chiark / gitweb /
sysusers: Preserve ownership and mode on /etc/passwd and friends
[elogind.git] / src / sysusers / sysusers.c
index 514e77e..c133dc5 100644 (file)
@@ -23,7 +23,9 @@
 #include <pwd.h>
 #include <grp.h>
 #include <shadow.h>
+#include <gshadow.h>
 #include <getopt.h>
+#include <utmp.h>
 
 #include "util.h"
 #include "hashmap.h"
 #include "conf-files.h"
 #include "copy.h"
 #include "utf8.h"
+#include "label.h"
+#include "fileio-label.h"
+#include "uid-range.h"
 
 typedef enum ItemType {
         ADD_USER = 'u',
         ADD_GROUP = 'g',
+        ADD_MEMBER = 'm',
+        ADD_RANGE = 'r',
 } ItemType;
 typedef struct Item {
         ItemType type;
@@ -46,6 +53,7 @@ typedef struct Item {
         char *uid_path;
         char *gid_path;
         char *description;
+        char *home;
 
         gid_t gid;
         uid_t uid;
@@ -60,6 +68,8 @@ typedef struct Item {
 static char *arg_root = NULL;
 
 static const char conf_file_dirs[] =
+        "/etc/sysusers.d\0"
+        "/run/sysusers.d\0"
         "/usr/local/lib/sysusers.d\0"
         "/usr/lib/sysusers.d\0"
 #ifdef HAVE_SPLIT_USR
@@ -69,12 +79,14 @@ static const char conf_file_dirs[] =
 
 static Hashmap *users = NULL, *groups = NULL;
 static Hashmap *todo_uids = NULL, *todo_gids = NULL;
+static Hashmap *members = NULL;
 
 static Hashmap *database_uid = NULL, *database_user = NULL;
 static Hashmap *database_gid = NULL, *database_group = NULL;
 
-static uid_t search_uid = SYSTEM_UID_MAX;
-static gid_t search_gid = SYSTEM_GID_MAX;
+static uid_t search_uid = (uid_t) -1;
+static UidRange *uid_range = NULL;
+static unsigned n_uid_range = 0;
 
 #define UID_TO_PTR(u) (ULONG_TO_PTR(u+1))
 #define PTR_TO_UID(u) ((uid_t) (PTR_TO_ULONG(u)-1))
@@ -95,11 +107,11 @@ static int load_user_database(void) {
         if (!f)
                 return errno == ENOENT ? 0 : -errno;
 
-        r = hashmap_ensure_allocated(&database_user, string_hash_func, string_compare_func);
+        r = hashmap_ensure_allocated(&database_user, &string_hash_ops);
         if (r < 0)
                 return r;
 
-        r = hashmap_ensure_allocated(&database_uid, trivial_hash_func, trivial_compare_func);
+        r = hashmap_ensure_allocated(&database_uid, NULL);
         if (r < 0)
                 return r;
 
@@ -147,11 +159,11 @@ static int load_group_database(void) {
         if (!f)
                 return errno == ENOENT ? 0 : -errno;
 
-        r = hashmap_ensure_allocated(&database_group, string_hash_func, string_compare_func);
+        r = hashmap_ensure_allocated(&database_group, &string_hash_ops);
         if (r < 0)
                 return r;
 
-        r = hashmap_ensure_allocated(&database_gid, trivial_hash_func, trivial_compare_func);
+        r = hashmap_ensure_allocated(&database_gid, NULL);
         if (r < 0)
                 return r;
 
@@ -188,8 +200,9 @@ static int load_group_database(void) {
         return 0;
 }
 
-static int make_backup(const char *x) {
-        _cleanup_close_ int src = -1, dst = -1;
+static int make_backup(const char *target, const char *x) {
+        _cleanup_close_ int src = -1;
+        _cleanup_fclose_ FILE *dst = NULL;
         char *backup, *temp;
         struct timespec ts[2];
         struct stat st;
@@ -206,30 +219,30 @@ static int make_backup(const char *x) {
         if (fstat(src, &st) < 0)
                 return -errno;
 
-        temp = strappenda(x, ".XXXXXX");
-        dst = mkostemp_safe(temp, O_WRONLY|O_CLOEXEC|O_NOCTTY);
-        if (dst < 0)
-                return dst;
+        r = fopen_temporary_label(target, x, &dst, &temp);
+        if (r < 0)
+                return r;
 
-        r = copy_bytes(src, dst);
+        r = copy_bytes(src, fileno(dst), (off_t) -1);
         if (r < 0)
                 goto fail;
 
+        /* Don't fail on chmod() or chown(). If it stays owned by us
+         * and/or unreadable by others, then it isn't too bad... */
+
+        backup = strappenda(x, "-");
+
         /* Copy over the access mask */
-        if (fchmod(dst, st.st_mode & 07777) < 0) {
-                r = -errno;
-                goto fail;
-        }
+        if (fchmod(fileno(dst), st.st_mode & 07777) < 0)
+                log_warning("Failed to change mode on %s: %m", backup);
 
-        /* Don't fail on chmod(). If it stays owned by us, then it
-         * isn't too bad... */
-        fchown(dst, st.st_uid, st.st_gid);
+        if (fchown(fileno(dst), st.st_uid, st.st_gid)< 0)
+                log_warning("Failed to change ownership of %s: %m", backup);
 
         ts[0] = st.st_atim;
         ts[1] = st.st_mtim;
-        futimens(dst, ts);
+        futimens(fileno(dst), ts);
 
-        backup = strappenda(x, "-");
         if (rename(temp, backup) < 0)
                 goto fail;
 
@@ -240,35 +253,137 @@ fail:
         return r;
 }
 
+static int putgrent_with_members(const struct group *gr, FILE *group) {
+        char **a;
+
+        assert(gr);
+        assert(group);
+
+        a = hashmap_get(members, gr->gr_name);
+        if (a) {
+                _cleanup_strv_free_ char **l = NULL;
+                bool added = false;
+                char **i;
+
+                l = strv_copy(gr->gr_mem);
+                if (!l)
+                        return -ENOMEM;
+
+                STRV_FOREACH(i, a) {
+                        if (strv_find(l, *i))
+                                continue;
+
+                        if (strv_extend(&l, *i) < 0)
+                                return -ENOMEM;
+
+                        added = true;
+                }
+
+                if (added) {
+                        struct group t;
+
+                        strv_uniq(l);
+                        strv_sort(l);
+
+                        t = *gr;
+                        t.gr_mem = l;
+
+                        errno = 0;
+                        if (putgrent(&t, group) != 0)
+                                return errno ? -errno : -EIO;
+
+                        return 1;
+                }
+        }
+
+        errno = 0;
+        if (putgrent(gr, group) != 0)
+                return errno ? -errno : -EIO;
+
+        return 0;
+}
+
+static int putsgent_with_members(const struct sgrp *sg, FILE *gshadow) {
+        char **a;
+
+        assert(sg);
+        assert(gshadow);
+
+        a = hashmap_get(members, sg->sg_namp);
+        if (a) {
+                _cleanup_strv_free_ char **l = NULL;
+                bool added = false;
+                char **i;
+
+                l = strv_copy(sg->sg_mem);
+                if (!l)
+                        return -ENOMEM;
+
+                STRV_FOREACH(i, a) {
+                        if (strv_find(l, *i))
+                                continue;
+
+                        if (strv_extend(&l, *i) < 0)
+                                return -ENOMEM;
+
+                        added = true;
+                }
+
+                if (added) {
+                        struct sgrp t;
+
+                        strv_uniq(l);
+                        strv_sort(l);
+
+                        t = *sg;
+                        t.sg_mem = l;
+
+                        errno = 0;
+                        if (putsgent(&t, gshadow) != 0)
+                                return errno ? -errno : -EIO;
+
+                        return 1;
+                }
+        }
+
+        errno = 0;
+        if (putsgent(sg, gshadow) != 0)
+                return errno ? -errno : -EIO;
+
+        return 0;
+}
+
 static int write_files(void) {
 
-        _cleanup_fclose_ FILE *passwd = NULL, *group = NULL;
-        _cleanup_free_ char *passwd_tmp = NULL, *group_tmp = NULL;
-        const char *passwd_path = NULL, *group_path = NULL;
+        _cleanup_fclose_ FILE *passwd = NULL, *group = NULL, *shadow = NULL, *gshadow = NULL;
+        _cleanup_free_ char *passwd_tmp = NULL, *group_tmp = NULL, *shadow_tmp = NULL, *gshadow_tmp = NULL;
+        const char *passwd_path = NULL, *group_path = NULL, *shadow_path = NULL, *gshadow_path = NULL;
+        struct stat st;
+        bool group_changed = false;
         Iterator iterator;
         Item *i;
         int r;
 
-        /* We don't patch /etc/shadow or /etc/gshadow here, since we
-         * only create user accounts without passwords anyway. */
-
-        if (hashmap_size(todo_gids) > 0) {
+        if (hashmap_size(todo_gids) > 0 || hashmap_size(members) > 0) {
                 _cleanup_fclose_ FILE *original = NULL;
 
+                /* First we update the actual group list file */
                 group_path = fix_root("/etc/group");
-                r = fopen_temporary(group_path, &group, &group_tmp);
+                r = fopen_temporary_label("/etc/group", group_path, &group, &group_tmp);
                 if (r < 0)
                         goto finish;
 
-                if (fchmod(fileno(group), 0644) < 0) {
-                        r = -errno;
-                        goto finish;
-                }
-
                 original = fopen(group_path, "re");
                 if (original) {
                         struct group *gr;
 
+                        if (fstat(fileno(original), &st) < 0 ||
+                            fchmod(fileno(group), st.st_mode & 07777) < 0 ||
+                            fchown(fileno(group), st.st_uid, st.st_gid) < 0) {
+                                r = -errno;
+                                goto finish;
+                        }
+
                         errno = 0;
                         while ((gr = fgetgrent(original))) {
                                 /* Safety checks against name and GID
@@ -290,10 +405,11 @@ static int write_files(void) {
                                         goto finish;
                                 }
 
-                                if (putgrent(gr, group) < 0) {
-                                        r = -errno;
+                                r = putgrent_with_members(gr, group);
+                                if (r < 0)
                                         goto finish;
-                                }
+                                if (r > 0)
+                                        group_changed = true;
 
                                 errno = 0;
                         }
@@ -305,6 +421,9 @@ static int write_files(void) {
                 } else if (errno != ENOENT) {
                         r = -errno;
                         goto finish;
+                } else if (fchmod(fileno(group), 0644) < 0) {
+                        r = -errno;
+                        goto finish;
                 }
 
                 HASHMAP_FOREACH(i, todo_gids, iterator) {
@@ -314,34 +433,108 @@ static int write_files(void) {
                                 .gr_passwd = (char*) "x",
                         };
 
-                        if (putgrent(&n, group) < 0) {
+                        r = putgrent_with_members(&n, group);
+                        if (r < 0)
+                                goto finish;
+
+                        group_changed = true;
+                }
+
+                r = fflush_and_check(group);
+                if (r < 0)
+                        goto finish;
+
+                if (original) {
+                        fclose(original);
+                        original = NULL;
+                }
+
+                /* OK, now also update the shadow file for the group list */
+                gshadow_path = fix_root("/etc/gshadow");
+                r = fopen_temporary_label("/etc/gshadow", gshadow_path, &gshadow, &gshadow_tmp);
+                if (r < 0)
+                        goto finish;
+
+                original = fopen(gshadow_path, "re");
+                if (original) {
+                        struct sgrp *sg;
+
+                        if (fstat(fileno(original), &st) < 0 ||
+                            fchmod(fileno(gshadow), st.st_mode & 07777) < 0 ||
+                            fchown(fileno(gshadow), st.st_uid, st.st_gid) < 0) {
+                                r = -errno;
+                                goto finish;
+                        }
+
+                        errno = 0;
+                        while ((sg = fgetsgent(original))) {
+
+                                i = hashmap_get(groups, sg->sg_namp);
+                                if (i && i->todo_group) {
+                                        r = -EEXIST;
+                                        goto finish;
+                                }
+
+                                r = putsgent_with_members(sg, gshadow);
+                                if (r < 0)
+                                        goto finish;
+                                if (r > 0)
+                                        group_changed = true;
+
+                                errno = 0;
+                        }
+                        if (!IN_SET(errno, 0, ENOENT)) {
                                 r = -errno;
                                 goto finish;
                         }
+
+                } else if (errno != ENOENT) {
+                        r = -errno;
+                        goto finish;
+                } else if (fchmod(fileno(gshadow), 0000) < 0) {
+                        r = -errno;
+                        goto finish;
                 }
 
-                r = fflush_and_check(group);
+                HASHMAP_FOREACH(i, todo_gids, iterator) {
+                        struct sgrp n = {
+                                .sg_namp = i->name,
+                                .sg_passwd = (char*) "!!",
+                        };
+
+                        r = putsgent_with_members(&n, gshadow);
+                        if (r < 0)
+                                goto finish;
+
+                        group_changed = true;
+                }
+
+                r = fflush_and_check(gshadow);
                 if (r < 0)
                         goto finish;
         }
 
         if (hashmap_size(todo_uids) > 0) {
                 _cleanup_fclose_ FILE *original = NULL;
+                long lstchg;
 
+                /* First we update the user database itself */
                 passwd_path = fix_root("/etc/passwd");
-                r = fopen_temporary(passwd_path, &passwd, &passwd_tmp);
+                r = fopen_temporary_label("/etc/passwd", passwd_path, &passwd, &passwd_tmp);
                 if (r < 0)
                         goto finish;
 
-                if (fchmod(fileno(passwd), 0644) < 0) {
-                        r = -errno;
-                        goto finish;
-                }
-
                 original = fopen(passwd_path, "re");
                 if (original) {
                         struct passwd *pw;
 
+                        if (fstat(fileno(original), &st) < 0 ||
+                            fchmod(fileno(passwd), st.st_mode & 07777) < 0 ||
+                            fchown(fileno(passwd), st.st_uid, st.st_gid) < 0) {
+                                r = -errno;
+                                goto finish;
+                        }
+
                         errno = 0;
                         while ((pw = fgetpwent(original))) {
 
@@ -356,8 +549,9 @@ static int write_files(void) {
                                         goto finish;
                                 }
 
+                                errno = 0;
                                 if (putpwent(pw, passwd) < 0) {
-                                        r = -errno;
+                                        r = errno ? -errno : -EIO;
                                         goto finish;
                                 }
 
@@ -371,6 +565,9 @@ static int write_files(void) {
                 } else if (errno != ENOENT) {
                         r = -errno;
                         goto finish;
+                } else if (fchmod(fileno(passwd), 0644) < 0) {
+                        r = -errno;
+                        goto finish;
                 }
 
                 HASHMAP_FOREACH(i, todo_uids, iterator) {
@@ -379,53 +576,153 @@ static int write_files(void) {
                                 .pw_uid = i->uid,
                                 .pw_gid = i->gid,
                                 .pw_gecos = i->description,
+
+                                /* "x" means the password is stored in
+                                 * the shadow file */
                                 .pw_passwd = (char*) "x",
+
+                                /* We default to the root directory as home */
+                                .pw_dir = i->home ? i->home : (char*) "/",
+
+                                /* Initialize the shell to nologin,
+                                 * with one exception: for root we
+                                 * patch in something special */
+                                .pw_shell = i->uid == 0 ? (char*) "/bin/sh" : (char*) "/sbin/nologin",
                         };
 
-                        /* Initialize the home directory and the shell
-                         * to nologin, with one exception: for root we
-                         * patch in something special */
-                        if (i->uid == 0) {
-                                n.pw_shell = (char*) "/bin/sh";
-                                n.pw_dir = (char*) "/root";
-                        } else {
-                                n.pw_shell = (char*) "/sbin/nologin";
-                                n.pw_dir = (char*) "/";
+                        errno = 0;
+                        if (putpwent(&n, passwd) != 0) {
+                                r = errno ? -errno : -EIO;
+                                goto finish;
+                        }
+                }
+
+                r = fflush_and_check(passwd);
+                if (r < 0)
+                        goto finish;
+
+                if (original) {
+                        fclose(original);
+                        original = NULL;
+                }
+
+                /* The we update the shadow database */
+                shadow_path = fix_root("/etc/shadow");
+                r = fopen_temporary_label("/etc/shadow", shadow_path, &shadow, &shadow_tmp);
+                if (r < 0)
+                        goto finish;
+
+                original = fopen(shadow_path, "re");
+                if (original) {
+                        struct spwd *sp;
+
+                        if (fstat(fileno(original), &st) < 0 ||
+                            fchmod(fileno(shadow), st.st_mode & 07777) < 0 ||
+                            fchown(fileno(shadow), st.st_uid, st.st_gid) < 0) {
+                                r = -errno;
+                                goto finish;
                         }
 
-                        if (putpwent(&n, passwd) < 0) {
-                                r = -r;
+                        errno = 0;
+                        while ((sp = fgetspent(original))) {
+
+                                i = hashmap_get(users, sp->sp_namp);
+                                if (i && i->todo_user) {
+                                        r = -EEXIST;
+                                        goto finish;
+                                }
+
+                                errno = 0;
+                                if (putspent(sp, shadow) < 0) {
+                                        r = errno ? -errno : -EIO;
+                                        goto finish;
+                                }
+
+                                errno = 0;
+                        }
+                        if (!IN_SET(errno, 0, ENOENT)) {
+                                r = -errno;
                                 goto finish;
                         }
+                } else if (errno != ENOENT) {
+                        r = -errno;
+                        goto finish;
+                } else if (fchmod(fileno(shadow), 0000) < 0) {
+                        r = -errno;
+                        goto finish;
                 }
 
-                r = fflush_and_check(passwd);
+                lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY);
+                HASHMAP_FOREACH(i, todo_uids, iterator) {
+                        struct spwd n = {
+                                .sp_namp = i->name,
+                                .sp_pwdp = (char*) "!!",
+                                .sp_lstchg = lstchg,
+                                .sp_min = -1,
+                                .sp_max = -1,
+                                .sp_warn = -1,
+                                .sp_inact = -1,
+                                .sp_expire = -1,
+                                .sp_flag = (unsigned long) -1, /* this appears to be what everybody does ... */
+                        };
+
+                        errno = 0;
+                        if (putspent(&n, shadow) != 0) {
+                                r = errno ? -errno : -EIO;
+                                goto finish;
+                        }
+                }
+
+                r = fflush_and_check(shadow);
                 if (r < 0)
                         goto finish;
         }
 
         /* Make a backup of the old files */
-        if (group) {
-                r = make_backup(group_path);
-                if (r < 0)
-                        goto finish;
+        if (group_changed) {
+                if (group) {
+                        r = make_backup("/etc/group", group_path);
+                        if (r < 0)
+                                goto finish;
+                }
+                if (gshadow) {
+                        r = make_backup("/etc/gshadow", gshadow_path);
+                        if (r < 0)
+                                goto finish;
+                }
         }
 
         if (passwd) {
-                r = make_backup(passwd_path);
+                r = make_backup("/etc/passwd", passwd_path);
+                if (r < 0)
+                        goto finish;
+        }
+        if (shadow) {
+                r = make_backup("/etc/shadow", shadow_path);
                 if (r < 0)
                         goto finish;
         }
 
         /* And make the new files count */
-        if (group) {
-                if (rename(group_tmp, group_path) < 0) {
-                        r = -errno;
-                        goto finish;
+        if (group_changed) {
+                if (group) {
+                        if (rename(group_tmp, group_path) < 0) {
+                                r = -errno;
+                                goto finish;
+                        }
+
+                        free(group_tmp);
+                        group_tmp = NULL;
                 }
+                if (gshadow) {
+                        if (rename(gshadow_tmp, gshadow_path) < 0) {
+                                r = -errno;
+                                goto finish;
+                        }
 
-                free(group_tmp);
-                group_tmp = NULL;
+                        free(gshadow_tmp);
+                        gshadow_tmp = NULL;
+                }
         }
 
         if (passwd) {
@@ -437,16 +734,27 @@ static int write_files(void) {
                 free(passwd_tmp);
                 passwd_tmp = NULL;
         }
+        if (shadow) {
+                if (rename(shadow_tmp, shadow_path) < 0) {
+                        r = -errno;
+                        goto finish;
+                }
 
-        return 0;
+                free(shadow_tmp);
+                shadow_tmp = NULL;
+        }
+
+        r = 0;
 
 finish:
-        if (r < 0) {
-                if (passwd_tmp)
-                        unlink(passwd_tmp);
-                if (group_tmp)
-                        unlink(group_tmp);
-        }
+        if (passwd_tmp)
+                unlink(passwd_tmp);
+        if (shadow_tmp)
+                unlink(shadow_tmp);
+        if (group_tmp)
+                unlink(group_tmp);
+        if (gshadow_tmp)
+                unlink(gshadow_tmp);
 
         return r;
 }
@@ -481,7 +789,7 @@ static int uid_is_ok(uid_t uid, const char *name) {
                 p = getpwuid(uid);
                 if (p)
                         return 0;
-                if (errno != 0)
+                if (!IN_SET(errno, 0, ENOENT))
                         return -errno;
 
                 errno = 0;
@@ -489,7 +797,7 @@ static int uid_is_ok(uid_t uid, const char *name) {
                 if (g) {
                         if (!streq(g->gr_name, name))
                                 return 0;
-                } else if (errno != 0)
+                } else if (!IN_SET(errno, 0, ENOENT))
                         return -errno;
         }
 
@@ -509,8 +817,8 @@ static int root_stat(const char *p, struct stat *st) {
 static int read_id_from_file(Item *i, uid_t *_uid, gid_t *_gid) {
         struct stat st;
         bool found_uid = false, found_gid = false;
-        uid_t uid;
-        gid_t gid;
+        uid_t uid = 0;
+        gid_t gid = 0;
 
         assert(i);
 
@@ -595,7 +903,7 @@ static int add_user(Item *i) {
                         i->description = strdup(p->pw_gecos);
                         return 0;
                 }
-                if (errno != 0) {
+                if (!IN_SET(errno, 0, ENOENT)) {
                         log_error("Failed to check if user %s already exists: %m", i->name);
                         return -errno;
                 }
@@ -607,7 +915,7 @@ static int add_user(Item *i) {
                         log_error("User %s already exists in shadow database, but not in user database.", i->name);
                         return -EBADMSG;
                 }
-                if (errno != 0) {
+                if (!IN_SET(errno, 0, ENOENT)) {
                         log_error("Failed to check if user %s already exists in shadow database: %m", i->name);
                         return -errno;
                 }
@@ -632,7 +940,7 @@ static int add_user(Item *i) {
 
                 if (read_id_from_file(i, &c, NULL) > 0) {
 
-                        if (c <= 0 || c > SYSTEM_UID_MAX)
+                        if (c <= 0 || !uid_range_contains(uid_range, n_uid_range, c))
                                 log_debug("User ID " UID_FMT " of file not suitable for %s.", c, i->name);
                         else {
                                 r = uid_is_ok(c, i->name);
@@ -663,7 +971,12 @@ static int add_user(Item *i) {
 
         /* And if that didn't work either, let's try to find a free one */
         if (!i->uid_set) {
-                for (; search_uid > 0; search_uid--) {
+                for (;;) {
+                        r = uid_range_next_lower(uid_range, n_uid_range, &search_uid);
+                        if (r < 0) {
+                                log_error("No free user ID available for %s.", i->name);
+                                return r;
+                        }
 
                         r = uid_is_ok(search_uid, i->name);
                         if (r < 0) {
@@ -673,18 +986,11 @@ static int add_user(Item *i) {
                                 break;
                 }
 
-                if (search_uid <= 0) {
-                        log_error("No free user ID available for %s.", i->name);
-                        return -E2BIG;
-                }
-
                 i->uid_set = true;
                 i->uid = search_uid;
-
-                search_uid--;
         }
 
-        r = hashmap_ensure_allocated(&todo_uids, trivial_hash_func, trivial_compare_func);
+        r = hashmap_ensure_allocated(&todo_uids, NULL);
         if (r < 0)
                 return log_oom();
 
@@ -720,14 +1026,14 @@ static int gid_is_ok(gid_t gid) {
                 g = getgrgid(gid);
                 if (g)
                         return 0;
-                if (errno != 0)
+                if (!IN_SET(errno, 0, ENOENT))
                         return -errno;
 
                 errno = 0;
                 p = getpwuid((uid_t) gid);
                 if (p)
                         return 0;
-                if (errno != 0)
+                if (!IN_SET(errno, 0, ENOENT))
                         return -errno;
         }
 
@@ -761,7 +1067,7 @@ static int add_group(Item *i) {
                         i->gid_set = true;
                         return 0;
                 }
-                if (errno != 0) {
+                if (!IN_SET(errno, 0, ENOENT)) {
                         log_error("Failed to check if group %s already exists: %m", i->name);
                         return -errno;
                 }
@@ -799,7 +1105,7 @@ static int add_group(Item *i) {
 
                 if (read_id_from_file(i, NULL, &c) > 0) {
 
-                        if (c <= 0 || c > SYSTEM_GID_MAX)
+                        if (c <= 0 || !uid_range_contains(uid_range, n_uid_range, c))
                                 log_debug("Group ID " GID_FMT " of file not suitable for %s.", c, i->name);
                         else {
                                 r = gid_is_ok(c);
@@ -817,8 +1123,15 @@ static int add_group(Item *i) {
 
         /* And if that didn't work either, let's try to find a free one */
         if (!i->gid_set) {
-                for (; search_gid > 0; search_gid--) {
-                        r = gid_is_ok(search_gid);
+                for (;;) {
+                        /* We look for new GIDs in the UID pool! */
+                        r = uid_range_next_lower(uid_range, n_uid_range, &search_uid);
+                        if (r < 0) {
+                                log_error("No free group ID available for %s.", i->name);
+                                return r;
+                        }
+
+                        r = gid_is_ok(search_uid);
                         if (r < 0) {
                                 log_error("Failed to verify gid " GID_FMT ": %s", i->gid, strerror(-r));
                                 return r;
@@ -826,18 +1139,11 @@ static int add_group(Item *i) {
                                 break;
                 }
 
-                if (search_gid <= 0) {
-                        log_error("No free group ID available for %s.", i->name);
-                        return -E2BIG;
-                }
-
                 i->gid_set = true;
-                i->gid = search_gid;
-
-                search_gid--;
+                i->gid = search_uid;
         }
 
-        r = hashmap_ensure_allocated(&todo_gids, trivial_hash_func, trivial_compare_func);
+        r = hashmap_ensure_allocated(&todo_gids, NULL);
         if (r < 0)
                 return log_oom();
 
@@ -890,9 +1196,10 @@ static int process_item(Item *i) {
 
                 return add_group(i);
         }
-        }
 
-        assert_not_reached("Unknown item type");
+        default:
+                assert_not_reached("Unknown item type");
+        }
 }
 
 static void item_free(Item *i) {
@@ -909,6 +1216,74 @@ static void item_free(Item *i) {
 
 DEFINE_TRIVIAL_CLEANUP_FUNC(Item*, item_free);
 
+static int add_implicit(void) {
+        char *g, **l;
+        Iterator iterator;
+        int r;
+
+        /* Implicitly create additional users and groups, if they were listed in "m" lines */
+
+        HASHMAP_FOREACH_KEY(l, g, members, iterator) {
+                Item *i;
+                char **m;
+
+                i = hashmap_get(groups, g);
+                if (!i) {
+                        _cleanup_(item_freep) Item *j = NULL;
+
+                        r = hashmap_ensure_allocated(&groups, &string_hash_ops);
+                        if (r < 0)
+                                return log_oom();
+
+                        j = new0(Item, 1);
+                        if (!j)
+                                return log_oom();
+
+                        j->type = ADD_GROUP;
+                        j->name = strdup(g);
+                        if (!j->name)
+                                return log_oom();
+
+                        r = hashmap_put(groups, j->name, j);
+                        if (r < 0)
+                                return log_oom();
+
+                        log_debug("Adding implicit group '%s' due to m line", j->name);
+                        j = NULL;
+                }
+
+                STRV_FOREACH(m, l) {
+
+                        i = hashmap_get(users, *m);
+                        if (!i) {
+                                _cleanup_(item_freep) Item *j = NULL;
+
+                                r = hashmap_ensure_allocated(&users, &string_hash_ops);
+                                if (r < 0)
+                                        return log_oom();
+
+                                j = new0(Item, 1);
+                                if (!j)
+                                        return log_oom();
+
+                                j->type = ADD_USER;
+                                j->name = strdup(*m);
+                                if (!j->name)
+                                        return log_oom();
+
+                                r = hashmap_put(users, j->name, j);
+                                if (r < 0)
+                                        return log_oom();
+
+                                log_debug("Adding implicit user '%s' due to m line", j->name);
+                                j = NULL;
+                        }
+                }
+        }
+
+        return 0;
+}
+
 static bool item_equal(Item *a, Item *b) {
         assert(a);
         assert(b);
@@ -940,6 +1315,9 @@ static bool item_equal(Item *a, Item *b) {
         if (a->gid_set && a->gid != b->gid)
                 return false;
 
+        if (!streq_ptr(a->home, b->home))
+                return false;
+
         return true;
 }
 
@@ -947,7 +1325,7 @@ static bool valid_user_group_name(const char *u) {
         const char *i;
         long sz;
 
-        if (isempty(u) < 0)
+        if (isempty(u))
                 return false;
 
         if (!(u[0] >= 'a' && u[0] <= 'z') &&
@@ -970,15 +1348,49 @@ static bool valid_user_group_name(const char *u) {
         if ((size_t) (i-u) > (size_t) sz)
                 return false;
 
+        if ((size_t) (i-u) > UT_NAMESIZE - 1)
+                return false;
+
         return true;
 }
 
 static bool valid_gecos(const char *d) {
 
+        if (!d)
+                return false;
+
         if (!utf8_is_valid(d))
                 return false;
 
-        if (strpbrk(d, ":\n"))
+        if (string_has_cc(d, NULL))
+                return false;
+
+        /* Colons are used as field separators, and hence not OK */
+        if (strchr(d, ':'))
+                return false;
+
+        return true;
+}
+
+static bool valid_home(const char *p) {
+
+        if (isempty(p))
+                return false;
+
+        if (!utf8_is_valid(p))
+                return false;
+
+        if (string_has_cc(p, NULL))
+                return false;
+
+        if (!path_is_absolute(p))
+                return false;
+
+        if (!path_is_safe(p))
+                return false;
+
+        /* Colons are used as field separators, and hence not OK */
+        if (strchr(p, ':'))
                 return false;
 
         return true;
@@ -994,116 +1406,290 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) {
                 {}
         };
 
-        _cleanup_free_ char *action = NULL, *name = NULL, *id = NULL;
+        _cleanup_free_ char *action = NULL, *name = NULL, *id = NULL, *resolved_name = NULL, *resolved_id = NULL, *description = NULL, *home = NULL;
         _cleanup_(item_freep) Item *i = NULL;
         Item *existing;
         Hashmap *h;
-        int r, n = -1;
+        int r;
+        const char *p;
 
         assert(fname);
         assert(line >= 1);
         assert(buffer);
 
-        r = sscanf(buffer,
-                   "%ms %ms %ms %n",
-                   &action,
-                   &name,
-                   &id,
-                   &n);
-        if (r < 2) {
+        /* Parse columns */
+        p = buffer;
+        r = unquote_many_words(&p, &action, &name, &id, &description, &home, NULL);
+        if (r < 0) {
                 log_error("[%s:%u] Syntax error.", fname, line);
-                return -EIO;
+                return r;
+        }
+        if (r < 2) {
+                log_error("[%s:%u] Missing action and name columns.", fname, line);
+                return -EINVAL;
+        }
+        if (*p != 0) {
+                log_error("[%s:%u] Trailing garbage.", fname, line);
+                return -EINVAL;
         }
 
+        /* Verify action */
         if (strlen(action) != 1) {
                 log_error("[%s:%u] Unknown modifier '%s'", fname, line, action);
                 return -EINVAL;
         }
 
-        if (!IN_SET(action[0], ADD_USER, ADD_GROUP)) {
+        if (!IN_SET(action[0], ADD_USER, ADD_GROUP, ADD_MEMBER, ADD_RANGE)) {
                 log_error("[%s:%u] Unknown command command type '%c'.", fname, line, action[0]);
                 return -EBADMSG;
         }
 
-        i = new0(Item, 1);
-        if (!i)
-                return log_oom();
+        /* Verify name */
+        if (isempty(name) || streq(name, "-")) {
+                free(name);
+                name = NULL;
+        }
 
-        i->type = action[0];
+        if (name) {
+                r = specifier_printf(name, specifier_table, NULL, &resolved_name);
+                if (r < 0) {
+                        log_error("[%s:%u] Failed to replace specifiers: %s", fname, line, name);
+                        return r;
+                }
 
-        r = specifier_printf(name, specifier_table, NULL, &i->name);
-        if (r < 0) {
-                log_error("[%s:%u] Failed to replace specifiers: %s", fname, line, name);
-                return r;
+                if (!valid_user_group_name(resolved_name)) {
+                        log_error("[%s:%u] '%s' is not a valid user or group name.", fname, line, resolved_name);
+                        return -EINVAL;
+                }
         }
 
-        if (!valid_user_group_name(i->name)) {
-                log_error("[%s:%u] '%s' is not a valid user or group name.", fname, line, i->name);
-                return -EINVAL;
+        /* Verify id */
+        if (isempty(id) || streq(id, "-")) {
+                free(id);
+                id = NULL;
         }
 
-        if (n >= 0) {
-                n += strspn(buffer+n, WHITESPACE);
-                if (buffer[n] != 0 && (buffer[n] != '-' || buffer[n+1] != 0)) {
-                        i->description = unquote(buffer+n, "\"");
-                        if (!i->description)
-                                return log_oom();
+        if (id) {
+                r = specifier_printf(id, specifier_table, NULL, &resolved_id);
+                if (r < 0) {
+                        log_error("[%s:%u] Failed to replace specifiers: %s", fname, line, name);
+                        return r;
+                }
+        }
 
-                        if (!valid_gecos(i->description)) {
-                                log_error("[%s:%u] '%s' is not a valid GECOS field.", fname, line, i->description);
-                                return -EINVAL;
-                        }
+        /* Verify description */
+        if (isempty(description) || streq(description, "-")) {
+                free(description);
+                description = NULL;
+        }
+
+        if (description) {
+                if (!valid_gecos(description)) {
+                        log_error("[%s:%u] '%s' is not a valid GECOS field.", fname, line, description);
+                        return -EINVAL;
                 }
         }
 
-        if (id && !streq(id, "-")) {
+        /* Verify home */
+        if (isempty(home) || streq(home, "-")) {
+                free(home);
+                home = NULL;
+        }
 
-                if (path_is_absolute(id)) {
-                        char *p;
+        if (home) {
+                if (!valid_home(home)) {
+                        log_error("[%s:%u] '%s' is not a valid home directory field.", fname, line, home);
+                        return -EINVAL;
+                }
+        }
 
-                        p = strdup(id);
-                        if (!p)
-                                return log_oom();
+        switch (action[0]) {
 
-                        path_kill_slashes(p);
+        case ADD_RANGE:
+                if (resolved_name) {
+                        log_error("[%s:%u] Lines of type 'r' don't take a name field.", fname, line);
+                        return -EINVAL;
+                }
 
-                        if (i->type == ADD_USER)
-                                i->uid_path = p;
-                        else
-                                i->gid_path = p;
+                if (!resolved_id) {
+                        log_error("[%s:%u] Lines of type 'r' require a ID range in the third field.", fname, line);
+                        return -EINVAL;
+                }
 
-                } else if (i->type == ADD_USER) {
-                        r = parse_uid(id, &i->uid);
-                        if (r < 0) {
-                                log_error("Failed to parse UID: %s", id);
-                                return -EBADMSG;
-                        }
+                if (description) {
+                        log_error("[%s:%u] Lines of type 'r' don't take a GECOS field.", fname, line);
+                        return -EINVAL;
+                }
 
-                        i->uid_set = true;
+                if (home) {
+                        log_error("[%s:%u] Lines of type 'r' don't take a home directory field.", fname, line);
+                        return -EINVAL;
+                }
+
+                r = uid_range_add_str(&uid_range, &n_uid_range, resolved_id);
+                if (r < 0) {
+                        log_error("[%s:%u] Invalid UID range %s.", fname, line, resolved_id);
+                        return -EINVAL;
+                }
+
+                return 0;
+
+        case ADD_MEMBER: {
+                char **l;
 
+                /* Try to extend an existing member or group item */
+                if (!name) {
+                        log_error("[%s:%u] Lines of type 'm' require a user name in the second field.", fname, line);
+                        return -EINVAL;
+                }
+
+                if (!resolved_id) {
+                        log_error("[%s:%u] Lines of type 'm' require a group name in the third field.", fname, line);
+                        return -EINVAL;
+                }
+
+                if (!valid_user_group_name(resolved_id)) {
+                        log_error("[%s:%u] '%s' is not a valid user or group name.", fname, line, resolved_id);
+                        return -EINVAL;
+                }
+
+                if (description) {
+                        log_error("[%s:%u] Lines of type 'm' don't take a GECOS field.", fname, line);
+                        return -EINVAL;
+                }
+
+                if (home) {
+                        log_error("[%s:%u] Lines of type 'm' don't take a home directory field.", fname, line);
+                        return -EINVAL;
+                }
+
+                r = hashmap_ensure_allocated(&members, &string_hash_ops);
+                if (r < 0)
+                        return log_oom();
+
+                l = hashmap_get(members, resolved_id);
+                if (l) {
+                        /* A list for this group name already exists, let's append to it */
+                        r = strv_push(&l, resolved_name);
+                        if (r < 0)
+                                return log_oom();
+
+                        resolved_name = NULL;
+
+                        assert_se(hashmap_update(members, resolved_id, l) >= 0);
                 } else {
-                        assert(i->type == ADD_GROUP);
+                        /* No list for this group name exists yet, create one */
+
+                        l = new0(char *, 2);
+                        if (!l)
+                                return -ENOMEM;
 
-                        r = parse_gid(id, &i->gid);
+                        l[0] = resolved_name;
+                        l[1] = NULL;
+
+                        r = hashmap_put(members, resolved_id, l);
                         if (r < 0) {
-                                log_error("Failed to parse GID: %s", id);
-                                return -EBADMSG;
+                                free(l);
+                                return log_oom();
                         }
 
-                        i->gid_set = true;
+                        resolved_id = resolved_name = NULL;
                 }
+
+                return 0;
         }
 
-        if (i->type == ADD_USER) {
-                r = hashmap_ensure_allocated(&users, string_hash_func, string_compare_func);
+        case ADD_USER:
+                if (!name) {
+                        log_error("[%s:%u] Lines of type 'u' require a user name in the second field.", fname, line);
+                        return -EINVAL;
+                }
+
+                r = hashmap_ensure_allocated(&users, &string_hash_ops);
+                if (r < 0)
+                        return log_oom();
+
+                i = new0(Item, 1);
+                if (!i)
+                        return log_oom();
+
+                if (resolved_id) {
+                        if (path_is_absolute(resolved_id)) {
+                                i->uid_path = resolved_id;
+                                resolved_id = NULL;
+
+                                path_kill_slashes(i->uid_path);
+                        } else {
+                                r = parse_uid(resolved_id, &i->uid);
+                                if (r < 0) {
+                                        log_error("Failed to parse UID: %s", id);
+                                        return -EBADMSG;
+                                }
+
+                                i->uid_set = true;
+                        }
+                }
+
+                i->description = description;
+                description = NULL;
+
+                i->home = home;
+                home = NULL;
+
                 h = users;
-        } else {
-                assert(i->type == ADD_GROUP);
-                r = hashmap_ensure_allocated(&groups, string_hash_func, string_compare_func);
+                break;
+
+        case ADD_GROUP:
+                if (!name) {
+                        log_error("[%s:%u] Lines of type 'g' require a user name in the second field.", fname, line);
+                        return -EINVAL;
+                }
+
+                if (description) {
+                        log_error("[%s:%u] Lines of type 'g' don't take a GECOS field.", fname, line);
+                        return -EINVAL;
+                }
+
+                if (home) {
+                        log_error("[%s:%u] Lines of type 'g' don't take a home directory field.", fname, line);
+                        return -EINVAL;
+                }
+
+                r = hashmap_ensure_allocated(&groups, &string_hash_ops);
+                if (r < 0)
+                        return log_oom();
+
+                i = new0(Item, 1);
+                if (!i)
+                        return log_oom();
+
+                if (resolved_id) {
+                        if (path_is_absolute(resolved_id)) {
+                                i->gid_path = resolved_id;
+                                resolved_id = NULL;
+
+                                path_kill_slashes(i->gid_path);
+                        } else {
+                                r = parse_gid(resolved_id, &i->gid);
+                                if (r < 0) {
+                                        log_error("Failed to parse GID: %s", id);
+                                        return -EBADMSG;
+                                }
+
+                                i->gid_set = true;
+                        }
+                }
+
                 h = groups;
+                break;
+
+        default:
+                return -EBADMSG;
         }
-        if (r < 0)
-                return log_oom();
+
+        i->type = action[0];
+        i->name = resolved_name;
+        resolved_name = NULL;
 
         existing = hashmap_get(h, i->name);
         if (existing) {
@@ -1116,30 +1702,35 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) {
         }
 
         r = hashmap_put(h, i->name, i);
-        if (r < 0) {
-                log_error("Failed to insert item %s: %s", i->name, strerror(-r));
-                return r;
-        }
+        if (r < 0)
+                return log_oom();
 
         i = NULL;
         return 0;
 }
 
 static int read_config_file(const char *fn, bool ignore_enoent) {
-        _cleanup_fclose_ FILE *f = NULL;
+        _cleanup_fclose_ FILE *rf = NULL;
+        FILE *f = NULL;
         char line[LINE_MAX];
         unsigned v = 0;
-        int r;
+        int r = 0;
 
         assert(fn);
 
-        r = search_and_fopen_nulstr(fn, "re", arg_root, conf_file_dirs, &f);
-        if (r < 0) {
-                if (ignore_enoent && r == -ENOENT)
-                        return 0;
+        if (streq(fn, "-"))
+                f = stdin;
+        else {
+                r = search_and_fopen_nulstr(fn, "re", arg_root, conf_file_dirs, &rf);
+                if (r < 0) {
+                        if (ignore_enoent && r == -ENOENT)
+                                return 0;
 
-                log_error("Failed to open '%s', ignoring: %s", fn, strerror(-r));
-                return r;
+                        log_error("Failed to open '%s', ignoring: %s", fn, strerror(-r));
+                        return r;
+                }
+
+                f = rf;
         }
 
         FOREACH_LINE(line, f, break) {
@@ -1166,42 +1757,6 @@ static int read_config_file(const char *fn, bool ignore_enoent) {
         return r;
 }
 
-static int take_lock(void) {
-
-        struct flock flock = {
-                .l_type = F_WRLCK,
-                .l_whence = SEEK_SET,
-                .l_start = 0,
-                .l_len = 0,
-        };
-
-        const char *path;
-        int fd, r;
-
-        /* This is roughly the same as lckpwdf(), but not as awful. We
-         * don't want to use alarm() and signals, hence we implement
-         * our own trivial version of this.
-         *
-         * Note that shadow-utils also takes per-database locks in
-         * addition to lckpwdf(). However, we don't given that they
-         * are redundant as they they invoke lckpwdf() first and keep
-         * it during everything they do. The per-database locks are
-         * awfully racy, and thus we just won't do them. */
-
-        path = fix_root("/etc/.pwd.lock");
-        fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0600);
-        if (fd < 0)
-                return -errno;
-
-        r = fcntl(fd, F_SETLKW, &flock);
-        if (r < 0) {
-                safe_close(fd);
-                return -errno;
-        }
-
-        return fd;
-}
-
 static void free_database(Hashmap *by_name, Hashmap *by_id) {
         char *name;
 
@@ -1223,16 +1778,13 @@ static void free_database(Hashmap *by_name, Hashmap *by_id) {
         hashmap_free(by_id);
 }
 
-static int help(void) {
-
+static void help(void) {
         printf("%s [OPTIONS...] [CONFIGURATION FILE...]\n\n"
                "Creates system user accounts.\n\n"
                "  -h --help                 Show this help\n"
                "     --version              Show package version\n"
-               "     --root=PATH            Operate on an alternate filesystem root\n",
-               program_invocation_short_name);
-
-        return 0;
+               "     --root=PATH            Operate on an alternate filesystem root\n"
+               , program_invocation_short_name);
 }
 
 static int parse_argv(int argc, char *argv[]) {
@@ -1254,12 +1806,13 @@ static int parse_argv(int argc, char *argv[]) {
         assert(argc >= 0);
         assert(argv);
 
-        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) {
+        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
 
                 switch (c) {
 
                 case 'h':
-                        return help();
+                        help();
+                        return 0;
 
                 case ARG_VERSION:
                         puts(PACKAGE_STRING);
@@ -1281,7 +1834,6 @@ static int parse_argv(int argc, char *argv[]) {
                 default:
                         assert_not_reached("Unhandled option");
                 }
-        }
 
         return 1;
 }
@@ -1292,6 +1844,7 @@ int main(int argc, char *argv[]) {
         Iterator iterator;
         int r, k;
         Item *i;
+        char *n;
 
         r = parse_argv(argc, argv);
         if (r <= 0)
@@ -1303,7 +1856,11 @@ int main(int argc, char *argv[]) {
 
         umask(0022);
 
-        r = 0;
+        r = mac_selinux_init(NULL);
+        if (r < 0) {
+                log_error("SELinux setup failed: %s", strerror(-r));
+                goto finish;
+        }
 
         if (optind < argc) {
                 int j;
@@ -1330,7 +1887,20 @@ int main(int argc, char *argv[]) {
                 }
         }
 
-        lock = take_lock();
+        if (!uid_range) {
+                /* Default to default range of 1..SYSTEMD_UID_MAX */
+                r = uid_range_add(&uid_range, &n_uid_range, 1, SYSTEM_UID_MAX);
+                if (r < 0) {
+                        log_oom();
+                        goto finish;
+                }
+        }
+
+        r = add_implicit();
+        if (r < 0)
+                goto finish;
+
+        lock = take_password_lock(arg_root);
         if (lock < 0) {
                 log_error("Failed to take lock: %s", strerror(-lock));
                 goto finish;
@@ -1365,8 +1935,14 @@ finish:
         while ((i = hashmap_steal_first(users)))
                 item_free(i);
 
+        while ((n = hashmap_first_key(members))) {
+                strv_free(hashmap_steal_first(members));
+                free(n);
+        }
+
         hashmap_free(groups);
         hashmap_free(users);
+        hashmap_free(members);
         hashmap_free(todo_uids);
         hashmap_free(todo_gids);