1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
4 #include <linux/memfd.h>
11 #include "blockdev-util.h"
12 #include "btrfs-util.h"
13 #include "bus-common-errors.h"
14 #include "bus-locator.h"
15 #include "data-fd-util.h"
17 #include "errno-list.h"
18 #include "errno-util.h"
21 #include "filesystems.h"
23 #include "glyph-util.h"
24 #include "home-util.h"
25 #include "homed-home-bus.h"
26 #include "homed-home.h"
27 #include "memfd-util.h"
28 #include "missing_magic.h"
29 #include "missing_mman.h"
30 #include "missing_syscall.h"
32 #include "path-util.h"
33 #include "process-util.h"
34 #include "quota-util.h"
35 #include "resize-fs.h"
37 #include "signal-util.h"
38 #include "stat-util.h"
39 #include "string-table.h"
41 #include "uid-alloc-range.h"
42 #include "user-record-password-quality.h"
43 #include "user-record-sign.h"
44 #include "user-record-util.h"
45 #include "user-record.h"
46 #include "user-util.h"
48 /* Retry to deactivate home directories again and again every 15s until it works */
49 #define RETRY_DEACTIVATE_USEC (15U * USEC_PER_SEC)
51 #define HOME_USERS_MAX 500
52 #define PENDING_OPERATIONS_MAX 100
54 assert_cc(HOME_UID_MIN
<= HOME_UID_MAX
);
55 assert_cc(HOME_USERS_MAX
<= (HOME_UID_MAX
- HOME_UID_MIN
+ 1));
57 static int home_start_work(Home
*h
, const char *verb
, UserRecord
*hr
, UserRecord
*secret
);
59 DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(operation_hash_ops
, void, trivial_hash_func
, trivial_compare_func
, Operation
, operation_unref
);
61 static int suitable_home_record(UserRecord
*hr
) {
69 /* We are a bit more restrictive with what we accept as homed-managed user than what we accept in
70 * home records in general. Let's enforce the stricter rule here. */
71 if (!suitable_user_name(hr
->user_name
))
73 if (!uid_is_valid(hr
->uid
))
76 /* Insist we are outside of the dynamic and system range */
77 if (uid_is_system(hr
->uid
) || gid_is_system(user_record_gid(hr
)) ||
78 uid_is_dynamic(hr
->uid
) || gid_is_dynamic(user_record_gid(hr
)))
79 return -EADDRNOTAVAIL
;
81 /* Insist that GID and UID match */
82 if (user_record_gid(hr
) != (gid_t
) hr
->uid
)
85 /* Similar for the realm */
87 r
= suitable_realm(hr
->realm
);
97 int home_new(Manager
*m
, UserRecord
*hr
, const char *sysfs
, Home
**ret
) {
98 _cleanup_(home_freep
) Home
*home
= NULL
;
99 _cleanup_free_
char *nm
= NULL
, *ns
= NULL
;
105 r
= suitable_home_record(hr
);
109 if (hashmap_contains(m
->homes_by_name
, hr
->user_name
))
112 if (hashmap_contains(m
->homes_by_uid
, UID_TO_PTR(hr
->uid
)))
115 if (sysfs
&& hashmap_contains(m
->homes_by_sysfs
, sysfs
))
118 if (hashmap_size(m
->homes_by_name
) >= HOME_USERS_MAX
)
121 nm
= strdup(hr
->user_name
);
137 .user_name
= TAKE_PTR(nm
),
139 .state
= _HOME_STATE_INVALID
,
140 .worker_stdout_fd
= -EBADF
,
141 .sysfs
= TAKE_PTR(ns
),
142 .signed_locally
= -1,
144 .luks_lock_fd
= -EBADF
,
147 r
= hashmap_put(m
->homes_by_name
, home
->user_name
, home
);
151 r
= hashmap_put(m
->homes_by_uid
, UID_TO_PTR(home
->uid
), home
);
156 r
= hashmap_put(m
->homes_by_sysfs
, home
->sysfs
, home
);
161 r
= user_record_clone(hr
, USER_RECORD_LOAD_MASK_SECRET
|USER_RECORD_PERMISSIVE
, &home
->record
);
165 (void) bus_manager_emit_auto_login_changed(m
);
166 (void) bus_home_emit_change(home
);
167 (void) manager_schedule_rebalance(m
, /* immediately= */ false);
170 *ret
= TAKE_PTR(home
);
177 Home
*home_free(Home
*h
) {
183 (void) bus_home_emit_remove(h
);
184 (void) bus_manager_emit_auto_login_changed(h
->manager
);
187 (void) hashmap_remove_value(h
->manager
->homes_by_name
, h
->user_name
, h
);
189 if (uid_is_valid(h
->uid
))
190 (void) hashmap_remove_value(h
->manager
->homes_by_uid
, UID_TO_PTR(h
->uid
), h
);
193 (void) hashmap_remove_value(h
->manager
->homes_by_sysfs
, h
->sysfs
, h
);
195 if (h
->worker_pid
> 0)
196 (void) hashmap_remove_value(h
->manager
->homes_by_worker_pid
, PID_TO_PTR(h
->worker_pid
), h
);
198 if (h
->manager
->gc_focus
== h
)
199 h
->manager
->gc_focus
= NULL
;
201 (void) manager_schedule_rebalance(h
->manager
, /* immediately= */ false);
204 user_record_unref(h
->record
);
205 user_record_unref(h
->secret
);
207 h
->worker_event_source
= sd_event_source_disable_unref(h
->worker_event_source
);
208 safe_close(h
->worker_stdout_fd
);
212 h
->ref_event_source_please_suspend
= sd_event_source_disable_unref(h
->ref_event_source_please_suspend
);
213 h
->ref_event_source_dont_suspend
= sd_event_source_disable_unref(h
->ref_event_source_dont_suspend
);
215 h
->pending_operations
= ordered_set_free(h
->pending_operations
);
216 h
->pending_event_source
= sd_event_source_disable_unref(h
->pending_event_source
);
217 h
->deferred_change_event_source
= sd_event_source_disable_unref(h
->deferred_change_event_source
);
219 h
->current_operation
= operation_unref(h
->current_operation
);
221 safe_close(h
->pin_fd
);
222 safe_close(h
->luks_lock_fd
);
224 h
->retry_deactivate_event_source
= sd_event_source_disable_unref(h
->retry_deactivate_event_source
);
229 int home_set_record(Home
*h
, UserRecord
*hr
) {
230 _cleanup_(user_record_unrefp
) UserRecord
*new_hr
= NULL
;
235 assert(h
->user_name
);
239 if (user_record_equal(h
->record
, hr
))
242 r
= suitable_home_record(hr
);
246 if (!user_record_compatible(h
->record
, hr
))
249 if (!FLAGS_SET(hr
->mask
, USER_RECORD_REGULAR
) ||
250 FLAGS_SET(hr
->mask
, USER_RECORD_SECRET
))
253 if (FLAGS_SET(h
->record
->mask
, USER_RECORD_STATUS
)) {
254 _cleanup_(json_variant_unrefp
) JsonVariant
*v
= NULL
;
256 /* Hmm, the existing record has status fields? If so, copy them over */
258 v
= json_variant_ref(hr
->json
);
259 r
= json_variant_set_field(&v
, "status", json_variant_by_key(h
->record
->json
, "status"));
263 new_hr
= user_record_new();
267 r
= user_record_load(new_hr
, v
, USER_RECORD_LOAD_REFUSE_SECRET
|USER_RECORD_PERMISSIVE
);
274 other
= hashmap_get(h
->manager
->homes_by_uid
, UID_TO_PTR(hr
->uid
));
275 if (other
&& other
!= h
)
278 if (h
->uid
!= hr
->uid
) {
279 r
= hashmap_remove_and_replace(h
->manager
->homes_by_uid
, UID_TO_PTR(h
->uid
), UID_TO_PTR(hr
->uid
), h
);
284 user_record_unref(h
->record
);
285 h
->record
= user_record_ref(hr
);
286 h
->uid
= h
->record
->uid
;
288 /* The updated record might have a different autologin setting, trigger a PropertiesChanged event for it */
289 (void) bus_manager_emit_auto_login_changed(h
->manager
);
290 (void) bus_home_emit_change(h
);
295 int home_save_record(Home
*h
) {
296 _cleanup_(json_variant_unrefp
) JsonVariant
*v
= NULL
;
297 _cleanup_free_
char *text
= NULL
;
303 v
= json_variant_ref(h
->record
->json
);
304 r
= json_variant_normalize(&v
);
306 log_warning_errno(r
, "User record could not be normalized.");
308 r
= json_variant_format(v
, JSON_FORMAT_PRETTY
|JSON_FORMAT_NEWLINE
, &text
);
312 (void) mkdir("/var/lib/systemd/", 0755);
313 (void) mkdir(home_record_dir(), 0700);
315 fn
= strjoina(home_record_dir(), "/", h
->user_name
, ".identity");
317 r
= write_string_file(fn
, text
, WRITE_STRING_FILE_ATOMIC
|WRITE_STRING_FILE_CREATE
|WRITE_STRING_FILE_MODE_0600
|WRITE_STRING_FILE_SYNC
);
324 int home_unlink_record(Home
*h
) {
329 fn
= strjoina(home_record_dir(), "/", h
->user_name
, ".identity");
330 if (unlink(fn
) < 0 && errno
!= ENOENT
)
333 fn
= strjoina("/run/systemd/home/", h
->user_name
, ".ref");
334 if (unlink(fn
) < 0 && errno
!= ENOENT
)
340 static void home_unpin(Home
*h
) {
346 h
->pin_fd
= safe_close(h
->pin_fd
);
347 log_debug("Successfully closed pin fd on home for %s.", h
->user_name
);
350 static void home_pin(Home
*h
) {
355 if (h
->pin_fd
>= 0) /* Already pinned? */
358 path
= user_record_home_directory(h
->record
);
360 log_warning("No home directory path to pin for %s, ignoring.", h
->user_name
);
364 h
->pin_fd
= open(path
, O_RDONLY
|O_DIRECTORY
|O_CLOEXEC
);
366 log_warning_errno(errno
, "Couldn't open home directory '%s' for pinning, ignoring: %m", path
);
370 log_debug("Successfully pinned home directory '%s'.", path
);
373 static void home_update_pin_fd(Home
*h
, HomeState state
) {
377 state
= home_get_state(h
);
379 return HOME_STATE_SHALL_PIN(state
) ? home_pin(h
) : home_unpin(h
);
382 static void home_maybe_close_luks_lock_fd(Home
*h
, HomeState state
) {
385 if (h
->luks_lock_fd
< 0)
389 state
= home_get_state(h
);
391 /* Keep the lock as long as the home dir is active or has some operation going */
392 if (HOME_STATE_IS_EXECUTING_OPERATION(state
) || HOME_STATE_IS_ACTIVE(state
) || state
== HOME_LOCKED
)
395 h
->luks_lock_fd
= safe_close(h
->luks_lock_fd
);
396 log_debug("Successfully closed LUKS backing file lock for %s.", h
->user_name
);
399 static void home_maybe_stop_retry_deactivate(Home
*h
, HomeState state
) {
402 /* Free the deactivation retry event source if we won't need it anymore. Specifically, we'll free the
403 * event source whenever the home directory is already deactivated (and we thus where successful) or
404 * if we start executing an operation that indicates that the home directory is going to be used or
405 * operated on again. Also, if the home is referenced again stop the timer */
407 if (HOME_STATE_MAY_RETRY_DEACTIVATE(state
) &&
408 !h
->ref_event_source_dont_suspend
&&
409 !h
->ref_event_source_please_suspend
)
412 h
->retry_deactivate_event_source
= sd_event_source_disable_unref(h
->retry_deactivate_event_source
);
415 static int home_deactivate_internal(Home
*h
, bool force
, sd_bus_error
*error
);
416 static void home_start_retry_deactivate(Home
*h
);
418 static int home_on_retry_deactivate(sd_event_source
*s
, uint64_t usec
, void *userdata
) {
419 Home
*h
= ASSERT_PTR(userdata
);
424 /* 15s after the last attempt to deactivate the home directory passed. Let's try it one more time. */
426 h
->retry_deactivate_event_source
= sd_event_source_disable_unref(h
->retry_deactivate_event_source
);
428 state
= home_get_state(h
);
429 if (!HOME_STATE_MAY_RETRY_DEACTIVATE(state
))
432 if (IN_SET(state
, HOME_ACTIVE
, HOME_LINGERING
)) {
433 log_info("Again trying to deactivate home directory.");
435 /* If we are not executing any operation, let's start deactivating now. Note that this will
436 * restart our timer again, we are gonna be called again if this doesn't work. */
437 (void) home_deactivate_internal(h
, /* force= */ false, NULL
);
439 /* if we are executing an operation (specifically, area already running a deactivation
440 * operation), then simply reque the timer, so that we retry again. */
441 home_start_retry_deactivate(h
);
446 static void home_start_retry_deactivate(Home
*h
) {
452 /* Already allocated? */
453 if (h
->retry_deactivate_event_source
)
456 /* If the home directory is being used now don't start the timer */
457 if (h
->ref_event_source_dont_suspend
|| h
->ref_event_source_please_suspend
)
460 r
= sd_event_add_time_relative(
462 &h
->retry_deactivate_event_source
,
464 RETRY_DEACTIVATE_USEC
,
466 home_on_retry_deactivate
,
469 return (void) log_warning_errno(r
, "Failed to install retry-deactivate event source, ignoring: %m");
471 (void) sd_event_source_set_description(h
->retry_deactivate_event_source
, "retry-deactivate");
474 static void home_set_state(Home
*h
, HomeState state
) {
475 HomeState old_state
, new_state
;
479 old_state
= home_get_state(h
);
481 new_state
= home_get_state(h
); /* Query the new state, since the 'state' variable might be set to -1,
482 * in which case we synthesize an high-level state on demand */
484 log_info("%s: changing state %s %s %s", h
->user_name
,
485 home_state_to_string(old_state
),
486 special_glyph(SPECIAL_GLYPH_ARROW_RIGHT
),
487 home_state_to_string(new_state
));
489 home_update_pin_fd(h
, new_state
);
490 home_maybe_close_luks_lock_fd(h
, new_state
);
491 home_maybe_stop_retry_deactivate(h
, new_state
);
493 if (HOME_STATE_IS_EXECUTING_OPERATION(old_state
) && !HOME_STATE_IS_EXECUTING_OPERATION(new_state
)) {
494 /* If we just finished executing some operation, process the queue of pending operations. And
495 * enqueue it for GC too. */
497 home_schedule_operation(h
, NULL
, NULL
);
498 manager_reschedule_rebalance(h
->manager
);
499 manager_enqueue_gc(h
->manager
, h
);
503 static int home_parse_worker_stdout(int _fd
, UserRecord
**ret
) {
504 _cleanup_(json_variant_unrefp
) JsonVariant
*v
= NULL
;
505 _cleanup_close_
int fd
= _fd
; /* take possession, even on failure */
506 _cleanup_(user_record_unrefp
) UserRecord
*hr
= NULL
;
507 _cleanup_fclose_
FILE *f
= NULL
;
508 unsigned line
, column
;
512 if (fstat(fd
, &st
) < 0)
513 return log_error_errno(errno
, "Failed to stat stdout fd: %m");
515 assert(S_ISREG(st
.st_mode
));
517 if (st
.st_size
== 0) { /* empty record */
522 if (lseek(fd
, SEEK_SET
, 0) < 0)
523 return log_error_errno(errno
, "Failed to seek to beginning of memfd: %m");
525 f
= take_fdopen(&fd
, "r");
527 return log_error_errno(errno
, "Failed to reopen memfd: %m");
530 _cleanup_free_
char *text
= NULL
;
532 r
= read_full_stream(f
, &text
, NULL
);
534 return log_error_errno(r
, "Failed to read from client: %m");
536 log_debug("Got from worker: %s", text
);
540 r
= json_parse_file(f
, "stdout", JSON_PARSE_SENSITIVE
, &v
, &line
, &column
);
542 return log_error_errno(r
, "Failed to parse identity at %u:%u: %m", line
, column
);
544 hr
= user_record_new();
548 r
= user_record_load(hr
, v
, USER_RECORD_LOAD_REFUSE_SECRET
|USER_RECORD_PERMISSIVE
);
550 return log_error_errno(r
, "Failed to load home record identity: %m");
556 static int home_verify_user_record(Home
*h
, UserRecord
*hr
, bool *ret_signed_locally
, sd_bus_error
*ret_error
) {
561 assert(ret_signed_locally
);
563 is_signed
= manager_verify_user_record(h
->manager
, hr
);
566 case USER_RECORD_SIGNED_EXCLUSIVE
:
567 log_info("Home %s is signed exclusively by our key, accepting.", hr
->user_name
);
568 *ret_signed_locally
= true;
571 case USER_RECORD_SIGNED
:
572 log_info("Home %s is signed by our key (and others), accepting.", hr
->user_name
);
573 *ret_signed_locally
= false;
576 case USER_RECORD_FOREIGN
:
577 log_info("Home %s is signed by foreign key we like, accepting.", hr
->user_name
);
578 *ret_signed_locally
= false;
581 case USER_RECORD_UNSIGNED
:
582 sd_bus_error_setf(ret_error
, BUS_ERROR_BAD_SIGNATURE
, "User record %s is not signed at all, refusing.", hr
->user_name
);
583 return log_error_errno(SYNTHETIC_ERRNO(EPERM
), "Home %s contains user record that is not signed at all, refusing.", hr
->user_name
);
586 sd_bus_error_setf(ret_error
, BUS_ERROR_BAD_SIGNATURE
, "User record %s is not signed by any known key, refusing.", hr
->user_name
);
587 return log_error_errno(is_signed
, "Home %s contains user record that is not signed by any known key, refusing.", hr
->user_name
);
590 assert(is_signed
< 0);
591 return log_error_errno(is_signed
, "Failed to verify signature on user record for %s, refusing fixation: %m", hr
->user_name
);
595 static int convert_worker_errno(Home
*h
, int e
, sd_bus_error
*error
) {
596 /* Converts the error numbers the worker process returned into somewhat sensible dbus errors */
601 return sd_bus_error_set(error
, BUS_ERROR_BAD_HOME_SIZE
, "File systems of this type cannot be shrunk");
603 return sd_bus_error_set(error
, BUS_ERROR_BAD_HOME_SIZE
, "File systems of this type can only be shrunk offline");
605 return sd_bus_error_set(error
, BUS_ERROR_BAD_HOME_SIZE
, "File system size too small");
607 return sd_bus_error_set(error
, SD_BUS_ERROR_NOT_SUPPORTED
, "System does not support selected storage backend");
608 case -EPROTONOSUPPORT
:
609 return sd_bus_error_set(error
, SD_BUS_ERROR_NOT_SUPPORTED
, "System does not support selected file system");
611 return sd_bus_error_set(error
, SD_BUS_ERROR_NOT_SUPPORTED
, "Operation not supported on storage backend");
612 case -ESOCKTNOSUPPORT
:
613 return sd_bus_error_set(error
, SD_BUS_ERROR_NOT_SUPPORTED
, "Operation not supported on file system");
615 return sd_bus_error_setf(error
, BUS_ERROR_BAD_PASSWORD
, "Password for home %s is incorrect or not sufficient for authentication.", h
->user_name
);
617 return sd_bus_error_setf(error
, BUS_ERROR_BAD_PASSWORD_AND_NO_TOKEN
, "Password for home %s is incorrect or not sufficient, and configured security token not found either.", h
->user_name
);
619 return sd_bus_error_setf(error
, BUS_ERROR_BAD_RECOVERY_KEY
, "Recovery key for home %s is incorrect or not sufficient for authentication.", h
->user_name
);
621 return sd_bus_error_set(error
, BUS_ERROR_TOKEN_PIN_NEEDED
, "PIN for security token required.");
623 return sd_bus_error_set(error
, BUS_ERROR_TOKEN_PROTECTED_AUTHENTICATION_PATH_NEEDED
, "Security token requires protected authentication path.");
625 return sd_bus_error_set(error
, BUS_ERROR_TOKEN_USER_PRESENCE_NEEDED
, "Security token requires presence confirmation.");
627 return sd_bus_error_set(error
, BUS_ERROR_TOKEN_USER_VERIFICATION_NEEDED
, "Security token requires user verification.");
629 return sd_bus_error_set(error
, BUS_ERROR_TOKEN_ACTION_TIMEOUT
, "Token action timeout. (User was supposed to verify presence or similar, by interacting with the token, and didn't do that in time.)");
631 return sd_bus_error_set(error
, BUS_ERROR_TOKEN_PIN_LOCKED
, "PIN of security token locked.");
633 return sd_bus_error_set(error
, BUS_ERROR_TOKEN_BAD_PIN
, "Bad PIN of security token.");
635 return sd_bus_error_set(error
, BUS_ERROR_TOKEN_BAD_PIN_FEW_TRIES_LEFT
, "Bad PIN of security token, and only a few tries left.");
637 return sd_bus_error_set(error
, BUS_ERROR_TOKEN_BAD_PIN_ONE_TRY_LEFT
, "Bad PIN of security token, and only one try left.");
639 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "Home %s is currently being used, or an operation on home %s is currently being executed.", h
->user_name
, h
->user_name
);
641 return sd_bus_error_setf(error
, BUS_ERROR_HOME_NOT_ACTIVE
, "Home %s is currently not active", h
->user_name
);
643 return sd_bus_error_setf(error
, BUS_ERROR_NO_DISK_SPACE
, "Not enough disk space for home %s", h
->user_name
);
645 return sd_bus_error_setf(error
, BUS_ERROR_HOME_CANT_AUTHENTICATE
, "Home %s has no password or other authentication mechanism defined.", h
->user_name
);
647 return sd_bus_error_setf(error
, BUS_ERROR_HOME_IN_USE
, "Home %s is currently being used elsewhere.", h
->user_name
);
653 static void home_count_bad_authentication(Home
*h
, int error
, bool save
) {
659 -ENOKEY
, /* Password incorrect */
660 -EBADSLT
, /* Password incorrect and no token */
661 -EREMOTEIO
)) /* Recovery key incorrect */
664 r
= user_record_bad_authentication(h
->record
);
666 log_warning_errno(r
, "Failed to increase bad authentication counter, ignoring: %m");
671 r
= home_save_record(h
);
673 log_warning_errno(r
, "Failed to write home record to disk, ignoring: %m");
677 static void home_fixate_finish(Home
*h
, int ret
, UserRecord
*hr
) {
678 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
679 _cleanup_(user_record_unrefp
) UserRecord
*secret
= NULL
;
684 assert(IN_SET(h
->state
, HOME_FIXATING
, HOME_FIXATING_FOR_ACTIVATION
, HOME_FIXATING_FOR_ACQUIRE
));
686 secret
= TAKE_PTR(h
->secret
); /* Take possession */
689 (void) home_count_bad_authentication(h
, ret
, /* save= */ false);
691 (void) convert_worker_errno(h
, ret
, &error
);
692 r
= log_error_errno(ret
, "Fixation failed: %m");
696 r
= log_error_errno(SYNTHETIC_ERRNO(EIO
), "Did not receive user record from worker process, fixation failed.");
700 r
= home_verify_user_record(h
, hr
, &signed_locally
, &error
);
704 r
= home_set_record(h
, hr
);
706 log_error_errno(r
, "Failed to update home record: %m");
710 h
->signed_locally
= signed_locally
;
712 /* When we finished fixating (and don't follow-up with activation), let's count this as good authentication */
713 if (h
->state
== HOME_FIXATING
) {
714 r
= user_record_good_authentication(h
->record
);
716 log_warning_errno(r
, "Failed to increase good authentication counter, ignoring: %m");
719 r
= home_save_record(h
);
721 log_warning_errno(r
, "Failed to write home record to disk, ignoring: %m");
723 if (IN_SET(h
->state
, HOME_FIXATING_FOR_ACTIVATION
, HOME_FIXATING_FOR_ACQUIRE
)) {
725 r
= home_start_work(h
, "activate", h
->record
, secret
);
727 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, NULL
);
728 home_set_state(h
, _HOME_STATE_INVALID
);
730 home_set_state(h
, h
->state
== HOME_FIXATING_FOR_ACTIVATION
? HOME_ACTIVATING
: HOME_ACTIVATING_FOR_ACQUIRE
);
735 log_debug("Fixation of %s completed.", h
->user_name
);
737 h
->current_operation
= operation_result_unref(h
->current_operation
, 0, NULL
);
739 /* Reset the state to "invalid", which makes home_get_state() test if the image exists and returns
740 * HOME_ABSENT vs. HOME_INACTIVE as necessary. */
741 home_set_state(h
, _HOME_STATE_INVALID
);
742 (void) manager_schedule_rebalance(h
->manager
, /* immediately= */ false);
746 /* If fixation fails, we stay in unfixated state! */
747 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
748 home_set_state(h
, HOME_UNFIXATED
);
751 static bool error_is_bad_password(int ret
) {
752 /* Tests for the various cases of bad passwords. We generally don't want to log so loudly about
753 * these, since everyone types in a bad password now and then. Moreover we usually try to start out
754 * with an empty set of passwords, so the first authentication will frequently fail, if not token is
758 -ENOKEY
, /* Bad password, or insufficient */
759 -EBADSLT
, /* Bad password, and no token */
760 -EREMOTEIO
, /* Bad recovery key */
761 -ENOANO
, /* PIN for security token needed */
762 -ERFKILL
, /* "Protected Authentication Path" for token needed */
763 -EMEDIUMTYPE
, /* Presence confirmation on token needed */
764 -ENOCSI
, /* User verification on token needed */
765 -ENOSTR
, /* Token action timeout */
766 -EOWNERDEAD
, /* PIN locked of security token */
767 -ENOLCK
, /* Bad PIN of security token */
768 -ETOOMANYREFS
, /* Bad PIN and few tries left */
769 -EUCLEAN
); /* Bad PIN and one try left */
772 static void home_activate_finish(Home
*h
, int ret
, UserRecord
*hr
) {
773 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
777 assert(IN_SET(h
->state
, HOME_ACTIVATING
, HOME_ACTIVATING_FOR_ACQUIRE
));
780 (void) home_count_bad_authentication(h
, ret
, /* save= */ true);
782 (void) convert_worker_errno(h
, ret
, &error
);
783 r
= log_full_errno(error_is_bad_password(ret
) ? LOG_NOTICE
: LOG_ERR
,
784 ret
, "Activation failed: %s", bus_error_message(&error
, ret
));
791 r
= home_verify_user_record(h
, hr
, &signed_locally
, &error
);
795 r
= home_set_record(h
, hr
);
797 log_error_errno(r
, "Failed to update home record, ignoring: %m");
801 h
->signed_locally
= signed_locally
;
803 r
= user_record_good_authentication(h
->record
);
805 log_warning_errno(r
, "Failed to increase good authentication counter, ignoring: %m");
807 r
= home_save_record(h
);
809 log_warning_errno(r
, "Failed to write home record to disk, ignoring: %m");
812 log_debug("Activation of %s completed.", h
->user_name
);
816 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
817 home_set_state(h
, _HOME_STATE_INVALID
);
820 (void) manager_schedule_rebalance(h
->manager
, /* immediately= */ true);
823 static void home_deactivate_finish(Home
*h
, int ret
, UserRecord
*hr
) {
824 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
828 assert(h
->state
== HOME_DEACTIVATING
);
829 assert(!hr
); /* We don't expect a record on this operation */
832 (void) convert_worker_errno(h
, ret
, &error
);
833 r
= log_error_errno(ret
, "Deactivation of %s failed: %m", h
->user_name
);
837 log_debug("Deactivation of %s completed.", h
->user_name
);
841 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
842 home_set_state(h
, _HOME_STATE_INVALID
);
845 (void) manager_schedule_rebalance(h
->manager
, /* immediately= */ true);
848 static void home_remove_finish(Home
*h
, int ret
, UserRecord
*hr
) {
849 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
854 assert(h
->state
== HOME_REMOVING
);
855 assert(!hr
); /* We don't expect a record on this operation */
859 if (ret
< 0 && ret
!= -EALREADY
) {
860 (void) convert_worker_errno(h
, ret
, &error
);
861 r
= log_error_errno(ret
, "Removing %s failed: %m", h
->user_name
);
865 /* For a couple of storage types we can't delete the actual data storage when called (such as LUKS on
866 * partitions like USB sticks, or so). Sometimes these storage locations are among those we normally
867 * automatically discover in /home or in udev. When such a home is deleted let's hence issue a rescan
868 * after completion, so that "unfixated" entries are rediscovered. */
869 if (!IN_SET(user_record_test_image_path(h
->record
), USER_TEST_UNDEFINED
, USER_TEST_ABSENT
))
870 manager_enqueue_rescan(m
);
872 /* The image is now removed from disk. Now also remove our stored record */
873 r
= home_unlink_record(h
);
875 log_error_errno(r
, "Removing record file failed: %m");
879 log_debug("Removal of %s completed.", h
->user_name
);
880 h
->current_operation
= operation_result_unref(h
->current_operation
, 0, NULL
);
882 /* Unload this record from memory too now. */
885 (void) manager_schedule_rebalance(m
, /* immediately= */ true);
889 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
890 home_set_state(h
, _HOME_STATE_INVALID
);
893 static void home_create_finish(Home
*h
, int ret
, UserRecord
*hr
) {
897 assert(h
->state
== HOME_CREATING
);
900 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
902 (void) convert_worker_errno(h
, ret
, &error
);
903 log_error_errno(ret
, "Operation on %s failed: %m", h
->user_name
);
904 h
->current_operation
= operation_result_unref(h
->current_operation
, ret
, &error
);
906 if (h
->unregister_on_failure
) {
907 (void) home_unlink_record(h
);
912 home_set_state(h
, _HOME_STATE_INVALID
);
917 r
= home_set_record(h
, hr
);
919 log_warning_errno(r
, "Failed to update home record, ignoring: %m");
922 r
= home_save_record(h
);
924 log_warning_errno(r
, "Failed to save record to disk, ignoring: %m");
926 log_debug("Creation of %s completed.", h
->user_name
);
928 h
->current_operation
= operation_result_unref(h
->current_operation
, 0, NULL
);
929 home_set_state(h
, _HOME_STATE_INVALID
);
931 (void) manager_schedule_rebalance(h
->manager
, /* immediately= */ true);
934 static void home_change_finish(Home
*h
, int ret
, UserRecord
*hr
) {
935 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
941 (void) home_count_bad_authentication(h
, ret
, /* save= */ true);
943 (void) convert_worker_errno(h
, ret
, &error
);
944 r
= log_full_errno(error_is_bad_password(ret
) ? LOG_NOTICE
: LOG_ERR
,
945 ret
, "Change operation failed: %s", bus_error_message(&error
, ret
));
950 r
= home_set_record(h
, hr
);
952 log_warning_errno(r
, "Failed to update home record, ignoring: %m");
954 r
= user_record_good_authentication(h
->record
);
956 log_warning_errno(r
, "Failed to increase good authentication counter, ignoring: %m");
958 r
= home_save_record(h
);
960 log_warning_errno(r
, "Failed to write home record to disk, ignoring: %m");
964 log_debug("Change operation of %s completed.", h
->user_name
);
965 (void) manager_schedule_rebalance(h
->manager
, /* immediately= */ false);
969 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
970 home_set_state(h
, _HOME_STATE_INVALID
);
973 static void home_locking_finish(Home
*h
, int ret
, UserRecord
*hr
) {
974 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
978 assert(h
->state
== HOME_LOCKING
);
981 (void) convert_worker_errno(h
, ret
, &error
);
982 r
= log_error_errno(ret
, "Locking operation failed: %m");
986 log_debug("Locking operation of %s completed.", h
->user_name
);
987 h
->current_operation
= operation_result_unref(h
->current_operation
, 0, NULL
);
988 home_set_state(h
, HOME_LOCKED
);
992 /* If a specific home doesn't know the concept of locking, then that's totally OK, don't propagate
993 * the error if we are executing a LockAllHomes() operation. */
995 if (h
->current_operation
->type
== OPERATION_LOCK_ALL
&& r
== -ENOTTY
)
996 h
->current_operation
= operation_result_unref(h
->current_operation
, 0, NULL
);
998 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
1000 home_set_state(h
, _HOME_STATE_INVALID
);
1003 static void home_unlocking_finish(Home
*h
, int ret
, UserRecord
*hr
) {
1004 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1008 assert(IN_SET(h
->state
, HOME_UNLOCKING
, HOME_UNLOCKING_FOR_ACQUIRE
));
1011 (void) home_count_bad_authentication(h
, ret
, /* save= */ true);
1013 (void) convert_worker_errno(h
, ret
, &error
);
1014 r
= log_full_errno(error_is_bad_password(ret
) ? LOG_NOTICE
: LOG_ERR
,
1015 ret
, "Unlocking operation failed: %s", bus_error_message(&error
, ret
));
1017 /* Revert to locked state */
1018 home_set_state(h
, HOME_LOCKED
);
1019 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
1023 r
= user_record_good_authentication(h
->record
);
1025 log_warning_errno(r
, "Failed to increase good authentication counter, ignoring: %m");
1027 r
= home_save_record(h
);
1029 log_warning_errno(r
, "Failed to write home record to disk, ignoring: %m");
1032 log_debug("Unlocking operation of %s completed.", h
->user_name
);
1034 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
1035 home_set_state(h
, _HOME_STATE_INVALID
);
1039 static void home_authenticating_finish(Home
*h
, int ret
, UserRecord
*hr
) {
1040 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1044 assert(IN_SET(h
->state
, HOME_AUTHENTICATING
, HOME_AUTHENTICATING_WHILE_ACTIVE
, HOME_AUTHENTICATING_FOR_ACQUIRE
));
1047 (void) home_count_bad_authentication(h
, ret
, /* save= */ true);
1049 (void) convert_worker_errno(h
, ret
, &error
);
1050 r
= log_full_errno(error_is_bad_password(ret
) ? LOG_NOTICE
: LOG_ERR
,
1051 ret
, "Authentication failed: %s", bus_error_message(&error
, ret
));
1056 r
= home_set_record(h
, hr
);
1058 log_warning_errno(r
, "Failed to update home record, ignoring: %m");
1060 r
= user_record_good_authentication(h
->record
);
1062 log_warning_errno(r
, "Failed to increase good authentication counter, ignoring: %m");
1064 r
= home_save_record(h
);
1066 log_warning_errno(r
, "Failed to write home record to disk, ignoring: %m");
1070 log_debug("Authentication of %s completed.", h
->user_name
);
1074 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
1075 home_set_state(h
, _HOME_STATE_INVALID
);
1078 static int home_on_worker_process(sd_event_source
*s
, const siginfo_t
*si
, void *userdata
) {
1079 _cleanup_(user_record_unrefp
) UserRecord
*hr
= NULL
;
1080 Home
*h
= ASSERT_PTR(userdata
);
1086 assert(h
->worker_pid
== si
->si_pid
);
1087 assert(h
->worker_event_source
);
1088 assert(h
->worker_stdout_fd
>= 0);
1090 (void) hashmap_remove_value(h
->manager
->homes_by_worker_pid
, PID_TO_PTR(h
->worker_pid
), h
);
1093 h
->worker_event_source
= sd_event_source_disable_unref(h
->worker_event_source
);
1095 if (si
->si_code
!= CLD_EXITED
) {
1096 assert(IN_SET(si
->si_code
, CLD_KILLED
, CLD_DUMPED
));
1097 ret
= log_debug_errno(SYNTHETIC_ERRNO(EPROTO
), "Worker process died abnormally with signal %s.", signal_to_string(si
->si_status
));
1098 } else if (si
->si_status
!= EXIT_SUCCESS
) {
1099 /* If we received an error code via sd_notify(), use it */
1100 if (h
->worker_error_code
!= 0)
1101 ret
= log_debug_errno(h
->worker_error_code
, "Worker reported error code %s.", errno_to_name(h
->worker_error_code
));
1103 ret
= log_debug_errno(SYNTHETIC_ERRNO(EPROTO
), "Worker exited with exit code %i.", si
->si_status
);
1105 ret
= home_parse_worker_stdout(TAKE_FD(h
->worker_stdout_fd
), &hr
);
1107 h
->worker_stdout_fd
= safe_close(h
->worker_stdout_fd
);
1112 case HOME_FIXATING_FOR_ACTIVATION
:
1113 case HOME_FIXATING_FOR_ACQUIRE
:
1114 home_fixate_finish(h
, ret
, hr
);
1117 case HOME_ACTIVATING
:
1118 case HOME_ACTIVATING_FOR_ACQUIRE
:
1119 home_activate_finish(h
, ret
, hr
);
1122 case HOME_DEACTIVATING
:
1123 home_deactivate_finish(h
, ret
, hr
);
1127 home_locking_finish(h
, ret
, hr
);
1130 case HOME_UNLOCKING
:
1131 case HOME_UNLOCKING_FOR_ACQUIRE
:
1132 home_unlocking_finish(h
, ret
, hr
);
1136 home_create_finish(h
, ret
, hr
);
1140 home_remove_finish(h
, ret
, hr
);
1144 case HOME_UPDATING_WHILE_ACTIVE
:
1146 case HOME_RESIZING_WHILE_ACTIVE
:
1148 case HOME_PASSWD_WHILE_ACTIVE
:
1149 home_change_finish(h
, ret
, hr
);
1152 case HOME_AUTHENTICATING
:
1153 case HOME_AUTHENTICATING_WHILE_ACTIVE
:
1154 case HOME_AUTHENTICATING_FOR_ACQUIRE
:
1155 home_authenticating_finish(h
, ret
, hr
);
1159 assert_not_reached();
1165 static int home_start_work(Home
*h
, const char *verb
, UserRecord
*hr
, UserRecord
*secret
) {
1166 _cleanup_(json_variant_unrefp
) JsonVariant
*v
= NULL
;
1167 _cleanup_(erase_and_freep
) char *formatted
= NULL
;
1168 _cleanup_close_
int stdin_fd
= -EBADF
, stdout_fd
= -EBADF
;
1176 if (h
->worker_pid
!= 0)
1179 assert(h
->worker_stdout_fd
< 0);
1180 assert(!h
->worker_event_source
);
1182 v
= json_variant_ref(hr
->json
);
1185 JsonVariant
*sub
= NULL
;
1187 sub
= json_variant_by_key(secret
->json
, "secret");
1191 r
= json_variant_set_field(&v
, "secret", sub
);
1196 r
= json_variant_format(v
, 0, &formatted
);
1200 stdin_fd
= acquire_data_fd(formatted
, strlen(formatted
), 0);
1204 log_debug("Sending to worker: %s", formatted
);
1206 stdout_fd
= memfd_create_wrapper("homework-stdout", MFD_CLOEXEC
| MFD_NOEXEC_SEAL
);
1210 r
= safe_fork_full("(sd-homework)",
1211 (int[]) { stdin_fd
, stdout_fd
, STDERR_FILENO
},
1213 FORK_RESET_SIGNALS
|FORK_CLOSE_ALL_FDS
|FORK_DEATHSIG_SIGTERM
|FORK_REARRANGE_STDIO
|FORK_LOG
|FORK_REOPEN_LOG
, &pid
);
1217 _cleanup_free_
char *joined
= NULL
;
1218 const char *homework
, *suffix
, *unix_path
;
1222 suffix
= getenv("SYSTEMD_HOME_DEBUG_SUFFIX");
1224 joined
= strjoin("/run/systemd/home/notify.", suffix
);
1229 unix_path
= "/run/systemd/home/notify";
1231 if (setenv("NOTIFY_SOCKET", unix_path
, 1) < 0) {
1232 log_error_errno(errno
, "Failed to set $NOTIFY_SOCKET: %m");
1233 _exit(EXIT_FAILURE
);
1236 /* If we haven't locked the device yet, ask for a lock to be taken and be passed back to us via sd_notify(). */
1237 if (setenv("SYSTEMD_LUKS_LOCK", one_zero(h
->luks_lock_fd
< 0), 1) < 0) {
1238 log_error_errno(errno
, "Failed to set $SYSTEMD_LUKS_LOCK: %m");
1239 _exit(EXIT_FAILURE
);
1242 if (h
->manager
->default_storage
>= 0)
1243 if (setenv("SYSTEMD_HOME_DEFAULT_STORAGE", user_storage_to_string(h
->manager
->default_storage
), 1) < 0) {
1244 log_error_errno(errno
, "Failed to set $SYSTEMD_HOME_DEFAULT_STORAGE: %m");
1245 _exit(EXIT_FAILURE
);
1248 if (h
->manager
->default_file_system_type
)
1249 if (setenv("SYSTEMD_HOME_DEFAULT_FILE_SYSTEM_TYPE", h
->manager
->default_file_system_type
, 1) < 0) {
1250 log_error_errno(errno
, "Failed to set $SYSTEMD_HOME_DEFAULT_FILE_SYSTEM_TYPE: %m");
1251 _exit(EXIT_FAILURE
);
1254 r
= setenv_systemd_exec_pid(true);
1256 log_warning_errno(r
, "Failed to update $SYSTEMD_EXEC_PID, ignoring: %m");
1258 /* Allow overriding the homework path via an environment variable, to make debugging
1260 homework
= getenv("SYSTEMD_HOMEWORK_PATH") ?: SYSTEMD_HOMEWORK_PATH
;
1262 execl(homework
, homework
, verb
, NULL
);
1263 log_error_errno(errno
, "Failed to invoke %s: %m", homework
);
1264 _exit(EXIT_FAILURE
);
1267 r
= sd_event_add_child(h
->manager
->event
, &h
->worker_event_source
, pid
, WEXITED
, home_on_worker_process
, h
);
1271 (void) sd_event_source_set_description(h
->worker_event_source
, "worker");
1273 r
= hashmap_put(h
->manager
->homes_by_worker_pid
, PID_TO_PTR(pid
), h
);
1275 h
->worker_event_source
= sd_event_source_disable_unref(h
->worker_event_source
);
1279 h
->worker_stdout_fd
= TAKE_FD(stdout_fd
);
1280 h
->worker_pid
= pid
;
1281 h
->worker_error_code
= 0;
1286 static int home_ratelimit(Home
*h
, sd_bus_error
*error
) {
1291 ret
= user_record_ratelimit(h
->record
);
1295 if (h
->state
!= HOME_UNFIXATED
) {
1296 r
= home_save_record(h
);
1298 log_warning_errno(r
, "Failed to save updated record, ignoring: %m");
1304 n
= now(CLOCK_REALTIME
);
1305 t
= user_record_ratelimit_next_try(h
->record
);
1307 if (t
!= USEC_INFINITY
&& t
> n
)
1308 return sd_bus_error_setf(error
, BUS_ERROR_AUTHENTICATION_LIMIT_HIT
,
1309 "Too many login attempts, please try again in %s!",
1310 FORMAT_TIMESPAN(t
- n
, USEC_PER_SEC
));
1312 return sd_bus_error_set(error
, BUS_ERROR_AUTHENTICATION_LIMIT_HIT
, "Too many login attempts, please try again later.");
1318 static int home_fixate_internal(
1321 HomeState for_state
,
1322 sd_bus_error
*error
) {
1327 assert(IN_SET(for_state
, HOME_FIXATING
, HOME_FIXATING_FOR_ACTIVATION
, HOME_FIXATING_FOR_ACQUIRE
));
1329 r
= home_start_work(h
, "inspect", h
->record
, secret
);
1333 if (IN_SET(for_state
, HOME_FIXATING_FOR_ACTIVATION
, HOME_FIXATING_FOR_ACQUIRE
)) {
1334 /* Remember the secret data, since we need it for the activation again, later on. */
1335 user_record_unref(h
->secret
);
1336 h
->secret
= user_record_ref(secret
);
1339 home_set_state(h
, for_state
);
1343 int home_fixate(Home
*h
, UserRecord
*secret
, sd_bus_error
*error
) {
1348 switch (home_get_state(h
)) {
1350 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ABSENT
, "Home %s is currently missing or not plugged in.", h
->user_name
);
1354 case HOME_LINGERING
:
1356 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ALREADY_FIXATED
, "Home %s is already fixated.", h
->user_name
);
1357 case HOME_UNFIXATED
:
1360 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1363 r
= home_ratelimit(h
, error
);
1367 return home_fixate_internal(h
, secret
, HOME_FIXATING
, error
);
1370 static int home_activate_internal(Home
*h
, UserRecord
*secret
, HomeState for_state
, sd_bus_error
*error
) {
1374 assert(IN_SET(for_state
, HOME_ACTIVATING
, HOME_ACTIVATING_FOR_ACQUIRE
));
1376 r
= home_start_work(h
, "activate", h
->record
, secret
);
1380 home_set_state(h
, for_state
);
1384 int home_activate(Home
*h
, UserRecord
*secret
, sd_bus_error
*error
) {
1389 switch (home_get_state(h
)) {
1390 case HOME_UNFIXATED
:
1391 return home_fixate_internal(h
, secret
, HOME_FIXATING_FOR_ACTIVATION
, error
);
1393 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ABSENT
, "Home %s is currently missing or not plugged in.", h
->user_name
);
1395 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ALREADY_ACTIVE
, "Home %s is already active.", h
->user_name
);
1396 case HOME_LINGERING
:
1397 /* If we are lingering, i.e. active but are supposed to be deactivated, then cancel this
1398 * timer if the user explicitly asks us to be active */
1399 h
->retry_deactivate_event_source
= sd_event_source_disable_unref(h
->retry_deactivate_event_source
);
1402 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
1407 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1410 r
= home_ratelimit(h
, error
);
1414 return home_activate_internal(h
, secret
, HOME_ACTIVATING
, error
);
1417 static int home_authenticate_internal(Home
*h
, UserRecord
*secret
, HomeState for_state
, sd_bus_error
*error
) {
1421 assert(IN_SET(for_state
, HOME_AUTHENTICATING
, HOME_AUTHENTICATING_WHILE_ACTIVE
, HOME_AUTHENTICATING_FOR_ACQUIRE
));
1423 r
= home_start_work(h
, "inspect", h
->record
, secret
);
1427 home_set_state(h
, for_state
);
1431 int home_authenticate(Home
*h
, UserRecord
*secret
, sd_bus_error
*error
) {
1437 state
= home_get_state(h
);
1440 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ABSENT
, "Home %s is currently missing or not plugged in.", h
->user_name
);
1442 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
1443 case HOME_UNFIXATED
:
1447 case HOME_LINGERING
:
1450 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1453 r
= home_ratelimit(h
, error
);
1457 return home_authenticate_internal(h
, secret
, HOME_STATE_IS_ACTIVE(state
) ? HOME_AUTHENTICATING_WHILE_ACTIVE
: HOME_AUTHENTICATING
, error
);
1460 static int home_deactivate_internal(Home
*h
, bool force
, sd_bus_error
*error
) {
1465 home_unpin(h
); /* unpin so that we can deactivate */
1467 r
= home_start_work(h
, force
? "deactivate-force" : "deactivate", h
->record
, NULL
);
1469 /* Operation failed before it even started, reacquire pin fd, if state still dictates so */
1470 home_update_pin_fd(h
, _HOME_STATE_INVALID
);
1472 home_set_state(h
, HOME_DEACTIVATING
);
1476 /* Let's start a timer to retry deactivation in 15. We'll stop the timer once we manage to deactivate
1477 * the home directory again, or we start any other operation. */
1478 home_start_retry_deactivate(h
);
1483 int home_deactivate(Home
*h
, bool force
, sd_bus_error
*error
) {
1486 switch (home_get_state(h
)) {
1487 case HOME_UNFIXATED
:
1491 return sd_bus_error_setf(error
, BUS_ERROR_HOME_NOT_ACTIVE
, "Home %s not active.", h
->user_name
);
1493 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
1495 case HOME_LINGERING
:
1498 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1501 return home_deactivate_internal(h
, force
, error
);
1504 int home_create(Home
*h
, UserRecord
*secret
, sd_bus_error
*error
) {
1509 switch (home_get_state(h
)) {
1510 case HOME_INACTIVE
: {
1513 if (h
->record
->storage
< 0)
1514 break; /* if no storage is defined we don't know what precisely to look for, hence
1515 * HOME_INACTIVE is OK in that case too. */
1517 t
= user_record_test_image_path(h
->record
);
1518 if (IN_SET(t
, USER_TEST_MAYBE
, USER_TEST_UNDEFINED
))
1519 break; /* And if the image path test isn't conclusive, let's also go on */
1521 if (IN_SET(t
, -EBADF
, -ENOTDIR
))
1522 return sd_bus_error_setf(error
, BUS_ERROR_HOME_EXISTS
, "Selected home image of user %s already exists or has wrong inode type.", h
->user_name
);
1524 return sd_bus_error_setf(error
, BUS_ERROR_HOME_EXISTS
, "Selected home image of user %s already exists.", h
->user_name
);
1526 case HOME_UNFIXATED
:
1528 return sd_bus_error_setf(error
, BUS_ERROR_HOME_EXISTS
, "Home of user %s already exists.", h
->user_name
);
1532 case HOME_LINGERING
:
1535 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "Home %s is currently being used, or an operation on home %s is currently being executed.", h
->user_name
, h
->user_name
);
1538 if (h
->record
->enforce_password_policy
== false)
1539 log_debug("Password quality check turned off for account, skipping.");
1541 r
= user_record_check_password_quality(h
->record
, secret
, error
);
1546 r
= home_start_work(h
, "create", h
->record
, secret
);
1550 home_set_state(h
, HOME_CREATING
);
1554 int home_remove(Home
*h
, sd_bus_error
*error
) {
1560 state
= home_get_state(h
);
1562 case HOME_ABSENT
: /* If the home directory is absent, then this is just like unregistering */
1563 return home_unregister(h
, error
);
1565 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
1566 case HOME_UNFIXATED
:
1571 case HOME_LINGERING
:
1573 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "Home %s is currently being used, or an operation on home %s is currently being executed.", h
->user_name
, h
->user_name
);
1576 r
= home_start_work(h
, "remove", h
->record
, NULL
);
1580 home_set_state(h
, HOME_REMOVING
);
1584 static int user_record_extend_with_binding(UserRecord
*hr
, UserRecord
*with_binding
, UserRecordLoadFlags flags
, UserRecord
**ret
) {
1585 _cleanup_(json_variant_unrefp
) JsonVariant
*v
= NULL
;
1586 _cleanup_(user_record_unrefp
) UserRecord
*nr
= NULL
;
1587 JsonVariant
*binding
;
1591 assert(with_binding
);
1594 assert_se(v
= json_variant_ref(hr
->json
));
1596 binding
= json_variant_by_key(with_binding
->json
, "binding");
1598 r
= json_variant_set_field(&v
, "binding", binding
);
1603 nr
= user_record_new();
1607 r
= user_record_load(nr
, v
, flags
);
1611 *ret
= TAKE_PTR(nr
);
1615 static int home_update_internal(
1620 sd_bus_error
*error
) {
1622 _cleanup_(user_record_unrefp
) UserRecord
*new_hr
= NULL
, *saved_secret
= NULL
, *signed_hr
= NULL
;
1629 if (!user_record_compatible(hr
, h
->record
))
1630 return sd_bus_error_set(error
, BUS_ERROR_HOME_RECORD_MISMATCH
, "Updated user record is not compatible with existing one.");
1631 c
= user_record_compare_last_change(hr
, h
->record
); /* refuse downgrades */
1633 return sd_bus_error_set(error
, BUS_ERROR_HOME_RECORD_DOWNGRADE
, "Refusing to update to older home record.");
1635 if (!secret
&& FLAGS_SET(hr
->mask
, USER_RECORD_SECRET
)) {
1636 r
= user_record_clone(hr
, USER_RECORD_EXTRACT_SECRET
|USER_RECORD_PERMISSIVE
, &saved_secret
);
1640 secret
= saved_secret
;
1643 r
= manager_verify_user_record(h
->manager
, hr
);
1646 case USER_RECORD_UNSIGNED
:
1647 if (h
->signed_locally
<= 0) /* If the existing record is not owned by us, don't accept an
1648 * unsigned new record. i.e. only implicitly sign new records
1649 * that where previously signed by us too. */
1650 return sd_bus_error_setf(error
, BUS_ERROR_HOME_RECORD_SIGNED
, "Home %s is signed and cannot be modified locally.", h
->user_name
);
1652 /* The updated record is not signed, then do so now */
1653 r
= manager_sign_user_record(h
->manager
, hr
, &signed_hr
, error
);
1660 case USER_RECORD_SIGNED_EXCLUSIVE
:
1661 case USER_RECORD_SIGNED
:
1662 case USER_RECORD_FOREIGN
:
1663 /* Has already been signed. Great! */
1671 r
= user_record_extend_with_binding(hr
, h
->record
, USER_RECORD_LOAD_MASK_SECRET
|USER_RECORD_PERMISSIVE
, &new_hr
);
1676 /* different payload but same lastChangeUSec field? That's not cool! */
1678 r
= user_record_masked_equal(new_hr
, h
->record
, USER_RECORD_REGULAR
|USER_RECORD_PRIVILEGED
|USER_RECORD_PER_MACHINE
);
1682 return sd_bus_error_set(error
, BUS_ERROR_HOME_RECORD_MISMATCH
, "Home record different but timestamp remained the same, refusing.");
1685 r
= home_start_work(h
, verb
, new_hr
, secret
);
1692 int home_update(Home
*h
, UserRecord
*hr
, sd_bus_error
*error
) {
1699 state
= home_get_state(h
);
1701 case HOME_UNFIXATED
:
1702 return sd_bus_error_setf(error
, BUS_ERROR_HOME_UNFIXATED
, "Home %s has not been fixated yet.", h
->user_name
);
1704 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ABSENT
, "Home %s is currently missing or not plugged in.", h
->user_name
);
1706 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
1710 case HOME_LINGERING
:
1713 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1716 r
= home_ratelimit(h
, error
);
1720 r
= home_update_internal(h
, "update", hr
, NULL
, error
);
1724 home_set_state(h
, HOME_STATE_IS_ACTIVE(state
) ? HOME_UPDATING_WHILE_ACTIVE
: HOME_UPDATING
);
1728 int home_resize(Home
*h
,
1732 sd_bus_error
*error
) {
1734 _cleanup_(user_record_unrefp
) UserRecord
*c
= NULL
;
1740 state
= home_get_state(h
);
1742 case HOME_UNFIXATED
:
1743 return sd_bus_error_setf(error
, BUS_ERROR_HOME_UNFIXATED
, "Home %s has not been fixated yet.", h
->user_name
);
1745 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ABSENT
, "Home %s is currently missing or not plugged in.", h
->user_name
);
1747 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
1751 case HOME_LINGERING
:
1754 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1757 r
= home_ratelimit(h
, error
);
1761 /* If the user didn't specify any size explicitly and rebalancing is on, then the disk size is
1762 * determined by automatic rebalancing and hence not user configured but determined by us and thus
1763 * applied anyway. */
1764 if (disk_size
== UINT64_MAX
&& h
->record
->rebalance_weight
!= REBALANCE_WEIGHT_OFF
)
1765 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "Disk size is being determined by automatic disk space rebalancing.");
1767 if (disk_size
== UINT64_MAX
|| disk_size
== h
->record
->disk_size
) {
1768 if (h
->record
->disk_size
== UINT64_MAX
)
1769 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "No disk size to resize to specified.");
1771 c
= user_record_ref(h
->record
); /* Shortcut if size is unspecified or matches the record */
1773 _cleanup_(user_record_unrefp
) UserRecord
*signed_c
= NULL
;
1775 if (h
->signed_locally
<= 0) /* Don't allow changing of records not signed only by us */
1776 return sd_bus_error_setf(error
, BUS_ERROR_HOME_RECORD_SIGNED
, "Home %s is signed and cannot be modified locally.", h
->user_name
);
1778 r
= user_record_clone(h
->record
, USER_RECORD_LOAD_REFUSE_SECRET
|USER_RECORD_PERMISSIVE
, &c
);
1782 r
= user_record_set_disk_size(c
, disk_size
);
1784 return sd_bus_error_setf(error
, BUS_ERROR_BAD_HOME_SIZE
, "Requested size for home %s out of acceptable range.", h
->user_name
);
1788 /* If user picked an explicit size, then turn off rebalancing, so that we don't undo what user chose */
1789 r
= user_record_set_rebalance_weight(c
, REBALANCE_WEIGHT_OFF
);
1793 r
= user_record_update_last_changed(c
, false);
1795 return sd_bus_error_setf(error
, BUS_ERROR_HOME_RECORD_MISMATCH
, "Record last change time of %s is newer than current time, cannot update.", h
->user_name
);
1799 r
= manager_sign_user_record(h
->manager
, c
, &signed_c
, error
);
1803 user_record_unref(c
);
1804 c
= TAKE_PTR(signed_c
);
1807 r
= home_update_internal(h
, automatic
? "resize-auto" : "resize", c
, secret
, error
);
1811 home_set_state(h
, HOME_STATE_IS_ACTIVE(state
) ? HOME_RESIZING_WHILE_ACTIVE
: HOME_RESIZING
);
1815 static int home_may_change_password(
1817 sd_bus_error
*error
) {
1823 r
= user_record_test_password_change_required(h
->record
);
1824 if (IN_SET(r
, -EKEYREVOKED
, -EOWNERDEAD
, -EKEYEXPIRED
, -ESTALE
))
1825 return 0; /* expired in some form, but changing is allowed */
1826 if (IN_SET(r
, -EKEYREJECTED
, -EROFS
))
1827 return sd_bus_error_setf(error
, SD_BUS_ERROR_ACCESS_DENIED
, "Expiration settings of account %s do not allow changing of password.", h
->user_name
);
1829 return log_error_errno(r
, "Failed to test password expiry: %m");
1831 return 0; /* not expired */
1834 int home_passwd(Home
*h
,
1835 UserRecord
*new_secret
,
1836 UserRecord
*old_secret
,
1837 sd_bus_error
*error
) {
1839 _cleanup_(user_record_unrefp
) UserRecord
*c
= NULL
, *merged_secret
= NULL
, *signed_c
= NULL
;
1845 if (h
->signed_locally
<= 0) /* Don't allow changing of records not signed only by us */
1846 return sd_bus_error_setf(error
, BUS_ERROR_HOME_RECORD_SIGNED
, "Home %s is signed and cannot be modified locally.", h
->user_name
);
1848 state
= home_get_state(h
);
1850 case HOME_UNFIXATED
:
1851 return sd_bus_error_setf(error
, BUS_ERROR_HOME_UNFIXATED
, "Home %s has not been fixated yet.", h
->user_name
);
1853 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ABSENT
, "Home %s is currently missing or not plugged in.", h
->user_name
);
1855 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
1859 case HOME_LINGERING
:
1862 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1865 r
= home_ratelimit(h
, error
);
1869 r
= home_may_change_password(h
, error
);
1873 r
= user_record_clone(h
->record
, USER_RECORD_LOAD_REFUSE_SECRET
|USER_RECORD_PERMISSIVE
, &c
);
1877 merged_secret
= user_record_new();
1881 r
= user_record_merge_secret(merged_secret
, old_secret
);
1885 r
= user_record_merge_secret(merged_secret
, new_secret
);
1889 if (!strv_isempty(new_secret
->password
)) {
1890 /* Update the password only if one is specified, otherwise let's just reuse the old password
1891 * data. This is useful as a way to propagate updated user records into the LUKS backends
1894 r
= user_record_make_hashed_password(c
, new_secret
->password
, /* extend = */ false);
1898 r
= user_record_set_password_change_now(c
, -1 /* remove */);
1903 r
= user_record_update_last_changed(c
, true);
1905 return sd_bus_error_setf(error
, BUS_ERROR_HOME_RECORD_MISMATCH
, "Record last change time of %s is newer than current time, cannot update.", h
->user_name
);
1909 r
= manager_sign_user_record(h
->manager
, c
, &signed_c
, error
);
1913 if (c
->enforce_password_policy
== false)
1914 log_debug("Password quality check turned off for account, skipping.");
1916 r
= user_record_check_password_quality(c
, merged_secret
, error
);
1921 r
= home_update_internal(h
, "passwd", signed_c
, merged_secret
, error
);
1925 home_set_state(h
, HOME_STATE_IS_ACTIVE(state
) ? HOME_PASSWD_WHILE_ACTIVE
: HOME_PASSWD
);
1929 int home_unregister(Home
*h
, sd_bus_error
*error
) {
1934 switch (home_get_state(h
)) {
1935 case HOME_UNFIXATED
:
1936 return sd_bus_error_setf(error
, BUS_ERROR_HOME_UNFIXATED
, "Home %s is not registered.", h
->user_name
);
1938 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
1944 case HOME_LINGERING
:
1946 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "Home %s is currently being used, or an operation on home %s is currently being executed.", h
->user_name
, h
->user_name
);
1949 r
= home_unlink_record(h
);
1953 /* And destroy the whole entry. The caller needs to be prepared for that. */
1958 int home_lock(Home
*h
, sd_bus_error
*error
) {
1963 switch (home_get_state(h
)) {
1964 case HOME_UNFIXATED
:
1968 return sd_bus_error_setf(error
, BUS_ERROR_HOME_NOT_ACTIVE
, "Home %s is not active.", h
->user_name
);
1970 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is already locked.", h
->user_name
);
1972 case HOME_LINGERING
:
1975 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1978 r
= home_start_work(h
, "lock", h
->record
, NULL
);
1982 home_set_state(h
, HOME_LOCKING
);
1986 static int home_unlock_internal(Home
*h
, UserRecord
*secret
, HomeState for_state
, sd_bus_error
*error
) {
1990 assert(IN_SET(for_state
, HOME_UNLOCKING
, HOME_UNLOCKING_FOR_ACQUIRE
));
1992 r
= home_start_work(h
, "unlock", h
->record
, secret
);
1996 home_set_state(h
, for_state
);
2000 int home_unlock(Home
*h
, UserRecord
*secret
, sd_bus_error
*error
) {
2004 r
= home_ratelimit(h
, error
);
2008 switch (home_get_state(h
)) {
2009 case HOME_UNFIXATED
:
2013 case HOME_LINGERING
:
2015 return sd_bus_error_setf(error
, BUS_ERROR_HOME_NOT_LOCKED
, "Home %s is not locked.", h
->user_name
);
2019 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
2022 return home_unlock_internal(h
, secret
, HOME_UNLOCKING
, error
);
2025 HomeState
home_get_state(Home
*h
) {
2029 /* When the state field is initialized, it counts. */
2033 /* Otherwise, let's see if the home directory is mounted. If so, we assume for sure the home
2034 * directory is active */
2035 if (user_record_test_home_directory(h
->record
) == USER_TEST_MOUNTED
)
2036 return h
->retry_deactivate_event_source
? HOME_LINGERING
: HOME_ACTIVE
;
2038 /* And if we see the image being gone, we report this as absent */
2039 r
= user_record_test_image_path(h
->record
);
2040 if (r
== USER_TEST_ABSENT
)
2042 if (r
== USER_TEST_DIRTY
)
2045 /* And for all other cases we return "inactive". */
2046 return HOME_INACTIVE
;
2049 void home_process_notify(Home
*h
, char **l
, int fd
) {
2050 _cleanup_close_
int taken_fd
= TAKE_FD(fd
);
2057 e
= strv_env_get(l
, "SYSTEMD_LUKS_LOCK_FD");
2059 r
= parse_boolean(e
);
2061 return (void) log_debug_errno(r
, "Failed to parse SYSTEMD_LUKS_LOCK_FD value: %m");
2064 return (void) log_debug("Got notify message with SYSTEMD_LUKS_LOCK_FD=1 but no fd passed, ignoring: %m");
2066 close_and_replace(h
->luks_lock_fd
, taken_fd
);
2068 log_debug("Successfully acquired LUKS lock fd from worker.");
2070 /* Immediately check if we actually want to keep it */
2071 home_maybe_close_luks_lock_fd(h
, _HOME_STATE_INVALID
);
2074 return (void) log_debug("Got notify message with SYSTEMD_LUKS_LOCK_FD=0 but fd passed, ignoring: %m");
2076 h
->luks_lock_fd
= safe_close(h
->luks_lock_fd
);
2082 e
= strv_env_get(l
, "ERRNO");
2084 return (void) log_debug("Got notify message lacking both ERRNO= and SYSTEMD_LUKS_LOCK_FD= field, ignoring.");
2086 r
= safe_atoi(e
, &error
);
2088 return (void) log_debug_errno(r
, "Failed to parse received error number, ignoring: %s", e
);
2090 return (void) log_debug("Error number is out of range: %i", error
);
2092 h
->worker_error_code
= error
;
2095 int home_killall(Home
*h
) {
2096 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2097 _cleanup_free_
char *unit
= NULL
;
2102 if (!uid_is_valid(h
->uid
))
2105 assert(h
->uid
> 0); /* We never should be UID 0 */
2107 /* Let's kill everything matching the specified UID */
2108 r
= safe_fork("(sd-killer)",
2109 FORK_RESET_SIGNALS
|FORK_CLOSE_ALL_FDS
|FORK_DEATHSIG_SIGKILL
|FORK_WAIT
|FORK_LOG
|FORK_REOPEN_LOG
,
2116 r
= fully_set_uid_gid(h
->uid
, user_record_gid(h
->record
), /* supplementary_gids= */ NULL
, /* n_supplementary_gids= */ 0);
2118 log_error_errno(r
, "Failed to change UID/GID to " UID_FMT
"/" GID_FMT
": %m", h
->uid
, user_record_gid(h
->record
));
2119 _exit(EXIT_FAILURE
);
2122 if (kill(-1, SIGKILL
) < 0) {
2123 log_error_errno(errno
, "Failed to kill all processes of UID " UID_FMT
": %m", h
->uid
);
2124 _exit(EXIT_FAILURE
);
2127 _exit(EXIT_SUCCESS
);
2130 /* Let's also kill everything in the user's slice */
2131 if (asprintf(&unit
, "user-" UID_FMT
".slice", h
->uid
) < 0)
2134 r
= bus_call_method(h
->manager
->bus
, bus_systemd_mgr
, "KillUnit", &error
, NULL
, "ssi", unit
, "all", SIGKILL
);
2136 log_full_errno(sd_bus_error_has_name(&error
, BUS_ERROR_NO_SUCH_UNIT
) ? LOG_DEBUG
: LOG_WARNING
,
2137 r
, "Failed to kill login processes of user, ignoring: %s", bus_error_message(&error
, r
));
2142 static int home_get_disk_status_luks(
2145 uint64_t *ret_disk_size
,
2146 uint64_t *ret_disk_usage
,
2147 uint64_t *ret_disk_free
,
2148 uint64_t *ret_disk_ceiling
,
2149 uint64_t *ret_disk_floor
,
2150 statfs_f_type_t
*ret_fstype
,
2151 mode_t
*ret_access_mode
) {
2153 uint64_t disk_size
= UINT64_MAX
, disk_usage
= UINT64_MAX
, disk_free
= UINT64_MAX
,
2154 disk_ceiling
= UINT64_MAX
, disk_floor
= UINT64_MAX
,
2155 stat_used
= UINT64_MAX
, fs_size
= UINT64_MAX
, header_size
= 0;
2156 mode_t access_mode
= MODE_INVALID
;
2157 statfs_f_type_t fstype
= 0;
2165 if (state
!= HOME_ABSENT
) {
2168 ip
= user_record_image_path(h
->record
);
2170 if (stat(ip
, &st
) < 0)
2171 log_debug_errno(errno
, "Failed to stat() %s, ignoring: %m", ip
);
2172 else if (S_ISREG(st
.st_mode
)) {
2173 _cleanup_free_
char *parent
= NULL
;
2175 disk_size
= st
.st_size
;
2176 stat_used
= st
.st_blocks
* 512;
2178 r
= path_extract_directory(ip
, &parent
);
2180 return log_error_errno(r
, "Failed to extract parent directory from image path '%s': %m", ip
);
2182 if (statfs(parent
, &sfs
) < 0)
2183 log_debug_errno(errno
, "Failed to statfs() %s, ignoring: %m", parent
);
2185 disk_ceiling
= stat_used
+ sfs
.f_bsize
* sfs
.f_bavail
;
2187 } else if (S_ISBLK(st
.st_mode
)) {
2188 _cleanup_free_
char *szbuf
= NULL
;
2189 char p
[SYS_BLOCK_PATH_MAX("/size")];
2191 /* Let's read the size off sysfs, so that we don't have to open the device */
2192 xsprintf_sys_block_path(p
, "/size", st
.st_rdev
);
2193 r
= read_one_line_file(p
, &szbuf
);
2195 log_debug_errno(r
, "Failed to read %s, ignoring: %m", p
);
2199 r
= safe_atou64(szbuf
, &sz
);
2201 log_debug_errno(r
, "Failed to parse %s, ignoring: %s", p
, szbuf
);
2203 disk_size
= sz
* 512;
2206 log_debug("Image path is not a block device or regular file, not able to acquire size.");
2210 if (!HOME_STATE_IS_ACTIVE(state
))
2213 hd
= user_record_home_directory(h
->record
);
2217 if (stat(hd
, &st
) < 0) {
2218 log_debug_errno(errno
, "Failed to stat() %s, ignoring: %m", hd
);
2222 r
= stat_verify_directory(&st
);
2224 log_debug_errno(r
, "Home directory %s is not a directory, ignoring: %m", hd
);
2228 access_mode
= st
.st_mode
& 07777;
2230 if (statfs(hd
, &sfs
) < 0) {
2231 log_debug_errno(errno
, "Failed to statfs() %s, ignoring: %m", hd
);
2235 fstype
= sfs
.f_type
;
2237 disk_free
= sfs
.f_bsize
* sfs
.f_bavail
;
2238 fs_size
= sfs
.f_bsize
* sfs
.f_blocks
;
2239 if (disk_size
!= UINT64_MAX
&& disk_size
> fs_size
)
2240 header_size
= disk_size
- fs_size
;
2242 /* We take a perspective from the user here (as opposed to from the host): the used disk space is the
2243 * difference from the limit and what's free. This makes a difference if sparse mode is not used: in
2244 * that case the image is pre-allocated and thus appears all used from the host PoV but is not used
2245 * up at all yet from the user's PoV.
2247 * That said, we use the stat() reported loopback file size as upper boundary: our footprint can
2248 * never be larger than what we take up on the lowest layers. */
2250 if (disk_size
!= UINT64_MAX
&& disk_size
> disk_free
) {
2251 disk_usage
= disk_size
- disk_free
;
2253 if (stat_used
!= UINT64_MAX
&& disk_usage
> stat_used
)
2254 disk_usage
= stat_used
;
2256 disk_usage
= stat_used
;
2258 /* If we have the magic, determine floor preferably by magic */
2259 disk_floor
= minimal_size_by_fs_magic(sfs
.f_type
) + header_size
;
2262 /* If we don't know the magic, go by file system name */
2263 if (disk_floor
== UINT64_MAX
)
2264 disk_floor
= minimal_size_by_fs_name(user_record_file_system_type(h
->record
));
2267 *ret_disk_size
= disk_size
;
2269 *ret_disk_usage
= disk_usage
;
2271 *ret_disk_free
= disk_free
;
2272 if (ret_disk_ceiling
)
2273 *ret_disk_ceiling
= disk_ceiling
;
2275 *ret_disk_floor
= disk_floor
;
2277 *ret_fstype
= fstype
;
2278 if (ret_access_mode
)
2279 *ret_access_mode
= access_mode
;
2284 static int home_get_disk_status_directory(
2287 uint64_t *ret_disk_size
,
2288 uint64_t *ret_disk_usage
,
2289 uint64_t *ret_disk_free
,
2290 uint64_t *ret_disk_ceiling
,
2291 uint64_t *ret_disk_floor
,
2292 statfs_f_type_t
*ret_fstype
,
2293 mode_t
*ret_access_mode
) {
2295 uint64_t disk_size
= UINT64_MAX
, disk_usage
= UINT64_MAX
, disk_free
= UINT64_MAX
,
2296 disk_ceiling
= UINT64_MAX
, disk_floor
= UINT64_MAX
;
2297 mode_t access_mode
= MODE_INVALID
;
2298 statfs_f_type_t fstype
= 0;
2301 const char *path
= NULL
;
2306 if (HOME_STATE_IS_ACTIVE(state
))
2307 path
= user_record_home_directory(h
->record
);
2310 if (state
== HOME_ABSENT
)
2313 path
= user_record_image_path(h
->record
);
2319 if (statfs(path
, &sfs
) < 0)
2320 log_debug_errno(errno
, "Failed to statfs() %s, ignoring: %m", path
);
2322 disk_free
= sfs
.f_bsize
* sfs
.f_bavail
;
2323 disk_size
= sfs
.f_bsize
* sfs
.f_blocks
;
2325 /* We don't initialize disk_usage from statfs() data here, since the device is likely not used
2326 * by us alone, and disk_usage should only reflect our own use. */
2328 fstype
= sfs
.f_type
;
2331 if (IN_SET(h
->record
->storage
, USER_CLASSIC
, USER_DIRECTORY
, USER_SUBVOLUME
)) {
2333 r
= btrfs_is_subvol(path
);
2335 log_debug_errno(r
, "Failed to determine whether %s is a btrfs subvolume: %m", path
);
2339 r
= btrfs_subvol_get_subtree_quota(path
, 0, &qi
);
2341 log_debug_errno(r
, "Failed to query btrfs subtree quota, ignoring: %m");
2343 disk_usage
= qi
.referenced
;
2345 if (disk_free
!= UINT64_MAX
) {
2346 disk_ceiling
= qi
.referenced
+ disk_free
;
2348 if (disk_size
!= UINT64_MAX
&& disk_ceiling
> disk_size
)
2349 disk_ceiling
= disk_size
;
2352 if (qi
.referenced_max
!= UINT64_MAX
) {
2353 if (disk_size
!= UINT64_MAX
)
2354 disk_size
= MIN(qi
.referenced_max
, disk_size
);
2356 disk_size
= qi
.referenced_max
;
2359 if (disk_size
!= UINT64_MAX
) {
2360 if (disk_size
> disk_usage
)
2361 disk_free
= disk_size
- disk_usage
;
2371 if (IN_SET(h
->record
->storage
, USER_CLASSIC
, USER_DIRECTORY
, USER_FSCRYPT
)) {
2372 r
= quotactl_path(QCMD_FIXED(Q_GETQUOTA
, USRQUOTA
), path
, h
->uid
, &req
);
2374 if (ERRNO_IS_NOT_SUPPORTED(r
)) {
2375 log_debug_errno(r
, "No UID quota support on %s.", path
);
2380 log_debug_errno(r
, "Failed to query disk quota for UID " UID_FMT
": %m", h
->uid
);
2384 disk_usage
= 0; /* No record of this user? then nothing was used */
2386 if (FLAGS_SET(req
.dqb_valid
, QIF_SPACE
) && disk_free
!= UINT64_MAX
) {
2387 disk_ceiling
= req
.dqb_curspace
+ disk_free
;
2389 if (disk_size
!= UINT64_MAX
&& disk_ceiling
> disk_size
)
2390 disk_ceiling
= disk_size
;
2393 if (FLAGS_SET(req
.dqb_valid
, QIF_BLIMITS
)) {
2396 /* Take the minimum of the quota and the available disk space here */
2397 q
= req
.dqb_bhardlimit
* QIF_DQBLKSIZE
;
2398 if (disk_size
!= UINT64_MAX
)
2399 disk_size
= MIN(disk_size
, q
);
2403 if (FLAGS_SET(req
.dqb_valid
, QIF_SPACE
)) {
2404 disk_usage
= req
.dqb_curspace
;
2406 if (disk_size
!= UINT64_MAX
) {
2407 if (disk_size
> disk_usage
)
2408 disk_free
= disk_size
- disk_usage
;
2418 *ret_disk_size
= disk_size
;
2420 *ret_disk_usage
= disk_usage
;
2422 *ret_disk_free
= disk_free
;
2423 if (ret_disk_ceiling
)
2424 *ret_disk_ceiling
= disk_ceiling
;
2426 *ret_disk_floor
= disk_floor
;
2428 *ret_fstype
= fstype
;
2429 if (ret_access_mode
)
2430 *ret_access_mode
= access_mode
;
2435 static int home_get_disk_status_internal(
2438 uint64_t *ret_disk_size
,
2439 uint64_t *ret_disk_usage
,
2440 uint64_t *ret_disk_free
,
2441 uint64_t *ret_disk_ceiling
,
2442 uint64_t *ret_disk_floor
,
2443 statfs_f_type_t
*ret_fstype
,
2444 mode_t
*ret_access_mode
) {
2449 switch (h
->record
->storage
) {
2452 return home_get_disk_status_luks(h
, state
, ret_disk_size
, ret_disk_usage
, ret_disk_free
, ret_disk_ceiling
, ret_disk_floor
, ret_fstype
, ret_access_mode
);
2455 case USER_DIRECTORY
:
2456 case USER_SUBVOLUME
:
2459 return home_get_disk_status_directory(h
, state
, ret_disk_size
, ret_disk_usage
, ret_disk_free
, ret_disk_ceiling
, ret_disk_floor
, ret_fstype
, ret_access_mode
);
2465 *ret_disk_size
= UINT64_MAX
;
2467 *ret_disk_usage
= UINT64_MAX
;
2469 *ret_disk_free
= UINT64_MAX
;
2470 if (ret_disk_ceiling
)
2471 *ret_disk_ceiling
= UINT64_MAX
;
2473 *ret_disk_floor
= UINT64_MAX
;
2476 if (ret_access_mode
)
2477 *ret_access_mode
= MODE_INVALID
;
2483 int home_get_disk_status(
2485 uint64_t *ret_disk_size
,
2486 uint64_t *ret_disk_usage
,
2487 uint64_t *ret_disk_free
,
2488 uint64_t *ret_disk_ceiling
,
2489 uint64_t *ret_disk_floor
,
2490 statfs_f_type_t
*ret_fstype
,
2491 mode_t
*ret_access_mode
) {
2495 return home_get_disk_status_internal(
2507 int home_augment_status(
2509 UserRecordLoadFlags flags
,
2512 uint64_t disk_size
= UINT64_MAX
, disk_usage
= UINT64_MAX
, disk_free
= UINT64_MAX
, disk_ceiling
= UINT64_MAX
, disk_floor
= UINT64_MAX
;
2513 _cleanup_(json_variant_unrefp
) JsonVariant
*j
= NULL
, *v
= NULL
, *m
= NULL
, *status
= NULL
;
2514 _cleanup_(user_record_unrefp
) UserRecord
*ur
= NULL
;
2515 statfs_f_type_t magic
;
2525 /* We are supposed to add this, this can't be on hence. */
2526 assert(!FLAGS_SET(flags
, USER_RECORD_STRIP_STATUS
));
2528 r
= sd_id128_get_machine(&id
);
2532 state
= home_get_state(h
);
2534 r
= home_get_disk_status_internal(
2546 fstype
= fs_type_to_string(magic
);
2548 if (disk_floor
== UINT64_MAX
|| (disk_usage
!= UINT64_MAX
&& disk_floor
< disk_usage
))
2549 disk_floor
= disk_usage
;
2550 if (disk_floor
== UINT64_MAX
|| disk_floor
< USER_DISK_SIZE_MIN
)
2551 disk_floor
= USER_DISK_SIZE_MIN
;
2552 if (disk_ceiling
== UINT64_MAX
|| disk_ceiling
> USER_DISK_SIZE_MAX
)
2553 disk_ceiling
= USER_DISK_SIZE_MAX
;
2555 r
= json_build(&status
,
2557 JSON_BUILD_PAIR("state", JSON_BUILD_STRING(home_state_to_string(state
))),
2558 JSON_BUILD_PAIR("service", JSON_BUILD_CONST_STRING("io.systemd.Home")),
2559 JSON_BUILD_PAIR_CONDITION(disk_size
!= UINT64_MAX
, "diskSize", JSON_BUILD_UNSIGNED(disk_size
)),
2560 JSON_BUILD_PAIR_CONDITION(disk_usage
!= UINT64_MAX
, "diskUsage", JSON_BUILD_UNSIGNED(disk_usage
)),
2561 JSON_BUILD_PAIR_CONDITION(disk_free
!= UINT64_MAX
, "diskFree", JSON_BUILD_UNSIGNED(disk_free
)),
2562 JSON_BUILD_PAIR_CONDITION(disk_ceiling
!= UINT64_MAX
, "diskCeiling", JSON_BUILD_UNSIGNED(disk_ceiling
)),
2563 JSON_BUILD_PAIR_CONDITION(disk_floor
!= UINT64_MAX
, "diskFloor", JSON_BUILD_UNSIGNED(disk_floor
)),
2564 JSON_BUILD_PAIR_CONDITION(h
->signed_locally
>= 0, "signedLocally", JSON_BUILD_BOOLEAN(h
->signed_locally
)),
2565 JSON_BUILD_PAIR_CONDITION(fstype
, "fileSystemType", JSON_BUILD_STRING(fstype
)),
2566 JSON_BUILD_PAIR_CONDITION(access_mode
!= MODE_INVALID
, "accessMode", JSON_BUILD_UNSIGNED(access_mode
))
2571 j
= json_variant_ref(h
->record
->json
);
2572 v
= json_variant_ref(json_variant_by_key(j
, "status"));
2573 m
= json_variant_ref(json_variant_by_key(v
, SD_ID128_TO_STRING(id
)));
2575 r
= json_variant_filter(&m
, STRV_MAKE("diskSize", "diskUsage", "diskFree", "diskCeiling", "diskFloor", "signedLocally"));
2579 r
= json_variant_merge_object(&m
, status
);
2583 r
= json_variant_set_field(&v
, SD_ID128_TO_STRING(id
), m
);
2587 r
= json_variant_set_field(&j
, "status", v
);
2591 ur
= user_record_new();
2595 r
= user_record_load(ur
, j
, flags
);
2600 FLAGS_SET(h
->record
->mask
, USER_RECORD_PRIVILEGED
) &&
2601 !FLAGS_SET(ur
->mask
, USER_RECORD_PRIVILEGED
);
2603 *ret
= TAKE_PTR(ur
);
2607 static int on_home_ref_eof(sd_event_source
*s
, int fd
, uint32_t revents
, void *userdata
) {
2608 _cleanup_(operation_unrefp
) Operation
*o
= NULL
;
2609 Home
*h
= ASSERT_PTR(userdata
);
2613 if (h
->ref_event_source_please_suspend
== s
)
2614 h
->ref_event_source_please_suspend
= sd_event_source_disable_unref(h
->ref_event_source_please_suspend
);
2616 if (h
->ref_event_source_dont_suspend
== s
)
2617 h
->ref_event_source_dont_suspend
= sd_event_source_disable_unref(h
->ref_event_source_dont_suspend
);
2619 if (h
->ref_event_source_dont_suspend
|| h
->ref_event_source_please_suspend
)
2622 log_info("Got notification that all sessions of user %s ended, deactivating automatically.", h
->user_name
);
2624 o
= operation_new(OPERATION_PIPE_EOF
, NULL
);
2630 home_schedule_operation(h
, o
, NULL
);
2634 int home_create_fifo(Home
*h
, bool please_suspend
) {
2635 _cleanup_close_
int ret_fd
= -EBADF
;
2636 sd_event_source
**ss
;
2637 const char *fn
, *suffix
;
2642 if (please_suspend
) {
2643 suffix
= ".please-suspend";
2644 ss
= &h
->ref_event_source_please_suspend
;
2646 suffix
= ".dont-suspend";
2647 ss
= &h
->ref_event_source_dont_suspend
;
2650 fn
= strjoina("/run/systemd/home/", h
->user_name
, suffix
);
2653 _cleanup_close_
int ref_fd
= -EBADF
;
2655 (void) mkdir("/run/systemd/home/", 0755);
2656 if (mkfifo(fn
, 0600) < 0 && errno
!= EEXIST
)
2657 return log_error_errno(errno
, "Failed to create FIFO %s: %m", fn
);
2659 ref_fd
= open(fn
, O_RDONLY
|O_CLOEXEC
|O_NONBLOCK
);
2661 return log_error_errno(errno
, "Failed to open FIFO %s for reading: %m", fn
);
2663 r
= sd_event_add_io(h
->manager
->event
, ss
, ref_fd
, 0, on_home_ref_eof
, h
);
2665 return log_error_errno(r
, "Failed to allocate reference FIFO event source: %m");
2667 (void) sd_event_source_set_description(*ss
, "acquire-ref");
2669 r
= sd_event_source_set_priority(*ss
, SD_EVENT_PRIORITY_IDLE
-1);
2673 r
= sd_event_source_set_io_fd_own(*ss
, true);
2675 return log_error_errno(r
, "Failed to pass ownership of FIFO event fd to event source: %m");
2680 ret_fd
= open(fn
, O_WRONLY
|O_CLOEXEC
|O_NONBLOCK
);
2682 return log_error_errno(errno
, "Failed to open FIFO %s for writing: %m", fn
);
2684 return TAKE_FD(ret_fd
);
2687 static int home_dispatch_acquire(Home
*h
, Operation
*o
) {
2688 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2689 int (*call
)(Home
*h
, UserRecord
*secret
, HomeState for_state
, sd_bus_error
*error
) = NULL
;
2690 HomeState for_state
;
2695 assert(o
->type
== OPERATION_ACQUIRE
);
2697 switch (home_get_state(h
)) {
2699 case HOME_UNFIXATED
:
2700 for_state
= HOME_FIXATING_FOR_ACQUIRE
;
2701 call
= home_fixate_internal
;
2705 r
= sd_bus_error_setf(&error
, BUS_ERROR_HOME_ABSENT
,
2706 "Home %s is currently missing or not plugged in.", h
->user_name
);
2711 for_state
= HOME_ACTIVATING_FOR_ACQUIRE
;
2712 call
= home_activate_internal
;
2716 case HOME_LINGERING
:
2717 for_state
= HOME_AUTHENTICATING_FOR_ACQUIRE
;
2718 call
= home_authenticate_internal
;
2722 for_state
= HOME_UNLOCKING_FOR_ACQUIRE
;
2723 call
= home_unlock_internal
;
2727 /* All other cases means we are currently executing an operation, which means the job remains
2732 assert(!h
->current_operation
);
2734 r
= home_ratelimit(h
, &error
);
2736 r
= call(h
, o
->secret
, for_state
, &error
);
2739 if (r
!= 0) /* failure or completed */
2740 operation_result(o
, r
, &error
);
2742 h
->current_operation
= operation_ref(o
);
2747 static int home_dispatch_release(Home
*h
, Operation
*o
) {
2748 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2753 assert(o
->type
== OPERATION_RELEASE
);
2755 if (h
->ref_event_source_dont_suspend
|| h
->ref_event_source_please_suspend
)
2756 /* If there's now a reference again, then let's abort the release attempt */
2757 r
= sd_bus_error_setf(&error
, BUS_ERROR_HOME_BUSY
, "Home %s is currently referenced.", h
->user_name
);
2759 switch (home_get_state(h
)) {
2761 case HOME_UNFIXATED
:
2769 r
= sd_bus_error_setf(&error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
2773 case HOME_LINGERING
:
2774 r
= home_deactivate_internal(h
, false, &error
);
2778 /* All other cases means we are currently executing an operation, which means the job remains
2784 assert(!h
->current_operation
);
2786 if (r
!= 0) /* failure or completed */
2787 operation_result(o
, r
, &error
);
2789 h
->current_operation
= operation_ref(o
);
2794 static int home_dispatch_lock_all(Home
*h
, Operation
*o
) {
2795 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2800 assert(o
->type
== OPERATION_LOCK_ALL
);
2802 switch (home_get_state(h
)) {
2804 case HOME_UNFIXATED
:
2808 log_info("Home %s is not active, no locking necessary.", h
->user_name
);
2813 log_info("Home %s is already locked.", h
->user_name
);
2818 case HOME_LINGERING
:
2819 log_info("Locking home %s.", h
->user_name
);
2820 r
= home_lock(h
, &error
);
2824 /* All other cases means we are currently executing an operation, which means the job remains
2829 assert(!h
->current_operation
);
2831 if (r
!= 0) /* failure or completed */
2832 operation_result(o
, r
, &error
);
2834 h
->current_operation
= operation_ref(o
);
2839 static int home_dispatch_deactivate_all(Home
*h
, Operation
*o
) {
2840 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2845 assert(o
->type
== OPERATION_DEACTIVATE_ALL
);
2847 switch (home_get_state(h
)) {
2849 case HOME_UNFIXATED
:
2853 log_info("Home %s is already deactivated.", h
->user_name
);
2858 log_info("Home %s is currently locked, not deactivating.", h
->user_name
);
2863 case HOME_LINGERING
:
2864 log_info("Deactivating home %s.", h
->user_name
);
2865 r
= home_deactivate_internal(h
, false, &error
);
2869 /* All other cases means we are currently executing an operation, which means the job remains
2874 assert(!h
->current_operation
);
2876 if (r
!= 0) /* failure or completed */
2877 operation_result(o
, r
, &error
);
2879 h
->current_operation
= operation_ref(o
);
2884 static int home_dispatch_pipe_eof(Home
*h
, Operation
*o
) {
2885 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2890 assert(o
->type
== OPERATION_PIPE_EOF
);
2892 if (h
->ref_event_source_please_suspend
|| h
->ref_event_source_dont_suspend
)
2893 return 1; /* Hmm, there's a reference again, let's cancel this */
2895 switch (home_get_state(h
)) {
2897 case HOME_UNFIXATED
:
2901 log_info("Home %s already deactivated, no automatic deactivation needed.", h
->user_name
);
2904 case HOME_DEACTIVATING
:
2905 log_info("Home %s is already being deactivated, automatic deactivated unnecessary.", h
->user_name
);
2909 case HOME_LINGERING
:
2910 r
= home_deactivate_internal(h
, false, &error
);
2912 log_warning_errno(r
, "Failed to deactivate %s, ignoring: %s", h
->user_name
, bus_error_message(&error
, r
));
2917 /* If the device is locked or any operation is being executed, let's leave this pending */
2921 /* Note that we don't call operation_fail() or operation_success() here, because this kind of
2922 * operation has no message associated with it, and thus there's no need to propagate success. */
2924 assert(!o
->message
);
2928 static int home_dispatch_deactivate_force(Home
*h
, Operation
*o
) {
2929 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2934 assert(o
->type
== OPERATION_DEACTIVATE_FORCE
);
2936 switch (home_get_state(h
)) {
2938 case HOME_UNFIXATED
:
2942 log_debug("Home %s already deactivated, no forced deactivation due to unplug needed.", h
->user_name
);
2945 case HOME_DEACTIVATING
:
2946 log_debug("Home %s is already being deactivated, forced deactivation due to unplug unnecessary.", h
->user_name
);
2951 case HOME_LINGERING
:
2952 r
= home_deactivate_internal(h
, true, &error
);
2954 log_warning_errno(r
, "Failed to forcibly deactivate %s, ignoring: %s", h
->user_name
, bus_error_message(&error
, r
));
2958 /* If any operation is being executed, let's leave this pending */
2962 /* Note that we don't call operation_fail() or operation_success() here, because this kind of
2963 * operation has no message associated with it, and thus there's no need to propagate success. */
2965 assert(!o
->message
);
2969 static int on_pending(sd_event_source
*s
, void *userdata
) {
2970 Home
*h
= ASSERT_PTR(userdata
);
2976 o
= ordered_set_first(h
->pending_operations
);
2978 static int (* const operation_table
[_OPERATION_MAX
])(Home
*h
, Operation
*o
) = {
2979 [OPERATION_ACQUIRE
] = home_dispatch_acquire
,
2980 [OPERATION_RELEASE
] = home_dispatch_release
,
2981 [OPERATION_LOCK_ALL
] = home_dispatch_lock_all
,
2982 [OPERATION_DEACTIVATE_ALL
] = home_dispatch_deactivate_all
,
2983 [OPERATION_PIPE_EOF
] = home_dispatch_pipe_eof
,
2984 [OPERATION_DEACTIVATE_FORCE
] = home_dispatch_deactivate_force
,
2987 assert(operation_table
[o
->type
]);
2988 r
= operation_table
[o
->type
](h
, o
);
2990 /* The operation completed, let's remove it from the pending list, and exit while
2991 * leaving the event source enabled as it is. */
2992 assert_se(ordered_set_remove(h
->pending_operations
, o
) == o
);
2998 /* Nothing to do anymore, let's turn off this event source */
2999 r
= sd_event_source_set_enabled(s
, SD_EVENT_OFF
);
3001 return log_error_errno(r
, "Failed to disable event source: %m");
3003 /* No operations pending anymore, maybe this is a good time to trigger a rebalancing */
3004 manager_reschedule_rebalance(h
->manager
);
3008 int home_schedule_operation(Home
*h
, Operation
*o
, sd_bus_error
*error
) {
3014 if (ordered_set_size(h
->pending_operations
) >= PENDING_OPERATIONS_MAX
)
3015 return sd_bus_error_set(error
, BUS_ERROR_TOO_MANY_OPERATIONS
, "Too many client operations requested");
3017 r
= ordered_set_ensure_put(&h
->pending_operations
, &operation_hash_ops
, o
);
3024 if (!h
->pending_event_source
) {
3025 r
= sd_event_add_defer(h
->manager
->event
, &h
->pending_event_source
, on_pending
, h
);
3027 return log_error_errno(r
, "Failed to allocate pending defer event source: %m");
3029 (void) sd_event_source_set_description(h
->pending_event_source
, "pending");
3031 r
= sd_event_source_set_priority(h
->pending_event_source
, SD_EVENT_PRIORITY_IDLE
);
3036 r
= sd_event_source_set_enabled(h
->pending_event_source
, SD_EVENT_ON
);
3038 return log_error_errno(r
, "Failed to trigger pending event source: %m");
3043 static int home_get_image_path_seat(Home
*h
, char **ret
) {
3044 _cleanup_(sd_device_unrefp
) sd_device
*d
= NULL
;
3045 _cleanup_free_
char *c
= NULL
;
3046 const char *ip
, *seat
;
3052 if (user_record_storage(h
->record
) != USER_LUKS
)
3055 ip
= user_record_image_path(h
->record
);
3059 if (!path_startswith(ip
, "/dev/"))
3062 if (stat(ip
, &st
) < 0)
3065 if (!S_ISBLK(st
.st_mode
))
3068 r
= sd_device_new_from_stat_rdev(&d
, &st
);
3072 r
= sd_device_get_property_value(d
, "ID_SEAT", &seat
);
3073 if (r
== -ENOENT
) /* no property means seat0 */
3086 int home_auto_login(Home
*h
, char ***ret_seats
) {
3087 _cleanup_free_
char *seat
= NULL
, *seat2
= NULL
;
3092 (void) home_get_image_path_seat(h
, &seat
);
3094 if (h
->record
->auto_login
> 0 && !streq_ptr(seat
, "seat0")) {
3095 /* For now, when the auto-login boolean is set for a user, let's make it mean
3096 * "seat0". Eventually we can extend the concept and allow configuration of any kind of seat,
3097 * but let's keep simple initially, most likely the feature is interesting on single-user
3098 * systems anyway, only.
3100 * We filter out users marked for auto-login in we know for sure their home directory is
3103 if (user_record_test_image_path(h
->record
) != USER_TEST_ABSENT
) {
3104 seat2
= strdup("seat0");
3110 if (seat
|| seat2
) {
3111 _cleanup_strv_free_
char **list
= NULL
;
3114 list
= new(char*, 3);
3119 list
[i
++] = TAKE_PTR(seat
);
3121 list
[i
++] = TAKE_PTR(seat2
);
3124 *ret_seats
= TAKE_PTR(list
);
3132 int home_set_current_message(Home
*h
, sd_bus_message
*m
) {
3138 if (h
->current_operation
)
3141 h
->current_operation
= operation_new(OPERATION_IMMEDIATE
, m
);
3142 if (!h
->current_operation
)
3148 int home_wait_for_worker(Home
*h
) {
3153 if (h
->worker_pid
<= 0)
3156 log_info("Worker process for home %s is still running while exiting. Waiting for it to finish.", h
->user_name
);
3158 r
= wait_for_terminate_with_timeout(h
->worker_pid
, 30 * USEC_PER_SEC
);
3159 if (r
== -ETIMEDOUT
)
3160 log_warning_errno(r
, "Waiting for worker process for home %s timed out. Ignoring.", h
->user_name
);
3162 log_warning_errno(r
, "Failed to wait for worker process for home %s. Ignoring.", h
->user_name
);
3164 (void) hashmap_remove_value(h
->manager
->homes_by_worker_pid
, PID_TO_PTR(h
->worker_pid
), h
);
3169 bool home_shall_rebalance(Home
*h
) {
3174 /* Determines if the home directory is a candidate for rebalancing */
3176 if (!user_record_shall_rebalance(h
->record
))
3179 state
= home_get_state(h
);
3180 if (!HOME_STATE_SHALL_REBALANCE(state
))
3186 bool home_is_busy(Home
*h
) {
3189 if (h
->current_operation
)
3192 if (!ordered_set_isempty(h
->pending_operations
))
3195 return HOME_STATE_IS_EXECUTING_OPERATION(home_get_state(h
));
3198 static const char* const home_state_table
[_HOME_STATE_MAX
] = {
3199 [HOME_UNFIXATED
] = "unfixated",
3200 [HOME_ABSENT
] = "absent",
3201 [HOME_INACTIVE
] = "inactive",
3202 [HOME_DIRTY
] = "dirty",
3203 [HOME_FIXATING
] = "fixating",
3204 [HOME_FIXATING_FOR_ACTIVATION
] = "fixating-for-activation",
3205 [HOME_FIXATING_FOR_ACQUIRE
] = "fixating-for-acquire",
3206 [HOME_ACTIVATING
] = "activating",
3207 [HOME_ACTIVATING_FOR_ACQUIRE
] = "activating-for-acquire",
3208 [HOME_DEACTIVATING
] = "deactivating",
3209 [HOME_ACTIVE
] = "active",
3210 [HOME_LINGERING
] = "lingering",
3211 [HOME_LOCKING
] = "locking",
3212 [HOME_LOCKED
] = "locked",
3213 [HOME_UNLOCKING
] = "unlocking",
3214 [HOME_UNLOCKING_FOR_ACQUIRE
] = "unlocking-for-acquire",
3215 [HOME_CREATING
] = "creating",
3216 [HOME_REMOVING
] = "removing",
3217 [HOME_UPDATING
] = "updating",
3218 [HOME_UPDATING_WHILE_ACTIVE
] = "updating-while-active",
3219 [HOME_RESIZING
] = "resizing",
3220 [HOME_RESIZING_WHILE_ACTIVE
] = "resizing-while-active",
3221 [HOME_PASSWD
] = "passwd",
3222 [HOME_PASSWD_WHILE_ACTIVE
] = "passwd-while-active",
3223 [HOME_AUTHENTICATING
] = "authenticating",
3224 [HOME_AUTHENTICATING_WHILE_ACTIVE
] = "authenticating-while-active",
3225 [HOME_AUTHENTICATING_FOR_ACQUIRE
] = "authenticating-for-acquire",
3228 DEFINE_STRING_TABLE_LOOKUP(home_state
, HomeState
);