X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fbasic%2Fuser-util.h;h=4a1bc764ad586d3e35db3f86a47503afbc49f20d;hp=235d0769aa1db2d2b390555be43f8e78ba1d530a;hb=d93247127eb2e073a6d3b5bcc67bcc4048d674fe;hpb=20e696d0ded4e2f95ab20e95b148c806a3112949
diff --git a/src/basic/user-util.h b/src/basic/user-util.h
index 235d0769a..4a1bc764a 100644
--- a/src/basic/user-util.h
+++ b/src/basic/user-util.h
@@ -1,5 +1,3 @@
-/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
-
#pragma once
/***
@@ -21,8 +19,10 @@
along with systemd; If not, see .
***/
-#include
#include
+#include
+#include
+#include
bool uid_is_valid(uid_t uid);
@@ -36,20 +36,21 @@ static inline int parse_gid(const char *s, gid_t *ret_gid) {
return parse_uid(s, (uid_t*) ret_gid);
}
-/// UNNEEDED by elogind
-#if 0
char* getlogname_malloc(void);
+#if 0 /// UNNEEDED by elogind
char* getusername_malloc(void);
#endif // 0
int get_user_creds(const char **username, uid_t *uid, gid_t *gid, const char **home, const char **shell);
+#if 0 /// UNNEEDED by elogind
+int get_user_creds_clean(const char **username, uid_t *uid, gid_t *gid, const char **home, const char **shell);
int get_group_creds(const char **groupname, gid_t *gid);
+#endif // 0
char* uid_to_name(uid_t uid);
char* gid_to_name(gid_t gid);
-/// UNNEEDED by elogind
-#if 0
+#if 0 /// UNNEEDED by elogind
int in_gid(gid_t gid);
int in_group(const char *name);
@@ -59,18 +60,39 @@ int get_shell(char **_ret);
int reset_uid_gid(void);
-/// UNNEEDED by elogind
-#if 0
+#if 0 /// UNNEEDED by elogind
int take_etc_passwd_lock(const char *root);
#endif // 0
#define UID_INVALID ((uid_t) -1)
#define GID_INVALID ((gid_t) -1)
-/* The following macros add 1 when converting things, since UID 0 is a
- * valid UID, while the pointer NULL is special */
+/* Let's pick a UIDs within the 16bit range, so that we are compatible with containers using 16bit
+ * user namespacing. At least on Fedora normal users are allocated until UID 60000, hence do not
+ * allocate from below this. Also stay away from the upper end of the range as that is often used
+ * for overflow/nobody users. */
+#define DYNAMIC_UID_MIN ((uid_t) UINT32_C(0x0000EF00))
+#define DYNAMIC_UID_MAX ((uid_t) UINT32_C(0x0000FFEF))
+
+static inline bool uid_is_dynamic(uid_t uid) {
+ return DYNAMIC_UID_MIN <= uid && uid <= DYNAMIC_UID_MAX;
+}
+
+/* The following macros add 1 when converting things, since UID 0 is a valid UID, while the pointer
+ * NULL is special */
#define PTR_TO_UID(p) ((uid_t) (((uintptr_t) (p))-1))
#define UID_TO_PTR(u) ((void*) (((uintptr_t) (u))+1))
#define PTR_TO_GID(p) ((gid_t) (((uintptr_t) (p))-1))
#define GID_TO_PTR(u) ((void*) (((uintptr_t) (u))+1))
+
+static inline bool userns_supported(void) {
+ return access("/proc/self/uid_map", F_OK) >= 0;
+}
+
+bool valid_user_group_name(const char *u);
+bool valid_user_group_name_or_id(const char *u);
+bool valid_gecos(const char *d);
+bool valid_home(const char *p);
+
+int maybe_setgroups(size_t size, const gid_t *list);