user-util: honour PREFER_NSS flag in get_group_creds() the same way as we already do in get_user_creds()

let's onour the PREFER_NSS flag also in get_group_creds() the same way we honour it in get_user_creds(). Simply to remove surprises.
author: Lennart Poettering <lennart@poettering.net> 2024-01-16 14:56:25 +0100
committer: Lennart Poettering <lennart@poettering.net> 2024-01-16 14:56:25 +0100
commit: e9c974fd4295fd9b9f98698a14523875bd935dfa (patch)
tree: 862455c2a214abbf054dcdcbdd7f034afafca715 /src/basic/user-util.c
parent: user-util: modernize get_user_creds() + get_group_creds() (diff)
download: systemd-e9c974fd4295fd9b9f98698a14523875bd935dfa.tar.xz
systemd-e9c974fd4295fd9b9f98698a14523875bd935dfa.zip
1 files changed, 32 insertions, 7 deletions
diff --git a/src/basic/user-util.c b/src/basic/user-util.c
index 388a0dedb0..a0a47aee4f 100644
--- a/src/basic/user-util.c
+++ b/src/basic/user-util.c
@@ -338,15 +338,13 @@ int get_user_creds(
         return 0;
 }
 
-int get_group_creds(const char **groupname, gid_t *ret_gid, UserCredsFlags flags) {
-        bool patch_groupname = false;
-        struct group *g;
-        gid_t id;
+static int synthesize_group_creds(
+                const char **groupname,
+                gid_t *ret_gid) {
 
         assert(groupname);
         assert(*groupname);
 
-        /* We enforce some special rules for gid=0: in order to avoid NSS lookups for root we hardcode its data. */
         if (STR_IN_SET(*groupname, "root", "0")) {
                 *groupname = "root";
 
@@ -366,6 +364,26 @@ int get_group_creds(const char **groupname, gid_t *ret_gid, UserCredsFlags flags
                 return 0;
         }
 
+        return -ENOMEDIUM;
+}
+
+int get_group_creds(const char **groupname, gid_t *ret_gid, UserCredsFlags flags) {
+        bool patch_groupname = false;
+        struct group *g;
+        gid_t id;
+        int r;
+
+        assert(groupname);
+        assert(*groupname);
+
+        if (!FLAGS_SET(flags, USER_CREDS_PREFER_NSS)) {
+                r = synthesize_group_creds(groupname, ret_gid);
+                if (r >= 0)
+                        return 0;
+                if (r != -ENOMEDIUM) /* not a groupname we can synthesize */
+                        return r;
+        }
+
         if (parse_gid(*groupname, &id) >= 0) {
                 errno = 0;
                 g = getgrgid(id);
@@ -383,10 +401,17 @@ int get_group_creds(const char **groupname, gid_t *ret_gid, UserCredsFlags flags
                 g = getgrnam(*groupname);
         }
 
-        if (!g)
+        if (!g) {
                 /* getgrnam() may fail with ENOENT if /etc/group is missing.
                  * For us that is equivalent to the name not being defined. */
-                return IN_SET(errno, 0, ENOENT) ? -ESRCH : -errno;
+                r = IN_SET(errno, 0, ENOENT) ? -ESRCH : -errno;
+
+                if (FLAGS_SET(flags, USER_CREDS_PREFER_NSS))
+                        if (synthesize_group_creds(groupname, ret_gid) >= 0)
+                                return 0;
+
+                return r;
+        }
 
         if (ret_gid) {
                 if (!gid_is_valid(g->gr_gid))
author	Lennart Poettering <lennart@poettering.net>	2024-01-16 14:56:25 +0100
committer	Lennart Poettering <lennart@poettering.net>	2024-01-16 14:56:25 +0100
commit	e9c974fd4295fd9b9f98698a14523875bd935dfa (patch)
tree	862455c2a214abbf054dcdcbdd7f034afafca715 /src/basic/user-util.c
parent	user-util: modernize get_user_creds() + get_group_creds() (diff)
download	systemd-e9c974fd4295fd9b9f98698a14523875bd935dfa.tar.xz systemd-e9c974fd4295fd9b9f98698a14523875bd935dfa.zip