diff options
Diffstat (limited to 'src/core/dynamic-user.c')
-rw-r--r-- | src/core/dynamic-user.c | 49 |
1 files changed, 18 insertions, 31 deletions
diff --git a/src/core/dynamic-user.c b/src/core/dynamic-user.c index 2bf9094..11de2ba 100644 --- a/src/core/dynamic-user.c +++ b/src/core/dynamic-user.c @@ -20,7 +20,7 @@ #include "stdio-util.h" #include "string-util.h" #include "strv.h" -#include "uid-alloc-range.h" +#include "uid-classification.h" #include "user-util.h" /* Takes a value generated randomly or by hashing and turns it into a UID in the right range */ @@ -143,7 +143,6 @@ static int dynamic_user_acquire(Manager *m, const char *name, DynamicUser** ret) } static int make_uid_symlinks(uid_t uid, const char *name, bool b) { - char path1[STRLEN("/run/systemd/dynamic-uid/direct:") + DECIMAL_STR_MAX(uid_t) + 1]; const char *path2; int r = 0, k; @@ -293,8 +292,8 @@ static int pick_uid(char **suggested_paths, const char *name, uid_t *ret_uid) { } /* Some superficial check whether this UID/GID might already be taken by some static user */ - if (getpwuid(candidate) || - getgrgid((gid_t) candidate) || + if (getpwuid_malloc(candidate, /* ret= */ NULL) >= 0 || + getgrgid_malloc((gid_t) candidate, /* ret= */ NULL) >= 0 || search_ipc(candidate, (gid_t) candidate) != 0) { (void) unlink(lock_path); continue; @@ -419,30 +418,26 @@ static int dynamic_user_realize( /* First, let's parse this as numeric UID */ r = parse_uid(d->name, &num); if (r < 0) { - struct passwd *p; - struct group *g; + _cleanup_free_ struct passwd *p = NULL; + _cleanup_free_ struct group *g = NULL; if (is_user) { /* OK, this is not a numeric UID. Let's see if there's a user by this name */ - p = getpwnam(d->name); - if (p) { + if (getpwnam_malloc(d->name, &p) >= 0) { num = p->pw_uid; gid = p->pw_gid; } else { /* if the user does not exist but the group with the same name exists, refuse operation */ - g = getgrnam(d->name); - if (g) + if (getgrnam_malloc(d->name, /* ret= */ NULL) >= 0) return -EILSEQ; } } else { /* Let's see if there's a group by this name */ - g = getgrnam(d->name); - if (g) + if (getgrnam_malloc(d->name, &g) >= 0) num = (uid_t) g->gr_gid; else { /* if the group does not exist but the user with the same name exists, refuse operation */ - p = getpwnam(d->name); - if (p) + if (getpwnam_malloc(d->name, /* ret= */ NULL) >= 0) return -EILSEQ; } } @@ -484,13 +479,12 @@ static int dynamic_user_realize( uid_lock_fd = new_uid_lock_fd; } } else if (is_user && !uid_is_dynamic(num)) { - struct passwd *p; + _cleanup_free_ struct passwd *p = NULL; /* Statically allocated user may have different uid and gid. So, let's obtain the gid. */ - errno = 0; - p = getpwuid(num); - if (!p) - return errno_or_else(ESRCH); + r = getpwuid_malloc(num, &p); + if (r < 0) + return r; gid = p->pw_gid; } @@ -658,7 +652,7 @@ void dynamic_user_deserialize_one(Manager *m, const char *value, FDSet *fds, Dyn /* Parse the serialization again, after a daemon reload */ - r = extract_many_words(&value, NULL, 0, &name, &s0, &s1, NULL); + r = extract_many_words(&value, NULL, 0, &name, &s0, &s1); if (r != 3 || !isempty(value)) { log_debug("Unable to parse dynamic user line."); return; @@ -761,7 +755,6 @@ int dynamic_user_lookup_name(Manager *m, const char *name, uid_t *ret) { int dynamic_creds_make(Manager *m, const char *user, const char *group, DynamicCreds **ret) { _cleanup_(dynamic_creds_unrefp) DynamicCreds *creds = NULL; - bool acquired = false; int r; assert(m); @@ -784,20 +777,14 @@ int dynamic_creds_make(Manager *m, const char *user, const char *group, DynamicC r = dynamic_user_acquire(m, user, &creds->user); if (r < 0) return r; - - acquired = true; } - if (creds->user && (!group || streq_ptr(user, group))) - creds->group = dynamic_user_ref(creds->user); - else if (group) { + if (group && !streq_ptr(user, group)) { r = dynamic_user_acquire(m, group, &creds->group); - if (r < 0) { - if (acquired) - creds->user = dynamic_user_unref(creds->user); + if (r < 0) return r; - } - } + } else + creds->group = ASSERT_PTR(dynamic_user_ref(creds->user)); *ret = TAKE_PTR(creds); |