tree-wide: refuse user/group records lacking UID or GID

userdb allows user/group records without UID/GID (it only really
requires a name), in order to permit "unfixated" records. But that means
we cannot just rely on the field to be valid. And we mostly got that
right, but not everywhere. Fix that.

diff --git a/src/login/logind-core.c b/src/login/logind-core.c
index 98d3718c86eaee3e33d5446d391da54d0aade974..f3102c3199495610a5e7093c0abac9b79dd992a9 100644 (file)
--- a/src/login/logind-core.c
+++ b/src/login/logind-core.c
@@ -195,6 +195,9 @@ int manager_add_user_by_name(
         if (r < 0)
                 return r;
 
+        if (!uid_is_valid(ur->uid)) /* Refuse users without UID */
+                return -ESRCH;
+
         return manager_add_user(m, ur, ret_user);
 }
 

diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
index a50d1228c2ac403764200dd5a6ab40800e1a49ab..c4f35e3a558de3bbf57cd7c0bb4aa63b58e4b759 100644 (file)
--- a/src/login/pam_systemd.c
+++ b/src/login/pam_systemd.c
@@ -241,6 +241,11 @@ static int acquire_user_record(
                         return PAM_USER_UNKNOWN;
                 }
 
+                if (!uid_is_valid(ur->uid)) {
+                        pam_syslog_errno(handle, LOG_ERR, r, "User record of user '%s' has no UID, refusing: %m", username);
+                        return PAM_USER_UNKNOWN;
+                }
+
                 r = sd_json_variant_format(ur->json, 0, &formatted);
                 if (r < 0)
                         return pam_syslog_errno(handle, LOG_ERR, r, "Failed to format user JSON: %m");

diff --git a/src/nspawn/nspawn-bind-user.c b/src/nspawn/nspawn-bind-user.c
index 725208a1d49b86e6f29cb93a4d535d6f7c2bd7e9..373a05af3e914ae5dc90fa61d495d87b0b5f28d7 100644 (file)
--- a/src/nspawn/nspawn-bind-user.c
+++ b/src/nspawn/nspawn-bind-user.c
@@ -244,9 +244,13 @@ int bind_user_prepare(
                  * UID is safer. */
                 if (user_record_is_root(u))
                         return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Mapping 'root' user not supported, sorry.");
+
                 if (user_record_is_nobody(u))
                         return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Mapping 'nobody' user not supported, sorry.");
 
+                if (!uid_is_valid(u->uid))
+                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Cannot bind user with no UID, refusing.");
+
                 if (u->uid >= uid_shift && u->uid < uid_shift + uid_range)
                         return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "UID of user '%s' to map is already in container UID range, refusing.", u->user_name);