src/id.c

   1 /* id -- print real and effective UIDs and GIDs
   2    Copyright (C) 1989-2016 Free Software Foundation, Inc.
   3
   4    This program is free software: you can redistribute it and/or modify
   5    it under the terms of the GNU General Public License as published by
   6    the Free Software Foundation, either version 3 of the License, or
   7    (at your option) any later version.
   8
   9    This program is distributed in the hope that it will be useful,
  10    but WITHOUT ANY WARRANTY; without even the implied warranty of
  11    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12    GNU General Public License for more details.
  13
  14    You should have received a copy of the GNU General Public License
  15    along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
  16
  17 /* Written by Arnold Robbins.
  18    Major rewrite by David MacKenzie, djm@gnu.ai.mit.edu. */
  19
  20 #include <config.h>
  21 #include <stdio.h>
  22 #include <sys/types.h>
  23 #include <pwd.h>
  24 #include <grp.h>
  25 #include <getopt.h>
  26 #include <selinux/selinux.h>
  27
  28 #include "system.h"
  29 #include "error.h"
  30 #include "mgetgroups.h"
  31 #include "quote.h"
  32 #include "group-list.h"
  33 #include "smack.h"
  34 #include "userspec.h"
  35
  36 /* The official name of this program (e.g., no 'g' prefix).  */
  37 #define PROGRAM_NAME "id"
  38
  39 #define AUTHORS \
  40   proper_name ("Arnold Robbins"), \
  41   proper_name ("David MacKenzie")
  42
  43 /* If nonzero, output only the SELinux context.  */
  44 static bool just_context = 0;
  45
  46 static void print_user (uid_t uid);
  47 static void print_full_info (const char *username);
  48
  49 /* If true, output user/group name instead of ID number. -n */
  50 static bool use_name = false;
  51
  52 /* The real and effective IDs of the user to print. */
  53 static uid_t ruid, euid;
  54 static gid_t rgid, egid;
  55
  56 /* True unless errors have been encountered.  */
  57 static bool ok = true;
  58
  59 /* The SELinux context.  Start with a known invalid value so print_full_info
  60    knows when 'context' has not been set to a meaningful value.  */
  61 static char *context = NULL;
  62
  63 static struct option const longopts[] =
  64 {
  65   {"context", no_argument, NULL, 'Z'},
  66   {"group", no_argument, NULL, 'g'},
  67   {"groups", no_argument, NULL, 'G'},
  68   {"name", no_argument, NULL, 'n'},
  69   {"real", no_argument, NULL, 'r'},
  70   {"user", no_argument, NULL, 'u'},
  71   {"zero", no_argument, NULL, 'z'},
  72   {GETOPT_HELP_OPTION_DECL},
  73   {GETOPT_VERSION_OPTION_DECL},
  74   {NULL, 0, NULL, 0}
  75 };
  76
  77 void
  78 usage (int status)
  79 {
  80   if (status != EXIT_SUCCESS)
  81     emit_try_help ();
  82   else
  83     {
  84       printf (_("Usage: %s [OPTION]... [USER]\n"), program_name);
  85       fputs (_("\
  86 Print user and group information for the specified USER,\n\
  87 or (when USER omitted) for the current user.\n\
  88 \n"),
  89              stdout);
  90       fputs (_("\
  91   -a             ignore, for compatibility with other versions\n\
  92   -Z, --context  print only the security context of the process\n\
  93   -g, --group    print only the effective group ID\n\
  94   -G, --groups   print all group IDs\n\
  95   -n, --name     print a name instead of a number, for -ugG\n\
  96   -r, --real     print the real ID instead of the effective ID, with -ugG\n\
  97   -u, --user     print only the effective user ID\n\
  98   -z, --zero     delimit entries with NUL characters, not whitespace;\n\
  99                    not permitted in default format\n\
 100 "), stdout);
 101       fputs (HELP_OPTION_DESCRIPTION, stdout);
 102       fputs (VERSION_OPTION_DESCRIPTION, stdout);
 103       fputs (_("\
 104 \n\
 105 Without any OPTION, print some useful set of identified information.\n\
 106 "), stdout);
 107       emit_ancillary_info (PROGRAM_NAME);
 108     }
 109   exit (status);
 110 }
 111
 112 int
 113 main (int argc, char **argv)
 114 {
 115   int optc;
 116   int selinux_enabled = (is_selinux_enabled () > 0);
 117   bool smack_enabled = is_smack_enabled ();
 118   bool opt_zero = false;
 119   char *pw_name = NULL;
 120
 121   /* If true, output the list of all group IDs. -G */
 122   bool just_group_list = false;
 123   /* If true, output only the group ID(s). -g */
 124   bool just_group = false;
 125   /* If true, output real UID/GID instead of default effective UID/GID. -r */
 126   bool use_real = false;
 127   /* If true, output only the user ID(s). -u */
 128   bool just_user = false;
 129
 130   initialize_main (&argc, &argv);
 131   set_program_name (argv[0]);
 132   setlocale (LC_ALL, "");
 133   bindtextdomain (PACKAGE, LOCALEDIR);
 134   textdomain (PACKAGE);
 135
 136   atexit (close_stdout);
 137
 138   while ((optc = getopt_long (argc, argv, "agnruzGZ", longopts, NULL)) != -1)
 139     {
 140       switch (optc)
 141         {
 142         case 'a':
 143           /* Ignore -a, for compatibility with SVR4.  */
 144           break;
 145
 146         case 'Z':
 147           /* politely decline if we're not on a SELinux/SMACK-enabled kernel. */
 148 #ifdef HAVE_SMACK
 149           if (!selinux_enabled && !smack_enabled)
 150             error (EXIT_FAILURE, 0,
 151                    _("--context (-Z) works only on "
 152                      "an SELinux/SMACK-enabled kernel"));
 153 #else
 154           if (!selinux_enabled)
 155             error (EXIT_FAILURE, 0,
 156                    _("--context (-Z) works only on an SELinux-enabled kernel"));
 157 #endif
 158           just_context = true;
 159           break;
 160
 161         case 'g':
 162           just_group = true;
 163           break;
 164         case 'n':
 165           use_name = true;
 166           break;
 167         case 'r':
 168           use_real = true;
 169           break;
 170         case 'u':
 171           just_user = true;
 172           break;
 173         case 'z':
 174           opt_zero = true;
 175           break;
 176         case 'G':
 177           just_group_list = true;
 178           break;
 179         case_GETOPT_HELP_CHAR;
 180         case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
 181         default:
 182           usage (EXIT_FAILURE);
 183         }
 184     }
 185
 186   size_t n_ids = argc - optind;
 187   if (1 < n_ids)
 188     {
 189       error (0, 0, _("extra operand %s"), quote (argv[optind + 1]));
 190       usage (EXIT_FAILURE);
 191     }
 192
 193   if (n_ids && just_context)
 194     error (EXIT_FAILURE, 0,
 195            _("cannot print security context when user specified"));
 196
 197   if (just_user + just_group + just_group_list + just_context > 1)
 198     error (EXIT_FAILURE, 0, _("cannot print \"only\" of more than one choice"));
 199
 200   bool default_format = ! (just_user
 201                            || just_group
 202                            || just_group_list
 203                            || just_context);
 204
 205   if (default_format && (use_real || use_name))
 206     error (EXIT_FAILURE, 0,
 207            _("cannot print only names or real IDs in default format"));
 208
 209   if (default_format && opt_zero)
 210     error (EXIT_FAILURE, 0,
 211            _("option --zero not permitted in default format"));
 212
 213   /* If we are on a SELinux/SMACK-enabled kernel, no user is specified, and
 214      either --context is specified or none of (-u,-g,-G) is specified,
 215      and we're not in POSIXLY_CORRECT mode, get our context.  Otherwise,
 216      leave the context variable alone - it has been initialized to an
 217      invalid value that will be not displayed in print_full_info().  */
 218   if (n_ids == 0
 219       && (just_context
 220           || (default_format && ! getenv ("POSIXLY_CORRECT"))))
 221     {
 222       /* Report failure only if --context (-Z) was explicitly requested.  */
 223       if ((selinux_enabled && getcon (&context) && just_context)
 224           || (smack_enabled
 225               && smack_new_label_from_self (&context) < 0
 226               && just_context))
 227         error (EXIT_FAILURE, 0, _("can't get process context"));
 228     }
 229
 230   if (n_ids == 1)
 231     {
 232       struct passwd *pwd = NULL;
 233       const char *spec = argv[optind];
 234       /* Disallow an empty spec here as parse_user_spec() doesn't
 235          give an error for that as it seems it's a valid way to
 236          specify a noop or "reset special bits" depending on the system.  */
 237       if (*spec)
 238         {
 239           if (parse_user_spec (spec, &euid, NULL, NULL, NULL) == NULL)
 240             {
 241               /* parse_user_spec will only extract a numeric spec,
 242                  so we lookup that here to verify and also retrieve
 243                  the PW_NAME used subsequently in group lookup.  */
 244               pwd = getpwuid (euid);
 245             }
 246         }
 247       if (pwd == NULL)
 248         error (EXIT_FAILURE, 0, _("%s: no such user"), quote (spec));
 249       pw_name = xstrdup (pwd->pw_name);
 250       ruid = euid = pwd->pw_uid;
 251       rgid = egid = pwd->pw_gid;
 252     }
 253   else
 254     {
 255       /* POSIX says identification functions (getuid, getgid, and
 256          others) cannot fail, but they can fail under GNU/Hurd and a
 257          few other systems.  Test for failure by checking errno.  */
 258       uid_t NO_UID = -1;
 259       gid_t NO_GID = -1;
 260
 261       if (just_user ? !use_real
 262           : !just_group && !just_group_list && !just_context)
 263         {
 264           errno = 0;
 265           euid = geteuid ();
 266           if (euid == NO_UID && errno)
 267             error (EXIT_FAILURE, errno, _("cannot get effective UID"));
 268         }
 269
 270       if (just_user ? use_real
 271           : !just_group && (just_group_list || !just_context))
 272         {
 273           errno = 0;
 274           ruid = getuid ();
 275           if (ruid == NO_UID && errno)
 276             error (EXIT_FAILURE, errno, _("cannot get real UID"));
 277         }
 278
 279       if (!just_user && (just_group || just_group_list || !just_context))
 280         {
 281           errno = 0;
 282           egid = getegid ();
 283           if (egid == NO_GID && errno)
 284             error (EXIT_FAILURE, errno, _("cannot get effective GID"));
 285
 286           errno = 0;
 287           rgid = getgid ();
 288           if (rgid == NO_GID && errno)
 289             error (EXIT_FAILURE, errno, _("cannot get real GID"));
 290         }
 291     }
 292
 293   if (just_user)
 294     {
 295       print_user (use_real ? ruid : euid);
 296     }
 297   else if (just_group)
 298     {
 299       if (!print_group (use_real ? rgid : egid, use_name))
 300         ok = false;
 301     }
 302   else if (just_group_list)
 303     {
 304       if (!print_group_list (pw_name, ruid, rgid, egid, use_name,
 305                              opt_zero ? '\0' : ' '))
 306         ok = false;
 307     }
 308   else if (just_context)
 309     {
 310       fputs (context, stdout);
 311     }
 312   else
 313     {
 314       print_full_info (pw_name);
 315     }
 316   putchar (opt_zero ? '\0' : '\n');
 317
 318   IF_LINT (free (pw_name));
 319   return ok ? EXIT_SUCCESS : EXIT_FAILURE;
 320 }
 321
 322 /* Convert a gid_t to string.  Do not use this function directly.
 323    Instead, use it via the gidtostr macro.
 324    Beware that it returns a pointer to static storage.  */
 325 static char *
 326 gidtostr_ptr (gid_t const *gid)
 327 {
 328   static char buf[INT_BUFSIZE_BOUND (uintmax_t)];
 329   return umaxtostr (*gid, buf);
 330 }
 331 #define gidtostr(g) gidtostr_ptr (&(g))
 332
 333 /* Convert a uid_t to string.  Do not use this function directly.
 334    Instead, use it via the uidtostr macro.
 335    Beware that it returns a pointer to static storage.  */
 336 static char *
 337 uidtostr_ptr (uid_t const *uid)
 338 {
 339   static char buf[INT_BUFSIZE_BOUND (uintmax_t)];
 340   return umaxtostr (*uid, buf);
 341 }
 342 #define uidtostr(u) uidtostr_ptr (&(u))
 343
 344 /* Print the name or value of user ID UID. */
 345
 346 static void
 347 print_user (uid_t uid)
 348 {
 349   struct passwd *pwd = NULL;
 350
 351   if (use_name)
 352     {
 353       pwd = getpwuid (uid);
 354       if (pwd == NULL)
 355         {
 356           error (0, 0, _("cannot find name for user ID %s"),
 357                  uidtostr (uid));
 358           ok = false;
 359         }
 360     }
 361
 362   char *s = pwd ? pwd->pw_name : uidtostr (uid);
 363   fputs (s, stdout);
 364 }
 365
 366 /* Print all of the info about the user's user and group IDs. */
 367
 368 static void
 369 print_full_info (const char *username)
 370 {
 371   struct passwd *pwd;
 372   struct group *grp;
 373
 374   printf (_("uid=%s"), uidtostr (ruid));
 375   pwd = getpwuid (ruid);
 376   if (pwd)
 377     printf ("(%s)", pwd->pw_name);
 378
 379   printf (_(" gid=%s"), gidtostr (rgid));
 380   grp = getgrgid (rgid);
 381   if (grp)
 382     printf ("(%s)", grp->gr_name);
 383
 384   if (euid != ruid)
 385     {
 386       printf (_(" euid=%s"), uidtostr (euid));
 387       pwd = getpwuid (euid);
 388       if (pwd)
 389         printf ("(%s)", pwd->pw_name);
 390     }
 391
 392   if (egid != rgid)
 393     {
 394       printf (_(" egid=%s"), gidtostr (egid));
 395       grp = getgrgid (egid);
 396       if (grp)
 397         printf ("(%s)", grp->gr_name);
 398     }
 399
 400   {
 401     gid_t *groups;
 402     int i;
 403
 404     gid_t primary_group;
 405     if (username)
 406       primary_group = pwd ? pwd->pw_gid : -1;
 407     else
 408       primary_group = egid;
 409
 410     int n_groups = xgetgroups (username, primary_group, &groups);
 411     if (n_groups < 0)
 412       {
 413         if (username)
 414           error (0, errno, _("failed to get groups for user %s"),
 415                  quote (username));
 416         else
 417           error (0, errno, _("failed to get groups for the current process"));
 418         ok = false;
 419         return;
 420       }
 421
 422     if (n_groups > 0)
 423       fputs (_(" groups="), stdout);
 424     for (i = 0; i < n_groups; i++)
 425       {
 426         if (i > 0)
 427           putchar (',');
 428         fputs (gidtostr (groups[i]), stdout);
 429         grp = getgrgid (groups[i]);
 430         if (grp)
 431           printf ("(%s)", grp->gr_name);
 432       }
 433     free (groups);
 434   }
 435
 436   /* POSIX mandates the precise output format, and that it not include
 437      any context=... part, so skip that if POSIXLY_CORRECT is set.  */
 438   if (context)
 439     printf (_(" context=%s"), context);
 440 }