From 575675cd711d4760a36352fe8042aa522e29b00b Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 15 Oct 2024 13:59:57 +0200 Subject: [PATCH] userdb: return ESRCH if userdb service refuses a user/group name as invalid if a userdb service refuse a user/group name as invalid, let's turn this into ESRCH client-side following that there definitely is no user/group record for a completely invalid user/group name. Replaces: #34558 (cherry picked from commit 69cc4ee134f420dcdd6aac08446bd852d8739694) Resolves: RHEL-55266 --- src/shared/userdb.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/shared/userdb.c b/src/shared/userdb.c index 200cb50683..8e01f0f4a1 100644 --- a/src/shared/userdb.c +++ b/src/shared/userdb.c @@ -159,9 +159,15 @@ static int userdb_on_query_reply( if (error_id) { log_debug("Got lookup error: %s", error_id); + /* Convert various forms of record not found into -ESRCH, since NSS typically doesn't care, + * about the details. Note that if a userName specification is refused as invalid parameter, + * we also turn this into -ESRCH following the logic that there cannot be a user record for a + * completely invalid user name. */ if (STR_IN_SET(error_id, "io.systemd.UserDatabase.NoRecordFound", - "io.systemd.UserDatabase.ConflictingRecordFound")) + "io.systemd.UserDatabase.ConflictingRecordFound") || + varlink_error_is_invalid_parameter(error_id, parameters, "userName") || + varlink_error_is_invalid_parameter(error_id, parameters, "groupName")) r = -ESRCH; else if (streq(error_id, "io.systemd.UserDatabase.ServiceNotAvailable")) r = -EHOSTDOWN;