Compare commits
No commits in common. "1fb1f637baa979fd58fef67ea72b3e7255a99e21" and "e35435b0a11e6c61c8c43b0cf8dc65a563b4a670" have entirely different histories.
1fb1f637ba
...
e35435b0a1
|
|
@ -844,7 +844,6 @@ restore_stdio:
|
|||
|
||||
static int get_fixed_user(
|
||||
const char *user_or_uid,
|
||||
bool prefer_nss,
|
||||
const char **ret_username,
|
||||
uid_t *ret_uid,
|
||||
gid_t *ret_gid,
|
||||
|
|
@ -856,8 +855,7 @@ static int get_fixed_user(
|
|||
assert(user_or_uid);
|
||||
assert(ret_username);
|
||||
|
||||
r = get_user_creds(&user_or_uid, ret_uid, ret_gid, ret_home, ret_shell,
|
||||
USER_CREDS_CLEAN|(prefer_nss ? USER_CREDS_PREFER_NSS : 0));
|
||||
r = get_user_creds(&user_or_uid, ret_uid, ret_gid, ret_home, ret_shell, USER_CREDS_CLEAN);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
|
@ -1857,10 +1855,8 @@ static int build_environment(
|
|||
* could cause problem for e.g. getty, since login doesn't override $HOME, and $LOGNAME and $SHELL don't
|
||||
* really make much sense since we're not logged in. Hence we conditionalize the three based on
|
||||
* SetLoginEnvironment= switch. */
|
||||
if (!username && !c->dynamic_user && p->runtime_scope == RUNTIME_SCOPE_SYSTEM) {
|
||||
assert(!c->user);
|
||||
|
||||
r = get_fixed_user("root", /* prefer_nss = */ false, &username, NULL, NULL, &home, &shell);
|
||||
if (!c->user && !c->dynamic_user && p->runtime_scope == RUNTIME_SCOPE_SYSTEM) {
|
||||
r = get_fixed_user("root", &username, NULL, NULL, &home, &shell);
|
||||
if (r < 0)
|
||||
return log_exec_debug_errno(c,
|
||||
p,
|
||||
|
|
@ -4502,14 +4498,7 @@ int exec_invoke(
|
|||
u = NULL;
|
||||
|
||||
if (u) {
|
||||
/* We can't use nss unconditionally for root without risking deadlocks if some IPC services
|
||||
* will be started by pid1 and are ordered after us. But if SetLoginEnvironment= is
|
||||
* enabled *explicitly* (i.e. no exec_context_get_set_login_environment() here),
|
||||
* or PAM shall be invoked, let's consult NSS even for root, so that the user
|
||||
* gets accurate $SHELL in session(-like) contexts. */
|
||||
r = get_fixed_user(u,
|
||||
/* prefer_nss = */ context->set_login_environment > 0 || context->pam_name,
|
||||
&username, &uid, &gid, &home, &shell);
|
||||
r = get_fixed_user(u, &username, &uid, &gid, &home, &shell);
|
||||
if (r < 0) {
|
||||
*exit_status = EXIT_USER;
|
||||
return log_exec_error_errno(context, params, r, "Failed to determine user credentials: %m");
|
||||
|
|
|
|||
|
|
@ -177,8 +177,11 @@ static int socket_recv_message(int fd, void *buf, size_t buf_size, uint32_t *ret
|
|||
assert(peek || (buf && buf_size > 0));
|
||||
|
||||
n = recvmsg_safe(fd, &msg, peek ? (MSG_PEEK|MSG_TRUNC) : 0);
|
||||
if (ERRNO_IS_NEG_TRANSIENT(n))
|
||||
goto transient;
|
||||
if (ERRNO_IS_NEG_TRANSIENT(n)) {
|
||||
if (ret_mcast_group)
|
||||
*ret_mcast_group = 0;
|
||||
return 0;
|
||||
}
|
||||
if (n == -ENOBUFS)
|
||||
return log_debug_errno(n, "sd-netlink: kernel receive buffer overrun");
|
||||
if (n == -ECHRNG)
|
||||
|
|
@ -193,15 +196,15 @@ static int socket_recv_message(int fd, void *buf, size_t buf_size, uint32_t *ret
|
|||
log_debug("sd-netlink: ignoring message from PID %"PRIu32, sender.nl.nl_pid);
|
||||
|
||||
if (peek) {
|
||||
/* Drop the message. Note that we ignore ECHRNG/EXFULL errors here, which
|
||||
* recvmsg_safe() returns in case the payload or cdata is truncated. Here it's quite
|
||||
* likely it is truncated, because we pass a zero-sized buffer. */
|
||||
/* drop the message */
|
||||
n = recvmsg_safe(fd, &msg, 0);
|
||||
if (n < 0 && !IN_SET(n, -ECHRNG, -EXFULL))
|
||||
if (n < 0)
|
||||
return (int) n;
|
||||
}
|
||||
|
||||
goto transient;
|
||||
if (ret_mcast_group)
|
||||
*ret_mcast_group = 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (ret_mcast_group) {
|
||||
|
|
@ -215,12 +218,6 @@ static int socket_recv_message(int fd, void *buf, size_t buf_size, uint32_t *ret
|
|||
}
|
||||
|
||||
return (int) n;
|
||||
|
||||
transient:
|
||||
if (ret_mcast_group)
|
||||
*ret_mcast_group = 0;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
|
||||
|
|
|
|||
|
|
@ -962,25 +962,18 @@ static int parse_argv_sudo_mode(int argc, char *argv[]) {
|
|||
const char *e;
|
||||
|
||||
e = strv_env_get(arg_environment, "SHELL");
|
||||
if (e) {
|
||||
if (e)
|
||||
arg_exec_path = strdup(e);
|
||||
if (!arg_exec_path)
|
||||
return log_oom();
|
||||
} else {
|
||||
else {
|
||||
if (arg_transport == BUS_TRANSPORT_LOCAL) {
|
||||
r = get_shell(&arg_exec_path);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to determine shell: %m");
|
||||
} else {
|
||||
} else
|
||||
arg_exec_path = strdup("/bin/sh");
|
||||
}
|
||||
if (!arg_exec_path)
|
||||
return log_oom();
|
||||
}
|
||||
|
||||
r = strv_env_assign(&arg_environment, "SHELL", arg_exec_path);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to set $SHELL environment variable: %m");
|
||||
}
|
||||
|
||||
l = make_login_shell_cmdline(arg_exec_path);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -238,19 +238,13 @@ if [[ -e /usr/lib/pam.d/systemd-run0 ]] || [[ -e /etc/pam.d/systemd-run0 ]]; the
|
|||
run0 ls /
|
||||
assert_eq "$(run0 echo foo)" "foo"
|
||||
# Check if we set some expected environment variables
|
||||
for tu in "" "root" "0" "testuser"; do
|
||||
assert_eq "$(run0 ${tu:+"--user=$tu"} bash -c 'echo $SUDO_USER')" "$USER"
|
||||
assert_eq "$(run0 ${tu:+"--user=$tu"} bash -c 'echo $SUDO_UID')" "$(id -u "$USER")"
|
||||
assert_eq "$(run0 ${tu:+"--user=$tu"} bash -c 'echo $SUDO_GID')" "$(id -u "$USER")"
|
||||
for arg in "" "--user=root" "--user=0" "--user=testuser"; do
|
||||
assert_eq "$(run0 ${arg:+"$arg"} bash -c 'echo $SUDO_USER')" "$USER"
|
||||
assert_eq "$(run0 ${arg:+"$arg"} bash -c 'echo $SUDO_UID')" "$(id -u "$USER")"
|
||||
assert_eq "$(run0 ${arg:+"$arg"} bash -c 'echo $SUDO_GID')" "$(id -u "$USER")"
|
||||
|
||||
# Validate that we actually went properly through PAM (XDG_SESSION_TYPE is set by pam_systemd)
|
||||
assert_eq "$(run0 ${tu:+"--user=$tu"} bash -c 'echo $XDG_SESSION_TYPE')" "unspecified"
|
||||
|
||||
if [[ -n "$tu" ]]; then
|
||||
# Validate that $SHELL is set to login shell of target user when cmdline is supplied (not invoking shell)
|
||||
TARGET_LOGIN_SHELL="$(getent passwd "$tu" | cut -d: -f7)"
|
||||
assert_eq "$(run0 --user="$tu" printenv SHELL)" "$TARGET_LOGIN_SHELL"
|
||||
fi
|
||||
assert_eq "$(run0 ${arg:+"$arg"} bash -c 'echo $XDG_SESSION_TYPE')" "unspecified"
|
||||
done
|
||||
# Let's chain a couple of run0 calls together, for fun
|
||||
readarray -t cmdline < <(printf "%.0srun0\n" {0..31})
|
||||
|
|
|
|||
Loading…
Reference in New Issue