From 24eccc3414a29a14b319d639531bd23c158b20e1 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 10 Jan 2018 18:26:03 +0100
Subject: nss-systemd,user-util: add a way how synthesizing "nobody" can be
 turned off

This is quite ugly, but provides us with an avenue for moving
distributions to define the "nobody" user properly without breaking legacy
systems that us the name for other stuff.

The idea is basically, that the distribution adopts the new definition
of "nobody" (and thus recompiles systemd with it) and then touches
/etc/systemd/dont-synthesize-nobody on legacy systems to turn off
possibly conflicting synthesizing of the nobody name by systemd.
---
 src/nss-systemd/nss-systemd.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'src/nss-systemd')

diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c
index cc641e1615..f75405d2e5 100644
--- a/src/nss-systemd/nss-systemd.c
+++ b/src/nss-systemd/nss-systemd.c
@@ -136,7 +136,8 @@ enum nss_status _nss_systemd_getpwnam_r(
                         *errnop = 0;
                         return NSS_STATUS_SUCCESS;
                 }
-                if (streq(name, nobody_passwd.pw_name)) {
+                if (synthesize_nobody() &&
+                    streq(name, nobody_passwd.pw_name)) {
                         *pwd = nobody_passwd;
                         *errnop = 0;
                         return NSS_STATUS_SUCCESS;
@@ -244,7 +245,8 @@ enum nss_status _nss_systemd_getpwuid_r(
                         *errnop = 0;
                         return NSS_STATUS_SUCCESS;
                 }
-                if (uid == nobody_passwd.pw_uid) {
+                if (synthesize_nobody() &&
+                    uid == nobody_passwd.pw_uid) {
                         *pwd = nobody_passwd;
                         *errnop = 0;
                         return NSS_STATUS_SUCCESS;
@@ -351,7 +353,8 @@ enum nss_status _nss_systemd_getgrnam_r(
                         *errnop = 0;
                         return NSS_STATUS_SUCCESS;
                 }
-                if (streq(name, nobody_group.gr_name)) {
+                if (synthesize_nobody() &&
+                    streq(name, nobody_group.gr_name)) {
                         *gr = nobody_group;
                         *errnop = 0;
                         return NSS_STATUS_SUCCESS;
@@ -456,7 +459,8 @@ enum nss_status _nss_systemd_getgrgid_r(
                         *errnop = 0;
                         return NSS_STATUS_SUCCESS;
                 }
-                if (gid == nobody_group.gr_gid) {
+                if (synthesize_nobody() &&
+                    gid == nobody_group.gr_gid) {
                         *gr = nobody_group;
                         *errnop = 0;
                         return NSS_STATUS_SUCCESS;
-- 
cgit v1.2.1