summaryrefslogtreecommitdiffstats
path: root/src/sysusers (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Move and rename parse_path_argument() functionZbigniew Jędrzejewski-Szmek2021-02-151-2/+3
| | | | | This fits better in shared/, and the new parse-argument.c file is a good home for it.
* tree-wide: enable colorized logging for daemons when run in consoleYu Watanabe2021-01-311-1/+1
| | | | It may be useful when debugging daemons.
* tree-wide: Drop custom formatting for print() help messagesDaan De Meyer2021-01-311-4/+3
| | | | | | | | | | | | I think this formatting was originally used because it simplified adding new options to the help messages. However, these days, most tools their help message end with "\nSee the %s for details.\n" so the final line almost never has to be edited which eliminates the benefit of the custom formatting used for printf() help messages. Let's make things more consistent and use the same formatting for printf() help messages that we use everywhere else. Prompted by https://github.com/systemd/systemd/pull/18355#discussion_r567241580
* sysusers: flush nscd's caches whenever /etc/{passwd,group} are modifiedFranck Bui2021-01-261-0/+7
|
* Merge pull request #18294 from ssahani/net-2Yu Watanabe2021-01-191-10/+12
|\ | | | | tree wide use ensure_put
| * sysusers: use ordered_hashmap_ensure_putSusant Sahani2021-01-191-10/+12
| |
* | sysusers: use ordered_hashmap_ensure_putSusant Sahani2021-01-181-14/+10
|/
* specifiers: introduce common macros for generating specifier tablesLennart Poettering2020-11-251-12/+2
| | | | | | | | | | | | | In many cases the tables are largely the same, hence define a common set of macros to generate the common parts. This adds in a couple of missing specifiers here and there, so is more thant just refactoring: it actually fixes accidental omissions. Note that some entries that look like they could be unified under these macros can't really be unified, since they are slightly different. For example in the DNSSD service logic we want to use the DNSSD hostname for %H rather than the unmodified kernel one.
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* tmpfiles,sysusers: disable --image= support in standalone versionsZbigniew Jędrzejewski-Szmek2020-10-091-0/+11
| | | | Fixes #17278.
* Merge pull request #17172 from keszybz/read-login-defsLennart Poettering2020-10-021-3/+46
|\ | | | | Read /etc/login.defs
| * sysusers: emit warnings about login.defs overrides on first user or group ↵Zbigniew Jędrzejewski-Szmek2020-10-011-5/+32
| | | | | | | | | | | | | | | | creation *** Running /home/zbyszek/src/systemd-work/test/test-sysusers/test-14.input (with login.defs symlinked) login.defs specifies UID allocation range 401–555 that is different than the built-in defaults (201–998) login.defs specifies GID allocation range 405–666 that is different than the built-in defaults (201–990)
| * sysusers: look at login.defs when setting the default range to allocate usersZbigniew Jędrzejewski-Szmek2020-10-011-3/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | Also, even if login.defs are not present, don't start allocating at 1, but at SYSTEM_UID_MIN. Fixes #9769. The test is adjusted. Actually, it was busted before, because sysusers would never use SYSTEM_GID_MIN, so if SYSTEM_GID_MIN was different than SYSTEM_UID_MIN, the tests would fail. On all "normal" systems the two are equal, so we didn't notice. Since sysusers now always uses the minimum of the two, we only need to substitute one value.
* | sysusers: use "!*" instead of "!!" as an invalid group passwordnl67202020-09-301-1/+1
|/ | | | | | This basically implements fc58c0c7bf7e4f525b916e3e5be0de2307fef04e for gshadow. gpasswd may not have a lock/unlock that behaves the same as passwd, but according to gshadow(5) the logic of the password field is the same.
* sysusers: modernize file backup logic a bitLennart Poettering2020-09-231-24/+21
| | | | | Let's use _cleanup_ magic to clean up files, let's fully operate by fds whenever we can.
* tree-wide: define iterator inside of the macroZbigniew Jędrzejewski-Szmek2020-09-081-13/+7
|
* sysusers: add support for a --image= switchLennart Poettering2020-08-051-1/+37
|
* Make failures of mac_selinux_init() fatalChristian Göttsche2020-06-231-1/+1
|
* fileio: Rename rename_and_apply_smack to rename_and_apply_smack_floor_label.Daan De Meyer2020-05-271-4/+4
|
* fileio: Refactor sync_rights to take fds as argumentsDaan De Meyer2020-05-271-4/+4
|
* sysusers: Move sync_rights and rename_and_apply_smack to basicDaan De Meyer2020-05-271-22/+0
|
* Merge pull request #15718 from poettering/tmpfiles-offlineZbigniew Jędrzejewski-Szmek2020-05-081-1/+1
|\ | | | | tmpfiles: read /etc/passwd + /etc/group with fgetpwent()/fgetgrent() if --root= is specified
| * sysusers/tmpfiles: use --root=/ as way to force offline operation (i.e. ↵Lennart Poettering2020-05-071-1/+1
| | | | | | | | without NSS)
* | Add %l as specifier for the hostname without any domain componentZbigniew Jędrzejewski-Szmek2020-05-071-11/+12
|/ | | | | | | | | As described in #15603, it is a fairly common setup to use a fqdn as the configured hostname. But it is often convenient to use just the actual hostname, i.e. until the first dot. This adds support in tmpfiles, sysusers, and unit files for %l which expands to that. Fixes #15603.
* sysusers: be extra careful when locking accountsLennart Poettering2020-05-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Let's use "!*" instead of "!!" as invalid password string. Generally, any invalid password string can be used to for locking an account, according to shadow(5). To temporarily lock a password of an account it is commonly implemented to prefix the original password with a single "!", so that it can later on be unlocked again by removing the "!", restoring the original password. Thus, the "!" marker is an indicator for a locked password; the act of prefixing "!" to a password string is the locking operation; and the removal of a "!" prefix is the unlock operation. (This is also suggested in shadow(5)). If we want to entirely lock an account we previously used "!!" as password string. This is nice since it indicates the password is locked. However, it is less than ideal, since applying the password unlock operation once will change the string to "!", which is still a locked password. Unlocking the password a second time will result in "", i.e. the empty password, which will in many cases allow logging in without password. And that's a problem. Hopefully, tools do not allow such duplicate unlocking, but it's still not a nice property. By changing our password string to "!*" we get different behaviour: the password will appear locked. When it is unlocked the password is "*" which is an invalid password. In that case the password is hence unlocked but invalid, which is a much better state to be in than the above. This is paranoia hardening. Not more. There's no report that anyone every unlocked an account twice and people could log in.
* tree-wide: support a bunch of additional specifiersLennart Poettering2020-04-281-0/+5
|
* sysusers,tmpfiles: always mention error when failing to replace specifiersLennart Poettering2020-04-231-5/+5
|
* sysusers: add accidentally forgotten 'return'Lennart Poettering2020-04-231-1/+1
|
* user-util: rework how we validate user namesLennart Poettering2020-04-081-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | This reworks the user validation infrastructure. There are now two modes. In regular mode we are strict and test against a strict set of valid chars. And in "relaxed" mode we just filter out some really obvious, dangerous stuff. i.e. strict is whitelisting what is OK, but "relaxed" is blacklisting what is really not OK. The idea is that we use strict mode whenver we allocate a new user (i.e. in sysusers.d or homed), while "relaxed" mode is when we process users registered elsewhere, (i.e. userdb, logind, …) The requirements on user name validity vary wildly. SSSD thinks its fine to embedd "@" for example, while the suggested NAME_REGEX field on Debian does not even allow uppercase chars… This effectively liberaralizes a lot what we expect from usernames. The code that warns about questionnable user names is now optional and only used at places such as unit file parsing, so that it doesn't show up on every userdb query, but only when processing configuration files that know better. Fixes: #15149 #15090
* sysusers: do not require /proc to be mountedZbigniew Jędrzejewski-Szmek2020-03-031-11/+11
| | | | | | We're operating on known paths in root-owned directories here, so the detour through toctou-safe methods that require /proc to be mounted is not necessary. Should fix https://bugzilla.redhat.com/show_bug.cgi?id=1807768.
* sysusers: many different errnos to express one conditionZbigniew Jędrzejewski-Szmek2020-03-031-2/+8
| | | | | | | | | | | | | See https://bugzilla.redhat.com/show_bug.cgi?id=1807768. It turns out that sysusers cannot query if the group exists: Failed to check if group dnsmasq already exists: No such process ... Failed to check if group systemd-timesync already exists: No such process When the same command is executed later, the issue does not occur. Not sure why the behaviour in the initial transaction is different. But let's accept all errors that the man pages list. We check if the user/group exists before creating anyway, so this seems pretty safe.
* sysusers: support creating users with a specific primary groupDavid Michael2020-02-021-18/+45
| | | | | | | | | This extends the "uid:gid" syntax for "u" lines so that a group name can be given instead of a GID. This requires that the group is either queued for creation by sysusers, or it is already defined on the system. Closes #14340
* Revert "sysusers: properly mark generated accounts as locked"Zbigniew Jędrzejewski-Szmek2019-10-221-1/+1
| | | | | | | | | | This reverts the gist of commit 636e72bce63e7e99b76357f7d524d16f61558775. The comment and the tiny cleanup are left alone. We shouldn't lock the accounts because people actually need to use them, and if they are locked, various tools will refuse. See https://github.com/systemd/systemd/pull/13277#issuecomment-529964578 and follow-up comments.
* sysusers: properly mark generated accounts as lockedLennart Poettering2019-08-141-3/+3
| | | | | | | | | | | | | | | | | | Previously, we'd only set the shell to /usr/bin/nologin and lock the password for system users. Let's go one step further and also lock the whole account. This is a paranoid safety precaution, since neither disabling the shell like this nor disabling the password is sufficient to lock an account, since remote shell tools generally allow passing different shells, and logins into ftp or similar protocols don't know the shell concept anyway. Moreover, in times of ssh authentication by password is just one option of authentication among many. Takes inspiration from the recommendations in usermod(8)'s -L switch: "Note: if you wish to lock the account (not only access with a password), you should also set the EXPIRE_DATE to 1."
* Merge pull request #13096 from keszybz/unit-loadingZbigniew Jędrzejewski-Szmek2019-07-191-35/+2
|\ | | | | Preparatory work for the unit loading rework
| * sysusers,strv: export the hash ops to map char* → strvZbigniew Jędrzejewski-Szmek2019-07-191-35/+2
| | | | | | | | Also make string_strv_hashmap_put return 0 only if the entry already existed.
* | meson: make nologin path build time configurableMichael Biebl2019-07-181-1/+1
|/ | | | | | | | | Some distros install nologin as /usr/sbin/nologin, others as /sbin/nologin. Since we can't really on merged-usr everywhere (where the path wouldn't matter), make the path build time configurable via -Dnologin-path=. Closes #13028
* Rename EXTRACT_QUOTES to EXTRACT_UNQUOTEZbigniew Jędrzejewski-Szmek2019-06-281-1/+1
| | | | | | Whenever I see EXTRACT_QUOTES, I'm always confused whether it means to leave the quotes in or to take them out. Let's say "unquote", like we say "cunescape".
* tree-wide: introduce empty_or_dash() helperLennart Poettering2019-04-081-5/+5
| | | | | At quite a few places we check isempty() || streq(…, "-"), let's add a helper to simplify that, and replace that by a single function call.
* sysusers: use return_error_errno() where possibleZbigniew Jędrzejewski-Szmek2019-04-071-140/+119
|
* sysusers: add missing initalizerZbigniew Jędrzejewski-Szmek2019-04-071-1/+1
| | | | | I assume that this is the error causing the invalid free in https://bugzilla.redhat.com/show_bug.cgi?id=1670679.
* tree-wide: (void)ify a few unlink() and rmdir()Lennart Poettering2019-03-271-1/+1
| | | | | | Let's be helpful to static analyzers which care about whether we knowingly ignore return values. We do in these cases, since they are usually part of error paths.
* Merge pull request #10920 from yuwata/hashmap-destructorLennart Poettering2018-12-031-127/+88
|\ | | | | hashmap: make hashmap_free() call destructors of key or value
| * sysusers: define main through macroYu Watanabe2018-12-021-119/+86
| | | | | | | | | | This also fixes possible memleak when uid/gid or user/group name in database are conflicted.
| * sysusers: use fgetgrent_sane()Yu Watanabe2018-12-021-8/+2
| |
* | util-lib: split out all temporary file related calls into tmpfiles-util.cLennart Poettering2018-12-021-0/+1
| | | | | | | | | | | | | | | | This splits out a bunch of functions from fileio.c that have to do with temporary files. Simply to make the header files a bit shorter, and to group things more nicely. No code changes, just some rearranging of source files.
* | util-lib: don't include fileio.h from fileio-label.hLennart Poettering2018-12-021-1/+1
|/ | | | There's no reason for doing that, hence simply don't.
* sysusers: use ordered_hashmap_steal_first_key_and_value()Yu Watanabe2018-11-221-4/+4
|
* coccinelle: make use of SYNTHETIC_ERRNOZbigniew Jędrzejewski-Szmek2018-11-221-16/+13
| | | | | | | | | | | Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
* Split out pretty-print.c and move pager.c and main-func.h to shared/Zbigniew Jędrzejewski-Szmek2018-11-201-1/+1
| | | | | This is high-level functionality, and fits better in shared/ (which is for our executables), than in basic/ (which is also for libraries).