From fed1e721fd0c81e60c77120539f34e16c2585634 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 28 Nov 2014 20:51:01 +0100 Subject: [PATCH] treewide: introduce UID_INVALID (and friends) as macro for (uid_t) -1 --- src/bus-proxyd/bus-policy.c | 8 ++++---- src/bus-proxyd/bus-proxyd.c | 20 ++++++++++---------- src/core/execute.c | 6 +++--- src/core/socket.c | 4 ++-- src/core/timer.c | 4 ++-- src/libsystemd/sd-bus/bus-control.c | 22 +++++++++++----------- src/libsystemd/sd-bus/bus-kernel.c | 18 +++++++++--------- src/libsystemd/sd-bus/bus-message.c | 4 ++-- src/shared/cgroup-util.c | 6 +++--- src/shared/macro.h | 4 ++++ src/shared/mkdir.c | 4 ++-- src/shared/uid-range.c | 4 ++-- src/shared/util.c | 18 +++++++++--------- src/sysusers/sysusers.c | 2 +- src/test/test-cgroup-util.c | 2 +- src/test/test-conf-files.c | 2 +- src/test/test-uid-range.c | 2 +- src/tmpfiles/tmpfiles.c | 4 ++-- 18 files changed, 69 insertions(+), 65 deletions(-) diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c index 13322ea51..59cc1d788 100644 --- a/src/bus-proxyd/bus-policy.c +++ b/src/bus-proxyd/bus-policy.c @@ -668,13 +668,13 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi break; case POLICY_ITEM_USER: - if (filter->uid != (uid_t) -1) + if (filter->uid != UID_INVALID) if ((streq_ptr(i->name, "*") || (i->uid_valid && i->uid == filter->uid))) return is_permissive(i); break; case POLICY_ITEM_GROUP: - if (filter->gid != (gid_t) -1) + if (filter->gid != GID_INVALID) if ((streq_ptr(i->name, "*") || (i->gid_valid && i->gid == filter->gid))) return is_permissive(i); break; @@ -734,7 +734,7 @@ static int policy_check(Policy *p, const struct policy_check_filter *filter) { verdict = check_policy_items(p->default_items, filter); - if (filter->gid != (gid_t) -1) { + if (filter->gid != GID_INVALID) { items = hashmap_get(p->group_items, UINT32_TO_PTR(filter->gid)); if (items) { v = check_policy_items(items, filter); @@ -743,7 +743,7 @@ static int policy_check(Policy *p, const struct policy_check_filter *filter) { } } - if (filter->uid != (uid_t) -1) { + if (filter->uid != UID_INVALID) { items = hashmap_get(p->user_items, UINT32_TO_PTR(filter->uid)); if (items) { v = check_policy_items(items, filter); diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c index 6dfba1469..8fb204ca5 100644 --- a/src/bus-proxyd/bus-proxyd.c +++ b/src/bus-proxyd/bus-proxyd.c @@ -969,8 +969,8 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p return 0; if (from->is_kernel) { - uid_t sender_uid = (uid_t) -1; - gid_t sender_gid = (gid_t) -1; + uid_t sender_uid = UID_INVALID; + gid_t sender_gid = GID_INVALID; char **sender_names = NULL; bool granted = false; @@ -1026,8 +1026,8 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p if (to->is_kernel) { _cleanup_bus_creds_unref_ sd_bus_creds *destination_creds = NULL; - uid_t destination_uid = (uid_t) -1; - gid_t destination_gid = (gid_t) -1; + uid_t destination_uid = UID_INVALID; + gid_t destination_gid = GID_INVALID; const char *destination_unique = NULL; char **destination_names = NULL; bool granted = false; @@ -1331,13 +1331,13 @@ int main(int argc, char *argv[]) { a->fake_pids_valid = true; a->fake_creds.uid = ucred.uid; - a->fake_creds.euid = (uid_t) -1; - a->fake_creds.suid = (uid_t) -1; - a->fake_creds.fsuid = (uid_t) -1; + a->fake_creds.euid = UID_INVALID; + a->fake_creds.suid = UID_INVALID; + a->fake_creds.fsuid = UID_INVALID; a->fake_creds.gid = ucred.gid; - a->fake_creds.egid = (gid_t) -1; - a->fake_creds.sgid = (gid_t) -1; - a->fake_creds.fsgid = (gid_t) -1; + a->fake_creds.egid = GID_INVALID; + a->fake_creds.sgid = GID_INVALID; + a->fake_creds.fsgid = GID_INVALID; a->fake_creds_valid = true; } diff --git a/src/core/execute.c b/src/core/execute.c index c19f61364..ea745aa19 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -1241,8 +1241,8 @@ static int exec_child(ExecCommand *command, const char *username = NULL, *home = NULL, *shell = NULL; unsigned n_dont_close = 0; int dont_close[n_fds + 4]; - uid_t uid = (uid_t) -1; - gid_t gid = (gid_t) -1; + uid_t uid = UID_INVALID; + gid_t gid = GID_INVALID; int i, err; assert(command); @@ -1436,7 +1436,7 @@ static int exec_child(ExecCommand *command, #ifdef ENABLE_KDBUS if (params->bus_endpoint_fd >= 0 && context->bus_endpoint) { - uid_t ep_uid = (uid == (uid_t) -1) ? 0 : uid; + uid_t ep_uid = (uid == UID_INVALID) ? 0 : uid; err = bus_kernel_set_endpoint_policy(params->bus_endpoint_fd, ep_uid, context->bus_endpoint); if (err < 0) { diff --git a/src/core/socket.c b/src/core/socket.c index 828ed3107..8fa55e0b0 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -1456,8 +1456,8 @@ static int socket_chown(Socket *s, pid_t *_pid) { if (pid == 0) { SocketPort *p; - uid_t uid = (uid_t) -1; - gid_t gid = (gid_t) -1; + uid_t uid = UID_INVALID; + gid_t gid = GID_INVALID; int ret; default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1); diff --git a/src/core/timer.c b/src/core/timer.c index fa134b13a..70aeedd3c 100644 --- a/src/core/timer.c +++ b/src/core/timer.c @@ -505,7 +505,7 @@ static void timer_enter_running(Timer *t) { dual_timestamp_get(&t->last_trigger); if (t->stamp_path) - touch_file(t->stamp_path, true, t->last_trigger.realtime, (uid_t) -1, (gid_t) -1, 0); + touch_file(t->stamp_path, true, t->last_trigger.realtime, UID_INVALID, GID_INVALID, 0); timer_set_state(t, TIMER_RUNNING); return; @@ -543,7 +543,7 @@ static int timer_start(Unit *u) { /* The timer has never run before, * make sure a stamp file exists. */ - touch_file(t->stamp_path, true, (usec_t) -1, (uid_t) -1, (gid_t) -1, 0); + touch_file(t->stamp_path, true, (usec_t) -1, UID_INVALID, GID_INVALID, 0); } t->result = TIMER_SUCCESS; diff --git a/src/libsystemd/sd-bus/bus-control.c b/src/libsystemd/sd-bus/bus-control.c index 71fdbcf94..a9a0c1ec1 100644 --- a/src/libsystemd/sd-bus/bus-control.c +++ b/src/libsystemd/sd-bus/bus-control.c @@ -414,42 +414,42 @@ static int bus_populate_creds_from_items( case KDBUS_ITEM_CREDS: - if (mask & SD_BUS_CREDS_UID && (uid_t) item->creds.uid != (uid_t) -1) { + if (mask & SD_BUS_CREDS_UID && (uid_t) item->creds.uid != UID_INVALID) { c->uid = (uid_t) item->creds.uid; c->mask |= SD_BUS_CREDS_UID; } - if (mask & SD_BUS_CREDS_EUID && (uid_t) item->creds.euid != (uid_t) -1) { + if (mask & SD_BUS_CREDS_EUID && (uid_t) item->creds.euid != UID_INVALID) { c->euid = (uid_t) item->creds.euid; c->mask |= SD_BUS_CREDS_EUID; } - if (mask & SD_BUS_CREDS_SUID && (uid_t) item->creds.suid != (uid_t) -1) { + if (mask & SD_BUS_CREDS_SUID && (uid_t) item->creds.suid != UID_INVALID) { c->suid = (uid_t) item->creds.suid; c->mask |= SD_BUS_CREDS_SUID; } - if (mask & SD_BUS_CREDS_FSUID && (uid_t) item->creds.fsuid != (uid_t) -1) { + if (mask & SD_BUS_CREDS_FSUID && (uid_t) item->creds.fsuid != UID_INVALID) { c->fsuid = (uid_t) item->creds.fsuid; c->mask |= SD_BUS_CREDS_FSUID; } - if (mask & SD_BUS_CREDS_GID && (gid_t) item->creds.gid != (gid_t) -1) { + if (mask & SD_BUS_CREDS_GID && (gid_t) item->creds.gid != GID_INVALID) { c->gid = (gid_t) item->creds.gid; c->mask |= SD_BUS_CREDS_GID; } - if (mask & SD_BUS_CREDS_EGID && (gid_t) item->creds.egid != (gid_t) -1) { + if (mask & SD_BUS_CREDS_EGID && (gid_t) item->creds.egid != GID_INVALID) { c->egid = (gid_t) item->creds.egid; c->mask |= SD_BUS_CREDS_EGID; } - if (mask & SD_BUS_CREDS_SGID && (gid_t) item->creds.sgid != (gid_t) -1) { + if (mask & SD_BUS_CREDS_SGID && (gid_t) item->creds.sgid != GID_INVALID) { c->sgid = (gid_t) item->creds.sgid; c->mask |= SD_BUS_CREDS_SGID; } - if (mask & SD_BUS_CREDS_FSGID && (gid_t) item->creds.fsgid != (gid_t) -1) { + if (mask & SD_BUS_CREDS_FSGID && (gid_t) item->creds.fsgid != GID_INVALID) { c->fsgid = (gid_t) item->creds.fsgid; c->mask |= SD_BUS_CREDS_FSGID; } @@ -549,7 +549,7 @@ static int bus_populate_creds_from_items( c->mask |= SD_BUS_CREDS_AUDIT_SESSION_ID; } - if (mask & SD_BUS_CREDS_AUDIT_LOGIN_UID && (uid_t) item->audit.loginuid != (uid_t) -1) { + if (mask & SD_BUS_CREDS_AUDIT_LOGIN_UID && (uid_t) item->audit.loginuid != UID_INVALID) { c->audit_login_uid = (uid_t) item->audit.loginuid; c->mask |= SD_BUS_CREDS_AUDIT_LOGIN_UID; } @@ -946,12 +946,12 @@ static int bus_get_owner_creds_dbus1(sd_bus *bus, uint64_t mask, sd_bus_creds ** c->mask |= SD_BUS_CREDS_PID & mask; } - if (bus->ucred.uid != (uid_t) -1) { + if (bus->ucred.uid != UID_INVALID) { c->uid = bus->ucred.uid; c->mask |= SD_BUS_CREDS_UID & mask; } - if (bus->ucred.gid != (gid_t) -1) { + if (bus->ucred.gid != GID_INVALID) { c->gid = bus->ucred.gid; c->mask |= SD_BUS_CREDS_GID & mask; } diff --git a/src/libsystemd/sd-bus/bus-kernel.c b/src/libsystemd/sd-bus/bus-kernel.c index aaf44e3e7..d81e9d254 100644 --- a/src/libsystemd/sd-bus/bus-kernel.c +++ b/src/libsystemd/sd-bus/bus-kernel.c @@ -580,42 +580,42 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) { /* EUID/SUID/FSUID/EGID/SGID/FSGID might be missing too (see above). */ - if ((uid_t) d->creds.uid != (uid_t) -1) { + if ((uid_t) d->creds.uid != UID_INVALID) { m->creds.uid = (uid_t) d->creds.uid; m->creds.mask |= SD_BUS_CREDS_UID & bus->creds_mask; } - if ((uid_t) d->creds.euid != (uid_t) -1) { + if ((uid_t) d->creds.euid != UID_INVALID) { m->creds.euid = (uid_t) d->creds.euid; m->creds.mask |= SD_BUS_CREDS_EUID & bus->creds_mask; } - if ((uid_t) d->creds.suid != (uid_t) -1) { + if ((uid_t) d->creds.suid != UID_INVALID) { m->creds.suid = (uid_t) d->creds.suid; m->creds.mask |= SD_BUS_CREDS_SUID & bus->creds_mask; } - if ((uid_t) d->creds.fsuid != (uid_t) -1) { + if ((uid_t) d->creds.fsuid != UID_INVALID) { m->creds.fsuid = (uid_t) d->creds.fsuid; m->creds.mask |= SD_BUS_CREDS_FSUID & bus->creds_mask; } - if ((gid_t) d->creds.gid != (gid_t) -1) { + if ((gid_t) d->creds.gid != GID_INVALID) { m->creds.gid = (gid_t) d->creds.gid; m->creds.mask |= SD_BUS_CREDS_GID & bus->creds_mask; } - if ((gid_t) d->creds.egid != (gid_t) -1) { + if ((gid_t) d->creds.egid != GID_INVALID) { m->creds.egid = (gid_t) d->creds.egid; m->creds.mask |= SD_BUS_CREDS_EGID & bus->creds_mask; } - if ((gid_t) d->creds.sgid != (gid_t) -1) { + if ((gid_t) d->creds.sgid != GID_INVALID) { m->creds.sgid = (gid_t) d->creds.sgid; m->creds.mask |= SD_BUS_CREDS_SGID & bus->creds_mask; } - if ((gid_t) d->creds.fsgid != (gid_t) -1) { + if ((gid_t) d->creds.fsgid != GID_INVALID) { m->creds.fsgid = (gid_t) d->creds.fsgid; m->creds.mask |= SD_BUS_CREDS_FSGID & bus->creds_mask; } @@ -671,7 +671,7 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) { m->creds.mask |= SD_BUS_CREDS_AUDIT_SESSION_ID & bus->creds_mask; } - if ((uid_t) d->audit.loginuid != (uid_t) -1) { + if ((uid_t) d->audit.loginuid != UID_INVALID) { m->creds.audit_login_uid = (uid_t) d->audit.loginuid; m->creds.mask |= SD_BUS_CREDS_AUDIT_LOGIN_UID & bus->creds_mask; } diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c index 05015a415..2c85130d1 100644 --- a/src/libsystemd/sd-bus/bus-message.c +++ b/src/libsystemd/sd-bus/bus-message.c @@ -429,10 +429,10 @@ int bus_message_from_header( if (m->creds.pid > 0) m->creds.mask |= SD_BUS_CREDS_PID; - if (m->creds.uid != (uid_t) -1) + if (m->creds.uid != UID_INVALID) m->creds.mask |= SD_BUS_CREDS_UID; - if (m->creds.gid != (gid_t) -1) + if (m->creds.gid != GID_INVALID) m->creds.mask |= SD_BUS_CREDS_GID; } diff --git a/src/shared/cgroup-util.c b/src/shared/cgroup-util.c index da8e88522..bc5030ebb 100644 --- a/src/shared/cgroup-util.c +++ b/src/shared/cgroup-util.c @@ -682,7 +682,7 @@ int cg_set_group_access( assert(path); - if (mode != (mode_t) -1) + if (mode != MODE_INVALID) mode &= 0777; r = cg_get_path(controller, path, NULL, &fs); @@ -704,10 +704,10 @@ int cg_set_task_access( assert(path); - if (mode == (mode_t) -1 && uid == (uid_t) -1 && gid == (gid_t) -1) + if (mode == MODE_INVALID && uid == UID_INVALID && gid == GID_INVALID) return 0; - if (mode != (mode_t) -1) + if (mode != MODE_INVALID) mode &= 0666; r = cg_get_path(controller, path, "cgroup.procs", &fs); diff --git a/src/shared/macro.h b/src/shared/macro.h index 6d4712c30..9f5e4552b 100644 --- a/src/shared/macro.h +++ b/src/shared/macro.h @@ -423,4 +423,8 @@ do { \ #endif #endif +#define UID_INVALID ((uid_t) -1) +#define GID_INVALID ((gid_t) -1) +#define MODE_INVALID ((mode_t) -1) + #include "log.h" diff --git a/src/shared/mkdir.c b/src/shared/mkdir.c index ef3f494cc..beefd1052 100644 --- a/src/shared/mkdir.c +++ b/src/shared/mkdir.c @@ -44,8 +44,8 @@ int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, mkd if ((st.st_mode & 0007) > (mode & 0007) || (st.st_mode & 0070) > (mode & 0070) || (st.st_mode & 0700) > (mode & 0700) || - (uid != (uid_t) -1 && st.st_uid != uid) || - (gid != (gid_t) -1 && st.st_gid != gid) || + (uid != UID_INVALID && st.st_uid != uid) || + (gid != GID_INVALID && st.st_gid != gid) || !S_ISDIR(st.st_mode)) { errno = EEXIST; return -errno; diff --git a/src/shared/uid-range.c b/src/shared/uid-range.c index 74c3be4a1..4794ff45b 100644 --- a/src/shared/uid-range.c +++ b/src/shared/uid-range.c @@ -161,7 +161,7 @@ int uid_range_add_str(UidRange **p, unsigned *n, const char *s) { } int uid_range_next_lower(const UidRange *p, unsigned n, uid_t *uid) { - uid_t closest = (uid_t) -1, candidate; + uid_t closest = UID_INVALID, candidate; unsigned i; assert(p); @@ -184,7 +184,7 @@ int uid_range_next_lower(const UidRange *p, unsigned n, uid_t *uid) { closest = end; } - if (closest == (uid_t) -1) + if (closest == UID_INVALID) return -EBUSY; *uid = closest; diff --git a/src/shared/util.c b/src/shared/util.c index f8511ff4a..4c380b8b9 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -354,7 +354,7 @@ int parse_uid(const char *s, uid_t* ret_uid) { if ((unsigned long) uid != ul) return -ERANGE; - /* Some libc APIs use (uid_t) -1 as special placeholder */ + /* Some libc APIs use UID_INVALID as special placeholder */ if (uid == (uid_t) 0xFFFFFFFF) return -ENXIO; @@ -3167,11 +3167,11 @@ int chmod_and_chown(const char *path, mode_t mode, uid_t uid, gid_t gid) { * first change the access mode and only then hand out * ownership to avoid a window where access is too open. */ - if (mode != (mode_t) -1) + if (mode != MODE_INVALID) if (chmod(path, mode) < 0) return -errno; - if (uid != (uid_t) -1 || gid != (gid_t) -1) + if (uid != UID_INVALID || gid != GID_INVALID) if (chown(path, uid, gid) < 0) return -errno; @@ -3185,11 +3185,11 @@ int fchmod_and_fchown(int fd, mode_t mode, uid_t uid, gid_t gid) { * first change the access mode and only then hand out * ownership to avoid a window where access is too open. */ - if (mode != (mode_t) -1) + if (mode != MODE_INVALID) if (fchmod(fd, mode) < 0) return -errno; - if (uid != (uid_t) -1 || gid != (gid_t) -1) + if (uid != UID_INVALID || gid != GID_INVALID) if (fchown(fd, uid, gid) < 0) return -errno; @@ -3680,7 +3680,7 @@ int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gi return -errno; } - if (uid != (uid_t) -1 || gid != (gid_t) -1) { + if (uid != UID_INVALID || gid != GID_INVALID) { r = fchown(fd, uid, gid); if (r < 0) return -errno; @@ -3701,7 +3701,7 @@ int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gi } int touch(const char *path) { - return touch_file(path, false, USEC_INFINITY, (uid_t) -1, (gid_t) -1, 0); + return touch_file(path, false, USEC_INFINITY, UID_INVALID, GID_INVALID, 0); } char *unquote(const char *s, const char* quotes) { @@ -6547,9 +6547,9 @@ int getpeercred(int fd, struct ucred *ucred) { * to namespacing issues */ if (u.pid <= 0) return -ENODATA; - if (u.uid == (uid_t) -1) + if (u.uid == UID_INVALID) return -ENODATA; - if (u.gid == (gid_t) -1) + if (u.gid == GID_INVALID) return -ENODATA; *ucred = u; diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c index 685bbefd8..647eb577a 100644 --- a/src/sysusers/sysusers.c +++ b/src/sysusers/sysusers.c @@ -76,7 +76,7 @@ static Hashmap *members = NULL; static Hashmap *database_uid = NULL, *database_user = NULL; static Hashmap *database_gid = NULL, *database_group = NULL; -static uid_t search_uid = (uid_t) -1; +static uid_t search_uid = UID_INVALID; static UidRange *uid_range = NULL; static unsigned n_uid_range = 0; diff --git a/src/test/test-cgroup-util.c b/src/test/test-cgroup-util.c index 68c526ae8..58eb74427 100644 --- a/src/test/test-cgroup-util.c +++ b/src/test/test-cgroup-util.c @@ -141,7 +141,7 @@ static void test_proc(void) { FOREACH_DIRENT(de, d, break) { _cleanup_free_ char *path = NULL, *path_shifted = NULL, *session = NULL, *unit = NULL, *user_unit = NULL, *machine = NULL, *slice = NULL; pid_t pid; - uid_t uid = (uid_t) -1; + uid_t uid = UID_INVALID; if (de->d_type != DT_DIR && de->d_type != DT_UNKNOWN) diff --git a/src/test/test-conf-files.c b/src/test/test-conf-files.c index e801c5989..945ada59a 100644 --- a/src/test/test-conf-files.c +++ b/src/test/test-conf-files.c @@ -36,7 +36,7 @@ static void setup_test_dir(char *tmp_dir, const char *files, ...) { va_start(ap, files); while (files != NULL) { _cleanup_free_ char *path = strappend(tmp_dir, files); - assert_se(touch_file(path, true, (usec_t) -1, (uid_t) -1, (gid_t) -1, 0) == 0); + assert_se(touch_file(path, true, (usec_t) -1, UID_INVALID, GID_INVALID, 0) == 0); files = va_arg(ap, const char *); } va_end(ap); diff --git a/src/test/test-uid-range.c b/src/test/test-uid-range.c index 06b4d4342..bc5baa2fc 100644 --- a/src/test/test-uid-range.c +++ b/src/test/test-uid-range.c @@ -39,7 +39,7 @@ int main(int argc, char *argv[]) { assert_se(uid_range_contains(p, n, 999)); assert_se(!uid_range_contains(p, n, 1000)); - search = (uid_t) -1; + search = UID_INVALID; assert_se(uid_range_next_lower(p, n, &search)); assert_se(search == 999); assert_se(uid_range_next_lower(p, n, &search)); diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c index f19fa970c..d60c57793 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -477,8 +477,8 @@ static int item_set_perms(Item *i, const char *path) { if ((!st_valid || (i->uid != st.st_uid || i->gid != st.st_gid)) && (i->uid_set || i->gid_set)) if (chown(path, - i->uid_set ? i->uid : (uid_t) -1, - i->gid_set ? i->gid : (gid_t) -1) < 0) { + i->uid_set ? i->uid : UID_INVALID, + i->gid_set ? i->gid : GID_INVALID) < 0) { log_error_errno(errno, "chown(%s) failed: %m", path); return -errno; -- 2.30.2