Bug Summary

File:build-scan/../src/nss-mymachines/nss-mymachines.c
Warning:line 150, column 17
Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-unknown-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name nss-mymachines.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -relaxed-aliasing -menable-no-infs -menable-no-nans -menable-unsafe-fp-math -fno-signed-zeros -mreassociate -freciprocal-math -fdenormal-fp-math=preserve-sign,preserve-sign -ffp-contract=fast -fno-rounding-math -ffast-math -ffinite-math-only -mconstructor-aliases -munwind-tables -target-cpu x86-64 -tune-cpu generic -fno-split-dwarf-inlining -debugger-tuning=gdb -resource-dir /usr/lib64/clang/12.0.0 -include config.h -I libnss_mymachines.so.2.p -I . -I .. -I src/basic -I ../src/basic -I src/shared -I ../src/shared -I src/systemd -I ../src/systemd -I src/journal -I ../src/journal -I src/journal-remote -I ../src/journal-remote -I src/nspawn -I ../src/nspawn -I src/resolve -I ../src/resolve -I src/timesync -I ../src/timesync -I ../src/time-wait-sync -I src/login -I ../src/login -I src/udev -I ../src/udev -I src/libudev -I ../src/libudev -I src/core -I ../src/core -I ../src/libsystemd/sd-bus -I ../src/libsystemd/sd-device -I ../src/libsystemd/sd-hwdb -I ../src/libsystemd/sd-id128 -I ../src/libsystemd/sd-netlink -I ../src/libsystemd/sd-network -I src/libsystemd-network -I ../src/libsystemd-network -D _FILE_OFFSET_BITS=64 -internal-isystem /usr/local/include -internal-isystem /usr/lib64/clang/12.0.0/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -Wwrite-strings -Wno-unused-parameter -Wno-missing-field-initializers -Wno-unused-result -Wno-format-signedness -Wno-error=nonnull -std=gnu99 -fconst-strings -fdebug-compilation-dir /home/mrc0mmand/repos/@redhat-plumbers/systemd-rhel8/build-scan -ferror-limit 19 -fvisibility hidden -stack-protector 2 -fgnuc-version=4.2.1 -fcolor-diagnostics -analyzer-output=html -faddrsig -o /tmp/scan-build-2021-07-16-221226-1465241-1 -x c ../src/nss-mymachines/nss-mymachines.c
1/* SPDX-License-Identifier: LGPL-2.1+ */
2
3#include <netdb.h>
4#include <nss.h>
5
6#include "sd-bus.h"
7#include "sd-login.h"
8
9#include "alloc-util.h"
10#include "bus-common-errors.h"
11#include "env-util.h"
12#include "hostname-util.h"
13#include "in-addr-util.h"
14#include "macro.h"
15#include "nss-util.h"
16#include "signal-util.h"
17#include "string-util.h"
18#include "user-util.h"
19#include "util.h"
20
21NSS_GETHOSTBYNAME_PROTOTYPES(mymachines)enum nss_status _nss_mymachines_gethostbyname4_r( const char *
name, struct gaih_addrtuple **pat, char *buffer, size_t buflen
, int *errnop, int *h_errnop, int32_t *ttlp) __attribute__ ((
visibility("default"))); enum nss_status _nss_mymachines_gethostbyname3_r
( const char *name, int af, struct hostent *host, char *buffer
, size_t buflen, int *errnop, int *h_errnop, int32_t *ttlp, char
**canonp) __attribute__ ((visibility("default"))); enum nss_status
_nss_mymachines_gethostbyname2_r( const char *name, int af, struct
hostent *host, char *buffer, size_t buflen, int *errnop, int
*h_errnop) __attribute__ ((visibility("default"))); enum nss_status
_nss_mymachines_gethostbyname_r( const char *name, struct hostent
*host, char *buffer, size_t buflen, int *errnop, int *h_errnop
) __attribute__ ((visibility("default")));
22NSS_GETPW_PROTOTYPES(mymachines)enum nss_status _nss_mymachines_getpwnam_r( const char *name,
struct passwd *pwd, char *buffer, size_t buflen, int *errnop
) __attribute__ ((visibility("default"))); enum nss_status _nss_mymachines_getpwuid_r
( uid_t uid, struct passwd *pwd, char *buffer, size_t buflen,
int *errnop) __attribute__ ((visibility("default")));
23NSS_GETGR_PROTOTYPES(mymachines)enum nss_status _nss_mymachines_getgrnam_r( const char *name,
struct group *gr, char *buffer, size_t buflen, int *errnop) __attribute__
((visibility("default"))); enum nss_status _nss_mymachines_getgrgid_r
( gid_t gid, struct group *gr, char *buffer, size_t buflen, int
*errnop) __attribute__ ((visibility("default")));
24
25#define HOST_UID_LIMIT((uid_t) 0x10000U) ((uid_t) UINT32_C(0x10000)0x10000U)
26#define HOST_GID_LIMIT((gid_t) 0x10000U) ((gid_t) UINT32_C(0x10000)0x10000U)
27
28static int count_addresses(sd_bus_message *m, int af, unsigned *ret) {
29 unsigned c = 0;
30 int r;
31
32 assert(m)do { if ((__builtin_expect(!!(!(m)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("m"), "../src/nss-mymachines/nss-mymachines.c"
, 32, __PRETTY_FUNCTION__); } while (0);
33 assert(ret)do { if ((__builtin_expect(!!(!(ret)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("ret"), "../src/nss-mymachines/nss-mymachines.c"
, 33, __PRETTY_FUNCTION__); } while (0);
34
35 while ((r = sd_bus_message_enter_container(m, 'r', "iay")) > 0) {
36 int family;
37
38 r = sd_bus_message_read(m, "i", &family);
39 if (r < 0)
40 return r;
41
42 r = sd_bus_message_skip(m, "ay");
43 if (r < 0)
44 return r;
45
46 r = sd_bus_message_exit_container(m);
47 if (r < 0)
48 return r;
49
50 if (af != AF_UNSPEC0 && family != af)
51 continue;
52
53 c++;
54 }
55 if (r < 0)
56 return r;
57
58 r = sd_bus_message_rewind(m, false0);
59 if (r < 0)
60 return r;
61
62 *ret = c;
63 return 0;
64}
65
66enum nss_status _nss_mymachines_gethostbyname4_r(
67 const char *name,
68 struct gaih_addrtuple **pat,
69 char *buffer, size_t buflen,
70 int *errnop, int *h_errnop,
71 int32_t *ttlp) {
72
73 struct gaih_addrtuple *r_tuple, *r_tuple_first = NULL((void*)0);
74 _cleanup_(sd_bus_message_unrefp)__attribute__((cleanup(sd_bus_message_unrefp))) sd_bus_message* reply = NULL((void*)0);
75 _cleanup_(sd_bus_flush_close_unrefp)__attribute__((cleanup(sd_bus_flush_close_unrefp))) sd_bus *bus = NULL((void*)0);
76 _cleanup_free___attribute__((cleanup(freep))) int *ifindices = NULL((void*)0);
77 _cleanup_free___attribute__((cleanup(freep))) char *class = NULL((void*)0);
78 size_t l, ms, idx;
79 unsigned i = 0, c = 0;
80 char *r_name;
81 int n_ifindices, r;
82
83 PROTECT_ERRNO__attribute__((cleanup(_reset_errno_))) __attribute__((unused
)) int _saved_errno_ = (*__errno_location ());
84 BLOCK_SIGNALS(NSS_SIGNALS_BLOCK)__attribute__((cleanup(block_signals_reset))) __attribute__ (
(unused)) sigset_t _saved_sigset = ({ sigset_t _t; do { if ((
__builtin_expect(!!(!(sigprocmask_many(0, &_t, 14,26,13,17
,20,29,1,10,12,27,23,28, -1) >= 0)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("sigprocmask_many(SIG_BLOCK, &_t, 14,26,13,17,20,29,1,10,12,27,23,28, -1) >= 0"
), "../src/nss-mymachines/nss-mymachines.c", 84, __PRETTY_FUNCTION__
); } while (0); _t; });
85
86 assert(name)do { if ((__builtin_expect(!!(!(name)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("name"), "../src/nss-mymachines/nss-mymachines.c"
, 86, __PRETTY_FUNCTION__); } while (0);
87 assert(pat)do { if ((__builtin_expect(!!(!(pat)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("pat"), "../src/nss-mymachines/nss-mymachines.c"
, 87, __PRETTY_FUNCTION__); } while (0);
88 assert(buffer)do { if ((__builtin_expect(!!(!(buffer)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("buffer"), "../src/nss-mymachines/nss-mymachines.c"
, 88, __PRETTY_FUNCTION__); } while (0);
89 assert(errnop)do { if ((__builtin_expect(!!(!(errnop)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("errnop"), "../src/nss-mymachines/nss-mymachines.c"
, 89, __PRETTY_FUNCTION__); } while (0);
90 assert(h_errnop)do { if ((__builtin_expect(!!(!(h_errnop)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("h_errnop"), "../src/nss-mymachines/nss-mymachines.c"
, 90, __PRETTY_FUNCTION__); } while (0);
91
92 r = sd_machine_get_class(name, &class);
93 if (r < 0)
94 goto fail;
95 if (!streq(class, "container")(strcmp((class),("container")) == 0)) {
96 r = -ENOTTY25;
97 goto fail;
98 }
99
100 n_ifindices = sd_machine_get_ifindices(name, &ifindices);
101 if (n_ifindices < 0) {
102 r = n_ifindices;
103 goto fail;
104 }
105
106 r = sd_bus_open_system(&bus);
107 if (r < 0)
108 goto fail;
109
110 r = sd_bus_call_method(bus,
111 "org.freedesktop.machine1",
112 "/org/freedesktop/machine1",
113 "org.freedesktop.machine1.Manager",
114 "GetMachineAddresses",
115 NULL((void*)0),
116 &reply,
117 "s", name);
118 if (r < 0)
119 goto fail;
120
121 r = sd_bus_message_enter_container(reply, 'a', "(iay)");
122 if (r < 0)
123 goto fail;
124
125 r = count_addresses(reply, AF_UNSPEC0, &c);
126 if (r < 0)
127 goto fail;
128
129 if (c <= 0) {
130 *h_errnop = HOST_NOT_FOUND1;
131 return NSS_STATUS_NOTFOUND;
132 }
133
134 l = strlen(name);
135 ms = ALIGN(l+1)(((l+1) + 7) & ~7) + ALIGN(sizeof(struct gaih_addrtuple))(((sizeof(struct gaih_addrtuple)) + 7) & ~7) * c;
136 if (buflen < ms) {
137 UNPROTECT_ERRNOdo { (*__errno_location ()) = _saved_errno_; _saved_errno_ = -
1; } while (0);
138 *errnop = ERANGE34;
139 *h_errnop = NETDB_INTERNAL-1;
140 return NSS_STATUS_TRYAGAIN;
141 }
142
143 /* First, append name */
144 r_name = buffer;
145 memcpy(r_name, name, l+1);
146 idx = ALIGN(l+1)(((l+1) + 7) & ~7);
147
148 /* Second, append addresses */
149 r_tuple_first = (struct gaih_addrtuple*) (buffer + idx);
150 while ((r = sd_bus_message_enter_container(reply, 'r', "iay")) > 0) {
Although the value stored to 'r' is used in the enclosing expression, the value is never actually read from 'r'
151 int family;
152 const void *a;
153 size_t sz;
154
155 r = sd_bus_message_read(reply, "i", &family);
156 if (r < 0)
157 goto fail;
158
159 r = sd_bus_message_read_array(reply, 'y', &a, &sz);
160 if (r < 0)
161 goto fail;
162
163 r = sd_bus_message_exit_container(reply);
164 if (r < 0)
165 goto fail;
166
167 if (!IN_SET(family, AF_INET, AF_INET6)({ _Bool _found = 0; static __attribute__ ((unused)) char _static_assert__macros_need_to_be_extended
[20 - sizeof((int[]){2, 10})/sizeof(int)]; switch(family) { case
2: case 10: _found = 1; break; default: break; } _found; })) {
168 r = -EAFNOSUPPORT97;
169 goto fail;
170 }
171
172 if (sz != FAMILY_ADDRESS_SIZE(family)) {
173 r = -EINVAL22;
174 goto fail;
175 }
176
177 r_tuple = (struct gaih_addrtuple*) (buffer + idx);
178 r_tuple->next = i == c-1 ? NULL((void*)0) : (struct gaih_addrtuple*) ((char*) r_tuple + ALIGN(sizeof(struct gaih_addrtuple))(((sizeof(struct gaih_addrtuple)) + 7) & ~7));
179 r_tuple->name = r_name;
180 r_tuple->family = family;
181 r_tuple->scopeid = n_ifindices == 1 ? ifindices[0] : 0;
182 memcpy(r_tuple->addr, a, sz);
183
184 idx += ALIGN(sizeof(struct gaih_addrtuple))(((sizeof(struct gaih_addrtuple)) + 7) & ~7);
185 i++;
186 }
187
188 assert(i == c)do { if ((__builtin_expect(!!(!(i == c)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("i == c"), "../src/nss-mymachines/nss-mymachines.c"
, 188, __PRETTY_FUNCTION__); } while (0);
189
190 r = sd_bus_message_exit_container(reply);
191 if (r < 0)
192 goto fail;
193
194 assert(idx == ms)do { if ((__builtin_expect(!!(!(idx == ms)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("idx == ms"), "../src/nss-mymachines/nss-mymachines.c"
, 194, __PRETTY_FUNCTION__); } while (0);
195
196 if (*pat)
197 **pat = *r_tuple_first;
198 else
199 *pat = r_tuple_first;
200
201 if (ttlp)
202 *ttlp = 0;
203
204 /* Explicitly reset both *h_errnop and h_errno to work around
205 * https://bugzilla.redhat.com/show_bug.cgi?id=1125975 */
206 *h_errnop = NETDB_SUCCESS0;
207 h_errno(*__h_errno_location ()) = 0;
208
209 return NSS_STATUS_SUCCESS;
210
211fail:
212 UNPROTECT_ERRNOdo { (*__errno_location ()) = _saved_errno_; _saved_errno_ = -
1; } while (0);
213 *errnop = -r;
214 *h_errnop = NO_DATA4;
215 return NSS_STATUS_UNAVAIL;
216}
217
218enum nss_status _nss_mymachines_gethostbyname3_r(
219 const char *name,
220 int af,
221 struct hostent *result,
222 char *buffer, size_t buflen,
223 int *errnop, int *h_errnop,
224 int32_t *ttlp,
225 char **canonp) {
226
227 _cleanup_(sd_bus_message_unrefp)__attribute__((cleanup(sd_bus_message_unrefp))) sd_bus_message* reply = NULL((void*)0);
228 _cleanup_(sd_bus_flush_close_unrefp)__attribute__((cleanup(sd_bus_flush_close_unrefp))) sd_bus *bus = NULL((void*)0);
229 _cleanup_free___attribute__((cleanup(freep))) char *class = NULL((void*)0);
230 unsigned c = 0, i = 0;
231 char *r_name, *r_aliases, *r_addr, *r_addr_list;
232 size_t l, idx, ms, alen;
233 int r;
234
235 PROTECT_ERRNO__attribute__((cleanup(_reset_errno_))) __attribute__((unused
)) int _saved_errno_ = (*__errno_location ());
236 BLOCK_SIGNALS(NSS_SIGNALS_BLOCK)__attribute__((cleanup(block_signals_reset))) __attribute__ (
(unused)) sigset_t _saved_sigset = ({ sigset_t _t; do { if ((
__builtin_expect(!!(!(sigprocmask_many(0, &_t, 14,26,13,17
,20,29,1,10,12,27,23,28, -1) >= 0)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("sigprocmask_many(SIG_BLOCK, &_t, 14,26,13,17,20,29,1,10,12,27,23,28, -1) >= 0"
), "../src/nss-mymachines/nss-mymachines.c", 236, __PRETTY_FUNCTION__
); } while (0); _t; });
237
238 assert(name)do { if ((__builtin_expect(!!(!(name)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("name"), "../src/nss-mymachines/nss-mymachines.c"
, 238, __PRETTY_FUNCTION__); } while (0);
239 assert(result)do { if ((__builtin_expect(!!(!(result)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("result"), "../src/nss-mymachines/nss-mymachines.c"
, 239, __PRETTY_FUNCTION__); } while (0);
240 assert(buffer)do { if ((__builtin_expect(!!(!(buffer)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("buffer"), "../src/nss-mymachines/nss-mymachines.c"
, 240, __PRETTY_FUNCTION__); } while (0);
241 assert(errnop)do { if ((__builtin_expect(!!(!(errnop)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("errnop"), "../src/nss-mymachines/nss-mymachines.c"
, 241, __PRETTY_FUNCTION__); } while (0);
242 assert(h_errnop)do { if ((__builtin_expect(!!(!(h_errnop)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("h_errnop"), "../src/nss-mymachines/nss-mymachines.c"
, 242, __PRETTY_FUNCTION__); } while (0);
243
244 if (af == AF_UNSPEC0)
245 af = AF_INET2;
246
247 if (af != AF_INET2 && af != AF_INET610) {
248 r = -EAFNOSUPPORT97;
249 goto fail;
250 }
251
252 r = sd_machine_get_class(name, &class);
253 if (r < 0)
254 goto fail;
255 if (!streq(class, "container")(strcmp((class),("container")) == 0)) {
256 r = -ENOTTY25;
257 goto fail;
258 }
259
260 r = sd_bus_open_system(&bus);
261 if (r < 0)
262 goto fail;
263
264 r = sd_bus_call_method(bus,
265 "org.freedesktop.machine1",
266 "/org/freedesktop/machine1",
267 "org.freedesktop.machine1.Manager",
268 "GetMachineAddresses",
269 NULL((void*)0),
270 &reply,
271 "s", name);
272 if (r < 0)
273 goto fail;
274
275 r = sd_bus_message_enter_container(reply, 'a', "(iay)");
276 if (r < 0)
277 goto fail;
278
279 r = count_addresses(reply, af, &c);
280 if (r < 0)
281 goto fail;
282
283 if (c <= 0) {
284 *h_errnop = HOST_NOT_FOUND1;
285 return NSS_STATUS_NOTFOUND;
286 }
287
288 alen = FAMILY_ADDRESS_SIZE(af);
289 l = strlen(name);
290
291 ms = ALIGN(l+1)(((l+1) + 7) & ~7) + c * ALIGN(alen)(((alen) + 7) & ~7) + (c+2) * sizeof(char*);
292
293 if (buflen < ms) {
294 UNPROTECT_ERRNOdo { (*__errno_location ()) = _saved_errno_; _saved_errno_ = -
1; } while (0);
295 *errnop = ERANGE34;
296 *h_errnop = NETDB_INTERNAL-1;
297 return NSS_STATUS_TRYAGAIN;
298 }
299
300 /* First, append name */
301 r_name = buffer;
302 memcpy(r_name, name, l+1);
303 idx = ALIGN(l+1)(((l+1) + 7) & ~7);
304
305 /* Second, create aliases array */
306 r_aliases = buffer + idx;
307 ((char**) r_aliases)[0] = NULL((void*)0);
308 idx += sizeof(char*);
309
310 /* Third, append addresses */
311 r_addr = buffer + idx;
312 while ((r = sd_bus_message_enter_container(reply, 'r', "iay")) > 0) {
313 int family;
314 const void *a;
315 size_t sz;
316
317 r = sd_bus_message_read(reply, "i", &family);
318 if (r < 0)
319 goto fail;
320
321 r = sd_bus_message_read_array(reply, 'y', &a, &sz);
322 if (r < 0)
323 goto fail;
324
325 r = sd_bus_message_exit_container(reply);
326 if (r < 0)
327 goto fail;
328
329 if (family != af)
330 continue;
331
332 if (sz != alen) {
333 r = -EINVAL22;
334 goto fail;
335 }
336
337 memcpy(r_addr + i*ALIGN(alen)(((alen) + 7) & ~7), a, alen);
338 i++;
339 }
340
341 assert(i == c)do { if ((__builtin_expect(!!(!(i == c)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("i == c"), "../src/nss-mymachines/nss-mymachines.c"
, 341, __PRETTY_FUNCTION__); } while (0);
342 idx += c * ALIGN(alen)(((alen) + 7) & ~7);
343
344 r = sd_bus_message_exit_container(reply);
345 if (r < 0)
346 goto fail;
347
348 /* Third, append address pointer array */
349 r_addr_list = buffer + idx;
350 for (i = 0; i < c; i++)
351 ((char**) r_addr_list)[i] = r_addr + i*ALIGN(alen)(((alen) + 7) & ~7);
352
353 ((char**) r_addr_list)[i] = NULL((void*)0);
354 idx += (c+1) * sizeof(char*);
355
356 assert(idx == ms)do { if ((__builtin_expect(!!(!(idx == ms)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("idx == ms"), "../src/nss-mymachines/nss-mymachines.c"
, 356, __PRETTY_FUNCTION__); } while (0);
357
358 result->h_name = r_name;
359 result->h_aliases = (char**) r_aliases;
360 result->h_addrtype = af;
361 result->h_length = alen;
362 result->h_addr_list = (char**) r_addr_list;
363
364 if (ttlp)
365 *ttlp = 0;
366
367 if (canonp)
368 *canonp = r_name;
369
370 /* Explicitly reset both *h_errnop and h_errno to work around
371 * https://bugzilla.redhat.com/show_bug.cgi?id=1125975 */
372 *h_errnop = NETDB_SUCCESS0;
373 h_errno(*__h_errno_location ()) = 0;
374
375 return NSS_STATUS_SUCCESS;
376
377fail:
378 UNPROTECT_ERRNOdo { (*__errno_location ()) = _saved_errno_; _saved_errno_ = -
1; } while (0);
379 *errnop = -r;
380 *h_errnop = NO_DATA4;
381 return NSS_STATUS_UNAVAIL;
382}
383
384NSS_GETHOSTBYNAME_FALLBACKS(mymachines)enum nss_status _nss_mymachines_gethostbyname2_r( const char *
name, int af, struct hostent *host, char *buffer, size_t buflen
, int *errnop, int *h_errnop) { return _nss_mymachines_gethostbyname3_r
( name, af, host, buffer, buflen, errnop, h_errnop, ((void*)0
), ((void*)0)); } enum nss_status _nss_mymachines_gethostbyname_r
( const char *name, struct hostent *host, char *buffer, size_t
buflen, int *errnop, int *h_errnop) { enum nss_status ret = NSS_STATUS_NOTFOUND
; if ((*__res_state()).options & 0x00002000) ret = _nss_mymachines_gethostbyname3_r
( name, 10, host, buffer, buflen, errnop, h_errnop, ((void*)0
), ((void*)0)); if (ret == NSS_STATUS_NOTFOUND) ret = _nss_mymachines_gethostbyname3_r
( name, 2, host, buffer, buflen, errnop, h_errnop, ((void*)0)
, ((void*)0)); return ret; };
385
386enum nss_status _nss_mymachines_getpwnam_r(
387 const char *name,
388 struct passwd *pwd,
389 char *buffer, size_t buflen,
390 int *errnop) {
391
392 _cleanup_(sd_bus_error_free)__attribute__((cleanup(sd_bus_error_free))) sd_bus_error error = SD_BUS_ERROR_NULL((const sd_bus_error) {(((void*)0)), (((void*)0)), 0});
393 _cleanup_(sd_bus_message_unrefp)__attribute__((cleanup(sd_bus_message_unrefp))) sd_bus_message* reply = NULL((void*)0);
394 _cleanup_(sd_bus_flush_close_unrefp)__attribute__((cleanup(sd_bus_flush_close_unrefp))) sd_bus *bus = NULL((void*)0);
395 const char *p, *e, *machine;
396 uint32_t mapped;
397 uid_t uid;
398 size_t l;
399 int r;
400
401 PROTECT_ERRNO__attribute__((cleanup(_reset_errno_))) __attribute__((unused
)) int _saved_errno_ = (*__errno_location ());
402 BLOCK_SIGNALS(NSS_SIGNALS_BLOCK)__attribute__((cleanup(block_signals_reset))) __attribute__ (
(unused)) sigset_t _saved_sigset = ({ sigset_t _t; do { if ((
__builtin_expect(!!(!(sigprocmask_many(0, &_t, 14,26,13,17
,20,29,1,10,12,27,23,28, -1) >= 0)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("sigprocmask_many(SIG_BLOCK, &_t, 14,26,13,17,20,29,1,10,12,27,23,28, -1) >= 0"
), "../src/nss-mymachines/nss-mymachines.c", 402, __PRETTY_FUNCTION__
); } while (0); _t; });
403
404 assert(name)do { if ((__builtin_expect(!!(!(name)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("name"), "../src/nss-mymachines/nss-mymachines.c"
, 404, __PRETTY_FUNCTION__); } while (0);
405 assert(pwd)do { if ((__builtin_expect(!!(!(pwd)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("pwd"), "../src/nss-mymachines/nss-mymachines.c"
, 405, __PRETTY_FUNCTION__); } while (0);
406
407 p = startswith(name, "vu-");
408 if (!p)
409 return NSS_STATUS_NOTFOUND;
410
411 e = strrchr(p, '-');
412 if (!e || e == p)
413 return NSS_STATUS_NOTFOUND;
414
415 if (e - p > HOST_NAME_MAX64 - 1) /* -1 for the last dash */
416 return NSS_STATUS_NOTFOUND;
417
418 r = parse_uid(e + 1, &uid);
419 if (r < 0)
420 return NSS_STATUS_NOTFOUND;
421
422 machine = strndupa(p, e - p)(__extension__ ({ const char *__old = (p); size_t __len = strnlen
(__old, (e - p)); char *__new = (char *) __builtin_alloca (__len
+ 1); __new[__len] = '\0'; (char *) memcpy (__new, __old, __len
); }));
423 if (!machine_name_is_valid(machine)hostname_is_valid(machine, 0))
424 return NSS_STATUS_NOTFOUND;
425
426 if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0)
427 /* Make sure we can't deadlock if we are invoked by dbus-daemon. This way, it won't be able to resolve
428 * these UIDs, but that should be unproblematic as containers should never be able to connect to a bus
429 * running on the host. */
430 return NSS_STATUS_NOTFOUND;
431
432 r = sd_bus_open_system(&bus);
433 if (r < 0)
434 goto fail;
435
436 r = sd_bus_call_method(bus,
437 "org.freedesktop.machine1",
438 "/org/freedesktop/machine1",
439 "org.freedesktop.machine1.Manager",
440 "MapFromMachineUser",
441 &error,
442 &reply,
443 "su",
444 machine, (uint32_t) uid);
445 if (r < 0) {
446 if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_USER_MAPPING"org.freedesktop.machine1.NoSuchUserMapping"))
447 return NSS_STATUS_NOTFOUND;
448
449 goto fail;
450 }
451
452 r = sd_bus_message_read(reply, "u", &mapped);
453 if (r < 0)
454 goto fail;
455
456 /* Refuse to work if the mapped address is in the host UID range, or if there was no mapping at all. */
457 if (mapped < HOST_UID_LIMIT((uid_t) 0x10000U) || mapped == uid)
458 return NSS_STATUS_NOTFOUND;
459
460 l = strlen(name);
461 if (buflen < l+1) {
462 UNPROTECT_ERRNOdo { (*__errno_location ()) = _saved_errno_; _saved_errno_ = -
1; } while (0);
463 *errnop = ERANGE34;
464 return NSS_STATUS_TRYAGAIN;
465 }
466
467 memcpy(buffer, name, l+1);
468
469 pwd->pw_name = buffer;
470 pwd->pw_uid = mapped;
471 pwd->pw_gid = GID_NOBODY((gid_t) 65534U);
472 pwd->pw_gecos = buffer;
473 pwd->pw_passwd = (char*) "*"; /* locked */
474 pwd->pw_dir = (char*) "/";
475 pwd->pw_shell = (char*) "/sbin/nologin";
476
477 return NSS_STATUS_SUCCESS;
478
479fail:
480 UNPROTECT_ERRNOdo { (*__errno_location ()) = _saved_errno_; _saved_errno_ = -
1; } while (0);
481 *errnop = -r;
482 return NSS_STATUS_UNAVAIL;
483}
484
485enum nss_status _nss_mymachines_getpwuid_r(
486 uid_t uid,
487 struct passwd *pwd,
488 char *buffer, size_t buflen,
489 int *errnop) {
490
491 _cleanup_(sd_bus_error_free)__attribute__((cleanup(sd_bus_error_free))) sd_bus_error error = SD_BUS_ERROR_NULL((const sd_bus_error) {(((void*)0)), (((void*)0)), 0});
492 _cleanup_(sd_bus_message_unrefp)__attribute__((cleanup(sd_bus_message_unrefp))) sd_bus_message* reply = NULL((void*)0);
493 _cleanup_(sd_bus_flush_close_unrefp)__attribute__((cleanup(sd_bus_flush_close_unrefp))) sd_bus *bus = NULL((void*)0);
494 const char *machine;
495 uint32_t mapped;
496 int r;
497
498 PROTECT_ERRNO__attribute__((cleanup(_reset_errno_))) __attribute__((unused
)) int _saved_errno_ = (*__errno_location ());
499 BLOCK_SIGNALS(NSS_SIGNALS_BLOCK)__attribute__((cleanup(block_signals_reset))) __attribute__ (
(unused)) sigset_t _saved_sigset = ({ sigset_t _t; do { if ((
__builtin_expect(!!(!(sigprocmask_many(0, &_t, 14,26,13,17
,20,29,1,10,12,27,23,28, -1) >= 0)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("sigprocmask_many(SIG_BLOCK, &_t, 14,26,13,17,20,29,1,10,12,27,23,28, -1) >= 0"
), "../src/nss-mymachines/nss-mymachines.c", 499, __PRETTY_FUNCTION__
); } while (0); _t; });
500
501 if (!uid_is_valid(uid))
502 return NSS_STATUS_NOTFOUND;
503
504 /* We consider all uids < 65536 host uids */
505 if (uid < HOST_UID_LIMIT((uid_t) 0x10000U))
506 return NSS_STATUS_NOTFOUND;
507
508 if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0)
509 return NSS_STATUS_NOTFOUND;
510
511 r = sd_bus_open_system(&bus);
512 if (r < 0)
513 goto fail;
514
515 r = sd_bus_call_method(bus,
516 "org.freedesktop.machine1",
517 "/org/freedesktop/machine1",
518 "org.freedesktop.machine1.Manager",
519 "MapToMachineUser",
520 &error,
521 &reply,
522 "u",
523 (uint32_t) uid);
524 if (r < 0) {
525 if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_USER_MAPPING"org.freedesktop.machine1.NoSuchUserMapping"))
526 return NSS_STATUS_NOTFOUND;
527
528 goto fail;
529 }
530
531 r = sd_bus_message_read(reply, "sou", &machine, NULL((void*)0), &mapped);
532 if (r < 0)
533 goto fail;
534
535 if (mapped == uid)
536 return NSS_STATUS_NOTFOUND;
537
538 if (snprintf(buffer, buflen, "vu-%s-" UID_FMT"%" "u", machine, (uid_t) mapped) >= (int) buflen) {
539 UNPROTECT_ERRNOdo { (*__errno_location ()) = _saved_errno_; _saved_errno_ = -
1; } while (0);
540 *errnop = ERANGE34;
541 return NSS_STATUS_TRYAGAIN;
542 }
543
544 pwd->pw_name = buffer;
545 pwd->pw_uid = uid;
546 pwd->pw_gid = GID_NOBODY((gid_t) 65534U);
547 pwd->pw_gecos = buffer;
548 pwd->pw_passwd = (char*) "*"; /* locked */
549 pwd->pw_dir = (char*) "/";
550 pwd->pw_shell = (char*) "/sbin/nologin";
551
552 return NSS_STATUS_SUCCESS;
553
554fail:
555 UNPROTECT_ERRNOdo { (*__errno_location ()) = _saved_errno_; _saved_errno_ = -
1; } while (0);
556 *errnop = -r;
557 return NSS_STATUS_UNAVAIL;
558}
559
560#pragma GCC diagnostic ignored "-Wsizeof-pointer-memaccess"
561
562enum nss_status _nss_mymachines_getgrnam_r(
563 const char *name,
564 struct group *gr,
565 char *buffer, size_t buflen,
566 int *errnop) {
567
568 _cleanup_(sd_bus_error_free)__attribute__((cleanup(sd_bus_error_free))) sd_bus_error error = SD_BUS_ERROR_NULL((const sd_bus_error) {(((void*)0)), (((void*)0)), 0});
569 _cleanup_(sd_bus_message_unrefp)__attribute__((cleanup(sd_bus_message_unrefp))) sd_bus_message* reply = NULL((void*)0);
570 _cleanup_(sd_bus_flush_close_unrefp)__attribute__((cleanup(sd_bus_flush_close_unrefp))) sd_bus *bus = NULL((void*)0);
571 const char *p, *e, *machine;
572 uint32_t mapped;
573 uid_t gid;
574 size_t l;
575 int r;
576
577 PROTECT_ERRNO__attribute__((cleanup(_reset_errno_))) __attribute__((unused
)) int _saved_errno_ = (*__errno_location ());
578 BLOCK_SIGNALS(NSS_SIGNALS_BLOCK)__attribute__((cleanup(block_signals_reset))) __attribute__ (
(unused)) sigset_t _saved_sigset = ({ sigset_t _t; do { if ((
__builtin_expect(!!(!(sigprocmask_many(0, &_t, 14,26,13,17
,20,29,1,10,12,27,23,28, -1) >= 0)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("sigprocmask_many(SIG_BLOCK, &_t, 14,26,13,17,20,29,1,10,12,27,23,28, -1) >= 0"
), "../src/nss-mymachines/nss-mymachines.c", 578, __PRETTY_FUNCTION__
); } while (0); _t; });
579
580 assert(name)do { if ((__builtin_expect(!!(!(name)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("name"), "../src/nss-mymachines/nss-mymachines.c"
, 580, __PRETTY_FUNCTION__); } while (0);
581 assert(gr)do { if ((__builtin_expect(!!(!(gr)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("gr"), "../src/nss-mymachines/nss-mymachines.c"
, 581, __PRETTY_FUNCTION__); } while (0);
582
583 p = startswith(name, "vg-");
584 if (!p)
585 return NSS_STATUS_NOTFOUND;
586
587 e = strrchr(p, '-');
588 if (!e || e == p)
589 return NSS_STATUS_NOTFOUND;
590
591 if (e - p > HOST_NAME_MAX64 - 1) /* -1 for the last dash */
592 return NSS_STATUS_NOTFOUND;
593
594 r = parse_gid(e + 1, &gid);
595 if (r < 0)
596 return NSS_STATUS_NOTFOUND;
597
598 machine = strndupa(p, e - p)(__extension__ ({ const char *__old = (p); size_t __len = strnlen
(__old, (e - p)); char *__new = (char *) __builtin_alloca (__len
+ 1); __new[__len] = '\0'; (char *) memcpy (__new, __old, __len
); }));
599 if (!machine_name_is_valid(machine)hostname_is_valid(machine, 0))
600 return NSS_STATUS_NOTFOUND;
601
602 if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0)
603 return NSS_STATUS_NOTFOUND;
604
605 r = sd_bus_open_system(&bus);
606 if (r < 0)
607 goto fail;
608
609 r = sd_bus_call_method(bus,
610 "org.freedesktop.machine1",
611 "/org/freedesktop/machine1",
612 "org.freedesktop.machine1.Manager",
613 "MapFromMachineGroup",
614 &error,
615 &reply,
616 "su",
617 machine, (uint32_t) gid);
618 if (r < 0) {
619 if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_GROUP_MAPPING"org.freedesktop.machine1.NoSuchGroupMapping"))
620 return NSS_STATUS_NOTFOUND;
621
622 goto fail;
623 }
624
625 r = sd_bus_message_read(reply, "u", &mapped);
626 if (r < 0)
627 goto fail;
628
629 if (mapped < HOST_GID_LIMIT((gid_t) 0x10000U) || mapped == gid)
630 return NSS_STATUS_NOTFOUND;
631
632 l = sizeof(char*) + strlen(name) + 1;
633 if (buflen < l) {
634 UNPROTECT_ERRNOdo { (*__errno_location ()) = _saved_errno_; _saved_errno_ = -
1; } while (0);
635 *errnop = ERANGE34;
636 return NSS_STATUS_TRYAGAIN;
637 }
638
639 memzero(buffer, sizeof(char*))({ size_t _l_ = (sizeof(char*)); void *_x_ = (buffer); _l_ ==
0 ? _x_ : memset(_x_, 0, _l_); });
640 strcpy(buffer + sizeof(char*), name);
641
642 gr->gr_name = buffer + sizeof(char*);
643 gr->gr_gid = mapped;
644 gr->gr_passwd = (char*) "*"; /* locked */
645 gr->gr_mem = (char**) buffer;
646
647 return NSS_STATUS_SUCCESS;
648
649fail:
650 UNPROTECT_ERRNOdo { (*__errno_location ()) = _saved_errno_; _saved_errno_ = -
1; } while (0);
651 *errnop = -r;
652 return NSS_STATUS_UNAVAIL;
653}
654
655enum nss_status _nss_mymachines_getgrgid_r(
656 gid_t gid,
657 struct group *gr,
658 char *buffer, size_t buflen,
659 int *errnop) {
660
661 _cleanup_(sd_bus_error_free)__attribute__((cleanup(sd_bus_error_free))) sd_bus_error error = SD_BUS_ERROR_NULL((const sd_bus_error) {(((void*)0)), (((void*)0)), 0});
662 _cleanup_(sd_bus_message_unrefp)__attribute__((cleanup(sd_bus_message_unrefp))) sd_bus_message* reply = NULL((void*)0);
663 _cleanup_(sd_bus_flush_close_unrefp)__attribute__((cleanup(sd_bus_flush_close_unrefp))) sd_bus *bus = NULL((void*)0);
664 const char *machine;
665 uint32_t mapped;
666 int r;
667
668 PROTECT_ERRNO__attribute__((cleanup(_reset_errno_))) __attribute__((unused
)) int _saved_errno_ = (*__errno_location ());
669 BLOCK_SIGNALS(NSS_SIGNALS_BLOCK)__attribute__((cleanup(block_signals_reset))) __attribute__ (
(unused)) sigset_t _saved_sigset = ({ sigset_t _t; do { if ((
__builtin_expect(!!(!(sigprocmask_many(0, &_t, 14,26,13,17
,20,29,1,10,12,27,23,28, -1) >= 0)),0))) log_assert_failed_realm
(LOG_REALM_SYSTEMD, ("sigprocmask_many(SIG_BLOCK, &_t, 14,26,13,17,20,29,1,10,12,27,23,28, -1) >= 0"
), "../src/nss-mymachines/nss-mymachines.c", 669, __PRETTY_FUNCTION__
); } while (0); _t; });
670
671 if (!gid_is_valid(gid))
672 return NSS_STATUS_NOTFOUND;
673
674 /* We consider all gids < 65536 host gids */
675 if (gid < HOST_GID_LIMIT((gid_t) 0x10000U))
676 return NSS_STATUS_NOTFOUND;
677
678 if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_BUS") > 0)
679 return NSS_STATUS_NOTFOUND;
680
681 r = sd_bus_open_system(&bus);
682 if (r < 0)
683 goto fail;
684
685 r = sd_bus_call_method(bus,
686 "org.freedesktop.machine1",
687 "/org/freedesktop/machine1",
688 "org.freedesktop.machine1.Manager",
689 "MapToMachineGroup",
690 &error,
691 &reply,
692 "u",
693 (uint32_t) gid);
694 if (r < 0) {
695 if (sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_GROUP_MAPPING"org.freedesktop.machine1.NoSuchGroupMapping"))
696 return NSS_STATUS_NOTFOUND;
697
698 goto fail;
699 }
700
701 r = sd_bus_message_read(reply, "sou", &machine, NULL((void*)0), &mapped);
702 if (r < 0)
703 goto fail;
704
705 if (mapped == gid)
706 return NSS_STATUS_NOTFOUND;
707
708 if (buflen < sizeof(char*) + 1) {
709 UNPROTECT_ERRNOdo { (*__errno_location ()) = _saved_errno_; _saved_errno_ = -
1; } while (0);
710 *errnop = ERANGE34;
711 return NSS_STATUS_TRYAGAIN;
712 }
713
714 memzero(buffer, sizeof(char*))({ size_t _l_ = (sizeof(char*)); void *_x_ = (buffer); _l_ ==
0 ? _x_ : memset(_x_, 0, _l_); });
715 if (snprintf(buffer + sizeof(char*), buflen - sizeof(char*), "vg-%s-" GID_FMT"%" "u", machine, (gid_t) mapped) >= (int) buflen) {
716 UNPROTECT_ERRNOdo { (*__errno_location ()) = _saved_errno_; _saved_errno_ = -
1; } while (0);
717 *errnop = ERANGE34;
718 return NSS_STATUS_TRYAGAIN;
719 }
720
721 gr->gr_name = buffer + sizeof(char*);
722 gr->gr_gid = gid;
723 gr->gr_passwd = (char*) "*"; /* locked */
724 gr->gr_mem = (char**) buffer;
725
726 return NSS_STATUS_SUCCESS;
727
728fail:
729 UNPROTECT_ERRNOdo { (*__errno_location ()) = _saved_errno_; _saved_errno_ = -
1; } while (0);
730 *errnop = -r;
731 return NSS_STATUS_UNAVAIL;
732}