shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-12-26 03:22:00 +03:00
Code

user-util: add new uid_is_system() helper

Browse Source 
This adds uid_is_system() and gid_is_system(), similar in style to
uid_is_dynamic(). That a helper like this is useful is illustrated by
the fact that test-condition.c didn't get the check right so far, which
this patch fixes.
This commit is contained in:
Lennart Poettering 2017-12-02 12:59:21 +01:00
parent 399725532d
commit ece877d434
7 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/basic/user-util.h
View File

@ -64,6 +64,14 @@ static inline bool uid_is_dynamic(uid_t uid) {
return DYNAMIC_UID_MIN <= uid && uid <= DYNAMIC_UID_MAX;
}
static inline bool uid_is_system(uid_t uid) {
return uid <= SYSTEM_UID_MAX;
}
static inline bool gid_is_system(gid_t gid) {
return gid <= SYSTEM_GID_MAX;
}
/* The following macros add 1 when converting things, since UID 0 is a valid UID, while the pointer
* NULL is special */
#define PTR_TO_UID(p) ((uid_t) (((uintptr_t) (p))-1))

2
src/coredump/coredump.c
View File

@ -165,7 +165,7 @@ static int fix_acl(int fd, uid_t uid) {
assert(fd >= 0);
if (uid <= SYSTEM_UID_MAX)
if (uid_is_system(uid))
return 0;
/* Make sure normal users can read (but not write or delete)

4
src/journal/journald-server.c
View File

@ -248,7 +248,7 @@ static void server_add_acls(JournalFile *f, uid_t uid) {
assert(f);
#if HAVE_ACL
if (uid <= SYSTEM_UID_MAX)
if (uid_is_system(uid))
return;
r = add_acls_for_user(f->fd, uid);
@ -406,7 +406,7 @@ static JournalFile* find_journal(Server *s, uid_t uid) {
if (s->runtime_journal)
return s->runtime_journal;
if (uid <= SYSTEM_UID_MAX || uid_is_dynamic(uid))
if (uid_is_system(uid) || uid_is_dynamic(uid))
return s->system_journal;
r = sd_id128_get_machine(&machine);

2
src/login/logind-user.c
View File

@ -617,7 +617,7 @@ int user_finalize(User *u) {
* cases, as we shouldn't accidentally remove a system service's IPC objects while it is running, just because
* a cronjob running as the same user just finished. Hence: exclude system users generally from IPC clean-up,
* and do it only for normal users. */
if (u->manager->remove_ipc && u->uid > SYSTEM_UID_MAX) {
if (u->manager->remove_ipc && !uid_is_system(u->uid)) {
k = clean_ipc_by_uid(u->uid);
if (k < 0)
r = k;

4
src/nss-systemd/nss-systemd.c
View File

@ -251,7 +251,7 @@ enum nss_status _nss_systemd_getpwuid_r(
}
}
if (uid <= SYSTEM_UID_MAX)
if (uid_is_system(uid))
goto not_found;
if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
@ -463,7 +463,7 @@ enum nss_status _nss_systemd_getgrgid_r(
}
}
if (gid <= SYSTEM_GID_MAX)
if (gid_is_system(gid))
goto not_found;
if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)

2
src/shared/condition.c
View File

@ -157,7 +157,7 @@ static int condition_test_user(Condition *c) {
return id == getuid() || id == geteuid();
if (streq("@system", c->parameter))
return getuid() <= SYSTEM_UID_MAX || geteuid() <= SYSTEM_UID_MAX;
return uid_is_system(getuid()) || uid_is_system(geteuid());
username = getusername_malloc();
if (!username)

2
src/test/test-condition.c
View File

@ -391,7 +391,7 @@ static void test_condition_test_user(void) {
assert_se(condition);
r = condition_test(condition);
log_info("ConditionUser=@system → %i", r);
if (getuid() < SYSTEM_UID_MAX || geteuid() < SYSTEM_UID_MAX)
if (uid_is_system(getuid()) || uid_is_system(geteuid()))
assert_se(r > 0);
else
assert_se(r == 0);