For security-container user, add new usertype.
This usertype has indivisual uid range, and can't listup to any normal user.
Change-Id: Ib48aa4715439639bb879732d943f2444fb1362e1
Signed-off-by: Yunmi Ha <yunmi.ha@samsung.com>
# Path to user shell executable. Default value is '/bin/bash'
#SHELL=/bin/bash
+SEC_SHELL=/sbin/nologin
# Path to skeleton folder. When new users are created, contents of the skel
# folder is copied to user home directory. Default value is '/etc/skel'
# is: 999
SYS_UID_MAX=499
+# Minimum value for the automatic uid selection for security user. Default
+# value is: 60001
+SEC_UID_MIN=60001
+
+# Maximum value for the automatic uid selection for security user. Default value
+# is: 60100
+SEC_UID_MAX=60100
+
# Minimum value for the automatic gid selection. Default value is: 1000
GID_MIN=5001
"/SHELL"
/**
+ * GUM_CONFIG_GENERAL_SEC_SHELL:
+ *
+ * Path to security user shell executable. Default value is '/bin/bash'
+ */
+#define GUM_CONFIG_GENERAL_SEC_SHELL GUM_CONFIG_GENERAL \
+ "/SEC_SHELL"
+
+/**
* GUM_CONFIG_GENERAL_SKEL_DIR:
*
* Path to skeleton folder. When new users are created, contents of the skel
"/SYS_UID_MAX"
/**
+ * GUM_CONFIG_GENERAL_SEC_UID_MIN:
+ *
+ * Minimum value for the automatic uid selection. Default value is: 60001
+ */
+#define GUM_CONFIG_GENERAL_SEC_UID_MIN GUM_CONFIG_GENERAL \
+ "/SEC_UID_MIN"
+
+/**
+ * GUM_CONFIG_GENERAL_SEC_UID_MAX:
+ *
+ * Maximum value for the automatic uid selection. Default value is: 60100
+ */
+#define GUM_CONFIG_GENERAL_SEC_UID_MAX GUM_CONFIG_GENERAL \
+ "/SEC_UID_MAX"
+
+/**
* GUM_CONFIG_GENERAL_GID_MIN:
*
* Minimum value for the automatic gid selection. Default value is: 2000
*
* Defines total number of types of the users.
*/
-#define GUM_USERTYPE_COUNT 5
+#define GUM_USERTYPE_COUNT 6
/**
* GUM_USERTYPE_MAX_VALUE:
GUM_USERTYPE_SYSTEM = 0x01,
GUM_USERTYPE_ADMIN = 0x02,
GUM_USERTYPE_GUEST = 0x04,
- GUM_USERTYPE_NORMAL = 0x08
+ GUM_USERTYPE_NORMAL = 0x08,
+ GUM_USERTYPE_SECURITY = 0x10
} GumUserType;
const gchar *
#define UID_MAX 60000
#define SYS_UID_MIN 100
#define SYS_UID_MAX 999
+#define SEC_UID_MIN 60001
+#define SEC_UID_MAX 60100
+
#define GID_MIN 1000
#define GID_MAX 60000
#define SYS_GID_MIN 100
g_strcmp0 (GUM_CONFIG_GENERAL_UID_MAX, key) == 0 ||
g_strcmp0 (GUM_CONFIG_GENERAL_SYS_UID_MIN, key) == 0 ||
g_strcmp0 (GUM_CONFIG_GENERAL_SYS_UID_MAX, key) == 0 ||
+ g_strcmp0 (GUM_CONFIG_GENERAL_SEC_UID_MIN, key) == 0 ||
+ g_strcmp0 (GUM_CONFIG_GENERAL_SEC_UID_MAX, key) == 0 ||
g_strcmp0 (GUM_CONFIG_GENERAL_GID_MIN, key) == 0 ||
g_strcmp0 (GUM_CONFIG_GENERAL_GID_MAX, key) == 0 ||
g_strcmp0 (GUM_CONFIG_GENERAL_SYS_GID_MIN, key) == 0 ||
}
gum_config_set_string (self, GUM_CONFIG_GENERAL_SHELL, GUM_SHELL);
+ gum_config_set_string (self, GUM_CONFIG_GENERAL_SEC_SHELL, GUM_SHELL);
gum_config_set_string (self, GUM_CONFIG_GENERAL_SKEL_DIR, GUM_SKEL_DIR);
gum_config_set_uint (self, GUM_CONFIG_GENERAL_UID_MIN, UID_MIN);
gum_config_set_uint (self, GUM_CONFIG_GENERAL_UID_MAX, UID_MAX);
gum_config_set_uint (self, GUM_CONFIG_GENERAL_SYS_UID_MIN, SYS_UID_MIN);
gum_config_set_uint (self, GUM_CONFIG_GENERAL_SYS_UID_MAX, SYS_UID_MAX);
+ gum_config_set_uint (self, GUM_CONFIG_GENERAL_SEC_UID_MIN, SEC_UID_MIN);
+ gum_config_set_uint (self, GUM_CONFIG_GENERAL_SEC_UID_MAX, SEC_UID_MAX);
gum_config_set_uint (self, GUM_CONFIG_GENERAL_GID_MIN, GID_MIN);
gum_config_set_uint (self, GUM_CONFIG_GENERAL_GID_MAX, GID_MAX);
{GUM_USERTYPE_SYSTEM, "system"},
{GUM_USERTYPE_ADMIN, "admin"},
{GUM_USERTYPE_GUEST, "guest"},
- {GUM_USERTYPE_NORMAL, "normal"}
+ {GUM_USERTYPE_NORMAL, "normal"},
+ {GUM_USERTYPE_SECURITY, "security"}
};
gint16
if (ut == GUM_USERTYPE_SYSTEM)
*min = (uid_t) gum_config_get_uint (config,
GUM_CONFIG_GENERAL_SYS_UID_MIN, GUM_USER_INVALID_UID);
+ else if (ut == GUM_USERTYPE_SECURITY)
+ *min = (uid_t) gum_config_get_uint (config,
+ GUM_CONFIG_GENERAL_SEC_UID_MIN, GUM_USER_INVALID_UID);
else
*min = (uid_t) gum_config_get_uint (config,
GUM_CONFIG_GENERAL_UID_MIN, GUM_USER_INVALID_UID);
if (ut == GUM_USERTYPE_SYSTEM)
*max = (uid_t) gum_config_get_uint (config,
GUM_CONFIG_GENERAL_SYS_UID_MAX, GUM_USER_INVALID_UID);
+ else if (ut == GUM_USERTYPE_SECURITY)
+ *max = (uid_t) gum_config_get_uint (config,
+ GUM_CONFIG_GENERAL_SEC_UID_MAX, GUM_USER_INVALID_UID);
else
*max = (uid_t) gum_config_get_uint (config,
GUM_CONFIG_GENERAL_UID_MAX, GUM_USER_INVALID_UID);
uid_t *uid,
GError **error)
{
+ GumUserType usertype = GUM_USERTYPE_NONE;
DBG ("");
/* reset uid if set
*** copy skel files and set permissions
* unlock db
*/
- if (_get_usertype_from_gecos (self->priv->pw) == GUM_USERTYPE_NONE) {
+ usertype = _get_usertype_from_gecos (self->priv->pw);
+ if (usertype == GUM_USERTYPE_NONE) {
GUM_RETURN_WITH_ERROR (GUM_ERROR_USER_INVALID_USER_TYPE,
"Invalid user type", error, FALSE);
}
if (!self->priv->pw->pw_shell) {
- _set_shell_property (self, gum_config_get_string (self->priv->config,
+ if (usertype == GUM_USERTYPE_SECURITY) {
+ _set_shell_property (self, gum_config_get_string (self->priv->config,
+ GUM_CONFIG_GENERAL_SEC_SHELL));
+ }
+ else {
+ _set_shell_property (self, gum_config_get_string (self->priv->config,
GUM_CONFIG_GENERAL_SHELL));
+ }
}
if (!gum_lock_pwdf_lock ()) {