mirror of
git://git.sv.gnu.org/coreutils.git
synced 2026-02-23 23:56:08 +02:00
8dfcf38af1
Run "make update-copyright" and then... * gnulib: Update to latest with copyright year adjusted. * tests/init.sh: Sync with gnulib to pick up copyright year. * bootstrap: Likewise. * tests/sample-test: Adjust to use the single most recent year.
465 lines
14 KiB
C
465 lines
14 KiB
C
/* id -- print real and effective UIDs and GIDs
|
|
Copyright (C) 1989-2019 Free Software Foundation, Inc.
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <https://www.gnu.org/licenses/>. */
|
|
|
|
/* Written by Arnold Robbins.
|
|
Major rewrite by David MacKenzie, djm@gnu.ai.mit.edu. */
|
|
|
|
#include <config.h>
|
|
#include <stdio.h>
|
|
#include <sys/types.h>
|
|
#include <pwd.h>
|
|
#include <grp.h>
|
|
#include <getopt.h>
|
|
#include <selinux/selinux.h>
|
|
|
|
#include "system.h"
|
|
#include "die.h"
|
|
#include "error.h"
|
|
#include "mgetgroups.h"
|
|
#include "quote.h"
|
|
#include "group-list.h"
|
|
#include "smack.h"
|
|
#include "userspec.h"
|
|
|
|
/* The official name of this program (e.g., no 'g' prefix). */
|
|
#define PROGRAM_NAME "id"
|
|
|
|
#define AUTHORS \
|
|
proper_name ("Arnold Robbins"), \
|
|
proper_name ("David MacKenzie")
|
|
|
|
/* If nonzero, output only the SELinux context. */
|
|
static bool just_context = 0;
|
|
/* If true, delimit entries with NUL characters, not whitespace */
|
|
static bool opt_zero = false;
|
|
/* If true, output the list of all group IDs. -G */
|
|
static bool just_group_list = false;
|
|
/* If true, output only the group ID(s). -g */
|
|
static bool just_group = false;
|
|
/* If true, output real UID/GID instead of default effective UID/GID. -r */
|
|
static bool use_real = false;
|
|
/* If true, output only the user ID(s). -u */
|
|
static bool just_user = false;
|
|
/* True unless errors have been encountered. */
|
|
static bool ok = true;
|
|
/* If true, we are using multiple users. Terminate -G with double NUL. */
|
|
static bool multiple_users = false;
|
|
/* If true, output user/group name instead of ID number. -n */
|
|
static bool use_name = false;
|
|
|
|
/* The real and effective IDs of the user to print. */
|
|
static uid_t ruid, euid;
|
|
static gid_t rgid, egid;
|
|
|
|
/* The SELinux context. Start with a known invalid value so print_full_info
|
|
knows when 'context' has not been set to a meaningful value. */
|
|
static char *context = NULL;
|
|
|
|
static void print_user (uid_t uid);
|
|
static void print_full_info (const char *username);
|
|
static void print_stuff (const char *pw_name);
|
|
|
|
static struct option const longopts[] =
|
|
{
|
|
{"context", no_argument, NULL, 'Z'},
|
|
{"group", no_argument, NULL, 'g'},
|
|
{"groups", no_argument, NULL, 'G'},
|
|
{"name", no_argument, NULL, 'n'},
|
|
{"real", no_argument, NULL, 'r'},
|
|
{"user", no_argument, NULL, 'u'},
|
|
{"zero", no_argument, NULL, 'z'},
|
|
{GETOPT_HELP_OPTION_DECL},
|
|
{GETOPT_VERSION_OPTION_DECL},
|
|
{NULL, 0, NULL, 0}
|
|
};
|
|
|
|
void
|
|
usage (int status)
|
|
{
|
|
if (status != EXIT_SUCCESS)
|
|
emit_try_help ();
|
|
else
|
|
{
|
|
printf (_("Usage: %s [OPTION]... [USER]...\n"), program_name);
|
|
fputs (_("\
|
|
Print user and group information for each specified USER,\n\
|
|
or (when USER omitted) for the current user.\n\
|
|
\n"),
|
|
stdout);
|
|
fputs (_("\
|
|
-a ignore, for compatibility with other versions\n\
|
|
-Z, --context print only the security context of the process\n\
|
|
-g, --group print only the effective group ID\n\
|
|
-G, --groups print all group IDs\n\
|
|
-n, --name print a name instead of a number, for -ugG\n\
|
|
-r, --real print the real ID instead of the effective ID, with -ugG\n\
|
|
-u, --user print only the effective user ID\n\
|
|
-z, --zero delimit entries with NUL characters, not whitespace;\n\
|
|
not permitted in default format\n\
|
|
"), stdout);
|
|
fputs (HELP_OPTION_DESCRIPTION, stdout);
|
|
fputs (VERSION_OPTION_DESCRIPTION, stdout);
|
|
fputs (_("\
|
|
\n\
|
|
Without any OPTION, print some useful set of identified information.\n\
|
|
"), stdout);
|
|
emit_ancillary_info (PROGRAM_NAME);
|
|
}
|
|
exit (status);
|
|
}
|
|
|
|
int
|
|
main (int argc, char **argv)
|
|
{
|
|
int optc;
|
|
int selinux_enabled = (is_selinux_enabled () > 0);
|
|
bool smack_enabled = is_smack_enabled ();
|
|
char *pw_name = NULL;
|
|
|
|
initialize_main (&argc, &argv);
|
|
set_program_name (argv[0]);
|
|
setlocale (LC_ALL, "");
|
|
bindtextdomain (PACKAGE, LOCALEDIR);
|
|
textdomain (PACKAGE);
|
|
|
|
atexit (close_stdout);
|
|
|
|
while ((optc = getopt_long (argc, argv, "agnruzGZ", longopts, NULL)) != -1)
|
|
{
|
|
switch (optc)
|
|
{
|
|
case 'a':
|
|
/* Ignore -a, for compatibility with SVR4. */
|
|
break;
|
|
|
|
case 'Z':
|
|
/* politely decline if we're not on a SELinux/SMACK-enabled kernel. */
|
|
#ifdef HAVE_SMACK
|
|
if (!selinux_enabled && !smack_enabled)
|
|
die (EXIT_FAILURE, 0,
|
|
_("--context (-Z) works only on "
|
|
"an SELinux/SMACK-enabled kernel"));
|
|
#else
|
|
if (!selinux_enabled)
|
|
die (EXIT_FAILURE, 0,
|
|
_("--context (-Z) works only on an SELinux-enabled kernel"));
|
|
#endif
|
|
just_context = true;
|
|
break;
|
|
|
|
case 'g':
|
|
just_group = true;
|
|
break;
|
|
case 'n':
|
|
use_name = true;
|
|
break;
|
|
case 'r':
|
|
use_real = true;
|
|
break;
|
|
case 'u':
|
|
just_user = true;
|
|
break;
|
|
case 'z':
|
|
opt_zero = true;
|
|
break;
|
|
case 'G':
|
|
just_group_list = true;
|
|
break;
|
|
case_GETOPT_HELP_CHAR;
|
|
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
|
|
default:
|
|
usage (EXIT_FAILURE);
|
|
}
|
|
}
|
|
|
|
size_t n_ids = argc - optind;
|
|
|
|
if (n_ids && just_context)
|
|
die (EXIT_FAILURE, 0,
|
|
_("cannot print security context when user specified"));
|
|
|
|
if (just_user + just_group + just_group_list + just_context > 1)
|
|
die (EXIT_FAILURE, 0, _("cannot print \"only\" of more than one choice"));
|
|
|
|
bool default_format = ! (just_user
|
|
|| just_group
|
|
|| just_group_list
|
|
|| just_context);
|
|
|
|
if (default_format && (use_real || use_name))
|
|
die (EXIT_FAILURE, 0,
|
|
_("cannot print only names or real IDs in default format"));
|
|
|
|
if (default_format && opt_zero)
|
|
die (EXIT_FAILURE, 0,
|
|
_("option --zero not permitted in default format"));
|
|
|
|
/* If we are on a SELinux/SMACK-enabled kernel, no user is specified, and
|
|
either --context is specified or none of (-u,-g,-G) is specified,
|
|
and we're not in POSIXLY_CORRECT mode, get our context. Otherwise,
|
|
leave the context variable alone - it has been initialized to an
|
|
invalid value that will be not displayed in print_full_info(). */
|
|
if (n_ids == 0
|
|
&& (just_context
|
|
|| (default_format && ! getenv ("POSIXLY_CORRECT"))))
|
|
{
|
|
/* Report failure only if --context (-Z) was explicitly requested. */
|
|
if ((selinux_enabled && getcon (&context) && just_context)
|
|
|| (smack_enabled
|
|
&& smack_new_label_from_self (&context) < 0
|
|
&& just_context))
|
|
die (EXIT_FAILURE, 0, _("can't get process context"));
|
|
}
|
|
|
|
if (n_ids >= 1)
|
|
{
|
|
multiple_users = n_ids > 1 ? true : false;
|
|
/* Changing the value of n_ids to the last index in the array where we
|
|
have the last possible user id. This helps us because we don't have
|
|
to declare a different variable to keep a track of where the
|
|
last username lies in argv[]. */
|
|
n_ids += optind;
|
|
/* For each username/userid to get its pw_name field */
|
|
for (; optind < n_ids; optind++)
|
|
{
|
|
struct passwd *pwd = NULL;
|
|
const char *spec = argv[optind];
|
|
/* Disallow an empty spec here as parse_user_spec() doesn't
|
|
give an error for that as it seems it's a valid way to
|
|
specify a noop or "reset special bits" depending on the system. */
|
|
if (*spec)
|
|
{
|
|
if (parse_user_spec (spec, &euid, NULL, NULL, NULL) == NULL)
|
|
{
|
|
/* parse_user_spec will only extract a numeric spec,
|
|
so we lookup that here to verify and also retrieve
|
|
the PW_NAME used subsequently in group lookup. */
|
|
pwd = getpwuid (euid);
|
|
}
|
|
}
|
|
if (pwd == NULL)
|
|
{
|
|
error (0, errno, _("%s: no such user"), quote (argv[optind]));
|
|
ok &= false;
|
|
continue;
|
|
}
|
|
pw_name = xstrdup (pwd->pw_name);
|
|
ruid = euid = pwd->pw_uid;
|
|
rgid = egid = pwd->pw_gid;
|
|
print_stuff (pw_name);
|
|
free (pw_name);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
/* POSIX says identification functions (getuid, getgid, and
|
|
others) cannot fail, but they can fail under GNU/Hurd and a
|
|
few other systems. Test for failure by checking errno. */
|
|
uid_t NO_UID = -1;
|
|
gid_t NO_GID = -1;
|
|
|
|
if (just_user ? !use_real
|
|
: !just_group && !just_group_list && !just_context)
|
|
{
|
|
errno = 0;
|
|
euid = geteuid ();
|
|
if (euid == NO_UID && errno)
|
|
die (EXIT_FAILURE, errno, _("cannot get effective UID"));
|
|
}
|
|
|
|
if (just_user ? use_real
|
|
: !just_group && (just_group_list || !just_context))
|
|
{
|
|
errno = 0;
|
|
ruid = getuid ();
|
|
if (ruid == NO_UID && errno)
|
|
die (EXIT_FAILURE, errno, _("cannot get real UID"));
|
|
}
|
|
|
|
if (!just_user && (just_group || just_group_list || !just_context))
|
|
{
|
|
errno = 0;
|
|
egid = getegid ();
|
|
if (egid == NO_GID && errno)
|
|
die (EXIT_FAILURE, errno, _("cannot get effective GID"));
|
|
|
|
errno = 0;
|
|
rgid = getgid ();
|
|
if (rgid == NO_GID && errno)
|
|
die (EXIT_FAILURE, errno, _("cannot get real GID"));
|
|
}
|
|
print_stuff (pw_name);
|
|
}
|
|
|
|
return ok ? EXIT_SUCCESS : EXIT_FAILURE;
|
|
}
|
|
|
|
/* Convert a gid_t to string. Do not use this function directly.
|
|
Instead, use it via the gidtostr macro.
|
|
Beware that it returns a pointer to static storage. */
|
|
static char *
|
|
gidtostr_ptr (gid_t const *gid)
|
|
{
|
|
static char buf[INT_BUFSIZE_BOUND (uintmax_t)];
|
|
return umaxtostr (*gid, buf);
|
|
}
|
|
#define gidtostr(g) gidtostr_ptr (&(g))
|
|
|
|
/* Convert a uid_t to string. Do not use this function directly.
|
|
Instead, use it via the uidtostr macro.
|
|
Beware that it returns a pointer to static storage. */
|
|
static char *
|
|
uidtostr_ptr (uid_t const *uid)
|
|
{
|
|
static char buf[INT_BUFSIZE_BOUND (uintmax_t)];
|
|
return umaxtostr (*uid, buf);
|
|
}
|
|
#define uidtostr(u) uidtostr_ptr (&(u))
|
|
|
|
/* Print the name or value of user ID UID. */
|
|
|
|
static void
|
|
print_user (uid_t uid)
|
|
{
|
|
struct passwd *pwd = NULL;
|
|
|
|
if (use_name)
|
|
{
|
|
pwd = getpwuid (uid);
|
|
if (pwd == NULL)
|
|
{
|
|
error (0, 0, _("cannot find name for user ID %s"),
|
|
uidtostr (uid));
|
|
ok &= false;
|
|
}
|
|
}
|
|
|
|
char *s = pwd ? pwd->pw_name : uidtostr (uid);
|
|
fputs (s, stdout);
|
|
}
|
|
|
|
/* Print all of the info about the user's user and group IDs. */
|
|
|
|
static void
|
|
print_full_info (const char *username)
|
|
{
|
|
struct passwd *pwd;
|
|
struct group *grp;
|
|
|
|
printf (_("uid=%s"), uidtostr (ruid));
|
|
pwd = getpwuid (ruid);
|
|
if (pwd)
|
|
printf ("(%s)", pwd->pw_name);
|
|
|
|
printf (_(" gid=%s"), gidtostr (rgid));
|
|
grp = getgrgid (rgid);
|
|
if (grp)
|
|
printf ("(%s)", grp->gr_name);
|
|
|
|
if (euid != ruid)
|
|
{
|
|
printf (_(" euid=%s"), uidtostr (euid));
|
|
pwd = getpwuid (euid);
|
|
if (pwd)
|
|
printf ("(%s)", pwd->pw_name);
|
|
}
|
|
|
|
if (egid != rgid)
|
|
{
|
|
printf (_(" egid=%s"), gidtostr (egid));
|
|
grp = getgrgid (egid);
|
|
if (grp)
|
|
printf ("(%s)", grp->gr_name);
|
|
}
|
|
|
|
{
|
|
gid_t *groups;
|
|
|
|
gid_t primary_group;
|
|
if (username)
|
|
primary_group = pwd ? pwd->pw_gid : -1;
|
|
else
|
|
primary_group = egid;
|
|
|
|
int n_groups = xgetgroups (username, primary_group, &groups);
|
|
if (n_groups < 0)
|
|
{
|
|
if (username)
|
|
error (0, errno, _("failed to get groups for user %s"),
|
|
quote (username));
|
|
else
|
|
error (0, errno, _("failed to get groups for the current process"));
|
|
ok &= false;
|
|
return;
|
|
}
|
|
|
|
if (n_groups > 0)
|
|
fputs (_(" groups="), stdout);
|
|
for (int i = 0; i < n_groups; i++)
|
|
{
|
|
if (i > 0)
|
|
putchar (',');
|
|
fputs (gidtostr (groups[i]), stdout);
|
|
grp = getgrgid (groups[i]);
|
|
if (grp)
|
|
printf ("(%s)", grp->gr_name);
|
|
}
|
|
free (groups);
|
|
}
|
|
|
|
/* POSIX mandates the precise output format, and that it not include
|
|
any context=... part, so skip that if POSIXLY_CORRECT is set. */
|
|
if (context)
|
|
printf (_(" context=%s"), context);
|
|
}
|
|
|
|
/* Print information about the user based on the arguments passed. */
|
|
|
|
static void
|
|
print_stuff (const char *pw_name)
|
|
{
|
|
if (just_user)
|
|
print_user (use_real ? ruid : euid);
|
|
|
|
/* print_group and print_group_lists functions return true on successful
|
|
execution but false if something goes wrong. We then AND this value with
|
|
the current value of 'ok' because we want to know if one of the previous
|
|
users faced a problem in these functions. This value of 'ok' is later used
|
|
to understand what status program should exit with. */
|
|
else if (just_group)
|
|
ok &= print_group (use_real ? rgid : egid, use_name);
|
|
else if (just_group_list)
|
|
ok &= print_group_list (pw_name, ruid, rgid, egid,
|
|
use_name, opt_zero ? '\0' : ' ');
|
|
else if (just_context)
|
|
fputs (context, stdout);
|
|
else
|
|
print_full_info (pw_name);
|
|
|
|
/* When printing records for more than 1 user, at the end of groups
|
|
of each user terminate the record with two consequent NUL characters
|
|
to make parsing and distinguishing between two records possible. */
|
|
if (opt_zero && just_group_list && multiple_users)
|
|
{
|
|
putchar ('\0');
|
|
putchar ('\0');
|
|
}
|
|
else
|
|
{
|
|
putchar (opt_zero ? '\0' : '\n');
|
|
}
|
|
}
|