, group);
+ if (r < 0)
+ goto finish;
+
errno = 0;
while ((gr = fgetgrent(original))) {
/* Safety checks against name and GID
} else if (errno != ENOENT) {
r = -errno;
goto finish;
+ } else if (fchmod(fileno(group), 0644) < 0) {
+ r = -errno;
+ goto finish;
}
HASHMAP_FOREACH(i, todo_gids, iterator) {
if (r < 0)
goto finish;
- if (fchmod(fileno(gshadow), 0000) < 0) {
- r = -errno;
- goto finish;
- }
-
original = fopen(gshadow_path, "re");
if (original) {
struct sgrp *sg;
+ r = sync_rights(original, gshadow);
+ if (r < 0)
+ goto finish;
+
errno = 0;
while ((sg = fgetsgent(original))) {
} else if (errno != ENOENT) {
r = -errno;
goto finish;
+ } else if (fchmod(fileno(gshadow), 0000) < 0) {
+ r = -errno;
+ goto finish;
}
HASHMAP_FOREACH(i, todo_gids, iterator) {
if (r < 0)
goto finish;
- if (fchmod(fileno(passwd), 0644) < 0) {
- r = -errno;
- goto finish;
- }
-
original = fopen(passwd_path, "re");
if (original) {
struct passwd *pw;
+ r = sync_rights(original, passwd);
+ if (r < 0)
+ goto finish;
+
errno = 0;
while ((pw = fgetpwent(original))) {
} else if (errno != ENOENT) {
r = -errno;
goto finish;
+ } else if (fchmod(fileno(passwd), 0644) < 0) {
+ r = -errno;
+ goto finish;
}
HASHMAP_FOREACH(i, todo_uids, iterator) {
.pw_uid = i->uid,
.pw_gid = i->gid,
.pw_gecos = i->description,
+
+ /* "x" means the password is stored in
+ * the shadow file */
.pw_passwd = (char*) "x",
- };
- /* Initialize the home directory and the shell
- * to nologin, with one exception: for root we
- * patch in something special */
- if (i->uid == 0) {
- n.pw_shell = (char*) "/bin/sh";
- n.pw_dir = (char*) "/root";
- } else {
- n.pw_shell = (char*) "/sbin/nologin";
- n.pw_dir = (char*) "/";
- }
+ /* We default to the root directory as home */
+ .pw_dir = i->home ? i->home : (char*) "/",
+
+ /* Initialize the shell to nologin,
+ * with one exception: for root we
+ * patch in something special */
+ .pw_shell = i->uid == 0 ? (char*) "/bin/sh" : (char*) "/sbin/nologin",
+ };
errno = 0;
if (putpwent(&n, passwd) != 0) {
if (r < 0)
goto finish;
- if (fchmod(fileno(shadow), 0000) < 0) {
- r = -errno;
- goto finish;
- }
-
original = fopen(shadow_path, "re");
if (original) {
struct spwd *sp;
+ r = sync_rights(original, shadow);
+ if (r < 0)
+ goto finish;
+
errno = 0;
while ((sp = fgetspent(original))) {
} else if (errno != ENOENT) {
r = -errno;
goto finish;
+ } else if (fchmod(fileno(shadow), 0000) < 0) {
+ r = -errno;
+ goto finish;
}
lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY);
static int read_id_from_file(Item *i, uid_t *_uid, gid_t *_gid) {
struct stat st;
bool found_uid = false, found_gid = false;
- uid_t uid;
- gid_t gid;
+ uid_t uid = 0;
+ gid_t gid = 0;
assert(i);
i->description = strdup(p->pw_gecos);
return 0;
}
- if (!IN_SET(errno, 0, ENOENT)) {
- log_error("Failed to check if user %s already exists: %m", i->name);
- return -errno;
- }
+ if (!IN_SET(errno, 0, ENOENT))
+ return log_error_errno(errno, "Failed to check if user %s already exists: %m", i->name);
/* And shadow too, just to be sure */
errno = 0;
log_error("User %s already exists in shadow database, but not in user database.", i->name);
return -EBADMSG;
}
- if (!IN_SET(errno, 0, ENOENT)) {
- log_error("Failed to check if user %s already exists in shadow database: %m", i->name);
- return -errno;
- }
+ if (!IN_SET(errno, 0, ENOENT))
+ return log_error_errno(errno, "Failed to check if user %s already exists in shadow database: %m", i->name);
}
/* Try to use the suggested numeric uid */
if (i->uid_set) {
r = uid_is_ok(i->uid, i->name);
- if (r < 0) {
- log_error("Failed to verify uid " UID_FMT ": %s", i->uid, strerror(-r));
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to verify uid " UID_FMT ": %m", i->uid);
if (r == 0) {
log_debug("Suggested user ID " UID_FMT " for %s already used.", i->uid, i->name);
i->uid_set = false;
if (read_id_from_file(i, &c, NULL) > 0) {
- if (c <= 0 || c > SYSTEM_UID_MAX)
+ if (c <= 0 || !uid_range_contains(uid_range, n_uid_range, c))
log_debug("User ID " UID_FMT " of file not suitable for %s.", c, i->name);
else {
r = uid_is_ok(c, i->name);
- if (r < 0) {
- log_error("Failed to verify uid " UID_FMT ": %s", i->uid, strerror(-r));
- return r;
- } else if (r > 0) {
+ if (r < 0)
+ return log_error_errno(r, "Failed to verify uid " UID_FMT ": %m", i->uid);
+ else if (r > 0) {
i->uid = c;
i->uid_set = true;
} else
/* Otherwise try to reuse the group ID */
if (!i->uid_set && i->gid_set) {
r = uid_is_ok((uid_t) i->gid, i->name);
- if (r < 0) {
- log_error("Failed to verify uid " UID_FMT ": %s", i->uid, strerror(-r));
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to verify uid " UID_FMT ": %m", i->uid);
if (r > 0) {
i->uid = (uid_t) i->gid;
i->uid_set = true;
/* And if that didn't work either, let's try to find a free one */
if (!i->uid_set) {
- for (; search_uid > 0; search_uid--) {
-
- r = uid_is_ok(search_uid, i->name);
+ for (;;) {
+ r = uid_range_next_lower(uid_range, n_uid_range, &search_uid);
if (r < 0) {
- log_error("Failed to verify uid " UID_FMT ": %s", i->uid, strerror(-r));
+ log_error("No free user ID available for %s.", i->name);
return r;
- } else if (r > 0)
- break;
- }
+ }
- if (search_uid <= 0) {
- log_error("No free user ID available for %s.", i->name);
- return -E2BIG;
+ r = uid_is_ok(search_uid, i->name);
+ if (r < 0)
+ return log_error_errno(r, "Failed to verify uid " UID_FMT ": %m", i->uid);
+ else if (r > 0)
+ break;
}
i->uid_set = true;
i->uid = search_uid;
-
- search_uid--;
}
- r = hashmap_ensure_allocated(&todo_uids, trivial_hash_func, trivial_compare_func);
+ r = hashmap_ensure_allocated(&todo_uids, NULL);
if (r < 0)
return log_oom();
i->gid_set = true;
return 0;
}
- if (!IN_SET(errno, 0, ENOENT)) {
- log_error("Failed to check if group %s already exists: %m", i->name);
- return -errno;
- }
+ if (!IN_SET(errno, 0, ENOENT))
+ return log_error_errno(errno, "Failed to check if group %s already exists: %m", i->name);
}
/* Try to use the suggested numeric gid */
if (i->gid_set) {
r = gid_is_ok(i->gid);
- if (r < 0) {
- log_error("Failed to verify gid " GID_FMT ": %s", i->gid, strerror(-r));
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to verify gid " GID_FMT ": %m", i->gid);
if (r == 0) {
log_debug("Suggested group ID " GID_FMT " for %s already used.", i->gid, i->name);
i->gid_set = false;
/* Try to reuse the numeric uid, if there's one */
if (!i->gid_set && i->uid_set) {
r = gid_is_ok((gid_t) i->uid);
- if (r < 0) {
- log_error("Failed to verify gid " GID_FMT ": %s", i->gid, strerror(-r));
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to verify gid " GID_FMT ": %m", i->gid);
if (r > 0) {
i->gid = (gid_t) i->uid;
i->gid_set = true;
if (read_id_from_file(i, NULL, &c) > 0) {
- if (c <= 0 || c > SYSTEM_GID_MAX)
+ if (c <= 0 || !uid_range_contains(uid_range, n_uid_range, c))
log_debug("Group ID " GID_FMT " of file not suitable for %s.", c, i->name);
else {
r = gid_is_ok(c);
- if (r < 0) {
- log_error("Failed to verify gid " GID_FMT ": %s", i->gid, strerror(-r));
- return r;
- } else if (r > 0) {
+ if (r < 0)
+ return log_error_errno(r, "Failed to verify gid " GID_FMT ": %m", i->gid);
+ else if (r > 0) {
i->gid = c;
i->gid_set = true;
} else
/* And if that didn't work either, let's try to find a free one */
if (!i->gid_set) {
- for (; search_gid > 0; search_gid--) {
- r = gid_is_ok(search_gid);
+ for (;;) {
+ /* We look for new GIDs in the UID pool! */
+ r = uid_range_next_lower(uid_range, n_uid_range, &search_uid);
if (r < 0) {
- log_error("Failed to verify gid " GID_FMT ": %s", i->gid, strerror(-r));
+ log_error("No free group ID available for %s.", i->name);
return r;
- } else if (r > 0)
- break;
- }
+ }
- if (search_gid <= 0) {
- log_error("No free group ID available for %s.", i->name);
- return -E2BIG;
+ r = gid_is_ok(search_uid);
+ if (r < 0)
+ return log_error_errno(r, "Failed to verify gid " GID_FMT ": %m", i->gid);
+ else if (r > 0)
+ break;
}
i->gid_set = true;
- i->gid = search_gid;
-
- search_gid--;
+ i->gid = search_uid;
}
- r = hashmap_ensure_allocated(&todo_gids, trivial_hash_func, trivial_compare_func);
+ r = hashmap_ensure_allocated(&todo_gids, NULL);
if (r < 0)
return log_oom();
if (!i) {
_cleanup_(item_freep) Item *j = NULL;
- r = hashmap_ensure_allocated(&groups, string_hash_func, string_compare_func);
+ r = hashmap_ensure_allocated(&groups, &string_hash_ops);
if (r < 0)
return log_oom();
if (!i) {
_cleanup_(item_freep) Item *j = NULL;
- r = hashmap_ensure_allocated(&users, string_hash_func, string_compare_func);
+ r = hashmap_ensure_allocated(&users, &string_hash_ops);
if (r < 0)
return log_oom();
if (a->gid_set && a->gid != b->gid)
return false;
+ if (!streq_ptr(a->home, b->home))
+ return false;
+
return true;
}
static bool valid_gecos(const char *d) {
+ if (!d)
+ return false;
+
if (!utf8_is_valid(d))
return false;
return true;
}
+static bool valid_home(const char *p) {
+
+ if (isempty(p))
+ return false;
+
+ if (!utf8_is_valid(p))
+ return false;
+
+ if (string_has_cc(p, NULL))
+ return false;
+
+ if (!path_is_absolute(p))
+ return false;
+
+ if (!path_is_safe(p))
+ return false;
+
+ /* Colons are used as field separators, and hence not OK */
+ if (strchr(p, ':'))
+ return false;
+
+ return true;
+}
+
static int parse_line(const char *fname, unsigned line, const char *buffer) {
static const Specifier specifier_table[] = {
{}
};
- _cleanup_free_ char *action = NULL, *name = NULL, *id = NULL, *resolved_name = NULL;
+ _cleanup_free_ char *action = NULL, *name = NULL, *id = NULL, *resolved_name = NULL, *resolved_id = NULL, *description = NULL, *home = NULL;
_cleanup_(item_freep) Item *i = NULL;
Item *existing;
Hashmap *h;
- int r, n = -1;
+ int r;
+ const char *p;
assert(fname);
assert(line >= 1);
assert(buffer);
- r = sscanf(buffer,
- "%ms %ms %ms %n",
- &action,
- &name,
- &id,
- &n);
- if (r < 2) {
+ /* Parse columns */
+ p = buffer;
+ r = unquote_many_words(&p, &action, &name, &id, &description, &home, NULL);
+ if (r < 0) {
log_error("[%s:%u] Syntax error.", fname, line);
- return -EIO;
+ return r;
+ }
+ if (r < 2) {
+ log_error("[%s:%u] Missing action and name columns.", fname, line);
+ return -EINVAL;
+ }
+ if (*p != 0) {
+ log_error("[%s:%u] Trailing garbage.", fname, line);
+ return -EINVAL;
}
+ /* Verify action */
if (strlen(action) != 1) {
log_error("[%s:%u] Unknown modifier '%s'", fname, line, action);
return -EINVAL;
}
- if (!IN_SET(action[0], ADD_USER, ADD_GROUP, ADD_MEMBER)) {
+ if (!IN_SET(action[0], ADD_USER, ADD_GROUP, ADD_MEMBER, ADD_RANGE)) {
log_error("[%s:%u] Unknown command command type '%c'.", fname, line, action[0]);
return -EBADMSG;
}
- r = specifier_printf(name, specifier_table, NULL, &resolved_name);
- if (r < 0) {
- log_error("[%s:%u] Failed to replace specifiers: %s", fname, line, name);
- return r;
+ /* Verify name */
+ if (isempty(name) || streq(name, "-")) {
+ free(name);
+ name = NULL;
}
- if (!valid_user_group_name(resolved_name)) {
- log_error("[%s:%u] '%s' is not a valid user or group name.", fname, line, resolved_name);
- return -EINVAL;
+ if (name) {
+ r = specifier_printf(name, specifier_table, NULL, &resolved_name);
+ if (r < 0) {
+ log_error("[%s:%u] Failed to replace specifiers: %s", fname, line, name);
+ return r;
+ }
+
+ if (!valid_user_group_name(resolved_name)) {
+ log_error("[%s:%u] '%s' is not a valid user or group name.", fname, line, resolved_name);
+ return -EINVAL;
+ }
+ }
+
+ /* Verify id */
+ if (isempty(id) || streq(id, "-")) {
+ free(id);
+ id = NULL;
+ }
+
+ if (id) {
+ r = specifier_printf(id, specifier_table, NULL, &resolved_id);
+ if (r < 0) {
+ log_error("[%s:%u] Failed to replace specifiers: %s", fname, line, name);
+ return r;
+ }
}
- if (n >= 0) {
- n += strspn(buffer+n, WHITESPACE);
+ /* Verify description */
+ if (isempty(description) || streq(description, "-")) {
+ free(description);
+ description = NULL;
+ }
- if (STR_IN_SET(buffer + n, "", "-"))
- n = -1;
+ if (description) {
+ if (!valid_gecos(description)) {
+ log_error("[%s:%u] '%s' is not a valid GECOS field.", fname, line, description);
+ return -EINVAL;
+ }
+ }
+
+ /* Verify home */
+ if (isempty(home) || streq(home, "-")) {
+ free(home);
+ home = NULL;
+ }
+
+ if (home) {
+ if (!valid_home(home)) {
+ log_error("[%s:%u] '%s' is not a valid home directory field.", fname, line, home);
+ return -EINVAL;
+ }
}
switch (action[0]) {
- case ADD_MEMBER: {
- _cleanup_free_ char *resolved_id = NULL;
- char **l;
+ case ADD_RANGE:
+ if (resolved_name) {
+ log_error("[%s:%u] Lines of type 'r' don't take a name field.", fname, line);
+ return -EINVAL;
+ }
- r = hashmap_ensure_allocated(&members, string_hash_func, string_compare_func);
- if (r < 0)
- return log_oom();
+ if (!resolved_id) {
+ log_error("[%s:%u] Lines of type 'r' require a ID range in the third field.", fname, line);
+ return -EINVAL;
+ }
- /* Try to extend an existing member or group item */
+ if (description) {
+ log_error("[%s:%u] Lines of type 'r' don't take a GECOS field.", fname, line);
+ return -EINVAL;
+ }
- if (!id || streq(id, "-")) {
- log_error("[%s:%u] Lines of type 'm' require a group name in the third field.", fname, line);
+ if (home) {
+ log_error("[%s:%u] Lines of type 'r' don't take a home directory field.", fname, line);
return -EINVAL;
}
- r = specifier_printf(id, specifier_table, NULL, &resolved_id);
+ r = uid_range_add_str(&uid_range, &n_uid_range, resolved_id);
if (r < 0) {
- log_error("[%s:%u] Failed to replace specifiers: %s", fname, line, name);
- return r;
+ log_error("[%s:%u] Invalid UID range %s.", fname, line, resolved_id);
+ return -EINVAL;
+ }
+
+ return 0;
+
+ case ADD_MEMBER: {
+ char **l;
+
+ /* Try to extend an existing member or group item */
+ if (!name) {
+ log_error("[%s:%u] Lines of type 'm' require a user name in the second field.", fname, line);
+ return -EINVAL;
+ }
+
+ if (!resolved_id) {
+ log_error("[%s:%u] Lines of type 'm' require a group name in the third field.", fname, line);
+ return -EINVAL;
}
if (!valid_user_group_name(resolved_id)) {
return -EINVAL;
}
- if (n >= 0) {
+ if (description) {
log_error("[%s:%u] Lines of type 'm' don't take a GECOS field.", fname, line);
return -EINVAL;
}
+ if (home) {
+ log_error("[%s:%u] Lines of type 'm' don't take a home directory field.", fname, line);
+ return -EINVAL;
+ }
+
+ r = hashmap_ensure_allocated(&members, &string_hash_ops);
+ if (r < 0)
+ return log_oom();
+
l = hashmap_get(members, resolved_id);
if (l) {
/* A list for this group name already exists, let's append to it */
}
case ADD_USER:
- r = hashmap_ensure_allocated(&users, string_hash_func, string_compare_func);
+ if (!name) {
+ log_error("[%s:%u] Lines of type 'u' require a user name in the second field.", fname, line);
+ return -EINVAL;
+ }
+
+ r = hashmap_ensure_allocated(&users, &string_hash_ops);
if (r < 0)
return log_oom();
if (!i)
return log_oom();
- if (id && !streq(id, "-")) {
-
- if (path_is_absolute(id)) {
- i->uid_path = strdup(id);
- if (!i->uid_path)
- return log_oom();
+ if (resolved_id) {
+ if (path_is_absolute(resolved_id)) {
+ i->uid_path = resolved_id;
+ resolved_id = NULL;
path_kill_slashes(i->uid_path);
-
} else {
- r = parse_uid(id, &i->uid);
+ r = parse_uid(resolved_id, &i->uid);
if (r < 0) {
log_error("Failed to parse UID: %s", id);
return -EBADMSG;
}
}
- if (n >= 0) {
- i->description = unquote(buffer+n, "\"");
- if (!i->description)
- return log_oom();
+ i->description = description;
+ description = NULL;
- if (!valid_gecos(i->description)) {
- log_error("[%s:%u] '%s' is not a valid GECOS field.", fname, line, i->description);
- return -EINVAL;
- }
- }
+ i->home = home;
+ home = NULL;
h = users;
break;
case ADD_GROUP:
- r = hashmap_ensure_allocated(&groups, string_hash_func, string_compare_func);
- if (r < 0)
- return log_oom();
+ if (!name) {
+ log_error("[%s:%u] Lines of type 'g' require a user name in the second field.", fname, line);
+ return -EINVAL;
+ }
- if (n >= 0) {
+ if (description) {
log_error("[%s:%u] Lines of type 'g' don't take a GECOS field.", fname, line);
return -EINVAL;
}
+ if (home) {
+ log_error("[%s:%u] Lines of type 'g' don't take a home directory field.", fname, line);
+ return -EINVAL;
+ }
+
+ r = hashmap_ensure_allocated(&groups, &string_hash_ops);
+ if (r < 0)
+ return log_oom();
+
i = new0(Item, 1);
if (!i)
return log_oom();
- if (id && !streq(id, "-")) {
-
- if (path_is_absolute(id)) {
- i->gid_path = strdup(id);
- if (!i->gid_path)
- return log_oom();
+ if (resolved_id) {
+ if (path_is_absolute(resolved_id)) {
+ i->gid_path = resolved_id;
+ resolved_id = NULL;
path_kill_slashes(i->gid_path);
} else {
- r = parse_gid(id, &i->gid);
+ r = parse_gid(resolved_id, &i->gid);
if (r < 0) {
log_error("Failed to parse GID: %s", id);
return -EBADMSG;
}
}
-
h = groups;
break;
+
default:
return -EBADMSG;
}
}
static int read_config_file(const char *fn, bool ignore_enoent) {
- _cleanup_fclose_ FILE *f = NULL;
+ _cleanup_fclose_ FILE *rf = NULL;
+ FILE *f = NULL;
char line[LINE_MAX];
unsigned v = 0;
- int r;
+ int r = 0;
assert(fn);
- r = search_and_fopen_nulstr(fn, "re", arg_root, conf_file_dirs, &f);
- if (r < 0) {
- if (ignore_enoent && r == -ENOENT)
- return 0;
+ if (streq(fn, "-"))
+ f = stdin;
+ else {
+ r = search_and_fopen_nulstr(fn, "re", arg_root, conf_file_dirs, &rf);
+ if (r < 0) {
+ if (ignore_enoent && r == -ENOENT)
+ return 0;
- log_error("Failed to open '%s', ignoring: %s", fn, strerror(-r));
- return r;
+ return log_error_errno(r, "Failed to open '%s', ignoring: %m", fn);
+ }
+
+ f = rf;
}
FOREACH_LINE(line, f, break) {
}
if (ferror(f)) {
- log_error("Failed to read from file %s: %m", fn);
+ log_error_errno(errno, "Failed to read from file %s: %m", fn);
if (r == 0)
r = -EIO;
}
umask(0022);
- r = label_init(NULL);
+ r = mac_selinux_init(NULL);
if (r < 0) {
- log_error("SELinux setup failed: %s", strerror(-r));
+ log_error_errno(r, "SELinux setup failed: %m");
goto finish;
}
r = conf_files_list_nulstr(&files, ".conf", arg_root, conf_file_dirs);
if (r < 0) {
- log_error("Failed to enumerate sysusers.d files: %s", strerror(-r));
+ log_error_errno(r, "Failed to enumerate sysusers.d files: %m");
goto finish;
}
}
}
+ if (!uid_range) {
+ /* Default to default range of 1..SYSTEMD_UID_MAX */
+ r = uid_range_add(&uid_range, &n_uid_range, 1, SYSTEM_UID_MAX);
+ if (r < 0) {
+ log_oom();
+ goto finish;
+ }
+ }
+
r = add_implicit();
if (r < 0)
goto finish;
lock = take_password_lock(arg_root);
if (lock < 0) {
- log_error("Failed to take lock: %s", strerror(-lock));
+ log_error_errno(lock, "Failed to take lock: %m");
goto finish;
}
r = load_user_database();
if (r < 0) {
- log_error("Failed to load user database: %s", strerror(-r));
+ log_error_errno(r, "Failed to load user database: %m");
goto finish;
}
r = load_group_database();
if (r < 0) {
- log_error("Failed to read group database: %s", strerror(-r));
+ log_error_errno(r, "Failed to read group database: %m");
goto finish;
}
r = write_files();
if (r < 0)
- log_error("Failed to write files: %s", strerror(-r));
+ log_error_errno(r, "Failed to write files: %m");
finish:
while ((i = hashmap_steal_first(groups)))