X Tutup
Skip to content

Commit bfc0cc1

Browse files
poetteringpoettering
committed
userdb: make most loading of JSON user record data "permissive"
We want user records to be extensible, hence we shouldn't complain about fields we can't parse. In particular we want them to be extensible for our own future extensions. Some code already turned the permissive flag when parsing the JSON data, but most did not. Fix that. A few select cases remain where the bit is not set: where we just gnerated the JSON data ourselves, and thus can be reasonably sure that if we can't parse it it's our immediate programming error and not just us processing a user record from some other tool or a newer version of ourselves.
1 parent 17e7561 commit bfc0cc1

20 files changed

+47
-43
lines changed

src/home/homectl.c

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -571,9 +571,9 @@ static void dump_home_record(UserRecord *hr) {
571571
_cleanup_(user_record_unrefp) UserRecord *stripped = NULL;
572572

573573
if (arg_export_format == EXPORT_FORMAT_STRIPPED)
574-
r = user_record_clone(hr, USER_RECORD_EXTRACT_EMBEDDED, &stripped);
574+
r = user_record_clone(hr, USER_RECORD_EXTRACT_EMBEDDED|USER_RECORD_PERMISSIVE, &stripped);
575575
else if (arg_export_format == EXPORT_FORMAT_MINIMAL)
576-
r = user_record_clone(hr, USER_RECORD_EXTRACT_SIGNABLE, &stripped);
576+
r = user_record_clone(hr, USER_RECORD_EXTRACT_SIGNABLE|USER_RECORD_PERMISSIVE, &stripped);
577577
else
578578
r = 0;
579579
if (r < 0)
@@ -678,7 +678,7 @@ static int inspect_home(int argc, char *argv[], void *userdata) {
678678
if (!hr)
679679
return log_oom();
680680

681-
r = user_record_load(hr, v, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_LOG);
681+
r = user_record_load(hr, v, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_LOG|USER_RECORD_PERMISSIVE);
682682
if (r < 0) {
683683
if (ret == 0)
684684
ret = r;
@@ -1060,7 +1060,7 @@ static int acquire_new_home_record(UserRecord **ret) {
10601060
if (!hr)
10611061
return log_oom();
10621062

1063-
r = user_record_load(hr, v, USER_RECORD_REQUIRE_REGULAR|USER_RECORD_ALLOW_SECRET|USER_RECORD_ALLOW_PRIVILEGED|USER_RECORD_ALLOW_PER_MACHINE|USER_RECORD_ALLOW_SIGNATURE|USER_RECORD_LOG);
1063+
r = user_record_load(hr, v, USER_RECORD_REQUIRE_REGULAR|USER_RECORD_ALLOW_SECRET|USER_RECORD_ALLOW_PRIVILEGED|USER_RECORD_ALLOW_PER_MACHINE|USER_RECORD_ALLOW_SIGNATURE|USER_RECORD_LOG|USER_RECORD_PERMISSIVE);
10641064
if (r < 0)
10651065
return r;
10661066

@@ -1426,7 +1426,7 @@ static int acquire_updated_home_record(
14261426
if (!hr)
14271427
return log_oom();
14281428

1429-
r = user_record_load(hr, json, USER_RECORD_REQUIRE_REGULAR|USER_RECORD_ALLOW_PRIVILEGED|USER_RECORD_ALLOW_PER_MACHINE|USER_RECORD_ALLOW_SECRET|USER_RECORD_ALLOW_SIGNATURE|USER_RECORD_LOG);
1429+
r = user_record_load(hr, json, USER_RECORD_REQUIRE_REGULAR|USER_RECORD_ALLOW_PRIVILEGED|USER_RECORD_ALLOW_PER_MACHINE|USER_RECORD_ALLOW_SECRET|USER_RECORD_ALLOW_SIGNATURE|USER_RECORD_LOG|USER_RECORD_PERMISSIVE);
14301430
if (r < 0)
14311431
return r;
14321432

src/home/homed-bus.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ int bus_message_read_secret(sd_bus_message *m, UserRecord **ret, sd_bus_error *e
2828
if (!hr)
2929
return -ENOMEM;
3030

31-
r = user_record_load(hr, full, USER_RECORD_REQUIRE_SECRET);
31+
r = user_record_load(hr, full, USER_RECORD_REQUIRE_SECRET|USER_RECORD_PERMISSIVE);
3232
if (r < 0)
3333
return r;
3434

src/home/homed-home-bus.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -95,7 +95,7 @@ int bus_home_get_record_json(
9595
trusted = false;
9696
}
9797

98-
flags = USER_RECORD_REQUIRE_REGULAR|USER_RECORD_ALLOW_PER_MACHINE|USER_RECORD_ALLOW_BINDING|USER_RECORD_STRIP_SECRET|USER_RECORD_ALLOW_STATUS|USER_RECORD_ALLOW_SIGNATURE;
98+
flags = USER_RECORD_REQUIRE_REGULAR|USER_RECORD_ALLOW_PER_MACHINE|USER_RECORD_ALLOW_BINDING|USER_RECORD_STRIP_SECRET|USER_RECORD_ALLOW_STATUS|USER_RECORD_ALLOW_SIGNATURE|USER_RECORD_PERMISSIVE;
9999
if (trusted)
100100
flags |= USER_RECORD_ALLOW_PRIVILEGED;
101101
else
@@ -443,7 +443,7 @@ int bus_home_method_update(
443443
assert(message);
444444
assert(h);
445445

446-
r = bus_message_read_home_record(message, USER_RECORD_REQUIRE_REGULAR|USER_RECORD_REQUIRE_SECRET|USER_RECORD_ALLOW_PRIVILEGED|USER_RECORD_ALLOW_PER_MACHINE|USER_RECORD_ALLOW_SIGNATURE, &hr, error);
446+
r = bus_message_read_home_record(message, USER_RECORD_REQUIRE_REGULAR|USER_RECORD_REQUIRE_SECRET|USER_RECORD_ALLOW_PRIVILEGED|USER_RECORD_ALLOW_PER_MACHINE|USER_RECORD_ALLOW_SIGNATURE|USER_RECORD_PERMISSIVE, &hr, error);
447447
if (r < 0)
448448
return r;
449449

src/home/homed-home.c

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -145,7 +145,7 @@ int home_new(Manager *m, UserRecord *hr, const char *sysfs, Home **ret) {
145145
return r;
146146
}
147147

148-
r = user_record_clone(hr, USER_RECORD_LOAD_MASK_SECRET, &home->record);
148+
r = user_record_clone(hr, USER_RECORD_LOAD_MASK_SECRET|USER_RECORD_PERMISSIVE, &home->record);
149149
if (r < 0)
150150
return r;
151151

@@ -243,7 +243,7 @@ int home_set_record(Home *h, UserRecord *hr) {
243243
if (!new_hr)
244244
return -ENOMEM;
245245

246-
r = user_record_load(new_hr, v, USER_RECORD_LOAD_REFUSE_SECRET);
246+
r = user_record_load(new_hr, v, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE);
247247
if (r < 0)
248248
return r;
249249

@@ -384,7 +384,7 @@ static int home_parse_worker_stdout(int _fd, UserRecord **ret) {
384384
if (!hr)
385385
return log_oom();
386386

387-
r = user_record_load(hr, v, USER_RECORD_LOAD_REFUSE_SECRET);
387+
r = user_record_load(hr, v, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE);
388388
if (r < 0)
389389
return log_error_errno(r, "Failed to load home record identity: %m");
390390

@@ -1410,7 +1410,7 @@ static int home_update_internal(
14101410
return sd_bus_error_set(error, BUS_ERROR_HOME_RECORD_DOWNGRADE, "Refusing to update to older home record.");
14111411

14121412
if (!secret && FLAGS_SET(hr->mask, USER_RECORD_SECRET)) {
1413-
r = user_record_clone(hr, USER_RECORD_EXTRACT_SECRET, &saved_secret);
1413+
r = user_record_clone(hr, USER_RECORD_EXTRACT_SECRET|USER_RECORD_PERMISSIVE, &saved_secret);
14141414
if (r < 0)
14151415
return r;
14161416

@@ -1445,7 +1445,7 @@ static int home_update_internal(
14451445
return r;
14461446
}
14471447

1448-
r = user_record_extend_with_binding(hr, h->record, USER_RECORD_LOAD_MASK_SECRET, &new_hr);
1448+
r = user_record_extend_with_binding(hr, h->record, USER_RECORD_LOAD_MASK_SECRET|USER_RECORD_PERMISSIVE, &new_hr);
14491449
if (r < 0)
14501450
return r;
14511451

@@ -1539,7 +1539,7 @@ int home_resize(Home *h, uint64_t disk_size, UserRecord *secret, sd_bus_error *e
15391539
if (h->signed_locally <= 0) /* Don't allow changing of records not signed only by us */
15401540
return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
15411541

1542-
r = user_record_clone(h->record, USER_RECORD_LOAD_REFUSE_SECRET, &c);
1542+
r = user_record_clone(h->record, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE, &c);
15431543
if (r < 0)
15441544
return r;
15451545

@@ -1628,7 +1628,7 @@ int home_passwd(Home *h,
16281628
if (r < 0)
16291629
return r;
16301630

1631-
r = user_record_clone(h->record, USER_RECORD_LOAD_REFUSE_SECRET, &c);
1631+
r = user_record_clone(h->record, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE, &c);
16321632
if (r < 0)
16331633
return r;
16341634

src/home/homed-manager-bus.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -398,7 +398,7 @@ static int method_register_home(
398398
assert(message);
399399
assert(m);
400400

401-
r = bus_message_read_home_record(message, USER_RECORD_LOAD_EMBEDDED, &hr, error);
401+
r = bus_message_read_home_record(message, USER_RECORD_LOAD_EMBEDDED|USER_RECORD_PERMISSIVE, &hr, error);
402402
if (r < 0)
403403
return r;
404404

@@ -513,7 +513,7 @@ static int method_update_home(sd_bus_message *message, void *userdata, sd_bus_er
513513
assert(message);
514514
assert(m);
515515

516-
r = bus_message_read_home_record(message, USER_RECORD_REQUIRE_REGULAR|USER_RECORD_ALLOW_SECRET|USER_RECORD_ALLOW_PRIVILEGED|USER_RECORD_ALLOW_PER_MACHINE|USER_RECORD_ALLOW_SIGNATURE, &hr, error);
516+
r = bus_message_read_home_record(message, USER_RECORD_REQUIRE_REGULAR|USER_RECORD_ALLOW_SECRET|USER_RECORD_ALLOW_PRIVILEGED|USER_RECORD_ALLOW_PER_MACHINE|USER_RECORD_ALLOW_SIGNATURE|USER_RECORD_PERMISSIVE, &hr, error);
517517
if (r < 0)
518518
return r;
519519

src/home/homed-manager.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -364,7 +364,7 @@ static int manager_add_home_by_record(
364364
if (!hr)
365365
return log_oom();
366366

367-
r = user_record_load(hr, v, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_LOG);
367+
r = user_record_load(hr, v, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_LOG|USER_RECORD_PERMISSIVE);
368368
if (r < 0)
369369
return r;
370370

src/home/homed-varlink.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ static int build_user_json(Home *h, bool trusted, JsonVariant **ret) {
4242
assert(h);
4343
assert(ret);
4444

45-
flags = USER_RECORD_REQUIRE_REGULAR|USER_RECORD_ALLOW_PER_MACHINE|USER_RECORD_ALLOW_BINDING|USER_RECORD_STRIP_SECRET|USER_RECORD_ALLOW_STATUS|USER_RECORD_ALLOW_SIGNATURE;
45+
flags = USER_RECORD_REQUIRE_REGULAR|USER_RECORD_ALLOW_PER_MACHINE|USER_RECORD_ALLOW_BINDING|USER_RECORD_STRIP_SECRET|USER_RECORD_ALLOW_STATUS|USER_RECORD_ALLOW_SIGNATURE|USER_RECORD_PERMISSIVE;
4646
if (trusted)
4747
flags |= USER_RECORD_ALLOW_PRIVILEGED;
4848
else

src/home/homework-cifs.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -185,7 +185,7 @@ int home_create_cifs(UserRecord *h, UserRecord **ret_home) {
185185
if (r < 0)
186186
return r;
187187

188-
r = user_record_clone(h, USER_RECORD_LOAD_MASK_SECRET, &new_home);
188+
r = user_record_clone(h, USER_RECORD_LOAD_MASK_SECRET|USER_RECORD_PERMISSIVE, &new_home);
189189
if (r < 0)
190190
return log_error_errno(r, "Failed to clone record: %m");
191191

src/home/homework-directory.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -158,7 +158,7 @@ int home_create_directory_or_subvolume(UserRecord *h, UserRecord **ret_home) {
158158
if (r < 0)
159159
return r;
160160

161-
r = user_record_clone(h, USER_RECORD_LOAD_MASK_SECRET, &new_home);
161+
r = user_record_clone(h, USER_RECORD_LOAD_MASK_SECRET|USER_RECORD_PERMISSIVE, &new_home);
162162
if (r < 0)
163163
return log_error_errno(r, "Failed to clone record: %m");
164164

src/home/homework-fscrypt.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -550,7 +550,7 @@ int home_create_fscrypt(
550550
if (r < 0)
551551
return r;
552552

553-
r = user_record_clone(h, USER_RECORD_LOAD_MASK_SECRET, &new_home);
553+
r = user_record_clone(h, USER_RECORD_LOAD_MASK_SECRET|USER_RECORD_PERMISSIVE, &new_home);
554554
if (r < 0)
555555
return log_error_errno(r, "Failed to clone record: %m");
556556

0 commit comments

Comments
 (0)
X Tutup