From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 9 Apr 2020 12:28:56 +0000 (+0200)
Subject: logind: avoid shadow lookups when doing userdb client side
X-Git-Tag: archive/raspbian/245.6-2+rpi1^2~25
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=0d20141185ad237280e1205ae24134f10e8640b0;p=systemd.git

logind: avoid shadow lookups when doing userdb client side

Let's not trigger MACs needlessly.

Ideally everybody would turn on userdb, but if people insist in not
doing so, then let's not attempt to open shadow.

It's a bit ugly to implement this, since shadow information is more than
just passwords (but accound validity metadata), and thus userdb's own
"privieleged" scheme is orthogonal to this, but let's still do this for
the client side.

Fixes: #15105
(cherry picked from commit b062ca616c778358d4da008a2950615fac74aa24)

Gbp-Pq: Name logind-avoid-shadow-lookups-when-doing-userdb-client-side.patch
---

diff --git a/src/login/logind-core.c b/src/login/logind-core.c
index 22a42b07..a9006d74 100644
--- a/src/login/logind-core.c
+++ b/src/login/logind-core.c
@@ -171,7 +171,7 @@ int manager_add_user_by_name(
         assert(m);
         assert(name);
 
-        r = userdb_by_name(name, 0, &ur);
+        r = userdb_by_name(name, USERDB_AVOID_SHADOW, &ur);
         if (r < 0)
                 return r;
 
@@ -189,7 +189,7 @@ int manager_add_user_by_uid(
         assert(m);
         assert(uid_is_valid(uid));
 
-        r = userdb_by_uid(uid, 0, &ur);
+        r = userdb_by_uid(uid, USERDB_AVOID_SHADOW, &ur);
         if (r < 0)
                 return r;