From: Lennart Poettering Date: Sat, 2 Dec 2017 12:07:18 +0000 (+0100) Subject: nss-systemd: tweak checks when we consult PID 1 for dynamic UID/GID lookups X-Git-Tag: v236~56^2~7 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=834382779304c6f8b1994dcafaa748d798f533b6;p=thirdparty%2Fsystemd.git nss-systemd: tweak checks when we consult PID 1 for dynamic UID/GID lookups Instead of contacting PID 1 for dynamic UID/GID lookups for all UIDs/GIDs that do not qualify as "system" do the more precise check instead: check if they actually qualify for the "dynamic" range. --- diff --git a/src/basic/user-util.h b/src/basic/user-util.h index 6de68e2d2cf..d148d5819ea 100644 --- a/src/basic/user-util.h +++ b/src/basic/user-util.h @@ -64,6 +64,10 @@ static inline bool uid_is_dynamic(uid_t uid) { return DYNAMIC_UID_MIN <= uid && uid <= DYNAMIC_UID_MAX; } +static inline bool gid_is_dynamic(gid_t gid) { + return uid_is_dynamic((uid_t) gid); +} + static inline bool uid_is_system(uid_t uid) { return uid <= SYSTEM_UID_MAX; } diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c index d1a369672ee..1852cf41cb7 100644 --- a/src/nss-systemd/nss-systemd.c +++ b/src/nss-systemd/nss-systemd.c @@ -251,7 +251,7 @@ enum nss_status _nss_systemd_getpwuid_r( } } - if (uid_is_system(uid)) + if (!uid_is_dynamic(uid)) goto not_found; if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0) @@ -463,7 +463,7 @@ enum nss_status _nss_systemd_getgrgid_r( } } - if (gid_is_system(gid)) + if (!gid_is_dynamic(gid)) goto not_found; if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0) @@ -500,7 +500,6 @@ enum nss_status _nss_systemd_getgrgid_r( direct_lookup: if (bypass > 0) { - r = direct_lookup_uid(gid, &direct); if (r == -ENOENT) goto not_found;