From ac8e381e262f16d77bef2bc77de1d864042dd5f4 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 12 Nov 2024 16:37:14 +0100
Subject: [PATCH] user-record: only synthesize default list of self-modifiable
 fields for *regular* users

For system users we should lock things down, hence generate an empty
list.

This is mostly a safety precaution, but also hides really confusing
output of "userdbctl user" for an system user.

Follow-up for: a192250eda1e5cc1f8fc799cf9b85d37e7fa0519
---
 src/shared/user-record.c    | 19 ++++++++++++++++---
 src/test/test-user-record.c |  2 +-
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/shared/user-record.c b/src/shared/user-record.c
index a63b907c74a..45577180236 100644
--- a/src/shared/user-record.c
+++ b/src/shared/user-record.c
@@ -2165,8 +2165,15 @@ const char** user_record_self_modifiable_fields(UserRecord *h) {
 
         assert(h);
 
+        /* Note: if the self_modifiable_fields field in UserRecord is NULL we'll apply a default, if we have
+         * one. If it is a non-NULL empty strv, we'll report it as explicit empty list. When the field is
+         * NULL and we have no default list we'll return NULL. */
+
         /* Note that we intentionally distinguish between NULL and an empty array here */
-        return (const char**) h->self_modifiable_fields ?: (const char**) default_fields;
+        if (h->self_modifiable_fields)
+                return (const char**) h->self_modifiable_fields;
+
+        return user_record_disposition(h) == USER_REGULAR ? (const char**) default_fields : NULL;
 }
 
 const char** user_record_self_modifiable_blobs(UserRecord *h) {
@@ -2180,7 +2187,10 @@ const char** user_record_self_modifiable_blobs(UserRecord *h) {
         assert(h);
 
         /* Note that we intentionally distinguish between NULL and an empty array here */
-        return (const char**) h->self_modifiable_blobs ?: (const char**) default_blobs;
+        if (h->self_modifiable_blobs)
+                return (const char**) h->self_modifiable_blobs;
+
+        return user_record_disposition(h) == USER_REGULAR ? (const char**) default_blobs : NULL;
 }
 
 const char** user_record_self_modifiable_privileged(UserRecord *h) {
@@ -2201,7 +2211,10 @@ const char** user_record_self_modifiable_privileged(UserRecord *h) {
         assert(h);
 
         /* Note that we intentionally distinguish between NULL and an empty array here */
-        return (const char**) h->self_modifiable_privileged ?: (const char**) default_fields;
+        if (h->self_modifiable_privileged)
+                return (const char**) h->self_modifiable_privileged;
+
+        return user_record_disposition(h) == USER_REGULAR ? (const char**) default_fields : NULL;
 }
 
 static int remove_self_modifiable_json_fields_common(UserRecord *current, sd_json_variant **target) {
diff --git a/src/test/test-user-record.c b/src/test/test-user-record.c
index 3a7e8e28afc..2a4df190a1a 100644
--- a/src/test/test-user-record.c
+++ b/src/test/test-user-record.c
@@ -9,7 +9,7 @@
         ({                                      \
                 typeof(ret) _r = (ret);         \
                 user_record_unref(*_r);         \
-                assert_se(user_record_build((ret), SD_JSON_BUILD_OBJECT(__VA_ARGS__)) >= 0); \
+                assert_se(user_record_build((ret), SD_JSON_BUILD_OBJECT(SD_JSON_BUILD_PAIR_STRING("disposition", "regular"), __VA_ARGS__)) >= 0); \
                 0;                              \
         })
 
-- 
2.47.3