rpms / systemd

Clone
Source Code
GIT

Blame SOURCES/0472-shared-user-util-allow-usernames-with-dots-in-specif.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-atomic-beta c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c8s-sig-hyperscale c8s-sig-hyperscale-hotfix-252 c9 c9-beta c9s-sig-hyperscale c9s-sig-hyperscale-hotfix-252
  1.   c8s
  2.   SOURCES
  3.   0472-shared-user-util-allow-usernames-with-dots-in-specif.patch
Blob History Raw
8be66a 
From 40dff18947fa198810db4cd3e5291349fc84a0e8 Mon Sep 17 00:00:00 2001
8be66a 
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
8be66a 
Date: Thu, 1 Aug 2019 10:02:14 +0200
8be66a 
Subject: [PATCH] shared/user-util: allow usernames with dots in specific
8be66a 
 fields
8be66a
8be66a 
People do have usernames with dots, and it makes them very unhappy that systemd
8be66a 
doesn't like their that. It seems that there is no actual problem with allowing
8be66a 
dots in the username. In particular chown declares ":" as the official
8be66a 
separator, and internally in systemd we never rely on "." as the seperator
8be66a 
between user and group (nor do we call chown directly). Using dots in the name
8be66a 
is probably not a very good idea, but we don't need to care. Debian tools
8be66a 
(adduser) do not allow users with dots to be created.
8be66a
8be66a 
This patch allows *existing* names with dots to be used in User, Group,
8be66a 
SupplementaryGroups, SocketUser, SocketGroup fields, both in unit files and on
8be66a 
the command line. DynamicUsers and sysusers still follow the strict policy.
8be66a 
user@.service and tmpfiles already allowed arbitrary user names, and this
8be66a 
remains unchanged.
8be66a
8be66a 
Fixes #12754.
8be66a
8be66a 
(cherry picked from commit ae480f0b09aec815b64579bb1828ea935d8ee236)
8be66a
8be66a 
Related: #1848373
8be66a 
---
8be66a 
 src/core/dbus-execute.c               | 12 ++++++------
8be66a 
 src/core/dbus-socket.c                |  4 ++--
8be66a 
 src/core/dbus-util.c                  |  2 +-
8be66a 
 src/core/dbus-util.h                  |  2 +-
8be66a 
 src/core/load-fragment-gperf.gperf.m4 | 10 +++++-----
8be66a 
 src/core/load-fragment.c              |  8 ++++----
8be66a 
 src/core/load-fragment.h              |  4 ++--
8be66a 
 7 files changed, 21 insertions(+), 21 deletions(-)
8be66a
8be66a 
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
8be66a 
index 0fe4c14e48..e004fb55c9 100644
8be66a 
--- a/src/core/dbus-execute.c
8be66a 
+++ b/src/core/dbus-execute.c
8be66a 
@@ -1113,10 +1113,10 @@ int bus_exec_context_set_transient_property(
8be66a 
         flags |= UNIT_PRIVATE;
8be66a
8be66a 
         if (streq(name, "User"))
8be66a 
-                return bus_set_transient_user(u, name, &c->user, message, flags, error);
8be66a 
+                return bus_set_transient_user_compat(u, name, &c->user, message, flags, error);
8be66a
8be66a 
         if (streq(name, "Group"))
8be66a 
-                return bus_set_transient_user(u, name, &c->group, message, flags, error);
8be66a 
+                return bus_set_transient_user_compat(u, name, &c->group, message, flags, error);
8be66a
8be66a 
         if (streq(name, "TTYPath"))
8be66a 
                 return bus_set_transient_path(u, name, &c->tty_path, message, flags, error);
8be66a 
@@ -1297,10 +1297,10 @@ int bus_exec_context_set_transient_property(
8be66a 
                 if (r < 0)
8be66a 
                         return r;
8be66a
8be66a 
-                STRV_FOREACH(p, l) {
8be66a 
-                        if (!isempty(*p) && !valid_user_group_name_or_id(*p))
8be66a 
-                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid supplementary group names");
8be66a 
-                }
8be66a 
+                STRV_FOREACH(p, l)
8be66a 
+                        if (!isempty(*p) && !valid_user_group_name_or_id_compat(*p))
8be66a 
+                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
8be66a 
+                                                         "Invalid supplementary group names");
8be66a
8be66a 
                 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
8be66a 
                         if (strv_isempty(l)) {
8be66a 
diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c
8be66a 
index bb77539030..8fdbc05409 100644
8be66a 
--- a/src/core/dbus-socket.c
8be66a 
+++ b/src/core/dbus-socket.c
8be66a 
@@ -281,10 +281,10 @@ static int bus_socket_set_transient_property(
8be66a 
                 return bus_set_transient_fdname(u, name, &s->fdname, message, flags, error);
8be66a
8be66a 
         if (streq(name, "SocketUser"))
8be66a 
-                return bus_set_transient_user(u, name, &s->user, message, flags, error);
8be66a 
+                return bus_set_transient_user_compat(u, name, &s->user, message, flags, error);
8be66a
8be66a 
         if (streq(name, "SocketGroup"))
8be66a 
-                return bus_set_transient_user(u, name, &s->group, message, flags, error);
8be66a 
+                return bus_set_transient_user_compat(u, name, &s->group, message, flags, error);
8be66a
8be66a 
         if (streq(name, "BindIPv6Only"))
8be66a 
                 return bus_set_transient_bind_ipv6_only(u, name, &s->bind_ipv6_only, message, flags, error);
8be66a 
diff --git a/src/core/dbus-util.c b/src/core/dbus-util.c
8be66a 
index f4fbb72cb9..7862beaacb 100644
8be66a 
--- a/src/core/dbus-util.c
8be66a 
+++ b/src/core/dbus-util.c
8be66a 
@@ -30,7 +30,7 @@ int bus_property_get_triggered_unit(
8be66a
8be66a 
 BUS_DEFINE_SET_TRANSIENT(mode_t, "u", uint32_t, mode_t, "%040o");
8be66a 
 BUS_DEFINE_SET_TRANSIENT(unsigned, "u", uint32_t, unsigned, "%" PRIu32);
8be66a 
-BUS_DEFINE_SET_TRANSIENT_STRING_WITH_CHECK(user, valid_user_group_name_or_id);
8be66a 
+BUS_DEFINE_SET_TRANSIENT_STRING_WITH_CHECK(user_compat, valid_user_group_name_or_id_compat);
8be66a 
 BUS_DEFINE_SET_TRANSIENT_STRING_WITH_CHECK(path, path_is_absolute);
8be66a
8be66a 
 int bus_set_transient_string(
8be66a 
diff --git a/src/core/dbus-util.h b/src/core/dbus-util.h
8be66a 
index 12b055e4ac..a3316c6701 100644
8be66a 
--- a/src/core/dbus-util.h
8be66a 
+++ b/src/core/dbus-util.h
8be66a 
@@ -235,7 +235,7 @@ int bus_property_get_triggered_unit(sd_bus *bus, const char *path, const char *i
8be66a
8be66a 
 int bus_set_transient_mode_t(Unit *u, const char *name, mode_t *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
8be66a 
 int bus_set_transient_unsigned(Unit *u, const char *name, unsigned *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
8be66a 
-int bus_set_transient_user(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
8be66a 
+int bus_set_transient_user_compat(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
8be66a 
 int bus_set_transient_path(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
8be66a 
 int bus_set_transient_string(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
8be66a 
 int bus_set_transient_bool(Unit *u, const char *name, bool *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
8be66a 
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
8be66a 
index 24ee5ae6fe..156a4d0a6d 100644
8be66a 
--- a/src/core/load-fragment-gperf.gperf.m4
8be66a 
+++ b/src/core/load-fragment-gperf.gperf.m4
8be66a 
@@ -25,9 +25,9 @@ m4_define(`EXEC_CONTEXT_CONFIG_ITEMS',
8be66a 
 `$1.WorkingDirectory,            config_parse_working_directory,     0,                             offsetof($1, exec_context)
8be66a 
 $1.RootDirectory,                config_parse_unit_path_printf,      true,                          offsetof($1, exec_context.root_directory)
8be66a 
 $1.RootImage,                    config_parse_unit_path_printf,      true,                          offsetof($1, exec_context.root_image)
8be66a 
-$1.User,                         config_parse_user_group,            0,                             offsetof($1, exec_context.user)
8be66a 
-$1.Group,                        config_parse_user_group,            0,                             offsetof($1, exec_context.group)
8be66a 
-$1.SupplementaryGroups,          config_parse_user_group_strv,       0,                             offsetof($1, exec_context.supplementary_groups)
8be66a 
+$1.User,                         config_parse_user_group_compat,     0,                             offsetof($1, exec_context.user)
8be66a 
+$1.Group,                        config_parse_user_group_compat,     0,                             offsetof($1, exec_context.group)
8be66a 
+$1.SupplementaryGroups,          config_parse_user_group_strv_compat, 0,                            offsetof($1, exec_context.supplementary_groups)
8be66a 
 $1.Nice,                         config_parse_exec_nice,             0,                             offsetof($1, exec_context)
8be66a 
 $1.OOMScoreAdjust,               config_parse_exec_oom_score_adjust, 0,                             offsetof($1, exec_context)
8be66a 
 $1.IOSchedulingClass,            config_parse_exec_io_class,         0,                             offsetof($1, exec_context)
8be66a 
@@ -354,8 +354,8 @@ Socket.ExecStartPost,            config_parse_exec,                  SOCKET_EXEC
8be66a 
 Socket.ExecStopPre,              config_parse_exec,                  SOCKET_EXEC_STOP_PRE,          offsetof(Socket, exec_command)
8be66a 
 Socket.ExecStopPost,             config_parse_exec,                  SOCKET_EXEC_STOP_POST,         offsetof(Socket, exec_command)
8be66a 
 Socket.TimeoutSec,               config_parse_sec_fix_0,             0,                             offsetof(Socket, timeout_usec)
8be66a 
-Socket.SocketUser,               config_parse_user_group,            0,                             offsetof(Socket, user)
8be66a 
-Socket.SocketGroup,              config_parse_user_group,            0,                             offsetof(Socket, group)
8be66a 
+Socket.SocketUser,               config_parse_user_group_compat,     0,                             offsetof(Socket, user)
8be66a 
+Socket.SocketGroup,              config_parse_user_group_compat,     0,                             offsetof(Socket, group)
8be66a 
 Socket.SocketMode,               config_parse_mode,                  0,                             offsetof(Socket, socket_mode)
8be66a 
 Socket.DirectoryMode,            config_parse_mode,                  0,                             offsetof(Socket, directory_mode)
8be66a 
 Socket.Accept,                   config_parse_bool,                  0,                             offsetof(Socket, accept)
8be66a 
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
8be66a 
index 740401a582..ba81d94504 100644
8be66a 
--- a/src/core/load-fragment.c
8be66a 
+++ b/src/core/load-fragment.c
8be66a 
@@ -1899,7 +1899,7 @@ int config_parse_sec_fix_0(
8be66a 
         return 0;
8be66a 
 }
8be66a
8be66a 
-int config_parse_user_group(
8be66a 
+int config_parse_user_group_compat(
8be66a 
                 const char *unit,
8be66a 
                 const char *filename,
8be66a 
                 unsigned line,
8be66a 
@@ -1932,7 +1932,7 @@ int config_parse_user_group(
8be66a 
                 return -ENOEXEC;
8be66a 
         }
8be66a
8be66a 
-        if (!valid_user_group_name_or_id(k)) {
8be66a 
+        if (!valid_user_group_name_or_id_compat(k)) {
8be66a 
                 log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
8be66a 
                 return -ENOEXEC;
8be66a 
         }
8be66a 
@@ -1940,7 +1940,7 @@ int config_parse_user_group(
8be66a 
         return free_and_replace(*user, k);
8be66a 
 }
8be66a
8be66a 
-int config_parse_user_group_strv(
8be66a 
+int config_parse_user_group_strv_compat(
8be66a 
                 const char *unit,
8be66a 
                 const char *filename,
8be66a 
                 unsigned line,
8be66a 
@@ -1986,7 +1986,7 @@ int config_parse_user_group_strv(
8be66a 
                         return -ENOEXEC;
8be66a 
                 }
8be66a
8be66a 
-                if (!valid_user_group_name_or_id(k)) {
8be66a 
+                if (!valid_user_group_name_or_id_compat(k)) {
8be66a 
                         log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
8be66a 
                         return -ENOEXEC;
8be66a 
                 }
8be66a 
diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h
8be66a 
index 65a94d53cc..f9d34d484d 100644
8be66a 
--- a/src/core/load-fragment.h
8be66a 
+++ b/src/core/load-fragment.h
8be66a 
@@ -96,8 +96,8 @@ CONFIG_PARSER_PROTOTYPE(config_parse_exec_utmp_mode);
8be66a 
 CONFIG_PARSER_PROTOTYPE(config_parse_working_directory);
8be66a 
 CONFIG_PARSER_PROTOTYPE(config_parse_fdname);
8be66a 
 CONFIG_PARSER_PROTOTYPE(config_parse_sec_fix_0);
8be66a 
-CONFIG_PARSER_PROTOTYPE(config_parse_user_group);
8be66a 
-CONFIG_PARSER_PROTOTYPE(config_parse_user_group_strv);
8be66a 
+CONFIG_PARSER_PROTOTYPE(config_parse_user_group_compat);
8be66a 
+CONFIG_PARSER_PROTOTYPE(config_parse_user_group_strv_compat);
8be66a 
 CONFIG_PARSER_PROTOTYPE(config_parse_restrict_namespaces);
8be66a 
 CONFIG_PARSER_PROTOTYPE(config_parse_bind_paths);
8be66a 
 CONFIG_PARSER_PROTOTYPE(config_parse_exec_keyring_mode);

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation