diff options
| author | Lennart Poettering <lennart@poettering.net> | 2021-05-31 21:55:44 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2021-06-01 13:32:31 +0200 |
| commit | bfc0cc1a2506eb2327dca8e1a474be51634e8ab9 (patch) | |
| tree | 51c0e7a5b722bd442e842894d95a53ae22824f22 /src/userdb | |
| parent | 17e7561a973495992014dd102135f15eb808ae01 (diff) | |
| download | systemd-bfc0cc1a2506eb2327dca8e1a474be51634e8ab9.tar.gz | |
userdb: make most loading of JSON user record data "permissive"
We want user records to be extensible, hence we shouldn't complain about
fields we can't parse. In particular we want them to be extensible for
our own future extensions.
Some code already turned the permissive flag when parsing the JSON data,
but most did not. Fix that. A few select cases remain where the bit is
not set: where we just gnerated the JSON data ourselves, and thus can be
reasonably sure that if we can't parse it it's our immediate programming
error and not just us processing a user record from some other tool or a
newer version of ourselves.
Diffstat (limited to 'src/userdb')
| -rw-r--r-- | src/userdb/userwork.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/userdb/userwork.c b/src/userdb/userwork.c index 21caa54096..8b7a20b08d 100644 --- a/src/userdb/userwork.c +++ b/src/userdb/userwork.c @@ -88,7 +88,7 @@ static int build_user_json(Varlink *link, UserRecord *ur, JsonVariant **ret) { } else trusted = peer_uid == 0 || peer_uid == ur->uid; - flags = USER_RECORD_REQUIRE_REGULAR|USER_RECORD_ALLOW_PER_MACHINE|USER_RECORD_ALLOW_BINDING|USER_RECORD_STRIP_SECRET|USER_RECORD_ALLOW_STATUS|USER_RECORD_ALLOW_SIGNATURE; + flags = USER_RECORD_REQUIRE_REGULAR|USER_RECORD_ALLOW_PER_MACHINE|USER_RECORD_ALLOW_BINDING|USER_RECORD_STRIP_SECRET|USER_RECORD_ALLOW_STATUS|USER_RECORD_ALLOW_SIGNATURE|USER_RECORD_PERMISSIVE; if (trusted) flags |= USER_RECORD_ALLOW_PRIVILEGED; else @@ -232,7 +232,7 @@ static int build_group_json(Varlink *link, GroupRecord *gr, JsonVariant **ret) { } else trusted = peer_uid == 0; - flags = USER_RECORD_REQUIRE_REGULAR|USER_RECORD_ALLOW_PER_MACHINE|USER_RECORD_ALLOW_BINDING|USER_RECORD_STRIP_SECRET|USER_RECORD_ALLOW_STATUS|USER_RECORD_ALLOW_SIGNATURE; + flags = USER_RECORD_REQUIRE_REGULAR|USER_RECORD_ALLOW_PER_MACHINE|USER_RECORD_ALLOW_BINDING|USER_RECORD_STRIP_SECRET|USER_RECORD_ALLOW_STATUS|USER_RECORD_ALLOW_SIGNATURE|USER_RECORD_PERMISSIVE; if (trusted) flags |= USER_RECORD_ALLOW_PRIVILEGED; else |