]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/shared/user-record.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Look at /etc/login.defs for the system_max_[ug]id values
[thirdparty/systemd.git] / src / shared / user-record.c
CommitLineData
71d0b9d4
LP		 1/* SPDX-License-Identifier: LGPL-2.1+ */
2
3#include <sys/mount.h>
4
5#include "cgroup-util.h"
6#include "dns-domain.h"
7#include "env-util.h"
53393c89
ZJS		 8#include "fd-util.h"
9#include "fileio.h"
71d0b9d4
LP		 10#include "fs-util.h"
11#include "hexdecoct.h"
12#include "hostname-util.h"
13#include "memory-util.h"
14#include "path-util.h"
15#include "pkcs11-util.h"
16#include "rlimit-util.h"
17#include "stat-util.h"
18#include "string-table.h"
19#include "strv.h"
20#include "user-record.h"
21#include "user-util.h"
22
23#define DEFAULT_RATELIMIT_BURST 30
24#define DEFAULT_RATELIMIT_INTERVAL_USEC (1*USEC_PER_MINUTE)
25
53393c89
ZJS		 26#if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES
27static int parse_alloc_uid(const char *path, const char *name, const char *t, uid_t *ret_uid) {
28 uid_t uid;
29 int r;
30
31 r = parse_uid(t, &uid);
32 if (r < 0)
33 return log_debug_errno(r, "%s: failed to parse %s %s, ignoring: %m", path, name, t);
34 if (uid == 0)
35 uid = 1;
36
37 *ret_uid = uid;
38 return 0;
39}
40
41static int read_login_defs(UGIDAllocationRange *ret_defs, const char *path) {
42 _cleanup_fclose_ FILE *f = NULL;
43 UGIDAllocationRange defs = {
44 .system_uid_max = SYSTEM_UID_MAX,
45 .system_gid_max = SYSTEM_GID_MAX,
46 };
47 int r;
48
49 if (!path)
50 path = "/etc/login.defs";
51
52 r = fopen_unlocked(path, "re", &f);
53 if (r == -ENOENT)
54 goto assign;
55 if (r < 0)
56 return log_debug_errno(r, "Failed to open %s: %m", path);
57
58 for (;;) {
59 _cleanup_free_ char *line = NULL;
60 char *t;
61
62 r = read_line(f, LINE_MAX, &line);
63 if (r < 0)
64 return log_debug_errno(r, "Failed to read %s: %m", path);
65 if (r == 0)
66 break;
67
68 if ((t = first_word(line, "SYS_UID_MAX")))
69 (void) parse_alloc_uid(path, "SYS_UID_MAX", t, &defs.system_uid_max);
70 else if ((t = first_word(line, "SYS_GID_MAX")))
71 (void) parse_alloc_uid(path, "SYS_GID_MAX", t, &defs.system_gid_max);
72 }
73
74 assign:
75 *ret_defs = defs;
76 return 0;
77}
78#endif
79
80const UGIDAllocationRange *acquire_ugid_allocation_range(void) {
81#if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES
82 static thread_local UGIDAllocationRange defs = {
83#else
84 static const UGIDAllocationRange defs = {
85#endif
86 .system_uid_max = SYSTEM_UID_MAX,
87 .system_gid_max = SYSTEM_GID_MAX,
88 };
89
90#if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES
91 /* This function will ignore failure to read the file, so it should only be called from places where
92 * we don't crucially depend on the answer. In other words, it's appropriate for journald, but
93 * probably not for sysusers. */
94
95 static thread_local bool initialized = false;
96
97 if (!initialized) {
98 (void) read_login_defs(&defs, NULL);
99 initialized = true;
100 }
101#endif
102
103 return &defs;
104}
105
106bool uid_is_system(uid_t uid) {
107 const UGIDAllocationRange *defs;
108 assert_se(defs = acquire_ugid_allocation_range());
109
110 return uid <= defs->system_uid_max;
111}
112
113bool gid_is_system(gid_t gid) {
114 const UGIDAllocationRange *defs;
115 assert_se(defs = acquire_ugid_allocation_range());
116
117 return gid <= defs->system_gid_max;
118}
119
71d0b9d4
LP		 120UserRecord* user_record_new(void) {
121 UserRecord *h;
122
123 h = new(UserRecord, 1);
124 if (!h)
125 return NULL;
126
127 *h = (UserRecord) {
128 .n_ref = 1,
129 .disposition = _USER_DISPOSITION_INVALID,
130 .last_change_usec = UINT64_MAX,
131 .last_password_change_usec = UINT64_MAX,
132 .umask = MODE_INVALID,
133 .nice_level = INT_MAX,
134 .not_before_usec = UINT64_MAX,
135 .not_after_usec = UINT64_MAX,
136 .locked = -1,
137 .storage = _USER_STORAGE_INVALID,
138 .access_mode = MODE_INVALID,
139 .disk_size = UINT64_MAX,
140 .disk_size_relative = UINT64_MAX,
141 .tasks_max = UINT64_MAX,
142 .memory_high = UINT64_MAX,
143 .memory_max = UINT64_MAX,
144 .cpu_weight = UINT64_MAX,
145 .io_weight = UINT64_MAX,
146 .uid = UID_INVALID,
147 .gid = GID_INVALID,
148 .nodev = true,
149 .nosuid = true,
150 .luks_discard = -1,
5e86c82a 151 .luks_offline_discard = -1,
71d0b9d4
LP		 152 .luks_volume_key_size = UINT64_MAX,
153 .luks_pbkdf_time_cost_usec = UINT64_MAX,
154 .luks_pbkdf_memory_cost = UINT64_MAX,
155 .luks_pbkdf_parallel_threads = UINT64_MAX,
156 .disk_usage = UINT64_MAX,
157 .disk_free = UINT64_MAX,
158 .disk_ceiling = UINT64_MAX,
159 .disk_floor = UINT64_MAX,
160 .signed_locally = -1,
161 .good_authentication_counter = UINT64_MAX,
162 .bad_authentication_counter = UINT64_MAX,
163 .last_good_authentication_usec = UINT64_MAX,
164 .last_bad_authentication_usec = UINT64_MAX,
165 .ratelimit_begin_usec = UINT64_MAX,
166 .ratelimit_count = UINT64_MAX,
167 .ratelimit_interval_usec = UINT64_MAX,
168 .ratelimit_burst = UINT64_MAX,
169 .removable = -1,
170 .enforce_password_policy = -1,
171 .auto_login = -1,
172 .stop_delay_usec = UINT64_MAX,
173 .kill_processes = -1,
174 .password_change_min_usec = UINT64_MAX,
175 .password_change_max_usec = UINT64_MAX,
176 .password_change_warn_usec = UINT64_MAX,
177 .password_change_inactive_usec = UINT64_MAX,
178 .password_change_now = -1,
179 .pkcs11_protected_authentication_path_permitted = -1,
7b78db28 180 .fido2_user_presence_permitted = -1,
71d0b9d4
LP		 181 };
182
183 return h;
184}
185
186static void pkcs11_encrypted_key_done(Pkcs11EncryptedKey *k) {
187 if (!k)
188 return;
189
190 free(k->uri);
191 erase_and_free(k->data);
192 erase_and_free(k->hashed_password);
193}
194
5e4fa456
LP		 195static void fido2_hmac_credential_done(Fido2HmacCredential *c) {
196 if (!c)
197 return;
198
199 free(c->id);
200}
201
202static void fido2_hmac_salt_done(Fido2HmacSalt *s) {
203 if (!s)
204 return;
205
206 fido2_hmac_credential_done(&s->credential);
207 erase_and_free(s->salt);
208 erase_and_free(s->hashed_password);
209}
210
b3a97fd3
LP		 211static void recovery_key_done(RecoveryKey *k) {
212 if (!k)
213 return;
214
215 free(k->type);
216 erase_and_free(k->hashed_password);
217}
218
71d0b9d4
LP		 219static UserRecord* user_record_free(UserRecord *h) {
220 if (!h)
221 return NULL;
222
223 free(h->user_name);
224 free(h->realm);
225 free(h->user_name_and_realm_auto);
226 free(h->real_name);
227 free(h->email_address);
228 erase_and_free(h->password_hint);
229 free(h->location);
230 free(h->icon_name);
231
232 free(h->shell);
233
234 strv_free(h->environment);
235 free(h->time_zone);
236 free(h->preferred_language);
237 rlimit_free_all(h->rlimits);
238
239 free(h->skeleton_directory);
240
241 strv_free_erase(h->hashed_password);
242 strv_free_erase(h->ssh_authorized_keys);
243 strv_free_erase(h->password);
c0bde0d2 244 strv_free_erase(h->token_pin);
71d0b9d4
LP		 245
246 free(h->cifs_service);
247 free(h->cifs_user_name);
248 free(h->cifs_domain);
249
250 free(h->image_path);
251 free(h->image_path_auto);
252 free(h->home_directory);
253 free(h->home_directory_auto);
254
255 strv_free(h->member_of);
256
257 free(h->file_system_type);
258 free(h->luks_cipher);
259 free(h->luks_cipher_mode);
260 free(h->luks_pbkdf_hash_algorithm);
261 free(h->luks_pbkdf_type);
262
263 free(h->state);
264 free(h->service);
265
266 strv_free(h->pkcs11_token_uri);
267 for (size_t i = 0; i < h->n_pkcs11_encrypted_key; i++)
268 pkcs11_encrypted_key_done(h->pkcs11_encrypted_key + i);
269 free(h->pkcs11_encrypted_key);
270
5e4fa456
LP		 271 for (size_t i = 0; i < h->n_fido2_hmac_credential; i++)
272 fido2_hmac_credential_done(h->fido2_hmac_credential + i);
273 for (size_t i = 0; i < h->n_fido2_hmac_salt; i++)
274 fido2_hmac_salt_done(h->fido2_hmac_salt + i);
275
b3a97fd3
LP		 276 strv_free(h->recovery_key_type);
277 for (size_t i = 0; i < h->n_recovery_key; i++)
278 recovery_key_done(h->recovery_key + i);
279
71d0b9d4
LP		 280 json_variant_unref(h->json);
281
282 return mfree(h);
283}
284
285DEFINE_TRIVIAL_REF_UNREF_FUNC(UserRecord, user_record, user_record_free);
286
287int json_dispatch_realm(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
288 char **s = userdata;
289 const char *n;
290 int r;
291
292 if (json_variant_is_null(variant)) {
293 *s = mfree(*s);
294 return 0;
295 }
296
297 if (!json_variant_is_string(variant))
298 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
299
300 n = json_variant_string(variant);
301 r = dns_name_is_valid(n);
302 if (r < 0)
303 return json_log(variant, flags, r, "Failed to check if JSON field '%s' is a valid DNS domain.", strna(name));
304 if (r == 0)
305 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid DNS domain.", strna(name));
306
307 r = free_and_strdup(s, n);
308 if (r < 0)
309 return json_log(variant, flags, r, "Failed to allocate string: %m");
310
311 return 0;
312}
313
0bb43080 314int json_dispatch_gecos(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
71d0b9d4
LP		 315 char **s = userdata;
316 const char *n;
71d0b9d4
LP		 317
318 if (json_variant_is_null(variant)) {
319 *s = mfree(*s);
320 return 0;
321 }
322
323 if (!json_variant_is_string(variant))
324 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
325
326 n = json_variant_string(variant);
5cd12aba
LP		 327 if (valid_gecos(n)) {
328 if (free_and_strdup(s, n) < 0)
329 return json_log_oom(variant, flags);
330 } else {
331 _cleanup_free_ char *m = NULL;
71d0b9d4 332
5cd12aba
LP		 333 json_log(variant, flags|JSON_DEBUG, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid GECOS compatible string, mangling.", strna(name));
334
335 m = mangle_gecos(n);
336 if (!m)
337 return json_log_oom(variant, flags);
338
339 free_and_replace(*s, m);
340 }
71d0b9d4
LP		 341
342 return 0;
343}
344
345static int json_dispatch_nice(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
346 int *nl = userdata;
347 intmax_t m;
348
349 if (json_variant_is_null(variant)) {
350 *nl = INT_MAX;
351 return 0;
352 }
353
354 if (!json_variant_is_integer(variant))
355 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
356
357 m = json_variant_integer(variant);
358 if (m < PRIO_MIN || m >= PRIO_MAX)
359 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not a valid nice level.", strna(name));
360
361 *nl = m;
362 return 0;
363}
364
365static int json_dispatch_rlimit_value(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
366 rlim_t *ret = userdata;
367
368 if (json_variant_is_null(variant))
369 *ret = RLIM_INFINITY;
370 else if (json_variant_is_unsigned(variant)) {
371 uintmax_t w;
372
373 w = json_variant_unsigned(variant);
374 if (w == RLIM_INFINITY || (uintmax_t) w != json_variant_unsigned(variant))
375 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "Resource limit value '%s' is out of range.", name);
376
377 *ret = (rlim_t) w;
378 } else
379 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit value '%s' is not an unsigned integer.", name);
380
381 return 0;
382}
383
384static int json_dispatch_rlimits(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
385 struct rlimit** limits = userdata;
386 JsonVariant *value;
387 const char *key;
388 int r;
389
390 assert_se(limits);
391
392 if (json_variant_is_null(variant)) {
393 rlimit_free_all(limits);
394 return 0;
395 }
396
397 if (!json_variant_is_object(variant))
398 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an object.", strna(name));
399
400 JSON_VARIANT_OBJECT_FOREACH(key, value, variant) {
401 JsonVariant *jcur, *jmax;
402 struct rlimit rl;
403 const char *p;
404 int l;
405
406 p = startswith(key, "RLIMIT_");
407 if (!p)
408 l = -1;
409 else
410 l = rlimit_from_string(p);
411 if (l < 0)
412 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' not known.", key);
413
414 if (!json_variant_is_object(value))
415 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' has invalid value.", key);
416
417 if (json_variant_elements(value) != 4)
418 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' value is does not have two fields as expected.", key);
419
420 jcur = json_variant_by_key(value, "cur");
421 if (!jcur)
422 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' lacks 'cur' field.", key);
423 r = json_dispatch_rlimit_value("cur", jcur, flags, &rl.rlim_cur);
424 if (r < 0)
425 return r;
426
427 jmax = json_variant_by_key(value, "max");
428 if (!jmax)
429 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' lacks 'max' field.", key);
430 r = json_dispatch_rlimit_value("max", jmax, flags, &rl.rlim_max);
431 if (r < 0)
432 return r;
433
434 if (limits[l])
435 *(limits[l]) = rl;
436 else {
437 limits[l] = newdup(struct rlimit, &rl, 1);
438 if (!limits[l])
439 return log_oom();
440 }
441 }
442
443 return 0;
444}
445
446static int json_dispatch_filename_or_path(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
447 char **s = userdata;
448 const char *n;
449 int r;
450
451 assert(s);
452
453 if (json_variant_is_null(variant)) {
454 *s = mfree(*s);
455 return 0;
456 }
457
458 if (!json_variant_is_string(variant))
459 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
460
461 n = json_variant_string(variant);
462 if (!filename_is_valid(n) && !path_is_normalized(n))
463 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid file name or normalized path.", strna(name));
464
465 r = free_and_strdup(s, n);
466 if (r < 0)
467 return json_log(variant, flags, r, "Failed to allocate string: %m");
468
469 return 0;
470}
471
472static int json_dispatch_path(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
473 char **s = userdata;
474 const char *n;
475 int r;
476
477 if (json_variant_is_null(variant)) {
478 *s = mfree(*s);
479 return 0;
480 }
481
482 if (!json_variant_is_string(variant))
483 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
484
485 n = json_variant_string(variant);
486 if (!path_is_normalized(n))
487 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a normalized file system path.", strna(name));
488 if (!path_is_absolute(n))
489 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an absolute file system path.", strna(name));
490
491 r = free_and_strdup(s, n);
492 if (r < 0)
493 return json_log(variant, flags, r, "Failed to allocate string: %m");
494
495 return 0;
496}
497
498static int json_dispatch_home_directory(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
499 char **s = userdata;
500 const char *n;
501 int r;
502
503 if (json_variant_is_null(variant)) {
504 *s = mfree(*s);
505 return 0;
506 }
507
508 if (!json_variant_is_string(variant))
509 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
510
511 n = json_variant_string(variant);
512 if (!valid_home(n))
513 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid home directory path.", strna(name));
514
515 r = free_and_strdup(s, n);
516 if (r < 0)
517 return json_log(variant, flags, r, "Failed to allocate string: %m");
518
519 return 0;
520}
521
522static int json_dispatch_image_path(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
523 char **s = userdata;
524 const char *n;
525 int r;
526
527 if (json_variant_is_null(variant)) {
528 *s = mfree(*s);
529 return 0;
530 }
531
532 if (!json_variant_is_string(variant))
533 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
534
535 n = json_variant_string(variant);
536 if (empty_or_root(n) || !path_is_valid(n) || !path_is_absolute(n))
537 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid image path.", strna(name));
538
539 r = free_and_strdup(s, n);
540 if (r < 0)
541 return json_log(variant, flags, r, "Failed to allocate string: %m");
542
543 return 0;
544}
545
546static int json_dispatch_umask(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
547 mode_t *m = userdata;
548 uintmax_t k;
549
550 if (json_variant_is_null(variant)) {
551 *m = (mode_t) -1;
552 return 0;
553 }
554
555 if (!json_variant_is_unsigned(variant))
556 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a number.", strna(name));
557
558 k = json_variant_unsigned(variant);
559 if (k > 0777)
560 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' outside of valid range 0…0777.", strna(name));
561
562 *m = (mode_t) k;
563 return 0;
564}
565
566static int json_dispatch_access_mode(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
567 mode_t *m = userdata;
568 uintmax_t k;
569
570 if (json_variant_is_null(variant)) {
571 *m = (mode_t) -1;
572 return 0;
573 }
574
575 if (!json_variant_is_unsigned(variant))
576 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a number.", strna(name));
577
578 k = json_variant_unsigned(variant);
579 if (k > 07777)
580 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' outside of valid range 0…07777.", strna(name));
581
582 *m = (mode_t) k;
583 return 0;
584}
585
586static int json_dispatch_environment(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
587 _cleanup_strv_free_ char **n = NULL;
588 char ***l = userdata;
589 size_t i;
590 int r;
591
592 if (json_variant_is_null(variant)) {
593 *l = strv_free(*l);
594 return 0;
595 }
596
597 if (!json_variant_is_array(variant))
598 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array.", strna(name));
599
600 for (i = 0; i < json_variant_elements(variant); i++) {
601 _cleanup_free_ char *c = NULL;
602 JsonVariant *e;
603 const char *a;
604
605 e = json_variant_by_index(variant, i);
606 if (!json_variant_is_string(e))
607 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of strings.", strna(name));
608
609 assert_se(a = json_variant_string(e));
610
611 if (!env_assignment_is_valid(a))
612 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of environment variables.", strna(name));
613
614 c = strdup(a);
615 if (!c)
616 return json_log_oom(variant, flags);
617
618 r = strv_env_replace(&n, c);
619 if (r < 0)
620 return json_log_oom(variant, flags);
621
622 c = NULL;
623 }
624
625 strv_free_and_replace(*l, n);
626 return 0;
627}
628
629int json_dispatch_user_disposition(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
630 UserDisposition *disposition = userdata, k;
631
632 if (json_variant_is_null(variant)) {
633 *disposition = _USER_DISPOSITION_INVALID;
634 return 0;
635 }
636
637 if (!json_variant_is_string(variant))
638 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
639
640 k = user_disposition_from_string(json_variant_string(variant));
641 if (k < 0)
642 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Disposition type '%s' not known.", json_variant_string(variant));
643
644 *disposition = k;
645 return 0;
646}
647
648static int json_dispatch_storage(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
649 UserStorage *storage = userdata, k;
650
651 if (json_variant_is_null(variant)) {
652 *storage = _USER_STORAGE_INVALID;
653 return 0;
654 }
655
656 if (!json_variant_is_string(variant))
657 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
658
659 k = user_storage_from_string(json_variant_string(variant));
660 if (k < 0)
661 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Storage type '%s' not known.", json_variant_string(variant));
662
663 *storage = k;
664 return 0;
665}
666
667static int json_dispatch_disk_size(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
668 uint64_t *size = userdata;
669 uintmax_t k;
670
671 if (json_variant_is_null(variant)) {
672 *size = UINT64_MAX;
673 return 0;
674 }
675
676 if (!json_variant_is_unsigned(variant))
677 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an integer.", strna(name));
678
679 k = json_variant_unsigned(variant);
680 if (k < USER_DISK_SIZE_MIN || k > USER_DISK_SIZE_MAX)
681 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not in valid range %" PRIu64 "…%" PRIu64 ".", strna(name), USER_DISK_SIZE_MIN, USER_DISK_SIZE_MAX);
682
683 *size = k;
684 return 0;
685}
686
687static int json_dispatch_tasks_or_memory_max(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
688 uint64_t *limit = userdata;
689 uintmax_t k;
690
691 if (json_variant_is_null(variant)) {
692 *limit = UINT64_MAX;
693 return 0;
694 }
695
696 if (!json_variant_is_unsigned(variant))
697 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a integer.", strna(name));
698
699 k = json_variant_unsigned(variant);
700 if (k <= 0 || k >= UINT64_MAX)
701 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not in valid range %" PRIu64 "…%" PRIu64 ".", strna(name), (uint64_t) 1, UINT64_MAX-1);
702
703 *limit = k;
704 return 0;
705}
706
707static int json_dispatch_weight(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
708 uint64_t *weight = userdata;
709 uintmax_t k;
710
711 if (json_variant_is_null(variant)) {
712 *weight = UINT64_MAX;
713 return 0;
714 }
715
716 if (!json_variant_is_unsigned(variant))
717 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a integer.", strna(name));
718
719 k = json_variant_unsigned(variant);
720 if (k <= CGROUP_WEIGHT_MIN || k >= CGROUP_WEIGHT_MAX)
721 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not in valid range %" PRIu64 "…%" PRIu64 ".", strna(name), (uint64_t) CGROUP_WEIGHT_MIN, (uint64_t) CGROUP_WEIGHT_MAX);
722
723 *weight = k;
724 return 0;
725}
726
727int json_dispatch_user_group_list(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
728 _cleanup_strv_free_ char **l = NULL;
729 char ***list = userdata;
730 JsonVariant *e;
731 int r;
732
733 if (!json_variant_is_array(variant))
734 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of strings.", strna(name));
735
736 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
737
738 if (!json_variant_is_string(e))
739 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string.");
740
7a8867ab 741 if (!valid_user_group_name(json_variant_string(e), FLAGS_SET(flags, JSON_RELAX) ? VALID_USER_RELAX : 0))
71d0b9d4
LP		 742 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a valid user/group name: %s", json_variant_string(e));
743
744 r = strv_extend(&l, json_variant_string(e));
745 if (r < 0)
746 return json_log(e, flags, r, "Failed to append array element: %m");
747 }
748
749 r = strv_extend_strv(list, l, true);
750 if (r < 0)
751 return json_log(variant, flags, r, "Failed to merge user/group arrays: %m");
752
753 return 0;
754}
755
756static int dispatch_secret(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
757
758 static const JsonDispatch secret_dispatch_table[] = {
759 { "password", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, password), 0 },
c0bde0d2
LP		 760 { "tokenPin", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, token_pin), 0 },
761 { "pkcs11Pin", /* legacy alias */ _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, token_pin), 0 },
71d0b9d4 762 { "pkcs11ProtectedAuthenticationPathPermitted", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, pkcs11_protected_authentication_path_permitted), 0 },
7b78db28 763 { "fido2UserPresencePermitted", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, fido2_user_presence_permitted), 0 },
71d0b9d4
LP		 764 {},
765 };
766
767 return json_dispatch(variant, secret_dispatch_table, NULL, flags, userdata);
768}
769
770static int dispatch_pkcs11_uri(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
771 char **s = userdata;
772 const char *n;
773 int r;
774
775 if (json_variant_is_null(variant)) {
776 *s = mfree(*s);
777 return 0;
778 }
779
780 if (!json_variant_is_string(variant))
781 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
782
783 n = json_variant_string(variant);
784 if (!pkcs11_uri_valid(n))
785 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid RFC7512 PKCS#11 URI.", strna(name));
786
787 r = free_and_strdup(s, n);
788 if (r < 0)
789 return json_log(variant, flags, r, "Failed to allocate string: %m");
790
791 return 0;
792}
793
794static int dispatch_pkcs11_uri_array(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
795 _cleanup_strv_free_ char **z = NULL;
796 char ***l = userdata;
797 JsonVariant *e;
798 int r;
799
800 if (json_variant_is_null(variant)) {
801 *l = strv_free(*l);
802 return 0;
803 }
804
805 if (json_variant_is_string(variant)) {
806 const char *n;
807
808 n = json_variant_string(variant);
809 if (!pkcs11_uri_valid(n))
810 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid RFC7512 PKCS#11 URI.", strna(name));
811
812 z = strv_new(n);
813 if (!z)
814 return log_oom();
815
816 } else {
817
818 if (!json_variant_is_array(variant))
819 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string or array of strings.", strna(name));
820
821 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
822 const char *n;
823
824 if (!json_variant_is_string(e))
825 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string.");
826
827 n = json_variant_string(e);
828 if (!pkcs11_uri_valid(n))
829 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element in '%s' is not a valid RFC7512 PKCS#11 URI: %s", strna(name), n);
830
831 r = strv_extend(&z, n);
832 if (r < 0)
833 return log_oom();
834 }
835 }
836
837 strv_free_and_replace(*l, z);
838 return 0;
839}
840
841static int dispatch_pkcs11_key_data(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
842 Pkcs11EncryptedKey *k = userdata;
843 size_t l;
844 void *b;
845 int r;
846
847 if (json_variant_is_null(variant)) {
d00f3183 848 k->data = erase_and_free(k->data);
71d0b9d4
LP		 849 k->size = 0;
850 return 0;
851 }
852
853 if (!json_variant_is_string(variant))
854 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
855
856 r = unbase64mem(json_variant_string(variant), (size_t) -1, &b, &l);
857 if (r < 0)
858 return json_log(variant, flags, r, "Failed to decode encrypted PKCS#11 key: %m");
859
860 erase_and_free(k->data);
861 k->data = b;
862 k->size = l;
863
864 return 0;
865}
866
867static int dispatch_pkcs11_key(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
868 UserRecord *h = userdata;
869 JsonVariant *e;
870 int r;
871
872 if (!json_variant_is_array(variant))
873 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
874
875 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
876 Pkcs11EncryptedKey *array, *k;
877
878 static const JsonDispatch pkcs11_key_dispatch_table[] = {
879 { "uri", JSON_VARIANT_STRING, dispatch_pkcs11_uri, offsetof(Pkcs11EncryptedKey, uri), JSON_MANDATORY },
880 { "data", JSON_VARIANT_STRING, dispatch_pkcs11_key_data, 0, JSON_MANDATORY },
881 { "hashedPassword", JSON_VARIANT_STRING, json_dispatch_string, offsetof(Pkcs11EncryptedKey, hashed_password), JSON_MANDATORY },
882 {},
883 };
884
885 if (!json_variant_is_object(e))
886 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not an object.");
887
888 array = reallocarray(h->pkcs11_encrypted_key, h->n_pkcs11_encrypted_key + 1, sizeof(Pkcs11EncryptedKey));
889 if (!array)
890 return log_oom();
891
892 h->pkcs11_encrypted_key = array;
893 k = h->pkcs11_encrypted_key + h->n_pkcs11_encrypted_key;
894 *k = (Pkcs11EncryptedKey) {};
895
896 r = json_dispatch(e, pkcs11_key_dispatch_table, NULL, flags, k);
897 if (r < 0) {
898 pkcs11_encrypted_key_done(k);
899 return r;
900 }
901
902 h->n_pkcs11_encrypted_key++;
903 }
904
905 return 0;
906}
907
5e4fa456
LP		 908static int dispatch_fido2_hmac_credential(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
909 Fido2HmacCredential *k = userdata;
910 size_t l;
911 void *b;
912 int r;
913
914 if (json_variant_is_null(variant)) {
915 k->id = mfree(k->id);
916 k->size = 0;
917 return 0;
918 }
919
920 if (!json_variant_is_string(variant))
921 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
922
923 r = unbase64mem(json_variant_string(variant), (size_t) -1, &b, &l);
924 if (r < 0)
925 return json_log(variant, flags, r, "Failed to decode FIDO2 credential ID: %m");
926
927 free_and_replace(k->id, b);
928 k->size = l;
929
930 return 0;
931}
932
933static int dispatch_fido2_hmac_credential_array(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
934 UserRecord *h = userdata;
935 JsonVariant *e;
936 int r;
937
938 if (!json_variant_is_array(variant))
939 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of strings.", strna(name));
940
941 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
942 Fido2HmacCredential *array;
943 size_t l;
944 void *b;
945
946 if (!json_variant_is_string(e))
947 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string.");
948
949 array = reallocarray(h->fido2_hmac_credential, h->n_fido2_hmac_credential + 1, sizeof(Fido2HmacCredential));
950 if (!array)
951 return log_oom();
952
953 r = unbase64mem(json_variant_string(e), (size_t) -1, &b, &l);
954 if (r < 0)
955 return json_log(variant, flags, r, "Failed to decode FIDO2 credential ID: %m");
956
957 h->fido2_hmac_credential = array;
958
959 h->fido2_hmac_credential[h->n_fido2_hmac_credential++] = (Fido2HmacCredential) {
960 .id = b,
961 .size = l,
962 };
963 }
964
965 return 0;
966}
967
968static int dispatch_fido2_hmac_salt_value(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
969 Fido2HmacSalt *k = userdata;
970 size_t l;
971 void *b;
972 int r;
973
974 if (json_variant_is_null(variant)) {
975 k->salt = erase_and_free(k->salt);
976 k->salt_size = 0;
977 return 0;
978 }
979
980 if (!json_variant_is_string(variant))
981 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
982
983 r = unbase64mem(json_variant_string(variant), (size_t) -1, &b, &l);
984 if (r < 0)
985 return json_log(variant, flags, r, "Failed to decode FIDO2 salt: %m");
986
987 erase_and_free(k->salt);
988 k->salt = b;
989 k->salt_size = l;
990
991 return 0;
992}
993
994static int dispatch_fido2_hmac_salt(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
995 UserRecord *h = userdata;
996 JsonVariant *e;
997 int r;
998
999 if (!json_variant_is_array(variant))
1000 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
1001
1002 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
1003 Fido2HmacSalt *array, *k;
1004
1005 static const JsonDispatch fido2_hmac_salt_dispatch_table[] = {
1006 { "credential", JSON_VARIANT_STRING, dispatch_fido2_hmac_credential, offsetof(Fido2HmacSalt, credential), JSON_MANDATORY },
1007 { "salt", JSON_VARIANT_STRING, dispatch_fido2_hmac_salt_value, 0, JSON_MANDATORY },
1008 { "hashedPassword", JSON_VARIANT_STRING, json_dispatch_string, offsetof(Fido2HmacSalt, hashed_password), JSON_MANDATORY },
1009 {},
1010 };
1011
1012 if (!json_variant_is_object(e))
1013 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not an object.");
1014
1015 array = reallocarray(h->fido2_hmac_salt, h->n_fido2_hmac_salt + 1, sizeof(Fido2HmacSalt));
1016 if (!array)
1017 return log_oom();
1018
1019 h->fido2_hmac_salt = array;
1020 k = h->fido2_hmac_salt + h->n_fido2_hmac_salt;
1021 *k = (Fido2HmacSalt) {};
1022
1023 r = json_dispatch(e, fido2_hmac_salt_dispatch_table, NULL, flags, k);
1024 if (r < 0) {
1025 fido2_hmac_salt_done(k);
1026 return r;
1027 }
1028
1029 h->n_fido2_hmac_salt++;
1030 }
1031
1032 return 0;
1033}
1034
b3a97fd3
LP		 1035static int dispatch_recovery_key(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1036 UserRecord *h = userdata;
1037 JsonVariant *e;
1038 int r;
1039
1040 if (!json_variant_is_array(variant))
1041 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
1042
1043 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
1044 RecoveryKey *array, *k;
1045
1046 static const JsonDispatch recovery_key_dispatch_table[] = {
1047 { "type", JSON_VARIANT_STRING, json_dispatch_string, 0, JSON_MANDATORY },
1048 { "hashedPassword", JSON_VARIANT_STRING, json_dispatch_string, offsetof(RecoveryKey, hashed_password), JSON_MANDATORY },
1049 {},
1050 };
1051
1052 if (!json_variant_is_object(e))
1053 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not an object.");
1054
1055 array = reallocarray(h->recovery_key, h->n_recovery_key + 1, sizeof(RecoveryKey));
1056 if (!array)
1057 return log_oom();
1058
1059 h->recovery_key = array;
1060 k = h->recovery_key + h->n_recovery_key;
1061 *k = (RecoveryKey) {};
1062
1063 r = json_dispatch(e, recovery_key_dispatch_table, NULL, flags, k);
1064 if (r < 0) {
1065 recovery_key_done(k);
1066 return r;
1067 }
1068
1069 h->n_recovery_key++;
1070 }
1071
1072 return 0;
1073}
1074
71d0b9d4
LP		 1075static int dispatch_privileged(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1076
1077 static const JsonDispatch privileged_dispatch_table[] = {
5e4fa456
LP		 1078 { "passwordHint", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, password_hint), 0 },
1079 { "hashedPassword", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, hashed_password), JSON_SAFE },
1080 { "sshAuthorizedKeys", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, ssh_authorized_keys), 0 },
1081 { "pkcs11EncryptedKey", JSON_VARIANT_ARRAY, dispatch_pkcs11_key, 0, 0 },
1082 { "fido2HmacSalt", JSON_VARIANT_ARRAY, dispatch_fido2_hmac_salt, 0, 0 },
b3a97fd3 1083 { "recoveryKey", JSON_VARIANT_ARRAY, dispatch_recovery_key, 0, 0 },
71d0b9d4
LP		 1084 {},
1085 };
1086
1087 return json_dispatch(variant, privileged_dispatch_table, NULL, flags, userdata);
1088}
1089
1090static int dispatch_binding(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1091
1092 static const JsonDispatch binding_dispatch_table[] = {
1093 { "imagePath", JSON_VARIANT_STRING, json_dispatch_image_path, offsetof(UserRecord, image_path), 0 },
1094 { "homeDirectory", JSON_VARIANT_STRING, json_dispatch_home_directory, offsetof(UserRecord, home_directory), 0 },
1095 { "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 },
1096 { "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 },
1097 { "fileSystemUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, file_system_uuid), 0 },
1098 { "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 },
1099 { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 },
1100 { "storage", JSON_VARIANT_STRING, json_dispatch_storage, offsetof(UserRecord, storage), 0 },
1101 { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
1102 { "luksCipher", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher), JSON_SAFE },
1103 { "luksCipherMode", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher_mode), JSON_SAFE },
1104 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_volume_key_size), 0 },
1105 {},
1106 };
1107
1108 char smid[SD_ID128_STRING_MAX];
1109 JsonVariant *m;
1110 sd_id128_t mid;
1111 int r;
1112
1113 if (!variant)
1114 return 0;
1115
1116 if (!json_variant_is_object(variant))
1117 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an object.", strna(name));
1118
1119 r = sd_id128_get_machine(&mid);
1120 if (r < 0)
1121 return json_log(variant, flags, r, "Failed to determine machine ID: %m");
1122
1123 m = json_variant_by_key(variant, sd_id128_to_string(mid, smid));
1124 if (!m)
1125 return 0;
1126
1127 return json_dispatch(m, binding_dispatch_table, NULL, flags, userdata);
1128}
1129
1130int per_machine_id_match(JsonVariant *ids, JsonDispatchFlags flags) {
1131 sd_id128_t mid;
1132 int r;
1133
1134 r = sd_id128_get_machine(&mid);
1135 if (r < 0)
1136 return json_log(ids, flags, r, "Failed to acquire machine ID: %m");
1137
1138 if (json_variant_is_string(ids)) {
1139 sd_id128_t k;
1140
1141 r = sd_id128_from_string(json_variant_string(ids), &k);
1142 if (r < 0) {
1143 json_log(ids, flags, r, "%s is not a valid machine ID, ignoring: %m", json_variant_string(ids));
1144 return 0;
1145 }
1146
1147 return sd_id128_equal(mid, k);
1148 }
1149
1150 if (json_variant_is_array(ids)) {
1151 JsonVariant *e;
1152
1153 JSON_VARIANT_ARRAY_FOREACH(e, ids) {
1154 sd_id128_t k;
1155
1156 if (!json_variant_is_string(e)) {
1157 json_log(e, flags, 0, "Machine ID is not a string, ignoring: %m");
1158 continue;
1159 }
1160
1161 r = sd_id128_from_string(json_variant_string(e), &k);
1162 if (r < 0) {
1163 json_log(e, flags, r, "%s is not a valid machine ID, ignoring: %m", json_variant_string(e));
1164 continue;
1165 }
1166
1167 if (sd_id128_equal(mid, k))
1168 return true;
1169 }
1170
1171 return false;
1172 }
1173
1174 json_log(ids, flags, 0, "Machine ID is not a string or array of strings, ignoring: %m");
1175 return false;
1176}
1177
1178int per_machine_hostname_match(JsonVariant *hns, JsonDispatchFlags flags) {
1179 _cleanup_free_ char *hn = NULL;
1180 int r;
1181
1182 r = gethostname_strict(&hn);
1183 if (r == -ENXIO) {
1184 json_log(hns, flags, r, "No hostname set, not matching perMachine hostname record: %m");
1185 return false;
1186 }
1187 if (r < 0)
1188 return json_log(hns, flags, r, "Failed to acquire hostname: %m");
1189
1190 if (json_variant_is_string(hns))
1191 return streq(json_variant_string(hns), hn);
1192
1193 if (json_variant_is_array(hns)) {
1194 JsonVariant *e;
1195
1196 JSON_VARIANT_ARRAY_FOREACH(e, hns) {
1197
1198 if (!json_variant_is_string(e)) {
1199 json_log(e, flags, 0, "Hostname is not a string, ignoring: %m");
1200 continue;
1201 }
1202
1203 if (streq(json_variant_string(hns), hn))
1204 return true;
1205 }
1206
1207 return false;
1208 }
1209
1210 json_log(hns, flags, 0, "Hostname is not a string or array of strings, ignoring: %m");
1211 return false;
1212}
1213
1214static int dispatch_per_machine(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1215
1216 static const JsonDispatch per_machine_dispatch_table[] = {
5e4fa456
LP		 1217 { "matchMachineId", _JSON_VARIANT_TYPE_INVALID, NULL, 0, 0 },
1218 { "matchHostname", _JSON_VARIANT_TYPE_INVALID, NULL, 0, 0 },
1219 { "iconName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, icon_name), JSON_SAFE },
1220 { "location", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, location), 0 },
1221 { "shell", JSON_VARIANT_STRING, json_dispatch_filename_or_path, offsetof(UserRecord, shell), 0 },
1222 { "umask", JSON_VARIANT_UNSIGNED, json_dispatch_umask, offsetof(UserRecord, umask), 0 },
1223 { "environment", JSON_VARIANT_ARRAY, json_dispatch_environment, offsetof(UserRecord, environment), 0 },
1224 { "timeZone", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, time_zone), JSON_SAFE },
1225 { "preferredLanguage", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, preferred_language), JSON_SAFE },
1226 { "niceLevel", _JSON_VARIANT_TYPE_INVALID, json_dispatch_nice, offsetof(UserRecord, nice_level), 0 },
1227 { "resourceLimits", _JSON_VARIANT_TYPE_INVALID, json_dispatch_rlimits, offsetof(UserRecord, rlimits), 0 },
1228 { "locked", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, locked), 0 },
1229 { "notBeforeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_before_usec), 0 },
1230 { "notAfterUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_after_usec), 0 },
1231 { "storage", JSON_VARIANT_STRING, json_dispatch_storage, offsetof(UserRecord, storage), 0 },
1232 { "diskSize", JSON_VARIANT_UNSIGNED, json_dispatch_disk_size, offsetof(UserRecord, disk_size), 0 },
1233 { "diskSizeRelative", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_size_relative), 0 },
1234 { "skeletonDirectory", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, skeleton_directory), 0 },
1235 { "accessMode", JSON_VARIANT_UNSIGNED, json_dispatch_access_mode, offsetof(UserRecord, access_mode), 0 },
1236 { "tasksMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, tasks_max), 0 },
1237 { "memoryHigh", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_high), 0 },
1238 { "memoryMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_max), 0 },
1239 { "cpuWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, cpu_weight), 0 },
1240 { "ioWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, io_weight), 0 },
1241 { "mountNoDevices", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nodev), 0 },
1242 { "mountNoSuid", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nosuid), 0 },
1243 { "mountNoExecute", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, noexec), 0 },
1244 { "cifsDomain", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_domain), JSON_SAFE },
1245 { "cifsUserName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_user_name), JSON_SAFE },
1246 { "cifsService", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_service), JSON_SAFE },
1247 { "imagePath", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, image_path), 0 },
1248 { "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 },
1249 { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 },
1250 { "memberOf", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(UserRecord, member_of), JSON_RELAX},
1251 { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
1252 { "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 },
1253 { "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 },
1254 { "fileSystemUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, file_system_uuid), 0 },
1255 { "luksDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_discard), 0, },
1256 { "luksOfflineDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_offline_discard), 0, },
1257 { "luksCipher", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher), JSON_SAFE },
1258 { "luksCipherMode", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher_mode), JSON_SAFE },
1259 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_volume_key_size), 0 },
1260 { "luksPbkdfHashAlgorithm", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_hash_algorithm), JSON_SAFE },
1261 { "luksPbkdfType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_type), JSON_SAFE },
1262 { "luksPbkdfTimeCostUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_time_cost_usec), 0 },
1263 { "luksPbkdfMemoryCost", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_memory_cost), 0 },
1264 { "luksPbkdfParallelThreads", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_parallel_threads), 0 },
1265 { "rateLimitIntervalUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_interval_usec), 0 },
1266 { "rateLimitBurst", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_burst), 0 },
1267 { "enforcePasswordPolicy", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, enforce_password_policy), 0 },
1268 { "autoLogin", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, auto_login), 0 },
1269 { "stopDelayUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, stop_delay_usec), 0 },
1270 { "killProcesses", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, kill_processes), 0 },
1271 { "passwordChangeMinUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_min_usec), 0 },
1272 { "passwordChangeMaxUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_max_usec), 0 },
1273 { "passwordChangeWarnUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_warn_usec), 0 },
1274 { "passwordChangeInactiveUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_inactive_usec), 0 },
1275 { "passwordChangeNow", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, password_change_now), 0 },
1276 { "pkcs11TokenUri", JSON_VARIANT_ARRAY, dispatch_pkcs11_uri_array, offsetof(UserRecord, pkcs11_token_uri), 0 },
1277 { "fido2HmacCredential", JSON_VARIANT_ARRAY, dispatch_fido2_hmac_credential_array, 0, 0 },
71d0b9d4
LP		 1278 {},
1279 };
1280
1281 JsonVariant *e;
1282 int r;
1283
1284 if (!variant)
1285 return 0;
1286
1287 if (!json_variant_is_array(variant))
1288 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array.", strna(name));
1289
1290 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
1291 bool matching = false;
1292 JsonVariant *m;
1293
1294 if (!json_variant_is_object(e))
1295 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
1296
1297 m = json_variant_by_key(e, "matchMachineId");
1298 if (m) {
1299 r = per_machine_id_match(m, flags);
1300 if (r < 0)
1301 return r;
1302
1303 matching = r > 0;
1304 }
1305
1306 if (!matching) {
1307 m = json_variant_by_key(e, "matchHostname");
1308 if (m) {
1309 r = per_machine_hostname_match(m, flags);
1310 if (r < 0)
1311 return r;
1312
1313 matching = r > 0;
1314 }
1315 }
1316
1317 if (!matching)
1318 continue;
1319
1320 r = json_dispatch(e, per_machine_dispatch_table, NULL, flags, userdata);
1321 if (r < 0)
1322 return r;
1323 }
1324
1325 return 0;
1326}
1327
1328static int dispatch_status(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1329
1330 static const JsonDispatch status_dispatch_table[] = {
1331 { "diskUsage", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_usage), 0 },
1332 { "diskFree", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_free), 0 },
1333 { "diskSize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_size), 0 },
1334 { "diskCeiling", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_ceiling), 0 },
1335 { "diskFloor", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_floor), 0 },
1336 { "state", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, state), JSON_SAFE },
1337 { "service", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, service), JSON_SAFE },
1338 { "signedLocally", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, signed_locally), 0 },
1339 { "goodAuthenticationCounter", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, good_authentication_counter), 0 },
1340 { "badAuthenticationCounter", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, bad_authentication_counter), 0 },
1341 { "lastGoodAuthenticationUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_good_authentication_usec), 0 },
1342 { "lastBadAuthenticationUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_bad_authentication_usec), 0 },
1343 { "rateLimitBeginUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_begin_usec), 0 },
1344 { "rateLimitCount", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_count), 0 },
1345 { "removable", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, removable), 0 },
1346 {},
1347 };
1348
1349 char smid[SD_ID128_STRING_MAX];
1350 JsonVariant *m;
1351 sd_id128_t mid;
1352 int r;
1353
1354 if (!variant)
1355 return 0;
1356
1357 if (!json_variant_is_object(variant))
1358 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an object.", strna(name));
1359
1360 r = sd_id128_get_machine(&mid);
1361 if (r < 0)
1362 return json_log(variant, flags, r, "Failed to determine machine ID: %m");
1363
1364 m = json_variant_by_key(variant, sd_id128_to_string(mid, smid));
1365 if (!m)
1366 return 0;
1367
1368 return json_dispatch(m, status_dispatch_table, NULL, flags, userdata);
1369}
1370
a43eddbd
LP		 1371int user_record_build_image_path(UserStorage storage, const char *user_name_and_realm, char **ret) {
1372 const char *suffix;
1373 char *z;
1374
1375 assert(storage >= 0);
1376 assert(user_name_and_realm);
1377 assert(ret);
1378
1379 if (storage == USER_LUKS)
1380 suffix = ".home";
1381 else if (IN_SET(storage, USER_DIRECTORY, USER_SUBVOLUME, USER_FSCRYPT))
1382 suffix = ".homedir";
1383 else {
1384 *ret = NULL;
1385 return 0;
1386 }
1387
1388 z = strjoin("/home/", user_name_and_realm, suffix);
1389 if (!z)
1390 return -ENOMEM;
1391
1392 *ret = z;
1393 return 1;
1394}
1395
71d0b9d4 1396static int user_record_augment(UserRecord *h, JsonDispatchFlags json_flags) {
a43eddbd
LP		 1397 int r;
1398
71d0b9d4
LP		 1399 assert(h);
1400
1401 if (!FLAGS_SET(h->mask, USER_RECORD_REGULAR))
1402 return 0;
1403
1404 assert(h->user_name);
1405
1406 if (!h->user_name_and_realm_auto && h->realm) {
1407 h->user_name_and_realm_auto = strjoin(h->user_name, "@", h->realm);
1408 if (!h->user_name_and_realm_auto)
1409 return json_log_oom(h->json, json_flags);
1410 }
1411
162392b7 1412 /* Let's add in the following automatisms only for regular users, they don't make sense for any others */
71d0b9d4
LP		 1413 if (user_record_disposition(h) != USER_REGULAR)
1414 return 0;
1415
1416 if (!h->home_directory && !h->home_directory_auto) {
1417 h->home_directory_auto = path_join("/home/", h->user_name);
1418 if (!h->home_directory_auto)
1419 return json_log_oom(h->json, json_flags);
1420 }
1421
1422 if (!h->image_path && !h->image_path_auto) {
a43eddbd
LP		 1423 r = user_record_build_image_path(user_record_storage(h), user_record_user_name_and_realm(h), &h->image_path_auto);
1424 if (r < 0)
1425 return json_log(h->json, json_flags, r, "Failed to determine default image path: %m");
71d0b9d4
LP		 1426 }
1427
1428 return 0;
1429}
1430
1431int user_group_record_mangle(
1432 JsonVariant *v,
1433 UserRecordLoadFlags load_flags,
1434 JsonVariant **ret_variant,
1435 UserRecordMask *ret_mask) {
1436
1437 static const struct {
1438 UserRecordMask mask;
1439 const char *name;
1440 } mask_field[] = {
1441 { USER_RECORD_PRIVILEGED, "privileged" },
1442 { USER_RECORD_SECRET, "secret" },
1443 { USER_RECORD_BINDING, "binding" },
1444 { USER_RECORD_PER_MACHINE, "perMachine" },
1445 { USER_RECORD_STATUS, "status" },
1446 { USER_RECORD_SIGNATURE, "signature" },
1447 };
1448
1449 JsonDispatchFlags json_flags = USER_RECORD_LOAD_FLAGS_TO_JSON_DISPATCH_FLAGS(load_flags);
1450 _cleanup_(json_variant_unrefp) JsonVariant *w = NULL;
1451 JsonVariant *array[ELEMENTSOF(mask_field) * 2];
1452 size_t n_retain = 0, i;
1453 UserRecordMask m = 0;
1454 int r;
1455
1456 assert((load_flags & _USER_RECORD_MASK_MAX) == 0); /* detect mistakes when accidentally passing
1457 * UserRecordMask bit masks as UserRecordLoadFlags
1458 * value */
1459
1460 assert(v);
1461 assert(ret_variant);
1462 assert(ret_mask);
1463
1464 /* Note that this function is shared with the group record parser, hence we try to be generic in our
1465 * log message wording here, to cover both cases. */
1466
1467 if (!json_variant_is_object(v))
1468 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record is not a JSON object, refusing.");
1469
1470 if (USER_RECORD_ALLOW_MASK(load_flags) == 0) /* allow nothing? */
1471 return json_log(v, json_flags, SYNTHETIC_ERRNO(EINVAL), "Nothing allowed in record, refusing.");
1472
1473 if (USER_RECORD_STRIP_MASK(load_flags) == _USER_RECORD_MASK_MAX) /* strip everything? */
1474 return json_log(v, json_flags, SYNTHETIC_ERRNO(EINVAL), "Stripping everything from record, refusing.");
1475
1476 /* Check if we have the special sections and if they match our flags set */
1477 for (i = 0; i < ELEMENTSOF(mask_field); i++) {
1478 JsonVariant *e, *k;
1479
1480 if (FLAGS_SET(USER_RECORD_STRIP_MASK(load_flags), mask_field[i].mask)) {
1481 if (!w)
1482 w = json_variant_ref(v);
1483
1484 r = json_variant_filter(&w, STRV_MAKE(mask_field[i].name));
1485 if (r < 0)
1486 return json_log(w, json_flags, r, "Failed to remove field from variant: %m");
1487
1488 continue;
1489 }
1490
1491 e = json_variant_by_key_full(v, mask_field[i].name, &k);
1492 if (e) {
1493 if (!FLAGS_SET(USER_RECORD_ALLOW_MASK(load_flags), mask_field[i].mask))
1494 return json_log(e, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record contains '%s' field, which is not allowed.", mask_field[i].name);
1495
1496 if (FLAGS_SET(load_flags, USER_RECORD_STRIP_REGULAR)) {
1497 array[n_retain++] = k;
1498 array[n_retain++] = e;
1499 }
1500
1501 m |= mask_field[i].mask;
1502 } else {
1503 if (FLAGS_SET(USER_RECORD_REQUIRE_MASK(load_flags), mask_field[i].mask))
1504 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record lacks '%s' field, which is required.", mask_field[i].name);
1505 }
1506 }
1507
1508 if (FLAGS_SET(load_flags, USER_RECORD_STRIP_REGULAR)) {
1509 /* If we are supposed to strip regular items, then let's instead just allocate a new object
1510 * with just the stuff we need. */
1511
1512 w = json_variant_unref(w);
1513 r = json_variant_new_object(&w, array, n_retain);
1514 if (r < 0)
1515 return json_log(v, json_flags, r, "Failed to allocate new object: %m");
1516 } else {
1517 /* And now check if there's anything else in the record */
1518 for (i = 0; i < json_variant_elements(v); i += 2) {
1519 const char *f;
1520 bool special = false;
1521 size_t j;
1522
1523 assert_se(f = json_variant_string(json_variant_by_index(v, i)));
1524
1525 for (j = 0; j < ELEMENTSOF(mask_field); j++)
1526 if (streq(f, mask_field[j].name)) { /* already covered in the loop above */
1527 special = true;
1528 continue;
1529 }
1530
1531 if (!special) {
1532 if ((load_flags & (USER_RECORD_ALLOW_REGULAR|USER_RECORD_REQUIRE_REGULAR)) == 0)
1533 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record contains '%s' field, which is not allowed.", f);
1534
1535 m |= USER_RECORD_REGULAR;
1536 break;
1537 }
1538 }
1539 }
1540
1541 if (FLAGS_SET(load_flags, USER_RECORD_REQUIRE_REGULAR) && !FLAGS_SET(m, USER_RECORD_REGULAR))
1542 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record lacks basic identity fields, which are required.");
1543
1544 if (m == 0)
1545 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record is empty.");
1546
1547 if (w)
1548 *ret_variant = TAKE_PTR(w);
1549 else
1550 *ret_variant = json_variant_ref(v);
1551
1552 *ret_mask = m;
1553 return 0;
1554}
1555
1556int user_record_load(UserRecord *h, JsonVariant *v, UserRecordLoadFlags load_flags) {
1557
1558 static const JsonDispatch user_dispatch_table[] = {
5e4fa456
LP		 1559 { "userName", JSON_VARIANT_STRING, json_dispatch_user_group_name, offsetof(UserRecord, user_name), JSON_RELAX},
1560 { "realm", JSON_VARIANT_STRING, json_dispatch_realm, offsetof(UserRecord, realm), 0 },
1561 { "realName", JSON_VARIANT_STRING, json_dispatch_gecos, offsetof(UserRecord, real_name), 0 },
1562 { "emailAddress", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, email_address), JSON_SAFE },
1563 { "iconName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, icon_name), JSON_SAFE },
1564 { "location", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, location), 0 },
1565 { "disposition", JSON_VARIANT_STRING, json_dispatch_user_disposition, offsetof(UserRecord, disposition), 0 },
1566 { "lastChangeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_change_usec), 0 },
1567 { "lastPasswordChangeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_password_change_usec), 0 },
1568 { "shell", JSON_VARIANT_STRING, json_dispatch_filename_or_path, offsetof(UserRecord, shell), 0 },
1569 { "umask", JSON_VARIANT_UNSIGNED, json_dispatch_umask, offsetof(UserRecord, umask), 0 },
1570 { "environment", JSON_VARIANT_ARRAY, json_dispatch_environment, offsetof(UserRecord, environment), 0 },
1571 { "timeZone", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, time_zone), JSON_SAFE },
1572 { "preferredLanguage", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, preferred_language), JSON_SAFE },
1573 { "niceLevel", _JSON_VARIANT_TYPE_INVALID, json_dispatch_nice, offsetof(UserRecord, nice_level), 0 },
1574 { "resourceLimits", _JSON_VARIANT_TYPE_INVALID, json_dispatch_rlimits, offsetof(UserRecord, rlimits), 0 },
1575 { "locked", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, locked), 0 },
1576 { "notBeforeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_before_usec), 0 },
1577 { "notAfterUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_after_usec), 0 },
1578 { "storage", JSON_VARIANT_STRING, json_dispatch_storage, offsetof(UserRecord, storage), 0 },
1579 { "diskSize", JSON_VARIANT_UNSIGNED, json_dispatch_disk_size, offsetof(UserRecord, disk_size), 0 },
1580 { "diskSizeRelative", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_size_relative), 0 },
1581 { "skeletonDirectory", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, skeleton_directory), 0 },
1582 { "accessMode", JSON_VARIANT_UNSIGNED, json_dispatch_access_mode, offsetof(UserRecord, access_mode), 0 },
1583 { "tasksMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, tasks_max), 0 },
1584 { "memoryHigh", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_high), 0 },
1585 { "memoryMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_max), 0 },
1586 { "cpuWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, cpu_weight), 0 },
1587 { "ioWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, io_weight), 0 },
1588 { "mountNoDevices", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nodev), 0 },
1589 { "mountNoSuid", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nosuid), 0 },
1590 { "mountNoExecute", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, noexec), 0 },
1591 { "cifsDomain", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_domain), JSON_SAFE },
1592 { "cifsUserName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_user_name), JSON_SAFE },
1593 { "cifsService", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_service), JSON_SAFE },
1594 { "imagePath", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, image_path), 0 },
1595 { "homeDirectory", JSON_VARIANT_STRING, json_dispatch_home_directory, offsetof(UserRecord, home_directory), 0 },
1596 { "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 },
1597 { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 },
1598 { "memberOf", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(UserRecord, member_of), JSON_RELAX},
1599 { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
1600 { "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 },
1601 { "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 },
1602 { "fileSystemUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, file_system_uuid), 0 },
1603 { "luksDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_discard), 0 },
5e86c82a 1604 { "luksOfflineDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_offline_discard), 0 },
5e4fa456
LP		 1605 { "luksCipher", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher), JSON_SAFE },
1606 { "luksCipherMode", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher_mode), JSON_SAFE },
1607 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_volume_key_size), 0 },
1608 { "luksPbkdfHashAlgorithm", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_hash_algorithm), JSON_SAFE },
1609 { "luksPbkdfType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_type), JSON_SAFE },
1610 { "luksPbkdfTimeCostUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_time_cost_usec), 0 },
1611 { "luksPbkdfMemoryCost", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_memory_cost), 0 },
1612 { "luksPbkdfParallelThreads", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_parallel_threads), 0 },
1613 { "service", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, service), JSON_SAFE },
1614 { "rateLimitIntervalUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_interval_usec), 0 },
1615 { "rateLimitBurst", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_burst), 0 },
1616 { "enforcePasswordPolicy", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, enforce_password_policy), 0 },
1617 { "autoLogin", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, auto_login), 0 },
1618 { "stopDelayUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, stop_delay_usec), 0 },
1619 { "killProcesses", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, kill_processes), 0 },
1620 { "passwordChangeMinUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_min_usec), 0 },
1621 { "passwordChangeMaxUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_max_usec), 0 },
1622 { "passwordChangeWarnUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_warn_usec), 0 },
1623 { "passwordChangeInactiveUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_inactive_usec), 0 },
1624 { "passwordChangeNow", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, password_change_now), 0 },
1625 { "pkcs11TokenUri", JSON_VARIANT_ARRAY, dispatch_pkcs11_uri_array, offsetof(UserRecord, pkcs11_token_uri), 0 },
1626 { "fido2HmacCredential", JSON_VARIANT_ARRAY, dispatch_fido2_hmac_credential_array, 0, 0 },
b3a97fd3 1627 { "recoveryKeyType", JSON_VARIANT_ARRAY, json_dispatch_strv, offsetof(UserRecord, recovery_key_type), 0 },
5e4fa456
LP		 1628
1629 { "secret", JSON_VARIANT_OBJECT, dispatch_secret, 0, 0 },
1630 { "privileged", JSON_VARIANT_OBJECT, dispatch_privileged, 0, 0 },
71d0b9d4
LP		 1631
1632 /* Ignore the perMachine, binding, status stuff here, and process it later, so that it overrides whatever is set above */
5e4fa456
LP		 1633 { "perMachine", JSON_VARIANT_ARRAY, NULL, 0, 0 },
1634 { "binding", JSON_VARIANT_OBJECT, NULL, 0, 0 },
1635 { "status", JSON_VARIANT_OBJECT, NULL, 0, 0 },
71d0b9d4
LP		 1636
1637 /* Ignore 'signature', we check it with explicit accessors instead */
5e4fa456 1638 { "signature", JSON_VARIANT_ARRAY, NULL, 0, 0 },
71d0b9d4
LP		 1639 {},
1640 };
1641
1642 JsonDispatchFlags json_flags = USER_RECORD_LOAD_FLAGS_TO_JSON_DISPATCH_FLAGS(load_flags);
1643 int r;
1644
1645 assert(h);
1646 assert(!h->json);
1647
1648 /* Note that this call will leave a half-initialized record around on failure! */
1649
1650 r = user_group_record_mangle(v, load_flags, &h->json, &h->mask);
1651 if (r < 0)
1652 return r;
1653
1654 r = json_dispatch(h->json, user_dispatch_table, NULL, json_flags, h);
1655 if (r < 0)
1656 return r;
1657
1658 /* During the parsing operation above we ignored the 'perMachine', 'binding' and 'status' fields,
1659 * since we want them to override the global options. Let's process them now. */
1660
1661 r = dispatch_per_machine("perMachine", json_variant_by_key(h->json, "perMachine"), json_flags, h);
1662 if (r < 0)
1663 return r;
1664
1665 r = dispatch_binding("binding", json_variant_by_key(h->json, "binding"), json_flags, h);
1666 if (r < 0)
1667 return r;
1668
1669 r = dispatch_status("status", json_variant_by_key(h->json, "status"), json_flags, h);
1670 if (r < 0)
1671 return r;
1672
1673 if (FLAGS_SET(h->mask, USER_RECORD_REGULAR) && !h->user_name)
1674 return json_log(h->json, json_flags, SYNTHETIC_ERRNO(EINVAL), "User name field missing, refusing.");
1675
1676 r = user_record_augment(h, json_flags);
1677 if (r < 0)
1678 return r;
1679
1680 return 0;
1681}
1682
1683int user_record_build(UserRecord **ret, ...) {
1684 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1685 _cleanup_(user_record_unrefp) UserRecord *u = NULL;
1686 va_list ap;
1687 int r;
1688
1689 assert(ret);
1690
1691 va_start(ap, ret);
1692 r = json_buildv(&v, ap);
1693 va_end(ap);
1694
1695 if (r < 0)
1696 return r;
1697
1698 u = user_record_new();
1699 if (!u)
1700 return -ENOMEM;
1701
1702 r = user_record_load(u, v, USER_RECORD_LOAD_FULL);
1703 if (r < 0)
1704 return r;
1705
1706 *ret = TAKE_PTR(u);
1707 return 0;
1708}
1709
1710const char *user_record_user_name_and_realm(UserRecord *h) {
1711 assert(h);
1712
1713 /* Return the pre-initialized joined string if it is defined */
1714 if (h->user_name_and_realm_auto)
1715 return h->user_name_and_realm_auto;
1716
1717 /* If it's not defined then we cannot have a realm */
1718 assert(!h->realm);
1719 return h->user_name;
1720}
1721
1722UserStorage user_record_storage(UserRecord *h) {
1723 assert(h);
1724
1725 if (h->storage >= 0)
1726 return h->storage;
1727
1728 return USER_CLASSIC;
1729}
1730
1731const char *user_record_file_system_type(UserRecord *h) {
1732 assert(h);
1733
caf6bd16 1734 return h->file_system_type ?: "btrfs";
71d0b9d4
LP		 1735}
1736
1737const char *user_record_skeleton_directory(UserRecord *h) {
1738 assert(h);
1739
1740 return h->skeleton_directory ?: "/etc/skel";
1741}
1742
1743mode_t user_record_access_mode(UserRecord *h) {
1744 assert(h);
1745
1746 return h->access_mode != (mode_t) -1 ? h->access_mode : 0700;
1747}
1748
1749const char* user_record_home_directory(UserRecord *h) {
1750 assert(h);
1751
1752 if (h->home_directory)
1753 return h->home_directory;
1754 if (h->home_directory_auto)
1755 return h->home_directory_auto;
1756
1757 /* The root user is special, hence be special about it */
1758 if (streq_ptr(h->user_name, "root"))
1759 return "/root";
1760
1761 return "/";
1762}
1763
1764const char *user_record_image_path(UserRecord *h) {
1765 assert(h);
1766
1767 if (h->image_path)
1768 return h->image_path;
1769 if (h->image_path_auto)
1770 return h->image_path_auto;
1771
1772 return IN_SET(user_record_storage(h), USER_CLASSIC, USER_DIRECTORY, USER_SUBVOLUME, USER_FSCRYPT) ? user_record_home_directory(h) : NULL;
1773}
1774
1775const char *user_record_cifs_user_name(UserRecord *h) {
1776 assert(h);
1777
1778 return h->cifs_user_name ?: h->user_name;
1779}
1780
1781unsigned long user_record_mount_flags(UserRecord *h) {
1782 assert(h);
1783
1784 return (h->nosuid ? MS_NOSUID : 0) |
1785 (h->noexec ? MS_NOEXEC : 0) |
1786 (h->nodev ? MS_NODEV : 0);
1787}
1788
1789const char *user_record_shell(UserRecord *h) {
1790 assert(h);
1791
1792 if (h->shell)
1793 return h->shell;
1794
1795 if (streq_ptr(h->user_name, "root"))
1796 return "/bin/sh";
1797
1798 if (user_record_disposition(h) == USER_REGULAR)
1799 return "/bin/bash";
1800
1801 return NOLOGIN;
1802}
1803
1804const char *user_record_real_name(UserRecord *h) {
1805 assert(h);
1806
1807 return h->real_name ?: h->user_name;
1808}
1809
1810bool user_record_luks_discard(UserRecord *h) {
1811 const char *ip;
1812
1813 assert(h);
1814
1815 if (h->luks_discard >= 0)
1816 return h->luks_discard;
1817
1818 ip = user_record_image_path(h);
1819 if (!ip)
1820 return false;
1821
1822 /* Use discard by default if we are referring to a real block device, but not when operating on a
1823 * loopback device. We want to optimize for SSD and flash storage after all, but we should be careful
1824 * when storing stuff on top of regular file systems in loopback files as doing discard then would
1825 * mean thin provisioning and we should not do that willy-nilly since it means we'll risk EIO later
1826 * on should the disk space to back our file systems not be available. */
1827
1828 return path_startswith(ip, "/dev/");
1829}
1830
5e86c82a
LP		 1831bool user_record_luks_offline_discard(UserRecord *h) {
1832 const char *ip;
1833
1834 assert(h);
1835
1836 if (h->luks_offline_discard >= 0)
1837 return h->luks_offline_discard;
1838
1839 /* Discard while we are logged out should generally be a good idea, except when operating directly on
1840 * physical media, where we should just bind it to the online discard mode. */
1841
1842 ip = user_record_image_path(h);
1843 if (!ip)
1844 return false;
1845
1846 if (path_startswith(ip, "/dev/"))
1847 return user_record_luks_discard(h);
1848
1849 return true;
1850}
1851
71d0b9d4
LP		 1852const char *user_record_luks_cipher(UserRecord *h) {
1853 assert(h);
1854
1855 return h->luks_cipher ?: "aes";
1856}
1857
1858const char *user_record_luks_cipher_mode(UserRecord *h) {
1859 assert(h);
1860
1861 return h->luks_cipher_mode ?: "xts-plain64";
1862}
1863
1864uint64_t user_record_luks_volume_key_size(UserRecord *h) {
1865 assert(h);
1866
1867 /* We return a value here that can be cast without loss into size_t which is what libcrypsetup expects */
1868
1869 if (h->luks_volume_key_size == UINT64_MAX)
1870 return 256 / 8;
1871
1872 return MIN(h->luks_volume_key_size, SIZE_MAX);
1873}
1874
1875const char* user_record_luks_pbkdf_type(UserRecord *h) {
1876 assert(h);
1877
1878 return h->luks_pbkdf_type ?: "argon2i";
1879}
1880
1881uint64_t user_record_luks_pbkdf_time_cost_usec(UserRecord *h) {
1882 assert(h);
1883
1884 /* Returns a value with ms granularity, since that's what libcryptsetup expects */
1885
1886 if (h->luks_pbkdf_time_cost_usec == UINT64_MAX)
1887 return 500 * USEC_PER_MSEC; /* We default to 500ms, in contrast to libcryptsetup's 2s, which is just awfully slow on every login */
1888
1889 return MIN(DIV_ROUND_UP(h->luks_pbkdf_time_cost_usec, USEC_PER_MSEC), UINT32_MAX) * USEC_PER_MSEC;
1890}
1891
1892uint64_t user_record_luks_pbkdf_memory_cost(UserRecord *h) {
1893 assert(h);
1894
1895 /* Returns a value with kb granularity, since that's what libcryptsetup expects */
1896
1897 if (h->luks_pbkdf_memory_cost == UINT64_MAX)
1898 return 64*1024*1024; /* We default to 64M, since this should work on smaller systems too */
1899
1900 return MIN(DIV_ROUND_UP(h->luks_pbkdf_memory_cost, 1024), UINT32_MAX) * 1024;
1901}
1902
1903uint64_t user_record_luks_pbkdf_parallel_threads(UserRecord *h) {
1904 assert(h);
1905
1906 if (h->luks_pbkdf_memory_cost == UINT64_MAX)
1907 return 1; /* We default to 1, since this should work on smaller systems too */
1908
1909 return MIN(h->luks_pbkdf_parallel_threads, UINT32_MAX);
1910}
1911
1912const char *user_record_luks_pbkdf_hash_algorithm(UserRecord *h) {
1913 assert(h);
1914
1915 return h->luks_pbkdf_hash_algorithm ?: "sha512";
1916}
1917
1918gid_t user_record_gid(UserRecord *h) {
1919 assert(h);
1920
1921 if (gid_is_valid(h->gid))
1922 return h->gid;
1923
1924 return (gid_t) h->uid;
1925}
1926
1927UserDisposition user_record_disposition(UserRecord *h) {
1928 assert(h);
1929
1930 if (h->disposition >= 0)
1931 return h->disposition;
1932
1933 /* If not declared, derive from UID */
1934
1935 if (!uid_is_valid(h->uid))
1936 return _USER_DISPOSITION_INVALID;
1937
1938 if (h->uid == 0 || h->uid == UID_NOBODY)
1939 return USER_INTRINSIC;
1940
1941 if (uid_is_system(h->uid))
1942 return USER_SYSTEM;
1943
1944 if (uid_is_dynamic(h->uid))
1945 return USER_DYNAMIC;
1946
1947 if (uid_is_container(h->uid))
1948 return USER_CONTAINER;
1949
1950 if (h->uid > INT32_MAX)
1951 return USER_RESERVED;
1952
1953 return USER_REGULAR;
1954}
1955
1956int user_record_removable(UserRecord *h) {
1957 UserStorage storage;
1958 assert(h);
1959
1960 if (h->removable >= 0)
1961 return h->removable;
1962
1963 /* Refuse to decide for classic records */
1964 storage = user_record_storage(h);
1965 if (h->storage < 0 || h->storage == USER_CLASSIC)
1966 return -1;
1967
1968 /* For now consider only LUKS home directories with a reference by path as removable */
1969 return storage == USER_LUKS && path_startswith(user_record_image_path(h), "/dev/");
1970}
1971
1972uint64_t user_record_ratelimit_interval_usec(UserRecord *h) {
1973 assert(h);
1974
1975 if (h->ratelimit_interval_usec == UINT64_MAX)
1976 return DEFAULT_RATELIMIT_INTERVAL_USEC;
1977
1978 return h->ratelimit_interval_usec;
1979}
1980
1981uint64_t user_record_ratelimit_burst(UserRecord *h) {
1982 assert(h);
1983
1984 if (h->ratelimit_burst == UINT64_MAX)
1985 return DEFAULT_RATELIMIT_BURST;
1986
1987 return h->ratelimit_burst;
1988}
1989
1990bool user_record_can_authenticate(UserRecord *h) {
1991 assert(h);
1992
1993 /* Returns true if there's some form of property configured that the user can authenticate against */
1994
1995 if (h->n_pkcs11_encrypted_key > 0)
1996 return true;
1997
5e4fa456
LP		 1998 if (h->n_fido2_hmac_salt > 0)
1999 return true;
2000
71d0b9d4
LP		 2001 return !strv_isempty(h->hashed_password);
2002}
2003
2004uint64_t user_record_ratelimit_next_try(UserRecord *h) {
2005 assert(h);
2006
2007 /* Calculates when the it's possible to login next. Returns:
2008 *
2009 * UINT64_MAX → Nothing known
2010 * 0 → Right away
2011 * Any other → Next time in CLOCK_REALTIME in usec (which could be in the past)
2012 */
2013
2014 if (h->ratelimit_begin_usec == UINT64_MAX ||
2015 h->ratelimit_count == UINT64_MAX)
2016 return UINT64_MAX;
2017
61a29a02
LP		 2018 if (h->ratelimit_begin_usec > now(CLOCK_REALTIME)) /* If the ratelimit time is in the future, then
2019 * the local clock is probably incorrect. Let's
2020 * not refuse login then. */
2021 return UINT64_MAX;
2022
71d0b9d4
LP		 2023 if (h->ratelimit_count < user_record_ratelimit_burst(h))
2024 return 0;
2025
2026 return usec_add(h->ratelimit_begin_usec, user_record_ratelimit_interval_usec(h));
2027}
2028
2029bool user_record_equal(UserRecord *a, UserRecord *b) {
2030 assert(a);
2031 assert(b);
2032
2033 /* We assume that when a record is modified its JSON data is updated at the same time, hence it's
2034 * sufficient to compare the JSON data. */
2035
2036 return json_variant_equal(a->json, b->json);
2037}
2038
2039bool user_record_compatible(UserRecord *a, UserRecord *b) {
2040 assert(a);
2041 assert(b);
2042
2043 /* If either lacks a the regular section, we can't really decide, let's hence say they are
2044 * incompatible. */
2045 if (!(a->mask & b->mask & USER_RECORD_REGULAR))
2046 return false;
2047
2048 return streq_ptr(a->user_name, b->user_name) &&
2049 streq_ptr(a->realm, b->realm);
2050}
2051
2052int user_record_compare_last_change(UserRecord *a, UserRecord *b) {
2053 assert(a);
2054 assert(b);
2055
2056 if (a->last_change_usec == b->last_change_usec)
2057 return 0;
2058
2059 /* Always consider a record with a timestamp newer than one without */
2060 if (a->last_change_usec == UINT64_MAX)
2061 return -1;
2062 if (b->last_change_usec == UINT64_MAX)
2063 return 1;
2064
2065 return CMP(a->last_change_usec, b->last_change_usec);
2066}
2067
2068int user_record_clone(UserRecord *h, UserRecordLoadFlags flags, UserRecord **ret) {
2069 _cleanup_(user_record_unrefp) UserRecord *c = NULL;
2070 int r;
2071
2072 assert(h);
2073 assert(ret);
2074
2075 c = user_record_new();
2076 if (!c)
2077 return -ENOMEM;
2078
2079 r = user_record_load(c, h->json, flags);
2080 if (r < 0)
2081 return r;
2082
2083 *ret = TAKE_PTR(c);
2084 return 0;
2085}
2086
2087int user_record_masked_equal(UserRecord *a, UserRecord *b, UserRecordMask mask) {
2088 _cleanup_(user_record_unrefp) UserRecord *x = NULL, *y = NULL;
2089 int r;
2090
2091 assert(a);
2092 assert(b);
2093
2094 /* Compares the two records, but ignores anything not listed in the specified mask */
2095
2096 if ((a->mask & ~mask) != 0) {
2097 r = user_record_clone(a, USER_RECORD_ALLOW(mask) | USER_RECORD_STRIP(~mask & _USER_RECORD_MASK_MAX), &x);
2098 if (r < 0)
2099 return r;
2100
2101 a = x;
2102 }
2103
2104 if ((b->mask & ~mask) != 0) {
2105 r = user_record_clone(b, USER_RECORD_ALLOW(mask) | USER_RECORD_STRIP(~mask & _USER_RECORD_MASK_MAX), &y);
2106 if (r < 0)
2107 return r;
2108
2109 b = y;
2110 }
2111
2112 return user_record_equal(a, b);
2113}
2114
2115int user_record_test_blocked(UserRecord *h) {
2116 usec_t n;
2117
2118 /* Checks whether access to the specified user shall be allowed at the moment. Returns:
2119 *
2120 * -ESTALE: Record is from the future
2121 * -ENOLCK: Record is blocked
2122 * -EL2HLT: Record is not valid yet
2123 * -EL3HLT: Record is not valid anymore
2124 *
2125 */
2126
2127 assert(h);
2128
71d0b9d4
LP		 2129 if (h->locked > 0)
2130 return -ENOLCK;
2131
51a95db6
LP		 2132 n = now(CLOCK_REALTIME);
2133
71d0b9d4
LP		 2134 if (h->not_before_usec != UINT64_MAX && n < h->not_before_usec)
2135 return -EL2HLT;
2136 if (h->not_after_usec != UINT64_MAX && n > h->not_after_usec)
2137 return -EL3HLT;
2138
51a95db6
LP		 2139 if (h->last_change_usec != UINT64_MAX &&
2140 h->last_change_usec > n) /* Complain during log-ins when the record is from the future */
2141 return -ESTALE;
2142
71d0b9d4
LP		 2143 return 0;
2144}
2145
2146int user_record_test_password_change_required(UserRecord *h) {
2147 bool change_permitted;
2148 usec_t n;
2149
2150 assert(h);
2151
2152 /* Checks whether the user must change the password when logging in
2153
2154 -EKEYREVOKED: Change password now because admin said so
2155 -EOWNERDEAD: Change password now because it expired
2156 -EKEYREJECTED: Password is expired, no changing is allowed
2157 -EKEYEXPIRED: Password is about to expire, warn user
2158 -ENETDOWN: Record has expiration info but no password change timestamp
2159 -EROFS: No password change required nor permitted
3e0b5486 2160 -ESTALE: RTC likely incorrect, last password change is in the future
71d0b9d4
LP		 2161 0: No password change required, but permitted
2162 */
2163
162392b7 2164 /* If a password change request has been set explicitly, it overrides everything */
71d0b9d4
LP		 2165 if (h->password_change_now > 0)
2166 return -EKEYREVOKED;
2167
2168 n = now(CLOCK_REALTIME);
2169
3e0b5486
LP		 2170 /* Password change in the future? Then our RTC is likely incorrect */
2171 if (h->last_password_change_usec != UINT64_MAX &&
2172 h->last_password_change_usec > n &&
2173 (h->password_change_min_usec != UINT64_MAX ||
2174 h->password_change_max_usec != UINT64_MAX ||
2175 h->password_change_inactive_usec != UINT64_MAX))
2176 return -ESTALE;
2177
71d0b9d4
LP		 2178 /* Then, let's check if password changing is currently allowed at all */
2179 if (h->password_change_min_usec != UINT64_MAX) {
2180
2181 /* Expiry configured but no password change timestamp known? */
2182 if (h->last_password_change_usec == UINT64_MAX)
2183 return -ENETDOWN;
2184
2185 if (h->password_change_min_usec >= UINT64_MAX - h->last_password_change_usec)
2186 change_permitted = false;
2187 else
2188 change_permitted = n >= h->last_password_change_usec + h->password_change_min_usec;
2189
2190 } else
2191 change_permitted = true;
2192
2193 /* Let's check whether the password has expired. */
2194 if (!(h->password_change_max_usec == UINT64_MAX ||
2195 h->password_change_max_usec >= UINT64_MAX - h->last_password_change_usec)) {
2196
2197 uint64_t change_before;
2198
2199 /* Expiry configured but no password change timestamp known? */
2200 if (h->last_password_change_usec == UINT64_MAX)
2201 return -ENETDOWN;
2202
2203 /* Password is in inactive phase? */
2204 if (h->password_change_inactive_usec != UINT64_MAX &&
2205 h->password_change_inactive_usec < UINT64_MAX - h->password_change_max_usec) {
2206 usec_t added;
2207
2208 added = h->password_change_inactive_usec + h->password_change_max_usec;
2209 if (added < UINT64_MAX - h->last_password_change_usec &&
2210 n >= h->last_password_change_usec + added)
2211 return -EKEYREJECTED;
2212 }
2213
2214 /* Password needs to be changed now? */
2215 change_before = h->last_password_change_usec + h->password_change_max_usec;
2216 if (n >= change_before)
2217 return change_permitted ? -EOWNERDEAD : -EKEYREJECTED;
2218
2219 /* Warn user? */
2220 if (h->password_change_warn_usec != UINT64_MAX &&
2221 (change_before < h->password_change_warn_usec ||
2222 n >= change_before - h->password_change_warn_usec))
2223 return change_permitted ? -EKEYEXPIRED : -EROFS;
2224 }
2225
2226 /* No password changing necessary */
2227 return change_permitted ? 0 : -EROFS;
2228}
2229
2230static const char* const user_storage_table[_USER_STORAGE_MAX] = {
2231 [USER_CLASSIC] = "classic",
2232 [USER_LUKS] = "luks",
2233 [USER_DIRECTORY] = "directory",
2234 [USER_SUBVOLUME] = "subvolume",
2235 [USER_FSCRYPT] = "fscrypt",
2236 [USER_CIFS] = "cifs",
2237};
2238
2239DEFINE_STRING_TABLE_LOOKUP(user_storage, UserStorage);
2240
2241static const char* const user_disposition_table[_USER_DISPOSITION_MAX] = {
2242 [USER_INTRINSIC] = "intrinsic",
2243 [USER_SYSTEM] = "system",
2244 [USER_DYNAMIC] = "dynamic",
2245 [USER_REGULAR] = "regular",
2246 [USER_CONTAINER] = "container",
2247 [USER_RESERVED] = "reserved",
2248};
2249
2250DEFINE_STRING_TABLE_LOOKUP(user_disposition, UserDisposition);
Unnamed repository; edit this file 'description' to name the repository.