]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: afcea7d)
userdbd: avoid sending gshadow hash to unprivileged callers via varlink
authorLuca Boccassi <luca.boccassi@gmail.com>
Wed, 25 Feb 2026 00:21:17 +0000 (00:21 +0000)
committerMike Yuan <me@yhndnzj.com>
Wed, 25 Feb 2026 01:52:37 +0000 (02:52 +0100)
Reported on yeswehack as YWH-PGM9780-59

Follow-up for d093b62c941ebd6cf16ef9dd6430841eb361ed92

src/userdb/userwork.c patch | blob | blame | history
test/units/TEST-74-AUX-UTILS.varlinkctl.sh patch | blob | blame | history

diff --git a/src/userdb/userwork.c b/src/userdb/userwork.c
index a57447ca85f94df9023bb3ccc84d61b67f6832ce..6abb8795e602dbfd7e3620aabd137029d46ef4fe 100644 (file)
--- a/src/userdb/userwork.c
+++ b/src/userdb/userwork.c
@@ -270,7 +270,7 @@ static int build_group_json(sd_varlink *link, GroupRecord *gr, sd_json_variant *
                 (FLAGS_SET(gr->mask, USER_RECORD_PRIVILEGED) &&
                  !FLAGS_SET(stripped->mask, USER_RECORD_PRIVILEGED));
 
-        v = sd_json_variant_ref(gr->json);
+        v = sd_json_variant_ref(stripped->json);
         r = add_nss_service(&v);
         if (r < 0)
                 return r;
diff --git a/test/units/TEST-74-AUX-UTILS.varlinkctl.sh b/test/units/TEST-74-AUX-UTILS.varlinkctl.sh
index 430809224016a24d157592e9fd350230330ecef8..dc5f952e592772b5a49e88a905d15c43a9f6ba30 100755 (executable)
--- a/test/units/TEST-74-AUX-UTILS.varlinkctl.sh
+++ b/test/units/TEST-74-AUX-UTILS.varlinkctl.sh
@@ -52,6 +52,19 @@ if command -v userdbctl >/dev/null; then
     varlinkctl call --more -j /run/systemd/userdb/io.systemd.Multiplexer io.systemd.UserDatabase.GetMemberships '{ "service" : "io.systemd.Multiplexer" }' --graceful=io.systemd.UserDatabase.NoRecordFound | jq --seq .
     varlinkctl call --oneway /run/systemd/userdb/io.systemd.Multiplexer io.systemd.UserDatabase.GetMemberships '{ "service" : "io.systemd.Multiplexer" }'
     (! varlinkctl call --oneway /run/systemd/userdb/io.systemd.Multiplexer io.systemd.UserDatabase.GetMemberships '{ "service" : "io.systemd.Multiplexer" }' | grep .)
+
+    if command -v openssl >/dev/null && command -v groupadd >/dev/null; then
+        group=haldo
+        salt=waldo
+        getent group "$group" >/dev/null 2>&1 || groupadd "$group"
+        HASH="$(openssl passwd -6 -salt "$salt" baldo)"
+        groupmod -p "$HASH" "$group"
+
+        (! run0 -u testuser varlinkctl call --json=pretty \
+            /run/systemd/userdb/io.systemd.Multiplexer \
+            io.systemd.UserDatabase.GetGroupRecord \
+            '{"groupName":"haldo","service":"io.systemd.NameServiceSwitch"}' | grep waldo)
+    fi
 fi
 
 IDL_FILE="$(mktemp)"
Unnamed repository; edit this file 'description' to name the repository.