From fafff8f1ffdf24517921d7779c2a9eb89766df30 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 2 Aug 2018 18:36:47 +0200
Subject: user-util: rework get_user_creds()

Let's fold get_user_creds_clean() into get_user_creds(), and introduce a
flags argument for it to select "clean" behaviour. This flags parameter
also learns to other new flags:

- USER_CREDS_SYNTHESIZE_FALLBACK: in this mode the user records for
  root/nobody are only synthesized as fallback. Normally, the synthesized
  records take precedence over what is in the user database.  With this
  flag set this is reversed, and the user database takes precedence, and
  the synthesized records are only used if they are missing there. This
  flag should be set in cases where doing NSS is deemed safe, and where
  there's interest in knowing the correct shell, for example if the
  admin changed root's shell to zsh or suchlike.

- USER_CREDS_ALLOW_MISSING: if set, and a UID/GID is specified by
  numeric value, and there's no user/group record for it accept it
  anyway. This allows us to fix #9767

This then also ports all users to set the most appropriate flags.

Fixes: #9767

[zj: remove one isempty() call]
---
 src/tmpfiles/tmpfiles.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/tmpfiles')

diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index cfd9044c5b..c62d026852 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -2704,7 +2704,7 @@ static int parse_line(const char *fname, unsigned line, const char *buffer, bool
         if (!isempty(user) && !streq(user, "-")) {
                 const char *u = user;
 
-                r = get_user_creds(&u, &i.uid, NULL, NULL, NULL);
+                r = get_user_creds(&u, &i.uid, NULL, NULL, NULL, USER_CREDS_ALLOW_MISSING);
                 if (r < 0) {
                         *invalid_config = true;
                         return log_error_errno(r, "[%s:%u] Unknown user '%s'.", fname, line, user);
@@ -2716,7 +2716,7 @@ static int parse_line(const char *fname, unsigned line, const char *buffer, bool
         if (!isempty(group) && !streq(group, "-")) {
                 const char *g = group;
 
-                r = get_group_creds(&g, &i.gid);
+                r = get_group_creds(&g, &i.gid, USER_CREDS_ALLOW_MISSING);
                 if (r < 0) {
                         *invalid_config = true;
                         log_error("[%s:%u] Unknown group '%s'.", fname, line, group);
-- 
cgit v1.2.1