X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fsysusers%2Fsysusers.c;h=c133dc5f1036b61b3dc2a8c8b22d5b1806ba5db8;hp=f78fb4fff374c4a20c4c51a6998503e7940d6d07;hb=e3c72c21d62aadabf4df436c3e2c7219eeeccc1c;hpb=dfc87cbfe5ec03190e5b2235b1ed477db11541ca diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c index f78fb4fff..c133dc5f1 100644 --- a/src/sysusers/sysusers.c +++ b/src/sysusers/sysusers.c @@ -38,11 +38,13 @@ #include "utf8.h" #include "label.h" #include "fileio-label.h" +#include "uid-range.h" typedef enum ItemType { ADD_USER = 'u', ADD_GROUP = 'g', ADD_MEMBER = 'm', + ADD_RANGE = 'r', } ItemType; typedef struct Item { ItemType type; @@ -51,6 +53,7 @@ typedef struct Item { char *uid_path; char *gid_path; char *description; + char *home; gid_t gid; uid_t uid; @@ -81,8 +84,9 @@ static Hashmap *members = NULL; static Hashmap *database_uid = NULL, *database_user = NULL; static Hashmap *database_gid = NULL, *database_group = NULL; -static uid_t search_uid = SYSTEM_UID_MAX; -static gid_t search_gid = SYSTEM_GID_MAX; +static uid_t search_uid = (uid_t) -1; +static UidRange *uid_range = NULL; +static unsigned n_uid_range = 0; #define UID_TO_PTR(u) (ULONG_TO_PTR(u+1)) #define PTR_TO_UID(u) ((uid_t) (PTR_TO_ULONG(u)-1)) @@ -103,11 +107,11 @@ static int load_user_database(void) { if (!f) return errno == ENOENT ? 0 : -errno; - r = hashmap_ensure_allocated(&database_user, string_hash_func, string_compare_func); + r = hashmap_ensure_allocated(&database_user, &string_hash_ops); if (r < 0) return r; - r = hashmap_ensure_allocated(&database_uid, trivial_hash_func, trivial_compare_func); + r = hashmap_ensure_allocated(&database_uid, NULL); if (r < 0) return r; @@ -155,11 +159,11 @@ static int load_group_database(void) { if (!f) return errno == ENOENT ? 0 : -errno; - r = hashmap_ensure_allocated(&database_group, string_hash_func, string_compare_func); + r = hashmap_ensure_allocated(&database_group, &string_hash_ops); if (r < 0) return r; - r = hashmap_ensure_allocated(&database_gid, trivial_hash_func, trivial_compare_func); + r = hashmap_ensure_allocated(&database_gid, NULL); if (r < 0) return r; @@ -354,6 +358,7 @@ static int write_files(void) { _cleanup_fclose_ FILE *passwd = NULL, *group = NULL, *shadow = NULL, *gshadow = NULL; _cleanup_free_ char *passwd_tmp = NULL, *group_tmp = NULL, *shadow_tmp = NULL, *gshadow_tmp = NULL; const char *passwd_path = NULL, *group_path = NULL, *shadow_path = NULL, *gshadow_path = NULL; + struct stat st; bool group_changed = false; Iterator iterator; Item *i; @@ -368,15 +373,17 @@ static int write_files(void) { if (r < 0) goto finish; - if (fchmod(fileno(group), 0644) < 0) { - r = -errno; - goto finish; - } - original = fopen(group_path, "re"); if (original) { struct group *gr; + if (fstat(fileno(original), &st) < 0 || + fchmod(fileno(group), st.st_mode & 07777) < 0 || + fchown(fileno(group), st.st_uid, st.st_gid) < 0) { + r = -errno; + goto finish; + } + errno = 0; while ((gr = fgetgrent(original))) { /* Safety checks against name and GID @@ -414,6 +421,9 @@ static int write_files(void) { } else if (errno != ENOENT) { r = -errno; goto finish; + } else if (fchmod(fileno(group), 0644) < 0) { + r = -errno; + goto finish; } HASHMAP_FOREACH(i, todo_gids, iterator) { @@ -445,15 +455,17 @@ static int write_files(void) { if (r < 0) goto finish; - if (fchmod(fileno(gshadow), 0000) < 0) { - r = -errno; - goto finish; - } - original = fopen(gshadow_path, "re"); if (original) { struct sgrp *sg; + if (fstat(fileno(original), &st) < 0 || + fchmod(fileno(gshadow), st.st_mode & 07777) < 0 || + fchown(fileno(gshadow), st.st_uid, st.st_gid) < 0) { + r = -errno; + goto finish; + } + errno = 0; while ((sg = fgetsgent(original))) { @@ -479,6 +491,9 @@ static int write_files(void) { } else if (errno != ENOENT) { r = -errno; goto finish; + } else if (fchmod(fileno(gshadow), 0000) < 0) { + r = -errno; + goto finish; } HASHMAP_FOREACH(i, todo_gids, iterator) { @@ -509,15 +524,17 @@ static int write_files(void) { if (r < 0) goto finish; - if (fchmod(fileno(passwd), 0644) < 0) { - r = -errno; - goto finish; - } - original = fopen(passwd_path, "re"); if (original) { struct passwd *pw; + if (fstat(fileno(original), &st) < 0 || + fchmod(fileno(passwd), st.st_mode & 07777) < 0 || + fchown(fileno(passwd), st.st_uid, st.st_gid) < 0) { + r = -errno; + goto finish; + } + errno = 0; while ((pw = fgetpwent(original))) { @@ -548,6 +565,9 @@ static int write_files(void) { } else if (errno != ENOENT) { r = -errno; goto finish; + } else if (fchmod(fileno(passwd), 0644) < 0) { + r = -errno; + goto finish; } HASHMAP_FOREACH(i, todo_uids, iterator) { @@ -556,19 +576,19 @@ static int write_files(void) { .pw_uid = i->uid, .pw_gid = i->gid, .pw_gecos = i->description, + + /* "x" means the password is stored in + * the shadow file */ .pw_passwd = (char*) "x", - }; - /* Initialize the home directory and the shell - * to nologin, with one exception: for root we - * patch in something special */ - if (i->uid == 0) { - n.pw_shell = (char*) "/bin/sh"; - n.pw_dir = (char*) "/root"; - } else { - n.pw_shell = (char*) "/sbin/nologin"; - n.pw_dir = (char*) "/"; - } + /* We default to the root directory as home */ + .pw_dir = i->home ? i->home : (char*) "/", + + /* Initialize the shell to nologin, + * with one exception: for root we + * patch in something special */ + .pw_shell = i->uid == 0 ? (char*) "/bin/sh" : (char*) "/sbin/nologin", + }; errno = 0; if (putpwent(&n, passwd) != 0) { @@ -592,15 +612,17 @@ static int write_files(void) { if (r < 0) goto finish; - if (fchmod(fileno(shadow), 0000) < 0) { - r = -errno; - goto finish; - } - original = fopen(shadow_path, "re"); if (original) { struct spwd *sp; + if (fstat(fileno(original), &st) < 0 || + fchmod(fileno(shadow), st.st_mode & 07777) < 0 || + fchown(fileno(shadow), st.st_uid, st.st_gid) < 0) { + r = -errno; + goto finish; + } + errno = 0; while ((sp = fgetspent(original))) { @@ -625,6 +647,9 @@ static int write_files(void) { } else if (errno != ENOENT) { r = -errno; goto finish; + } else if (fchmod(fileno(shadow), 0000) < 0) { + r = -errno; + goto finish; } lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY); @@ -792,8 +817,8 @@ static int root_stat(const char *p, struct stat *st) { static int read_id_from_file(Item *i, uid_t *_uid, gid_t *_gid) { struct stat st; bool found_uid = false, found_gid = false; - uid_t uid; - gid_t gid; + uid_t uid = 0; + gid_t gid = 0; assert(i); @@ -915,7 +940,7 @@ static int add_user(Item *i) { if (read_id_from_file(i, &c, NULL) > 0) { - if (c <= 0 || c > SYSTEM_UID_MAX) + if (c <= 0 || !uid_range_contains(uid_range, n_uid_range, c)) log_debug("User ID " UID_FMT " of file not suitable for %s.", c, i->name); else { r = uid_is_ok(c, i->name); @@ -946,7 +971,12 @@ static int add_user(Item *i) { /* And if that didn't work either, let's try to find a free one */ if (!i->uid_set) { - for (; search_uid > 0; search_uid--) { + for (;;) { + r = uid_range_next_lower(uid_range, n_uid_range, &search_uid); + if (r < 0) { + log_error("No free user ID available for %s.", i->name); + return r; + } r = uid_is_ok(search_uid, i->name); if (r < 0) { @@ -956,18 +986,11 @@ static int add_user(Item *i) { break; } - if (search_uid <= 0) { - log_error("No free user ID available for %s.", i->name); - return -E2BIG; - } - i->uid_set = true; i->uid = search_uid; - - search_uid--; } - r = hashmap_ensure_allocated(&todo_uids, trivial_hash_func, trivial_compare_func); + r = hashmap_ensure_allocated(&todo_uids, NULL); if (r < 0) return log_oom(); @@ -1082,7 +1105,7 @@ static int add_group(Item *i) { if (read_id_from_file(i, NULL, &c) > 0) { - if (c <= 0 || c > SYSTEM_GID_MAX) + if (c <= 0 || !uid_range_contains(uid_range, n_uid_range, c)) log_debug("Group ID " GID_FMT " of file not suitable for %s.", c, i->name); else { r = gid_is_ok(c); @@ -1100,8 +1123,15 @@ static int add_group(Item *i) { /* And if that didn't work either, let's try to find a free one */ if (!i->gid_set) { - for (; search_gid > 0; search_gid--) { - r = gid_is_ok(search_gid); + for (;;) { + /* We look for new GIDs in the UID pool! */ + r = uid_range_next_lower(uid_range, n_uid_range, &search_uid); + if (r < 0) { + log_error("No free group ID available for %s.", i->name); + return r; + } + + r = gid_is_ok(search_uid); if (r < 0) { log_error("Failed to verify gid " GID_FMT ": %s", i->gid, strerror(-r)); return r; @@ -1109,18 +1139,11 @@ static int add_group(Item *i) { break; } - if (search_gid <= 0) { - log_error("No free group ID available for %s.", i->name); - return -E2BIG; - } - i->gid_set = true; - i->gid = search_gid; - - search_gid--; + i->gid = search_uid; } - r = hashmap_ensure_allocated(&todo_gids, trivial_hash_func, trivial_compare_func); + r = hashmap_ensure_allocated(&todo_gids, NULL); if (r < 0) return log_oom(); @@ -1208,7 +1231,7 @@ static int add_implicit(void) { if (!i) { _cleanup_(item_freep) Item *j = NULL; - r = hashmap_ensure_allocated(&groups, string_hash_func, string_compare_func); + r = hashmap_ensure_allocated(&groups, &string_hash_ops); if (r < 0) return log_oom(); @@ -1235,7 +1258,7 @@ static int add_implicit(void) { if (!i) { _cleanup_(item_freep) Item *j = NULL; - r = hashmap_ensure_allocated(&users, string_hash_func, string_compare_func); + r = hashmap_ensure_allocated(&users, &string_hash_ops); if (r < 0) return log_oom(); @@ -1292,6 +1315,9 @@ static bool item_equal(Item *a, Item *b) { if (a->gid_set && a->gid != b->gid) return false; + if (!streq_ptr(a->home, b->home)) + return false; + return true; } @@ -1330,6 +1356,9 @@ static bool valid_user_group_name(const char *u) { static bool valid_gecos(const char *d) { + if (!d) + return false; + if (!utf8_is_valid(d)) return false; @@ -1343,6 +1372,30 @@ static bool valid_gecos(const char *d) { return true; } +static bool valid_home(const char *p) { + + if (isempty(p)) + return false; + + if (!utf8_is_valid(p)) + return false; + + if (string_has_cc(p, NULL)) + return false; + + if (!path_is_absolute(p)) + return false; + + if (!path_is_safe(p)) + return false; + + /* Colons are used as field separators, and hence not OK */ + if (strchr(p, ':')) + return false; + + return true; +} + static int parse_line(const char *fname, unsigned line, const char *buffer) { static const Specifier specifier_table[] = { @@ -1353,76 +1406,146 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) { {} }; - _cleanup_free_ char *action = NULL, *name = NULL, *id = NULL, *resolved_name = NULL; + _cleanup_free_ char *action = NULL, *name = NULL, *id = NULL, *resolved_name = NULL, *resolved_id = NULL, *description = NULL, *home = NULL; _cleanup_(item_freep) Item *i = NULL; Item *existing; Hashmap *h; - int r, n = -1; + int r; + const char *p; assert(fname); assert(line >= 1); assert(buffer); - r = sscanf(buffer, - "%ms %ms %ms %n", - &action, - &name, - &id, - &n); - if (r < 2) { + /* Parse columns */ + p = buffer; + r = unquote_many_words(&p, &action, &name, &id, &description, &home, NULL); + if (r < 0) { log_error("[%s:%u] Syntax error.", fname, line); - return -EIO; + return r; + } + if (r < 2) { + log_error("[%s:%u] Missing action and name columns.", fname, line); + return -EINVAL; + } + if (*p != 0) { + log_error("[%s:%u] Trailing garbage.", fname, line); + return -EINVAL; } + /* Verify action */ if (strlen(action) != 1) { log_error("[%s:%u] Unknown modifier '%s'", fname, line, action); return -EINVAL; } - if (!IN_SET(action[0], ADD_USER, ADD_GROUP, ADD_MEMBER)) { + if (!IN_SET(action[0], ADD_USER, ADD_GROUP, ADD_MEMBER, ADD_RANGE)) { log_error("[%s:%u] Unknown command command type '%c'.", fname, line, action[0]); return -EBADMSG; } - r = specifier_printf(name, specifier_table, NULL, &resolved_name); - if (r < 0) { - log_error("[%s:%u] Failed to replace specifiers: %s", fname, line, name); - return r; + /* Verify name */ + if (isempty(name) || streq(name, "-")) { + free(name); + name = NULL; } - if (!valid_user_group_name(resolved_name)) { - log_error("[%s:%u] '%s' is not a valid user or group name.", fname, line, resolved_name); - return -EINVAL; + if (name) { + r = specifier_printf(name, specifier_table, NULL, &resolved_name); + if (r < 0) { + log_error("[%s:%u] Failed to replace specifiers: %s", fname, line, name); + return r; + } + + if (!valid_user_group_name(resolved_name)) { + log_error("[%s:%u] '%s' is not a valid user or group name.", fname, line, resolved_name); + return -EINVAL; + } + } + + /* Verify id */ + if (isempty(id) || streq(id, "-")) { + free(id); + id = NULL; + } + + if (id) { + r = specifier_printf(id, specifier_table, NULL, &resolved_id); + if (r < 0) { + log_error("[%s:%u] Failed to replace specifiers: %s", fname, line, name); + return r; + } + } + + /* Verify description */ + if (isempty(description) || streq(description, "-")) { + free(description); + description = NULL; + } + + if (description) { + if (!valid_gecos(description)) { + log_error("[%s:%u] '%s' is not a valid GECOS field.", fname, line, description); + return -EINVAL; + } } - if (n >= 0) { - n += strspn(buffer+n, WHITESPACE); + /* Verify home */ + if (isempty(home) || streq(home, "-")) { + free(home); + home = NULL; + } - if (STR_IN_SET(buffer + n, "", "-")) - n = -1; + if (home) { + if (!valid_home(home)) { + log_error("[%s:%u] '%s' is not a valid home directory field.", fname, line, home); + return -EINVAL; + } } switch (action[0]) { - case ADD_MEMBER: { - _cleanup_free_ char *resolved_id = NULL; - char **l; + case ADD_RANGE: + if (resolved_name) { + log_error("[%s:%u] Lines of type 'r' don't take a name field.", fname, line); + return -EINVAL; + } - r = hashmap_ensure_allocated(&members, string_hash_func, string_compare_func); - if (r < 0) - return log_oom(); + if (!resolved_id) { + log_error("[%s:%u] Lines of type 'r' require a ID range in the third field.", fname, line); + return -EINVAL; + } - /* Try to extend an existing member or group item */ + if (description) { + log_error("[%s:%u] Lines of type 'r' don't take a GECOS field.", fname, line); + return -EINVAL; + } - if (!id || streq(id, "-")) { - log_error("[%s:%u] Lines of type 'm' require a group name in the third field.", fname, line); + if (home) { + log_error("[%s:%u] Lines of type 'r' don't take a home directory field.", fname, line); return -EINVAL; } - r = specifier_printf(id, specifier_table, NULL, &resolved_id); + r = uid_range_add_str(&uid_range, &n_uid_range, resolved_id); if (r < 0) { - log_error("[%s:%u] Failed to replace specifiers: %s", fname, line, name); - return r; + log_error("[%s:%u] Invalid UID range %s.", fname, line, resolved_id); + return -EINVAL; + } + + return 0; + + case ADD_MEMBER: { + char **l; + + /* Try to extend an existing member or group item */ + if (!name) { + log_error("[%s:%u] Lines of type 'm' require a user name in the second field.", fname, line); + return -EINVAL; + } + + if (!resolved_id) { + log_error("[%s:%u] Lines of type 'm' require a group name in the third field.", fname, line); + return -EINVAL; } if (!valid_user_group_name(resolved_id)) { @@ -1430,11 +1553,20 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) { return -EINVAL; } - if (n >= 0) { + if (description) { log_error("[%s:%u] Lines of type 'm' don't take a GECOS field.", fname, line); return -EINVAL; } + if (home) { + log_error("[%s:%u] Lines of type 'm' don't take a home directory field.", fname, line); + return -EINVAL; + } + + r = hashmap_ensure_allocated(&members, &string_hash_ops); + if (r < 0) + return log_oom(); + l = hashmap_get(members, resolved_id); if (l) { /* A list for this group name already exists, let's append to it */ @@ -1468,7 +1600,12 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) { } case ADD_USER: - r = hashmap_ensure_allocated(&users, string_hash_func, string_compare_func); + if (!name) { + log_error("[%s:%u] Lines of type 'u' require a user name in the second field.", fname, line); + return -EINVAL; + } + + r = hashmap_ensure_allocated(&users, &string_hash_ops); if (r < 0) return log_oom(); @@ -1476,17 +1613,14 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) { if (!i) return log_oom(); - if (id && !streq(id, "-")) { - - if (path_is_absolute(id)) { - i->uid_path = strdup(id); - if (!i->uid_path) - return log_oom(); + if (resolved_id) { + if (path_is_absolute(resolved_id)) { + i->uid_path = resolved_id; + resolved_id = NULL; path_kill_slashes(i->uid_path); - } else { - r = parse_uid(id, &i->uid); + r = parse_uid(resolved_id, &i->uid); if (r < 0) { log_error("Failed to parse UID: %s", id); return -EBADMSG; @@ -1496,44 +1630,47 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) { } } - if (n >= 0) { - i->description = unquote(buffer+n, "\""); - if (!i->description) - return log_oom(); + i->description = description; + description = NULL; - if (!valid_gecos(i->description)) { - log_error("[%s:%u] '%s' is not a valid GECOS field.", fname, line, i->description); - return -EINVAL; - } - } + i->home = home; + home = NULL; h = users; break; case ADD_GROUP: - r = hashmap_ensure_allocated(&groups, string_hash_func, string_compare_func); - if (r < 0) - return log_oom(); + if (!name) { + log_error("[%s:%u] Lines of type 'g' require a user name in the second field.", fname, line); + return -EINVAL; + } - if (n >= 0) { + if (description) { log_error("[%s:%u] Lines of type 'g' don't take a GECOS field.", fname, line); return -EINVAL; } + if (home) { + log_error("[%s:%u] Lines of type 'g' don't take a home directory field.", fname, line); + return -EINVAL; + } + + r = hashmap_ensure_allocated(&groups, &string_hash_ops); + if (r < 0) + return log_oom(); + i = new0(Item, 1); if (!i) return log_oom(); - if (id && !streq(id, "-")) { - - if (path_is_absolute(id)) { - i->gid_path = strdup(id); - if (!i->gid_path) - return log_oom(); + if (resolved_id) { + if (path_is_absolute(resolved_id)) { + i->gid_path = resolved_id; + resolved_id = NULL; path_kill_slashes(i->gid_path); } else { - r = parse_gid(id, &i->gid); + r = parse_gid(resolved_id, &i->gid); if (r < 0) { log_error("Failed to parse GID: %s", id); return -EBADMSG; @@ -1543,9 +1680,9 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) { } } - h = groups; break; + default: return -EBADMSG; } @@ -1577,7 +1714,7 @@ static int read_config_file(const char *fn, bool ignore_enoent) { FILE *f = NULL; char line[LINE_MAX]; unsigned v = 0; - int r; + int r = 0; assert(fn); @@ -1719,7 +1856,7 @@ int main(int argc, char *argv[]) { umask(0022); - r = label_init(NULL); + r = mac_selinux_init(NULL); if (r < 0) { log_error("SELinux setup failed: %s", strerror(-r)); goto finish; @@ -1750,6 +1887,15 @@ int main(int argc, char *argv[]) { } } + if (!uid_range) { + /* Default to default range of 1..SYSTEMD_UID_MAX */ + r = uid_range_add(&uid_range, &n_uid_range, 1, SYSTEM_UID_MAX); + if (r < 0) { + log_oom(); + goto finish; + } + } + r = add_implicit(); if (r < 0) goto finish;