break;
case POLICY_ITEM_USER:
- if (filter->uid != (uid_t) -1)
+ if (filter->uid != UID_INVALID)
if ((streq_ptr(i->name, "*") || (i->uid_valid && i->uid == filter->uid)))
return is_permissive(i);
break;
case POLICY_ITEM_GROUP:
- if (filter->gid != (gid_t) -1)
+ if (filter->gid != GID_INVALID)
if ((streq_ptr(i->name, "*") || (i->gid_valid && i->gid == filter->gid)))
return is_permissive(i);
break;
verdict = check_policy_items(p->default_items, filter);
- if (filter->gid != (gid_t) -1) {
+ if (filter->gid != GID_INVALID) {
items = hashmap_get(p->group_items, UINT32_TO_PTR(filter->gid));
if (items) {
v = check_policy_items(items, filter);
}
}
- if (filter->uid != (uid_t) -1) {
+ if (filter->uid != UID_INVALID) {
items = hashmap_get(p->user_items, UINT32_TO_PTR(filter->uid));
if (items) {
v = check_policy_items(items, filter);
return 0;
if (from->is_kernel) {
- uid_t sender_uid = (uid_t) -1;
- gid_t sender_gid = (gid_t) -1;
+ uid_t sender_uid = UID_INVALID;
+ gid_t sender_gid = GID_INVALID;
char **sender_names = NULL;
bool granted = false;
if (to->is_kernel) {
_cleanup_bus_creds_unref_ sd_bus_creds *destination_creds = NULL;
- uid_t destination_uid = (uid_t) -1;
- gid_t destination_gid = (gid_t) -1;
+ uid_t destination_uid = UID_INVALID;
+ gid_t destination_gid = GID_INVALID;
const char *destination_unique = NULL;
char **destination_names = NULL;
bool granted = false;
a->fake_pids_valid = true;
a->fake_creds.uid = ucred.uid;
- a->fake_creds.euid = (uid_t) -1;
- a->fake_creds.suid = (uid_t) -1;
- a->fake_creds.fsuid = (uid_t) -1;
+ a->fake_creds.euid = UID_INVALID;
+ a->fake_creds.suid = UID_INVALID;
+ a->fake_creds.fsuid = UID_INVALID;
a->fake_creds.gid = ucred.gid;
- a->fake_creds.egid = (gid_t) -1;
- a->fake_creds.sgid = (gid_t) -1;
- a->fake_creds.fsgid = (gid_t) -1;
+ a->fake_creds.egid = GID_INVALID;
+ a->fake_creds.sgid = GID_INVALID;
+ a->fake_creds.fsgid = GID_INVALID;
a->fake_creds_valid = true;
}
const char *username = NULL, *home = NULL, *shell = NULL;
unsigned n_dont_close = 0;
int dont_close[n_fds + 4];
- uid_t uid = (uid_t) -1;
- gid_t gid = (gid_t) -1;
+ uid_t uid = UID_INVALID;
+ gid_t gid = GID_INVALID;
int i, err;
assert(command);
#ifdef ENABLE_KDBUS
if (params->bus_endpoint_fd >= 0 && context->bus_endpoint) {
- uid_t ep_uid = (uid == (uid_t) -1) ? 0 : uid;
+ uid_t ep_uid = (uid == UID_INVALID) ? 0 : uid;
err = bus_kernel_set_endpoint_policy(params->bus_endpoint_fd, ep_uid, context->bus_endpoint);
if (err < 0) {
if (pid == 0) {
SocketPort *p;
- uid_t uid = (uid_t) -1;
- gid_t gid = (gid_t) -1;
+ uid_t uid = UID_INVALID;
+ gid_t gid = GID_INVALID;
int ret;
default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
dual_timestamp_get(&t->last_trigger);
if (t->stamp_path)
- touch_file(t->stamp_path, true, t->last_trigger.realtime, (uid_t) -1, (gid_t) -1, 0);
+ touch_file(t->stamp_path, true, t->last_trigger.realtime, UID_INVALID, GID_INVALID, 0);
timer_set_state(t, TIMER_RUNNING);
return;
/* The timer has never run before,
* make sure a stamp file exists.
*/
- touch_file(t->stamp_path, true, (usec_t) -1, (uid_t) -1, (gid_t) -1, 0);
+ touch_file(t->stamp_path, true, (usec_t) -1, UID_INVALID, GID_INVALID, 0);
}
t->result = TIMER_SUCCESS;
case KDBUS_ITEM_CREDS:
- if (mask & SD_BUS_CREDS_UID && (uid_t) item->creds.uid != (uid_t) -1) {
+ if (mask & SD_BUS_CREDS_UID && (uid_t) item->creds.uid != UID_INVALID) {
c->uid = (uid_t) item->creds.uid;
c->mask |= SD_BUS_CREDS_UID;
}
- if (mask & SD_BUS_CREDS_EUID && (uid_t) item->creds.euid != (uid_t) -1) {
+ if (mask & SD_BUS_CREDS_EUID && (uid_t) item->creds.euid != UID_INVALID) {
c->euid = (uid_t) item->creds.euid;
c->mask |= SD_BUS_CREDS_EUID;
}
- if (mask & SD_BUS_CREDS_SUID && (uid_t) item->creds.suid != (uid_t) -1) {
+ if (mask & SD_BUS_CREDS_SUID && (uid_t) item->creds.suid != UID_INVALID) {
c->suid = (uid_t) item->creds.suid;
c->mask |= SD_BUS_CREDS_SUID;
}
- if (mask & SD_BUS_CREDS_FSUID && (uid_t) item->creds.fsuid != (uid_t) -1) {
+ if (mask & SD_BUS_CREDS_FSUID && (uid_t) item->creds.fsuid != UID_INVALID) {
c->fsuid = (uid_t) item->creds.fsuid;
c->mask |= SD_BUS_CREDS_FSUID;
}
- if (mask & SD_BUS_CREDS_GID && (gid_t) item->creds.gid != (gid_t) -1) {
+ if (mask & SD_BUS_CREDS_GID && (gid_t) item->creds.gid != GID_INVALID) {
c->gid = (gid_t) item->creds.gid;
c->mask |= SD_BUS_CREDS_GID;
}
- if (mask & SD_BUS_CREDS_EGID && (gid_t) item->creds.egid != (gid_t) -1) {
+ if (mask & SD_BUS_CREDS_EGID && (gid_t) item->creds.egid != GID_INVALID) {
c->egid = (gid_t) item->creds.egid;
c->mask |= SD_BUS_CREDS_EGID;
}
- if (mask & SD_BUS_CREDS_SGID && (gid_t) item->creds.sgid != (gid_t) -1) {
+ if (mask & SD_BUS_CREDS_SGID && (gid_t) item->creds.sgid != GID_INVALID) {
c->sgid = (gid_t) item->creds.sgid;
c->mask |= SD_BUS_CREDS_SGID;
}
- if (mask & SD_BUS_CREDS_FSGID && (gid_t) item->creds.fsgid != (gid_t) -1) {
+ if (mask & SD_BUS_CREDS_FSGID && (gid_t) item->creds.fsgid != GID_INVALID) {
c->fsgid = (gid_t) item->creds.fsgid;
c->mask |= SD_BUS_CREDS_FSGID;
}
c->mask |= SD_BUS_CREDS_AUDIT_SESSION_ID;
}
- if (mask & SD_BUS_CREDS_AUDIT_LOGIN_UID && (uid_t) item->audit.loginuid != (uid_t) -1) {
+ if (mask & SD_BUS_CREDS_AUDIT_LOGIN_UID && (uid_t) item->audit.loginuid != UID_INVALID) {
c->audit_login_uid = (uid_t) item->audit.loginuid;
c->mask |= SD_BUS_CREDS_AUDIT_LOGIN_UID;
}
c->mask |= SD_BUS_CREDS_PID & mask;
}
- if (bus->ucred.uid != (uid_t) -1) {
+ if (bus->ucred.uid != UID_INVALID) {
c->uid = bus->ucred.uid;
c->mask |= SD_BUS_CREDS_UID & mask;
}
- if (bus->ucred.gid != (gid_t) -1) {
+ if (bus->ucred.gid != GID_INVALID) {
c->gid = bus->ucred.gid;
c->mask |= SD_BUS_CREDS_GID & mask;
}
/* EUID/SUID/FSUID/EGID/SGID/FSGID might be missing too (see above). */
- if ((uid_t) d->creds.uid != (uid_t) -1) {
+ if ((uid_t) d->creds.uid != UID_INVALID) {
m->creds.uid = (uid_t) d->creds.uid;
m->creds.mask |= SD_BUS_CREDS_UID & bus->creds_mask;
}
- if ((uid_t) d->creds.euid != (uid_t) -1) {
+ if ((uid_t) d->creds.euid != UID_INVALID) {
m->creds.euid = (uid_t) d->creds.euid;
m->creds.mask |= SD_BUS_CREDS_EUID & bus->creds_mask;
}
- if ((uid_t) d->creds.suid != (uid_t) -1) {
+ if ((uid_t) d->creds.suid != UID_INVALID) {
m->creds.suid = (uid_t) d->creds.suid;
m->creds.mask |= SD_BUS_CREDS_SUID & bus->creds_mask;
}
- if ((uid_t) d->creds.fsuid != (uid_t) -1) {
+ if ((uid_t) d->creds.fsuid != UID_INVALID) {
m->creds.fsuid = (uid_t) d->creds.fsuid;
m->creds.mask |= SD_BUS_CREDS_FSUID & bus->creds_mask;
}
- if ((gid_t) d->creds.gid != (gid_t) -1) {
+ if ((gid_t) d->creds.gid != GID_INVALID) {
m->creds.gid = (gid_t) d->creds.gid;
m->creds.mask |= SD_BUS_CREDS_GID & bus->creds_mask;
}
- if ((gid_t) d->creds.egid != (gid_t) -1) {
+ if ((gid_t) d->creds.egid != GID_INVALID) {
m->creds.egid = (gid_t) d->creds.egid;
m->creds.mask |= SD_BUS_CREDS_EGID & bus->creds_mask;
}
- if ((gid_t) d->creds.sgid != (gid_t) -1) {
+ if ((gid_t) d->creds.sgid != GID_INVALID) {
m->creds.sgid = (gid_t) d->creds.sgid;
m->creds.mask |= SD_BUS_CREDS_SGID & bus->creds_mask;
}
- if ((gid_t) d->creds.fsgid != (gid_t) -1) {
+ if ((gid_t) d->creds.fsgid != GID_INVALID) {
m->creds.fsgid = (gid_t) d->creds.fsgid;
m->creds.mask |= SD_BUS_CREDS_FSGID & bus->creds_mask;
}
m->creds.mask |= SD_BUS_CREDS_AUDIT_SESSION_ID & bus->creds_mask;
}
- if ((uid_t) d->audit.loginuid != (uid_t) -1) {
+ if ((uid_t) d->audit.loginuid != UID_INVALID) {
m->creds.audit_login_uid = (uid_t) d->audit.loginuid;
m->creds.mask |= SD_BUS_CREDS_AUDIT_LOGIN_UID & bus->creds_mask;
}
if (m->creds.pid > 0)
m->creds.mask |= SD_BUS_CREDS_PID;
- if (m->creds.uid != (uid_t) -1)
+ if (m->creds.uid != UID_INVALID)
m->creds.mask |= SD_BUS_CREDS_UID;
- if (m->creds.gid != (gid_t) -1)
+ if (m->creds.gid != GID_INVALID)
m->creds.mask |= SD_BUS_CREDS_GID;
}
assert(path);
- if (mode != (mode_t) -1)
+ if (mode != MODE_INVALID)
mode &= 0777;
r = cg_get_path(controller, path, NULL, &fs);
assert(path);
- if (mode == (mode_t) -1 && uid == (uid_t) -1 && gid == (gid_t) -1)
+ if (mode == MODE_INVALID && uid == UID_INVALID && gid == GID_INVALID)
return 0;
- if (mode != (mode_t) -1)
+ if (mode != MODE_INVALID)
mode &= 0666;
r = cg_get_path(controller, path, "cgroup.procs", &fs);
#endif
#endif
+#define UID_INVALID ((uid_t) -1)
+#define GID_INVALID ((gid_t) -1)
+#define MODE_INVALID ((mode_t) -1)
+
#include "log.h"
if ((st.st_mode & 0007) > (mode & 0007) ||
(st.st_mode & 0070) > (mode & 0070) ||
(st.st_mode & 0700) > (mode & 0700) ||
- (uid != (uid_t) -1 && st.st_uid != uid) ||
- (gid != (gid_t) -1 && st.st_gid != gid) ||
+ (uid != UID_INVALID && st.st_uid != uid) ||
+ (gid != GID_INVALID && st.st_gid != gid) ||
!S_ISDIR(st.st_mode)) {
errno = EEXIST;
return -errno;
}
int uid_range_next_lower(const UidRange *p, unsigned n, uid_t *uid) {
- uid_t closest = (uid_t) -1, candidate;
+ uid_t closest = UID_INVALID, candidate;
unsigned i;
assert(p);
closest = end;
}
- if (closest == (uid_t) -1)
+ if (closest == UID_INVALID)
return -EBUSY;
*uid = closest;
if ((unsigned long) uid != ul)
return -ERANGE;
- /* Some libc APIs use (uid_t) -1 as special placeholder */
+ /* Some libc APIs use UID_INVALID as special placeholder */
if (uid == (uid_t) 0xFFFFFFFF)
return -ENXIO;
* first change the access mode and only then hand out
* ownership to avoid a window where access is too open. */
- if (mode != (mode_t) -1)
+ if (mode != MODE_INVALID)
if (chmod(path, mode) < 0)
return -errno;
- if (uid != (uid_t) -1 || gid != (gid_t) -1)
+ if (uid != UID_INVALID || gid != GID_INVALID)
if (chown(path, uid, gid) < 0)
return -errno;
* first change the access mode and only then hand out
* ownership to avoid a window where access is too open. */
- if (mode != (mode_t) -1)
+ if (mode != MODE_INVALID)
if (fchmod(fd, mode) < 0)
return -errno;
- if (uid != (uid_t) -1 || gid != (gid_t) -1)
+ if (uid != UID_INVALID || gid != GID_INVALID)
if (fchown(fd, uid, gid) < 0)
return -errno;
return -errno;
}
- if (uid != (uid_t) -1 || gid != (gid_t) -1) {
+ if (uid != UID_INVALID || gid != GID_INVALID) {
r = fchown(fd, uid, gid);
if (r < 0)
return -errno;
}
int touch(const char *path) {
- return touch_file(path, false, USEC_INFINITY, (uid_t) -1, (gid_t) -1, 0);
+ return touch_file(path, false, USEC_INFINITY, UID_INVALID, GID_INVALID, 0);
}
char *unquote(const char *s, const char* quotes) {
* to namespacing issues */
if (u.pid <= 0)
return -ENODATA;
- if (u.uid == (uid_t) -1)
+ if (u.uid == UID_INVALID)
return -ENODATA;
- if (u.gid == (gid_t) -1)
+ if (u.gid == GID_INVALID)
return -ENODATA;
*ucred = u;
static Hashmap *database_uid = NULL, *database_user = NULL;
static Hashmap *database_gid = NULL, *database_group = NULL;
-static uid_t search_uid = (uid_t) -1;
+static uid_t search_uid = UID_INVALID;
static UidRange *uid_range = NULL;
static unsigned n_uid_range = 0;
FOREACH_DIRENT(de, d, break) {
_cleanup_free_ char *path = NULL, *path_shifted = NULL, *session = NULL, *unit = NULL, *user_unit = NULL, *machine = NULL, *slice = NULL;
pid_t pid;
- uid_t uid = (uid_t) -1;
+ uid_t uid = UID_INVALID;
if (de->d_type != DT_DIR &&
de->d_type != DT_UNKNOWN)
va_start(ap, files);
while (files != NULL) {
_cleanup_free_ char *path = strappend(tmp_dir, files);
- assert_se(touch_file(path, true, (usec_t) -1, (uid_t) -1, (gid_t) -1, 0) == 0);
+ assert_se(touch_file(path, true, (usec_t) -1, UID_INVALID, GID_INVALID, 0) == 0);
files = va_arg(ap, const char *);
}
va_end(ap);
assert_se(uid_range_contains(p, n, 999));
assert_se(!uid_range_contains(p, n, 1000));
- search = (uid_t) -1;
+ search = UID_INVALID;
assert_se(uid_range_next_lower(p, n, &search));
assert_se(search == 999);
assert_se(uid_range_next_lower(p, n, &search));
if ((!st_valid || (i->uid != st.st_uid || i->gid != st.st_gid)) &&
(i->uid_set || i->gid_set))
if (chown(path,
- i->uid_set ? i->uid : (uid_t) -1,
- i->gid_set ? i->gid : (gid_t) -1) < 0) {
+ i->uid_set ? i->uid : UID_INVALID,
+ i->gid_set ? i->gid : GID_INVALID) < 0) {
log_error_errno(errno, "chown(%s) failed: %m", path);
return -errno;