diff options
author | Lennart Poettering <lennart@poettering.net> | 2011-07-23 01:17:59 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2011-07-23 01:17:59 +0200 |
commit | 4b67834e9f8a336dbc917f3bf212550e61cc98b4 (patch) | |
tree | 69babe73a6daf006645912f0c31fcdc1868d3167 /src/execute.c | |
parent | e6a6b406791a76ca979ff5e615fd4d9a986a14b8 (diff) |
util: make use of get_user_creds() and get_group_creds() wherever applicable
Diffstat (limited to 'src/execute.c')
-rw-r--r-- | src/execute.c | 42 |
1 files changed, 9 insertions, 33 deletions
diff --git a/src/execute.c b/src/execute.c index 40af7d65f1..7b2567976d 100644 --- a/src/execute.c +++ b/src/execute.c @@ -549,36 +549,6 @@ static int restore_confirm_stdio(const ExecContext *context, return 0; } -static int get_group_creds(const char *groupname, gid_t *gid) { - struct group *g; - gid_t id; - - assert(groupname); - assert(gid); - - /* We enforce some special rules for gid=0: in order to avoid - * NSS lookups for root we hardcode its data. */ - - if (streq(groupname, "root") || streq(groupname, "0")) { - *gid = 0; - return 0; - } - - if (parse_gid(groupname, &id) >= 0) { - errno = 0; - g = getgrgid(id); - } else { - errno = 0; - g = getgrnam(groupname); - } - - if (!g) - return errno != 0 ? -errno : -ESRCH; - - *gid = g->gr_gid; - return 0; -} - static int enforce_groups(const ExecContext *context, const char *username, gid_t gid) { bool keep_groups = false; int r; @@ -590,9 +560,12 @@ static int enforce_groups(const ExecContext *context, const char *username, gid_ if (context->group || username) { - if (context->group) - if ((r = get_group_creds(context->group, &gid)) < 0) + if (context->group) { + const char *g = context->group; + + if ((r = get_group_creds(&g, &gid)) < 0) return r; + } /* First step, initialize groups from /etc/groups */ if (username && gid != 0) { @@ -627,13 +600,16 @@ static int enforce_groups(const ExecContext *context, const char *username, gid_ k = 0; STRV_FOREACH(i, context->supplementary_groups) { + const char *g; if (k >= ngroups_max) { free(gids); return -E2BIG; } - if ((r = get_group_creds(*i, gids+k)) < 0) { + g = *i; + r = get_group_creds(&g, gids+k); + if (r < 0) { free(gids); return r; } |