diff options
Diffstat (limited to 'src/nss-mymachines')
-rw-r--r-- | src/nss-mymachines/nss-mymachines.c | 88 |
1 files changed, 36 insertions, 52 deletions
diff --git a/src/nss-mymachines/nss-mymachines.c b/src/nss-mymachines/nss-mymachines.c index d56d3b4c21..3d1fc28353 100644 --- a/src/nss-mymachines/nss-mymachines.c +++ b/src/nss-mymachines/nss-mymachines.c @@ -94,6 +94,7 @@ enum nss_status _nss_mymachines_gethostbyname4_r( char *r_name; int n_ifindices, r; + PROTECT_ERRNO; BLOCK_SIGNALS(NSS_SIGNALS_BLOCK); assert(name); @@ -145,7 +146,6 @@ enum nss_status _nss_mymachines_gethostbyname4_r( goto fail; if (c <= 0) { - *errnop = ESRCH; *h_errnop = HOST_NOT_FOUND; return NSS_STATUS_NOTFOUND; } @@ -219,8 +219,8 @@ enum nss_status _nss_mymachines_gethostbyname4_r( if (ttlp) *ttlp = 0; - /* Explicitly reset all error variables */ - *errnop = 0; + /* Explicitly reset both *h_errnop and h_errno to work around + * https://bugzilla.redhat.com/show_bug.cgi?id=1125975 */ *h_errnop = NETDB_SUCCESS; h_errno = 0; @@ -249,6 +249,7 @@ enum nss_status _nss_mymachines_gethostbyname3_r( size_t l, idx, ms, alen; int r; + PROTECT_ERRNO; BLOCK_SIGNALS(NSS_SIGNALS_BLOCK); assert(name); @@ -302,7 +303,6 @@ enum nss_status _nss_mymachines_gethostbyname3_r( goto fail; if (c <= 0) { - *errnop = ENOENT; *h_errnop = HOST_NOT_FOUND; return NSS_STATUS_NOTFOUND; } @@ -388,8 +388,8 @@ enum nss_status _nss_mymachines_gethostbyname3_r( if (canonp) *canonp = r_name; - /* Explicitly reset all error variables */ - *errnop = 0; + /* Explicitly reset both *h_errnop and h_errno to work around + * https://bugzilla.redhat.com/show_bug.cgi?id=1125975 */ *h_errnop = NETDB_SUCCESS; h_errno = 0; @@ -418,6 +418,7 @@ enum nss_status _nss_mymachines_getpwnam_r( size_t l; int r; + PROTECT_ERRNO; BLOCK_SIGNALS(NSS_SIGNALS_BLOCK); assert(name); @@ -425,28 +426,28 @@ enum nss_status _nss_mymachines_getpwnam_r( p = startswith(name, "vu-"); if (!p) - goto not_found; + return NSS_STATUS_NOTFOUND; e = strrchr(p, '-'); if (!e || e == p) - goto not_found; + return NSS_STATUS_NOTFOUND; if (e - p > HOST_NAME_MAX - 1) /* -1 for the last dash */ - goto not_found; + return NSS_STATUS_NOTFOUND; r = parse_uid(e + 1, &uid); if (r < 0) - goto not_found; + return NSS_STATUS_NOTFOUND; machine = strndupa(p, e - p); if (!machine_name_is_valid(machine)) - goto not_found; + return NSS_STATUS_NOTFOUND; if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0) /* Make sure we can't deadlock if we are invoked by dbus-daemon. This way, it won't be able to resolve * these UIDs, but that should be unproblematic as containers should never be able to connect to a bus * running on the host. */ - goto not_found; + return NSS_STATUS_NOTFOUND; if (avoid_deadlock()) { r = -EDEADLK; @@ -468,7 +469,7 @@ enum nss_status _nss_mymachines_getpwnam_r( machine, (uint32_t) uid); if (r < 0) { if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_USER_MAPPING)) - goto not_found; + return NSS_STATUS_NOTFOUND; goto fail; } @@ -479,7 +480,7 @@ enum nss_status _nss_mymachines_getpwnam_r( /* Refuse to work if the mapped address is in the host UID range, or if there was no mapping at all. */ if (mapped < HOST_UID_LIMIT || mapped == uid) - goto not_found; + return NSS_STATUS_NOTFOUND; l = strlen(name); if (buflen < l+1) { @@ -497,13 +498,8 @@ enum nss_status _nss_mymachines_getpwnam_r( pwd->pw_dir = (char*) "/"; pwd->pw_shell = (char*) "/sbin/nologin"; - *errnop = 0; return NSS_STATUS_SUCCESS; -not_found: - *errnop = 0; - return NSS_STATUS_NOTFOUND; - fail: *errnop = -r; return NSS_STATUS_UNAVAIL; @@ -522,17 +518,18 @@ enum nss_status _nss_mymachines_getpwuid_r( uint32_t mapped; int r; + PROTECT_ERRNO; BLOCK_SIGNALS(NSS_SIGNALS_BLOCK); if (!uid_is_valid(uid)) - goto not_found; + return NSS_STATUS_NOTFOUND; /* We consider all uids < 65536 host uids */ if (uid < HOST_UID_LIMIT) - goto not_found; + return NSS_STATUS_NOTFOUND; if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0) - goto not_found; + return NSS_STATUS_NOTFOUND; if (avoid_deadlock()) { r = -EDEADLK; @@ -554,7 +551,7 @@ enum nss_status _nss_mymachines_getpwuid_r( (uint32_t) uid); if (r < 0) { if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_USER_MAPPING)) - goto not_found; + return NSS_STATUS_NOTFOUND; goto fail; } @@ -564,7 +561,7 @@ enum nss_status _nss_mymachines_getpwuid_r( goto fail; if (mapped == uid) - goto not_found; + return NSS_STATUS_NOTFOUND; if (snprintf(buffer, buflen, "vu-%s-" UID_FMT, machine, (uid_t) mapped) >= (int) buflen) { *errnop = ERANGE; @@ -579,13 +576,8 @@ enum nss_status _nss_mymachines_getpwuid_r( pwd->pw_dir = (char*) "/"; pwd->pw_shell = (char*) "/sbin/nologin"; - *errnop = 0; return NSS_STATUS_SUCCESS; -not_found: - *errnop = 0; - return NSS_STATUS_NOTFOUND; - fail: *errnop = -r; return NSS_STATUS_UNAVAIL; @@ -608,6 +600,7 @@ enum nss_status _nss_mymachines_getgrnam_r( size_t l; int r; + PROTECT_ERRNO; BLOCK_SIGNALS(NSS_SIGNALS_BLOCK); assert(name); @@ -615,25 +608,25 @@ enum nss_status _nss_mymachines_getgrnam_r( p = startswith(name, "vg-"); if (!p) - goto not_found; + return NSS_STATUS_NOTFOUND; e = strrchr(p, '-'); if (!e || e == p) - goto not_found; + return NSS_STATUS_NOTFOUND; if (e - p > HOST_NAME_MAX - 1) /* -1 for the last dash */ - goto not_found; + return NSS_STATUS_NOTFOUND; r = parse_gid(e + 1, &gid); if (r < 0) - goto not_found; + return NSS_STATUS_NOTFOUND; machine = strndupa(p, e - p); if (!machine_name_is_valid(machine)) - goto not_found; + return NSS_STATUS_NOTFOUND; if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0) - goto not_found; + return NSS_STATUS_NOTFOUND; if (avoid_deadlock()) { r = -EDEADLK; @@ -655,7 +648,7 @@ enum nss_status _nss_mymachines_getgrnam_r( machine, (uint32_t) gid); if (r < 0) { if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_GROUP_MAPPING)) - goto not_found; + return NSS_STATUS_NOTFOUND; goto fail; } @@ -665,7 +658,7 @@ enum nss_status _nss_mymachines_getgrnam_r( goto fail; if (mapped < HOST_GID_LIMIT || mapped == gid) - goto not_found; + return NSS_STATUS_NOTFOUND; l = sizeof(char*) + strlen(name) + 1; if (buflen < l) { @@ -681,13 +674,8 @@ enum nss_status _nss_mymachines_getgrnam_r( gr->gr_passwd = (char*) "*"; /* locked */ gr->gr_mem = (char**) buffer; - *errnop = 0; return NSS_STATUS_SUCCESS; -not_found: - *errnop = 0; - return NSS_STATUS_NOTFOUND; - fail: *errnop = -r; return NSS_STATUS_UNAVAIL; @@ -706,17 +694,18 @@ enum nss_status _nss_mymachines_getgrgid_r( uint32_t mapped; int r; + PROTECT_ERRNO; BLOCK_SIGNALS(NSS_SIGNALS_BLOCK); if (!gid_is_valid(gid)) - goto not_found; + return NSS_STATUS_NOTFOUND; /* We consider all gids < 65536 host gids */ if (gid < HOST_GID_LIMIT) - goto not_found; + return NSS_STATUS_NOTFOUND; if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0) - goto not_found; + return NSS_STATUS_NOTFOUND; if (avoid_deadlock()) { r = -EDEADLK; @@ -738,7 +727,7 @@ enum nss_status _nss_mymachines_getgrgid_r( (uint32_t) gid); if (r < 0) { if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_GROUP_MAPPING)) - goto not_found; + return NSS_STATUS_NOTFOUND; goto fail; } @@ -748,7 +737,7 @@ enum nss_status _nss_mymachines_getgrgid_r( goto fail; if (mapped == gid) - goto not_found; + return NSS_STATUS_NOTFOUND; if (buflen < sizeof(char*) + 1) { *errnop = ERANGE; @@ -766,13 +755,8 @@ enum nss_status _nss_mymachines_getgrgid_r( gr->gr_passwd = (char*) "*"; /* locked */ gr->gr_mem = (char**) buffer; - *errnop = 0; return NSS_STATUS_SUCCESS; -not_found: - *errnop = 0; - return NSS_STATUS_NOTFOUND; - fail: *errnop = -r; return NSS_STATUS_UNAVAIL; |