From c120dc6c3b23c927511776a7ab2910047b377169 Mon Sep 17 00:00:00 2001 From: Colin Guthrie Date: Mon, 17 Nov 2014 17:28:24 +0000 Subject: Make the is_real_(user|group) functions take just a name While this may cause a few unnecessary getpwnam/getgrnam calls this makes the API much simpler for using externally and means we cannot be called with bogus information for u/gid, homedir and shell and such like. mga#14346 --- lib/MDK/Common/System.pm | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) (limited to 'lib/MDK/Common/System.pm') diff --git a/lib/MDK/Common/System.pm b/lib/MDK/Common/System.pm index 4319593..c0be561 100644 --- a/lib/MDK/Common/System.pm +++ b/lib/MDK/Common/System.pm @@ -297,7 +297,9 @@ sub list_passwd() { @l; } sub is_real_user { - my ($username, $uid, $homedir, $shell) = @_; + my ($username) = @_; + + return 0 if $username eq "nobody"; # We consider real users to be those users who: # Have a UID >= 1000 @@ -306,32 +308,33 @@ sub is_real_user { # and have a homedir that is not / or does not start with /var or /run # and have a shell that does not end in "nologin" or "false" - ($uid >= 1000 || ($uid >= 500 && $homedir !~ /^\/($|var\/|run\/)/ && $shell !~ /(nologin|false)$/)) && $username ne "nobody"; + my (undef,undef,$uid,undef,undef,undef,undef,$homedir,$shell) = getpwnam($username); + ($uid >= 1000 || ($uid >= 500 && $homedir !~ /^\/($|var\/|run\/)/ && $shell !~ /(nologin|false)$/)); } sub is_real_group { - my ($groupname, $gid) = @_; + my ($groupname) = @_; + + return 0 if $groupname eq "nogroup"; - return 0 if $groupname eq "nogroup" || $gid < 500; + my (undef,undef,$gid,$members) = getgrnam($groupname); + return 0 if $gid < 500; return 1 if $gid >= 1000; # We are in the range 500-1000, so we need some heuristic. # We consider ourselves a "real" group if this is the primary group of a user # with the same name, or we have any member users who are "real" - my ($username,undef,$uid,$egid,undef,undef,undef,$homedir,$shell,undef) = getpwnam($groupname); - return 1 if $username == $groupname && $egid == $gid; - - my (undef,undef,$egid,$members) = getgrnam($groupname); - return 0 if $egid != $gid; + my (undef,undef,undef,$ugid) = getpwnam($groupname); + return 1 if $ugid == $gid && is_real_user($groupname); + # OK we're not a primary group, but perhaps we have some real members? foreach (split(' ', $members)) { - my ($username,undef,$uid,undef,undef,undef,undef,$homedir,$shell,undef) = getpwnam($_); - return 1 if is_real_user($username, $uid, $homedir, $shell); + return 1 if is_real_user($_); } return 0; } sub list_home() { - MDK::Common::DataStructure::uniq(map { $_->[7] } grep { is_real_user($_->[0], $_->[2], $_->[7], $_->[8]) } list_passwd()); + MDK::Common::DataStructure::uniq(map { $_->[7] } grep { is_real_user($_->[0]) } list_passwd()); } sub list_skels { my ($prefix, $suffix) = @_; @@ -339,7 +342,7 @@ sub list_skels { } sub list_users() { - MDK::Common::DataStructure::uniq(map { is_real_user($_->[0], $_->[2], $_->[7], $_->[8]) ? $_->[0] : () } list_passwd()); + MDK::Common::DataStructure::uniq(map { is_real_user($_->[0]) ? $_->[0] : () } list_passwd()); } -- cgit v1.2.1