From 5eda23c28c582b43b2a0a165b1750f3875c0fa84 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 23 Sep 2014 16:27:23 +0200
Subject: UTIL: Add a function to convert id_t from a number or a name

We need a custom function that would convert a numeric or string input
into uid_t. The function will be used to drop privileges in servers and
also in the PAC and IFP responders.

Includes a unit test to test all code that changed as well as a fix for
a misnamed attribute in the csv_to_uid_list function synopsis.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
---
 src/util/usertools.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
 src/util/util.c      |  1 +
 src/util/util.h      |  2 ++
 3 files changed, 47 insertions(+)

(limited to 'src/util')

diff --git a/src/util/usertools.c b/src/util/usertools.c
index 809b42d67..a0b914e2f 100644
--- a/src/util/usertools.c
+++ b/src/util/usertools.c
@@ -23,8 +23,11 @@
 #include <pcre.h>
 #include <errno.h>
 #include <talloc.h>
+#include <pwd.h>
+#include <grp.h>
 
 #include "confdb/confdb.h"
+#include "util/strtonum.h"
 #include "util/util.h"
 #include "util/safe-format-string.h"
 #include "responder/common/responder.h"
@@ -659,3 +662,44 @@ sss_get_domain_name(TALLOC_CTX *mem_ctx,
 
     return user_name;
 }
+
+errno_t sss_user_by_name_or_uid(const char *input, uid_t *_uid, gid_t *_gid)
+{
+    uid_t uid;
+    errno_t ret;
+    char *endptr;
+    struct passwd *pwd;
+
+    /* Try if it's an ID first */
+    errno = 0;
+    uid = strtouint32(input, &endptr, 10);
+    if (errno != 0 || *endptr != '\0') {
+        ret = errno;
+        if (ret == ERANGE) {
+            DEBUG(SSSDBG_OP_FAILURE,
+                  "UID [%s] is out of range.\n", input);
+            return ret;
+        }
+
+        /* Nope, maybe a username? */
+        pwd = getpwnam(input);
+    } else {
+        pwd = getpwuid(uid);
+    }
+
+    if (pwd == NULL) {
+        DEBUG(SSSDBG_OP_FAILURE,
+              "[%s] is neither a valid UID nor a user name which could be "
+              "resolved by getpwnam().\n", input);
+        return EINVAL;
+    }
+
+    if (_uid) {
+        *_uid = pwd->pw_uid;
+    }
+
+    if (_gid) {
+        *_gid = pwd->pw_gid;
+    }
+    return EOK;
+}
diff --git a/src/util/util.c b/src/util/util.c
index 7f80771ec..d78d37d97 100644
--- a/src/util/util.c
+++ b/src/util/util.c
@@ -21,6 +21,7 @@
 #include <ctype.h>
 #include <netdb.h>
 #include <poll.h>
+#include <sys/types.h>
 #include <sys/socket.h>
 #include <arpa/inet.h>
 #include <talloc.h>
diff --git a/src/util/util.h b/src/util/util.h
index df83aac7d..69074c93c 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -404,6 +404,8 @@ bool check_ipv6_addr(struct in6_addr *addr, uint8_t check);
 
 const char * const * get_known_services(void);
 
+errno_t sss_user_by_name_or_uid(const char *input, uid_t *_uid, gid_t *_gid);
+
 int split_on_separator(TALLOC_CTX *mem_ctx, const char *str,
                        const char sep, bool trim, bool skip_empty,
                        char ***_list, int *size);
-- 
cgit