From 2be02baa9f46e11c6c1d01501807e0babcf1a22f Mon Sep 17 00:00:00 2001 Message-Id: <2be02baa9f46e11c6c1d01501807e0babcf1a22f.1351979134.git.matthew.monaco@0x01b.net> In-Reply-To: <0055b44cafe7d7bb6c5fb0d50d22fa4fc7978745.1351979134.git.matthew.monaco@0x01b.net> References: <0055b44cafe7d7bb6c5fb0d50d22fa4fc7978745.1351979134.git.matthew.monaco@0x01b.net> From: Matthew Monaco Date: Sat, 3 Nov 2012 15:18:24 -0600 Subject: [PATCH 4/4] cfg: add option for minimum uid --- data/accountsservice.conf | 2 ++ src/config.c | 7 +++++++ src/daemon.c | 14 +++++++++++--- src/daemon.h | 3 ++- src/user.c | 3 ++- src/util.h | 1 + 6 files changed, 25 insertions(+), 5 deletions(-) diff --git a/data/accountsservice.conf b/data/accountsservice.conf index bd2bc47..72193fd 100644 --- a/data/accountsservice.conf +++ b/data/accountsservice.conf @@ -5,3 +5,5 @@ [UserList] Exclude = root daemon adm lp sync shutdown halt mail news uucp operator nobody nobody4 noaccess postgres pvm rpm nfsnobody pcap mysql ftp games man at + +MinUID = 1000 diff --git a/src/config.c b/src/config.c index 41d25a2..1bf9abd 100644 --- a/src/config.c +++ b/src/config.c @@ -53,5 +53,12 @@ void cfg_free_excludes(Config *cfg, gchar **e) g_strfreev(e); } +uid_t cfg_get_min_uid(Config *cfg) +{ + GKeyFile *f = (GKeyFile*) cfg; + int i = g_key_file_get_integer(f, "UserList", "MinUID", NULL); + if (i < 0) i = 0; + return (uid_t) i; +} /* vim: set ts=8 sw=8 sts=8 et : */ diff --git a/src/daemon.c b/src/daemon.c index 78d3db7..7933bda 100644 --- a/src/daemon.c +++ b/src/daemon.c @@ -62,6 +62,7 @@ struct DaemonPrivate { GHashTable *users; GHashTable *exclusions; + uid_t min_uid; User *autologin; @@ -129,7 +130,7 @@ error_get_type (void) } gboolean -daemon_local_user_is_excluded (Daemon *daemon, const gchar *username, const gchar *shell) +daemon_local_user_is_excluded (Daemon *daemon, const gchar *username, const gchar *shell, uid_t uid) { int ret; @@ -137,6 +138,10 @@ daemon_local_user_is_excluded (Daemon *daemon, const gchar *username, const gcha return TRUE; } + if (uid < daemon->priv->min_uid) { + return TRUE; + } + ret = FALSE; if (shell != NULL) { @@ -372,7 +377,7 @@ load_entries (Daemon *daemon, break; /* Skip system users... */ - if (daemon_local_user_is_excluded (daemon, pwent->pw_name, pwent->pw_shell)) { + if (daemon_local_user_is_excluded (daemon, pwent->pw_name, pwent->pw_shell, pwent->pw_uid)) { g_debug ("skipping user: %s", pwent->pw_name); continue; } @@ -612,7 +617,10 @@ daemon_init (Daemon *daemon) daemon->priv = DAEMON_GET_PRIVATE (daemon); + daemon->priv->min_uid = cfg_get_min_uid(cfg); + excludes = cfg_get_excludes(cfg); + daemon->priv->exclusions = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, @@ -930,7 +938,7 @@ finish_list_cached_users (gpointer user_data) continue; } - if (daemon_local_user_is_excluded (data->daemon, name, shell)) { + if (daemon_local_user_is_excluded (data->daemon, name, shell, uid)) { g_debug ("user %s %ld excluded\n", name, (long) uid); continue; } diff --git a/src/daemon.h b/src/daemon.h index 996b452..2a445d2 100644 --- a/src/daemon.h +++ b/src/daemon.h @@ -77,7 +77,8 @@ User *daemon_local_find_user_by_name (Daemon *daemon, const gchar *name); gboolean daemon_local_user_is_excluded (Daemon *daemon, const gchar *name, - const gchar *shell); + const gchar *shell, + uid_t uid); typedef void (*AuthorizedCallback) (Daemon *daemon, User *user, diff --git a/src/user.c b/src/user.c index ff84c6d..4ff0b48 100644 --- a/src/user.c +++ b/src/user.c @@ -283,7 +283,8 @@ user_update_from_pwent (User *user, user->system_account = daemon_local_user_is_excluded (user->daemon, user->user_name, - pwent->pw_shell); + pwent->pw_shell, + pwent->pw_uid); g_object_thaw_notify (G_OBJECT (user)); diff --git a/src/util.h b/src/util.h index 8d7ed7c..88d1f43 100644 --- a/src/util.h +++ b/src/util.h @@ -35,6 +35,7 @@ Config* cfg_init(void); void cfg_free(Config*); gchar **cfg_get_excludes(Config*); void cfg_free_excludes(Config*, gchar**); +uid_t cfg_get_min_uid(Config *cfg); void sys_log (GDBusMethodInvocation *context, const gchar *format, -- 1.8.0