userdb: rename userdb lookup flags a bit

Let's use "exclude" for flags that really exclude records from our
lookup. Let's use "avoid" referring to concepts that when flag is set
we'll not use but we have a fallback path for that should yield the same
result. Let' use "suppress" for suppressing partial info, even if we
return the record otherwise.

So far we used "avoid" for all these cases, which was confusing.

Whiel we are at it, let's reassign the bits a bit, leaving some space
for bits follow-up commits are going to add.

diff --git a/src/login/logind-core.c b/src/login/logind-core.c
index cd3a37420123fae987893da4543dcf6c47dfc73e..22031f485a0109abdb6c5964b6efc095a0dc6334 100644 (file)
--- a/src/login/logind-core.c
+++ b/src/login/logind-core.c
@@ -176,7 +176,7 @@ int manager_add_user_by_name(
         assert(m);
         assert(name);
 
-        r = userdb_by_name(name, USERDB_AVOID_SHADOW, &ur);
+        r = userdb_by_name(name, USERDB_SUPPRESS_SHADOW, &ur);
         if (r < 0)
                 return r;
 
@@ -194,7 +194,7 @@ int manager_add_user_by_uid(
         assert(m);
         assert(uid_is_valid(uid));
 
-        r = userdb_by_uid(uid, USERDB_AVOID_SHADOW, &ur);
+        r = userdb_by_uid(uid, USERDB_SUPPRESS_SHADOW, &ur);
         if (r < 0)
                 return r;
 

diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c
index 5592eaa3aa417b78f8936429bb12074ab5cbc76b..14712f8735d2a0adba763bb3954030a0f66dab9c 100644 (file)
--- a/src/nss-systemd/nss-systemd.c
+++ b/src/nss-systemd/nss-systemd.c
@@ -582,7 +582,7 @@ enum nss_status _nss_systemd_initgroups_dyn(
                 /* The group might be defined via traditional NSS only, hence let's do a full look-up without
                  * disabling NSS. This means we are operating recursively here. */
 
-                r = groupdb_by_name(group_name, (nss_glue_userdb_flags() & ~USERDB_AVOID_NSS) | USERDB_AVOID_SHADOW, &g);
+                r = groupdb_by_name(group_name, (nss_glue_userdb_flags() & ~USERDB_EXCLUDE_NSS) | USERDB_SUPPRESS_SHADOW, &g);
                 if (r == -ESRCH)
                         continue;
                 if (r < 0) {

diff --git a/src/nss-systemd/userdb-glue.c b/src/nss-systemd/userdb-glue.c
index 8f8988579b808fd0829da47a6f3c667b700e83be..73941b2ba56515d692a9287f554e5e8f0fb6cf1e 100644 (file)
--- a/src/nss-systemd/userdb-glue.c
+++ b/src/nss-systemd/userdb-glue.c
@@ -11,11 +11,11 @@
 #include "userdb.h"
 
 UserDBFlags nss_glue_userdb_flags(void) {
-        UserDBFlags flags = USERDB_AVOID_NSS;
+        UserDBFlags flags = USERDB_EXCLUDE_NSS;
 
         /* Make sure that we don't go in circles when allocating a dynamic UID by checking our own database */
         if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
-                flags |= USERDB_AVOID_DYNAMIC_USER;
+                flags |= USERDB_EXCLUDE_DYNAMIC_USER;
 
         return flags;
 }

diff --git a/src/shared/userdb.c b/src/shared/userdb.c
index e4a04123c0e7f3e6ef699f7ea3da9eb262e1c874..d856625dd3a03ec1d85fdd7999214ca97d7c3efa 100644 (file)
--- a/src/shared/userdb.c
+++ b/src/shared/userdb.c
@@ -422,7 +422,7 @@ static int userdb_start_query(
         }
 
         /* First, let's talk to the multiplexer, if we can */
-        if ((flags & (USERDB_AVOID_MULTIPLEXER|USERDB_AVOID_DYNAMIC_USER|USERDB_AVOID_NSS|USERDB_DONT_SYNTHESIZE)) == 0 &&
+        if ((flags & (USERDB_AVOID_MULTIPLEXER|USERDB_EXCLUDE_DYNAMIC_USER|USERDB_EXCLUDE_NSS|USERDB_DONT_SYNTHESIZE)) == 0 &&
             !strv_contains(except, "io.systemd.Multiplexer") &&
             (!only || strv_contains(only, "io.systemd.Multiplexer"))) {
                 _cleanup_(json_variant_unrefp) JsonVariant *patched_query = json_variant_ref(query);
@@ -454,7 +454,7 @@ static int userdb_start_query(
                 if (streq(de->d_name, "io.systemd.Multiplexer")) /* We already tried this above, don't try this again */
                         continue;
 
-                if (FLAGS_SET(flags, USERDB_AVOID_DYNAMIC_USER) &&
+                if (FLAGS_SET(flags, USERDB_EXCLUDE_DYNAMIC_USER) &&
                     streq(de->d_name, "io.systemd.DynamicUser"))
                         continue;
 
@@ -463,7 +463,7 @@ static int userdb_start_query(
                  * (and when we run as part of systemd-userdbd.service we don't want to talk to ourselves
                  * anyway). */
                 is_nss = streq(de->d_name, "io.systemd.NameServiceSwitch");
-                if ((flags & (USERDB_AVOID_NSS|USERDB_AVOID_MULTIPLEXER)) && is_nss)
+                if ((flags & (USERDB_EXCLUDE_NSS|USERDB_AVOID_MULTIPLEXER)) && is_nss)
                         continue;
 
                 if (strv_contains(except, de->d_name))
@@ -621,13 +621,13 @@ int userdb_by_name(const char *name, UserDBFlags flags, UserRecord **ret) {
                         return r;
         }
 
-        if (!FLAGS_SET(flags, USERDB_AVOID_NSS) && !iterator->nss_covered) {
+        if (!FLAGS_SET(flags, USERDB_EXCLUDE_NSS) && !iterator->nss_covered) {
                 /* Make sure the NSS lookup doesn't recurse back to us. */
 
                 r = userdb_iterator_block_nss_systemd(iterator);
                 if (r >= 0) {
                         /* Client-side NSS fallback */
-                        r = nss_user_record_by_name(name, !FLAGS_SET(flags, USERDB_AVOID_SHADOW), ret);
+                        r = nss_user_record_by_name(name, !FLAGS_SET(flags, USERDB_SUPPRESS_SHADOW), ret);
                         if (r >= 0)
                                 return r;
                 }
@@ -668,11 +668,11 @@ int userdb_by_uid(uid_t uid, UserDBFlags flags, UserRecord **ret) {
                         return r;
         }
 
-        if (!FLAGS_SET(flags, USERDB_AVOID_NSS) && !iterator->nss_covered) {
+        if (!FLAGS_SET(flags, USERDB_EXCLUDE_NSS) && !iterator->nss_covered) {
                 r = userdb_iterator_block_nss_systemd(iterator);
                 if (r >= 0) {
                         /* Client-side NSS fallback */
-                        r = nss_user_record_by_uid(uid, !FLAGS_SET(flags, USERDB_AVOID_SHADOW), ret);
+                        r = nss_user_record_by_uid(uid, !FLAGS_SET(flags, USERDB_SUPPRESS_SHADOW), ret);
                         if (r >= 0)
                                 return r;
                 }
@@ -703,7 +703,7 @@ int userdb_all(UserDBFlags flags, UserDBIterator **ret) {
 
         r = userdb_start_query(iterator, "io.systemd.UserDatabase.GetUserRecord", true, NULL, flags);
 
-        if (!FLAGS_SET(flags, USERDB_AVOID_NSS) && (r < 0 || !iterator->nss_covered)) {
+        if (!FLAGS_SET(flags, USERDB_EXCLUDE_NSS) && (r < 0 || !iterator->nss_covered)) {
                 r = userdb_iterator_block_nss_systemd(iterator);
                 if (r < 0)
                         return r;
@@ -740,7 +740,7 @@ int userdb_iterator_get(UserDBIterator *iterator, UserRecord **ret) {
                         if (pw->pw_uid == UID_NOBODY)
                                 iterator->synthesize_nobody = false;
 
-                        if (!FLAGS_SET(iterator->flags, USERDB_AVOID_SHADOW)) {
+                        if (!FLAGS_SET(iterator->flags, USERDB_SUPPRESS_SHADOW)) {
                                 r = nss_spwd_for_passwd(pw, &spwd, &buffer);
                                 if (r < 0) {
                                         log_debug_errno(r, "Failed to acquire shadow entry for user %s, ignoring: %m", pw->pw_name);
@@ -832,10 +832,10 @@ int groupdb_by_name(const char *name, UserDBFlags flags, GroupRecord **ret) {
                         return r;
         }
 
-        if (!FLAGS_SET(flags, USERDB_AVOID_NSS) && !(iterator && iterator->nss_covered)) {
+        if (!FLAGS_SET(flags, USERDB_EXCLUDE_NSS) && !(iterator && iterator->nss_covered)) {
                 r = userdb_iterator_block_nss_systemd(iterator);
                 if (r >= 0) {
-                        r = nss_group_record_by_name(name, !FLAGS_SET(flags, USERDB_AVOID_SHADOW), ret);
+                        r = nss_group_record_by_name(name, !FLAGS_SET(flags, USERDB_SUPPRESS_SHADOW), ret);
                         if (r >= 0)
                                 return r;
                 }
@@ -876,10 +876,10 @@ int groupdb_by_gid(gid_t gid, UserDBFlags flags, GroupRecord **ret) {
                         return r;
         }
 
-        if (!FLAGS_SET(flags, USERDB_AVOID_NSS) && !(iterator && iterator->nss_covered)) {
+        if (!FLAGS_SET(flags, USERDB_EXCLUDE_NSS) && !(iterator && iterator->nss_covered)) {
                 r = userdb_iterator_block_nss_systemd(iterator);
                 if (r >= 0) {
-                        r = nss_group_record_by_gid(gid, !FLAGS_SET(flags, USERDB_AVOID_SHADOW), ret);
+                        r = nss_group_record_by_gid(gid, !FLAGS_SET(flags, USERDB_SUPPRESS_SHADOW), ret);
                         if (r >= 0)
                                 return r;
                 }
@@ -910,7 +910,7 @@ int groupdb_all(UserDBFlags flags, UserDBIterator **ret) {
 
         r = userdb_start_query(iterator, "io.systemd.UserDatabase.GetGroupRecord", true, NULL, flags);
 
-        if (!FLAGS_SET(flags, USERDB_AVOID_NSS) && (r < 0 || !iterator->nss_covered)) {
+        if (!FLAGS_SET(flags, USERDB_EXCLUDE_NSS) && (r < 0 || !iterator->nss_covered)) {
                 r = userdb_iterator_block_nss_systemd(iterator);
                 if (r < 0)
                         return r;
@@ -945,7 +945,7 @@ int groupdb_iterator_get(UserDBIterator *iterator, GroupRecord **ret) {
                         if (gr->gr_gid == GID_NOBODY)
                                 iterator->synthesize_nobody = false;
 
-                        if (!FLAGS_SET(iterator->flags, USERDB_AVOID_SHADOW)) {
+                        if (!FLAGS_SET(iterator->flags, USERDB_SUPPRESS_SHADOW)) {
                                 r = nss_sgrp_for_group(gr, &sgrp, &buffer);
                                 if (r < 0) {
                                         log_debug_errno(r, "Failed to acquire shadow entry for group %s, ignoring: %m", gr->gr_name);
@@ -1016,7 +1016,7 @@ int membershipdb_by_user(const char *name, UserDBFlags flags, UserDBIterator **r
                 return -ENOMEM;
 
         r = userdb_start_query(iterator, "io.systemd.UserDatabase.GetMemberships", true, query, flags);
-        if ((r >= 0 && iterator->nss_covered) || FLAGS_SET(flags, USERDB_AVOID_NSS))
+        if ((r >= 0 && iterator->nss_covered) || FLAGS_SET(flags, USERDB_EXCLUDE_NSS))
                 goto finish;
 
         r = userdb_iterator_block_nss_systemd(iterator);
@@ -1059,7 +1059,7 @@ int membershipdb_by_group(const char *name, UserDBFlags flags, UserDBIterator **
                 return -ENOMEM;
 
         r = userdb_start_query(iterator, "io.systemd.UserDatabase.GetMemberships", true, query, flags);
-        if ((r >= 0 && iterator->nss_covered) || FLAGS_SET(flags, USERDB_AVOID_NSS))
+        if ((r >= 0 && iterator->nss_covered) || FLAGS_SET(flags, USERDB_EXCLUDE_NSS))
                 goto finish;
 
         r = userdb_iterator_block_nss_systemd(iterator);
@@ -1100,7 +1100,7 @@ int membershipdb_all(UserDBFlags flags, UserDBIterator **ret) {
                 return -ENOMEM;
 
         r = userdb_start_query(iterator, "io.systemd.UserDatabase.GetMemberships", true, NULL, flags);
-        if ((r >= 0 && iterator->nss_covered) || FLAGS_SET(flags, USERDB_AVOID_NSS))
+        if ((r >= 0 && iterator->nss_covered) || FLAGS_SET(flags, USERDB_EXCLUDE_NSS))
                 goto finish;
 
         r = userdb_iterator_block_nss_systemd(iterator);

diff --git a/src/shared/userdb.h b/src/shared/userdb.h
index ee207b518ed68c67a1c7cfa4b1f84708c94c9b71..055cf627a486b3e2fb37e544c1e1e7aa007b947e 100644 (file)
--- a/src/shared/userdb.h
+++ b/src/shared/userdb.h
@@ -15,11 +15,14 @@ UserDBIterator *userdb_iterator_free(UserDBIterator *iterator);
 DEFINE_TRIVIAL_CLEANUP_FUNC(UserDBIterator*, userdb_iterator_free);
 
 typedef enum UserDBFlags {
-        USERDB_AVOID_NSS          = 1 << 0,  /* don't do client-side nor server-side NSS */
-        USERDB_AVOID_SHADOW       = 1 << 1,  /* don't do client-side shadow calls (server side might happen though) */
-        USERDB_AVOID_DYNAMIC_USER = 1 << 2,  /* exclude looking up in io.systemd.DynamicUser */
-        USERDB_AVOID_MULTIPLEXER  = 1 << 3,  /* exclude looking up via io.systemd.Multiplexer */
-        USERDB_DONT_SYNTHESIZE    = 1 << 4,  /* don't synthesize root/nobody */
+        /* The main sources */
+        USERDB_EXCLUDE_NSS          = 1 << 0,  /* don't do client-side nor server-side NSS */
+
+        /* Modifications */
+        USERDB_SUPPRESS_SHADOW      = 1 << 3,  /* don't do client-side shadow calls (server side might happen though) */
+        USERDB_EXCLUDE_DYNAMIC_USER = 1 << 4,  /* exclude looking up in io.systemd.DynamicUser */
+        USERDB_AVOID_MULTIPLEXER    = 1 << 5,  /* exclude looking up via io.systemd.Multiplexer */
+        USERDB_DONT_SYNTHESIZE      = 1 << 6,  /* don't synthesize root/nobody */
 } UserDBFlags;
 
 int userdb_by_name(const char *name, UserDBFlags flags, UserRecord **ret);

diff --git a/src/userdb/userdbctl.c b/src/userdb/userdbctl.c
index e9c6957143aeb642e739a519cf728f5ea38c4a13..56511eae4478ad358f5975cbb5b49c950185b9e9 100644 (file)
--- a/src/userdb/userdbctl.c
+++ b/src/userdb/userdbctl.c
@@ -717,7 +717,7 @@ static int parse_argv(int argc, char *argv[]) {
                         break;
 
                 case 'N':
-                        arg_userdb_flags |= USERDB_AVOID_NSS|USERDB_DONT_SYNTHESIZE;
+                        arg_userdb_flags |= USERDB_EXCLUDE_NSS|USERDB_DONT_SYNTHESIZE;
                         break;
 
                 case ARG_WITH_NSS:
@@ -725,7 +725,7 @@ static int parse_argv(int argc, char *argv[]) {
                         if (r < 0)
                                 return r;
 
-                        SET_FLAG(arg_userdb_flags, USERDB_AVOID_NSS, !r);
+                        SET_FLAG(arg_userdb_flags, USERDB_EXCLUDE_NSS, !r);
                         break;
 
                 case ARG_SYNTHESIZE: