diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-05-31 18:21:09 +0200 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-05-31 18:38:16 +0200 |
commit | 156a5fd297b61bce31630d7a52c15614bf784843 (patch) | |
tree | 09a99c8c85fbb8e48f0fca8b8011e493cbb94164 | |
parent | f7091f458e2c91afe5005c694cd17fa0adf2197f (diff) | |
download | systemd-156a5fd297b61bce31630d7a52c15614bf784843.tar.gz |
basic/user-util: always use base 10 for user/group numbers
We would parse numbers with base prefixes as user identifiers. For example,
"0x2b3bfa0" would be interpreted as UID==45334432 and "01750" would be
interpreted as UID==1000. This parsing was used also in cases where either a
user/group name or number may be specified. This means that names like
0x2b3bfa0 would be ambiguous: they are a valid user name according to our
documented relaxed rules, but they would also be parsed as numeric uids.
This behaviour is definitely not expected by users, since tools generally only
accept decimal numbers (e.g. id, getent passwd), while other tools only accept
user names and thus will interpret such strings as user names without even
attempting to convert them to numbers (su, ssh). So let's follow suit and only
accept numbers in decimal notation. Effectively this means that we will reject
such strings as a username/uid/groupname/gid where strict mode is used, and try
to look up a user/group with such a name in relaxed mode.
Since the function changed is fairly low-level and fairly widely used, this
affects multiple tools: loginctl show-user/enable-linger/disable-linger foo',
the third argument in sysusers.d, fourth and fifth arguments in tmpfiles.d,
etc.
Fixes #15985.
-rw-r--r-- | src/basic/user-util.c | 2 | ||||
-rw-r--r-- | src/test/test-user-util.c | 10 |
2 files changed, 11 insertions, 1 deletions
diff --git a/src/basic/user-util.c b/src/basic/user-util.c index 2e3580017d..2db8ef6abf 100644 --- a/src/basic/user-util.c +++ b/src/basic/user-util.c @@ -49,7 +49,7 @@ int parse_uid(const char *s, uid_t *ret) { assert(s); assert_cc(sizeof(uid_t) == sizeof(uint32_t)); - r = safe_atou32(s, &uid); + r = safe_atou32_full(s, 10, &uid); if (r < 0) return r; diff --git a/src/test/test-user-util.c b/src/test/test-user-util.c index a0e1495186..3165232fef 100644 --- a/src/test/test-user-util.c +++ b/src/test/test-user-util.c @@ -48,9 +48,19 @@ static void test_parse_uid(void) { r = parse_uid("65535", &uid); assert_se(r == -ENXIO); + assert_se(uid == 100); + + r = parse_uid("0x1234", &uid); + assert_se(r == -EINVAL); + assert_se(uid == 100); + + r = parse_uid("01234", &uid); + assert_se(r == 0); + assert_se(uid == 1234); r = parse_uid("asdsdas", &uid); assert_se(r == -EINVAL); + assert_se(uid == 1234); } static void test_uid_ptr(void) { |