nss-systemd: tweak checks when we consult PID 1 for dynamic UID/GID lookups

Instead of contacting PID 1 for dynamic UID/GID lookups for all
UIDs/GIDs that do not qualify as "system" do the more precise check
instead: check if they actually qualify for the "dynamic" range.

1 files changed, 2 insertions, 3 deletions

diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c
index d1a369672e..1852cf41cb 100644
--- a/src/nss-systemd/nss-systemd.c
+++ b/src/nss-systemd/nss-systemd.c
@@ -251,7 +251,7 @@ enum nss_status _nss_systemd_getpwuid_r(
                 }
         }
 
-        if (uid_is_system(uid))
+        if (!uid_is_dynamic(uid))
                 goto not_found;
 
         if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
@@ -463,7 +463,7 @@ enum nss_status _nss_systemd_getgrgid_r(
                 }
         }
 
-        if (gid_is_system(gid))
+        if (!gid_is_dynamic(gid))
                 goto not_found;
 
         if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
@@ -500,7 +500,6 @@ enum nss_status _nss_systemd_getgrgid_r(
 
 direct_lookup:
         if (bypass > 0) {
-
                 r = direct_lookup_uid(gid, &direct);
                 if (r == -ENOENT)
                         goto not_found;