1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-10 01:17:44 +03:00

sysusers: only check whether the requested GID is available

This relaxes the availability check when creating a group, if an
explicit GID has been requested.
It avoids mixing up users and groups entries with valid and unique
UIDs/GIDs, but each having the same ID number.

(cherry picked from commit 6b6e45eb73)
(cherry picked from commit ec5a46ca34)
This commit is contained in:
Luca BRUNO 2022-08-08 15:52:33 +00:00 committed by Zbigniew Jędrzejewski-Szmek
parent 887837a5a9
commit 6ab318435e

View File

@ -1171,7 +1171,7 @@ static int add_user(Item *i) {
return 0; return 0;
} }
static int gid_is_ok(gid_t gid) { static int gid_is_ok(gid_t gid, bool check_with_uid) {
struct group *g; struct group *g;
struct passwd *p; struct passwd *p;
@ -1179,13 +1179,13 @@ static int gid_is_ok(gid_t gid) {
return 0; return 0;
/* Avoid reusing gids that are already used by a different user */ /* Avoid reusing gids that are already used by a different user */
if (ordered_hashmap_get(todo_uids, UID_TO_PTR(gid))) if (check_with_uid && ordered_hashmap_get(todo_uids, UID_TO_PTR(gid)))
return 0; return 0;
if (hashmap_contains(database_by_gid, GID_TO_PTR(gid))) if (hashmap_contains(database_by_gid, GID_TO_PTR(gid)))
return 0; return 0;
if (hashmap_contains(database_by_uid, UID_TO_PTR(gid))) if (check_with_uid && hashmap_contains(database_by_uid, UID_TO_PTR(gid)))
return 0; return 0;
if (!arg_root) { if (!arg_root) {
@ -1196,12 +1196,14 @@ static int gid_is_ok(gid_t gid) {
if (!IN_SET(errno, 0, ENOENT)) if (!IN_SET(errno, 0, ENOENT))
return -errno; return -errno;
errno = 0; if (check_with_uid) {
p = getpwuid((uid_t) gid); errno = 0;
if (p) p = getpwuid((uid_t) gid);
return 0; if (p)
if (!IN_SET(errno, 0, ENOENT)) return 0;
return -errno; if (!IN_SET(errno, 0, ENOENT))
return -errno;
}
} }
return 1; return 1;
@ -1252,7 +1254,7 @@ static int add_group(Item *i) {
/* Try to use the suggested numeric GID */ /* Try to use the suggested numeric GID */
if (i->gid_set) { if (i->gid_set) {
r = gid_is_ok(i->gid); r = gid_is_ok(i->gid, false);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to verify GID " GID_FMT ": %m", i->gid); return log_error_errno(r, "Failed to verify GID " GID_FMT ": %m", i->gid);
if (i->id_set_strict) { if (i->id_set_strict) {
@ -1275,7 +1277,7 @@ static int add_group(Item *i) {
/* Try to reuse the numeric uid, if there's one */ /* Try to reuse the numeric uid, if there's one */
if (!i->gid_set && i->uid_set) { if (!i->gid_set && i->uid_set) {
r = gid_is_ok((gid_t) i->uid); r = gid_is_ok((gid_t) i->uid, true);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to verify GID " GID_FMT ": %m", i->gid); return log_error_errno(r, "Failed to verify GID " GID_FMT ": %m", i->gid);
if (r > 0) { if (r > 0) {
@ -1293,7 +1295,7 @@ static int add_group(Item *i) {
if (c <= 0 || !uid_range_contains(uid_range, n_uid_range, c)) if (c <= 0 || !uid_range_contains(uid_range, n_uid_range, c))
log_debug("Group ID " GID_FMT " of file not suitable for %s.", c, i->name); log_debug("Group ID " GID_FMT " of file not suitable for %s.", c, i->name);
else { else {
r = gid_is_ok(c); r = gid_is_ok(c, true);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to verify GID " GID_FMT ": %m", i->gid); return log_error_errno(r, "Failed to verify GID " GID_FMT ": %m", i->gid);
else if (r > 0) { else if (r > 0) {
@ -1315,7 +1317,7 @@ static int add_group(Item *i) {
if (r < 0) if (r < 0)
return log_error_errno(r, "No free group ID available for %s.", i->name); return log_error_errno(r, "No free group ID available for %s.", i->name);
r = gid_is_ok(search_uid); r = gid_is_ok(search_uid, true);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to verify GID " GID_FMT ": %m", i->gid); return log_error_errno(r, "Failed to verify GID " GID_FMT ": %m", i->gid);
else if (r > 0) else if (r > 0)