diff options
Diffstat (limited to 'src/libnm-systemd-shared/src/basic/user-util.h')
-rw-r--r-- | src/libnm-systemd-shared/src/basic/user-util.h | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/src/libnm-systemd-shared/src/basic/user-util.h b/src/libnm-systemd-shared/src/basic/user-util.h index 8b829a9ae2..9d07ef31d2 100644 --- a/src/libnm-systemd-shared/src/basic/user-util.h +++ b/src/libnm-systemd-shared/src/basic/user-util.h @@ -42,8 +42,8 @@ typedef enum UserCredsFlags { USER_CREDS_CLEAN = 1 << 2, /* try to clean up shell and home fields with invalid data */ } UserCredsFlags; -int get_user_creds(const char **username, uid_t *uid, gid_t *gid, const char **home, const char **shell, UserCredsFlags flags); -int get_group_creds(const char **groupname, gid_t *gid, UserCredsFlags flags); +int get_user_creds(const char **username, uid_t *ret_uid, gid_t *ret_gid, const char **ret_home, const char **ret_shell, UserCredsFlags flags); +int get_group_creds(const char **groupname, gid_t *ret_gid, UserCredsFlags flags); char* uid_to_name(uid_t uid); char* gid_to_name(gid_t gid); @@ -57,7 +57,10 @@ int getgroups_alloc(gid_t** gids); int get_home_dir(char **ret); int get_shell(char **ret); -int reset_uid_gid(void); +int fully_set_uid_gid(uid_t uid, gid_t gid, const gid_t supplementary_gids[], size_t n_supplementary_gids); +static inline int reset_uid_gid(void) { + return fully_set_uid_gid(0, 0, NULL, 0); +} int take_etc_passwd_lock(const char *root); @@ -69,13 +72,13 @@ int take_etc_passwd_lock(const char *root); /* If REMOUNT_IDMAPPING_HOST_ROOT is set for remount_idmap() we'll include a mapping here that maps the host * root user accessing the idmapped mount to the this user ID on the backing fs. This is the last valid UID in - * the *signed* 32bit range. You might wonder why precisely use this specific UID for this purpose? Well, we + * the *signed* 32-bit range. You might wonder why precisely use this specific UID for this purpose? Well, we * definitely cannot use the first 0…65536 UIDs for that, since in most cases that's precisely the file range * we intend to map to some high UID range, and since UID mappings have to be bijective we thus cannot use - * them at all. Furthermore the UID range beyond INT32_MAX (i.e. the range above the signed 32bit range) is + * them at all. Furthermore the UID range beyond INT32_MAX (i.e. the range above the signed 32-bit range) is * icky, since many APIs cannot use it (example: setfsuid() returns the old UID as signed integer). Following - * our usual logic of assigning a 16bit UID range to each container, so that the upper 16bit of a 32bit UID - * value indicate kind of a "container ID" and the lower 16bit map directly to the intended user you can read + * our usual logic of assigning a 16-bit UID range to each container, so that the upper 16-bit of a 32-bit UID + * value indicate kind of a "container ID" and the lower 16-bit map directly to the intended user you can read * this specific UID as the "nobody" user of the container with ID 0x7FFF, which is kinda nice. */ #define UID_MAPPED_ROOT ((uid_t) (INT32_MAX-1)) #define GID_MAPPED_ROOT ((gid_t) (INT32_MAX-1)) @@ -155,3 +158,9 @@ static inline bool hashed_password_is_locked_or_invalid(const char *password) { * Also see https://github.com/systemd/systemd/pull/24680#pullrequestreview-1439464325. */ #define PASSWORD_UNPROVISIONED "!unprovisioned" + +int getpwuid_malloc(uid_t uid, struct passwd **ret); +int getpwnam_malloc(const char *name, struct passwd **ret); + +int getgrnam_malloc(const char *name, struct group **ret); +int getgrgid_malloc(gid_t gid, struct group **ret); |