diff options
| author | Lennart Poettering <lennart@poettering.net> | 2021-05-06 15:46:30 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2021-05-07 22:19:07 +0200 |
| commit | 80d88a8267401387645166c22724e2ad912fade4 (patch) | |
| tree | bd487e8c109a0a96f4c31d496cf4084de43ffdca /src/shared | |
| parent | 0cd70d43a36d94b578004dfbf176007de3fd1f8a (diff) | |
| download | systemd-80d88a8267401387645166c22724e2ad912fade4.tar.gz | |
userdb: rename userdb lookup flags a bit
Let's use "exclude" for flags that really exclude records from our
lookup. Let's use "avoid" referring to concepts that when flag is set
we'll not use but we have a fallback path for that should yield the same
result. Let' use "suppress" for suppressing partial info, even if we
return the record otherwise.
So far we used "avoid" for all these cases, which was confusing.
Whiel we are at it, let's reassign the bits a bit, leaving some space
for bits follow-up commits are going to add.
Diffstat (limited to 'src/shared')
| -rw-r--r-- | src/shared/userdb.c | 36 | ||||
| -rw-r--r-- | src/shared/userdb.h | 13 |
2 files changed, 26 insertions, 23 deletions
diff --git a/src/shared/userdb.c b/src/shared/userdb.c index e4a04123c0..d856625dd3 100644 --- a/src/shared/userdb.c +++ b/src/shared/userdb.c @@ -422,7 +422,7 @@ static int userdb_start_query( } /* First, let's talk to the multiplexer, if we can */ - if ((flags & (USERDB_AVOID_MULTIPLEXER|USERDB_AVOID_DYNAMIC_USER|USERDB_AVOID_NSS|USERDB_DONT_SYNTHESIZE)) == 0 && + if ((flags & (USERDB_AVOID_MULTIPLEXER|USERDB_EXCLUDE_DYNAMIC_USER|USERDB_EXCLUDE_NSS|USERDB_DONT_SYNTHESIZE)) == 0 && !strv_contains(except, "io.systemd.Multiplexer") && (!only || strv_contains(only, "io.systemd.Multiplexer"))) { _cleanup_(json_variant_unrefp) JsonVariant *patched_query = json_variant_ref(query); @@ -454,7 +454,7 @@ static int userdb_start_query( if (streq(de->d_name, "io.systemd.Multiplexer")) /* We already tried this above, don't try this again */ continue; - if (FLAGS_SET(flags, USERDB_AVOID_DYNAMIC_USER) && + if (FLAGS_SET(flags, USERDB_EXCLUDE_DYNAMIC_USER) && streq(de->d_name, "io.systemd.DynamicUser")) continue; @@ -463,7 +463,7 @@ static int userdb_start_query( * (and when we run as part of systemd-userdbd.service we don't want to talk to ourselves * anyway). */ is_nss = streq(de->d_name, "io.systemd.NameServiceSwitch"); - if ((flags & (USERDB_AVOID_NSS|USERDB_AVOID_MULTIPLEXER)) && is_nss) + if ((flags & (USERDB_EXCLUDE_NSS|USERDB_AVOID_MULTIPLEXER)) && is_nss) continue; if (strv_contains(except, de->d_name)) @@ -621,13 +621,13 @@ int userdb_by_name(const char *name, UserDBFlags flags, UserRecord **ret) { return r; } - if (!FLAGS_SET(flags, USERDB_AVOID_NSS) && !iterator->nss_covered) { + if (!FLAGS_SET(flags, USERDB_EXCLUDE_NSS) && !iterator->nss_covered) { /* Make sure the NSS lookup doesn't recurse back to us. */ r = userdb_iterator_block_nss_systemd(iterator); if (r >= 0) { /* Client-side NSS fallback */ - r = nss_user_record_by_name(name, !FLAGS_SET(flags, USERDB_AVOID_SHADOW), ret); + r = nss_user_record_by_name(name, !FLAGS_SET(flags, USERDB_SUPPRESS_SHADOW), ret); if (r >= 0) return r; } @@ -668,11 +668,11 @@ int userdb_by_uid(uid_t uid, UserDBFlags flags, UserRecord **ret) { return r; } - if (!FLAGS_SET(flags, USERDB_AVOID_NSS) && !iterator->nss_covered) { + if (!FLAGS_SET(flags, USERDB_EXCLUDE_NSS) && !iterator->nss_covered) { r = userdb_iterator_block_nss_systemd(iterator); if (r >= 0) { /* Client-side NSS fallback */ - r = nss_user_record_by_uid(uid, !FLAGS_SET(flags, USERDB_AVOID_SHADOW), ret); + r = nss_user_record_by_uid(uid, !FLAGS_SET(flags, USERDB_SUPPRESS_SHADOW), ret); if (r >= 0) return r; } @@ -703,7 +703,7 @@ int userdb_all(UserDBFlags flags, UserDBIterator **ret) { r = userdb_start_query(iterator, "io.systemd.UserDatabase.GetUserRecord", true, NULL, flags); - if (!FLAGS_SET(flags, USERDB_AVOID_NSS) && (r < 0 || !iterator->nss_covered)) { + if (!FLAGS_SET(flags, USERDB_EXCLUDE_NSS) && (r < 0 || !iterator->nss_covered)) { r = userdb_iterator_block_nss_systemd(iterator); if (r < 0) return r; @@ -740,7 +740,7 @@ int userdb_iterator_get(UserDBIterator *iterator, UserRecord **ret) { if (pw->pw_uid == UID_NOBODY) iterator->synthesize_nobody = false; - if (!FLAGS_SET(iterator->flags, USERDB_AVOID_SHADOW)) { + if (!FLAGS_SET(iterator->flags, USERDB_SUPPRESS_SHADOW)) { r = nss_spwd_for_passwd(pw, &spwd, &buffer); if (r < 0) { log_debug_errno(r, "Failed to acquire shadow entry for user %s, ignoring: %m", pw->pw_name); @@ -832,10 +832,10 @@ int groupdb_by_name(const char *name, UserDBFlags flags, GroupRecord **ret) { return r; } - if (!FLAGS_SET(flags, USERDB_AVOID_NSS) && !(iterator && iterator->nss_covered)) { + if (!FLAGS_SET(flags, USERDB_EXCLUDE_NSS) && !(iterator && iterator->nss_covered)) { r = userdb_iterator_block_nss_systemd(iterator); if (r >= 0) { - r = nss_group_record_by_name(name, !FLAGS_SET(flags, USERDB_AVOID_SHADOW), ret); + r = nss_group_record_by_name(name, !FLAGS_SET(flags, USERDB_SUPPRESS_SHADOW), ret); if (r >= 0) return r; } @@ -876,10 +876,10 @@ int groupdb_by_gid(gid_t gid, UserDBFlags flags, GroupRecord **ret) { return r; } - if (!FLAGS_SET(flags, USERDB_AVOID_NSS) && !(iterator && iterator->nss_covered)) { + if (!FLAGS_SET(flags, USERDB_EXCLUDE_NSS) && !(iterator && iterator->nss_covered)) { r = userdb_iterator_block_nss_systemd(iterator); if (r >= 0) { - r = nss_group_record_by_gid(gid, !FLAGS_SET(flags, USERDB_AVOID_SHADOW), ret); + r = nss_group_record_by_gid(gid, !FLAGS_SET(flags, USERDB_SUPPRESS_SHADOW), ret); if (r >= 0) return r; } @@ -910,7 +910,7 @@ int groupdb_all(UserDBFlags flags, UserDBIterator **ret) { r = userdb_start_query(iterator, "io.systemd.UserDatabase.GetGroupRecord", true, NULL, flags); - if (!FLAGS_SET(flags, USERDB_AVOID_NSS) && (r < 0 || !iterator->nss_covered)) { + if (!FLAGS_SET(flags, USERDB_EXCLUDE_NSS) && (r < 0 || !iterator->nss_covered)) { r = userdb_iterator_block_nss_systemd(iterator); if (r < 0) return r; @@ -945,7 +945,7 @@ int groupdb_iterator_get(UserDBIterator *iterator, GroupRecord **ret) { if (gr->gr_gid == GID_NOBODY) iterator->synthesize_nobody = false; - if (!FLAGS_SET(iterator->flags, USERDB_AVOID_SHADOW)) { + if (!FLAGS_SET(iterator->flags, USERDB_SUPPRESS_SHADOW)) { r = nss_sgrp_for_group(gr, &sgrp, &buffer); if (r < 0) { log_debug_errno(r, "Failed to acquire shadow entry for group %s, ignoring: %m", gr->gr_name); @@ -1016,7 +1016,7 @@ int membershipdb_by_user(const char *name, UserDBFlags flags, UserDBIterator **r return -ENOMEM; r = userdb_start_query(iterator, "io.systemd.UserDatabase.GetMemberships", true, query, flags); - if ((r >= 0 && iterator->nss_covered) || FLAGS_SET(flags, USERDB_AVOID_NSS)) + if ((r >= 0 && iterator->nss_covered) || FLAGS_SET(flags, USERDB_EXCLUDE_NSS)) goto finish; r = userdb_iterator_block_nss_systemd(iterator); @@ -1059,7 +1059,7 @@ int membershipdb_by_group(const char *name, UserDBFlags flags, UserDBIterator ** return -ENOMEM; r = userdb_start_query(iterator, "io.systemd.UserDatabase.GetMemberships", true, query, flags); - if ((r >= 0 && iterator->nss_covered) || FLAGS_SET(flags, USERDB_AVOID_NSS)) + if ((r >= 0 && iterator->nss_covered) || FLAGS_SET(flags, USERDB_EXCLUDE_NSS)) goto finish; r = userdb_iterator_block_nss_systemd(iterator); @@ -1100,7 +1100,7 @@ int membershipdb_all(UserDBFlags flags, UserDBIterator **ret) { return -ENOMEM; r = userdb_start_query(iterator, "io.systemd.UserDatabase.GetMemberships", true, NULL, flags); - if ((r >= 0 && iterator->nss_covered) || FLAGS_SET(flags, USERDB_AVOID_NSS)) + if ((r >= 0 && iterator->nss_covered) || FLAGS_SET(flags, USERDB_EXCLUDE_NSS)) goto finish; r = userdb_iterator_block_nss_systemd(iterator); diff --git a/src/shared/userdb.h b/src/shared/userdb.h index ee207b518e..055cf627a4 100644 --- a/src/shared/userdb.h +++ b/src/shared/userdb.h @@ -15,11 +15,14 @@ UserDBIterator *userdb_iterator_free(UserDBIterator *iterator); DEFINE_TRIVIAL_CLEANUP_FUNC(UserDBIterator*, userdb_iterator_free); typedef enum UserDBFlags { - USERDB_AVOID_NSS = 1 << 0, /* don't do client-side nor server-side NSS */ - USERDB_AVOID_SHADOW = 1 << 1, /* don't do client-side shadow calls (server side might happen though) */ - USERDB_AVOID_DYNAMIC_USER = 1 << 2, /* exclude looking up in io.systemd.DynamicUser */ - USERDB_AVOID_MULTIPLEXER = 1 << 3, /* exclude looking up via io.systemd.Multiplexer */ - USERDB_DONT_SYNTHESIZE = 1 << 4, /* don't synthesize root/nobody */ + /* The main sources */ + USERDB_EXCLUDE_NSS = 1 << 0, /* don't do client-side nor server-side NSS */ + + /* Modifications */ + USERDB_SUPPRESS_SHADOW = 1 << 3, /* don't do client-side shadow calls (server side might happen though) */ + USERDB_EXCLUDE_DYNAMIC_USER = 1 << 4, /* exclude looking up in io.systemd.DynamicUser */ + USERDB_AVOID_MULTIPLEXER = 1 << 5, /* exclude looking up via io.systemd.Multiplexer */ + USERDB_DONT_SYNTHESIZE = 1 << 6, /* don't synthesize root/nobody */ } UserDBFlags; int userdb_by_name(const char *name, UserDBFlags flags, UserRecord **ret); |