mirror of
https://github.com/systemd/systemd.git
synced 2025-08-25 13:49:55 +03:00
user-record: add helper that checks if a user record is root or the nobody user
This commit is contained in:
@ -245,9 +245,9 @@ int bind_user_prepare(
|
||||
* and the user/group databases fully synthesized at runtime. Moreover, the name of the
|
||||
* user/group name of the "nobody" account differs between distros, hence a check by numeric
|
||||
* UID is safer. */
|
||||
if (u->uid == 0 || streq(u->user_name, "root"))
|
||||
if (user_record_is_root(u))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Mapping 'root' user not supported, sorry.");
|
||||
if (u->uid == UID_NOBODY || STR_IN_SET(u->user_name, NOBODY_USER_NAME, "nobody"))
|
||||
if (user_record_is_nobody(u))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Mapping 'nobody' user not supported, sorry.");
|
||||
|
||||
if (u->uid >= uid_shift && u->uid < uid_shift + uid_range)
|
||||
|
@ -1805,7 +1805,7 @@ static const char *user_record_home_directory_real(UserRecord *h) {
|
||||
return h->home_directory_auto;
|
||||
|
||||
/* The root user is special, hence be special about it */
|
||||
if (streq_ptr(h->user_name, "root"))
|
||||
if (user_record_is_root(h))
|
||||
return "/root";
|
||||
|
||||
return "/";
|
||||
@ -1853,7 +1853,7 @@ static const char *user_record_shell_real(UserRecord *h) {
|
||||
if (h->shell)
|
||||
return h->shell;
|
||||
|
||||
if (streq_ptr(h->user_name, "root"))
|
||||
if (user_record_is_root(h))
|
||||
return "/bin/sh";
|
||||
|
||||
if (user_record_disposition(h) == USER_REGULAR)
|
||||
@ -2033,7 +2033,7 @@ UserDisposition user_record_disposition(UserRecord *h) {
|
||||
if (!uid_is_valid(h->uid))
|
||||
return _USER_DISPOSITION_INVALID;
|
||||
|
||||
if (h->uid == 0 || h->uid == UID_NOBODY)
|
||||
if (user_record_is_root(h) || user_record_is_nobody(h))
|
||||
return USER_INTRINSIC;
|
||||
|
||||
if (uid_is_system(h->uid))
|
||||
@ -2411,6 +2411,18 @@ int user_record_test_password_change_required(UserRecord *h) {
|
||||
return change_permitted ? 0 : -EROFS;
|
||||
}
|
||||
|
||||
int user_record_is_root(const UserRecord *u) {
|
||||
assert(u);
|
||||
|
||||
return u->uid == 0 || streq_ptr(u->user_name, "root");
|
||||
}
|
||||
|
||||
int user_record_is_nobody(const UserRecord *u) {
|
||||
assert(u);
|
||||
|
||||
return u->uid == UID_NOBODY || STRPTR_IN_SET(u->user_name, NOBODY_USER_NAME, "nobody");
|
||||
}
|
||||
|
||||
int suitable_blob_filename(const char *name) {
|
||||
/* Enforces filename requirements as described in docs/USER_RECORD_BULK_DIRS.md */
|
||||
return filename_is_valid(name) &&
|
||||
|
@ -445,6 +445,9 @@ int user_record_masked_equal(UserRecord *a, UserRecord *b, UserRecordMask mask);
|
||||
int user_record_test_blocked(UserRecord *h);
|
||||
int user_record_test_password_change_required(UserRecord *h);
|
||||
|
||||
int user_record_is_root(const UserRecord *u);
|
||||
int user_record_is_nobody(const UserRecord *u);
|
||||
|
||||
/* The following six are user by group-record.c, that's why we export them here */
|
||||
int json_dispatch_realm(const char *name, sd_json_variant *variant, sd_json_dispatch_flags_t flags, void *userdata);
|
||||
int json_dispatch_gecos(const char *name, sd_json_variant *variant, sd_json_dispatch_flags_t flags, void *userdata);
|
||||
|
Reference in New Issue
Block a user