shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-01 09:21:26 +03:00
Code

nss-systemd: tweak checks when we consult PID 1 for dynamic UID/GID lookups

Browse Source 
Instead of contacting PID 1 for dynamic UID/GID lookups for all
UIDs/GIDs that do not qualify as "system" do the more precise check
instead: check if they actually qualify for the "dynamic" range.
This commit is contained in:
Lennart Poettering 2017-12-02 13:07:18 +01:00
parent 4e72397b00
commit 8343827793
2 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/basic/user-util.h
View File

@ -64,6 +64,10 @@ static inline bool uid_is_dynamic(uid_t uid) {
return DYNAMIC_UID_MIN <= uid && uid <= DYNAMIC_UID_MAX; return DYNAMIC_UID_MIN <= uid && uid <= DYNAMIC_UID_MAX;
} }
static inline bool gid_is_dynamic(gid_t gid) {
return uid_is_dynamic((uid_t) gid);
}
static inline bool uid_is_system(uid_t uid) { static inline bool uid_is_system(uid_t uid) {
return uid <= SYSTEM_UID_MAX; return uid <= SYSTEM_UID_MAX;
} }

5
src/nss-systemd/nss-systemd.c
View File

@ -251,7 +251,7 @@ enum nss_status _nss_systemd_getpwuid_r(
} }
} }
if (uid_is_system(uid)) if (!uid_is_dynamic(uid))
goto not_found; goto not_found;
if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0) if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
@ -463,7 +463,7 @@ enum nss_status _nss_systemd_getgrgid_r(
} }
} }
if (gid_is_system(gid)) if (!gid_is_dynamic(gid))
goto not_found; goto not_found;
if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0) if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
@ -500,7 +500,6 @@ enum nss_status _nss_systemd_getgrgid_r(
direct_lookup: direct_lookup:
if (bypass > 0) { if (bypass > 0) {
r = direct_lookup_uid(gid, &direct); r = direct_lookup_uid(gid, &direct);
if (r == -ENOENT) if (r == -ENOENT)
goto not_found; goto not_found;