offline-passwd: use chase_symlinks()

In case the passwd/group file is symlinked, follow things correctly.

Follow-up for: #16512
Addresses: https://github.com/systemd/systemd/pull/16512#discussion_r458073677

diff --git a/src/shared/offline-passwd.c b/src/shared/offline-passwd.c
index 3f8220d9ac59eab55c26bc2af8375c3e1cf2f5e5..26a1b9c537dcee24cdcdd091739626b43fe037c2 100644 (file)
--- a/src/shared/offline-passwd.c
+++ b/src/shared/offline-passwd.c
@@ -1,6 +1,7 @@
 /* SPDX-License-Identifier: LGPL-2.1+ */
 
 #include "fd-util.h"
+#include "fs-util.h"
 #include "offline-passwd.h"
 #include "path-util.h"
 #include "user-util.h"
@@ -8,14 +9,19 @@
 DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(uid_gid_hash_ops, char, string_hash_func, string_compare_func, free);
 
 static int open_passwd_file(const char *root, const char *fname, FILE **ret_file) {
-        const char *p = prefix_roota(root, fname);
-        if (!p)
-                return -ENOMEM;
+        _cleanup_free_ char *p = NULL;
+        _cleanup_close_ int fd = -1;
+
+        fd = chase_symlinks_and_open(fname, root, CHASE_PREFIX_ROOT, O_RDONLY|O_CLOEXEC, &p);
+        if (fd < 0)
+                return fd;
 
-        FILE *f = fopen(p, "re");
+        FILE *f = fdopen(fd, "r");
         if (!f)
                 return -errno;
 
+        TAKE_FD(fd);
+
         log_debug("Reading %s entries from %s...", basename(fname), p);
 
         *ret_file = f;