nss: when we encounter an invalid user/group name or UID/GID, don't return EINVAL

It's not our business to validate invalid user/group names or UID/GID. Ideally, libc would filter these out, but they don't, hence we have to filter, but let's not propagate this as error, but simply as "not found" to the caller. User name rules are pretty vaguely defined, and the rules defined by POSIX clash with reality quite heavily (for example, utmp doesn't offer enough room for user name length, and /usr/bin/chown permits separating user/group names by a single dot, even though POSIX allows dots being used in user/group names themselves.) We enforce stricter rules than POSIX for good reason, and hence in doing so we should not categorically return EINVAL on stuff we don't consider valid, but other components might. Fixes: #4983
author: Lennart Poettering <lennart@poettering.net> 2016-12-27 17:59:38 +0100
committer: Lennart Poettering <lennart@poettering.net> 2016-12-27 18:09:58 +0100
commit: d6c575e303520ffdcee1590a4181410024d5f917 (patch)
tree: ca71c10b26f8d59c0a4b6c3b0e1c1c4d04e2882c /src/nss-systemd
parent: 1429dfe5f8d0e4d2dcc73d1702510697880a46de (diff)
1 files changed, 10 insertions, 16 deletions
diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c
index c80972742b..fd5064c937 100644
--- a/src/nss-systemd/nss-systemd.c
+++ b/src/nss-systemd/nss-systemd.c
@@ -123,10 +123,10 @@ enum nss_status _nss_systemd_getpwnam_r(
         assert(name);
         assert(pwd);
 
-        if (!valid_user_group_name(name)) {
-                r = -EINVAL;
-                goto fail;
-        }
+        /* If the username is not valid, then we don't know it. Ideally libc would filter these for us anyway. We don't
+         * generate EINVAL here, because it isn't really out business to complain about invalid user names. */
+        if (!valid_user_group_name(name))
+                goto not_found;
 
         /* Synthesize entries for the root and nobody users, in case they are missing in /etc/passwd */
         if (streq(name, root_passwd.pw_name)) {
@@ -227,10 +227,8 @@ enum nss_status _nss_systemd_getpwuid_r(
 
         BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
 
-        if (!uid_is_valid(uid)) {
-                r = -EINVAL;
-                goto fail;
-        }
+        if (!uid_is_valid(uid))
+                goto not_found;
 
         /* Synthesize data for the root user and for nobody in case they are missing from /etc/passwd */
         if (uid == root_passwd.pw_uid) {
@@ -329,10 +327,8 @@ enum nss_status _nss_systemd_getgrnam_r(
         assert(name);
         assert(gr);
 
-        if (!valid_user_group_name(name)) {
-                r = -EINVAL;
-                goto fail;
-        }
+        if (!valid_user_group_name(name))
+                goto not_found;
 
         /* Synthesize records for root and nobody, in case they are missing form /etc/group */
         if (streq(name, root_group.gr_name)) {
@@ -430,10 +426,8 @@ enum nss_status _nss_systemd_getgrgid_r(
 
         BLOCK_SIGNALS(NSS_SIGNALS_BLOCK);
 
-        if (!gid_is_valid(gid)) {
-                r = -EINVAL;
-                goto fail;
-        }
+        if (!gid_is_valid(gid))
+                goto not_found;
 
         /* Synthesize records for root and nobody, in case they are missing from /etc/group */
         if (gid == root_group.gr_gid) {
author	Lennart Poettering <lennart@poettering.net>	2016-12-27 17:59:38 +0100
committer	Lennart Poettering <lennart@poettering.net>	2016-12-27 18:09:58 +0100
commit	d6c575e303520ffdcee1590a4181410024d5f917 (patch)
tree	ca71c10b26f8d59c0a4b6c3b0e1c1c4d04e2882c /src/nss-systemd
parent	1429dfe5f8d0e4d2dcc73d1702510697880a46de (diff)