2017-11-18 17:09:20 +01:00
|
|
|
/* SPDX-License-Identifier: LGPL-2.1+ */
|
2014-07-11 03:15:21 +02:00
|
|
|
|
|
|
|
#include <netdb.h>
|
2015-10-24 22:58:24 +02:00
|
|
|
#include <nss.h>
|
2014-07-11 03:15:21 +02:00
|
|
|
|
|
|
|
#include "sd-bus.h"
|
|
|
|
#include "sd-login.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
|
2015-10-27 03:01:06 +01:00
|
|
|
#include "alloc-util.h"
|
2015-07-09 19:46:20 +02:00
|
|
|
#include "bus-common-errors.h"
|
2016-08-19 00:35:05 +02:00
|
|
|
#include "env-util.h"
|
2019-03-14 12:24:39 +01:00
|
|
|
#include "errno-util.h"
|
2019-03-27 11:32:41 +01:00
|
|
|
#include "format-util.h"
|
2015-08-23 14:30:52 +02:00
|
|
|
#include "hostname-util.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
#include "in-addr-util.h"
|
|
|
|
#include "macro.h"
|
2019-03-13 12:02:21 +01:00
|
|
|
#include "memory-util.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
#include "nss-util.h"
|
2016-01-26 22:34:46 +01:00
|
|
|
#include "signal-util.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
#include "string-util.h"
|
2015-10-25 22:32:30 +01:00
|
|
|
#include "user-util.h"
|
2014-07-11 03:15:21 +02:00
|
|
|
|
|
|
|
NSS_GETHOSTBYNAME_PROTOTYPES(mymachines);
|
2015-07-09 19:46:20 +02:00
|
|
|
NSS_GETPW_PROTOTYPES(mymachines);
|
|
|
|
NSS_GETGR_PROTOTYPES(mymachines);
|
2014-07-11 03:15:21 +02:00
|
|
|
|
2016-02-10 22:58:41 +01:00
|
|
|
#define HOST_UID_LIMIT ((uid_t) UINT32_C(0x10000))
|
|
|
|
#define HOST_GID_LIMIT ((gid_t) UINT32_C(0x10000))
|
|
|
|
|
2014-07-18 16:09:30 +02:00
|
|
|
static int count_addresses(sd_bus_message *m, int af, unsigned *ret) {
|
2014-07-11 03:15:21 +02:00
|
|
|
unsigned c = 0;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(m);
|
|
|
|
assert(ret);
|
|
|
|
|
2014-08-04 19:05:06 +02:00
|
|
|
while ((r = sd_bus_message_enter_container(m, 'r', "iay")) > 0) {
|
2014-07-18 16:09:30 +02:00
|
|
|
int family;
|
2014-07-11 03:15:21 +02:00
|
|
|
|
2014-07-18 16:09:30 +02:00
|
|
|
r = sd_bus_message_read(m, "i", &family);
|
2014-07-11 03:15:21 +02:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
r = sd_bus_message_skip(m, "ay");
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
r = sd_bus_message_exit_container(m);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
if (af != AF_UNSPEC && family != af)
|
|
|
|
continue;
|
|
|
|
|
2016-02-23 05:32:04 +01:00
|
|
|
c++;
|
2014-07-11 03:15:21 +02:00
|
|
|
}
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
r = sd_bus_message_rewind(m, false);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
*ret = c;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2018-07-04 15:37:03 +02:00
|
|
|
static bool avoid_deadlock(void) {
|
|
|
|
|
|
|
|
/* Check whether this lookup might have a chance of deadlocking because we are called from the service manager
|
|
|
|
* code activating systemd-machined.service. After all, we shouldn't synchronously do lookups to
|
|
|
|
* systemd-machined if we are required to finish before it can be started. This of course won't detect all
|
|
|
|
* possible dead locks of this kind, but it should work for the most obvious cases. */
|
|
|
|
|
|
|
|
if (geteuid() != 0) /* Ignore the env vars unless we are privileged. */
|
|
|
|
return false;
|
|
|
|
|
|
|
|
return streq_ptr(getenv("SYSTEMD_ACTIVATION_UNIT"), "systemd-machined.service") &&
|
|
|
|
streq_ptr(getenv("SYSTEMD_ACTIVATION_SCOPE"), "system");
|
|
|
|
}
|
|
|
|
|
2014-07-11 03:15:21 +02:00
|
|
|
enum nss_status _nss_mymachines_gethostbyname4_r(
|
|
|
|
const char *name,
|
|
|
|
struct gaih_addrtuple **pat,
|
|
|
|
char *buffer, size_t buflen,
|
|
|
|
int *errnop, int *h_errnop,
|
|
|
|
int32_t *ttlp) {
|
|
|
|
|
|
|
|
struct gaih_addrtuple *r_tuple, *r_tuple_first = NULL;
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_message_unrefp) sd_bus_message* reply = NULL;
|
|
|
|
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
|
2014-07-17 01:48:40 +02:00
|
|
|
_cleanup_free_ int *ifindices = NULL;
|
2014-07-11 03:15:21 +02:00
|
|
|
_cleanup_free_ char *class = NULL;
|
|
|
|
size_t l, ms, idx;
|
|
|
|
unsigned i = 0, c = 0;
|
|
|
|
char *r_name;
|
2014-07-17 01:48:40 +02:00
|
|
|
int n_ifindices, r;
|
2014-07-11 03:15:21 +02:00
|
|
|
|
2018-07-15 16:00:00 +02:00
|
|
|
PROTECT_ERRNO;
|
2016-01-26 22:34:46 +01:00
|
|
|
BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
|
|
|
|
|
2014-07-11 03:15:21 +02:00
|
|
|
assert(name);
|
|
|
|
assert(pat);
|
|
|
|
assert(buffer);
|
|
|
|
assert(errnop);
|
|
|
|
assert(h_errnop);
|
|
|
|
|
|
|
|
r = sd_machine_get_class(name, &class);
|
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
if (!streq(class, "container")) {
|
|
|
|
r = -ENOTTY;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2014-07-17 01:48:40 +02:00
|
|
|
n_ifindices = sd_machine_get_ifindices(name, &ifindices);
|
|
|
|
if (n_ifindices < 0) {
|
|
|
|
r = n_ifindices;
|
2014-07-11 03:15:21 +02:00
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2018-07-04 15:37:03 +02:00
|
|
|
if (avoid_deadlock()) {
|
|
|
|
r = -EDEADLK;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2014-07-11 03:15:21 +02:00
|
|
|
r = sd_bus_open_system(&bus);
|
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
r = sd_bus_call_method(bus,
|
|
|
|
"org.freedesktop.machine1",
|
|
|
|
"/org/freedesktop/machine1",
|
|
|
|
"org.freedesktop.machine1.Manager",
|
|
|
|
"GetMachineAddresses",
|
|
|
|
NULL,
|
|
|
|
&reply,
|
|
|
|
"s", name);
|
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
2014-07-18 16:09:30 +02:00
|
|
|
r = sd_bus_message_enter_container(reply, 'a', "(iay)");
|
2014-07-11 03:15:21 +02:00
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
r = count_addresses(reply, AF_UNSPEC, &c);
|
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
if (c <= 0) {
|
|
|
|
*h_errnop = HOST_NOT_FOUND;
|
|
|
|
return NSS_STATUS_NOTFOUND;
|
|
|
|
}
|
|
|
|
|
|
|
|
l = strlen(name);
|
|
|
|
ms = ALIGN(l+1) + ALIGN(sizeof(struct gaih_addrtuple)) * c;
|
|
|
|
if (buflen < ms) {
|
2019-01-18 20:13:55 +01:00
|
|
|
UNPROTECT_ERRNO;
|
2019-01-10 16:09:52 +01:00
|
|
|
*errnop = ERANGE;
|
2017-02-16 21:29:09 +01:00
|
|
|
*h_errnop = NETDB_INTERNAL;
|
2014-07-11 03:15:21 +02:00
|
|
|
return NSS_STATUS_TRYAGAIN;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* First, append name */
|
|
|
|
r_name = buffer;
|
|
|
|
memcpy(r_name, name, l+1);
|
|
|
|
idx = ALIGN(l+1);
|
|
|
|
|
|
|
|
/* Second, append addresses */
|
|
|
|
r_tuple_first = (struct gaih_addrtuple*) (buffer + idx);
|
2014-07-18 16:09:30 +02:00
|
|
|
while ((r = sd_bus_message_enter_container(reply, 'r', "iay")) > 0) {
|
|
|
|
int family;
|
2014-07-11 03:15:21 +02:00
|
|
|
const void *a;
|
|
|
|
size_t sz;
|
|
|
|
|
2014-07-18 16:09:30 +02:00
|
|
|
r = sd_bus_message_read(reply, "i", &family);
|
2014-07-11 03:15:21 +02:00
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
r = sd_bus_message_read_array(reply, 'y', &a, &sz);
|
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
r = sd_bus_message_exit_container(reply);
|
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
2014-07-16 03:30:40 +02:00
|
|
|
if (!IN_SET(family, AF_INET, AF_INET6)) {
|
|
|
|
r = -EAFNOSUPPORT;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2014-07-18 02:36:10 +02:00
|
|
|
if (sz != FAMILY_ADDRESS_SIZE(family)) {
|
2014-07-11 03:15:21 +02:00
|
|
|
r = -EINVAL;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
r_tuple = (struct gaih_addrtuple*) (buffer + idx);
|
|
|
|
r_tuple->next = i == c-1 ? NULL : (struct gaih_addrtuple*) ((char*) r_tuple + ALIGN(sizeof(struct gaih_addrtuple)));
|
|
|
|
r_tuple->name = r_name;
|
|
|
|
r_tuple->family = family;
|
2014-07-17 01:48:40 +02:00
|
|
|
r_tuple->scopeid = n_ifindices == 1 ? ifindices[0] : 0;
|
2014-07-11 03:15:21 +02:00
|
|
|
memcpy(r_tuple->addr, a, sz);
|
|
|
|
|
|
|
|
idx += ALIGN(sizeof(struct gaih_addrtuple));
|
|
|
|
i++;
|
|
|
|
}
|
|
|
|
|
|
|
|
assert(i == c);
|
|
|
|
|
|
|
|
r = sd_bus_message_exit_container(reply);
|
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
assert(idx == ms);
|
|
|
|
|
|
|
|
if (*pat)
|
|
|
|
**pat = *r_tuple_first;
|
|
|
|
else
|
|
|
|
*pat = r_tuple_first;
|
|
|
|
|
|
|
|
if (ttlp)
|
|
|
|
*ttlp = 0;
|
|
|
|
|
2018-07-15 16:00:00 +02:00
|
|
|
/* Explicitly reset both *h_errnop and h_errno to work around
|
|
|
|
* https://bugzilla.redhat.com/show_bug.cgi?id=1125975 */
|
2014-08-01 16:01:12 +02:00
|
|
|
*h_errnop = NETDB_SUCCESS;
|
|
|
|
h_errno = 0;
|
|
|
|
|
2014-07-11 03:15:21 +02:00
|
|
|
return NSS_STATUS_SUCCESS;
|
|
|
|
|
|
|
|
fail:
|
2019-01-18 20:13:55 +01:00
|
|
|
UNPROTECT_ERRNO;
|
2019-01-10 16:09:52 +01:00
|
|
|
*errnop = -r;
|
2019-04-10 21:56:37 +02:00
|
|
|
*h_errnop = NO_RECOVERY;
|
2014-07-11 03:15:21 +02:00
|
|
|
return NSS_STATUS_UNAVAIL;
|
|
|
|
}
|
|
|
|
|
|
|
|
enum nss_status _nss_mymachines_gethostbyname3_r(
|
|
|
|
const char *name,
|
|
|
|
int af,
|
|
|
|
struct hostent *result,
|
|
|
|
char *buffer, size_t buflen,
|
|
|
|
int *errnop, int *h_errnop,
|
|
|
|
int32_t *ttlp,
|
|
|
|
char **canonp) {
|
|
|
|
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_message_unrefp) sd_bus_message* reply = NULL;
|
|
|
|
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
|
2014-07-11 03:15:21 +02:00
|
|
|
_cleanup_free_ char *class = NULL;
|
|
|
|
unsigned c = 0, i = 0;
|
|
|
|
char *r_name, *r_aliases, *r_addr, *r_addr_list;
|
|
|
|
size_t l, idx, ms, alen;
|
|
|
|
int r;
|
|
|
|
|
2018-07-15 16:00:00 +02:00
|
|
|
PROTECT_ERRNO;
|
2016-01-26 22:34:46 +01:00
|
|
|
BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
|
|
|
|
|
2014-07-11 03:15:21 +02:00
|
|
|
assert(name);
|
|
|
|
assert(result);
|
|
|
|
assert(buffer);
|
|
|
|
assert(errnop);
|
|
|
|
assert(h_errnop);
|
|
|
|
|
|
|
|
if (af == AF_UNSPEC)
|
|
|
|
af = AF_INET;
|
|
|
|
|
|
|
|
if (af != AF_INET && af != AF_INET6) {
|
|
|
|
r = -EAFNOSUPPORT;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
r = sd_machine_get_class(name, &class);
|
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
if (!streq(class, "container")) {
|
|
|
|
r = -ENOTTY;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2018-07-04 15:37:03 +02:00
|
|
|
if (avoid_deadlock()) {
|
|
|
|
r = -EDEADLK;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2014-07-11 03:15:21 +02:00
|
|
|
r = sd_bus_open_system(&bus);
|
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
r = sd_bus_call_method(bus,
|
|
|
|
"org.freedesktop.machine1",
|
|
|
|
"/org/freedesktop/machine1",
|
|
|
|
"org.freedesktop.machine1.Manager",
|
|
|
|
"GetMachineAddresses",
|
|
|
|
NULL,
|
|
|
|
&reply,
|
|
|
|
"s", name);
|
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
2014-07-18 16:09:30 +02:00
|
|
|
r = sd_bus_message_enter_container(reply, 'a', "(iay)");
|
2014-07-11 03:15:21 +02:00
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
r = count_addresses(reply, af, &c);
|
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
if (c <= 0) {
|
|
|
|
*h_errnop = HOST_NOT_FOUND;
|
|
|
|
return NSS_STATUS_NOTFOUND;
|
|
|
|
}
|
|
|
|
|
2014-07-18 02:36:10 +02:00
|
|
|
alen = FAMILY_ADDRESS_SIZE(af);
|
2014-07-11 03:15:21 +02:00
|
|
|
l = strlen(name);
|
|
|
|
|
2014-09-18 23:55:46 +02:00
|
|
|
ms = ALIGN(l+1) + c * ALIGN(alen) + (c+2) * sizeof(char*);
|
2014-07-11 03:15:21 +02:00
|
|
|
|
|
|
|
if (buflen < ms) {
|
2019-01-18 20:13:55 +01:00
|
|
|
UNPROTECT_ERRNO;
|
2019-01-10 16:09:52 +01:00
|
|
|
*errnop = ERANGE;
|
2017-02-16 21:29:09 +01:00
|
|
|
*h_errnop = NETDB_INTERNAL;
|
2014-07-11 03:15:21 +02:00
|
|
|
return NSS_STATUS_TRYAGAIN;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* First, append name */
|
|
|
|
r_name = buffer;
|
|
|
|
memcpy(r_name, name, l+1);
|
|
|
|
idx = ALIGN(l+1);
|
|
|
|
|
|
|
|
/* Second, create aliases array */
|
|
|
|
r_aliases = buffer + idx;
|
|
|
|
((char**) r_aliases)[0] = NULL;
|
|
|
|
idx += sizeof(char*);
|
|
|
|
|
|
|
|
/* Third, append addresses */
|
|
|
|
r_addr = buffer + idx;
|
2014-07-18 16:09:30 +02:00
|
|
|
while ((r = sd_bus_message_enter_container(reply, 'r', "iay")) > 0) {
|
|
|
|
int family;
|
2014-07-11 03:15:21 +02:00
|
|
|
const void *a;
|
|
|
|
size_t sz;
|
|
|
|
|
2014-07-18 16:09:30 +02:00
|
|
|
r = sd_bus_message_read(reply, "i", &family);
|
2014-07-11 03:15:21 +02:00
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
r = sd_bus_message_read_array(reply, 'y', &a, &sz);
|
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
r = sd_bus_message_exit_container(reply);
|
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
if (family != af)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (sz != alen) {
|
|
|
|
r = -EINVAL;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
memcpy(r_addr + i*ALIGN(alen), a, alen);
|
|
|
|
i++;
|
|
|
|
}
|
|
|
|
|
|
|
|
assert(i == c);
|
|
|
|
idx += c * ALIGN(alen);
|
|
|
|
|
|
|
|
r = sd_bus_message_exit_container(reply);
|
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
/* Third, append address pointer array */
|
|
|
|
r_addr_list = buffer + idx;
|
|
|
|
for (i = 0; i < c; i++)
|
|
|
|
((char**) r_addr_list)[i] = r_addr + i*ALIGN(alen);
|
|
|
|
|
|
|
|
((char**) r_addr_list)[i] = NULL;
|
|
|
|
idx += (c+1) * sizeof(char*);
|
|
|
|
|
|
|
|
assert(idx == ms);
|
|
|
|
|
|
|
|
result->h_name = r_name;
|
|
|
|
result->h_aliases = (char**) r_aliases;
|
|
|
|
result->h_addrtype = af;
|
|
|
|
result->h_length = alen;
|
|
|
|
result->h_addr_list = (char**) r_addr_list;
|
|
|
|
|
|
|
|
if (ttlp)
|
|
|
|
*ttlp = 0;
|
|
|
|
|
|
|
|
if (canonp)
|
|
|
|
*canonp = r_name;
|
|
|
|
|
2018-07-15 16:00:00 +02:00
|
|
|
/* Explicitly reset both *h_errnop and h_errno to work around
|
|
|
|
* https://bugzilla.redhat.com/show_bug.cgi?id=1125975 */
|
2014-08-01 16:01:12 +02:00
|
|
|
*h_errnop = NETDB_SUCCESS;
|
|
|
|
h_errno = 0;
|
|
|
|
|
2014-07-11 03:15:21 +02:00
|
|
|
return NSS_STATUS_SUCCESS;
|
|
|
|
|
|
|
|
fail:
|
2019-01-18 20:13:55 +01:00
|
|
|
UNPROTECT_ERRNO;
|
2019-01-10 16:09:52 +01:00
|
|
|
*errnop = -r;
|
2019-04-10 21:56:37 +02:00
|
|
|
*h_errnop = NO_RECOVERY;
|
2014-07-11 03:15:21 +02:00
|
|
|
return NSS_STATUS_UNAVAIL;
|
|
|
|
}
|
|
|
|
|
2015-07-09 19:46:20 +02:00
|
|
|
NSS_GETHOSTBYNAME_FALLBACKS(mymachines);
|
|
|
|
|
|
|
|
enum nss_status _nss_mymachines_getpwnam_r(
|
|
|
|
const char *name,
|
|
|
|
struct passwd *pwd,
|
|
|
|
char *buffer, size_t buflen,
|
|
|
|
int *errnop) {
|
|
|
|
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
|
|
|
_cleanup_(sd_bus_message_unrefp) sd_bus_message* reply = NULL;
|
|
|
|
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
|
2015-07-09 19:46:20 +02:00
|
|
|
const char *p, *e, *machine;
|
|
|
|
uint32_t mapped;
|
|
|
|
uid_t uid;
|
|
|
|
size_t l;
|
|
|
|
int r;
|
|
|
|
|
2018-07-15 16:00:00 +02:00
|
|
|
PROTECT_ERRNO;
|
2016-01-26 22:34:46 +01:00
|
|
|
BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
|
|
|
|
|
2015-07-09 19:46:20 +02:00
|
|
|
assert(name);
|
|
|
|
assert(pwd);
|
|
|
|
|
|
|
|
p = startswith(name, "vu-");
|
|
|
|
if (!p)
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2015-07-09 19:46:20 +02:00
|
|
|
|
|
|
|
e = strrchr(p, '-');
|
|
|
|
if (!e || e == p)
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2015-07-09 19:46:20 +02:00
|
|
|
|
2015-11-23 19:59:43 +01:00
|
|
|
if (e - p > HOST_NAME_MAX - 1) /* -1 for the last dash */
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2015-11-23 19:59:43 +01:00
|
|
|
|
2015-07-09 19:46:20 +02:00
|
|
|
r = parse_uid(e + 1, &uid);
|
|
|
|
if (r < 0)
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2015-07-09 19:46:20 +02:00
|
|
|
|
|
|
|
machine = strndupa(p, e - p);
|
|
|
|
if (!machine_name_is_valid(machine))
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2015-07-09 19:46:20 +02:00
|
|
|
|
2017-09-14 09:20:27 +02:00
|
|
|
if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0)
|
2016-08-19 00:35:05 +02:00
|
|
|
/* Make sure we can't deadlock if we are invoked by dbus-daemon. This way, it won't be able to resolve
|
|
|
|
* these UIDs, but that should be unproblematic as containers should never be able to connect to a bus
|
|
|
|
* running on the host. */
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2016-08-19 00:35:05 +02:00
|
|
|
|
2018-07-04 15:37:03 +02:00
|
|
|
if (avoid_deadlock()) {
|
|
|
|
r = -EDEADLK;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2015-07-09 19:46:20 +02:00
|
|
|
r = sd_bus_open_system(&bus);
|
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
r = sd_bus_call_method(bus,
|
|
|
|
"org.freedesktop.machine1",
|
|
|
|
"/org/freedesktop/machine1",
|
|
|
|
"org.freedesktop.machine1.Manager",
|
|
|
|
"MapFromMachineUser",
|
|
|
|
&error,
|
|
|
|
&reply,
|
|
|
|
"su",
|
|
|
|
machine, (uint32_t) uid);
|
|
|
|
if (r < 0) {
|
|
|
|
if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_USER_MAPPING))
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2015-07-09 19:46:20 +02:00
|
|
|
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
r = sd_bus_message_read(reply, "u", &mapped);
|
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
2016-02-10 22:58:41 +01:00
|
|
|
/* Refuse to work if the mapped address is in the host UID range, or if there was no mapping at all. */
|
|
|
|
if (mapped < HOST_UID_LIMIT || mapped == uid)
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2016-02-10 22:58:41 +01:00
|
|
|
|
2015-07-09 19:46:20 +02:00
|
|
|
l = strlen(name);
|
|
|
|
if (buflen < l+1) {
|
2019-01-18 20:13:55 +01:00
|
|
|
UNPROTECT_ERRNO;
|
2019-01-10 16:09:52 +01:00
|
|
|
*errnop = ERANGE;
|
2015-07-09 19:46:20 +02:00
|
|
|
return NSS_STATUS_TRYAGAIN;
|
|
|
|
}
|
|
|
|
|
|
|
|
memcpy(buffer, name, l+1);
|
|
|
|
|
|
|
|
pwd->pw_name = buffer;
|
|
|
|
pwd->pw_uid = mapped;
|
2017-12-04 17:06:56 +01:00
|
|
|
pwd->pw_gid = GID_NOBODY;
|
2015-07-09 19:46:20 +02:00
|
|
|
pwd->pw_gecos = buffer;
|
|
|
|
pwd->pw_passwd = (char*) "*"; /* locked */
|
|
|
|
pwd->pw_dir = (char*) "/";
|
|
|
|
pwd->pw_shell = (char*) "/sbin/nologin";
|
|
|
|
|
|
|
|
return NSS_STATUS_SUCCESS;
|
|
|
|
|
|
|
|
fail:
|
2019-01-18 20:13:55 +01:00
|
|
|
UNPROTECT_ERRNO;
|
2019-01-10 16:09:52 +01:00
|
|
|
*errnop = -r;
|
2015-07-09 19:46:20 +02:00
|
|
|
return NSS_STATUS_UNAVAIL;
|
|
|
|
}
|
|
|
|
|
|
|
|
enum nss_status _nss_mymachines_getpwuid_r(
|
|
|
|
uid_t uid,
|
|
|
|
struct passwd *pwd,
|
|
|
|
char *buffer, size_t buflen,
|
|
|
|
int *errnop) {
|
|
|
|
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
|
|
|
_cleanup_(sd_bus_message_unrefp) sd_bus_message* reply = NULL;
|
|
|
|
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
|
2018-06-19 07:09:13 +02:00
|
|
|
const char *machine;
|
2015-07-09 19:46:20 +02:00
|
|
|
uint32_t mapped;
|
|
|
|
int r;
|
|
|
|
|
2018-07-15 16:00:00 +02:00
|
|
|
PROTECT_ERRNO;
|
2016-01-26 22:34:46 +01:00
|
|
|
BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
|
|
|
|
|
nss: when we encounter an invalid user/group name or UID/GID, don't return EINVAL
It's not our business to validate invalid user/group names or UID/GID.
Ideally, libc would filter these out, but they don't, hence we have to
filter, but let's not propagate this as error, but simply as "not found"
to the caller.
User name rules are pretty vaguely defined, and the rules defined by
POSIX clash with reality quite heavily (for example, utmp doesn't offer
enough room for user name length, and /usr/bin/chown permits separating
user/group names by a single dot, even though POSIX allows dots being
used in user/group names themselves.) We enforce stricter rules than
POSIX for good reason, and hence in doing so we should not categorically
return EINVAL on stuff we don't consider valid, but other components
might.
Fixes: #4983
2016-12-27 17:59:38 +01:00
|
|
|
if (!uid_is_valid(uid))
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2015-07-09 19:46:20 +02:00
|
|
|
|
|
|
|
/* We consider all uids < 65536 host uids */
|
2016-02-10 22:58:41 +01:00
|
|
|
if (uid < HOST_UID_LIMIT)
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2015-07-09 19:46:20 +02:00
|
|
|
|
2017-09-14 09:20:27 +02:00
|
|
|
if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0)
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2016-08-19 00:35:05 +02:00
|
|
|
|
2018-07-04 15:37:03 +02:00
|
|
|
if (avoid_deadlock()) {
|
|
|
|
r = -EDEADLK;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2015-07-09 19:46:20 +02:00
|
|
|
r = sd_bus_open_system(&bus);
|
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
r = sd_bus_call_method(bus,
|
|
|
|
"org.freedesktop.machine1",
|
|
|
|
"/org/freedesktop/machine1",
|
|
|
|
"org.freedesktop.machine1.Manager",
|
|
|
|
"MapToMachineUser",
|
|
|
|
&error,
|
|
|
|
&reply,
|
|
|
|
"u",
|
|
|
|
(uint32_t) uid);
|
|
|
|
if (r < 0) {
|
|
|
|
if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_USER_MAPPING))
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2015-07-09 19:46:20 +02:00
|
|
|
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2018-06-19 07:09:13 +02:00
|
|
|
r = sd_bus_message_read(reply, "sou", &machine, NULL, &mapped);
|
2015-07-09 19:46:20 +02:00
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
2016-02-10 22:58:41 +01:00
|
|
|
if (mapped == uid)
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2016-02-10 22:58:41 +01:00
|
|
|
|
2015-07-09 19:46:20 +02:00
|
|
|
if (snprintf(buffer, buflen, "vu-%s-" UID_FMT, machine, (uid_t) mapped) >= (int) buflen) {
|
2019-01-18 20:13:55 +01:00
|
|
|
UNPROTECT_ERRNO;
|
2019-01-10 16:09:52 +01:00
|
|
|
*errnop = ERANGE;
|
2015-07-09 19:46:20 +02:00
|
|
|
return NSS_STATUS_TRYAGAIN;
|
|
|
|
}
|
|
|
|
|
|
|
|
pwd->pw_name = buffer;
|
|
|
|
pwd->pw_uid = uid;
|
2017-12-04 17:06:56 +01:00
|
|
|
pwd->pw_gid = GID_NOBODY;
|
2015-07-09 19:46:20 +02:00
|
|
|
pwd->pw_gecos = buffer;
|
|
|
|
pwd->pw_passwd = (char*) "*"; /* locked */
|
|
|
|
pwd->pw_dir = (char*) "/";
|
|
|
|
pwd->pw_shell = (char*) "/sbin/nologin";
|
|
|
|
|
|
|
|
return NSS_STATUS_SUCCESS;
|
|
|
|
|
|
|
|
fail:
|
2019-01-18 20:13:55 +01:00
|
|
|
UNPROTECT_ERRNO;
|
2019-01-10 16:09:52 +01:00
|
|
|
*errnop = -r;
|
2015-07-09 19:46:20 +02:00
|
|
|
return NSS_STATUS_UNAVAIL;
|
|
|
|
}
|
|
|
|
|
2018-02-06 09:08:38 +01:00
|
|
|
#pragma GCC diagnostic ignored "-Wsizeof-pointer-memaccess"
|
|
|
|
|
2015-07-09 19:46:20 +02:00
|
|
|
enum nss_status _nss_mymachines_getgrnam_r(
|
|
|
|
const char *name,
|
|
|
|
struct group *gr,
|
|
|
|
char *buffer, size_t buflen,
|
|
|
|
int *errnop) {
|
|
|
|
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
|
|
|
_cleanup_(sd_bus_message_unrefp) sd_bus_message* reply = NULL;
|
|
|
|
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
|
2015-07-09 19:46:20 +02:00
|
|
|
const char *p, *e, *machine;
|
|
|
|
uint32_t mapped;
|
|
|
|
uid_t gid;
|
|
|
|
size_t l;
|
|
|
|
int r;
|
|
|
|
|
2018-07-15 16:00:00 +02:00
|
|
|
PROTECT_ERRNO;
|
2016-01-26 22:34:46 +01:00
|
|
|
BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
|
|
|
|
|
2015-07-09 19:46:20 +02:00
|
|
|
assert(name);
|
|
|
|
assert(gr);
|
|
|
|
|
|
|
|
p = startswith(name, "vg-");
|
|
|
|
if (!p)
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2015-07-09 19:46:20 +02:00
|
|
|
|
|
|
|
e = strrchr(p, '-');
|
|
|
|
if (!e || e == p)
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2015-07-09 19:46:20 +02:00
|
|
|
|
2015-11-23 19:59:43 +01:00
|
|
|
if (e - p > HOST_NAME_MAX - 1) /* -1 for the last dash */
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2015-11-23 19:59:43 +01:00
|
|
|
|
2015-07-09 19:46:20 +02:00
|
|
|
r = parse_gid(e + 1, &gid);
|
|
|
|
if (r < 0)
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2015-07-09 19:46:20 +02:00
|
|
|
|
|
|
|
machine = strndupa(p, e - p);
|
|
|
|
if (!machine_name_is_valid(machine))
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2015-07-09 19:46:20 +02:00
|
|
|
|
2017-09-14 09:20:27 +02:00
|
|
|
if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0)
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2016-08-19 00:35:05 +02:00
|
|
|
|
2018-07-04 15:37:03 +02:00
|
|
|
if (avoid_deadlock()) {
|
|
|
|
r = -EDEADLK;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2015-07-09 19:46:20 +02:00
|
|
|
r = sd_bus_open_system(&bus);
|
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
r = sd_bus_call_method(bus,
|
|
|
|
"org.freedesktop.machine1",
|
|
|
|
"/org/freedesktop/machine1",
|
|
|
|
"org.freedesktop.machine1.Manager",
|
|
|
|
"MapFromMachineGroup",
|
|
|
|
&error,
|
|
|
|
&reply,
|
|
|
|
"su",
|
|
|
|
machine, (uint32_t) gid);
|
|
|
|
if (r < 0) {
|
|
|
|
if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_GROUP_MAPPING))
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2015-07-09 19:46:20 +02:00
|
|
|
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
r = sd_bus_message_read(reply, "u", &mapped);
|
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
2016-02-10 22:58:41 +01:00
|
|
|
if (mapped < HOST_GID_LIMIT || mapped == gid)
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2016-02-10 22:58:41 +01:00
|
|
|
|
2015-07-09 19:46:20 +02:00
|
|
|
l = sizeof(char*) + strlen(name) + 1;
|
|
|
|
if (buflen < l) {
|
2019-01-18 20:13:55 +01:00
|
|
|
UNPROTECT_ERRNO;
|
2019-01-10 16:09:52 +01:00
|
|
|
*errnop = ERANGE;
|
2015-07-09 19:46:20 +02:00
|
|
|
return NSS_STATUS_TRYAGAIN;
|
|
|
|
}
|
|
|
|
|
|
|
|
memzero(buffer, sizeof(char*));
|
|
|
|
strcpy(buffer + sizeof(char*), name);
|
|
|
|
|
|
|
|
gr->gr_name = buffer + sizeof(char*);
|
2018-06-08 14:09:44 +02:00
|
|
|
gr->gr_gid = mapped;
|
2015-07-09 19:46:20 +02:00
|
|
|
gr->gr_passwd = (char*) "*"; /* locked */
|
|
|
|
gr->gr_mem = (char**) buffer;
|
|
|
|
|
|
|
|
return NSS_STATUS_SUCCESS;
|
|
|
|
|
|
|
|
fail:
|
2019-01-18 20:13:55 +01:00
|
|
|
UNPROTECT_ERRNO;
|
2019-01-10 16:09:52 +01:00
|
|
|
*errnop = -r;
|
2015-07-09 19:46:20 +02:00
|
|
|
return NSS_STATUS_UNAVAIL;
|
|
|
|
}
|
|
|
|
|
|
|
|
enum nss_status _nss_mymachines_getgrgid_r(
|
|
|
|
gid_t gid,
|
|
|
|
struct group *gr,
|
|
|
|
char *buffer, size_t buflen,
|
|
|
|
int *errnop) {
|
|
|
|
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
|
|
|
_cleanup_(sd_bus_message_unrefp) sd_bus_message* reply = NULL;
|
|
|
|
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
|
2018-06-19 07:09:13 +02:00
|
|
|
const char *machine;
|
2015-07-09 19:46:20 +02:00
|
|
|
uint32_t mapped;
|
|
|
|
int r;
|
|
|
|
|
2018-07-15 16:00:00 +02:00
|
|
|
PROTECT_ERRNO;
|
2016-01-26 22:34:46 +01:00
|
|
|
BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
|
|
|
|
|
nss: when we encounter an invalid user/group name or UID/GID, don't return EINVAL
It's not our business to validate invalid user/group names or UID/GID.
Ideally, libc would filter these out, but they don't, hence we have to
filter, but let's not propagate this as error, but simply as "not found"
to the caller.
User name rules are pretty vaguely defined, and the rules defined by
POSIX clash with reality quite heavily (for example, utmp doesn't offer
enough room for user name length, and /usr/bin/chown permits separating
user/group names by a single dot, even though POSIX allows dots being
used in user/group names themselves.) We enforce stricter rules than
POSIX for good reason, and hence in doing so we should not categorically
return EINVAL on stuff we don't consider valid, but other components
might.
Fixes: #4983
2016-12-27 17:59:38 +01:00
|
|
|
if (!gid_is_valid(gid))
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2015-07-09 19:46:20 +02:00
|
|
|
|
|
|
|
/* We consider all gids < 65536 host gids */
|
2016-02-10 22:58:41 +01:00
|
|
|
if (gid < HOST_GID_LIMIT)
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2015-07-09 19:46:20 +02:00
|
|
|
|
2017-09-14 09:20:27 +02:00
|
|
|
if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0)
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2016-08-19 00:35:05 +02:00
|
|
|
|
2018-07-04 15:37:03 +02:00
|
|
|
if (avoid_deadlock()) {
|
|
|
|
r = -EDEADLK;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2015-07-09 19:46:20 +02:00
|
|
|
r = sd_bus_open_system(&bus);
|
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
r = sd_bus_call_method(bus,
|
|
|
|
"org.freedesktop.machine1",
|
|
|
|
"/org/freedesktop/machine1",
|
|
|
|
"org.freedesktop.machine1.Manager",
|
|
|
|
"MapToMachineGroup",
|
|
|
|
&error,
|
|
|
|
&reply,
|
|
|
|
"u",
|
|
|
|
(uint32_t) gid);
|
|
|
|
if (r < 0) {
|
|
|
|
if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_GROUP_MAPPING))
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2015-07-09 19:46:20 +02:00
|
|
|
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2018-06-19 07:09:13 +02:00
|
|
|
r = sd_bus_message_read(reply, "sou", &machine, NULL, &mapped);
|
2015-07-09 19:46:20 +02:00
|
|
|
if (r < 0)
|
|
|
|
goto fail;
|
|
|
|
|
2016-02-10 22:58:41 +01:00
|
|
|
if (mapped == gid)
|
2018-07-15 16:00:00 +02:00
|
|
|
return NSS_STATUS_NOTFOUND;
|
2016-02-10 22:58:41 +01:00
|
|
|
|
2015-07-09 19:46:20 +02:00
|
|
|
if (buflen < sizeof(char*) + 1) {
|
2019-01-18 20:13:55 +01:00
|
|
|
UNPROTECT_ERRNO;
|
2019-01-10 16:09:52 +01:00
|
|
|
*errnop = ERANGE;
|
2015-07-09 19:46:20 +02:00
|
|
|
return NSS_STATUS_TRYAGAIN;
|
|
|
|
}
|
|
|
|
|
|
|
|
memzero(buffer, sizeof(char*));
|
|
|
|
if (snprintf(buffer + sizeof(char*), buflen - sizeof(char*), "vg-%s-" GID_FMT, machine, (gid_t) mapped) >= (int) buflen) {
|
2019-01-18 20:13:55 +01:00
|
|
|
UNPROTECT_ERRNO;
|
2019-01-10 16:09:52 +01:00
|
|
|
*errnop = ERANGE;
|
2015-07-09 19:46:20 +02:00
|
|
|
return NSS_STATUS_TRYAGAIN;
|
|
|
|
}
|
|
|
|
|
|
|
|
gr->gr_name = buffer + sizeof(char*);
|
|
|
|
gr->gr_gid = gid;
|
|
|
|
gr->gr_passwd = (char*) "*"; /* locked */
|
|
|
|
gr->gr_mem = (char**) buffer;
|
|
|
|
|
|
|
|
return NSS_STATUS_SUCCESS;
|
|
|
|
|
|
|
|
fail:
|
2019-01-18 20:13:55 +01:00
|
|
|
UNPROTECT_ERRNO;
|
2019-01-10 16:09:52 +01:00
|
|
|
*errnop = -r;
|
2015-07-09 19:46:20 +02:00
|
|
|
return NSS_STATUS_UNAVAIL;
|
|
|
|
}
|