userwork: properly handle ENOLINK error from lower-level userdb code

The lower-level userdb code will return ENOLINK if varlink lookups are
disabled explicitly and we couldn#t find an answer any other way. Let's
not propagate this to clients, since they don't have control over this
feature anyway: we decide internally when to disable varlink lookups
(e.g. if DropIn lookups are requested we disable them) and to the client
side that should not be visible: if we can't find a record with the
flags we pick then we should report then we can't find any, and that's
it.

Fixes: #21223

diff --git a/src/userdb/userwork.c b/src/userdb/userwork.c
index 3e670d61f74874a1911b574f39233cf37aa1b8e6..63ce7eafe8d3160cdabff06c34889cd2a975835c 100644 (file)
--- a/src/userdb/userwork.c
+++ b/src/userdb/userwork.c
@@ -165,6 +165,14 @@ static int vl_method_get_user_record(Varlink *link, JsonVariant *parameters, Var
                 _cleanup_(json_variant_unrefp) JsonVariant *last = NULL;
 
                 r = userdb_all(userdb_flags, &iterator);
+                if (IN_SET(r, -ESRCH, -ENOLINK))
+                        /* We turn off Varlink lookups in various cases (e.g. in case we only enable DropIn
+                         * backend) — this might make userdb_all return ENOLINK (which indicates that varlink
+                         * was off and no other suitable source or entries were found). Let's hide this
+                         * implementation detail and always return NoRecordFound in this case, since from a
+                         * client's perspective it's irrelevant if there was no entry at all or just not on
+                         * the service that the query was limited to. */
+                        return varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL);
                 if (r < 0)
                         return r;
 
@@ -292,6 +300,8 @@ static int vl_method_get_group_record(Varlink *link, JsonVariant *parameters, Va
                 _cleanup_(json_variant_unrefp) JsonVariant *last = NULL;
 
                 r = groupdb_all(userdb_flags, &iterator);
+                if (IN_SET(r, -ESRCH, -ENOLINK))
+                        return varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL);
                 if (r < 0)
                         return r;
 
@@ -370,6 +380,8 @@ static int vl_method_get_memberships(Varlink *link, JsonVariant *parameters, Var
                 r = membershipdb_by_user(p.user_name, userdb_flags, &iterator);
         else
                 r = membershipdb_all(userdb_flags, &iterator);
+        if (IN_SET(r, -ESRCH, -ENOLINK))
+                return varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL);
         if (r < 0)
                 return r;