mirror of
https://github.com/systemd/systemd.git
synced 2024-10-28 03:25:31 +03:00
commit
1f0c7cd5e1
@ -21,16 +21,16 @@ static int build_user_json(const char *user_name, uid_t uid, JsonVariant **ret)
|
||||
assert(ret);
|
||||
|
||||
return json_build(ret, JSON_BUILD_OBJECT(
|
||||
JSON_BUILD_PAIR("record", JSON_BUILD_OBJECT(
|
||||
JSON_BUILD_PAIR("userName", JSON_BUILD_STRING(user_name)),
|
||||
JSON_BUILD_PAIR("uid", JSON_BUILD_UNSIGNED(uid)),
|
||||
JSON_BUILD_PAIR("gid", JSON_BUILD_UNSIGNED(uid)),
|
||||
JSON_BUILD_PAIR("realName", JSON_BUILD_STRING("Dynamic User")),
|
||||
JSON_BUILD_PAIR("homeDirectory", JSON_BUILD_STRING("/")),
|
||||
JSON_BUILD_PAIR("shell", JSON_BUILD_STRING(NOLOGIN)),
|
||||
JSON_BUILD_PAIR("locked", JSON_BUILD_BOOLEAN(true)),
|
||||
JSON_BUILD_PAIR("service", JSON_BUILD_STRING("io.systemd.DynamicUser")),
|
||||
JSON_BUILD_PAIR("disposition", JSON_BUILD_STRING("dynamic"))))));
|
||||
JSON_BUILD_PAIR("record", JSON_BUILD_OBJECT(
|
||||
JSON_BUILD_PAIR("userName", JSON_BUILD_STRING(user_name)),
|
||||
JSON_BUILD_PAIR("uid", JSON_BUILD_UNSIGNED(uid)),
|
||||
JSON_BUILD_PAIR("gid", JSON_BUILD_UNSIGNED(uid)),
|
||||
JSON_BUILD_PAIR("realName", JSON_BUILD_STRING("Dynamic User")),
|
||||
JSON_BUILD_PAIR("homeDirectory", JSON_BUILD_STRING("/")),
|
||||
JSON_BUILD_PAIR("shell", JSON_BUILD_STRING(NOLOGIN)),
|
||||
JSON_BUILD_PAIR("locked", JSON_BUILD_BOOLEAN(true)),
|
||||
JSON_BUILD_PAIR("service", JSON_BUILD_STRING("io.systemd.DynamicUser")),
|
||||
JSON_BUILD_PAIR("disposition", JSON_BUILD_STRING("dynamic"))))));
|
||||
}
|
||||
|
||||
static bool user_match_lookup_parameters(LookupParameters *p, const char *name, uid_t uid) {
|
||||
@ -134,12 +134,12 @@ static int build_group_json(const char *group_name, gid_t gid, JsonVariant **ret
|
||||
assert(ret);
|
||||
|
||||
return json_build(ret, JSON_BUILD_OBJECT(
|
||||
JSON_BUILD_PAIR("record", JSON_BUILD_OBJECT(
|
||||
JSON_BUILD_PAIR("groupName", JSON_BUILD_STRING(group_name)),
|
||||
JSON_BUILD_PAIR("gid", JSON_BUILD_UNSIGNED(gid)),
|
||||
JSON_BUILD_PAIR("service", JSON_BUILD_STRING("io.systemd.DynamicUser")),
|
||||
JSON_BUILD_PAIR("disposition", JSON_BUILD_STRING("dynamic"))))));
|
||||
}
|
||||
JSON_BUILD_PAIR("record", JSON_BUILD_OBJECT(
|
||||
JSON_BUILD_PAIR("groupName", JSON_BUILD_STRING(group_name)),
|
||||
JSON_BUILD_PAIR("gid", JSON_BUILD_UNSIGNED(gid)),
|
||||
JSON_BUILD_PAIR("service", JSON_BUILD_STRING("io.systemd.DynamicUser")),
|
||||
JSON_BUILD_PAIR("disposition", JSON_BUILD_STRING("dynamic"))))));
|
||||
}
|
||||
|
||||
static bool group_match_lookup_parameters(LookupParameters *p, const char *name, gid_t gid) {
|
||||
assert(p);
|
||||
|
@ -405,35 +405,23 @@ static int user_update_slice(User *u) {
|
||||
if (r < 0)
|
||||
return bus_log_create_error(r);
|
||||
|
||||
if (u->user_record->tasks_max != UINT64_MAX) {
|
||||
r = sd_bus_message_append(m, "(sv)", "TasksMax", "t", u->user_record->tasks_max);
|
||||
if (r < 0)
|
||||
return bus_log_create_error(r);
|
||||
}
|
||||
const struct {
|
||||
const char *name;
|
||||
uint64_t value;
|
||||
} settings[] = {
|
||||
{ "TasksMax", u->user_record->tasks_max },
|
||||
{ "MemoryMax", u->user_record->memory_max },
|
||||
{ "MemoryHigh", u->user_record->memory_high },
|
||||
{ "CPUWeight", u->user_record->cpu_weight },
|
||||
{ "IOWeight", u->user_record->io_weight },
|
||||
};
|
||||
|
||||
if (u->user_record->memory_max != UINT64_MAX) {
|
||||
r = sd_bus_message_append(m, "(sv)", "MemoryMax", "t", u->user_record->memory_max);
|
||||
if (r < 0)
|
||||
return bus_log_create_error(r);
|
||||
}
|
||||
|
||||
if (u->user_record->memory_high != UINT64_MAX) {
|
||||
r = sd_bus_message_append(m, "(sv)", "MemoryHigh", "t", u->user_record->memory_high);
|
||||
if (r < 0)
|
||||
return bus_log_create_error(r);
|
||||
}
|
||||
|
||||
if (u->user_record->cpu_weight != UINT64_MAX) {
|
||||
r = sd_bus_message_append(m, "(sv)", "CPUWeight", "t", u->user_record->cpu_weight);
|
||||
if (r < 0)
|
||||
return bus_log_create_error(r);
|
||||
}
|
||||
|
||||
if (u->user_record->io_weight != UINT64_MAX) {
|
||||
r = sd_bus_message_append(m, "(sv)", "IOWeight", "t", u->user_record->io_weight);
|
||||
if (r < 0)
|
||||
return bus_log_create_error(r);
|
||||
}
|
||||
for (size_t i = 0; i < ELEMENTSOF(settings); i++)
|
||||
if (settings[i].value != UINT64_MAX) {
|
||||
r = sd_bus_message_append(m, "(sv)", settings[i].name, "t", settings[i].value);
|
||||
if (r < 0)
|
||||
return bus_log_create_error(r);
|
||||
}
|
||||
|
||||
r = sd_bus_message_close_container(m);
|
||||
if (r < 0)
|
||||
|
@ -6,6 +6,9 @@
|
||||
#include "strv.h"
|
||||
#include "user-record-nss.h"
|
||||
|
||||
#define SET_IF(field, condition, value, fallback) \
|
||||
field = (condition) ? (value) : (fallback)
|
||||
|
||||
int nss_passwd_to_user_record(
|
||||
const struct passwd *pwd,
|
||||
const struct spwd *spwd,
|
||||
@ -31,97 +34,66 @@ int nss_passwd_to_user_record(
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (isempty(pwd->pw_gecos) || streq_ptr(pwd->pw_gecos, hr->user_name))
|
||||
hr->real_name = mfree(hr->real_name);
|
||||
else {
|
||||
r = free_and_strdup(&hr->real_name, pwd->pw_gecos);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
r = free_and_strdup(&hr->real_name,
|
||||
streq_ptr(pwd->pw_gecos, hr->user_name) ? NULL : empty_to_null(pwd->pw_gecos));
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (isempty(pwd->pw_dir))
|
||||
hr->home_directory = mfree(hr->home_directory);
|
||||
else {
|
||||
r = free_and_strdup(&hr->home_directory, pwd->pw_dir);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
r = free_and_strdup(&hr->home_directory, empty_to_null(pwd->pw_dir));
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (isempty(pwd->pw_shell))
|
||||
hr->shell = mfree(hr->shell);
|
||||
else {
|
||||
r = free_and_strdup(&hr->shell, pwd->pw_shell);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
r = free_and_strdup(&hr->shell, empty_to_null(pwd->pw_shell));
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
hr->uid = pwd->pw_uid;
|
||||
hr->gid = pwd->pw_gid;
|
||||
|
||||
if (spwd) {
|
||||
if (hashed_password_valid(spwd->sp_pwdp)) {
|
||||
strv_free_erase(hr->hashed_password);
|
||||
hr->hashed_password = strv_new(spwd->sp_pwdp);
|
||||
if (!hr->hashed_password)
|
||||
return -ENOMEM;
|
||||
} else
|
||||
hr->hashed_password = strv_free_erase(hr->hashed_password);
|
||||
|
||||
/* shadow-utils suggests using "chage -E 0" (or -E 1, depending on which man page you check)
|
||||
* for locking a whole account, hence check for that. Note that it also defines a way to lock
|
||||
* just a password instead of the whole account, but that's mostly pointless in times of
|
||||
* password-less authorization, hence let's not bother. */
|
||||
|
||||
if (spwd->sp_expire >= 0)
|
||||
hr->locked = spwd->sp_expire <= 1;
|
||||
else
|
||||
hr->locked = -1;
|
||||
|
||||
if (spwd->sp_expire > 1 && (uint64_t) spwd->sp_expire < (UINT64_MAX-1)/USEC_PER_DAY)
|
||||
hr->not_after_usec = spwd->sp_expire * USEC_PER_DAY;
|
||||
else
|
||||
hr->not_after_usec = UINT64_MAX;
|
||||
|
||||
if (spwd->sp_lstchg >= 0)
|
||||
hr->password_change_now = spwd->sp_lstchg == 0;
|
||||
else
|
||||
hr->password_change_now = -1;
|
||||
|
||||
if (spwd->sp_lstchg > 0 && (uint64_t) spwd->sp_lstchg <= (UINT64_MAX-1)/USEC_PER_DAY)
|
||||
hr->last_password_change_usec = spwd->sp_lstchg * USEC_PER_DAY;
|
||||
else
|
||||
hr->last_password_change_usec = UINT64_MAX;
|
||||
|
||||
if (spwd->sp_min > 0 && (uint64_t) spwd->sp_min <= (UINT64_MAX-1)/USEC_PER_DAY)
|
||||
hr->password_change_min_usec = spwd->sp_min * USEC_PER_DAY;
|
||||
else
|
||||
hr->password_change_min_usec = UINT64_MAX;
|
||||
|
||||
if (spwd->sp_max > 0 && (uint64_t) spwd->sp_max <= (UINT64_MAX-1)/USEC_PER_DAY)
|
||||
hr->password_change_max_usec = spwd->sp_max * USEC_PER_DAY;
|
||||
else
|
||||
hr->password_change_max_usec = UINT64_MAX;
|
||||
|
||||
if (spwd->sp_warn > 0 && (uint64_t) spwd->sp_warn <= (UINT64_MAX-1)/USEC_PER_DAY)
|
||||
hr->password_change_warn_usec = spwd->sp_warn * USEC_PER_DAY;
|
||||
else
|
||||
hr->password_change_warn_usec = UINT64_MAX;
|
||||
|
||||
if (spwd->sp_inact > 0 && (uint64_t) spwd->sp_inact <= (UINT64_MAX-1)/USEC_PER_DAY)
|
||||
hr->password_change_inactive_usec = spwd->sp_inact * USEC_PER_DAY;
|
||||
else
|
||||
hr->password_change_inactive_usec = UINT64_MAX;
|
||||
} else {
|
||||
if (spwd && hashed_password_valid(spwd->sp_pwdp)) {
|
||||
strv_free_erase(hr->hashed_password);
|
||||
hr->hashed_password = strv_new(spwd->sp_pwdp);
|
||||
if (!hr->hashed_password)
|
||||
return -ENOMEM;
|
||||
} else
|
||||
hr->hashed_password = strv_free_erase(hr->hashed_password);
|
||||
hr->locked = -1;
|
||||
hr->not_after_usec = UINT64_MAX;
|
||||
hr->password_change_now = -1,
|
||||
hr->last_password_change_usec = UINT64_MAX;
|
||||
hr->password_change_min_usec = UINT64_MAX;
|
||||
hr->password_change_max_usec = UINT64_MAX;
|
||||
hr->password_change_warn_usec = UINT64_MAX;
|
||||
hr->password_change_inactive_usec = UINT64_MAX;
|
||||
}
|
||||
|
||||
/* shadow-utils suggests using "chage -E 0" (or -E 1, depending on which man page you check)
|
||||
* for locking a whole account, hence check for that. Note that it also defines a way to lock
|
||||
* just a password instead of the whole account, but that's mostly pointless in times of
|
||||
* password-less authorization, hence let's not bother. */
|
||||
|
||||
SET_IF(hr->locked,
|
||||
spwd && spwd->sp_expire >= 0,
|
||||
spwd->sp_expire <= 1, -1);
|
||||
|
||||
SET_IF(hr->not_after_usec,
|
||||
spwd && spwd->sp_expire > 1 && (uint64_t) spwd->sp_expire < (UINT64_MAX-1)/USEC_PER_DAY,
|
||||
spwd->sp_expire * USEC_PER_DAY, UINT64_MAX);
|
||||
|
||||
SET_IF(hr->password_change_now,
|
||||
spwd && spwd->sp_lstchg >= 0,
|
||||
spwd->sp_lstchg == 0, -1);
|
||||
|
||||
SET_IF(hr->last_password_change_usec,
|
||||
spwd && spwd->sp_lstchg > 0 && (uint64_t) spwd->sp_lstchg <= (UINT64_MAX-1)/USEC_PER_DAY,
|
||||
spwd->sp_lstchg * USEC_PER_DAY, UINT64_MAX);
|
||||
|
||||
SET_IF(hr->password_change_min_usec,
|
||||
spwd && spwd->sp_min > 0 && (uint64_t) spwd->sp_min <= (UINT64_MAX-1)/USEC_PER_DAY,
|
||||
spwd->sp_min * USEC_PER_DAY, UINT64_MAX);
|
||||
|
||||
SET_IF(hr->password_change_max_usec,
|
||||
spwd && spwd->sp_max > 0 && (uint64_t) spwd->sp_max <= (UINT64_MAX-1)/USEC_PER_DAY,
|
||||
spwd->sp_max * USEC_PER_DAY, UINT64_MAX);
|
||||
|
||||
SET_IF(hr->password_change_warn_usec,
|
||||
spwd && spwd->sp_warn > 0 && (uint64_t) spwd->sp_warn <= (UINT64_MAX-1)/USEC_PER_DAY,
|
||||
spwd->sp_warn * USEC_PER_DAY, UINT64_MAX);
|
||||
|
||||
SET_IF(hr->password_change_inactive_usec,
|
||||
spwd && spwd->sp_inact > 0 && (uint64_t) spwd->sp_inact <= (UINT64_MAX-1)/USEC_PER_DAY,
|
||||
spwd->sp_inact * USEC_PER_DAY, UINT64_MAX);
|
||||
|
||||
hr->json = json_variant_unref(hr->json);
|
||||
r = json_build(&hr->json, JSON_BUILD_OBJECT(
|
||||
|
Loading…
Reference in New Issue
Block a user