nss: use secure_getenv for behaviour-modifying booleans (#6817)

Follow up for fe102d6ab15731a199a7ea9f38c4f68d8959f86c.
author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2017-09-14 09:20:27 +0200
committer: Lennart Poettering <lennart@poettering.net> 2017-09-14 09:20:27 +0200
commit: 71e0acccfdc32de01e72ea22ece2fb9f0cbce48c (patch)
tree: ba132eb58b78c65f84859a08bb5b3d7694235587 /src/nss-systemd
parent: nss-systemd,sysusers: make sure sysusers doesn't get confused by nss-systemd ... (diff)
download: systemd-71e0acccfdc32de01e72ea22ece2fb9f0cbce48c.tar.xz
systemd-71e0acccfdc32de01e72ea22ece2fb9f0cbce48c.zip
1 files changed, 12 insertions, 12 deletions
diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c
index 37745b3103..dcb32e1e2b 100644
--- a/src/nss-systemd/nss-systemd.c
+++ b/src/nss-systemd/nss-systemd.c
@@ -129,7 +129,7 @@ enum nss_status _nss_systemd_getpwnam_r(
                 goto not_found;
 
         /* Synthesize entries for the root and nobody users, in case they are missing in /etc/passwd */
-        if (getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
+        if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
                 if (streq(name, root_passwd.pw_name)) {
                         *pwd = root_passwd;
                         *errnop = 0;
@@ -143,10 +143,10 @@ enum nss_status _nss_systemd_getpwnam_r(
         }
 
         /* Make sure that we don't go in circles when allocating a dynamic UID by checking our own database */
-        if (getenv_bool("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
+        if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
                 goto not_found;
 
-        if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) {
+        if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0) {
 
                 /* Access the dynamic UID allocation directly if we are called from dbus-daemon, see above. */
                 r = direct_lookup_name(name, (uid_t*) &translated);
@@ -233,7 +233,7 @@ enum nss_status _nss_systemd_getpwuid_r(
                 goto not_found;
 
         /* Synthesize data for the root user and for nobody in case they are missing from /etc/passwd */
-        if (getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
+        if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
                 if (uid == root_passwd.pw_uid) {
                         *pwd = root_passwd;
                         *errnop = 0;
@@ -249,10 +249,10 @@ enum nss_status _nss_systemd_getpwuid_r(
         if (uid <= SYSTEM_UID_MAX)
                 goto not_found;
 
-        if (getenv_bool("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
+        if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
                 goto not_found;
 
-        if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) {
+        if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0) {
 
                 r = direct_lookup_uid(uid, &direct);
                 if (r == -ENOENT)
@@ -335,7 +335,7 @@ enum nss_status _nss_systemd_getgrnam_r(
                 goto not_found;
 
         /* Synthesize records for root and nobody, in case they are missing form /etc/group */
-        if (getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
+        if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
                 if (streq(name, root_group.gr_name)) {
                         *gr = root_group;
                         *errnop = 0;
@@ -348,10 +348,10 @@ enum nss_status _nss_systemd_getgrnam_r(
                 }
         }
 
-        if (getenv_bool("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
+        if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
                 goto not_found;
 
-        if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) {
+        if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0) {
 
                 /* Access the dynamic GID allocation directly if we are called from dbus-daemon, see above. */
                 r = direct_lookup_name(name, (uid_t*) &translated);
@@ -436,7 +436,7 @@ enum nss_status _nss_systemd_getgrgid_r(
                 goto not_found;
 
         /* Synthesize records for root and nobody, in case they are missing from /etc/group */
-        if (getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
+        if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
                 if (gid == root_group.gr_gid) {
                         *gr = root_group;
                         *errnop = 0;
@@ -452,10 +452,10 @@ enum nss_status _nss_systemd_getgrgid_r(
         if (gid <= SYSTEM_GID_MAX)
                 goto not_found;
 
-        if (getenv_bool("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
+        if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
                 goto not_found;
 
-        if (getenv_bool("SYSTEMD_NSS_BYPASS_BUS") > 0) {
+        if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0) {
 
                 r = direct_lookup_uid(gid, &direct);
                 if (r == -ENOENT)
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2017-09-14 09:20:27 +0200
committer	Lennart Poettering <lennart@poettering.net>	2017-09-14 09:20:27 +0200
commit	71e0acccfdc32de01e72ea22ece2fb9f0cbce48c (patch)
tree	ba132eb58b78c65f84859a08bb5b3d7694235587 /src/nss-systemd
parent	nss-systemd,sysusers: make sure sysusers doesn't get confused by nss-systemd ... (diff)
download	systemd-71e0acccfdc32de01e72ea22ece2fb9f0cbce48c.tar.xz systemd-71e0acccfdc32de01e72ea22ece2fb9f0cbce48c.zip