From 8fbb1941f1a8c3d9eda920891b2b51a67f2a2375 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 6 May 2021 16:38:28 +0200 Subject: [PATCH] userdbd: also listen on a varlink socket io.systemd.DropIn Let's explicitly support looking things up via dropin as a varlink service. --- src/shared/userdb.h | 1 + src/userdb/userdbd-manager.c | 5 +++++ src/userdb/userdbd.c | 7 +++++-- src/userdb/userwork.c | 2 ++ units/systemd-userdbd.socket | 2 +- 5 files changed, 14 insertions(+), 3 deletions(-) diff --git a/src/shared/userdb.h b/src/shared/userdb.h index a851cbd6fba..75eb4b2dce8 100644 --- a/src/shared/userdb.h +++ b/src/shared/userdb.h @@ -28,6 +28,7 @@ typedef enum UserDBFlags { /* Combinations */ USERDB_NSS_ONLY = USERDB_EXCLUDE_VARLINK|USERDB_EXCLUDE_DROPIN|USERDB_DONT_SYNTHESIZE, + USERDB_DROPIN_ONLY = USERDB_EXCLUDE_NSS|USERDB_EXCLUDE_VARLINK|USERDB_DONT_SYNTHESIZE, } UserDBFlags; /* Well-known errors we'll return here: diff --git a/src/userdb/userdbd-manager.c b/src/userdb/userdbd-manager.c index 3fd82255ac6..0564840dbe8 100644 --- a/src/userdb/userdbd-manager.c +++ b/src/userdb/userdbd-manager.c @@ -289,6 +289,11 @@ int manager_startup(Manager *m) { if (r < 0) return log_error_errno(r, "Failed to bind io.systemd.Multiplexer: %m"); + r = symlink_idempotent("io.systemd.Multiplexer", + "/run/systemd/userdb/io.systemd.DropIn", false); + if (r < 0) + return log_error_errno(r, "Failed to bind io.systemd.Multiplexer: %m"); + if (listen(m->listen_fd, SOMAXCONN) < 0) return log_error_errno(errno, "Failed to listen on socket: %m"); } diff --git a/src/userdb/userdbd.c b/src/userdb/userdbd.c index 6b28dd0a084..d469411eb82 100644 --- a/src/userdb/userdbd.c +++ b/src/userdb/userdbd.c @@ -17,6 +17,9 @@ * → io.systemd.Multiplexer: this multiplexes lookup requests to all Varlink services that have a * socket in /run/systemd/userdb/. It's supposed to simplify clients that don't want to implement * the full iterative logic on their own. + * + * → io.systemd.DropIn: this makes JSON user/group records dropped into /run/userdb/ available as + * regular users. */ static int run(int argc, char *argv[]) { @@ -31,8 +34,8 @@ static int run(int argc, char *argv[]) { if (argc != 1) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "This program takes no arguments."); - if (setenv("SYSTEMD_BYPASS_USERDB", "io.systemd.NameServiceSwitch:io.systemd.Multiplexer", 1) < 0) - return log_error_errno(errno, "Failed to se $SYSTEMD_BYPASS_USERDB: %m"); + if (setenv("SYSTEMD_BYPASS_USERDB", "io.systemd.NameServiceSwitch:io.systemd.Multiplexer:io.systemd.DropIn", 1) < 0) + return log_error_errno(errno, "Failed to set $SYSTEMD_BYPASS_USERDB: %m"); assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGCHLD, SIGTERM, SIGINT, SIGUSR2, -1) >= 0); diff --git a/src/userdb/userwork.c b/src/userdb/userwork.c index 418a2892acf..21caa540965 100644 --- a/src/userdb/userwork.c +++ b/src/userdb/userwork.c @@ -120,6 +120,8 @@ static int userdb_flags_from_service(Varlink *link, const char *service, UserDBF if (streq_ptr(service, "io.systemd.NameServiceSwitch")) *ret = USERDB_NSS_ONLY|USERDB_AVOID_MULTIPLEXER; + if (streq_ptr(service, "io.systemd.DropIn")) + *ret = USERDB_DROPIN_ONLY|USERDB_AVOID_MULTIPLEXER; else if (streq_ptr(service, "io.systemd.Multiplexer")) *ret = USERDB_AVOID_MULTIPLEXER; else diff --git a/units/systemd-userdbd.socket b/units/systemd-userdbd.socket index 50235dd1ef2..768253a2b04 100644 --- a/units/systemd-userdbd.socket +++ b/units/systemd-userdbd.socket @@ -15,7 +15,7 @@ Before=sockets.target [Socket] ListenStream=/run/systemd/userdb/io.systemd.Multiplexer -Symlinks=/run/systemd/userdb/io.systemd.NameServiceSwitch +Symlinks=/run/systemd/userdb/io.systemd.NameServiceSwitch /run/systemd/userdb/io.systemd.DropIn SocketMode=0666 [Install]