assert(username);
assert(*username);
- /* We enforce some special rules for uid=0: in order to avoid
- * NSS lookups for root we hardcode its data. */
+ /* We enforce some special rules for uid=0 and uid=65534: in order to avoid NSS lookups for root we hardcode
+ * their user record data. */
- if (streq(*username, "root") || streq(*username, "0")) {
+ if (STR_IN_SET(*username, "root", "0")) {
*username = "root";
if (uid)
*uid = 0;
-
if (gid)
*gid = 0;
return 0;
}
+ if (STR_IN_SET(*username, NOBODY_USER_NAME, "65534")) {
+ *username = NOBODY_USER_NAME;
+
+ if (uid)
+ *uid = UID_NOBODY;
+ if (gid)
+ *gid = GID_NOBODY;
+
+ if (home)
+ *home = "/";
+
+ if (shell)
+ *shell = "/sbin/nologin";
+
+ return 0;
+ }
+
if (parse_uid(*username, &u) >= 0) {
errno = 0;
p = getpwuid(u);
/* We enforce some special rules for gid=0: in order to avoid
* NSS lookups for root we hardcode its data. */
- if (streq(*groupname, "root") || streq(*groupname, "0")) {
+ if (STR_IN_SET(*groupname, "root", "0")) {
*groupname = "root";
if (gid)
return 0;
}
+ if (STR_IN_SET(*groupname, NOBODY_GROUP_NAME, "65534")) {
+ *groupname = NOBODY_GROUP_NAME;
+
+ if (gid)
+ *gid = GID_NOBODY;
+
+ return 0;
+ }
+
if (parse_gid(*groupname, &id) >= 0) {
errno = 0;
g = getgrgid(id);
/* Shortcut things to avoid NSS lookups */
if (uid == 0)
return strdup("root");
+ if (uid == UID_NOBODY)
+ return strdup(NOBODY_USER_NAME);
if (uid_is_valid(uid)) {
long bufsize;
if (gid == 0)
return strdup("root");
+ if (gid == GID_NOBODY)
+ return strdup(NOBODY_GROUP_NAME);
if (gid_is_valid(gid)) {
long bufsize;
return 0;
}
- /* Hardcode home directory for root to avoid NSS */
+ /* Hardcode home directory for root and nobody to avoid NSS */
u = getuid();
if (u == 0) {
h = strdup("/root");
*_h = h;
return 0;
}
+ if (u == UID_NOBODY) {
+ h = strdup("/");
+ if (!h)
+ return -ENOMEM;
+
+ *_h = h;
+ return 0;
+ }
/* Check the database... */
errno = 0;
return 0;
}
- /* Hardcode home directory for root to avoid NSS */
+ /* Hardcode shell for root and nobody to avoid NSS */
u = getuid();
if (u == 0) {
s = strdup("/bin/sh");
*_s = s;
return 0;
}
+ if (u == UID_NOBODY) {
+ s = strdup("/sbin/nologin");
+ if (!s)
+ return -ENOMEM;
+
+ *_s = s;
+ return 0;
+ }
/* Check the database... */
errno = 0;
#include "string-util.h"
#include "user-util.h"
#include "util.h"
+#include "path-util.h"
static void test_uid_to_name_one(uid_t uid, const char *name) {
_cleanup_free_ char *t = NULL;
assert_se(valid_home("/home/foo"));
}
+static void test_get_user_creds_one(const char *id, const char *name, uid_t uid, gid_t gid, const char *home, const char *shell) {
+ const char *rhome;
+ const char *rshell;
+ uid_t ruid;
+ gid_t rgid;
+
+ assert_se(get_user_creds(&id, &ruid, &rgid, &rhome, &rshell) >= 0);
+ assert_se(streq_ptr(id, name));
+ assert_se(ruid == uid);
+ assert_se(rgid == gid);
+ assert_se(path_equal(rhome, home));
+ assert_se(path_equal(rshell, shell));
+}
+
+static void test_get_group_creds_one(const char *id, const char *name, gid_t gid) {
+ gid_t rgid;
+
+ assert_se(get_group_creds(&id, &rgid) >= 0);
+ assert_se(streq_ptr(id, name));
+ assert_se(rgid == gid);
+}
+
int main(int argc, char*argv[]) {
test_uid_to_name_one(0, "root");
+ test_uid_to_name_one(UID_NOBODY, NOBODY_USER_NAME);
test_uid_to_name_one(0xFFFF, "65535");
test_uid_to_name_one(0xFFFFFFFF, "4294967295");
test_gid_to_name_one(0, "root");
+ test_gid_to_name_one(GID_NOBODY, NOBODY_GROUP_NAME);
test_gid_to_name_one(TTY_GID, "tty");
test_gid_to_name_one(0xFFFF, "65535");
test_gid_to_name_one(0xFFFFFFFF, "4294967295");
+ test_get_user_creds_one("root", "root", 0, 0, "/root", "/bin/sh");
+ test_get_user_creds_one("0", "root", 0, 0, "/root", "/bin/sh");
+ test_get_user_creds_one(NOBODY_USER_NAME, NOBODY_USER_NAME, UID_NOBODY, GID_NOBODY, "/", "/sbin/nologin");
+ test_get_user_creds_one("65534", NOBODY_USER_NAME, UID_NOBODY, GID_NOBODY, "/", "/sbin/nologin");
+
+ test_get_group_creds_one("root", "root", 0);
+ test_get_group_creds_one("0", "root", 0);
+ test_get_group_creds_one(NOBODY_GROUP_NAME, NOBODY_GROUP_NAME, GID_NOBODY);
+ test_get_group_creds_one("65534", NOBODY_GROUP_NAME, GID_NOBODY);
+
test_parse_uid();
test_uid_ptr();