docs/CONVERTING_TO_HOMED.md

@@ -1,6 +1,6 @@
 ---
 title: Converting Existing Users to systemd-homed
-category: Users, Groups and Home Directories
+category: Interfaces
 layout: default
 ---
 

docs/GROUP_RECORD.md

@@ -1,6 +1,6 @@
 ---
 title: JSON Group Records
-category: Users, Groups and Home Directories
+category: Interfaces
 layout: default
 ---
 

docs/HOME_DIRECTORY.md

@@ -1,6 +1,6 @@
 ---
 title: Home Directories
-category: Users, Groups and Home Directories
+category: Concepts
 layout: default
 ---
 

docs/UIDS-GIDS.md

@@ -1,6 +1,6 @@
 ---
 title: Users, Groups, UIDs and GIDs on systemd Systems
-category: Users, Groups and Home Directories
+category: Concepts
 layout: default
 ---
 

docs/USERDB_AND_DESKTOPS.md

@@ -1,6 +1,6 @@
 ---
 title: systemd-homed and JSON User/Group Record Support in Desktop Environments
-category: Users, Groups and Home Directories
+category: Interfaces
 layout: default
 ---
 

docs/USER_GROUP_API.md

@@ -1,6 +1,6 @@
 ---
 title: User/Group Record Lookup API via Varlink
-category: Users, Groups and Home Directories
+category: Interfaces
 layout: default
 ---
 

docs/USER_NAMES.md

@@ -1,6 +1,6 @@
 ---
 title: User/Group Name Syntax
-category: Users, Groups and Home Directories
+category: Concepts
 layout: default
 ---
 

docs/USER_RECORD.md

@@ -1,6 +1,6 @@
 ---
 title: JSON User Records
-category: Users, Groups and Home Directories
+category: Interfaces
 layout: default
 ---
 

man/systemd.network.xml

@@ -1930,9 +1930,10 @@
       <varlistentry>
         <term><varname>POP3Servers=</varname></term>
 
-        <listitem><para>Similar to the <varname>DNS=</varname> setting described above, this setting
+        <listitem><para>Similar to the <varname>DNS=</varname> settings described above, these
-        configures whether and what POP3 server information shall be emitted as part of the DHCP lease. The
+        settings configure whether and what POP3 server information shall be emitted as part of
-        same syntax, propagation semantics and defaults apply as for
+        the DHCP lease. The same syntax, propagation semantics and defaults apply as for
+        <term><varname>SMTPServers=</varname></term>
         <varname>DNS=</varname>.</para></listitem>
       </varlistentry>
 

src/basic/btrfs-util.c

@@ -160,31 +160,6 @@ int btrfs_subvol_make(const char *path) {
         return btrfs_subvol_make_fd(fd, subvolume);
 }
 
-int btrfs_subvol_make_fallback(const char *path, mode_t mode) {
-        mode_t old, combined;
-        int r;
-
-        assert(path);
-
-        /* Let's work like mkdir(), i.e. take the specified mode, and mask it with the current umask. */
-        old = umask(~mode);
-        combined = old | ~mode;
-        if (combined != ~mode)
-                umask(combined);
-        r = btrfs_subvol_make(path);
-        umask(old);
-
-        if (r >= 0)
-                return 1; /* subvol worked */
-        if (r != -ENOTTY)
-                return r;
-
-        if (mkdir(path, mode) < 0)
-                return -errno;
-
-        return 0; /* plain directory */
-}
-
 int btrfs_subvol_set_read_only_fd(int fd, bool b) {
         uint64_t flags, nflags;
         struct stat st;
@@ -200,7 +175,11 @@ int btrfs_subvol_set_read_only_fd(int fd, bool b) {
         if (ioctl(fd, BTRFS_IOC_SUBVOL_GETFLAGS, &flags) < 0)
                 return -errno;
 
-        nflags = UPDATE_FLAG(flags, BTRFS_SUBVOL_RDONLY, b);
+        if (b)
+                nflags = flags | BTRFS_SUBVOL_RDONLY;
+        else
+                nflags = flags & ~BTRFS_SUBVOL_RDONLY;
+
         if (flags == nflags)
                 return 0;
 

src/basic/btrfs-util.h

@@ -66,8 +66,6 @@ int btrfs_quota_scan_ongoing(int fd);
 int btrfs_subvol_make(const char *path);
 int btrfs_subvol_make_fd(int fd, const char *subvolume);
 
-int btrfs_subvol_make_fallback(const char *path, mode_t);
-
 int btrfs_subvol_snapshot_fd_full(int old_fd, const char *new_path, BtrfsSnapshotFlags flags, copy_progress_path_t progress_path, copy_progress_bytes_t progress_bytes, void *userdata);
 static inline int btrfs_subvol_snapshot_fd(int old_fd, const char *new_path, BtrfsSnapshotFlags flags) {
         return btrfs_subvol_snapshot_fd_full(old_fd, new_path, flags, NULL, NULL, NULL);

src/basic/fd-util.c

@@ -144,7 +144,11 @@ int fd_nonblock(int fd, bool nonblock) {
         if (flags < 0)
                 return -errno;
 
-        nflags = UPDATE_FLAG(flags, O_NONBLOCK, nonblock);
+        if (nonblock)
+                nflags = flags | O_NONBLOCK;
+        else
+                nflags = flags & ~O_NONBLOCK;
+
         if (nflags == flags)
                 return 0;
 
@@ -163,7 +167,11 @@ int fd_cloexec(int fd, bool cloexec) {
         if (flags < 0)
                 return -errno;
 
-        nflags = UPDATE_FLAG(flags, FD_CLOEXEC, cloexec);
+        if (cloexec)
+                nflags = flags | FD_CLOEXEC;
+        else
+                nflags = flags & ~FD_CLOEXEC;
+
         if (nflags == flags)
                 return 0;
 

src/basic/macro.h

@@ -451,10 +451,8 @@ static inline int __coverity_check_and_return__(int condition) {
                 ans;                                    \
         })
 
-#define UPDATE_FLAG(orig, flag, b)                      \
-        ((b) ? ((orig) | (flag)) : ((orig) & ~(flag)))
 #define SET_FLAG(v, flag, b) \
-        (v) = UPDATE_FLAG(v, flag, b)
+        (v) = (b) ? ((v) | (flag)) : ((v) & ~(flag))
 #define FLAGS_SET(v, flags) \
         ((~(v) & (flags)) == 0)
 

src/busctl/busctl.c

@@ -101,8 +101,7 @@ static int acquire_bus(bool set_monitor, sd_bus **ret) {
 
         r = sd_bus_set_watch_bind(bus, arg_watch_bind);
         if (r < 0)
-                return log_error_errno(r, "Failed to set watch-bind setting to '%s': %m",
+                return log_error_errno(r, "Failed to set watch-bind setting to '%s': %m", yes_no(arg_watch_bind));
-                                       yes_no(arg_watch_bind));
 
         if (arg_address)
                 r = sd_bus_set_address(bus, arg_address);
@@ -173,9 +172,7 @@ static int list_bus_names(int argc, char **argv, void *userdata) {
         if (r < 0)
                 return r;
 
-        r = sd_bus_list_names(bus,
+        r = sd_bus_list_names(bus, (arg_acquired || arg_unique) ? &acquired : NULL, arg_activatable ? &activatable : NULL);
-                              (arg_acquired || arg_unique) ? &acquired : NULL,
-                              arg_activatable ? &activatable : NULL);
         if (r < 0)
                 return log_error_errno(r, "Failed to list names: %m");
 
@@ -195,16 +192,7 @@ static int list_bus_names(int argc, char **argv, void *userdata) {
                         return log_error_errno(r, "Failed to add to hashmap: %m");
         }
 
-        table = table_new("activatable",
+        table = table_new("activatable", "name", "pid", "process", "user", "connection", "unit", "session", "description", "machine");
-                          "name",
-                          "pid",
-                          "process",
-                          "user",
-                          "connection",
-                          "unit",
-                          "session",
-                          "description",
-                          "machine");
         if (!table)
                 return log_oom();
 
@@ -366,11 +354,11 @@ static int list_bus_names(int argc, char **argv, void *userdata) {
                         return log_error_errno(r, "Failed to fill line: %m");
         }
 
+        if (IN_SET(arg_json, JSON_OFF, JSON_PRETTY))
                 (void) pager_open(arg_pager_flags);
 
         if (arg_json)
-                r = table_print_json(table, stdout,
+                r = table_print_json(table, stdout, (arg_json == JSON_PRETTY ? JSON_FORMAT_PRETTY : JSON_FORMAT_NEWLINE) | JSON_FORMAT_COLOR_AUTO);
-                                     (arg_json == JSON_PRETTY ? JSON_FORMAT_PRETTY : JSON_FORMAT_NEWLINE) | JSON_FORMAT_COLOR_AUTO);
         else
                 r = table_print(table, stdout);
         if (r < 0)
@@ -417,10 +405,7 @@ static void print_subtree(const char *prefix, const char *path, char **l) {
                         n++;
                 }
 
-                printf("%s%s%s\n",
+                printf("%s%s%s\n", prefix, special_glyph(has_more ? SPECIAL_GLYPH_TREE_BRANCH : SPECIAL_GLYPH_TREE_RIGHT), *l);
-                       prefix,
-                       special_glyph(has_more ? SPECIAL_GLYPH_TREE_BRANCH : SPECIAL_GLYPH_TREE_RIGHT),
-                       *l);
 
                 print_subtree(has_more ? vertical : space, *l, l);
                 l = n;
@@ -475,16 +460,12 @@ static int find_nodes(sd_bus *bus, const char *service, const char *path, Set *p
         const char *xml;
         int r;
 
-        r = sd_bus_call_method(bus, service, path,
+        r = sd_bus_call_method(bus, service, path, "org.freedesktop.DBus.Introspectable", "Introspect", &error, &reply, "");
-                               "org.freedesktop.DBus.Introspectable", "Introspect",
-                               &error, &reply, "");
         if (r < 0) {
                 if (many)
-                        printf("Failed to introspect object %s of service %s: %s\n",
+                        printf("Failed to introspect object %s of service %s: %s\n", path, service, bus_error_message(&error, r));
-                               path, service, bus_error_message(&error, r));
                 else
-                        log_error_errno(r, "Failed to introspect object %s of service %s: %s",
+                        log_error_errno(r, "Failed to introspect object %s of service %s: %s", path, service, bus_error_message(&error, r));
-                                        path, service, bus_error_message(&error, r));
                 return r;
         }
 
@@ -1013,12 +994,9 @@ static int introspect(int argc, char **argv, void *userdata) {
         if (!members)
                 return log_oom();
 
-        r = sd_bus_call_method(bus, argv[1], argv[2],
+        r = sd_bus_call_method(bus, argv[1], argv[2], "org.freedesktop.DBus.Introspectable", "Introspect", &error, &reply_xml, "");
-                               "org.freedesktop.DBus.Introspectable", "Introspect",
-                               &error, &reply_xml, "");
         if (r < 0)
-                return log_error_errno(r, "Failed to introspect object %s of service %s: %s",
+                return log_error_errno(r, "Failed to introspect object %s of service %s: %s", argv[2], argv[1], bus_error_message(&error, r));
-                                       argv[2], argv[1], bus_error_message(&error, r));
 
         r = sd_bus_message_read(reply_xml, "s", &xml);
         if (r < 0)
@@ -1026,7 +1004,6 @@ static int introspect(int argc, char **argv, void *userdata) {
 
         if (arg_xml_interface) {
                 /* Just dump the received XML and finish */
-                (void) pager_open(arg_pager_flags);
                 puts(xml);
                 return 0;
         }
@@ -1049,9 +1026,7 @@ static int introspect(int argc, char **argv, void *userdata) {
                 if (argv[3] && !streq(argv[3], m->interface))
                         continue;
 
-                r = sd_bus_call_method(bus, argv[1], argv[2],
+                r = sd_bus_call_method(bus, argv[1], argv[2], "org.freedesktop.DBus.Properties", "GetAll", &error, &reply, "s", m->interface);
-                                       "org.freedesktop.DBus.Properties", "GetAll",
-                                       &error, &reply, "s", m->interface);
                 if (r < 0)
                         return log_error_errno(r, "Failed to get all properties on interface %s: %s",
                                                m->interface, bus_error_message(&error, r));
@@ -1113,14 +1088,17 @@ static int introspect(int argc, char **argv, void *userdata) {
                         return bus_log_parse_error(r);
         }
 
-        name_width = strlen("NAME");
+        (void) pager_open(arg_pager_flags);
-        type_width = strlen("TYPE");
+
-        signature_width = strlen("SIGNATURE");
+        name_width = STRLEN("NAME");
-        result_width = strlen("RESULT/VALUE");
+        type_width = STRLEN("TYPE");
+        signature_width = STRLEN("SIGNATURE");
+        result_width = STRLEN("RESULT/VALUE");
 
         sorted = newa(Member*, set_size(members));
 
         SET_FOREACH(m, members, i) {
+
                 if (argv[3] && !streq(argv[3], m->interface))
                         continue;
 
@@ -1145,8 +1123,6 @@ static int introspect(int argc, char **argv, void *userdata) {
 
         typesafe_qsort(sorted, k, member_compare_funcp);
 
-        (void) pager_open(arg_pager_flags);
-
         if (arg_legend) {
                 printf("%-*s %-*s %-*s %-*s %s\n",
                        (int) name_width, "NAME",
@@ -1183,8 +1159,7 @@ static int introspect(int argc, char **argv, void *userdata) {
                 printf("%s%s%-*s%s %-*s %-*s %-*s%s%s%s%s%s%s\n",
                        is_interface ? ansi_highlight() : "",
                        is_interface ? "" : ".",
-                       - !is_interface + (int) name_width,
+                       - !is_interface + (int) name_width, empty_to_dash(streq_ptr(m->type, "interface") ? m->interface : m->name),
-                       empty_to_dash(streq_ptr(m->type, "interface") ? m->interface : m->name),
                        is_interface ? ansi_normal() : "",
                        (int) type_width, empty_to_dash(m->type),
                        (int) signature_width, empty_to_dash(m->signature),
@@ -1400,8 +1375,6 @@ static int status(int argc, char **argv, void *userdata) {
         if (r < 0)
                 return r;
 
-        (void) pager_open(arg_pager_flags);
-
         if (!isempty(argv[1])) {
                 r = parse_pid(argv[1], &pid);
                 if (r < 0)
@@ -1429,8 +1402,7 @@ static int status(int argc, char **argv, void *userdata) {
 
                 r = sd_bus_get_bus_id(bus, &bus_id);
                 if (r >= 0)
-                        printf("BusID=%s" SD_ID128_FORMAT_STR "%s\n",
+                        printf("BusID=%s" SD_ID128_FORMAT_STR "%s\n", ansi_highlight(), SD_ID128_FORMAT_VAL(bus_id), ansi_normal());
-                               ansi_highlight(), SD_ID128_FORMAT_VAL(bus_id), ansi_normal());
 
                 r = sd_bus_get_owner_creds(
                                 bus,
@@ -1590,6 +1562,7 @@ static int message_append_cmdline(sd_bus_message *m, const char *signature, char
                                 return log_error_errno(r, "Invalid array signature: %m");
 
                         {
+                                unsigned i;
                                 char s[k + 1];
                                 memcpy(s, signature, k);
                                 s[k] = 0;
@@ -1598,7 +1571,7 @@ static int message_append_cmdline(sd_bus_message *m, const char *signature, char
                                 if (r < 0)
                                         return bus_log_create_error(r);
 
-                                for (unsigned i = 0; i < n; i++) {
+                                for (i = 0; i < n; i++) {
                                         r = message_append_cmdline(m, s, &p);
                                         if (r < 0)
                                                 return r;
@@ -1639,9 +1612,7 @@ static int message_append_cmdline(sd_bus_message *m, const char *signature, char
                                 memcpy(s, signature + 1, k - 2);
                                 s[k - 2] = 0;
 
-                                const char ctype = t == SD_BUS_TYPE_STRUCT_BEGIN ?
+                                r = sd_bus_message_open_container(m, t == SD_BUS_TYPE_STRUCT_BEGIN ? SD_BUS_TYPE_STRUCT : SD_BUS_TYPE_DICT_ENTRY, s);
-                                        SD_BUS_TYPE_STRUCT : SD_BUS_TYPE_DICT_ENTRY;
-                                r = sd_bus_message_open_container(m, ctype, s);
                                 if (r < 0)
                                         return bus_log_create_error(r);
 
@@ -2062,8 +2033,7 @@ static int call(int argc, char **argv, void *userdata) {
                         return r;
 
                 if (*p)
-                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Too many parameters for signature.");
-                                               "Too many parameters for signature.");
         }
 
         if (!arg_expect_reply) {
@@ -2151,8 +2121,7 @@ static int emit_signal(int argc, char **argv, void *userdata) {
                         return r;
 
                 if (*p)
-                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Too many parameters for signature.");
-                                               "Too many parameters for signature.");
         }
 
         r = sd_bus_send(bus, m, NULL);
@@ -2177,9 +2146,7 @@ static int get_property(int argc, char **argv, void *userdata) {
                 const char *contents = NULL;
                 char type;
 
-                r = sd_bus_call_method(bus, argv[1], argv[2],
+                r = sd_bus_call_method(bus, argv[1], argv[2], "org.freedesktop.DBus.Properties", "Get", &error, &reply, "ss", argv[3], *i);
-                                       "org.freedesktop.DBus.Properties", "Get",
-                                       &error, &reply, "ss", argv[3], *i);
                 if (r < 0)
                         return log_error_errno(r, "Failed to get property %s on interface %s: %s",
                                                *i, argv[3],
@@ -2241,8 +2208,7 @@ static int set_property(int argc, char **argv, void *userdata) {
         if (r < 0)
                 return r;
 
-        r = sd_bus_message_new_method_call(bus, &m, argv[1], argv[2],
+        r = sd_bus_message_new_method_call(bus, &m, argv[1], argv[2], "org.freedesktop.DBus.Properties", "Set");
-                                           "org.freedesktop.DBus.Properties", "Set");
         if (r < 0)
                 return bus_log_create_error(r);
 

src/home/homework-luks.c

@@ -8,7 +8,6 @@
 
 #include "blkid-util.h"
 #include "blockdev-util.h"
-#include "btrfs-util.h"
 #include "chattr-util.h"
 #include "dm-util.h"
 #include "errno-util.h"
@@ -2038,10 +2037,8 @@ int home_create_luks(
                 goto fail;
         }
 
-        /* Prefer using a btrfs subvolume if we can, fall back to directory otherwise */
+        if (mkdir(subdir, 0700) < 0) {
-        r = btrfs_subvol_make_fallback(subdir, 0700);
+                r = log_error_errno(errno, "Failed to create user directory in mounted image file: %m");
-        if (r < 0) {
-                log_error_errno(r, "Failed to create user directory in mounted image file: %m");
                 goto fail;
         }
 

src/home/pam_systemd_home.c

@@ -877,6 +877,7 @@ _public_ PAM_EXTERN int pam_sm_chauthtok(
         if (FLAGS_SET(flags, PAM_PRELIM_CHECK))
                 return PAM_SUCCESS;
 
+
         old_secret = user_record_new();
         if (!old_secret)
                 return pam_log_oom(handle);

src/import/import-tar.c

@@ -220,10 +220,13 @@ static int tar_import_fork_tar(TarImport *i) {
 
         (void) mkdir_parents_label(i->temp_path, 0700);
 
-        r = btrfs_subvol_make_fallback(i->temp_path, 0755);
+        r = btrfs_subvol_make(i->temp_path);
-        if (r < 0)
+        if (r == -ENOTTY) {
-                return log_error_errno(r, "Failed to create directory/subvolume %s: %m", i->temp_path);
+                if (mkdir(i->temp_path, 0755) < 0)
-        if (r > 0) /* actually btrfs subvol */
+                        return log_error_errno(errno, "Failed to create directory %s: %m", i->temp_path);
+        } else if (r < 0)
+                return log_error_errno(r, "Failed to create subvolume %s: %m", i->temp_path);
+        else
                 (void) import_assign_pool_quota_and_warn(i->temp_path);
 
         i->tar_fd = import_fork_tar_x(i->temp_path, &i->tar_pid);

src/import/pull-tar.c

@@ -415,10 +415,13 @@ static int tar_pull_job_on_open_disk_tar(PullJob *j) {
 
         mkdir_parents_label(i->temp_path, 0700);
 
-        r = btrfs_subvol_make_fallback(i->temp_path, 0755);
+        r = btrfs_subvol_make(i->temp_path);
-        if (r < 0)
+        if (r == -ENOTTY) {
-                return log_error_errno(r, "Failed to create directory/subvolume %s: %m", i->temp_path);
+                if (mkdir(i->temp_path, 0755) < 0)
-        if (r > 0) /* actually btrfs subvol */
+                        return log_error_errno(errno, "Failed to create directory %s: %m", i->temp_path);
+        } else if (r < 0)
+                return log_error_errno(r, "Failed to create subvolume %s: %m", i->temp_path);
+        else
                 (void) import_assign_pool_quota_and_warn(i->temp_path);
 
         j->disk_fd = import_fork_tar_x(i->temp_path, &i->tar_pid);

src/login/logind-core.c

@@ -171,7 +171,7 @@ int manager_add_user_by_name(
         assert(m);
         assert(name);
 
-        r = userdb_by_name(name, USERDB_AVOID_SHADOW, &ur);
+        r = userdb_by_name(name, 0, &ur);
         if (r < 0)
                 return r;
 
@@ -189,7 +189,7 @@ int manager_add_user_by_uid(
         assert(m);
         assert(uid_is_valid(uid));
 
-        r = userdb_by_uid(uid, USERDB_AVOID_SHADOW, &ur);
+        r = userdb_by_uid(uid, 0, &ur);
         if (r < 0)
                 return r;
 

src/nss-systemd/nss-systemd.c

@@ -482,7 +482,7 @@ enum nss_status _nss_systemd_getgrent_r(
                                 }
                         }
 
-                        r = nss_group_record_by_name(group_name, false, &gr);
+                        r = nss_group_record_by_name(group_name, &gr);
                         if (r == -ESRCH)
                                 continue;
                         if (r < 0) {

src/nss-systemd/userdb-glue.c

@@ -251,7 +251,7 @@ enum nss_status userdb_getgrnam(
                 if (lock_fd < 0 && lock_fd != -EBUSY)
                         return lock_fd;
 
-                r = nss_group_record_by_name(name, false, &g);
+                r = nss_group_record_by_name(name, &g);
                 if (r == -ESRCH)
                         return NSS_STATUS_NOTFOUND;
                 if (r < 0) {
@@ -310,7 +310,7 @@ enum nss_status userdb_getgrgid(
                 if (lock_fd < 0 && lock_fd != -EBUSY)
                         return lock_fd;
 
-                r = nss_group_record_by_gid(gid, false, &g);
+                r = nss_group_record_by_gid(gid, &g);
                 if (r == -ESRCH)
                         return NSS_STATUS_NOTFOUND;
 

src/shared/efi-loader.c

@@ -135,7 +135,10 @@ int efi_set_reboot_to_firmware(bool value) {
         if (r < 0)
                 return r;
 
-        b_new = UPDATE_FLAG(b, EFI_OS_INDICATIONS_BOOT_TO_FW_UI, value);
+        if (value)
+                b_new = b | EFI_OS_INDICATIONS_BOOT_TO_FW_UI;
+        else
+                b_new = b & ~EFI_OS_INDICATIONS_BOOT_TO_FW_UI;
 
         /* Avoid writing to efi vars store if we can due to firmware bugs. */
         if (b != b_new)

src/shared/group-record-nss.c

@@ -106,16 +106,12 @@ int nss_sgrp_for_group(const struct group *grp, struct sgrp *ret_sgrp, char **re
         }
 }
 
-int nss_group_record_by_name(
+int nss_group_record_by_name(const char *name, GroupRecord **ret) {
-                const char *name,
-                bool with_shadow,
-                GroupRecord **ret) {
-
         _cleanup_free_ char *buf = NULL, *sbuf = NULL;
         struct group grp, *result;
         bool incomplete = false;
         size_t buflen = 4096;
-        struct sgrp sgrp, *sresult = NULL;
+        struct sgrp sgrp;
         int r;
 
         assert(name);
@@ -145,17 +141,13 @@ int nss_group_record_by_name(
                 buf = mfree(buf);
         }
 
-        if (with_shadow) {
         r = nss_sgrp_for_group(result, &sgrp, &sbuf);
         if (r < 0) {
                 log_debug_errno(r, "Failed to do shadow lookup for group %s, ignoring: %m", result->gr_name);
                 incomplete = ERRNO_IS_PRIVILEGE(r);
-                } else
+        }
-                        sresult = &sgrp;
-        } else
-                incomplete = true;
 
-        r = nss_group_to_group_record(result, sresult, ret);
+        r = nss_group_to_group_record(result, r >= 0 ? &sgrp : NULL, ret);
         if (r < 0)
                 return r;
 
@@ -163,16 +155,12 @@ int nss_group_record_by_name(
         return 0;
 }
 
-int nss_group_record_by_gid(
+int nss_group_record_by_gid(gid_t gid, GroupRecord **ret) {
-                gid_t gid,
-                bool with_shadow,
-                GroupRecord **ret) {
-
         _cleanup_free_ char *buf = NULL, *sbuf = NULL;
         struct group grp, *result;
         bool incomplete = false;
         size_t buflen = 4096;
-        struct sgrp sgrp, *sresult = NULL;
+        struct sgrp sgrp;
         int r;
 
         assert(ret);
@@ -200,17 +188,13 @@ int nss_group_record_by_gid(
                 buf = mfree(buf);
         }
 
-        if (with_shadow) {
         r = nss_sgrp_for_group(result, &sgrp, &sbuf);
         if (r < 0) {
                 log_debug_errno(r, "Failed to do shadow lookup for group %s, ignoring: %m", result->gr_name);
                 incomplete = ERRNO_IS_PRIVILEGE(r);
-                } else
+        }
-                        sresult = &sgrp;
-        } else
-                incomplete = true;
 
-        r = nss_group_to_group_record(result, sresult, ret);
+        r = nss_group_to_group_record(result, r >= 0 ? &sgrp : NULL, ret);
         if (r < 0)
                 return r;
 

src/shared/group-record-nss.h

@@ -11,5 +11,5 @@
 int nss_group_to_group_record(const struct group *grp, const struct sgrp *sgrp, GroupRecord **ret);
 int nss_sgrp_for_group(const struct group *grp, struct sgrp *ret_sgrp, char **ret_buffer);
 
-int nss_group_record_by_name(const char *name, bool with_shadow, GroupRecord **ret);
+int nss_group_record_by_name(const char *name, GroupRecord **ret);
-int nss_group_record_by_gid(gid_t gid, bool with_shadow, GroupRecord **ret);
+int nss_group_record_by_gid(gid_t gid, GroupRecord **ret);

src/shared/user-record-nss.c

@@ -161,16 +161,12 @@ int nss_spwd_for_passwd(const struct passwd *pwd, struct spwd *ret_spwd, char **
         }
 }
 
-int nss_user_record_by_name(
+int nss_user_record_by_name(const char *name, UserRecord **ret) {
-                const char *name,
-                bool with_shadow,
-                UserRecord **ret) {
-
         _cleanup_free_ char *buf = NULL, *sbuf = NULL;
         struct passwd pwd, *result;
         bool incomplete = false;
         size_t buflen = 4096;
-        struct spwd spwd, *sresult = NULL;
+        struct spwd spwd;
         int r;
 
         assert(name);
@@ -201,17 +197,13 @@ int nss_user_record_by_name(
                 buf = mfree(buf);
         }
 
-        if (with_shadow) {
         r = nss_spwd_for_passwd(result, &spwd, &sbuf);
         if (r < 0) {
                 log_debug_errno(r, "Failed to do shadow lookup for user %s, ignoring: %m", name);
                 incomplete = ERRNO_IS_PRIVILEGE(r);
-                } else
+        }
-                        sresult = &spwd;
-        } else
-                incomplete = true;
 
-        r = nss_passwd_to_user_record(result, sresult, ret);
+        r = nss_passwd_to_user_record(result, r >= 0 ? &spwd : NULL, ret);
         if (r < 0)
                 return r;
 
@@ -219,16 +211,12 @@ int nss_user_record_by_name(
         return 0;
 }
 
-int nss_user_record_by_uid(
+int nss_user_record_by_uid(uid_t uid, UserRecord **ret) {
-                uid_t uid,
-                bool with_shadow,
-                UserRecord **ret) {
-
         _cleanup_free_ char *buf = NULL, *sbuf = NULL;
         struct passwd pwd, *result;
         bool incomplete = false;
         size_t buflen = 4096;
-        struct spwd spwd, *sresult = NULL;
+        struct spwd spwd;
         int r;
 
         assert(ret);
@@ -257,17 +245,13 @@ int nss_user_record_by_uid(
                 buf = mfree(buf);
         }
 
-        if (with_shadow)  {
         r = nss_spwd_for_passwd(result, &spwd, &sbuf);
         if (r < 0) {
                 log_debug_errno(r, "Failed to do shadow lookup for UID " UID_FMT ", ignoring: %m", uid);
                 incomplete = ERRNO_IS_PRIVILEGE(r);
-                } else
+        }
-                        sresult = &spwd;
-        } else
-                incomplete = true;
 
-        r = nss_passwd_to_user_record(result, sresult, ret);
+        r = nss_passwd_to_user_record(result, r >= 0 ? &spwd : NULL, ret);
         if (r < 0)
                 return r;
 

src/shared/user-record-nss.h

@@ -11,5 +11,5 @@
 int nss_passwd_to_user_record(const struct passwd *pwd, const struct spwd *spwd, UserRecord **ret);
 int nss_spwd_for_passwd(const struct passwd *pwd, struct spwd *ret_spwd, char **ret_buffer);
 
-int nss_user_record_by_name(const char *name, bool with_shadow, UserRecord **ret);
+int nss_user_record_by_name(const char *name, UserRecord **ret);
-int nss_user_record_by_uid(uid_t uid, bool with_shadow, UserRecord **ret);
+int nss_user_record_by_uid(uid_t uid, UserRecord **ret);

src/shared/userdb.c

@@ -614,7 +614,7 @@ int userdb_by_name(const char *name, UserDBFlags flags, UserRecord **ret) {
                         iterator->nss_lock = r;
 
                         /* Client-side NSS fallback */
-                        r = nss_user_record_by_name(name, !FLAGS_SET(flags, USERDB_AVOID_SHADOW), ret);
+                        r = nss_user_record_by_name(name, ret);
                         if (r >= 0)
                                 return r;
                 }
@@ -661,7 +661,7 @@ int userdb_by_uid(uid_t uid, UserDBFlags flags, UserRecord **ret) {
                         iterator->nss_lock = r;
 
                         /* Client-side NSS fallback */
-                        r = nss_user_record_by_uid(uid, !FLAGS_SET(flags, USERDB_AVOID_SHADOW), ret);
+                        r = nss_user_record_by_uid(uid, ret);
                         if (r >= 0)
                                 return r;
                 }
@@ -819,7 +819,7 @@ int groupdb_by_name(const char *name, UserDBFlags flags, GroupRecord **ret) {
                 if (r >= 0 || r == -EBUSY) {
                         iterator->nss_lock = r;
 
-                        r = nss_group_record_by_name(name, !FLAGS_SET(flags, USERDB_AVOID_SHADOW), ret);
+                        r = nss_group_record_by_name(name, ret);
                         if (r >= 0)
                                 return r;
                 }
@@ -865,7 +865,7 @@ int groupdb_by_gid(gid_t gid, UserDBFlags flags, GroupRecord **ret) {
                 if (r >= 0 || r == -EBUSY) {
                         iterator->nss_lock = r;
 
-                        r = nss_group_record_by_gid(gid, !FLAGS_SET(flags, USERDB_AVOID_SHADOW), ret);
+                        r = nss_group_record_by_gid(gid, ret);
                         if (r >= 0)
                                 return r;
                 }
@@ -1046,7 +1046,7 @@ int membershipdb_by_group(const char *name, UserDBFlags flags, UserDBIterator **
                 return iterator->nss_lock;
 
         /* We ignore all errors here, since the group might be defined by a userdb native service, and we queried them already above. */
-        (void) nss_group_record_by_name(name, false, &gr);
+        (void) nss_group_record_by_name(name, &gr);
         if (gr) {
                 iterator->members_of_group = strv_copy(gr->members);
                 if (!iterator->members_of_group)

src/shared/userdb.h

@@ -16,10 +16,9 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(UserDBIterator*, userdb_iterator_free);
 
 typedef enum UserDBFlags {
         USERDB_AVOID_NSS          = 1 << 0,  /* don't do client-side nor server-side NSS */
-        USERDB_AVOID_SHADOW       = 1 << 1,  /* don't do client-side shadow calls (server side might happen though) */
+        USERDB_AVOID_DYNAMIC_USER = 1 << 1,  /* exclude looking up in io.systemd.DynamicUser */
-        USERDB_AVOID_DYNAMIC_USER = 1 << 2,  /* exclude looking up in io.systemd.DynamicUser */
+        USERDB_AVOID_MULTIPLEXER  = 1 << 2,  /* exclude looking up via io.systemd.Multiplexer */
-        USERDB_AVOID_MULTIPLEXER  = 1 << 3,  /* exclude looking up via io.systemd.Multiplexer */
+        USERDB_DONT_SYNTHESIZE    = 1 << 3,  /* don't synthesize root/nobody */
-        USERDB_DONT_SYNTHESIZE    = 1 << 4,  /* don't synthesize root/nobody */
 } UserDBFlags;
 
 int userdb_by_name(const char *name, UserDBFlags flags, UserRecord **ret);

src/userdb/userwork.c

@@ -137,9 +137,9 @@ static int vl_method_get_user_record(Varlink *link, JsonVariant *parameters, Var
 
         if (streq_ptr(p.service, "io.systemd.NameServiceSwitch")) {
                 if (uid_is_valid(p.uid))
-                        r = nss_user_record_by_uid(p.uid, true, &hr);
+                        r = nss_user_record_by_uid(p.uid, &hr);
                 else if (p.user_name)
-                        r = nss_user_record_by_name(p.user_name, true, &hr);
+                        r = nss_user_record_by_name(p.user_name, &hr);
                 else {
                         _cleanup_(json_variant_unrefp) JsonVariant *last = NULL;
 
@@ -324,9 +324,9 @@ static int vl_method_get_group_record(Varlink *link, JsonVariant *parameters, Va
         if (streq_ptr(p.service, "io.systemd.NameServiceSwitch")) {
 
                 if (gid_is_valid(p.gid))
-                        r = nss_group_record_by_gid(p.gid, true, &g);
+                        r = nss_group_record_by_gid(p.gid, &g);
                 else if (p.group_name)
-                        r = nss_group_record_by_name(p.group_name, true, &g);
+                        r = nss_group_record_by_name(p.group_name, &g);
                 else {
                         _cleanup_(json_variant_unrefp) JsonVariant *last = NULL;
 
@@ -467,7 +467,7 @@ static int vl_method_get_memberships(Varlink *link, JsonVariant *parameters, Var
                         const char *last = NULL;
                         char **i;
 
-                        r = nss_group_record_by_name(p.group_name, true, &g);
+                        r = nss_group_record_by_name(p.group_name, &g);
                         if (r == -ESRCH)
                                 return varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL);
                         if (r < 0)