/* The caller guarantees that *op is a dictionary. */
int
build_gs_primitive_font(i_ctx_t *i_ctx_p, os_ptr op, gs_font_base ** ppfont,
font_type ftype, gs_memory_type_ptr_t pstype,
const build_proc_refs * pbuild,
build_font_options_t options)
{
ref *pcharstrings = 0;
ref CharStrings;
gs_font_base *pfont;
font_data *pdata;
int code;
if (dict_find_string(op, "CharStrings", &pcharstrings) <= 0) {
if (!(options & bf_CharStrings_optional))
return_error(e_invalidfont);
} else {
ref *ignore;
if (!r_has_type(pcharstrings, t_dictionary))
return_error(e_invalidfont);
if ((options & bf_notdef_required) != 0 &&
dict_find_string(pcharstrings, ".notdef", &ignore) <= 0
)
return_error(e_invalidfont);
/*
* Since build_gs_simple_font may resize the dictionary and cause
* pointers to become invalid, save CharStrings.
*/
CharStrings = *pcharstrings;
}
code = build_gs_outline_font(i_ctx_p, op, ppfont, ftype, pstype, pbuild,
options, build_gs_simple_font);
if (code != 0)
return code;
pfont = *ppfont;
pdata = pfont_data(pfont);
if (pcharstrings)
ref_assign(&pdata->CharStrings, &CharStrings);
else
make_null(&pdata->CharStrings);
/* Check that the UniqueIDs match. This is part of the */
/* Adobe protection scheme, but we may as well emulate it. */
if (uid_is_valid(&pfont->UID) &&
!dict_check_uid_param(op, &pfont->UID)
)
uid_set_invalid(&pfont->UID);
if (uid_is_valid(&pfont->UID)) {
const gs_font *pfont0 = (const gs_font *)pfont;
code = gs_font_find_similar(ifont_dir, &pfont0,
font_with_same_UID_and_another_metrics);
if (code < 0)
return code; /* Must not happen. */
if (code)
uid_set_invalid(&pfont->UID);
}
return 0;
}
_public_ int sd_uid_is_on_seat(uid_t uid, int require_active, const char *seat) {
_cleanup_free_ char *t = NULL, *s = NULL, *p = NULL;
size_t l;
int r;
const char *word, *variable, *state;
assert_return(uid_is_valid(uid), -EINVAL);
r = file_of_seat(seat, &p);
if (r < 0)
return r;
variable = require_active ? "ACTIVE_UID" : "UIDS";
r = parse_env_file(p, NEWLINE, variable, &s, NULL);
if (r == -ENOENT)
return 0;
if (r < 0)
return r;
if (isempty(s))
return 0;
if (asprintf(&t, UID_FMT, uid) < 0)
return -ENOMEM;
FOREACH_WORD(word, l, s, state)
if (strneq(t, word, l))
return 1;
return 0;
}
static int file_of_uid(uid_t uid, char **p) {
assert_return(uid_is_valid(uid), -EINVAL);
assert(p);
if (asprintf(p, "/run/systemd/users/" UID_FMT, uid) < 0)
return -ENOMEM;
return 0;
}
_public_ int sd_bus_creds_get_audit_login_uid(sd_bus_creds *c, uid_t *uid) {
assert_return(c, -EINVAL);
assert_return(uid, -EINVAL);
if (!(c->mask & SD_BUS_CREDS_AUDIT_LOGIN_UID))
return -ENODATA;
if (!uid_is_valid(c->audit_login_uid))
return -ENXIO;
*uid = c->audit_login_uid;
return 0;
}
static void client_context_read_uid_gid(ClientContext *c, const struct ucred *ucred) {
assert(c);
assert(pid_is_valid(c->pid));
/* The ucred data passed in is always the most current and accurate, if we have any. Use it. */
if (ucred && uid_is_valid(ucred->uid))
c->uid = ucred->uid;
else
(void) get_process_uid(c->pid, &c->uid);
if (ucred && gid_is_valid(ucred->gid))
c->gid = ucred->gid;
else
(void) get_process_gid(c->pid, &c->gid);
}
int parse_uid(const char *s, uid_t *ret) {
uint32_t uid = 0;
int r;
assert(s);
assert_cc(sizeof(uid_t) == sizeof(uint32_t));
r = safe_atou32(s, &uid);
if (r < 0)
return r;
if (!uid_is_valid(uid))
return -ENXIO; /* we return ENXIO instead of EINVAL
* here, to make it easy to distuingish
* invalid numeric uids from invalid
* strings. */
if (ret)
*ret = uid;
return 0;
}
char* uid_to_name(uid_t uid) {
char *ret;
int r;
/* Shortcut things to avoid NSS lookups */
if (uid == 0)
return strdup("root");
if (uid_is_valid(uid)) {
long bufsize;
bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
if (bufsize <= 0)
bufsize = 4096;
for (;;) {
struct passwd pwbuf, *pw = NULL;
_cleanup_free_ char *buf = NULL;
buf = malloc(bufsize);
if (!buf)
return NULL;
r = getpwuid_r(uid, &pwbuf, buf, (size_t) bufsize, &pw);
if (r == 0 && pw)
return strdup(pw->pw_name);
if (r != ERANGE)
break;
bufsize *= 2;
}
}
if (asprintf(&ret, UID_FMT, uid) < 0)
return NULL;
return ret;
}
/* Remove entries from font and character caches. */
int
font_restore(const alloc_save_t * save)
{
gs_memory_t *smem = gs_save_any_memory(save);
gs_font_dir *pdir = smem->gs_lib_ctx->font_dir;
const gs_memory_t *mem = 0;
int code;
if (pdir == 0) /* not initialized yet */
return 0;
/* Purge original (unscaled) fonts. */
{
gs_font *pfont;
otop:
for (pfont = pdir->orig_fonts; pfont != 0;
pfont = pfont->next
) {
mem = pfont->memory;
if (alloc_is_since_save((char *)pfont, save)) {
code = gs_purge_font(pfont);
if (code < 0)
return code;
goto otop;
}
}
}
/* Purge cached scaled fonts. */
{
gs_font *pfont;
top:
for (pfont = pdir->scaled_fonts; pfont != 0;
pfont = pfont->next
) {
if (alloc_is_since_save((char *)pfont, save)) {
code = gs_purge_font(pfont);
if (code < 0)
return code;
goto top;
}
}
}
/* Purge xfonts and uncached scaled fonts. */
{
cached_fm_pair *pair;
uint n;
for (pair = pdir->fmcache.mdata, n = pdir->fmcache.mmax;
n > 0; pair++, n--
)
if (!fm_pair_is_free(pair)) {
#if 0
/* We disabled this code portion because
gx_add_fm_pair now copied xvalues
into a stable memory.
*/
if ((uid_is_XUID(&pair->UID) &&
alloc_is_since_save((char *)pair->UID.xvalues,
save))
) {
code = gs_purge_fm_pair(pdir, pair, 0);
if (code < 0)
return code;
continue;
}
#endif
if (pair->font != 0 &&
alloc_is_since_save((char *)pair->font, save)
) {
if (!uid_is_valid(&pair->UID))
gs_clean_fm_pair(pdir, pair);
/* Don't discard pairs with a surviving UID. */
pair->font = 0;
}
if (pair->xfont != 0 &&
alloc_is_since_save((char *)pair->xfont, save)
) {
code = gs_purge_fm_pair(pdir, pair, 1);
if (code < 0)
return code;
}
}
}
/* Purge characters with names about to be removed. */
/* We only need to do this if any new names have been created */
/* since the save. */
if (alloc_any_names_since_save(save))
gx_purge_selected_cached_chars(pdir, purge_if_name_removed,
(void *)save);
return 0;
}
int get_user_creds(
const char **username,
uid_t *uid, gid_t *gid,
const char **home,
const char **shell) {
struct passwd *p;
uid_t u;
assert(username);
assert(*username);
/* We enforce some special rules for uid=0: in order to avoid
* NSS lookups for root we hardcode its data. */
if (streq(*username, "root") || streq(*username, "0")) {
*username = "******";
if (uid)
*uid = 0;
if (gid)
*gid = 0;
if (home)
*home = "/root";
if (shell)
*shell = "/bin/sh";
return 0;
}
if (parse_uid(*username, &u) >= 0) {
errno = 0;
p = getpwuid(u);
/* If there are multiple users with the same id, make
* sure to leave $USER to the configured value instead
* of the first occurrence in the database. However if
* the uid was configured by a numeric uid, then let's
* pick the real username from /etc/passwd. */
if (p)
*username = p->pw_name;
} else {
errno = 0;
p = getpwnam(*username);
}
if (!p)
return errno > 0 ? -errno : -ESRCH;
if (uid) {
if (!uid_is_valid(p->pw_uid))
return -EBADMSG;
*uid = p->pw_uid;
}
if (gid) {
if (!gid_is_valid(p->pw_gid))
return -EBADMSG;
*gid = p->pw_gid;
}
if (home)
*home = p->pw_dir;
if (shell)
*shell = p->pw_shell;
return 0;
}
enum nss_status _nss_systemd_getpwuid_r(
uid_t uid,
struct passwd *pwd,
char *buffer, size_t buflen,
int *errnop) {
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
_cleanup_(sd_bus_message_unrefp) sd_bus_message* reply = NULL;
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
const char *translated;
size_t l;
int r;
BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
if (!uid_is_valid(uid)) {
r = -EINVAL;
goto fail;
}
if (uid <= SYSTEM_UID_MAX)
goto not_found;
if (getenv_bool("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
goto not_found;
r = sd_bus_open_system(&bus);
if (r < 0)
goto fail;
r = sd_bus_call_method(bus,
"org.freedesktop.systemd1",
"/org/freedesktop/systemd1",
"org.freedesktop.systemd1.Manager",
"LookupDynamicUserByUID",
&error,
&reply,
"u",
(uint32_t) uid);
if (r < 0) {
if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_DYNAMIC_USER))
goto not_found;
goto fail;
}
r = sd_bus_message_read(reply, "s", &translated);
if (r < 0)
goto fail;
l = strlen(translated) + 1;
if (buflen < l) {
*errnop = ENOMEM;
return NSS_STATUS_TRYAGAIN;
}
memcpy(buffer, translated, l);
pwd->pw_name = buffer;
pwd->pw_uid = uid;
pwd->pw_gid = uid;
pwd->pw_gecos = (char*) "Dynamic User";
pwd->pw_passwd = (char*) "*"; /* locked */
pwd->pw_dir = (char*) "/";
pwd->pw_shell = (char*) "/sbin/nologin";
*errnop = 0;
return NSS_STATUS_SUCCESS;
not_found:
*errnop = 0;
return NSS_STATUS_NOTFOUND;
fail:
*errnop = -r;
return NSS_STATUS_UNAVAIL;
}
