summaryrefslogtreecommitdiff
path: root/src/shared/util.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2013-12-16 04:59:31 +0100
committerLennart Poettering <lennart@poettering.net>2013-12-16 04:59:31 +0100
commit2cfbd749af308bdbe56edcfed7f3eea0fc2b93d2 (patch)
treeee79409a34b1f30d7323bb68064aed7183b0e0a6 /src/shared/util.c
parent213298fb822258bb69c6b85b7c8d7f019fd2306a (diff)
core: refuse doing %h, %s, %U specifier resolving in PID 1
These specifiers require NSS lookups to work, and we really shouldn't do them from PID 1 hence. With this change they are now only supported for user systemd instance, or when the configured user for a unit is root.
Diffstat (limited to 'src/shared/util.c')
-rw-r--r--src/shared/util.c51
1 files changed, 49 insertions, 2 deletions
diff --git a/src/shared/util.c b/src/shared/util.c
index b5ffaa1c3c..20aec2a5c9 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -5220,10 +5220,10 @@ int make_console_stdio(void) {
}
int get_home_dir(char **_h) {
- char *h;
+ struct passwd *p;
const char *e;
+ char *h;
uid_t u;
- struct passwd *p;
assert(_h);
@@ -5266,6 +5266,53 @@ int get_home_dir(char **_h) {
return 0;
}
+int get_shell(char **_s) {
+ struct passwd *p;
+ const char *e;
+ char *s;
+ uid_t u;
+
+ assert(_s);
+
+ /* Take the user specified one */
+ e = getenv("SHELL");
+ if (e) {
+ s = strdup(e);
+ if (!s)
+ return -ENOMEM;
+
+ *_s = s;
+ return 0;
+ }
+
+ /* Hardcode home directory for root to avoid NSS */
+ u = getuid();
+ if (u == 0) {
+ s = strdup("/bin/sh");
+ if (!s)
+ return -ENOMEM;
+
+ *_s = s;
+ return 0;
+ }
+
+ /* Check the database... */
+ errno = 0;
+ p = getpwuid(u);
+ if (!p)
+ return errno > 0 ? -errno : -ESRCH;
+
+ if (!path_is_absolute(p->pw_shell))
+ return -EINVAL;
+
+ s = strdup(p->pw_shell);
+ if (!s)
+ return -ENOMEM;
+
+ *_s = s;
+ return 0;
+}
+
bool filename_is_safe(const char *p) {
if (isempty(p))