diff options
author | Balint Reczey <balint.reczey@canonical.com> | 2020-02-06 23:14:47 +0100 |
---|---|---|
committer | Balint Reczey <balint.reczey@canonical.com> | 2020-02-06 23:14:47 +0100 |
commit | d906ecd3b652d95af6ffb974a2f6669501bb9496 (patch) | |
tree | 178a8f140927896970f47930dae9213161268f10 /libmisc | |
parent | 69d932140c70455a282b6e7115d9caf0cc56d6ff (diff) | |
download | shadow-d906ecd3b652d95af6ffb974a2f6669501bb9496.tar.gz |
New upstream version 4.8.1upstream/4.8.1
Diffstat (limited to 'libmisc')
-rw-r--r-- | libmisc/btrfs.c | 1 | ||||
-rw-r--r-- | libmisc/prefix_flag.c | 10 | ||||
-rw-r--r-- | libmisc/user_busy.c | 44 |
3 files changed, 41 insertions, 14 deletions
diff --git a/libmisc/btrfs.c b/libmisc/btrfs.c index cae93476..d23da5eb 100644 --- a/libmisc/btrfs.c +++ b/libmisc/btrfs.c @@ -7,7 +7,6 @@ static bool path_exists(const char *p) { - int ret; struct stat sb; return stat(p, &sb) == 0; diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c index 4fe6d195..d72f7e39 100644 --- a/libmisc/prefix_flag.c +++ b/libmisc/prefix_flag.c @@ -166,7 +166,7 @@ extern struct group *prefix_getgrnam(const char *name) fg = fopen(group_db_file, "rt"); if(!fg) return NULL; - while(grp = fgetgrent(fg)) { + while((grp = fgetgrent(fg)) != NULL) { if(!strcmp(name, grp->gr_name)) break; } @@ -186,7 +186,7 @@ extern struct group *prefix_getgrgid(gid_t gid) fg = fopen(group_db_file, "rt"); if(!fg) return NULL; - while(grp = fgetgrent(fg)) { + while((grp = fgetgrent(fg)) != NULL) { if(gid == grp->gr_gid) break; } @@ -206,7 +206,7 @@ extern struct passwd *prefix_getpwuid(uid_t uid) fg = fopen(passwd_db_file, "rt"); if(!fg) return NULL; - while(pwd = fgetpwent(fg)) { + while((pwd = fgetpwent(fg)) != NULL) { if(uid == pwd->pw_uid) break; } @@ -226,7 +226,7 @@ extern struct passwd *prefix_getpwnam(const char* name) fg = fopen(passwd_db_file, "rt"); if(!fg) return NULL; - while(pwd = fgetpwent(fg)) { + while((pwd = fgetpwent(fg)) != NULL) { if(!strcmp(name, pwd->pw_name)) break; } @@ -246,7 +246,7 @@ extern struct spwd *prefix_getspnam(const char* name) fg = fopen(spw_db_file, "rt"); if(!fg) return NULL; - while(sp = fgetspent(fg)) { + while((sp = fgetspent(fg)) != NULL) { if(!strcmp(name, sp->sp_namp)) break; } diff --git a/libmisc/user_busy.c b/libmisc/user_busy.c index b0867568..324bb946 100644 --- a/libmisc/user_busy.c +++ b/libmisc/user_busy.c @@ -39,6 +39,7 @@ #include <sys/types.h> #include <dirent.h> #include <fcntl.h> +#include <unistd.h> #include "defines.h" #include "prototypes.h" #ifdef ENABLE_SUBIDS @@ -106,6 +107,31 @@ static int user_busy_utmp (const char *name) #endif /* !__linux__ */ #ifdef __linux__ +#ifdef ENABLE_SUBIDS +#define in_parentuid_range(uid) ((uid) >= parentuid && (uid) < parentuid + range) +static int different_namespace (const char *sname) +{ + /* 41: /proc/xxxxxxxxxx/task/xxxxxxxxxx/ns/user + \0 */ + char path[41]; + char buf[512], buf2[512]; + ssize_t llen1, llen2; + + snprintf (path, 41, "/proc/%s/ns/user", sname); + + if ((llen1 = readlink (path, buf, sizeof(buf))) == -1) + return 0; + + if ((llen2 = readlink ("/proc/self/ns/user", buf2, sizeof(buf2))) == -1) + return 0; + + if (llen1 == llen2 && memcmp (buf, buf2, llen1) == 0) + return 0; /* same namespace */ + + return 1; +} +#endif /* ENABLE_SUBIDS */ + + static int check_status (const char *name, const char *sname, uid_t uid) { /* 40: /proc/xxxxxxxxxx/task/xxxxxxxxxx/status + \0 */ @@ -114,7 +140,6 @@ static int check_status (const char *name, const char *sname, uid_t uid) FILE *sfile; snprintf (status, 40, "/proc/%s/status", sname); - status[39] = '\0'; sfile = fopen (status, "r"); if (NULL == sfile) { @@ -123,26 +148,29 @@ static int check_status (const char *name, const char *sname, uid_t uid) while (fgets (line, sizeof (line), sfile) == line) { if (strncmp (line, "Uid:\t", 5) == 0) { unsigned long ruid, euid, suid; + assert (uid == (unsigned long) uid); + (void) fclose (sfile); if (sscanf (line, "Uid:\t%lu\t%lu\t%lu\n", &ruid, &euid, &suid) == 3) { if ( (ruid == (unsigned long) uid) || (euid == (unsigned long) uid) - || (suid == (unsigned long) uid) + || (suid == (unsigned long) uid) ) { + return 1; + } #ifdef ENABLE_SUBIDS - || have_sub_uids(name, ruid, 1) - || have_sub_uids(name, euid, 1) - || have_sub_uids(name, suid, 1) -#endif /* ENABLE_SUBIDS */ + if ( different_namespace (sname) + && ( have_sub_uids(name, ruid, 1) + || have_sub_uids(name, euid, 1) + || have_sub_uids(name, suid, 1)) ) { - (void) fclose (sfile); return 1; } +#endif /* ENABLE_SUBIDS */ } else { /* Ignore errors. This is just a best effort. */ } - (void) fclose (sfile); return 0; } } |