]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 16a4a2f)
docs: permit user/group services that do not support enumeration
authorLennart Poettering <lennart@poettering.net>
Tue, 7 Jul 2020 09:55:21 +0000 (11:55 +0200)
committerLennart Poettering <lennart@poettering.net>
Tue, 14 Jul 2020 14:44:52 +0000 (16:44 +0200)
sssd people don't like enumeration and for some other cases it's not
nice to support either, in particular when synthesizing records for
container/userns UID/GID ranges.

Hence, let's make enumeration optional.

docs/USER_GROUP_API.md patch | blob | blame | history
src/shared/userdb.c patch | blob | blame | history

diff --git a/docs/USER_GROUP_API.md b/docs/USER_GROUP_API.md
index ebff6e69034fb7baa0744acd8104376e10c1b2ed..55f6af7d8ea534052ec467bc5a1ef516f22195e6 100644 (file)
--- a/docs/USER_GROUP_API.md
+++ b/docs/USER_GROUP_API.md
@@ -185,6 +185,7 @@ error NoRecordFound()
 error BadService()
 error ServiceNotAvailable()
 error ConflictingRecordFound()
+error EnumerationNotSupported()
 ```
 
 The `GetUserRecord` method looks up or enumerates a user record. If the `uid`
@@ -264,4 +265,11 @@ services. Result of this is that it can be one service that defines a user A,
 and another service that defines a group B, and a third service that declares
 that A is a member of B.
 
+Looking up explicit users/groups by their name or UID/GID, or querying
+user/group memberships must be supported by all services implementing these
+interfaces. However, supporting enumeration (i.e. user/group lookups that may
+result in more than one reply, because neither UID/GID nor name is specified)
+is optional. Services which are asked for enumeration may return the
+`EnumerationNotSupported` error in this case.
+
 And that's really all there is to it.
diff --git a/src/shared/userdb.c b/src/shared/userdb.c
index 3fc333fd3538f4fa83305f1fa754f63813ef1f22..94120862dfb3002760cee0b176570a31e36018b0 100644 (file)
--- a/src/shared/userdb.c
+++ b/src/shared/userdb.c
@@ -156,6 +156,8 @@ static int userdb_on_query_reply(
                         r = -ESRCH;
                 else if (streq(error_id, "io.systemd.UserDatabase.ServiceNotAvailable"))
                         r = -EHOSTDOWN;
+                else if (streq(error_id, "io.systemd.UserDatabase.EnumerationNotSupported"))
+                        r = -EOPNOTSUPP;
                 else if (streq(error_id, VARLINK_ERROR_TIMEOUT))
                         r = -ETIMEDOUT;
                 else
Unnamed repository; edit this file 'description' to name the repository.