user-record: only synthesize default list of self-modifiable fields for *regular* users

For system users we should lock things down, hence generate an empty list. This is mostly a safety precaution, but also hides really confusing output of "userdbctl user" for an system user. Follow-up for: a192250eda1e5cc1f8fc799cf9b85d37e7fa0519
2025-05-27 21:05:55 +03:00 · 2024-11-12 16:37:14 +01:00 · 2024-11-12 16:37:14 +01:00 · ac8e381e26
commit ac8e381e26
parent 574a04f62a
2 changed files with 17 additions and 4 deletions
--- a/src/shared/user-record.c
+++ b/src/shared/user-record.c
@ -2165,8 +2165,15 @@ const char** user_record_self_modifiable_fields(UserRecord *h) {

        assert(h);

+        /* Note: if the self_modifiable_fields field in UserRecord is NULL we'll apply a default, if we have
+         * one. If it is a non-NULL empty strv, we'll report it as explicit empty list. When the field is
+         * NULL and we have no default list we'll return NULL. */
+
        /* Note that we intentionally distinguish between NULL and an empty array here */
-        return (const char**) h->self_modifiable_fields ?: (const char**) default_fields;
+        if (h->self_modifiable_fields)
+                return (const char**) h->self_modifiable_fields;
+
+        return user_record_disposition(h) == USER_REGULAR ? (const char**) default_fields : NULL;
 }

 const char** user_record_self_modifiable_blobs(UserRecord *h) {
@ -2180,7 +2187,10 @@ const char** user_record_self_modifiable_blobs(UserRecord *h) {
        assert(h);

        /* Note that we intentionally distinguish between NULL and an empty array here */
-        return (const char**) h->self_modifiable_blobs ?: (const char**) default_blobs;
+        if (h->self_modifiable_blobs)
+                return (const char**) h->self_modifiable_blobs;
+
+        return user_record_disposition(h) == USER_REGULAR ? (const char**) default_blobs : NULL;
 }

 const char** user_record_self_modifiable_privileged(UserRecord *h) {
@ -2201,7 +2211,10 @@ const char** user_record_self_modifiable_privileged(UserRecord *h) {
        assert(h);

        /* Note that we intentionally distinguish between NULL and an empty array here */
-        return (const char**) h->self_modifiable_privileged ?: (const char**) default_fields;
+        if (h->self_modifiable_privileged)
+                return (const char**) h->self_modifiable_privileged;
+
+        return user_record_disposition(h) == USER_REGULAR ? (const char**) default_fields : NULL;
 }

 static int remove_self_modifiable_json_fields_common(UserRecord *current, sd_json_variant **target) {
--- a/src/test/test-user-record.c
+++ b/src/test/test-user-record.c
@ -9,7 +9,7 @@
        ({                                      \
                typeof(ret) _r = (ret);         \
                user_record_unref(*_r);         \
-                assert_se(user_record_build((ret), SD_JSON_BUILD_OBJECT(__VA_ARGS__)) >= 0); \
+                assert_se(user_record_build((ret), SD_JSON_BUILD_OBJECT(SD_JSON_BUILD_PAIR_STRING("disposition", "regular"), __VA_ARGS__)) >= 0); \
                0;                              \
        })