diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-09-25 16:50:45 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-10-01 17:52:41 +0200 |
| commit | fc1a5d1a70aaaa5874ad589957f9e69ce75b3acd (patch) | |
| tree | 989cef2542f7a02d5e08e5330da5098a6b2fec76 /src/shared | |
| parent | Look at /etc/login.defs for the system_max_[ug]id values (diff) | |
| download | systemd-fc1a5d1a70aaaa5874ad589957f9e69ce75b3acd.tar.xz systemd-fc1a5d1a70aaaa5874ad589957f9e69ce75b3acd.zip | |
Also parse the minimum uid/gid values
We don't (and shouldn't I think) look at them when determining the type of the
user, but they should be used during user/group allocation. (For example, an
admin may specify SYS_UID_MIN==200 to allow statically numbered users that are
shared with other systems in the range 1–199.)
Diffstat (limited to 'src/shared')
| -rw-r--r-- | src/shared/user-record.c | 21 | ||||
| -rw-r--r-- | src/shared/user-record.h | 2 |
2 files changed, 22 insertions, 1 deletions
diff --git a/src/shared/user-record.c b/src/shared/user-record.c index f60db5da00..3ba78d455f 100644 --- a/src/shared/user-record.c +++ b/src/shared/user-record.c @@ -41,7 +41,9 @@ static int parse_alloc_uid(const char *path, const char *name, const char *t, ui static int read_login_defs(UGIDAllocationRange *ret_defs, const char *path) { _cleanup_fclose_ FILE *f = NULL; UGIDAllocationRange defs = { + .system_alloc_uid_min = SYSTEM_ALLOC_UID_MIN, .system_uid_max = SYSTEM_UID_MAX, + .system_alloc_gid_min = SYSTEM_ALLOC_GID_MIN, .system_gid_max = SYSTEM_GID_MAX, }; int r; @@ -65,13 +67,28 @@ static int read_login_defs(UGIDAllocationRange *ret_defs, const char *path) { if (r == 0) break; - if ((t = first_word(line, "SYS_UID_MAX"))) + if ((t = first_word(line, "SYS_UID_MIN"))) + (void) parse_alloc_uid(path, "SYS_UID_MIN", t, &defs.system_alloc_uid_min); + else if ((t = first_word(line, "SYS_UID_MAX"))) (void) parse_alloc_uid(path, "SYS_UID_MAX", t, &defs.system_uid_max); + else if ((t = first_word(line, "SYS_GID_MIN"))) + (void) parse_alloc_uid(path, "SYS_GID_MIN", t, &defs.system_alloc_gid_min); else if ((t = first_word(line, "SYS_GID_MAX"))) (void) parse_alloc_uid(path, "SYS_GID_MAX", t, &defs.system_gid_max); } assign: + if (defs.system_alloc_uid_min > defs.system_uid_max) { + log_debug("%s: SYS_UID_MIN > SYS_UID_MAX, resetting.", path); + defs.system_alloc_uid_min = MIN(defs.system_uid_max - 1, (uid_t) SYSTEM_ALLOC_UID_MIN); + /* Look at sys_uid_max to make sure sys_uid_min..sys_uid_max remains a valid range. */ + } + if (defs.system_alloc_gid_min > defs.system_gid_max) { + log_debug("%s: SYS_GID_MIN > SYS_GID_MAX, resetting.", path); + defs.system_alloc_gid_min = MIN(defs.system_gid_max - 1, (gid_t) SYSTEM_ALLOC_GID_MIN); + /* Look at sys_gid_max to make sure sys_gid_min..sys_gid_max remains a valid range. */ + } + *ret_defs = defs; return 0; } @@ -83,7 +100,9 @@ const UGIDAllocationRange *acquire_ugid_allocation_range(void) { #else static const UGIDAllocationRange defs = { #endif + .system_alloc_uid_min = SYSTEM_ALLOC_UID_MIN, .system_uid_max = SYSTEM_UID_MAX, + .system_alloc_gid_min = SYSTEM_ALLOC_GID_MIN, .system_gid_max = SYSTEM_GID_MAX, }; diff --git a/src/shared/user-record.h b/src/shared/user-record.h index 52348227a5..1f87eff6d5 100644 --- a/src/shared/user-record.h +++ b/src/shared/user-record.h @@ -37,7 +37,9 @@ static inline bool gid_is_container(gid_t gid) { } typedef struct UGIDAllocationRange { + uid_t system_alloc_uid_min; uid_t system_uid_max; + gid_t system_alloc_gid_min; gid_t system_gid_max; } UGIDAllocationRange; |