From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 25 Aug 2016 08:24:10 +0000 (+0200)
Subject: execute: move suppression of HOME=/ and SHELL=/bin/nologin into user-util.c
X-Git-Tag: v232.2~75
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=4d1a9dbea12127dd8fd8c0ee9a53b544ef92f6bf;p=elogind.git

execute: move suppression of HOME=/ and SHELL=/bin/nologin into user-util.c

This adds a new call get_user_creds_clean(), which is just like
get_user_creds() but returns NULL in the home/shell parameters if they contain
no useful information. This code previously lived in execute.c, but by
generalizing this we can reuse it in run.c.
---

diff --git a/src/basic/user-util.c b/src/basic/user-util.c
index 2ba5c8575..0d199cf18 100644
--- a/src/basic/user-util.c
+++ b/src/basic/user-util.c
@@ -29,16 +29,19 @@
 #include <string.h>
 #include <sys/stat.h>
 #include <unistd.h>
+#include <utmp.h>
 
-#include "missing.h"
 #include "alloc-util.h"
 #include "fd-util.h"
 #include "formats-util.h"
 #include "macro.h"
+#include "missing.h"
 #include "parse-util.h"
 #include "path-util.h"
 #include "string-util.h"
+#include "strv.h"
 #include "user-util.h"
+#include "utf8.h"
 
 bool uid_is_valid(uid_t uid) {
 
@@ -175,6 +178,35 @@ int get_user_creds(
         return 0;
 }
 
+int get_user_creds_clean(
+                const char **username,
+                uid_t *uid, gid_t *gid,
+                const char **home,
+                const char **shell) {
+
+        int r;
+
+        /* Like get_user_creds(), but resets home/shell to NULL if they don't contain anything relevant. */
+
+        r = get_user_creds(username, uid, gid, home, shell);
+        if (r < 0)
+                return r;
+
+        if (shell &&
+            (isempty(*shell) || PATH_IN_SET(*shell,
+                                            "/bin/nologin",
+                                            "/sbin/nologin",
+                                            "/usr/bin/nologin",
+                                            "/usr/sbin/nologin")))
+                *shell = NULL;
+
+        if (home &&
+            (isempty(*home) || path_equal(*home, "/")))
+                *home = NULL;
+
+        return 0;
+}
+
 int get_group_creds(const char **groupname, gid_t *gid) {
         struct group *g;
         gid_t id;
diff --git a/src/basic/user-util.h b/src/basic/user-util.h
index 1832a5d79..e7add7964 100644
--- a/src/basic/user-util.h
+++ b/src/basic/user-util.h
@@ -42,6 +42,7 @@ char* getusername_malloc(void);
 #endif // 0
 
 int get_user_creds(const char **username, uid_t *uid, gid_t *gid, const char **home, const char **shell);
+int get_user_creds_clean(const char **username, uid_t *uid, gid_t *gid, const char **home, const char **shell);
 int get_group_creds(const char **groupname, gid_t *gid);
 
 char* uid_to_name(uid_t uid);