mirror of
https://github.com/systemd/systemd
synced 2025-09-23 22:04:45 +02:00
Compare commits
No commits in common. "1f0c7cd5e1b0dd169fffa8c2607da49c9f8fa192" and "c7d26acce6dcb0e72be6160873fac758e9b7c440" have entirely different histories.
1f0c7cd5e1
...
c7d26acce6
@ -21,16 +21,16 @@ static int build_user_json(const char *user_name, uid_t uid, JsonVariant **ret)
|
|||||||
assert(ret);
|
assert(ret);
|
||||||
|
|
||||||
return json_build(ret, JSON_BUILD_OBJECT(
|
return json_build(ret, JSON_BUILD_OBJECT(
|
||||||
JSON_BUILD_PAIR("record", JSON_BUILD_OBJECT(
|
JSON_BUILD_PAIR("record", JSON_BUILD_OBJECT(
|
||||||
JSON_BUILD_PAIR("userName", JSON_BUILD_STRING(user_name)),
|
JSON_BUILD_PAIR("userName", JSON_BUILD_STRING(user_name)),
|
||||||
JSON_BUILD_PAIR("uid", JSON_BUILD_UNSIGNED(uid)),
|
JSON_BUILD_PAIR("uid", JSON_BUILD_UNSIGNED(uid)),
|
||||||
JSON_BUILD_PAIR("gid", JSON_BUILD_UNSIGNED(uid)),
|
JSON_BUILD_PAIR("gid", JSON_BUILD_UNSIGNED(uid)),
|
||||||
JSON_BUILD_PAIR("realName", JSON_BUILD_STRING("Dynamic User")),
|
JSON_BUILD_PAIR("realName", JSON_BUILD_STRING("Dynamic User")),
|
||||||
JSON_BUILD_PAIR("homeDirectory", JSON_BUILD_STRING("/")),
|
JSON_BUILD_PAIR("homeDirectory", JSON_BUILD_STRING("/")),
|
||||||
JSON_BUILD_PAIR("shell", JSON_BUILD_STRING(NOLOGIN)),
|
JSON_BUILD_PAIR("shell", JSON_BUILD_STRING(NOLOGIN)),
|
||||||
JSON_BUILD_PAIR("locked", JSON_BUILD_BOOLEAN(true)),
|
JSON_BUILD_PAIR("locked", JSON_BUILD_BOOLEAN(true)),
|
||||||
JSON_BUILD_PAIR("service", JSON_BUILD_STRING("io.systemd.DynamicUser")),
|
JSON_BUILD_PAIR("service", JSON_BUILD_STRING("io.systemd.DynamicUser")),
|
||||||
JSON_BUILD_PAIR("disposition", JSON_BUILD_STRING("dynamic"))))));
|
JSON_BUILD_PAIR("disposition", JSON_BUILD_STRING("dynamic"))))));
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool user_match_lookup_parameters(LookupParameters *p, const char *name, uid_t uid) {
|
static bool user_match_lookup_parameters(LookupParameters *p, const char *name, uid_t uid) {
|
||||||
@ -134,12 +134,12 @@ static int build_group_json(const char *group_name, gid_t gid, JsonVariant **ret
|
|||||||
assert(ret);
|
assert(ret);
|
||||||
|
|
||||||
return json_build(ret, JSON_BUILD_OBJECT(
|
return json_build(ret, JSON_BUILD_OBJECT(
|
||||||
JSON_BUILD_PAIR("record", JSON_BUILD_OBJECT(
|
JSON_BUILD_PAIR("record", JSON_BUILD_OBJECT(
|
||||||
JSON_BUILD_PAIR("groupName", JSON_BUILD_STRING(group_name)),
|
JSON_BUILD_PAIR("groupName", JSON_BUILD_STRING(group_name)),
|
||||||
JSON_BUILD_PAIR("gid", JSON_BUILD_UNSIGNED(gid)),
|
JSON_BUILD_PAIR("gid", JSON_BUILD_UNSIGNED(gid)),
|
||||||
JSON_BUILD_PAIR("service", JSON_BUILD_STRING("io.systemd.DynamicUser")),
|
JSON_BUILD_PAIR("service", JSON_BUILD_STRING("io.systemd.DynamicUser")),
|
||||||
JSON_BUILD_PAIR("disposition", JSON_BUILD_STRING("dynamic"))))));
|
JSON_BUILD_PAIR("disposition", JSON_BUILD_STRING("dynamic"))))));
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool group_match_lookup_parameters(LookupParameters *p, const char *name, gid_t gid) {
|
static bool group_match_lookup_parameters(LookupParameters *p, const char *name, gid_t gid) {
|
||||||
assert(p);
|
assert(p);
|
||||||
|
|||||||
@ -405,23 +405,35 @@ static int user_update_slice(User *u) {
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return bus_log_create_error(r);
|
return bus_log_create_error(r);
|
||||||
|
|
||||||
const struct {
|
if (u->user_record->tasks_max != UINT64_MAX) {
|
||||||
const char *name;
|
r = sd_bus_message_append(m, "(sv)", "TasksMax", "t", u->user_record->tasks_max);
|
||||||
uint64_t value;
|
if (r < 0)
|
||||||
} settings[] = {
|
return bus_log_create_error(r);
|
||||||
{ "TasksMax", u->user_record->tasks_max },
|
}
|
||||||
{ "MemoryMax", u->user_record->memory_max },
|
|
||||||
{ "MemoryHigh", u->user_record->memory_high },
|
|
||||||
{ "CPUWeight", u->user_record->cpu_weight },
|
|
||||||
{ "IOWeight", u->user_record->io_weight },
|
|
||||||
};
|
|
||||||
|
|
||||||
for (size_t i = 0; i < ELEMENTSOF(settings); i++)
|
if (u->user_record->memory_max != UINT64_MAX) {
|
||||||
if (settings[i].value != UINT64_MAX) {
|
r = sd_bus_message_append(m, "(sv)", "MemoryMax", "t", u->user_record->memory_max);
|
||||||
r = sd_bus_message_append(m, "(sv)", settings[i].name, "t", settings[i].value);
|
if (r < 0)
|
||||||
if (r < 0)
|
return bus_log_create_error(r);
|
||||||
return bus_log_create_error(r);
|
}
|
||||||
}
|
|
||||||
|
if (u->user_record->memory_high != UINT64_MAX) {
|
||||||
|
r = sd_bus_message_append(m, "(sv)", "MemoryHigh", "t", u->user_record->memory_high);
|
||||||
|
if (r < 0)
|
||||||
|
return bus_log_create_error(r);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (u->user_record->cpu_weight != UINT64_MAX) {
|
||||||
|
r = sd_bus_message_append(m, "(sv)", "CPUWeight", "t", u->user_record->cpu_weight);
|
||||||
|
if (r < 0)
|
||||||
|
return bus_log_create_error(r);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (u->user_record->io_weight != UINT64_MAX) {
|
||||||
|
r = sd_bus_message_append(m, "(sv)", "IOWeight", "t", u->user_record->io_weight);
|
||||||
|
if (r < 0)
|
||||||
|
return bus_log_create_error(r);
|
||||||
|
}
|
||||||
|
|
||||||
r = sd_bus_message_close_container(m);
|
r = sd_bus_message_close_container(m);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
|
|||||||
@ -6,9 +6,6 @@
|
|||||||
#include "strv.h"
|
#include "strv.h"
|
||||||
#include "user-record-nss.h"
|
#include "user-record-nss.h"
|
||||||
|
|
||||||
#define SET_IF(field, condition, value, fallback) \
|
|
||||||
field = (condition) ? (value) : (fallback)
|
|
||||||
|
|
||||||
int nss_passwd_to_user_record(
|
int nss_passwd_to_user_record(
|
||||||
const struct passwd *pwd,
|
const struct passwd *pwd,
|
||||||
const struct spwd *spwd,
|
const struct spwd *spwd,
|
||||||
@ -34,66 +31,97 @@ int nss_passwd_to_user_record(
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
r = free_and_strdup(&hr->real_name,
|
if (isempty(pwd->pw_gecos) || streq_ptr(pwd->pw_gecos, hr->user_name))
|
||||||
streq_ptr(pwd->pw_gecos, hr->user_name) ? NULL : empty_to_null(pwd->pw_gecos));
|
hr->real_name = mfree(hr->real_name);
|
||||||
if (r < 0)
|
else {
|
||||||
return r;
|
r = free_and_strdup(&hr->real_name, pwd->pw_gecos);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
r = free_and_strdup(&hr->home_directory, empty_to_null(pwd->pw_dir));
|
if (isempty(pwd->pw_dir))
|
||||||
if (r < 0)
|
hr->home_directory = mfree(hr->home_directory);
|
||||||
return r;
|
else {
|
||||||
|
r = free_and_strdup(&hr->home_directory, pwd->pw_dir);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
r = free_and_strdup(&hr->shell, empty_to_null(pwd->pw_shell));
|
if (isempty(pwd->pw_shell))
|
||||||
if (r < 0)
|
hr->shell = mfree(hr->shell);
|
||||||
return r;
|
else {
|
||||||
|
r = free_and_strdup(&hr->shell, pwd->pw_shell);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
hr->uid = pwd->pw_uid;
|
hr->uid = pwd->pw_uid;
|
||||||
hr->gid = pwd->pw_gid;
|
hr->gid = pwd->pw_gid;
|
||||||
|
|
||||||
if (spwd && hashed_password_valid(spwd->sp_pwdp)) {
|
if (spwd) {
|
||||||
strv_free_erase(hr->hashed_password);
|
if (hashed_password_valid(spwd->sp_pwdp)) {
|
||||||
hr->hashed_password = strv_new(spwd->sp_pwdp);
|
strv_free_erase(hr->hashed_password);
|
||||||
if (!hr->hashed_password)
|
hr->hashed_password = strv_new(spwd->sp_pwdp);
|
||||||
return -ENOMEM;
|
if (!hr->hashed_password)
|
||||||
} else
|
return -ENOMEM;
|
||||||
|
} else
|
||||||
|
hr->hashed_password = strv_free_erase(hr->hashed_password);
|
||||||
|
|
||||||
|
/* shadow-utils suggests using "chage -E 0" (or -E 1, depending on which man page you check)
|
||||||
|
* for locking a whole account, hence check for that. Note that it also defines a way to lock
|
||||||
|
* just a password instead of the whole account, but that's mostly pointless in times of
|
||||||
|
* password-less authorization, hence let's not bother. */
|
||||||
|
|
||||||
|
if (spwd->sp_expire >= 0)
|
||||||
|
hr->locked = spwd->sp_expire <= 1;
|
||||||
|
else
|
||||||
|
hr->locked = -1;
|
||||||
|
|
||||||
|
if (spwd->sp_expire > 1 && (uint64_t) spwd->sp_expire < (UINT64_MAX-1)/USEC_PER_DAY)
|
||||||
|
hr->not_after_usec = spwd->sp_expire * USEC_PER_DAY;
|
||||||
|
else
|
||||||
|
hr->not_after_usec = UINT64_MAX;
|
||||||
|
|
||||||
|
if (spwd->sp_lstchg >= 0)
|
||||||
|
hr->password_change_now = spwd->sp_lstchg == 0;
|
||||||
|
else
|
||||||
|
hr->password_change_now = -1;
|
||||||
|
|
||||||
|
if (spwd->sp_lstchg > 0 && (uint64_t) spwd->sp_lstchg <= (UINT64_MAX-1)/USEC_PER_DAY)
|
||||||
|
hr->last_password_change_usec = spwd->sp_lstchg * USEC_PER_DAY;
|
||||||
|
else
|
||||||
|
hr->last_password_change_usec = UINT64_MAX;
|
||||||
|
|
||||||
|
if (spwd->sp_min > 0 && (uint64_t) spwd->sp_min <= (UINT64_MAX-1)/USEC_PER_DAY)
|
||||||
|
hr->password_change_min_usec = spwd->sp_min * USEC_PER_DAY;
|
||||||
|
else
|
||||||
|
hr->password_change_min_usec = UINT64_MAX;
|
||||||
|
|
||||||
|
if (spwd->sp_max > 0 && (uint64_t) spwd->sp_max <= (UINT64_MAX-1)/USEC_PER_DAY)
|
||||||
|
hr->password_change_max_usec = spwd->sp_max * USEC_PER_DAY;
|
||||||
|
else
|
||||||
|
hr->password_change_max_usec = UINT64_MAX;
|
||||||
|
|
||||||
|
if (spwd->sp_warn > 0 && (uint64_t) spwd->sp_warn <= (UINT64_MAX-1)/USEC_PER_DAY)
|
||||||
|
hr->password_change_warn_usec = spwd->sp_warn * USEC_PER_DAY;
|
||||||
|
else
|
||||||
|
hr->password_change_warn_usec = UINT64_MAX;
|
||||||
|
|
||||||
|
if (spwd->sp_inact > 0 && (uint64_t) spwd->sp_inact <= (UINT64_MAX-1)/USEC_PER_DAY)
|
||||||
|
hr->password_change_inactive_usec = spwd->sp_inact * USEC_PER_DAY;
|
||||||
|
else
|
||||||
|
hr->password_change_inactive_usec = UINT64_MAX;
|
||||||
|
} else {
|
||||||
hr->hashed_password = strv_free_erase(hr->hashed_password);
|
hr->hashed_password = strv_free_erase(hr->hashed_password);
|
||||||
|
hr->locked = -1;
|
||||||
/* shadow-utils suggests using "chage -E 0" (or -E 1, depending on which man page you check)
|
hr->not_after_usec = UINT64_MAX;
|
||||||
* for locking a whole account, hence check for that. Note that it also defines a way to lock
|
hr->password_change_now = -1,
|
||||||
* just a password instead of the whole account, but that's mostly pointless in times of
|
hr->last_password_change_usec = UINT64_MAX;
|
||||||
* password-less authorization, hence let's not bother. */
|
hr->password_change_min_usec = UINT64_MAX;
|
||||||
|
hr->password_change_max_usec = UINT64_MAX;
|
||||||
SET_IF(hr->locked,
|
hr->password_change_warn_usec = UINT64_MAX;
|
||||||
spwd && spwd->sp_expire >= 0,
|
hr->password_change_inactive_usec = UINT64_MAX;
|
||||||
spwd->sp_expire <= 1, -1);
|
}
|
||||||
|
|
||||||
SET_IF(hr->not_after_usec,
|
|
||||||
spwd && spwd->sp_expire > 1 && (uint64_t) spwd->sp_expire < (UINT64_MAX-1)/USEC_PER_DAY,
|
|
||||||
spwd->sp_expire * USEC_PER_DAY, UINT64_MAX);
|
|
||||||
|
|
||||||
SET_IF(hr->password_change_now,
|
|
||||||
spwd && spwd->sp_lstchg >= 0,
|
|
||||||
spwd->sp_lstchg == 0, -1);
|
|
||||||
|
|
||||||
SET_IF(hr->last_password_change_usec,
|
|
||||||
spwd && spwd->sp_lstchg > 0 && (uint64_t) spwd->sp_lstchg <= (UINT64_MAX-1)/USEC_PER_DAY,
|
|
||||||
spwd->sp_lstchg * USEC_PER_DAY, UINT64_MAX);
|
|
||||||
|
|
||||||
SET_IF(hr->password_change_min_usec,
|
|
||||||
spwd && spwd->sp_min > 0 && (uint64_t) spwd->sp_min <= (UINT64_MAX-1)/USEC_PER_DAY,
|
|
||||||
spwd->sp_min * USEC_PER_DAY, UINT64_MAX);
|
|
||||||
|
|
||||||
SET_IF(hr->password_change_max_usec,
|
|
||||||
spwd && spwd->sp_max > 0 && (uint64_t) spwd->sp_max <= (UINT64_MAX-1)/USEC_PER_DAY,
|
|
||||||
spwd->sp_max * USEC_PER_DAY, UINT64_MAX);
|
|
||||||
|
|
||||||
SET_IF(hr->password_change_warn_usec,
|
|
||||||
spwd && spwd->sp_warn > 0 && (uint64_t) spwd->sp_warn <= (UINT64_MAX-1)/USEC_PER_DAY,
|
|
||||||
spwd->sp_warn * USEC_PER_DAY, UINT64_MAX);
|
|
||||||
|
|
||||||
SET_IF(hr->password_change_inactive_usec,
|
|
||||||
spwd && spwd->sp_inact > 0 && (uint64_t) spwd->sp_inact <= (UINT64_MAX-1)/USEC_PER_DAY,
|
|
||||||
spwd->sp_inact * USEC_PER_DAY, UINT64_MAX);
|
|
||||||
|
|
||||||
hr->json = json_variant_unref(hr->json);
|
hr->json = json_variant_unref(hr->json);
|
||||||
r = json_build(&hr->json, JSON_BUILD_OBJECT(
|
r = json_build(&hr->json, JSON_BUILD_OBJECT(
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user