userdbd: also listen on a varlink socket io.systemd.DropIn

Let's explicitly support looking things up via dropin as a varlink service.
2025-05-28 13:05:47 +03:00 · 2021-05-06 16:38:28 +02:00 · 2021-05-06 16:38:28 +02:00 · 8fbb1941f1
commit 8fbb1941f1
parent 85f088abe8
5 changed files with 14 additions and 3 deletions
--- a/src/shared/userdb.h
+++ b/src/shared/userdb.h
@ -28,6 +28,7 @@ typedef enum UserDBFlags {
        /* Combinations */
        USERDB_NSS_ONLY = USERDB_EXCLUDE_VARLINK|USERDB_EXCLUDE_DROPIN|USERDB_DONT_SYNTHESIZE,
        USERDB_DROPIN_ONLY = USERDB_EXCLUDE_NSS|USERDB_EXCLUDE_VARLINK|USERDB_DONT_SYNTHESIZE,
 } UserDBFlags;
 /* Well-known errors we'll return here:
--- a/src/userdb/userdbd-manager.c
+++ b/src/userdb/userdbd-manager.c
@ -289,6 +289,11 @@ int manager_startup(Manager *m) {
                if (r < 0)
                        return log_error_errno(r, "Failed to bind io.systemd.Multiplexer: %m");
                r = symlink_idempotent("io.systemd.Multiplexer",
                                       "/run/systemd/userdb/io.systemd.DropIn", false);
                if (r < 0)
                        return log_error_errno(r, "Failed to bind io.systemd.Multiplexer: %m");
                if (listen(m->listen_fd, SOMAXCONN) < 0)
                        return log_error_errno(errno, "Failed to listen on socket: %m");
        }
--- a/src/userdb/userdbd.c
+++ b/src/userdb/userdbd.c
@ -17,6 +17,9 @@
 *         → io.systemd.Multiplexer: this multiplexes lookup requests to all Varlink services that have a
 *           socket in /run/systemd/userdb/. It's supposed to simplify clients that don't want to implement
 *           the full iterative logic on their own.
 *
 *         → io.systemd.DropIn: this makes JSON user/group records dropped into /run/userdb/ available as
 *           regular users.
 */
 static int run(int argc, char *argv[]) {
@ -31,8 +34,8 @@ static int run(int argc, char *argv[]) {
        if (argc != 1)
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "This program takes no arguments.");
-        if (setenv("SYSTEMD_BYPASS_USERDB", "io.systemd.NameServiceSwitch:io.systemd.Multiplexer", 1) < 0)
+        if (setenv("SYSTEMD_BYPASS_USERDB", "io.systemd.NameServiceSwitch:io.systemd.Multiplexer:io.systemd.DropIn", 1) < 0)
-                return log_error_errno(errno, "Failed to se $SYSTEMD_BYPASS_USERDB: %m");
+                return log_error_errno(errno, "Failed to set $SYSTEMD_BYPASS_USERDB: %m");
        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGCHLD, SIGTERM, SIGINT, SIGUSR2, -1) >= 0);
--- a/src/userdb/userwork.c
+++ b/src/userdb/userwork.c
@ -120,6 +120,8 @@ static int userdb_flags_from_service(Varlink *link, const char *service, UserDBF
        if (streq_ptr(service, "io.systemd.NameServiceSwitch"))
                *ret = USERDB_NSS_ONLY|USERDB_AVOID_MULTIPLEXER;
        if (streq_ptr(service, "io.systemd.DropIn"))
                *ret = USERDB_DROPIN_ONLY|USERDB_AVOID_MULTIPLEXER;
        else if (streq_ptr(service, "io.systemd.Multiplexer"))
                *ret = USERDB_AVOID_MULTIPLEXER;
        else
--- a/units/systemd-userdbd.socket
+++ b/units/systemd-userdbd.socket
@ -15,7 +15,7 @@ Before=sockets.target
 [Socket]
 ListenStream=/run/systemd/userdb/io.systemd.Multiplexer
-Symlinks=/run/systemd/userdb/io.systemd.NameServiceSwitch
+Symlinks=/run/systemd/userdb/io.systemd.NameServiceSwitch /run/systemd/userdb/io.systemd.DropIn
 SocketMode=0666
 [Install]