Compare commits

..

No commits in common. "5fe63895b9cf8259c145a6e1df7c505835efae09" and "b05e122036b35eb16ba33c487bb0440f3985aaa5" have entirely different histories.

29 changed files with 148 additions and 224 deletions

View File

@ -1,6 +1,6 @@
---
title: Converting Existing Users to systemd-homed
category: Users, Groups and Home Directories
category: Interfaces
layout: default
---

View File

@ -1,6 +1,6 @@
---
title: JSON Group Records
category: Users, Groups and Home Directories
category: Interfaces
layout: default
---

View File

@ -1,6 +1,6 @@
---
title: Home Directories
category: Users, Groups and Home Directories
category: Concepts
layout: default
---

View File

@ -1,6 +1,6 @@
---
title: Users, Groups, UIDs and GIDs on systemd Systems
category: Users, Groups and Home Directories
category: Concepts
layout: default
---

View File

@ -1,6 +1,6 @@
---
title: systemd-homed and JSON User/Group Record Support in Desktop Environments
category: Users, Groups and Home Directories
category: Interfaces
layout: default
---

View File

@ -1,6 +1,6 @@
---
title: User/Group Record Lookup API via Varlink
category: Users, Groups and Home Directories
category: Interfaces
layout: default
---

View File

@ -1,6 +1,6 @@
---
title: User/Group Name Syntax
category: Users, Groups and Home Directories
category: Concepts
layout: default
---

View File

@ -1,6 +1,6 @@
---
title: JSON User Records
category: Users, Groups and Home Directories
category: Interfaces
layout: default
---

View File

@ -1930,9 +1930,10 @@
<varlistentry>
<term><varname>POP3Servers=</varname></term>
<listitem><para>Similar to the <varname>DNS=</varname> setting described above, this setting
configures whether and what POP3 server information shall be emitted as part of the DHCP lease. The
same syntax, propagation semantics and defaults apply as for
<listitem><para>Similar to the <varname>DNS=</varname> settings described above, these
settings configure whether and what POP3 server information shall be emitted as part of
the DHCP lease. The same syntax, propagation semantics and defaults apply as for
<term><varname>SMTPServers=</varname></term>
<varname>DNS=</varname>.</para></listitem>
</varlistentry>

View File

@ -160,31 +160,6 @@ int btrfs_subvol_make(const char *path) {
return btrfs_subvol_make_fd(fd, subvolume);
}
int btrfs_subvol_make_fallback(const char *path, mode_t mode) {
mode_t old, combined;
int r;
assert(path);
/* Let's work like mkdir(), i.e. take the specified mode, and mask it with the current umask. */
old = umask(~mode);
combined = old | ~mode;
if (combined != ~mode)
umask(combined);
r = btrfs_subvol_make(path);
umask(old);
if (r >= 0)
return 1; /* subvol worked */
if (r != -ENOTTY)
return r;
if (mkdir(path, mode) < 0)
return -errno;
return 0; /* plain directory */
}
int btrfs_subvol_set_read_only_fd(int fd, bool b) {
uint64_t flags, nflags;
struct stat st;
@ -200,7 +175,11 @@ int btrfs_subvol_set_read_only_fd(int fd, bool b) {
if (ioctl(fd, BTRFS_IOC_SUBVOL_GETFLAGS, &flags) < 0)
return -errno;
nflags = UPDATE_FLAG(flags, BTRFS_SUBVOL_RDONLY, b);
if (b)
nflags = flags | BTRFS_SUBVOL_RDONLY;
else
nflags = flags & ~BTRFS_SUBVOL_RDONLY;
if (flags == nflags)
return 0;

View File

@ -66,8 +66,6 @@ int btrfs_quota_scan_ongoing(int fd);
int btrfs_subvol_make(const char *path);
int btrfs_subvol_make_fd(int fd, const char *subvolume);
int btrfs_subvol_make_fallback(const char *path, mode_t);
int btrfs_subvol_snapshot_fd_full(int old_fd, const char *new_path, BtrfsSnapshotFlags flags, copy_progress_path_t progress_path, copy_progress_bytes_t progress_bytes, void *userdata);
static inline int btrfs_subvol_snapshot_fd(int old_fd, const char *new_path, BtrfsSnapshotFlags flags) {
return btrfs_subvol_snapshot_fd_full(old_fd, new_path, flags, NULL, NULL, NULL);

View File

@ -144,7 +144,11 @@ int fd_nonblock(int fd, bool nonblock) {
if (flags < 0)
return -errno;
nflags = UPDATE_FLAG(flags, O_NONBLOCK, nonblock);
if (nonblock)
nflags = flags | O_NONBLOCK;
else
nflags = flags & ~O_NONBLOCK;
if (nflags == flags)
return 0;
@ -163,7 +167,11 @@ int fd_cloexec(int fd, bool cloexec) {
if (flags < 0)
return -errno;
nflags = UPDATE_FLAG(flags, FD_CLOEXEC, cloexec);
if (cloexec)
nflags = flags | FD_CLOEXEC;
else
nflags = flags & ~FD_CLOEXEC;
if (nflags == flags)
return 0;

View File

@ -451,10 +451,8 @@ static inline int __coverity_check_and_return__(int condition) {
ans; \
})
#define UPDATE_FLAG(orig, flag, b) \
((b) ? ((orig) | (flag)) : ((orig) & ~(flag)))
#define SET_FLAG(v, flag, b) \
(v) = UPDATE_FLAG(v, flag, b)
(v) = (b) ? ((v) | (flag)) : ((v) & ~(flag))
#define FLAGS_SET(v, flags) \
((~(v) & (flags)) == 0)

View File

@ -101,8 +101,7 @@ static int acquire_bus(bool set_monitor, sd_bus **ret) {
r = sd_bus_set_watch_bind(bus, arg_watch_bind);
if (r < 0)
return log_error_errno(r, "Failed to set watch-bind setting to '%s': %m",
yes_no(arg_watch_bind));
return log_error_errno(r, "Failed to set watch-bind setting to '%s': %m", yes_no(arg_watch_bind));
if (arg_address)
r = sd_bus_set_address(bus, arg_address);
@ -173,9 +172,7 @@ static int list_bus_names(int argc, char **argv, void *userdata) {
if (r < 0)
return r;
r = sd_bus_list_names(bus,
(arg_acquired || arg_unique) ? &acquired : NULL,
arg_activatable ? &activatable : NULL);
r = sd_bus_list_names(bus, (arg_acquired || arg_unique) ? &acquired : NULL, arg_activatable ? &activatable : NULL);
if (r < 0)
return log_error_errno(r, "Failed to list names: %m");
@ -195,16 +192,7 @@ static int list_bus_names(int argc, char **argv, void *userdata) {
return log_error_errno(r, "Failed to add to hashmap: %m");
}
table = table_new("activatable",
"name",
"pid",
"process",
"user",
"connection",
"unit",
"session",
"description",
"machine");
table = table_new("activatable", "name", "pid", "process", "user", "connection", "unit", "session", "description", "machine");
if (!table)
return log_oom();
@ -366,11 +354,11 @@ static int list_bus_names(int argc, char **argv, void *userdata) {
return log_error_errno(r, "Failed to fill line: %m");
}
if (IN_SET(arg_json, JSON_OFF, JSON_PRETTY))
(void) pager_open(arg_pager_flags);
if (arg_json)
r = table_print_json(table, stdout,
(arg_json == JSON_PRETTY ? JSON_FORMAT_PRETTY : JSON_FORMAT_NEWLINE) | JSON_FORMAT_COLOR_AUTO);
r = table_print_json(table, stdout, (arg_json == JSON_PRETTY ? JSON_FORMAT_PRETTY : JSON_FORMAT_NEWLINE) | JSON_FORMAT_COLOR_AUTO);
else
r = table_print(table, stdout);
if (r < 0)
@ -417,10 +405,7 @@ static void print_subtree(const char *prefix, const char *path, char **l) {
n++;
}
printf("%s%s%s\n",
prefix,
special_glyph(has_more ? SPECIAL_GLYPH_TREE_BRANCH : SPECIAL_GLYPH_TREE_RIGHT),
*l);
printf("%s%s%s\n", prefix, special_glyph(has_more ? SPECIAL_GLYPH_TREE_BRANCH : SPECIAL_GLYPH_TREE_RIGHT), *l);
print_subtree(has_more ? vertical : space, *l, l);
l = n;
@ -475,16 +460,12 @@ static int find_nodes(sd_bus *bus, const char *service, const char *path, Set *p
const char *xml;
int r;
r = sd_bus_call_method(bus, service, path,
"org.freedesktop.DBus.Introspectable", "Introspect",
&error, &reply, "");
r = sd_bus_call_method(bus, service, path, "org.freedesktop.DBus.Introspectable", "Introspect", &error, &reply, "");
if (r < 0) {
if (many)
printf("Failed to introspect object %s of service %s: %s\n",
path, service, bus_error_message(&error, r));
printf("Failed to introspect object %s of service %s: %s\n", path, service, bus_error_message(&error, r));
else
log_error_errno(r, "Failed to introspect object %s of service %s: %s",
path, service, bus_error_message(&error, r));
log_error_errno(r, "Failed to introspect object %s of service %s: %s", path, service, bus_error_message(&error, r));
return r;
}
@ -1013,12 +994,9 @@ static int introspect(int argc, char **argv, void *userdata) {
if (!members)
return log_oom();
r = sd_bus_call_method(bus, argv[1], argv[2],
"org.freedesktop.DBus.Introspectable", "Introspect",
&error, &reply_xml, "");
r = sd_bus_call_method(bus, argv[1], argv[2], "org.freedesktop.DBus.Introspectable", "Introspect", &error, &reply_xml, "");
if (r < 0)
return log_error_errno(r, "Failed to introspect object %s of service %s: %s",
argv[2], argv[1], bus_error_message(&error, r));
return log_error_errno(r, "Failed to introspect object %s of service %s: %s", argv[2], argv[1], bus_error_message(&error, r));
r = sd_bus_message_read(reply_xml, "s", &xml);
if (r < 0)
@ -1026,7 +1004,6 @@ static int introspect(int argc, char **argv, void *userdata) {
if (arg_xml_interface) {
/* Just dump the received XML and finish */
(void) pager_open(arg_pager_flags);
puts(xml);
return 0;
}
@ -1049,9 +1026,7 @@ static int introspect(int argc, char **argv, void *userdata) {
if (argv[3] && !streq(argv[3], m->interface))
continue;
r = sd_bus_call_method(bus, argv[1], argv[2],
"org.freedesktop.DBus.Properties", "GetAll",
&error, &reply, "s", m->interface);
r = sd_bus_call_method(bus, argv[1], argv[2], "org.freedesktop.DBus.Properties", "GetAll", &error, &reply, "s", m->interface);
if (r < 0)
return log_error_errno(r, "Failed to get all properties on interface %s: %s",
m->interface, bus_error_message(&error, r));
@ -1113,14 +1088,17 @@ static int introspect(int argc, char **argv, void *userdata) {
return bus_log_parse_error(r);
}
name_width = strlen("NAME");
type_width = strlen("TYPE");
signature_width = strlen("SIGNATURE");
result_width = strlen("RESULT/VALUE");
(void) pager_open(arg_pager_flags);
name_width = STRLEN("NAME");
type_width = STRLEN("TYPE");
signature_width = STRLEN("SIGNATURE");
result_width = STRLEN("RESULT/VALUE");
sorted = newa(Member*, set_size(members));
SET_FOREACH(m, members, i) {
if (argv[3] && !streq(argv[3], m->interface))
continue;
@ -1145,8 +1123,6 @@ static int introspect(int argc, char **argv, void *userdata) {
typesafe_qsort(sorted, k, member_compare_funcp);
(void) pager_open(arg_pager_flags);
if (arg_legend) {
printf("%-*s %-*s %-*s %-*s %s\n",
(int) name_width, "NAME",
@ -1183,8 +1159,7 @@ static int introspect(int argc, char **argv, void *userdata) {
printf("%s%s%-*s%s %-*s %-*s %-*s%s%s%s%s%s%s\n",
is_interface ? ansi_highlight() : "",
is_interface ? "" : ".",
- !is_interface + (int) name_width,
empty_to_dash(streq_ptr(m->type, "interface") ? m->interface : m->name),
- !is_interface + (int) name_width, empty_to_dash(streq_ptr(m->type, "interface") ? m->interface : m->name),
is_interface ? ansi_normal() : "",
(int) type_width, empty_to_dash(m->type),
(int) signature_width, empty_to_dash(m->signature),
@ -1400,8 +1375,6 @@ static int status(int argc, char **argv, void *userdata) {
if (r < 0)
return r;
(void) pager_open(arg_pager_flags);
if (!isempty(argv[1])) {
r = parse_pid(argv[1], &pid);
if (r < 0)
@ -1429,8 +1402,7 @@ static int status(int argc, char **argv, void *userdata) {
r = sd_bus_get_bus_id(bus, &bus_id);
if (r >= 0)
printf("BusID=%s" SD_ID128_FORMAT_STR "%s\n",
ansi_highlight(), SD_ID128_FORMAT_VAL(bus_id), ansi_normal());
printf("BusID=%s" SD_ID128_FORMAT_STR "%s\n", ansi_highlight(), SD_ID128_FORMAT_VAL(bus_id), ansi_normal());
r = sd_bus_get_owner_creds(
bus,
@ -1590,6 +1562,7 @@ static int message_append_cmdline(sd_bus_message *m, const char *signature, char
return log_error_errno(r, "Invalid array signature: %m");
{
unsigned i;
char s[k + 1];
memcpy(s, signature, k);
s[k] = 0;
@ -1598,7 +1571,7 @@ static int message_append_cmdline(sd_bus_message *m, const char *signature, char
if (r < 0)
return bus_log_create_error(r);
for (unsigned i = 0; i < n; i++) {
for (i = 0; i < n; i++) {
r = message_append_cmdline(m, s, &p);
if (r < 0)
return r;
@ -1639,9 +1612,7 @@ static int message_append_cmdline(sd_bus_message *m, const char *signature, char
memcpy(s, signature + 1, k - 2);
s[k - 2] = 0;
const char ctype = t == SD_BUS_TYPE_STRUCT_BEGIN ?
SD_BUS_TYPE_STRUCT : SD_BUS_TYPE_DICT_ENTRY;
r = sd_bus_message_open_container(m, ctype, s);
r = sd_bus_message_open_container(m, t == SD_BUS_TYPE_STRUCT_BEGIN ? SD_BUS_TYPE_STRUCT : SD_BUS_TYPE_DICT_ENTRY, s);
if (r < 0)
return bus_log_create_error(r);
@ -2062,8 +2033,7 @@ static int call(int argc, char **argv, void *userdata) {
return r;
if (*p)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Too many parameters for signature.");
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Too many parameters for signature.");
}
if (!arg_expect_reply) {
@ -2151,8 +2121,7 @@ static int emit_signal(int argc, char **argv, void *userdata) {
return r;
if (*p)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Too many parameters for signature.");
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Too many parameters for signature.");
}
r = sd_bus_send(bus, m, NULL);
@ -2177,9 +2146,7 @@ static int get_property(int argc, char **argv, void *userdata) {
const char *contents = NULL;
char type;
r = sd_bus_call_method(bus, argv[1], argv[2],
"org.freedesktop.DBus.Properties", "Get",
&error, &reply, "ss", argv[3], *i);
r = sd_bus_call_method(bus, argv[1], argv[2], "org.freedesktop.DBus.Properties", "Get", &error, &reply, "ss", argv[3], *i);
if (r < 0)
return log_error_errno(r, "Failed to get property %s on interface %s: %s",
*i, argv[3],
@ -2241,8 +2208,7 @@ static int set_property(int argc, char **argv, void *userdata) {
if (r < 0)
return r;
r = sd_bus_message_new_method_call(bus, &m, argv[1], argv[2],
"org.freedesktop.DBus.Properties", "Set");
r = sd_bus_message_new_method_call(bus, &m, argv[1], argv[2], "org.freedesktop.DBus.Properties", "Set");
if (r < 0)
return bus_log_create_error(r);

View File

@ -8,7 +8,6 @@
#include "blkid-util.h"
#include "blockdev-util.h"
#include "btrfs-util.h"
#include "chattr-util.h"
#include "dm-util.h"
#include "errno-util.h"
@ -2038,10 +2037,8 @@ int home_create_luks(
goto fail;
}
/* Prefer using a btrfs subvolume if we can, fall back to directory otherwise */
r = btrfs_subvol_make_fallback(subdir, 0700);
if (r < 0) {
log_error_errno(r, "Failed to create user directory in mounted image file: %m");
if (mkdir(subdir, 0700) < 0) {
r = log_error_errno(errno, "Failed to create user directory in mounted image file: %m");
goto fail;
}

View File

@ -877,6 +877,7 @@ _public_ PAM_EXTERN int pam_sm_chauthtok(
if (FLAGS_SET(flags, PAM_PRELIM_CHECK))
return PAM_SUCCESS;
old_secret = user_record_new();
if (!old_secret)
return pam_log_oom(handle);

View File

@ -220,10 +220,13 @@ static int tar_import_fork_tar(TarImport *i) {
(void) mkdir_parents_label(i->temp_path, 0700);
r = btrfs_subvol_make_fallback(i->temp_path, 0755);
if (r < 0)
return log_error_errno(r, "Failed to create directory/subvolume %s: %m", i->temp_path);
if (r > 0) /* actually btrfs subvol */
r = btrfs_subvol_make(i->temp_path);
if (r == -ENOTTY) {
if (mkdir(i->temp_path, 0755) < 0)
return log_error_errno(errno, "Failed to create directory %s: %m", i->temp_path);
} else if (r < 0)
return log_error_errno(r, "Failed to create subvolume %s: %m", i->temp_path);
else
(void) import_assign_pool_quota_and_warn(i->temp_path);
i->tar_fd = import_fork_tar_x(i->temp_path, &i->tar_pid);

View File

@ -415,10 +415,13 @@ static int tar_pull_job_on_open_disk_tar(PullJob *j) {
mkdir_parents_label(i->temp_path, 0700);
r = btrfs_subvol_make_fallback(i->temp_path, 0755);
if (r < 0)
return log_error_errno(r, "Failed to create directory/subvolume %s: %m", i->temp_path);
if (r > 0) /* actually btrfs subvol */
r = btrfs_subvol_make(i->temp_path);
if (r == -ENOTTY) {
if (mkdir(i->temp_path, 0755) < 0)
return log_error_errno(errno, "Failed to create directory %s: %m", i->temp_path);
} else if (r < 0)
return log_error_errno(r, "Failed to create subvolume %s: %m", i->temp_path);
else
(void) import_assign_pool_quota_and_warn(i->temp_path);
j->disk_fd = import_fork_tar_x(i->temp_path, &i->tar_pid);

View File

@ -171,7 +171,7 @@ int manager_add_user_by_name(
assert(m);
assert(name);
r = userdb_by_name(name, USERDB_AVOID_SHADOW, &ur);
r = userdb_by_name(name, 0, &ur);
if (r < 0)
return r;
@ -189,7 +189,7 @@ int manager_add_user_by_uid(
assert(m);
assert(uid_is_valid(uid));
r = userdb_by_uid(uid, USERDB_AVOID_SHADOW, &ur);
r = userdb_by_uid(uid, 0, &ur);
if (r < 0)
return r;

View File

@ -482,7 +482,7 @@ enum nss_status _nss_systemd_getgrent_r(
}
}
r = nss_group_record_by_name(group_name, false, &gr);
r = nss_group_record_by_name(group_name, &gr);
if (r == -ESRCH)
continue;
if (r < 0) {

View File

@ -251,7 +251,7 @@ enum nss_status userdb_getgrnam(
if (lock_fd < 0 && lock_fd != -EBUSY)
return lock_fd;
r = nss_group_record_by_name(name, false, &g);
r = nss_group_record_by_name(name, &g);
if (r == -ESRCH)
return NSS_STATUS_NOTFOUND;
if (r < 0) {
@ -310,7 +310,7 @@ enum nss_status userdb_getgrgid(
if (lock_fd < 0 && lock_fd != -EBUSY)
return lock_fd;
r = nss_group_record_by_gid(gid, false, &g);
r = nss_group_record_by_gid(gid, &g);
if (r == -ESRCH)
return NSS_STATUS_NOTFOUND;

View File

@ -135,7 +135,10 @@ int efi_set_reboot_to_firmware(bool value) {
if (r < 0)
return r;
b_new = UPDATE_FLAG(b, EFI_OS_INDICATIONS_BOOT_TO_FW_UI, value);
if (value)
b_new = b | EFI_OS_INDICATIONS_BOOT_TO_FW_UI;
else
b_new = b & ~EFI_OS_INDICATIONS_BOOT_TO_FW_UI;
/* Avoid writing to efi vars store if we can due to firmware bugs. */
if (b != b_new)

View File

@ -106,16 +106,12 @@ int nss_sgrp_for_group(const struct group *grp, struct sgrp *ret_sgrp, char **re
}
}
int nss_group_record_by_name(
const char *name,
bool with_shadow,
GroupRecord **ret) {
int nss_group_record_by_name(const char *name, GroupRecord **ret) {
_cleanup_free_ char *buf = NULL, *sbuf = NULL;
struct group grp, *result;
bool incomplete = false;
size_t buflen = 4096;
struct sgrp sgrp, *sresult = NULL;
struct sgrp sgrp;
int r;
assert(name);
@ -145,17 +141,13 @@ int nss_group_record_by_name(
buf = mfree(buf);
}
if (with_shadow) {
r = nss_sgrp_for_group(result, &sgrp, &sbuf);
if (r < 0) {
log_debug_errno(r, "Failed to do shadow lookup for group %s, ignoring: %m", result->gr_name);
incomplete = ERRNO_IS_PRIVILEGE(r);
} else
sresult = &sgrp;
} else
incomplete = true;
}
r = nss_group_to_group_record(result, sresult, ret);
r = nss_group_to_group_record(result, r >= 0 ? &sgrp : NULL, ret);
if (r < 0)
return r;
@ -163,16 +155,12 @@ int nss_group_record_by_name(
return 0;
}
int nss_group_record_by_gid(
gid_t gid,
bool with_shadow,
GroupRecord **ret) {
int nss_group_record_by_gid(gid_t gid, GroupRecord **ret) {
_cleanup_free_ char *buf = NULL, *sbuf = NULL;
struct group grp, *result;
bool incomplete = false;
size_t buflen = 4096;
struct sgrp sgrp, *sresult = NULL;
struct sgrp sgrp;
int r;
assert(ret);
@ -200,17 +188,13 @@ int nss_group_record_by_gid(
buf = mfree(buf);
}
if (with_shadow) {
r = nss_sgrp_for_group(result, &sgrp, &sbuf);
if (r < 0) {
log_debug_errno(r, "Failed to do shadow lookup for group %s, ignoring: %m", result->gr_name);
incomplete = ERRNO_IS_PRIVILEGE(r);
} else
sresult = &sgrp;
} else
incomplete = true;
}
r = nss_group_to_group_record(result, sresult, ret);
r = nss_group_to_group_record(result, r >= 0 ? &sgrp : NULL, ret);
if (r < 0)
return r;

View File

@ -11,5 +11,5 @@
int nss_group_to_group_record(const struct group *grp, const struct sgrp *sgrp, GroupRecord **ret);
int nss_sgrp_for_group(const struct group *grp, struct sgrp *ret_sgrp, char **ret_buffer);
int nss_group_record_by_name(const char *name, bool with_shadow, GroupRecord **ret);
int nss_group_record_by_gid(gid_t gid, bool with_shadow, GroupRecord **ret);
int nss_group_record_by_name(const char *name, GroupRecord **ret);
int nss_group_record_by_gid(gid_t gid, GroupRecord **ret);

View File

@ -161,16 +161,12 @@ int nss_spwd_for_passwd(const struct passwd *pwd, struct spwd *ret_spwd, char **
}
}
int nss_user_record_by_name(
const char *name,
bool with_shadow,
UserRecord **ret) {
int nss_user_record_by_name(const char *name, UserRecord **ret) {
_cleanup_free_ char *buf = NULL, *sbuf = NULL;
struct passwd pwd, *result;
bool incomplete = false;
size_t buflen = 4096;
struct spwd spwd, *sresult = NULL;
struct spwd spwd;
int r;
assert(name);
@ -201,17 +197,13 @@ int nss_user_record_by_name(
buf = mfree(buf);
}
if (with_shadow) {
r = nss_spwd_for_passwd(result, &spwd, &sbuf);
if (r < 0) {
log_debug_errno(r, "Failed to do shadow lookup for user %s, ignoring: %m", name);
incomplete = ERRNO_IS_PRIVILEGE(r);
} else
sresult = &spwd;
} else
incomplete = true;
}
r = nss_passwd_to_user_record(result, sresult, ret);
r = nss_passwd_to_user_record(result, r >= 0 ? &spwd : NULL, ret);
if (r < 0)
return r;
@ -219,16 +211,12 @@ int nss_user_record_by_name(
return 0;
}
int nss_user_record_by_uid(
uid_t uid,
bool with_shadow,
UserRecord **ret) {
int nss_user_record_by_uid(uid_t uid, UserRecord **ret) {
_cleanup_free_ char *buf = NULL, *sbuf = NULL;
struct passwd pwd, *result;
bool incomplete = false;
size_t buflen = 4096;
struct spwd spwd, *sresult = NULL;
struct spwd spwd;
int r;
assert(ret);
@ -257,17 +245,13 @@ int nss_user_record_by_uid(
buf = mfree(buf);
}
if (with_shadow) {
r = nss_spwd_for_passwd(result, &spwd, &sbuf);
if (r < 0) {
log_debug_errno(r, "Failed to do shadow lookup for UID " UID_FMT ", ignoring: %m", uid);
incomplete = ERRNO_IS_PRIVILEGE(r);
} else
sresult = &spwd;
} else
incomplete = true;
}
r = nss_passwd_to_user_record(result, sresult, ret);
r = nss_passwd_to_user_record(result, r >= 0 ? &spwd : NULL, ret);
if (r < 0)
return r;

View File

@ -11,5 +11,5 @@
int nss_passwd_to_user_record(const struct passwd *pwd, const struct spwd *spwd, UserRecord **ret);
int nss_spwd_for_passwd(const struct passwd *pwd, struct spwd *ret_spwd, char **ret_buffer);
int nss_user_record_by_name(const char *name, bool with_shadow, UserRecord **ret);
int nss_user_record_by_uid(uid_t uid, bool with_shadow, UserRecord **ret);
int nss_user_record_by_name(const char *name, UserRecord **ret);
int nss_user_record_by_uid(uid_t uid, UserRecord **ret);

View File

@ -614,7 +614,7 @@ int userdb_by_name(const char *name, UserDBFlags flags, UserRecord **ret) {
iterator->nss_lock = r;
/* Client-side NSS fallback */
r = nss_user_record_by_name(name, !FLAGS_SET(flags, USERDB_AVOID_SHADOW), ret);
r = nss_user_record_by_name(name, ret);
if (r >= 0)
return r;
}
@ -661,7 +661,7 @@ int userdb_by_uid(uid_t uid, UserDBFlags flags, UserRecord **ret) {
iterator->nss_lock = r;
/* Client-side NSS fallback */
r = nss_user_record_by_uid(uid, !FLAGS_SET(flags, USERDB_AVOID_SHADOW), ret);
r = nss_user_record_by_uid(uid, ret);
if (r >= 0)
return r;
}
@ -819,7 +819,7 @@ int groupdb_by_name(const char *name, UserDBFlags flags, GroupRecord **ret) {
if (r >= 0 || r == -EBUSY) {
iterator->nss_lock = r;
r = nss_group_record_by_name(name, !FLAGS_SET(flags, USERDB_AVOID_SHADOW), ret);
r = nss_group_record_by_name(name, ret);
if (r >= 0)
return r;
}
@ -865,7 +865,7 @@ int groupdb_by_gid(gid_t gid, UserDBFlags flags, GroupRecord **ret) {
if (r >= 0 || r == -EBUSY) {
iterator->nss_lock = r;
r = nss_group_record_by_gid(gid, !FLAGS_SET(flags, USERDB_AVOID_SHADOW), ret);
r = nss_group_record_by_gid(gid, ret);
if (r >= 0)
return r;
}
@ -1046,7 +1046,7 @@ int membershipdb_by_group(const char *name, UserDBFlags flags, UserDBIterator **
return iterator->nss_lock;
/* We ignore all errors here, since the group might be defined by a userdb native service, and we queried them already above. */
(void) nss_group_record_by_name(name, false, &gr);
(void) nss_group_record_by_name(name, &gr);
if (gr) {
iterator->members_of_group = strv_copy(gr->members);
if (!iterator->members_of_group)

View File

@ -16,10 +16,9 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(UserDBIterator*, userdb_iterator_free);
typedef enum UserDBFlags {
USERDB_AVOID_NSS = 1 << 0, /* don't do client-side nor server-side NSS */
USERDB_AVOID_SHADOW = 1 << 1, /* don't do client-side shadow calls (server side might happen though) */
USERDB_AVOID_DYNAMIC_USER = 1 << 2, /* exclude looking up in io.systemd.DynamicUser */
USERDB_AVOID_MULTIPLEXER = 1 << 3, /* exclude looking up via io.systemd.Multiplexer */
USERDB_DONT_SYNTHESIZE = 1 << 4, /* don't synthesize root/nobody */
USERDB_AVOID_DYNAMIC_USER = 1 << 1, /* exclude looking up in io.systemd.DynamicUser */
USERDB_AVOID_MULTIPLEXER = 1 << 2, /* exclude looking up via io.systemd.Multiplexer */
USERDB_DONT_SYNTHESIZE = 1 << 3, /* don't synthesize root/nobody */
} UserDBFlags;
int userdb_by_name(const char *name, UserDBFlags flags, UserRecord **ret);

View File

@ -137,9 +137,9 @@ static int vl_method_get_user_record(Varlink *link, JsonVariant *parameters, Var
if (streq_ptr(p.service, "io.systemd.NameServiceSwitch")) {
if (uid_is_valid(p.uid))
r = nss_user_record_by_uid(p.uid, true, &hr);
r = nss_user_record_by_uid(p.uid, &hr);
else if (p.user_name)
r = nss_user_record_by_name(p.user_name, true, &hr);
r = nss_user_record_by_name(p.user_name, &hr);
else {
_cleanup_(json_variant_unrefp) JsonVariant *last = NULL;
@ -324,9 +324,9 @@ static int vl_method_get_group_record(Varlink *link, JsonVariant *parameters, Va
if (streq_ptr(p.service, "io.systemd.NameServiceSwitch")) {
if (gid_is_valid(p.gid))
r = nss_group_record_by_gid(p.gid, true, &g);
r = nss_group_record_by_gid(p.gid, &g);
else if (p.group_name)
r = nss_group_record_by_name(p.group_name, true, &g);
r = nss_group_record_by_name(p.group_name, &g);
else {
_cleanup_(json_variant_unrefp) JsonVariant *last = NULL;
@ -467,7 +467,7 @@ static int vl_method_get_memberships(Varlink *link, JsonVariant *parameters, Var
const char *last = NULL;
char **i;
r = nss_group_record_by_name(p.group_name, true, &g);
r = nss_group_record_by_name(p.group_name, &g);
if (r == -ESRCH)
return varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL);
if (r < 0)