user-util: add new uid_is_system() helper

This adds uid_is_system() and gid_is_system(), similar in style to
uid_is_dynamic(). That a helper like this is useful is illustrated by
the fact that test-condition.c didn't get the check right so far, which
this patch fixes.

diff --git a/src/basic/user-util.h b/src/basic/user-util.h
index 855813cc769776788eb941d9f5789e16c9b81cb3..6de68e2d2cff98707ab7de2a068c6581c806e18e 100644 (file)
--- a/src/basic/user-util.h
+++ b/src/basic/user-util.h
@@ -64,6 +64,14 @@ static inline bool uid_is_dynamic(uid_t uid) {
         return DYNAMIC_UID_MIN <= uid && uid <= DYNAMIC_UID_MAX;
 }
 
+static inline bool uid_is_system(uid_t uid) {
+        return uid <= SYSTEM_UID_MAX;
+}
+
+static inline bool gid_is_system(gid_t gid) {
+        return gid <= SYSTEM_GID_MAX;
+}
+
 /* The following macros add 1 when converting things, since UID 0 is a valid UID, while the pointer
  * NULL is special */
 #define PTR_TO_UID(p) ((uid_t) (((uintptr_t) (p))-1))

diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
index d3533790a10828ad54355f5c8bfd966ae27ddf3c..eda7d78be210bd3aa119331ed9ef8fc0f49d8beb 100644 (file)
--- a/src/coredump/coredump.c
+++ b/src/coredump/coredump.c
@@ -165,7 +165,7 @@ static int fix_acl(int fd, uid_t uid) {
 
         assert(fd >= 0);
 
-        if (uid <= SYSTEM_UID_MAX)
+        if (uid_is_system(uid))
                 return 0;
 
         /* Make sure normal users can read (but not write or delete)

diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index 46bf2eb31082f7f353149512412d3543990ccf99..cc45591c098d6ba9ffe54cf0a53487e75d862c16 100644 (file)
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -248,7 +248,7 @@ static void server_add_acls(JournalFile *f, uid_t uid) {
         assert(f);
 
 #if HAVE_ACL
-        if (uid <= SYSTEM_UID_MAX)
+        if (uid_is_system(uid))
                 return;
 
         r = add_acls_for_user(f->fd, uid);
@@ -406,7 +406,7 @@ static JournalFile* find_journal(Server *s, uid_t uid) {
         if (s->runtime_journal)
                 return s->runtime_journal;
 
-        if (uid <= SYSTEM_UID_MAX || uid_is_dynamic(uid))
+        if (uid_is_system(uid) || uid_is_dynamic(uid))
                 return s->system_journal;
 
         r = sd_id128_get_machine(&machine);

diff --git a/src/login/logind-user.c b/src/login/logind-user.c
index 43a9f58adcd15c5557b3849de8dfef874eb5c418..01469438b1462a7a5b1c35801d07f514cdb2fe30 100644 (file)
--- a/src/login/logind-user.c
+++ b/src/login/logind-user.c
@@ -617,7 +617,7 @@ int user_finalize(User *u) {
          * cases, as we shouldn't accidentally remove a system service's IPC objects while it is running, just because
          * a cronjob running as the same user just finished. Hence: exclude system users generally from IPC clean-up,
          * and do it only for normal users. */
-        if (u->manager->remove_ipc && u->uid > SYSTEM_UID_MAX) {
+        if (u->manager->remove_ipc && !uid_is_system(u->uid)) {
                 k = clean_ipc_by_uid(u->uid);
                 if (k < 0)
                         r = k;

diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c
index d6de0a987890f9aa33f42f893e40ae93f02bbe2c..d1a369672eef834c962c5fae2fb6cb2a688d3e89 100644 (file)
--- a/src/nss-systemd/nss-systemd.c
+++ b/src/nss-systemd/nss-systemd.c
@@ -251,7 +251,7 @@ enum nss_status _nss_systemd_getpwuid_r(
                 }
         }
 
-        if (uid <= SYSTEM_UID_MAX)
+        if (uid_is_system(uid))
                 goto not_found;
 
         if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
@@ -463,7 +463,7 @@ enum nss_status _nss_systemd_getgrgid_r(
                 }
         }
 
-        if (gid <= SYSTEM_GID_MAX)
+        if (gid_is_system(gid))
                 goto not_found;
 
         if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)

diff --git a/src/shared/condition.c b/src/shared/condition.c
index f1e914cb2df48cda70dd64d6d137df2d2044dfcb..3f32dfb7b675ae7939afac5c4624dc6bdecc9277 100644 (file)
--- a/src/shared/condition.c
+++ b/src/shared/condition.c
@@ -157,7 +157,7 @@ static int condition_test_user(Condition *c) {
                 return id == getuid() || id == geteuid();
 
         if (streq("@system", c->parameter))
-                return getuid() <= SYSTEM_UID_MAX || geteuid() <= SYSTEM_UID_MAX;
+                return uid_is_system(getuid()) || uid_is_system(geteuid());
 
         username = getusername_malloc();
         if (!username)

diff --git a/src/test/test-condition.c b/src/test/test-condition.c
index 31e08b2318ada66e2a06b939def8c838e34cf1f7..d43db3a7cd68c92248a74e1ca2665489aea18f33 100644 (file)
--- a/src/test/test-condition.c
+++ b/src/test/test-condition.c
@@ -391,7 +391,7 @@ static void test_condition_test_user(void) {
         assert_se(condition);
         r = condition_test(condition);
         log_info("ConditionUser=@system → %i", r);
-        if (getuid() < SYSTEM_UID_MAX || geteuid() < SYSTEM_UID_MAX)
+        if (uid_is_system(getuid()) || uid_is_system(geteuid()))
                 assert_se(r > 0);
         else
                 assert_se(r == 0);