Merge pull request #31524 from poettering/secure-getenv-naming-fix

[thirdparty/systemd.git] / src / nss-systemd / userdb-glue.c

diff --git a/src/nss-systemd/userdb-glue.c b/src/nss-systemd/userdb-glue.c
index a55790f641b0e4f0ad6e2513ef6f17743f773d1b..b02d89a20bc600c8450fcf53f2a2bdac9599b5b5 100644 (file)
--- a/src/nss-systemd/userdb-glue.c
+++ b/src/nss-systemd/userdb-glue.c
@@ -14,7 +14,7 @@ UserDBFlags nss_glue_userdb_flags(void) {
         UserDBFlags flags = USERDB_EXCLUDE_NSS;
 
         /* Make sure that we don't go in circles when allocating a dynamic UID by checking our own database */
-        if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
+        if (secure_getenv_bool("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
                 flags |= USERDB_EXCLUDE_DYNAMIC_USER;
 
         return flags;
@@ -35,6 +35,8 @@ int nss_pack_user_record(
         assert(hr->user_name);
         required = strlen(hr->user_name) + 1;
 
+        required += 2; /* strlen(PASSWORD_SEE_SHADOW) + 1 */
+
         assert_se(rn = user_record_real_name(hr));
         required += strlen(rn) + 1;
 
@@ -51,12 +53,12 @@ int nss_pack_user_record(
                 .pw_name = buffer,
                 .pw_uid = hr->uid,
                 .pw_gid = user_record_gid(hr),
-                .pw_passwd = (char*) PASSWORD_SEE_SHADOW,
         };
 
         assert(buffer);
 
-        pwd->pw_gecos = stpcpy(pwd->pw_name, hr->user_name) + 1;
+        pwd->pw_passwd = stpcpy(pwd->pw_name, hr->user_name) + 1;
+        pwd->pw_gecos = stpcpy(pwd->pw_passwd, PASSWORD_SEE_SHADOW) + 1;
         pwd->pw_dir = stpcpy(pwd->pw_gecos, rn) + 1;
         pwd->pw_shell = stpcpy(pwd->pw_dir, hd) + 1;
         strcpy(pwd->pw_shell, shell);
@@ -215,7 +217,7 @@ int nss_pack_group_record(
                 char *buffer,
                 size_t buflen) {
 
-        char **array = NULL, *p, **m;
+        char **array = NULL, *p;
         size_t required, n = 0, i = 0;
 
         assert(g);
@@ -301,7 +303,7 @@ enum nss_status userdb_getgrnam(
         }
 
         if (!g) {
-                _cleanup_(_nss_systemd_unblockp) bool blocked = false;
+                _unused_ _cleanup_(_nss_systemd_unblockp) bool blocked = false;
 
                 if (strv_isempty(members))
                         return NSS_STATUS_NOTFOUND;
@@ -363,7 +365,7 @@ enum nss_status userdb_getgrgid(
         }
 
         if (!g) {
-                _cleanup_(_nss_systemd_unblockp) bool blocked = false;
+                _unused_ _cleanup_(_nss_systemd_unblockp) bool blocked = false;
 
                 /* So, quite possibly we have to extend an existing group record with additional members. But
                  * to do this we need to know the group name first. The group didn't exist via non-NSS