From: Lennart Poettering Date: Thu, 6 May 2021 13:46:30 +0000 (+0200) Subject: userdb: rename userdb lookup flags a bit X-Git-Tag: v249-rc1~270^2~2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=80d88a8267401387645166c22724e2ad912fade4;p=thirdparty%2Fsystemd.git userdb: rename userdb lookup flags a bit Let's use "exclude" for flags that really exclude records from our lookup. Let's use "avoid" referring to concepts that when flag is set we'll not use but we have a fallback path for that should yield the same result. Let' use "suppress" for suppressing partial info, even if we return the record otherwise. So far we used "avoid" for all these cases, which was confusing. Whiel we are at it, let's reassign the bits a bit, leaving some space for bits follow-up commits are going to add. --- diff --git a/src/login/logind-core.c b/src/login/logind-core.c index cd3a3742012..22031f485a0 100644 --- a/src/login/logind-core.c +++ b/src/login/logind-core.c @@ -176,7 +176,7 @@ int manager_add_user_by_name( assert(m); assert(name); - r = userdb_by_name(name, USERDB_AVOID_SHADOW, &ur); + r = userdb_by_name(name, USERDB_SUPPRESS_SHADOW, &ur); if (r < 0) return r; @@ -194,7 +194,7 @@ int manager_add_user_by_uid( assert(m); assert(uid_is_valid(uid)); - r = userdb_by_uid(uid, USERDB_AVOID_SHADOW, &ur); + r = userdb_by_uid(uid, USERDB_SUPPRESS_SHADOW, &ur); if (r < 0) return r; diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c index 5592eaa3aa4..14712f8735d 100644 --- a/src/nss-systemd/nss-systemd.c +++ b/src/nss-systemd/nss-systemd.c @@ -582,7 +582,7 @@ enum nss_status _nss_systemd_initgroups_dyn( /* The group might be defined via traditional NSS only, hence let's do a full look-up without * disabling NSS. This means we are operating recursively here. */ - r = groupdb_by_name(group_name, (nss_glue_userdb_flags() & ~USERDB_AVOID_NSS) | USERDB_AVOID_SHADOW, &g); + r = groupdb_by_name(group_name, (nss_glue_userdb_flags() & ~USERDB_EXCLUDE_NSS) | USERDB_SUPPRESS_SHADOW, &g); if (r == -ESRCH) continue; if (r < 0) { diff --git a/src/nss-systemd/userdb-glue.c b/src/nss-systemd/userdb-glue.c index 8f8988579b8..73941b2ba56 100644 --- a/src/nss-systemd/userdb-glue.c +++ b/src/nss-systemd/userdb-glue.c @@ -11,11 +11,11 @@ #include "userdb.h" UserDBFlags nss_glue_userdb_flags(void) { - UserDBFlags flags = USERDB_AVOID_NSS; + UserDBFlags flags = USERDB_EXCLUDE_NSS; /* Make sure that we don't go in circles when allocating a dynamic UID by checking our own database */ if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0) - flags |= USERDB_AVOID_DYNAMIC_USER; + flags |= USERDB_EXCLUDE_DYNAMIC_USER; return flags; } diff --git a/src/shared/userdb.c b/src/shared/userdb.c index e4a04123c0e..d856625dd3a 100644 --- a/src/shared/userdb.c +++ b/src/shared/userdb.c @@ -422,7 +422,7 @@ static int userdb_start_query( } /* First, let's talk to the multiplexer, if we can */ - if ((flags & (USERDB_AVOID_MULTIPLEXER|USERDB_AVOID_DYNAMIC_USER|USERDB_AVOID_NSS|USERDB_DONT_SYNTHESIZE)) == 0 && + if ((flags & (USERDB_AVOID_MULTIPLEXER|USERDB_EXCLUDE_DYNAMIC_USER|USERDB_EXCLUDE_NSS|USERDB_DONT_SYNTHESIZE)) == 0 && !strv_contains(except, "io.systemd.Multiplexer") && (!only || strv_contains(only, "io.systemd.Multiplexer"))) { _cleanup_(json_variant_unrefp) JsonVariant *patched_query = json_variant_ref(query); @@ -454,7 +454,7 @@ static int userdb_start_query( if (streq(de->d_name, "io.systemd.Multiplexer")) /* We already tried this above, don't try this again */ continue; - if (FLAGS_SET(flags, USERDB_AVOID_DYNAMIC_USER) && + if (FLAGS_SET(flags, USERDB_EXCLUDE_DYNAMIC_USER) && streq(de->d_name, "io.systemd.DynamicUser")) continue; @@ -463,7 +463,7 @@ static int userdb_start_query( * (and when we run as part of systemd-userdbd.service we don't want to talk to ourselves * anyway). */ is_nss = streq(de->d_name, "io.systemd.NameServiceSwitch"); - if ((flags & (USERDB_AVOID_NSS|USERDB_AVOID_MULTIPLEXER)) && is_nss) + if ((flags & (USERDB_EXCLUDE_NSS|USERDB_AVOID_MULTIPLEXER)) && is_nss) continue; if (strv_contains(except, de->d_name)) @@ -621,13 +621,13 @@ int userdb_by_name(const char *name, UserDBFlags flags, UserRecord **ret) { return r; } - if (!FLAGS_SET(flags, USERDB_AVOID_NSS) && !iterator->nss_covered) { + if (!FLAGS_SET(flags, USERDB_EXCLUDE_NSS) && !iterator->nss_covered) { /* Make sure the NSS lookup doesn't recurse back to us. */ r = userdb_iterator_block_nss_systemd(iterator); if (r >= 0) { /* Client-side NSS fallback */ - r = nss_user_record_by_name(name, !FLAGS_SET(flags, USERDB_AVOID_SHADOW), ret); + r = nss_user_record_by_name(name, !FLAGS_SET(flags, USERDB_SUPPRESS_SHADOW), ret); if (r >= 0) return r; } @@ -668,11 +668,11 @@ int userdb_by_uid(uid_t uid, UserDBFlags flags, UserRecord **ret) { return r; } - if (!FLAGS_SET(flags, USERDB_AVOID_NSS) && !iterator->nss_covered) { + if (!FLAGS_SET(flags, USERDB_EXCLUDE_NSS) && !iterator->nss_covered) { r = userdb_iterator_block_nss_systemd(iterator); if (r >= 0) { /* Client-side NSS fallback */ - r = nss_user_record_by_uid(uid, !FLAGS_SET(flags, USERDB_AVOID_SHADOW), ret); + r = nss_user_record_by_uid(uid, !FLAGS_SET(flags, USERDB_SUPPRESS_SHADOW), ret); if (r >= 0) return r; } @@ -703,7 +703,7 @@ int userdb_all(UserDBFlags flags, UserDBIterator **ret) { r = userdb_start_query(iterator, "io.systemd.UserDatabase.GetUserRecord", true, NULL, flags); - if (!FLAGS_SET(flags, USERDB_AVOID_NSS) && (r < 0 || !iterator->nss_covered)) { + if (!FLAGS_SET(flags, USERDB_EXCLUDE_NSS) && (r < 0 || !iterator->nss_covered)) { r = userdb_iterator_block_nss_systemd(iterator); if (r < 0) return r; @@ -740,7 +740,7 @@ int userdb_iterator_get(UserDBIterator *iterator, UserRecord **ret) { if (pw->pw_uid == UID_NOBODY) iterator->synthesize_nobody = false; - if (!FLAGS_SET(iterator->flags, USERDB_AVOID_SHADOW)) { + if (!FLAGS_SET(iterator->flags, USERDB_SUPPRESS_SHADOW)) { r = nss_spwd_for_passwd(pw, &spwd, &buffer); if (r < 0) { log_debug_errno(r, "Failed to acquire shadow entry for user %s, ignoring: %m", pw->pw_name); @@ -832,10 +832,10 @@ int groupdb_by_name(const char *name, UserDBFlags flags, GroupRecord **ret) { return r; } - if (!FLAGS_SET(flags, USERDB_AVOID_NSS) && !(iterator && iterator->nss_covered)) { + if (!FLAGS_SET(flags, USERDB_EXCLUDE_NSS) && !(iterator && iterator->nss_covered)) { r = userdb_iterator_block_nss_systemd(iterator); if (r >= 0) { - r = nss_group_record_by_name(name, !FLAGS_SET(flags, USERDB_AVOID_SHADOW), ret); + r = nss_group_record_by_name(name, !FLAGS_SET(flags, USERDB_SUPPRESS_SHADOW), ret); if (r >= 0) return r; } @@ -876,10 +876,10 @@ int groupdb_by_gid(gid_t gid, UserDBFlags flags, GroupRecord **ret) { return r; } - if (!FLAGS_SET(flags, USERDB_AVOID_NSS) && !(iterator && iterator->nss_covered)) { + if (!FLAGS_SET(flags, USERDB_EXCLUDE_NSS) && !(iterator && iterator->nss_covered)) { r = userdb_iterator_block_nss_systemd(iterator); if (r >= 0) { - r = nss_group_record_by_gid(gid, !FLAGS_SET(flags, USERDB_AVOID_SHADOW), ret); + r = nss_group_record_by_gid(gid, !FLAGS_SET(flags, USERDB_SUPPRESS_SHADOW), ret); if (r >= 0) return r; } @@ -910,7 +910,7 @@ int groupdb_all(UserDBFlags flags, UserDBIterator **ret) { r = userdb_start_query(iterator, "io.systemd.UserDatabase.GetGroupRecord", true, NULL, flags); - if (!FLAGS_SET(flags, USERDB_AVOID_NSS) && (r < 0 || !iterator->nss_covered)) { + if (!FLAGS_SET(flags, USERDB_EXCLUDE_NSS) && (r < 0 || !iterator->nss_covered)) { r = userdb_iterator_block_nss_systemd(iterator); if (r < 0) return r; @@ -945,7 +945,7 @@ int groupdb_iterator_get(UserDBIterator *iterator, GroupRecord **ret) { if (gr->gr_gid == GID_NOBODY) iterator->synthesize_nobody = false; - if (!FLAGS_SET(iterator->flags, USERDB_AVOID_SHADOW)) { + if (!FLAGS_SET(iterator->flags, USERDB_SUPPRESS_SHADOW)) { r = nss_sgrp_for_group(gr, &sgrp, &buffer); if (r < 0) { log_debug_errno(r, "Failed to acquire shadow entry for group %s, ignoring: %m", gr->gr_name); @@ -1016,7 +1016,7 @@ int membershipdb_by_user(const char *name, UserDBFlags flags, UserDBIterator **r return -ENOMEM; r = userdb_start_query(iterator, "io.systemd.UserDatabase.GetMemberships", true, query, flags); - if ((r >= 0 && iterator->nss_covered) || FLAGS_SET(flags, USERDB_AVOID_NSS)) + if ((r >= 0 && iterator->nss_covered) || FLAGS_SET(flags, USERDB_EXCLUDE_NSS)) goto finish; r = userdb_iterator_block_nss_systemd(iterator); @@ -1059,7 +1059,7 @@ int membershipdb_by_group(const char *name, UserDBFlags flags, UserDBIterator ** return -ENOMEM; r = userdb_start_query(iterator, "io.systemd.UserDatabase.GetMemberships", true, query, flags); - if ((r >= 0 && iterator->nss_covered) || FLAGS_SET(flags, USERDB_AVOID_NSS)) + if ((r >= 0 && iterator->nss_covered) || FLAGS_SET(flags, USERDB_EXCLUDE_NSS)) goto finish; r = userdb_iterator_block_nss_systemd(iterator); @@ -1100,7 +1100,7 @@ int membershipdb_all(UserDBFlags flags, UserDBIterator **ret) { return -ENOMEM; r = userdb_start_query(iterator, "io.systemd.UserDatabase.GetMemberships", true, NULL, flags); - if ((r >= 0 && iterator->nss_covered) || FLAGS_SET(flags, USERDB_AVOID_NSS)) + if ((r >= 0 && iterator->nss_covered) || FLAGS_SET(flags, USERDB_EXCLUDE_NSS)) goto finish; r = userdb_iterator_block_nss_systemd(iterator); diff --git a/src/shared/userdb.h b/src/shared/userdb.h index ee207b518ed..055cf627a48 100644 --- a/src/shared/userdb.h +++ b/src/shared/userdb.h @@ -15,11 +15,14 @@ UserDBIterator *userdb_iterator_free(UserDBIterator *iterator); DEFINE_TRIVIAL_CLEANUP_FUNC(UserDBIterator*, userdb_iterator_free); typedef enum UserDBFlags { - USERDB_AVOID_NSS = 1 << 0, /* don't do client-side nor server-side NSS */ - USERDB_AVOID_SHADOW = 1 << 1, /* don't do client-side shadow calls (server side might happen though) */ - USERDB_AVOID_DYNAMIC_USER = 1 << 2, /* exclude looking up in io.systemd.DynamicUser */ - USERDB_AVOID_MULTIPLEXER = 1 << 3, /* exclude looking up via io.systemd.Multiplexer */ - USERDB_DONT_SYNTHESIZE = 1 << 4, /* don't synthesize root/nobody */ + /* The main sources */ + USERDB_EXCLUDE_NSS = 1 << 0, /* don't do client-side nor server-side NSS */ + + /* Modifications */ + USERDB_SUPPRESS_SHADOW = 1 << 3, /* don't do client-side shadow calls (server side might happen though) */ + USERDB_EXCLUDE_DYNAMIC_USER = 1 << 4, /* exclude looking up in io.systemd.DynamicUser */ + USERDB_AVOID_MULTIPLEXER = 1 << 5, /* exclude looking up via io.systemd.Multiplexer */ + USERDB_DONT_SYNTHESIZE = 1 << 6, /* don't synthesize root/nobody */ } UserDBFlags; int userdb_by_name(const char *name, UserDBFlags flags, UserRecord **ret); diff --git a/src/userdb/userdbctl.c b/src/userdb/userdbctl.c index e9c6957143a..56511eae447 100644 --- a/src/userdb/userdbctl.c +++ b/src/userdb/userdbctl.c @@ -717,7 +717,7 @@ static int parse_argv(int argc, char *argv[]) { break; case 'N': - arg_userdb_flags |= USERDB_AVOID_NSS|USERDB_DONT_SYNTHESIZE; + arg_userdb_flags |= USERDB_EXCLUDE_NSS|USERDB_DONT_SYNTHESIZE; break; case ARG_WITH_NSS: @@ -725,7 +725,7 @@ static int parse_argv(int argc, char *argv[]) { if (r < 0) return r; - SET_FLAG(arg_userdb_flags, USERDB_AVOID_NSS, !r); + SET_FLAG(arg_userdb_flags, USERDB_EXCLUDE_NSS, !r); break; case ARG_SYNTHESIZE: