nspawn: Move the get_user_creds from execute.c to utils.c for later usage in nspawn.c.
This commit is contained in:
Michal Vyskocil
Lennart Poettering
parent
bde7f90721
commit
1cccf43569
|
|
@ -579,52 +579,6 @@ static int get_group_creds(const char *groupname, gid_t *gid) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int get_user_creds(const char **username, uid_t *uid, gid_t *gid, const char **home) {
|
||||
struct passwd *p;
|
||||
unsigned long lu;
|
||||
|
||||
assert(username);
|
||||
assert(*username);
|
||||
assert(uid);
|
||||
assert(gid);
|
||||
assert(home);
|
||||
|
||||
/* We enforce some special rules for uid=0: in order to avoid
|
||||
* NSS lookups for root we hardcode its data. */
|
||||
|
||||
if (streq(*username, "root") || streq(*username, "0")) {
|
||||
*username = "root";
|
||||
*uid = 0;
|
||||
*gid = 0;
|
||||
*home = "/root";
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (safe_atolu(*username, &lu) >= 0) {
|
||||
errno = 0;
|
||||
p = getpwuid((uid_t) lu);
|
||||
|
||||
/* If there are multiple users with the same id, make
|
||||
* sure to leave $USER to the configured value instead
|
||||
* of the first occurrence in the database. However if
|
||||
* the uid was configured by a numeric uid, then let's
|
||||
* pick the real username from /etc/passwd. */
|
||||
if (*username && p)
|
||||
*username = p->pw_name;
|
||||
} else {
|
||||
errno = 0;
|
||||
p = getpwnam(*username);
|
||||
}
|
||||
|
||||
if (!p)
|
||||
return errno != 0 ? -errno : -ESRCH;
|
||||
|
||||
*uid = p->pw_uid;
|
||||
*gid = p->pw_gid;
|
||||
*home = p->pw_dir;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int enforce_groups(const ExecContext *context, const char *username, gid_t gid) {
|
||||
bool keep_groups = false;
|
||||
int r;
|
||||
|
|
|
|||
46
src/util.c
46
src/util.c
|
|
@ -5188,6 +5188,52 @@ int socket_from_display(const char *display, char **path) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
int get_user_creds(const char **username, uid_t *uid, gid_t *gid, const char **home) {
|
||||
struct passwd *p;
|
||||
unsigned long lu;
|
||||
|
||||
assert(username);
|
||||
assert(*username);
|
||||
assert(uid);
|
||||
assert(gid);
|
||||
assert(home);
|
||||
|
||||
/* We enforce some special rules for uid=0: in order to avoid
|
||||
* NSS lookups for root we hardcode its data. */
|
||||
|
||||
if (streq(*username, "root") || streq(*username, "0")) {
|
||||
*username = "root";
|
||||
*uid = 0;
|
||||
*gid = 0;
|
||||
*home = "/root";
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (safe_atolu(*username, &lu) >= 0) {
|
||||
errno = 0;
|
||||
p = getpwuid((uid_t) lu);
|
||||
|
||||
/* If there are multiple users with the same id, make
|
||||
* sure to leave $USER to the configured value instead
|
||||
* of the first occurrence in the database. However if
|
||||
* the uid was configured by a numeric uid, then let's
|
||||
* pick the real username from /etc/passwd. */
|
||||
if (p)
|
||||
*username = p->pw_name;
|
||||
} else {
|
||||
errno = 0;
|
||||
p = getpwnam(*username);
|
||||
}
|
||||
|
||||
if (!p)
|
||||
return errno != 0 ? -errno : -ESRCH;
|
||||
|
||||
*uid = p->pw_uid;
|
||||
*gid = p->pw_gid;
|
||||
*home = p->pw_dir;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static const char *const ioprio_class_table[] = {
|
||||
[IOPRIO_CLASS_NONE] = "none",
|
||||
[IOPRIO_CLASS_RT] = "realtime",
|
||||
|
|
|
|||
|
|
@ -445,6 +445,8 @@ int audit_session_from_pid(pid_t pid, uint32_t *id);
|
|||
bool display_is_local(const char *display);
|
||||
int socket_from_display(const char *display, char **path);
|
||||
|
||||
int get_user_creds(const char **username, uid_t *uid, gid_t *gid, const char **home);
|
||||
|
||||
#define NULSTR_FOREACH(i, l) \
|
||||
for ((i) = (l); (i) && *(i); (i) = strchr((i), 0)+1)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue