diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-09-23 16:27:23 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-22 15:43:42 +0200 |
commit | 5eda23c28c582b43b2a0a165b1750f3875c0fa84 (patch) | |
tree | 2cf532925461c2292ad4252406cb4a0ad578bbb7 /src/util | |
parent | e373fffbb8e06d0d7682d095c734e8df8a499ba0 (diff) | |
download | sssd-5eda23c28c582b43b2a0a165b1750f3875c0fa84.tar.gz sssd-5eda23c28c582b43b2a0a165b1750f3875c0fa84.tar.xz sssd-5eda23c28c582b43b2a0a165b1750f3875c0fa84.zip |
UTIL: Add a function to convert id_t from a number or a name
We need a custom function that would convert a numeric or string input
into uid_t. The function will be used to drop privileges in servers and
also in the PAC and IFP responders.
Includes a unit test to test all code that changed as well as a fix for
a misnamed attribute in the csv_to_uid_list function synopsis.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'src/util')
-rw-r--r-- | src/util/usertools.c | 44 | ||||
-rw-r--r-- | src/util/util.c | 1 | ||||
-rw-r--r-- | src/util/util.h | 2 |
3 files changed, 47 insertions, 0 deletions
diff --git a/src/util/usertools.c b/src/util/usertools.c index 809b42d67..a0b914e2f 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -23,8 +23,11 @@ #include <pcre.h> #include <errno.h> #include <talloc.h> +#include <pwd.h> +#include <grp.h> #include "confdb/confdb.h" +#include "util/strtonum.h" #include "util/util.h" #include "util/safe-format-string.h" #include "responder/common/responder.h" @@ -659,3 +662,44 @@ sss_get_domain_name(TALLOC_CTX *mem_ctx, return user_name; } + +errno_t sss_user_by_name_or_uid(const char *input, uid_t *_uid, gid_t *_gid) +{ + uid_t uid; + errno_t ret; + char *endptr; + struct passwd *pwd; + + /* Try if it's an ID first */ + errno = 0; + uid = strtouint32(input, &endptr, 10); + if (errno != 0 || *endptr != '\0') { + ret = errno; + if (ret == ERANGE) { + DEBUG(SSSDBG_OP_FAILURE, + "UID [%s] is out of range.\n", input); + return ret; + } + + /* Nope, maybe a username? */ + pwd = getpwnam(input); + } else { + pwd = getpwuid(uid); + } + + if (pwd == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "[%s] is neither a valid UID nor a user name which could be " + "resolved by getpwnam().\n", input); + return EINVAL; + } + + if (_uid) { + *_uid = pwd->pw_uid; + } + + if (_gid) { + *_gid = pwd->pw_gid; + } + return EOK; +} diff --git a/src/util/util.c b/src/util/util.c index 7f80771ec..d78d37d97 100644 --- a/src/util/util.c +++ b/src/util/util.c @@ -21,6 +21,7 @@ #include <ctype.h> #include <netdb.h> #include <poll.h> +#include <sys/types.h> #include <sys/socket.h> #include <arpa/inet.h> #include <talloc.h> diff --git a/src/util/util.h b/src/util/util.h index df83aac7d..69074c93c 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -404,6 +404,8 @@ bool check_ipv6_addr(struct in6_addr *addr, uint8_t check); const char * const * get_known_services(void); +errno_t sss_user_by_name_or_uid(const char *input, uid_t *_uid, gid_t *_gid); + int split_on_separator(TALLOC_CTX *mem_ctx, const char *str, const char sep, bool trim, bool skip_empty, char ***_list, int *size); |