diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-09-25 17:16:06 +0200 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-10-01 19:53:45 +0200 |
commit | aa25270cb22f5f7ca2b18c288d4e15bbc6eb239e (patch) | |
tree | 9202acc83c3b26cfca9be040931c1b4ea304da19 /src/shared/user-record.c | |
parent | 044df624aaa7293f82d2da48eb553cdf0ac780d9 (diff) | |
download | systemd-aa25270cb22f5f7ca2b18c288d4e15bbc6eb239e.tar.gz |
sysusers: look at login.defs when setting the default range to allocate users
Also, even if login.defs are not present, don't start allocating at 1, but at
SYSTEM_UID_MIN.
Fixes #9769.
The test is adjusted. Actually, it was busted before, because sysusers would
never use SYSTEM_GID_MIN, so if SYSTEM_GID_MIN was different than
SYSTEM_UID_MIN, the tests would fail. On all "normal" systems the two are
equal, so we didn't notice. Since sysusers now always uses the minimum of the
two, we only need to substitute one value.
Diffstat (limited to 'src/shared/user-record.c')
-rw-r--r-- | src/shared/user-record.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/src/shared/user-record.c b/src/shared/user-record.c index 3ba78d455f..7e7b28eb55 100644 --- a/src/shared/user-record.c +++ b/src/shared/user-record.c @@ -37,21 +37,24 @@ static int parse_alloc_uid(const char *path, const char *name, const char *t, ui *ret_uid = uid; return 0; } +#endif -static int read_login_defs(UGIDAllocationRange *ret_defs, const char *path) { - _cleanup_fclose_ FILE *f = NULL; +int read_login_defs(UGIDAllocationRange *ret_defs, const char *path, const char *root) { UGIDAllocationRange defs = { .system_alloc_uid_min = SYSTEM_ALLOC_UID_MIN, .system_uid_max = SYSTEM_UID_MAX, .system_alloc_gid_min = SYSTEM_ALLOC_GID_MIN, .system_gid_max = SYSTEM_GID_MAX, }; + +#if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES + _cleanup_fclose_ FILE *f = NULL; int r; if (!path) path = "/etc/login.defs"; - r = fopen_unlocked(path, "re", &f); + r = chase_symlinks_and_fopen_unlocked(path, root, CHASE_PREFIX_ROOT, "re", &f, NULL); if (r == -ENOENT) goto assign; if (r < 0) @@ -88,11 +91,11 @@ static int read_login_defs(UGIDAllocationRange *ret_defs, const char *path) { defs.system_alloc_gid_min = MIN(defs.system_gid_max - 1, (gid_t) SYSTEM_ALLOC_GID_MIN); /* Look at sys_gid_max to make sure sys_gid_min..sys_gid_max remains a valid range. */ } +#endif *ret_defs = defs; return 0; } -#endif const UGIDAllocationRange *acquire_ugid_allocation_range(void) { #if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES @@ -114,7 +117,7 @@ const UGIDAllocationRange *acquire_ugid_allocation_range(void) { static thread_local bool initialized = false; if (!initialized) { - (void) read_login_defs(&defs, NULL); + (void) read_login_defs(&defs, NULL, NULL); initialized = true; } #endif |