diff --git a/src/basic/user-util.h b/src/basic/user-util.h index 855813cc76..6de68e2d2c 100644 --- a/src/basic/user-util.h +++ b/src/basic/user-util.h @@ -64,6 +64,14 @@ static inline bool uid_is_dynamic(uid_t uid) { return DYNAMIC_UID_MIN <= uid && uid <= DYNAMIC_UID_MAX; } +static inline bool uid_is_system(uid_t uid) { + return uid <= SYSTEM_UID_MAX; +} + +static inline bool gid_is_system(gid_t gid) { + return gid <= SYSTEM_GID_MAX; +} + /* The following macros add 1 when converting things, since UID 0 is a valid UID, while the pointer * NULL is special */ #define PTR_TO_UID(p) ((uid_t) (((uintptr_t) (p))-1)) diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c index d3533790a1..eda7d78be2 100644 --- a/src/coredump/coredump.c +++ b/src/coredump/coredump.c @@ -165,7 +165,7 @@ static int fix_acl(int fd, uid_t uid) { assert(fd >= 0); - if (uid <= SYSTEM_UID_MAX) + if (uid_is_system(uid)) return 0; /* Make sure normal users can read (but not write or delete) diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c index 46bf2eb310..cc45591c09 100644 --- a/src/journal/journald-server.c +++ b/src/journal/journald-server.c @@ -248,7 +248,7 @@ static void server_add_acls(JournalFile *f, uid_t uid) { assert(f); #if HAVE_ACL - if (uid <= SYSTEM_UID_MAX) + if (uid_is_system(uid)) return; r = add_acls_for_user(f->fd, uid); @@ -406,7 +406,7 @@ static JournalFile* find_journal(Server *s, uid_t uid) { if (s->runtime_journal) return s->runtime_journal; - if (uid <= SYSTEM_UID_MAX || uid_is_dynamic(uid)) + if (uid_is_system(uid) || uid_is_dynamic(uid)) return s->system_journal; r = sd_id128_get_machine(&machine); diff --git a/src/login/logind-user.c b/src/login/logind-user.c index 43a9f58adc..01469438b1 100644 --- a/src/login/logind-user.c +++ b/src/login/logind-user.c @@ -617,7 +617,7 @@ int user_finalize(User *u) { * cases, as we shouldn't accidentally remove a system service's IPC objects while it is running, just because * a cronjob running as the same user just finished. Hence: exclude system users generally from IPC clean-up, * and do it only for normal users. */ - if (u->manager->remove_ipc && u->uid > SYSTEM_UID_MAX) { + if (u->manager->remove_ipc && !uid_is_system(u->uid)) { k = clean_ipc_by_uid(u->uid); if (k < 0) r = k; diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c index d6de0a9878..d1a369672e 100644 --- a/src/nss-systemd/nss-systemd.c +++ b/src/nss-systemd/nss-systemd.c @@ -251,7 +251,7 @@ enum nss_status _nss_systemd_getpwuid_r( } } - if (uid <= SYSTEM_UID_MAX) + if (uid_is_system(uid)) goto not_found; if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0) @@ -463,7 +463,7 @@ enum nss_status _nss_systemd_getgrgid_r( } } - if (gid <= SYSTEM_GID_MAX) + if (gid_is_system(gid)) goto not_found; if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0) diff --git a/src/shared/condition.c b/src/shared/condition.c index f1e914cb2d..3f32dfb7b6 100644 --- a/src/shared/condition.c +++ b/src/shared/condition.c @@ -157,7 +157,7 @@ static int condition_test_user(Condition *c) { return id == getuid() || id == geteuid(); if (streq("@system", c->parameter)) - return getuid() <= SYSTEM_UID_MAX || geteuid() <= SYSTEM_UID_MAX; + return uid_is_system(getuid()) || uid_is_system(geteuid()); username = getusername_malloc(); if (!username) diff --git a/src/test/test-condition.c b/src/test/test-condition.c index 31e08b2318..d43db3a7cd 100644 --- a/src/test/test-condition.c +++ b/src/test/test-condition.c @@ -391,7 +391,7 @@ static void test_condition_test_user(void) { assert_se(condition); r = condition_test(condition); log_info("ConditionUser=@system → %i", r); - if (getuid() < SYSTEM_UID_MAX || geteuid() < SYSTEM_UID_MAX) + if (uid_is_system(getuid()) || uid_is_system(geteuid())) assert_se(r > 0); else assert_se(r == 0);