Check that auto-allocated UIDs don't clash with existing accounts

This commit is contained in:
Eelco Dolstra 2022-11-28 20:49:17 +01:00
parent fc14585610
commit ff12d1c1a1

View file

@ -127,13 +127,10 @@ struct AutoUserLock : UserLock
{ {
settings.requireExperimentalFeature(Xp::AutoAllocateUids); settings.requireExperimentalFeature(Xp::AutoAllocateUids);
assert(settings.startId > 0); assert(settings.startId > 0);
assert(settings.startId % maxIdsPerBuild == 0);
assert(settings.uidCount % maxIdsPerBuild == 0); assert(settings.uidCount % maxIdsPerBuild == 0);
assert((uint64_t) settings.startId + (uint64_t) settings.uidCount <= std::numeric_limits<uid_t>::max()); assert((uint64_t) settings.startId + (uint64_t) settings.uidCount <= std::numeric_limits<uid_t>::max());
assert(nrIds <= maxIdsPerBuild); assert(nrIds <= maxIdsPerBuild);
// FIXME: check whether the id range overlaps any known users
createDirs(settings.nixStateDir + "/userpool2"); createDirs(settings.nixStateDir + "/userpool2");
size_t nrSlots = settings.uidCount / maxIdsPerBuild; size_t nrSlots = settings.uidCount / maxIdsPerBuild;
@ -150,11 +147,18 @@ struct AutoUserLock : UserLock
throw SysError("opening user lock '%s'", fnUserLock); throw SysError("opening user lock '%s'", fnUserLock);
if (lockFile(fd.get(), ltWrite, false)) { if (lockFile(fd.get(), ltWrite, false)) {
auto firstUid = settings.startId + i * maxIdsPerBuild;
auto pw = getpwuid(firstUid);
if (pw)
throw Error("auto-allocated UID %d clashes with existing user account '%s'", firstUid, pw->pw_name);
auto lock = std::make_unique<AutoUserLock>(); auto lock = std::make_unique<AutoUserLock>();
lock->fdUserLock = std::move(fd); lock->fdUserLock = std::move(fd);
lock->firstUid = settings.startId + i * maxIdsPerBuild; lock->firstUid = firstUid;
if (useChroot) if (useChroot)
lock->firstGid = lock->firstUid; lock->firstGid = firstUid;
else { else {
struct group * gr = getgrnam(settings.buildUsersGroup.get().c_str()); struct group * gr = getgrnam(settings.buildUsersGroup.get().c_str());
if (!gr) if (!gr)