From: Lennart Poettering Date: Tue, 7 Jul 2020 09:55:21 +0000 (+0200) Subject: docs: permit user/group services that do not support enumeration X-Git-Tag: v246-rc2~70^2~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=56870d324bb3210ba8712167f145a535d5d319d6;p=thirdparty%2Fsystemd.git docs: permit user/group services that do not support enumeration sssd people don't like enumeration and for some other cases it's not nice to support either, in particular when synthesizing records for container/userns UID/GID ranges. Hence, let's make enumeration optional. --- diff --git a/docs/USER_GROUP_API.md b/docs/USER_GROUP_API.md index ebff6e69034..55f6af7d8ea 100644 --- a/docs/USER_GROUP_API.md +++ b/docs/USER_GROUP_API.md @@ -185,6 +185,7 @@ error NoRecordFound() error BadService() error ServiceNotAvailable() error ConflictingRecordFound() +error EnumerationNotSupported() ``` The `GetUserRecord` method looks up or enumerates a user record. If the `uid` @@ -264,4 +265,11 @@ services. Result of this is that it can be one service that defines a user A, and another service that defines a group B, and a third service that declares that A is a member of B. +Looking up explicit users/groups by their name or UID/GID, or querying +user/group memberships must be supported by all services implementing these +interfaces. However, supporting enumeration (i.e. user/group lookups that may +result in more than one reply, because neither UID/GID nor name is specified) +is optional. Services which are asked for enumeration may return the +`EnumerationNotSupported` error in this case. + And that's really all there is to it. diff --git a/src/shared/userdb.c b/src/shared/userdb.c index 3fc333fd353..94120862dfb 100644 --- a/src/shared/userdb.c +++ b/src/shared/userdb.c @@ -156,6 +156,8 @@ static int userdb_on_query_reply( r = -ESRCH; else if (streq(error_id, "io.systemd.UserDatabase.ServiceNotAvailable")) r = -EHOSTDOWN; + else if (streq(error_id, "io.systemd.UserDatabase.EnumerationNotSupported")) + r = -EOPNOTSUPP; else if (streq(error_id, VARLINK_ERROR_TIMEOUT)) r = -ETIMEDOUT; else