aboutsummaryrefslogtreecommitdiff
path: root/vendor/github.com/containers/buildah/pkg/chrootuser/user.go
blob: 9fffc6d70de9cac50e4672ae3327bb8383c0d56d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
package chrootuser

import (
	"errors"
	"fmt"
	"os/user"
	"strconv"
	"strings"
)

var (
	// ErrNoSuchUser indicates that the user provided by the caller does not
	// exist in /etc/passws
	ErrNoSuchUser = errors.New("user does not exist in /etc/passwd")
)

// GetUser will return the uid, gid of the user specified in the userspec
// it will use the /etc/passwd and /etc/group files inside of the rootdir
// to return this information.
// userspec format [user | user:group | uid | uid:gid | user:gid | uid:group ]
func GetUser(rootdir, userspec string) (uint32, uint32, string, error) {
	var gid64 uint64
	var gerr error = user.UnknownGroupError("error looking up group")

	spec := strings.SplitN(userspec, ":", 2)
	userspec = spec[0]
	groupspec := ""

	if userspec == "" {
		userspec = "0"
	}

	if len(spec) > 1 {
		groupspec = spec[1]
	}

	uid64, uerr := strconv.ParseUint(userspec, 10, 32)
	if uerr == nil && groupspec == "" {
		// We parsed the user name as a number, and there's no group
		// component, so try to look up the primary GID of the user who
		// has this UID.
		var name string
		name, gid64, gerr = lookupGroupForUIDInContainer(rootdir, uid64)
		if gerr == nil {
			userspec = name
		} else {
			// Leave userspec alone, but swallow the error and just
			// use GID 0.
			gid64 = 0
			gerr = nil
		}
	}
	if uerr != nil {
		// The user ID couldn't be parsed as a number, so try to look
		// up the user's UID and primary GID.
		uid64, gid64, uerr = lookupUserInContainer(rootdir, userspec)
		gerr = uerr
	}

	if groupspec != "" {
		// We have a group name or number, so parse it.
		gid64, gerr = strconv.ParseUint(groupspec, 10, 32)
		if gerr != nil {
			// The group couldn't be parsed as a number, so look up
			// the group's GID.
			gid64, gerr = lookupGroupInContainer(rootdir, groupspec)
		}
	}

	homedir, err := lookupHomedirInContainer(rootdir, uid64)
	if err != nil {
		homedir = "/"
	}

	if uerr == nil && gerr == nil {
		return uint32(uid64), uint32(gid64), homedir, nil
	}

	err = fmt.Errorf("error determining run uid: %w", uerr)
	if uerr == nil {
		err = fmt.Errorf("error determining run gid: %w", gerr)
	}

	return 0, 0, homedir, err
}

// GetGroup returns the gid by looking it up in the /etc/group file
// groupspec format [ group | gid ]
func GetGroup(rootdir, groupspec string) (uint32, error) {
	gid64, gerr := strconv.ParseUint(groupspec, 10, 32)
	if gerr != nil {
		// The group couldn't be parsed as a number, so look up
		// the group's GID.
		gid64, gerr = lookupGroupInContainer(rootdir, groupspec)
	}
	if gerr != nil {
		return 0, fmt.Errorf("error looking up group for gid %q: %w", groupspec, gerr)
	}
	return uint32(gid64), nil
}

// GetAdditionalGroupsForUser returns a list of gids that userid is associated with
func GetAdditionalGroupsForUser(rootdir string, userid uint64) ([]uint32, error) {
	gids, err := lookupAdditionalGroupsForUIDInContainer(rootdir, userid)
	if err != nil {
		return nil, fmt.Errorf("error looking up supplemental groups for uid %d: %w", userid, err)
	}
	return gids, nil
}

// LookupUIDInContainer returns username and gid associated with a UID in a container
// it will use the /etc/passwd files inside of the rootdir
// to return this information.
func LookupUIDInContainer(rootdir string, uid uint64) (user string, gid uint64, err error) {
	return lookupUIDInContainer(rootdir, uid)
}