forked from lix-project/lix
Check that auto-allocated UIDs don't clash with existing accounts
This commit is contained in:
parent
fc14585610
commit
ff12d1c1a1
1 changed files with 9 additions and 5 deletions
|
@ -127,13 +127,10 @@ struct AutoUserLock : UserLock
|
||||||
{
|
{
|
||||||
settings.requireExperimentalFeature(Xp::AutoAllocateUids);
|
settings.requireExperimentalFeature(Xp::AutoAllocateUids);
|
||||||
assert(settings.startId > 0);
|
assert(settings.startId > 0);
|
||||||
assert(settings.startId % maxIdsPerBuild == 0);
|
|
||||||
assert(settings.uidCount % maxIdsPerBuild == 0);
|
assert(settings.uidCount % maxIdsPerBuild == 0);
|
||||||
assert((uint64_t) settings.startId + (uint64_t) settings.uidCount <= std::numeric_limits<uid_t>::max());
|
assert((uint64_t) settings.startId + (uint64_t) settings.uidCount <= std::numeric_limits<uid_t>::max());
|
||||||
assert(nrIds <= maxIdsPerBuild);
|
assert(nrIds <= maxIdsPerBuild);
|
||||||
|
|
||||||
// FIXME: check whether the id range overlaps any known users
|
|
||||||
|
|
||||||
createDirs(settings.nixStateDir + "/userpool2");
|
createDirs(settings.nixStateDir + "/userpool2");
|
||||||
|
|
||||||
size_t nrSlots = settings.uidCount / maxIdsPerBuild;
|
size_t nrSlots = settings.uidCount / maxIdsPerBuild;
|
||||||
|
@ -150,11 +147,18 @@ struct AutoUserLock : UserLock
|
||||||
throw SysError("opening user lock '%s'", fnUserLock);
|
throw SysError("opening user lock '%s'", fnUserLock);
|
||||||
|
|
||||||
if (lockFile(fd.get(), ltWrite, false)) {
|
if (lockFile(fd.get(), ltWrite, false)) {
|
||||||
|
|
||||||
|
auto firstUid = settings.startId + i * maxIdsPerBuild;
|
||||||
|
|
||||||
|
auto pw = getpwuid(firstUid);
|
||||||
|
if (pw)
|
||||||
|
throw Error("auto-allocated UID %d clashes with existing user account '%s'", firstUid, pw->pw_name);
|
||||||
|
|
||||||
auto lock = std::make_unique<AutoUserLock>();
|
auto lock = std::make_unique<AutoUserLock>();
|
||||||
lock->fdUserLock = std::move(fd);
|
lock->fdUserLock = std::move(fd);
|
||||||
lock->firstUid = settings.startId + i * maxIdsPerBuild;
|
lock->firstUid = firstUid;
|
||||||
if (useChroot)
|
if (useChroot)
|
||||||
lock->firstGid = lock->firstUid;
|
lock->firstGid = firstUid;
|
||||||
else {
|
else {
|
||||||
struct group * gr = getgrnam(settings.buildUsersGroup.get().c_str());
|
struct group * gr = getgrnam(settings.buildUsersGroup.get().c_str());
|
||||||
if (!gr)
|
if (!gr)
|
||||||
|
|
Loading…
Reference in a new issue