mirror of
https://github.com/systemd/systemd.git
synced 2025-03-08 08:58:27 +03:00
Mike Yuan
GitHub
commit
696f5da420
@ -736,7 +736,7 @@ specified hostnames match the system's local hostname, the fields in this
|
||||
object are honored. If both `matchHostname` and `matchMachineId` are used
|
||||
within the same array entry, the object is honored when either match succeeds,
|
||||
i.e. the two match types are combined in OR, not in AND. (As a special case, if
|
||||
only a single machine ID is listed this field may be a single string rather
|
||||
only a single hostname is listed this field may be a single string rather
|
||||
than an array of strings.)
|
||||
|
||||
These two are the only two fields specific to this section. All other fields
|
||||
|
||||
@ -52,6 +52,11 @@ static inline void fclosep(FILE **f) {
|
||||
safe_fclose(*f);
|
||||
}
|
||||
|
||||
static inline void* close_fd_ptr(void *p) {
|
||||
safe_close(PTR_TO_FD(p));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(FILE*, pclose, NULL);
|
||||
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(DIR*, closedir, NULL);
|
||||
|
||||
|
||||
@ -290,7 +290,7 @@ int home_resize_directory(
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = home_store_embedded_identity(new_home, setup->root_fd, h->uid, embedded_home);
|
||||
r = home_store_embedded_identity(new_home, setup->root_fd, embedded_home);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
||||
@ -3445,7 +3445,7 @@ int home_resize_luks(
|
||||
/* → Shrink */
|
||||
|
||||
if (!FLAGS_SET(flags, HOME_SETUP_RESIZE_DONT_SYNC_IDENTITIES)) {
|
||||
r = home_store_embedded_identity(new_home, setup->root_fd, h->uid, embedded_home);
|
||||
r = home_store_embedded_identity(new_home, setup->root_fd, embedded_home);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
@ -3533,7 +3533,7 @@ int home_resize_luks(
|
||||
|
||||
} else { /* → Grow */
|
||||
if (!FLAGS_SET(flags, HOME_SETUP_RESIZE_DONT_SYNC_IDENTITIES)) {
|
||||
r = home_store_embedded_identity(new_home, setup->root_fd, h->uid, embedded_home);
|
||||
r = home_store_embedded_identity(new_home, setup->root_fd, embedded_home);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
@ -638,7 +638,7 @@ int home_load_embedded_identity(
|
||||
*
|
||||
* · The record we got passed from the host
|
||||
* · The record included in the LUKS header (only if LUKS is used)
|
||||
* · The record in the home directory itself (~.identity)
|
||||
* · The record in the home directory itself (~/.identity)
|
||||
*
|
||||
* Now we have to reconcile all three, and let the newest one win. */
|
||||
|
||||
@ -698,13 +698,12 @@ int home_load_embedded_identity(
|
||||
return 0;
|
||||
}
|
||||
|
||||
int home_store_embedded_identity(UserRecord *h, int root_fd, uid_t uid, UserRecord *old_home) {
|
||||
int home_store_embedded_identity(UserRecord *h, int root_fd, UserRecord *old_home) {
|
||||
_cleanup_(user_record_unrefp) UserRecord *embedded = NULL;
|
||||
int r;
|
||||
|
||||
assert(h);
|
||||
assert(root_fd >= 0);
|
||||
assert(uid_is_valid(uid));
|
||||
|
||||
r = user_record_clone(h, USER_RECORD_EXTRACT_EMBEDDED|USER_RECORD_PERMISSIVE, &embedded);
|
||||
if (r < 0)
|
||||
@ -848,7 +847,7 @@ int home_refresh(
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = home_store_embedded_identity(new_home, setup->root_fd, h->uid, embedded_home);
|
||||
r = home_store_embedded_identity(new_home, setup->root_fd, embedded_home);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
@ -1068,7 +1067,7 @@ int home_populate(UserRecord *h, int dir_fd) {
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = home_store_embedded_identity(h, dir_fd, h->uid, NULL);
|
||||
r = home_store_embedded_identity(h, dir_fd, NULL);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
@ -1608,7 +1607,7 @@ static int home_update(UserRecord *h, UserRecord **ret) {
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = home_store_embedded_identity(new_home, setup.root_fd, h->uid, embedded_home);
|
||||
r = home_store_embedded_identity(new_home, setup.root_fd, embedded_home);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
@ -1733,7 +1732,7 @@ static int home_passwd(UserRecord *h, UserRecord **ret_home) {
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = home_store_embedded_identity(new_home, setup.root_fd, h->uid, embedded_home);
|
||||
r = home_store_embedded_identity(new_home, setup.root_fd, embedded_home);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
||||
@ -87,7 +87,7 @@ int home_maybe_shift_uid(UserRecord *h, HomeSetupFlags flags, HomeSetup *setup);
|
||||
int home_populate(UserRecord *h, int dir_fd);
|
||||
|
||||
int home_load_embedded_identity(UserRecord *h, int root_fd, UserRecord *header_home, UserReconcileMode mode, PasswordCache *cache, UserRecord **ret_embedded_home, UserRecord **ret_new_home);
|
||||
int home_store_embedded_identity(UserRecord *h, int root_fd, uid_t uid, UserRecord *old_home);
|
||||
int home_store_embedded_identity(UserRecord *h, int root_fd, UserRecord *old_home);
|
||||
int home_extend_embedded_identity(UserRecord *h, UserRecord *used, HomeSetup *setup);
|
||||
|
||||
int user_record_authenticate(UserRecord *h, UserRecord *secret, PasswordCache *cache, bool strict_verify);
|
||||
|
||||
@ -33,11 +33,6 @@ static TunTap* TUNTAP(NetDev *netdev) {
|
||||
}
|
||||
}
|
||||
|
||||
static void *close_fd_ptr(void *p) {
|
||||
safe_close(PTR_TO_FD(p));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
DEFINE_PRIVATE_HASH_OPS_FULL(named_fd_hash_ops, char, string_hash_func, string_compare_func, free, void, close_fd_ptr);
|
||||
|
||||
int manager_add_tuntap_fd(Manager *m, int fd, const char *name) {
|
||||
|
||||
@ -102,33 +102,13 @@ static int dispatch_per_machine(const char *name, JsonVariant *variant, JsonDisp
|
||||
return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array.", strna(name));
|
||||
|
||||
JSON_VARIANT_ARRAY_FOREACH(e, variant) {
|
||||
bool matching = false;
|
||||
JsonVariant *m;
|
||||
|
||||
if (!json_variant_is_object(e))
|
||||
return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
|
||||
|
||||
m = json_variant_by_key(e, "matchMachineId");
|
||||
if (m) {
|
||||
r = per_machine_id_match(m, flags);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
matching = r > 0;
|
||||
}
|
||||
|
||||
if (!matching) {
|
||||
m = json_variant_by_key(e, "matchHostname");
|
||||
if (m) {
|
||||
r = per_machine_hostname_match(m, flags);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
matching = r > 0;
|
||||
}
|
||||
}
|
||||
|
||||
if (!matching)
|
||||
r = per_machine_match(e, flags);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0)
|
||||
continue;
|
||||
|
||||
r = json_dispatch(e, per_machine_dispatch_table, flags, userdata);
|
||||
|
||||
@ -1133,6 +1133,33 @@ int per_machine_hostname_match(JsonVariant *hns, JsonDispatchFlags flags) {
|
||||
return false;
|
||||
}
|
||||
|
||||
int per_machine_match(JsonVariant *entry, JsonDispatchFlags flags) {
|
||||
JsonVariant *m;
|
||||
int r;
|
||||
|
||||
assert(json_variant_is_object(entry));
|
||||
|
||||
m = json_variant_by_key(entry, "matchMachineId");
|
||||
if (m) {
|
||||
r = per_machine_id_match(m, flags);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r > 0)
|
||||
return true;
|
||||
}
|
||||
|
||||
m = json_variant_by_key(entry, "matchHostname");
|
||||
if (m) {
|
||||
r = per_machine_hostname_match(m, flags);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r > 0)
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
static int dispatch_per_machine(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
|
||||
|
||||
static const JsonDispatch per_machine_dispatch_table[] = {
|
||||
@ -1219,33 +1246,13 @@ static int dispatch_per_machine(const char *name, JsonVariant *variant, JsonDisp
|
||||
return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array.", strna(name));
|
||||
|
||||
JSON_VARIANT_ARRAY_FOREACH(e, variant) {
|
||||
bool matching = false;
|
||||
JsonVariant *m;
|
||||
|
||||
if (!json_variant_is_object(e))
|
||||
return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
|
||||
|
||||
m = json_variant_by_key(e, "matchMachineId");
|
||||
if (m) {
|
||||
r = per_machine_id_match(m, flags);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
matching = r > 0;
|
||||
}
|
||||
|
||||
if (!matching) {
|
||||
m = json_variant_by_key(e, "matchHostname");
|
||||
if (m) {
|
||||
r = per_machine_hostname_match(m, flags);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
matching = r > 0;
|
||||
}
|
||||
}
|
||||
|
||||
if (!matching)
|
||||
r = per_machine_match(e, flags);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0)
|
||||
continue;
|
||||
|
||||
r = json_dispatch(e, per_machine_dispatch_table, flags, userdata);
|
||||
|
||||
@ -438,6 +438,7 @@ int json_dispatch_user_disposition(const char *name, JsonVariant *variant, JsonD
|
||||
|
||||
int per_machine_id_match(JsonVariant *ids, JsonDispatchFlags flags);
|
||||
int per_machine_hostname_match(JsonVariant *hns, JsonDispatchFlags flags);
|
||||
int per_machine_match(JsonVariant *entry, JsonDispatchFlags flags);
|
||||
int user_group_record_mangle(JsonVariant *v, UserRecordLoadFlags load_flags, JsonVariant **ret_variant, UserRecordMask *ret_mask);
|
||||
|
||||
const char* user_storage_to_string(UserStorage t) _const_;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user