]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/home/homed-home.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #30739 from poettering/pam-util-many
[thirdparty/systemd.git] / src / home / homed-home.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #if HAVE_LINUX_MEMFD_H
4 #include <linux/memfd.h>
5 #endif
6
7 #include <sys/mman.h>
8 #include <sys/quota.h>
9 #include <sys/vfs.h>
10
11 #include "blockdev-util.h"
12 #include "btrfs-util.h"
13 #include "bus-common-errors.h"
14 #include "bus-locator.h"
15 #include "data-fd-util.h"
16 #include "env-util.h"
17 #include "errno-list.h"
18 #include "errno-util.h"
19 #include "fd-util.h"
20 #include "fileio.h"
21 #include "filesystems.h"
22 #include "fs-util.h"
23 #include "glyph-util.h"
24 #include "home-util.h"
25 #include "homed-home-bus.h"
26 #include "homed-home.h"
27 #include "memfd-util.h"
28 #include "missing_magic.h"
29 #include "missing_mman.h"
30 #include "missing_syscall.h"
31 #include "mkdir.h"
32 #include "path-util.h"
33 #include "process-util.h"
34 #include "quota-util.h"
35 #include "resize-fs.h"
36 #include "set.h"
37 #include "signal-util.h"
38 #include "stat-util.h"
39 #include "string-table.h"
40 #include "strv.h"
41 #include "uid-alloc-range.h"
42 #include "user-record-password-quality.h"
43 #include "user-record-sign.h"
44 #include "user-record-util.h"
45 #include "user-record.h"
46 #include "user-util.h"
47
48 /* Retry to deactivate home directories again and again every 15s until it works */
49 #define RETRY_DEACTIVATE_USEC (15U * USEC_PER_SEC)
50
51 #define HOME_USERS_MAX 500
52 #define PENDING_OPERATIONS_MAX 100
53
54 assert_cc(HOME_UID_MIN <= HOME_UID_MAX);
55 assert_cc(HOME_USERS_MAX <= (HOME_UID_MAX - HOME_UID_MIN + 1));
56
57 static int home_start_work(Home *h, const char *verb, UserRecord *hr, UserRecord *secret);
58
59 DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(operation_hash_ops, void, trivial_hash_func, trivial_compare_func, Operation, operation_unref);
60
61 static int suitable_home_record(UserRecord *hr) {
62 int r;
63
64 assert(hr);
65
66 if (!hr->user_name)
67 return -EUNATCH;
68
69 /* We are a bit more restrictive with what we accept as homed-managed user than what we accept in
70 * home records in general. Let's enforce the stricter rule here. */
71 if (!suitable_user_name(hr->user_name))
72 return -EINVAL;
73 if (!uid_is_valid(hr->uid))
74 return -EINVAL;
75
76 /* Insist we are outside of the dynamic and system range */
77 if (uid_is_system(hr->uid) || gid_is_system(user_record_gid(hr)) ||
78 uid_is_dynamic(hr->uid) || gid_is_dynamic(user_record_gid(hr)))
79 return -EADDRNOTAVAIL;
80
81 /* Insist that GID and UID match */
82 if (user_record_gid(hr) != (gid_t) hr->uid)
83 return -EBADSLT;
84
85 /* Similar for the realm */
86 if (hr->realm) {
87 r = suitable_realm(hr->realm);
88 if (r < 0)
89 return r;
90 if (r == 0)
91 return -EINVAL;
92 }
93
94 return 0;
95 }
96
97 int home_new(Manager *m, UserRecord *hr, const char *sysfs, Home **ret) {
98 _cleanup_(home_freep) Home *home = NULL;
99 _cleanup_free_ char *nm = NULL, *ns = NULL;
100 int r;
101
102 assert(m);
103 assert(hr);
104
105 r = suitable_home_record(hr);
106 if (r < 0)
107 return r;
108
109 if (hashmap_contains(m->homes_by_name, hr->user_name))
110 return -EBUSY;
111
112 if (hashmap_contains(m->homes_by_uid, UID_TO_PTR(hr->uid)))
113 return -EBUSY;
114
115 if (sysfs && hashmap_contains(m->homes_by_sysfs, sysfs))
116 return -EBUSY;
117
118 if (hashmap_size(m->homes_by_name) >= HOME_USERS_MAX)
119 return -EUSERS;
120
121 nm = strdup(hr->user_name);
122 if (!nm)
123 return -ENOMEM;
124
125 if (sysfs) {
126 ns = strdup(sysfs);
127 if (!ns)
128 return -ENOMEM;
129 }
130
131 home = new(Home, 1);
132 if (!home)
133 return -ENOMEM;
134
135 *home = (Home) {
136 .manager = m,
137 .user_name = TAKE_PTR(nm),
138 .uid = hr->uid,
139 .state = _HOME_STATE_INVALID,
140 .worker_stdout_fd = -EBADF,
141 .sysfs = TAKE_PTR(ns),
142 .signed_locally = -1,
143 .pin_fd = -EBADF,
144 .luks_lock_fd = -EBADF,
145 };
146
147 r = hashmap_put(m->homes_by_name, home->user_name, home);
148 if (r < 0)
149 return r;
150
151 r = hashmap_put(m->homes_by_uid, UID_TO_PTR(home->uid), home);
152 if (r < 0)
153 return r;
154
155 if (home->sysfs) {
156 r = hashmap_put(m->homes_by_sysfs, home->sysfs, home);
157 if (r < 0)
158 return r;
159 }
160
161 r = user_record_clone(hr, USER_RECORD_LOAD_MASK_SECRET|USER_RECORD_PERMISSIVE, &home->record);
162 if (r < 0)
163 return r;
164
165 (void) bus_manager_emit_auto_login_changed(m);
166 (void) bus_home_emit_change(home);
167 (void) manager_schedule_rebalance(m, /* immediately= */ false);
168
169 if (ret)
170 *ret = TAKE_PTR(home);
171 else
172 TAKE_PTR(home);
173
174 return 0;
175 }
176
177 Home *home_free(Home *h) {
178
179 if (!h)
180 return NULL;
181
182 if (h->manager) {
183 (void) bus_home_emit_remove(h);
184 (void) bus_manager_emit_auto_login_changed(h->manager);
185
186 if (h->user_name)
187 (void) hashmap_remove_value(h->manager->homes_by_name, h->user_name, h);
188
189 if (uid_is_valid(h->uid))
190 (void) hashmap_remove_value(h->manager->homes_by_uid, UID_TO_PTR(h->uid), h);
191
192 if (h->sysfs)
193 (void) hashmap_remove_value(h->manager->homes_by_sysfs, h->sysfs, h);
194
195 if (h->worker_pid > 0)
196 (void) hashmap_remove_value(h->manager->homes_by_worker_pid, PID_TO_PTR(h->worker_pid), h);
197
198 if (h->manager->gc_focus == h)
199 h->manager->gc_focus = NULL;
200
201 (void) manager_schedule_rebalance(h->manager, /* immediately= */ false);
202 }
203
204 user_record_unref(h->record);
205 user_record_unref(h->secret);
206
207 h->worker_event_source = sd_event_source_disable_unref(h->worker_event_source);
208 safe_close(h->worker_stdout_fd);
209 free(h->user_name);
210 free(h->sysfs);
211
212 h->ref_event_source_please_suspend = sd_event_source_disable_unref(h->ref_event_source_please_suspend);
213 h->ref_event_source_dont_suspend = sd_event_source_disable_unref(h->ref_event_source_dont_suspend);
214
215 h->pending_operations = ordered_set_free(h->pending_operations);
216 h->pending_event_source = sd_event_source_disable_unref(h->pending_event_source);
217 h->deferred_change_event_source = sd_event_source_disable_unref(h->deferred_change_event_source);
218
219 h->current_operation = operation_unref(h->current_operation);
220
221 safe_close(h->pin_fd);
222 safe_close(h->luks_lock_fd);
223
224 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
225
226 return mfree(h);
227 }
228
229 int home_set_record(Home *h, UserRecord *hr) {
230 _cleanup_(user_record_unrefp) UserRecord *new_hr = NULL;
231 Home *other;
232 int r;
233
234 assert(h);
235 assert(h->user_name);
236 assert(h->record);
237 assert(hr);
238
239 if (user_record_equal(h->record, hr))
240 return 0;
241
242 r = suitable_home_record(hr);
243 if (r < 0)
244 return r;
245
246 if (!user_record_compatible(h->record, hr))
247 return -EREMCHG;
248
249 if (!FLAGS_SET(hr->mask, USER_RECORD_REGULAR) ||
250 FLAGS_SET(hr->mask, USER_RECORD_SECRET))
251 return -EINVAL;
252
253 if (FLAGS_SET(h->record->mask, USER_RECORD_STATUS)) {
254 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
255
256 /* Hmm, the existing record has status fields? If so, copy them over */
257
258 v = json_variant_ref(hr->json);
259 r = json_variant_set_field(&v, "status", json_variant_by_key(h->record->json, "status"));
260 if (r < 0)
261 return r;
262
263 new_hr = user_record_new();
264 if (!new_hr)
265 return -ENOMEM;
266
267 r = user_record_load(new_hr, v, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE);
268 if (r < 0)
269 return r;
270
271 hr = new_hr;
272 }
273
274 other = hashmap_get(h->manager->homes_by_uid, UID_TO_PTR(hr->uid));
275 if (other && other != h)
276 return -EBUSY;
277
278 if (h->uid != hr->uid) {
279 r = hashmap_remove_and_replace(h->manager->homes_by_uid, UID_TO_PTR(h->uid), UID_TO_PTR(hr->uid), h);
280 if (r < 0)
281 return r;
282 }
283
284 user_record_unref(h->record);
285 h->record = user_record_ref(hr);
286 h->uid = h->record->uid;
287
288 /* The updated record might have a different autologin setting, trigger a PropertiesChanged event for it */
289 (void) bus_manager_emit_auto_login_changed(h->manager);
290 (void) bus_home_emit_change(h);
291
292 return 0;
293 }
294
295 int home_save_record(Home *h) {
296 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
297 _cleanup_free_ char *text = NULL;
298 const char *fn;
299 int r;
300
301 assert(h);
302
303 v = json_variant_ref(h->record->json);
304 r = json_variant_normalize(&v);
305 if (r < 0)
306 log_warning_errno(r, "User record could not be normalized.");
307
308 r = json_variant_format(v, JSON_FORMAT_PRETTY|JSON_FORMAT_NEWLINE, &text);
309 if (r < 0)
310 return r;
311
312 (void) mkdir("/var/lib/systemd/", 0755);
313 (void) mkdir(home_record_dir(), 0700);
314
315 fn = strjoina(home_record_dir(), "/", h->user_name, ".identity");
316
317 r = write_string_file(fn, text, WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_MODE_0600|WRITE_STRING_FILE_SYNC);
318 if (r < 0)
319 return r;
320
321 return 0;
322 }
323
324 int home_unlink_record(Home *h) {
325 const char *fn;
326
327 assert(h);
328
329 fn = strjoina(home_record_dir(), "/", h->user_name, ".identity");
330 if (unlink(fn) < 0 && errno != ENOENT)
331 return -errno;
332
333 fn = strjoina("/run/systemd/home/", h->user_name, ".ref");
334 if (unlink(fn) < 0 && errno != ENOENT)
335 return -errno;
336
337 return 0;
338 }
339
340 static void home_unpin(Home *h) {
341 assert(h);
342
343 if (h->pin_fd < 0)
344 return;
345
346 h->pin_fd = safe_close(h->pin_fd);
347 log_debug("Successfully closed pin fd on home for %s.", h->user_name);
348 }
349
350 static void home_pin(Home *h) {
351 const char *path;
352
353 assert(h);
354
355 if (h->pin_fd >= 0) /* Already pinned? */
356 return;
357
358 path = user_record_home_directory(h->record);
359 if (!path) {
360 log_warning("No home directory path to pin for %s, ignoring.", h->user_name);
361 return;
362 }
363
364 h->pin_fd = open(path, O_RDONLY|O_DIRECTORY|O_CLOEXEC);
365 if (h->pin_fd < 0) {
366 log_warning_errno(errno, "Couldn't open home directory '%s' for pinning, ignoring: %m", path);
367 return;
368 }
369
370 log_debug("Successfully pinned home directory '%s'.", path);
371 }
372
373 static void home_update_pin_fd(Home *h, HomeState state) {
374 assert(h);
375
376 if (state < 0)
377 state = home_get_state(h);
378
379 return HOME_STATE_SHALL_PIN(state) ? home_pin(h) : home_unpin(h);
380 }
381
382 static void home_maybe_close_luks_lock_fd(Home *h, HomeState state) {
383 assert(h);
384
385 if (h->luks_lock_fd < 0)
386 return;
387
388 if (state < 0)
389 state = home_get_state(h);
390
391 /* Keep the lock as long as the home dir is active or has some operation going */
392 if (HOME_STATE_IS_EXECUTING_OPERATION(state) || HOME_STATE_IS_ACTIVE(state) || state == HOME_LOCKED)
393 return;
394
395 h->luks_lock_fd = safe_close(h->luks_lock_fd);
396 log_debug("Successfully closed LUKS backing file lock for %s.", h->user_name);
397 }
398
399 static void home_maybe_stop_retry_deactivate(Home *h, HomeState state) {
400 assert(h);
401
402 /* Free the deactivation retry event source if we won't need it anymore. Specifically, we'll free the
403 * event source whenever the home directory is already deactivated (and we thus where successful) or
404 * if we start executing an operation that indicates that the home directory is going to be used or
405 * operated on again. Also, if the home is referenced again stop the timer */
406
407 if (HOME_STATE_MAY_RETRY_DEACTIVATE(state) &&
408 !h->ref_event_source_dont_suspend &&
409 !h->ref_event_source_please_suspend)
410 return;
411
412 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
413 }
414
415 static int home_deactivate_internal(Home *h, bool force, sd_bus_error *error);
416 static void home_start_retry_deactivate(Home *h);
417
418 static int home_on_retry_deactivate(sd_event_source *s, uint64_t usec, void *userdata) {
419 Home *h = ASSERT_PTR(userdata);
420 HomeState state;
421
422 assert(s);
423
424 /* 15s after the last attempt to deactivate the home directory passed. Let's try it one more time. */
425
426 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
427
428 state = home_get_state(h);
429 if (!HOME_STATE_MAY_RETRY_DEACTIVATE(state))
430 return 0;
431
432 if (IN_SET(state, HOME_ACTIVE, HOME_LINGERING)) {
433 log_info("Again trying to deactivate home directory.");
434
435 /* If we are not executing any operation, let's start deactivating now. Note that this will
436 * restart our timer again, we are gonna be called again if this doesn't work. */
437 (void) home_deactivate_internal(h, /* force= */ false, NULL);
438 } else
439 /* if we are executing an operation (specifically, area already running a deactivation
440 * operation), then simply reque the timer, so that we retry again. */
441 home_start_retry_deactivate(h);
442
443 return 0;
444 }
445
446 static void home_start_retry_deactivate(Home *h) {
447 int r;
448
449 assert(h);
450 assert(h->manager);
451
452 /* Already allocated? */
453 if (h->retry_deactivate_event_source)
454 return;
455
456 /* If the home directory is being used now don't start the timer */
457 if (h->ref_event_source_dont_suspend || h->ref_event_source_please_suspend)
458 return;
459
460 r = sd_event_add_time_relative(
461 h->manager->event,
462 &h->retry_deactivate_event_source,
463 CLOCK_MONOTONIC,
464 RETRY_DEACTIVATE_USEC,
465 1*USEC_PER_MINUTE,
466 home_on_retry_deactivate,
467 h);
468 if (r < 0)
469 return (void) log_warning_errno(r, "Failed to install retry-deactivate event source, ignoring: %m");
470
471 (void) sd_event_source_set_description(h->retry_deactivate_event_source, "retry-deactivate");
472 }
473
474 static void home_set_state(Home *h, HomeState state) {
475 HomeState old_state, new_state;
476
477 assert(h);
478
479 old_state = home_get_state(h);
480 h->state = state;
481 new_state = home_get_state(h); /* Query the new state, since the 'state' variable might be set to -1,
482 * in which case we synthesize an high-level state on demand */
483
484 log_info("%s: changing state %s %s %s", h->user_name,
485 home_state_to_string(old_state),
486 special_glyph(SPECIAL_GLYPH_ARROW_RIGHT),
487 home_state_to_string(new_state));
488
489 home_update_pin_fd(h, new_state);
490 home_maybe_close_luks_lock_fd(h, new_state);
491 home_maybe_stop_retry_deactivate(h, new_state);
492
493 if (HOME_STATE_IS_EXECUTING_OPERATION(old_state) && !HOME_STATE_IS_EXECUTING_OPERATION(new_state)) {
494 /* If we just finished executing some operation, process the queue of pending operations. And
495 * enqueue it for GC too. */
496
497 home_schedule_operation(h, NULL, NULL);
498 manager_reschedule_rebalance(h->manager);
499 manager_enqueue_gc(h->manager, h);
500 }
501 }
502
503 static int home_parse_worker_stdout(int _fd, UserRecord **ret) {
504 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
505 _cleanup_close_ int fd = _fd; /* take possession, even on failure */
506 _cleanup_(user_record_unrefp) UserRecord *hr = NULL;
507 _cleanup_fclose_ FILE *f = NULL;
508 unsigned line, column;
509 struct stat st;
510 int r;
511
512 if (fstat(fd, &st) < 0)
513 return log_error_errno(errno, "Failed to stat stdout fd: %m");
514
515 assert(S_ISREG(st.st_mode));
516
517 if (st.st_size == 0) { /* empty record */
518 *ret = NULL;
519 return 0;
520 }
521
522 if (lseek(fd, SEEK_SET, 0) < 0)
523 return log_error_errno(errno, "Failed to seek to beginning of memfd: %m");
524
525 f = take_fdopen(&fd, "r");
526 if (!f)
527 return log_error_errno(errno, "Failed to reopen memfd: %m");
528
529 if (DEBUG_LOGGING) {
530 _cleanup_free_ char *text = NULL;
531
532 r = read_full_stream(f, &text, NULL);
533 if (r < 0)
534 return log_error_errno(r, "Failed to read from client: %m");
535
536 log_debug("Got from worker: %s", text);
537 rewind(f);
538 }
539
540 r = json_parse_file(f, "stdout", JSON_PARSE_SENSITIVE, &v, &line, &column);
541 if (r < 0)
542 return log_error_errno(r, "Failed to parse identity at %u:%u: %m", line, column);
543
544 hr = user_record_new();
545 if (!hr)
546 return log_oom();
547
548 r = user_record_load(hr, v, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE);
549 if (r < 0)
550 return log_error_errno(r, "Failed to load home record identity: %m");
551
552 *ret = TAKE_PTR(hr);
553 return 1;
554 }
555
556 static int home_verify_user_record(Home *h, UserRecord *hr, bool *ret_signed_locally, sd_bus_error *ret_error) {
557 int is_signed;
558
559 assert(h);
560 assert(hr);
561 assert(ret_signed_locally);
562
563 is_signed = manager_verify_user_record(h->manager, hr);
564 switch (is_signed) {
565
566 case USER_RECORD_SIGNED_EXCLUSIVE:
567 log_info("Home %s is signed exclusively by our key, accepting.", hr->user_name);
568 *ret_signed_locally = true;
569 return 0;
570
571 case USER_RECORD_SIGNED:
572 log_info("Home %s is signed by our key (and others), accepting.", hr->user_name);
573 *ret_signed_locally = false;
574 return 0;
575
576 case USER_RECORD_FOREIGN:
577 log_info("Home %s is signed by foreign key we like, accepting.", hr->user_name);
578 *ret_signed_locally = false;
579 return 0;
580
581 case USER_RECORD_UNSIGNED:
582 sd_bus_error_setf(ret_error, BUS_ERROR_BAD_SIGNATURE, "User record %s is not signed at all, refusing.", hr->user_name);
583 return log_error_errno(SYNTHETIC_ERRNO(EPERM), "Home %s contains user record that is not signed at all, refusing.", hr->user_name);
584
585 case -ENOKEY:
586 sd_bus_error_setf(ret_error, BUS_ERROR_BAD_SIGNATURE, "User record %s is not signed by any known key, refusing.", hr->user_name);
587 return log_error_errno(is_signed, "Home %s contains user record that is not signed by any known key, refusing.", hr->user_name);
588
589 default:
590 assert(is_signed < 0);
591 return log_error_errno(is_signed, "Failed to verify signature on user record for %s, refusing fixation: %m", hr->user_name);
592 }
593 }
594
595 static int convert_worker_errno(Home *h, int e, sd_bus_error *error) {
596 /* Converts the error numbers the worker process returned into somewhat sensible dbus errors */
597
598 switch (e) {
599
600 case -EMSGSIZE:
601 return sd_bus_error_set(error, BUS_ERROR_BAD_HOME_SIZE, "File systems of this type cannot be shrunk");
602 case -ETXTBSY:
603 return sd_bus_error_set(error, BUS_ERROR_BAD_HOME_SIZE, "File systems of this type can only be shrunk offline");
604 case -ERANGE:
605 return sd_bus_error_set(error, BUS_ERROR_BAD_HOME_SIZE, "File system size too small");
606 case -ENOLINK:
607 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "System does not support selected storage backend");
608 case -EPROTONOSUPPORT:
609 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "System does not support selected file system");
610 case -ENOTTY:
611 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "Operation not supported on storage backend");
612 case -ESOCKTNOSUPPORT:
613 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "Operation not supported on file system");
614 case -ENOKEY:
615 return sd_bus_error_setf(error, BUS_ERROR_BAD_PASSWORD, "Password for home %s is incorrect or not sufficient for authentication.", h->user_name);
616 case -EBADSLT:
617 return sd_bus_error_setf(error, BUS_ERROR_BAD_PASSWORD_AND_NO_TOKEN, "Password for home %s is incorrect or not sufficient, and configured security token not found either.", h->user_name);
618 case -EREMOTEIO:
619 return sd_bus_error_setf(error, BUS_ERROR_BAD_RECOVERY_KEY, "Recovery key for home %s is incorrect or not sufficient for authentication.", h->user_name);
620 case -ENOANO:
621 return sd_bus_error_set(error, BUS_ERROR_TOKEN_PIN_NEEDED, "PIN for security token required.");
622 case -ERFKILL:
623 return sd_bus_error_set(error, BUS_ERROR_TOKEN_PROTECTED_AUTHENTICATION_PATH_NEEDED, "Security token requires protected authentication path.");
624 case -EMEDIUMTYPE:
625 return sd_bus_error_set(error, BUS_ERROR_TOKEN_USER_PRESENCE_NEEDED, "Security token requires presence confirmation.");
626 case -ENOCSI:
627 return sd_bus_error_set(error, BUS_ERROR_TOKEN_USER_VERIFICATION_NEEDED, "Security token requires user verification.");
628 case -ENOSTR:
629 return sd_bus_error_set(error, BUS_ERROR_TOKEN_ACTION_TIMEOUT, "Token action timeout. (User was supposed to verify presence or similar, by interacting with the token, and didn't do that in time.)");
630 case -EOWNERDEAD:
631 return sd_bus_error_set(error, BUS_ERROR_TOKEN_PIN_LOCKED, "PIN of security token locked.");
632 case -ENOLCK:
633 return sd_bus_error_set(error, BUS_ERROR_TOKEN_BAD_PIN, "Bad PIN of security token.");
634 case -ETOOMANYREFS:
635 return sd_bus_error_set(error, BUS_ERROR_TOKEN_BAD_PIN_FEW_TRIES_LEFT, "Bad PIN of security token, and only a few tries left.");
636 case -EUCLEAN:
637 return sd_bus_error_set(error, BUS_ERROR_TOKEN_BAD_PIN_ONE_TRY_LEFT, "Bad PIN of security token, and only one try left.");
638 case -EBUSY:
639 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
640 case -ENOEXEC:
641 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s is currently not active", h->user_name);
642 case -ENOSPC:
643 return sd_bus_error_setf(error, BUS_ERROR_NO_DISK_SPACE, "Not enough disk space for home %s", h->user_name);
644 case -EKEYREVOKED:
645 return sd_bus_error_setf(error, BUS_ERROR_HOME_CANT_AUTHENTICATE, "Home %s has no password or other authentication mechanism defined.", h->user_name);
646 case -EADDRINUSE:
647 return sd_bus_error_setf(error, BUS_ERROR_HOME_IN_USE, "Home %s is currently being used elsewhere.", h->user_name);
648 }
649
650 return 0;
651 }
652
653 static void home_count_bad_authentication(Home *h, int error, bool save) {
654 int r;
655
656 assert(h);
657
658 if (!IN_SET(error,
659 -ENOKEY, /* Password incorrect */
660 -EBADSLT, /* Password incorrect and no token */
661 -EREMOTEIO)) /* Recovery key incorrect */
662 return;
663
664 r = user_record_bad_authentication(h->record);
665 if (r < 0) {
666 log_warning_errno(r, "Failed to increase bad authentication counter, ignoring: %m");
667 return;
668 }
669
670 if (save) {
671 r = home_save_record(h);
672 if (r < 0)
673 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
674 }
675 }
676
677 static void home_fixate_finish(Home *h, int ret, UserRecord *hr) {
678 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
679 _cleanup_(user_record_unrefp) UserRecord *secret = NULL;
680 bool signed_locally;
681 int r;
682
683 assert(h);
684 assert(IN_SET(h->state, HOME_FIXATING, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE));
685
686 secret = TAKE_PTR(h->secret); /* Take possession */
687
688 if (ret < 0) {
689 (void) home_count_bad_authentication(h, ret, /* save= */ false);
690
691 (void) convert_worker_errno(h, ret, &error);
692 r = log_error_errno(ret, "Fixation failed: %m");
693 goto fail;
694 }
695 if (!hr) {
696 r = log_error_errno(SYNTHETIC_ERRNO(EIO), "Did not receive user record from worker process, fixation failed.");
697 goto fail;
698 }
699
700 r = home_verify_user_record(h, hr, &signed_locally, &error);
701 if (r < 0)
702 goto fail;
703
704 r = home_set_record(h, hr);
705 if (r < 0) {
706 log_error_errno(r, "Failed to update home record: %m");
707 goto fail;
708 }
709
710 h->signed_locally = signed_locally;
711
712 /* When we finished fixating (and don't follow-up with activation), let's count this as good authentication */
713 if (h->state == HOME_FIXATING) {
714 r = user_record_good_authentication(h->record);
715 if (r < 0)
716 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
717 }
718
719 r = home_save_record(h);
720 if (r < 0)
721 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
722
723 if (IN_SET(h->state, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE)) {
724
725 r = home_start_work(h, "activate", h->record, secret);
726 if (r < 0) {
727 h->current_operation = operation_result_unref(h->current_operation, r, NULL);
728 home_set_state(h, _HOME_STATE_INVALID);
729 } else
730 home_set_state(h, h->state == HOME_FIXATING_FOR_ACTIVATION ? HOME_ACTIVATING : HOME_ACTIVATING_FOR_ACQUIRE);
731
732 return;
733 }
734
735 log_debug("Fixation of %s completed.", h->user_name);
736
737 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
738
739 /* Reset the state to "invalid", which makes home_get_state() test if the image exists and returns
740 * HOME_ABSENT vs. HOME_INACTIVE as necessary. */
741 home_set_state(h, _HOME_STATE_INVALID);
742 (void) manager_schedule_rebalance(h->manager, /* immediately= */ false);
743 return;
744
745 fail:
746 /* If fixation fails, we stay in unfixated state! */
747 h->current_operation = operation_result_unref(h->current_operation, r, &error);
748 home_set_state(h, HOME_UNFIXATED);
749 }
750
751 static bool error_is_bad_password(int ret) {
752 /* Tests for the various cases of bad passwords. We generally don't want to log so loudly about
753 * these, since everyone types in a bad password now and then. Moreover we usually try to start out
754 * with an empty set of passwords, so the first authentication will frequently fail, if not token is
755 * inserted. */
756
757 return IN_SET(ret,
758 -ENOKEY, /* Bad password, or insufficient */
759 -EBADSLT, /* Bad password, and no token */
760 -EREMOTEIO, /* Bad recovery key */
761 -ENOANO, /* PIN for security token needed */
762 -ERFKILL, /* "Protected Authentication Path" for token needed */
763 -EMEDIUMTYPE, /* Presence confirmation on token needed */
764 -ENOCSI, /* User verification on token needed */
765 -ENOSTR, /* Token action timeout */
766 -EOWNERDEAD, /* PIN locked of security token */
767 -ENOLCK, /* Bad PIN of security token */
768 -ETOOMANYREFS, /* Bad PIN and few tries left */
769 -EUCLEAN); /* Bad PIN and one try left */
770 }
771
772 static void home_activate_finish(Home *h, int ret, UserRecord *hr) {
773 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
774 int r;
775
776 assert(h);
777 assert(IN_SET(h->state, HOME_ACTIVATING, HOME_ACTIVATING_FOR_ACQUIRE));
778
779 if (ret < 0) {
780 (void) home_count_bad_authentication(h, ret, /* save= */ true);
781
782 (void) convert_worker_errno(h, ret, &error);
783 r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR,
784 ret, "Activation failed: %s", bus_error_message(&error, ret));
785 goto finish;
786 }
787
788 if (hr) {
789 bool signed_locally;
790
791 r = home_verify_user_record(h, hr, &signed_locally, &error);
792 if (r < 0)
793 goto finish;
794
795 r = home_set_record(h, hr);
796 if (r < 0) {
797 log_error_errno(r, "Failed to update home record, ignoring: %m");
798 goto finish;
799 }
800
801 h->signed_locally = signed_locally;
802
803 r = user_record_good_authentication(h->record);
804 if (r < 0)
805 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
806
807 r = home_save_record(h);
808 if (r < 0)
809 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
810 }
811
812 log_debug("Activation of %s completed.", h->user_name);
813 r = 0;
814
815 finish:
816 h->current_operation = operation_result_unref(h->current_operation, r, &error);
817 home_set_state(h, _HOME_STATE_INVALID);
818
819 if (r >= 0)
820 (void) manager_schedule_rebalance(h->manager, /* immediately= */ true);
821 }
822
823 static void home_deactivate_finish(Home *h, int ret, UserRecord *hr) {
824 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
825 int r;
826
827 assert(h);
828 assert(h->state == HOME_DEACTIVATING);
829 assert(!hr); /* We don't expect a record on this operation */
830
831 if (ret < 0) {
832 (void) convert_worker_errno(h, ret, &error);
833 r = log_error_errno(ret, "Deactivation of %s failed: %m", h->user_name);
834 goto finish;
835 }
836
837 log_debug("Deactivation of %s completed.", h->user_name);
838 r = 0;
839
840 finish:
841 h->current_operation = operation_result_unref(h->current_operation, r, &error);
842 home_set_state(h, _HOME_STATE_INVALID);
843
844 if (r >= 0)
845 (void) manager_schedule_rebalance(h->manager, /* immediately= */ true);
846 }
847
848 static void home_remove_finish(Home *h, int ret, UserRecord *hr) {
849 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
850 Manager *m;
851 int r;
852
853 assert(h);
854 assert(h->state == HOME_REMOVING);
855 assert(!hr); /* We don't expect a record on this operation */
856
857 m = h->manager;
858
859 if (ret < 0 && ret != -EALREADY) {
860 (void) convert_worker_errno(h, ret, &error);
861 r = log_error_errno(ret, "Removing %s failed: %m", h->user_name);
862 goto fail;
863 }
864
865 /* For a couple of storage types we can't delete the actual data storage when called (such as LUKS on
866 * partitions like USB sticks, or so). Sometimes these storage locations are among those we normally
867 * automatically discover in /home or in udev. When such a home is deleted let's hence issue a rescan
868 * after completion, so that "unfixated" entries are rediscovered. */
869 if (!IN_SET(user_record_test_image_path(h->record), USER_TEST_UNDEFINED, USER_TEST_ABSENT))
870 manager_enqueue_rescan(m);
871
872 /* The image is now removed from disk. Now also remove our stored record */
873 r = home_unlink_record(h);
874 if (r < 0) {
875 log_error_errno(r, "Removing record file failed: %m");
876 goto fail;
877 }
878
879 log_debug("Removal of %s completed.", h->user_name);
880 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
881
882 /* Unload this record from memory too now. */
883 h = home_free(h);
884
885 (void) manager_schedule_rebalance(m, /* immediately= */ true);
886 return;
887
888 fail:
889 h->current_operation = operation_result_unref(h->current_operation, r, &error);
890 home_set_state(h, _HOME_STATE_INVALID);
891 }
892
893 static void home_create_finish(Home *h, int ret, UserRecord *hr) {
894 int r;
895
896 assert(h);
897 assert(h->state == HOME_CREATING);
898
899 if (ret < 0) {
900 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
901
902 (void) convert_worker_errno(h, ret, &error);
903 log_error_errno(ret, "Operation on %s failed: %m", h->user_name);
904 h->current_operation = operation_result_unref(h->current_operation, ret, &error);
905
906 if (h->unregister_on_failure) {
907 (void) home_unlink_record(h);
908 h = home_free(h);
909 return;
910 }
911
912 home_set_state(h, _HOME_STATE_INVALID);
913 return;
914 }
915
916 if (hr) {
917 r = home_set_record(h, hr);
918 if (r < 0)
919 log_warning_errno(r, "Failed to update home record, ignoring: %m");
920 }
921
922 r = home_save_record(h);
923 if (r < 0)
924 log_warning_errno(r, "Failed to save record to disk, ignoring: %m");
925
926 log_debug("Creation of %s completed.", h->user_name);
927
928 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
929 home_set_state(h, _HOME_STATE_INVALID);
930
931 (void) manager_schedule_rebalance(h->manager, /* immediately= */ true);
932 }
933
934 static void home_change_finish(Home *h, int ret, UserRecord *hr) {
935 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
936 int r;
937
938 assert(h);
939
940 if (ret < 0) {
941 (void) home_count_bad_authentication(h, ret, /* save= */ true);
942
943 (void) convert_worker_errno(h, ret, &error);
944 r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR,
945 ret, "Change operation failed: %s", bus_error_message(&error, ret));
946 goto finish;
947 }
948
949 if (hr) {
950 r = home_set_record(h, hr);
951 if (r < 0)
952 log_warning_errno(r, "Failed to update home record, ignoring: %m");
953 else {
954 r = user_record_good_authentication(h->record);
955 if (r < 0)
956 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
957
958 r = home_save_record(h);
959 if (r < 0)
960 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
961 }
962 }
963
964 log_debug("Change operation of %s completed.", h->user_name);
965 (void) manager_schedule_rebalance(h->manager, /* immediately= */ false);
966 r = 0;
967
968 finish:
969 h->current_operation = operation_result_unref(h->current_operation, r, &error);
970 home_set_state(h, _HOME_STATE_INVALID);
971 }
972
973 static void home_locking_finish(Home *h, int ret, UserRecord *hr) {
974 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
975 int r;
976
977 assert(h);
978 assert(h->state == HOME_LOCKING);
979
980 if (ret < 0) {
981 (void) convert_worker_errno(h, ret, &error);
982 r = log_error_errno(ret, "Locking operation failed: %m");
983 goto finish;
984 }
985
986 log_debug("Locking operation of %s completed.", h->user_name);
987 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
988 home_set_state(h, HOME_LOCKED);
989 return;
990
991 finish:
992 /* If a specific home doesn't know the concept of locking, then that's totally OK, don't propagate
993 * the error if we are executing a LockAllHomes() operation. */
994
995 if (h->current_operation->type == OPERATION_LOCK_ALL && r == -ENOTTY)
996 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
997 else
998 h->current_operation = operation_result_unref(h->current_operation, r, &error);
999
1000 home_set_state(h, _HOME_STATE_INVALID);
1001 }
1002
1003 static void home_unlocking_finish(Home *h, int ret, UserRecord *hr) {
1004 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1005 int r;
1006
1007 assert(h);
1008 assert(IN_SET(h->state, HOME_UNLOCKING, HOME_UNLOCKING_FOR_ACQUIRE));
1009
1010 if (ret < 0) {
1011 (void) home_count_bad_authentication(h, ret, /* save= */ true);
1012
1013 (void) convert_worker_errno(h, ret, &error);
1014 r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR,
1015 ret, "Unlocking operation failed: %s", bus_error_message(&error, ret));
1016
1017 /* Revert to locked state */
1018 home_set_state(h, HOME_LOCKED);
1019 h->current_operation = operation_result_unref(h->current_operation, r, &error);
1020 return;
1021 }
1022
1023 r = user_record_good_authentication(h->record);
1024 if (r < 0)
1025 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
1026 else {
1027 r = home_save_record(h);
1028 if (r < 0)
1029 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
1030 }
1031
1032 log_debug("Unlocking operation of %s completed.", h->user_name);
1033
1034 h->current_operation = operation_result_unref(h->current_operation, r, &error);
1035 home_set_state(h, _HOME_STATE_INVALID);
1036 return;
1037 }
1038
1039 static void home_authenticating_finish(Home *h, int ret, UserRecord *hr) {
1040 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1041 int r;
1042
1043 assert(h);
1044 assert(IN_SET(h->state, HOME_AUTHENTICATING, HOME_AUTHENTICATING_WHILE_ACTIVE, HOME_AUTHENTICATING_FOR_ACQUIRE));
1045
1046 if (ret < 0) {
1047 (void) home_count_bad_authentication(h, ret, /* save= */ true);
1048
1049 (void) convert_worker_errno(h, ret, &error);
1050 r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR,
1051 ret, "Authentication failed: %s", bus_error_message(&error, ret));
1052 goto finish;
1053 }
1054
1055 if (hr) {
1056 r = home_set_record(h, hr);
1057 if (r < 0)
1058 log_warning_errno(r, "Failed to update home record, ignoring: %m");
1059 else {
1060 r = user_record_good_authentication(h->record);
1061 if (r < 0)
1062 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
1063
1064 r = home_save_record(h);
1065 if (r < 0)
1066 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
1067 }
1068 }
1069
1070 log_debug("Authentication of %s completed.", h->user_name);
1071 r = 0;
1072
1073 finish:
1074 h->current_operation = operation_result_unref(h->current_operation, r, &error);
1075 home_set_state(h, _HOME_STATE_INVALID);
1076 }
1077
1078 static int home_on_worker_process(sd_event_source *s, const siginfo_t *si, void *userdata) {
1079 _cleanup_(user_record_unrefp) UserRecord *hr = NULL;
1080 Home *h = ASSERT_PTR(userdata);
1081 int ret;
1082
1083 assert(s);
1084 assert(si);
1085
1086 assert(h->worker_pid == si->si_pid);
1087 assert(h->worker_event_source);
1088 assert(h->worker_stdout_fd >= 0);
1089
1090 (void) hashmap_remove_value(h->manager->homes_by_worker_pid, PID_TO_PTR(h->worker_pid), h);
1091
1092 h->worker_pid = 0;
1093 h->worker_event_source = sd_event_source_disable_unref(h->worker_event_source);
1094
1095 if (si->si_code != CLD_EXITED) {
1096 assert(IN_SET(si->si_code, CLD_KILLED, CLD_DUMPED));
1097 ret = log_debug_errno(SYNTHETIC_ERRNO(EPROTO), "Worker process died abnormally with signal %s.", signal_to_string(si->si_status));
1098 } else if (si->si_status != EXIT_SUCCESS) {
1099 /* If we received an error code via sd_notify(), use it */
1100 if (h->worker_error_code != 0)
1101 ret = log_debug_errno(h->worker_error_code, "Worker reported error code %s.", errno_to_name(h->worker_error_code));
1102 else
1103 ret = log_debug_errno(SYNTHETIC_ERRNO(EPROTO), "Worker exited with exit code %i.", si->si_status);
1104 } else
1105 ret = home_parse_worker_stdout(TAKE_FD(h->worker_stdout_fd), &hr);
1106
1107 h->worker_stdout_fd = safe_close(h->worker_stdout_fd);
1108
1109 switch (h->state) {
1110
1111 case HOME_FIXATING:
1112 case HOME_FIXATING_FOR_ACTIVATION:
1113 case HOME_FIXATING_FOR_ACQUIRE:
1114 home_fixate_finish(h, ret, hr);
1115 break;
1116
1117 case HOME_ACTIVATING:
1118 case HOME_ACTIVATING_FOR_ACQUIRE:
1119 home_activate_finish(h, ret, hr);
1120 break;
1121
1122 case HOME_DEACTIVATING:
1123 home_deactivate_finish(h, ret, hr);
1124 break;
1125
1126 case HOME_LOCKING:
1127 home_locking_finish(h, ret, hr);
1128 break;
1129
1130 case HOME_UNLOCKING:
1131 case HOME_UNLOCKING_FOR_ACQUIRE:
1132 home_unlocking_finish(h, ret, hr);
1133 break;
1134
1135 case HOME_CREATING:
1136 home_create_finish(h, ret, hr);
1137 break;
1138
1139 case HOME_REMOVING:
1140 home_remove_finish(h, ret, hr);
1141 break;
1142
1143 case HOME_UPDATING:
1144 case HOME_UPDATING_WHILE_ACTIVE:
1145 case HOME_RESIZING:
1146 case HOME_RESIZING_WHILE_ACTIVE:
1147 case HOME_PASSWD:
1148 case HOME_PASSWD_WHILE_ACTIVE:
1149 home_change_finish(h, ret, hr);
1150 break;
1151
1152 case HOME_AUTHENTICATING:
1153 case HOME_AUTHENTICATING_WHILE_ACTIVE:
1154 case HOME_AUTHENTICATING_FOR_ACQUIRE:
1155 home_authenticating_finish(h, ret, hr);
1156 break;
1157
1158 default:
1159 assert_not_reached();
1160 }
1161
1162 return 0;
1163 }
1164
1165 static int home_start_work(Home *h, const char *verb, UserRecord *hr, UserRecord *secret) {
1166 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1167 _cleanup_(erase_and_freep) char *formatted = NULL;
1168 _cleanup_close_ int stdin_fd = -EBADF, stdout_fd = -EBADF;
1169 pid_t pid = 0;
1170 int r;
1171
1172 assert(h);
1173 assert(verb);
1174 assert(hr);
1175
1176 if (h->worker_pid != 0)
1177 return -EBUSY;
1178
1179 assert(h->worker_stdout_fd < 0);
1180 assert(!h->worker_event_source);
1181
1182 v = json_variant_ref(hr->json);
1183
1184 if (secret) {
1185 JsonVariant *sub = NULL;
1186
1187 sub = json_variant_by_key(secret->json, "secret");
1188 if (!sub)
1189 return -ENOKEY;
1190
1191 r = json_variant_set_field(&v, "secret", sub);
1192 if (r < 0)
1193 return r;
1194 }
1195
1196 r = json_variant_format(v, 0, &formatted);
1197 if (r < 0)
1198 return r;
1199
1200 stdin_fd = acquire_data_fd(formatted, strlen(formatted), 0);
1201 if (stdin_fd < 0)
1202 return stdin_fd;
1203
1204 log_debug("Sending to worker: %s", formatted);
1205
1206 stdout_fd = memfd_create_wrapper("homework-stdout", MFD_CLOEXEC | MFD_NOEXEC_SEAL);
1207 if (stdout_fd < 0)
1208 return stdout_fd;
1209
1210 r = safe_fork_full("(sd-homework)",
1211 (int[]) { stdin_fd, stdout_fd, STDERR_FILENO },
1212 NULL, 0,
1213 FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_REARRANGE_STDIO|FORK_LOG|FORK_REOPEN_LOG, &pid);
1214 if (r < 0)
1215 return r;
1216 if (r == 0) {
1217 _cleanup_free_ char *joined = NULL;
1218 const char *homework, *suffix, *unix_path;
1219
1220 /* Child */
1221
1222 suffix = getenv("SYSTEMD_HOME_DEBUG_SUFFIX");
1223 if (suffix) {
1224 joined = strjoin("/run/systemd/home/notify.", suffix);
1225 if (!joined)
1226 return log_oom();
1227 unix_path = joined;
1228 } else
1229 unix_path = "/run/systemd/home/notify";
1230
1231 if (setenv("NOTIFY_SOCKET", unix_path, 1) < 0) {
1232 log_error_errno(errno, "Failed to set $NOTIFY_SOCKET: %m");
1233 _exit(EXIT_FAILURE);
1234 }
1235
1236 /* If we haven't locked the device yet, ask for a lock to be taken and be passed back to us via sd_notify(). */
1237 if (setenv("SYSTEMD_LUKS_LOCK", one_zero(h->luks_lock_fd < 0), 1) < 0) {
1238 log_error_errno(errno, "Failed to set $SYSTEMD_LUKS_LOCK: %m");
1239 _exit(EXIT_FAILURE);
1240 }
1241
1242 if (h->manager->default_storage >= 0)
1243 if (setenv("SYSTEMD_HOME_DEFAULT_STORAGE", user_storage_to_string(h->manager->default_storage), 1) < 0) {
1244 log_error_errno(errno, "Failed to set $SYSTEMD_HOME_DEFAULT_STORAGE: %m");
1245 _exit(EXIT_FAILURE);
1246 }
1247
1248 if (h->manager->default_file_system_type)
1249 if (setenv("SYSTEMD_HOME_DEFAULT_FILE_SYSTEM_TYPE", h->manager->default_file_system_type, 1) < 0) {
1250 log_error_errno(errno, "Failed to set $SYSTEMD_HOME_DEFAULT_FILE_SYSTEM_TYPE: %m");
1251 _exit(EXIT_FAILURE);
1252 }
1253
1254 r = setenv_systemd_exec_pid(true);
1255 if (r < 0)
1256 log_warning_errno(r, "Failed to update $SYSTEMD_EXEC_PID, ignoring: %m");
1257
1258 /* Allow overriding the homework path via an environment variable, to make debugging
1259 * easier. */
1260 homework = getenv("SYSTEMD_HOMEWORK_PATH") ?: SYSTEMD_HOMEWORK_PATH;
1261
1262 execl(homework, homework, verb, NULL);
1263 log_error_errno(errno, "Failed to invoke %s: %m", homework);
1264 _exit(EXIT_FAILURE);
1265 }
1266
1267 r = sd_event_add_child(h->manager->event, &h->worker_event_source, pid, WEXITED, home_on_worker_process, h);
1268 if (r < 0)
1269 return r;
1270
1271 (void) sd_event_source_set_description(h->worker_event_source, "worker");
1272
1273 r = hashmap_put(h->manager->homes_by_worker_pid, PID_TO_PTR(pid), h);
1274 if (r < 0) {
1275 h->worker_event_source = sd_event_source_disable_unref(h->worker_event_source);
1276 return r;
1277 }
1278
1279 h->worker_stdout_fd = TAKE_FD(stdout_fd);
1280 h->worker_pid = pid;
1281 h->worker_error_code = 0;
1282
1283 return 0;
1284 }
1285
1286 static int home_ratelimit(Home *h, sd_bus_error *error) {
1287 int r, ret;
1288
1289 assert(h);
1290
1291 ret = user_record_ratelimit(h->record);
1292 if (ret < 0)
1293 return ret;
1294
1295 if (h->state != HOME_UNFIXATED) {
1296 r = home_save_record(h);
1297 if (r < 0)
1298 log_warning_errno(r, "Failed to save updated record, ignoring: %m");
1299 }
1300
1301 if (ret == 0) {
1302 usec_t t, n;
1303
1304 n = now(CLOCK_REALTIME);
1305 t = user_record_ratelimit_next_try(h->record);
1306
1307 if (t != USEC_INFINITY && t > n)
1308 return sd_bus_error_setf(error, BUS_ERROR_AUTHENTICATION_LIMIT_HIT,
1309 "Too many login attempts, please try again in %s!",
1310 FORMAT_TIMESPAN(t - n, USEC_PER_SEC));
1311
1312 return sd_bus_error_set(error, BUS_ERROR_AUTHENTICATION_LIMIT_HIT, "Too many login attempts, please try again later.");
1313 }
1314
1315 return 0;
1316 }
1317
1318 static int home_fixate_internal(
1319 Home *h,
1320 UserRecord *secret,
1321 HomeState for_state,
1322 sd_bus_error *error) {
1323
1324 int r;
1325
1326 assert(h);
1327 assert(IN_SET(for_state, HOME_FIXATING, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE));
1328
1329 r = home_start_work(h, "inspect", h->record, secret);
1330 if (r < 0)
1331 return r;
1332
1333 if (IN_SET(for_state, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE)) {
1334 /* Remember the secret data, since we need it for the activation again, later on. */
1335 user_record_unref(h->secret);
1336 h->secret = user_record_ref(secret);
1337 }
1338
1339 home_set_state(h, for_state);
1340 return 0;
1341 }
1342
1343 int home_fixate(Home *h, UserRecord *secret, sd_bus_error *error) {
1344 int r;
1345
1346 assert(h);
1347
1348 switch (home_get_state(h)) {
1349 case HOME_ABSENT:
1350 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1351 case HOME_INACTIVE:
1352 case HOME_DIRTY:
1353 case HOME_ACTIVE:
1354 case HOME_LINGERING:
1355 case HOME_LOCKED:
1356 return sd_bus_error_setf(error, BUS_ERROR_HOME_ALREADY_FIXATED, "Home %s is already fixated.", h->user_name);
1357 case HOME_UNFIXATED:
1358 break;
1359 default:
1360 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1361 }
1362
1363 r = home_ratelimit(h, error);
1364 if (r < 0)
1365 return r;
1366
1367 return home_fixate_internal(h, secret, HOME_FIXATING, error);
1368 }
1369
1370 static int home_activate_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1371 int r;
1372
1373 assert(h);
1374 assert(IN_SET(for_state, HOME_ACTIVATING, HOME_ACTIVATING_FOR_ACQUIRE));
1375
1376 r = home_start_work(h, "activate", h->record, secret);
1377 if (r < 0)
1378 return r;
1379
1380 home_set_state(h, for_state);
1381 return 0;
1382 }
1383
1384 int home_activate(Home *h, UserRecord *secret, sd_bus_error *error) {
1385 int r;
1386
1387 assert(h);
1388
1389 switch (home_get_state(h)) {
1390 case HOME_UNFIXATED:
1391 return home_fixate_internal(h, secret, HOME_FIXATING_FOR_ACTIVATION, error);
1392 case HOME_ABSENT:
1393 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1394 case HOME_ACTIVE:
1395 return sd_bus_error_setf(error, BUS_ERROR_HOME_ALREADY_ACTIVE, "Home %s is already active.", h->user_name);
1396 case HOME_LINGERING:
1397 /* If we are lingering, i.e. active but are supposed to be deactivated, then cancel this
1398 * timer if the user explicitly asks us to be active */
1399 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
1400 return 0;
1401 case HOME_LOCKED:
1402 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1403 case HOME_INACTIVE:
1404 case HOME_DIRTY:
1405 break;
1406 default:
1407 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1408 }
1409
1410 r = home_ratelimit(h, error);
1411 if (r < 0)
1412 return r;
1413
1414 return home_activate_internal(h, secret, HOME_ACTIVATING, error);
1415 }
1416
1417 static int home_authenticate_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1418 int r;
1419
1420 assert(h);
1421 assert(IN_SET(for_state, HOME_AUTHENTICATING, HOME_AUTHENTICATING_WHILE_ACTIVE, HOME_AUTHENTICATING_FOR_ACQUIRE));
1422
1423 r = home_start_work(h, "inspect", h->record, secret);
1424 if (r < 0)
1425 return r;
1426
1427 home_set_state(h, for_state);
1428 return 0;
1429 }
1430
1431 int home_authenticate(Home *h, UserRecord *secret, sd_bus_error *error) {
1432 HomeState state;
1433 int r;
1434
1435 assert(h);
1436
1437 state = home_get_state(h);
1438 switch (state) {
1439 case HOME_ABSENT:
1440 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1441 case HOME_LOCKED:
1442 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1443 case HOME_UNFIXATED:
1444 case HOME_INACTIVE:
1445 case HOME_DIRTY:
1446 case HOME_ACTIVE:
1447 case HOME_LINGERING:
1448 break;
1449 default:
1450 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1451 }
1452
1453 r = home_ratelimit(h, error);
1454 if (r < 0)
1455 return r;
1456
1457 return home_authenticate_internal(h, secret, HOME_STATE_IS_ACTIVE(state) ? HOME_AUTHENTICATING_WHILE_ACTIVE : HOME_AUTHENTICATING, error);
1458 }
1459
1460 static int home_deactivate_internal(Home *h, bool force, sd_bus_error *error) {
1461 int r;
1462
1463 assert(h);
1464
1465 home_unpin(h); /* unpin so that we can deactivate */
1466
1467 r = home_start_work(h, force ? "deactivate-force" : "deactivate", h->record, NULL);
1468 if (r < 0)
1469 /* Operation failed before it even started, reacquire pin fd, if state still dictates so */
1470 home_update_pin_fd(h, _HOME_STATE_INVALID);
1471 else {
1472 home_set_state(h, HOME_DEACTIVATING);
1473 r = 0;
1474 }
1475
1476 /* Let's start a timer to retry deactivation in 15. We'll stop the timer once we manage to deactivate
1477 * the home directory again, or we start any other operation. */
1478 home_start_retry_deactivate(h);
1479
1480 return r;
1481 }
1482
1483 int home_deactivate(Home *h, bool force, sd_bus_error *error) {
1484 assert(h);
1485
1486 switch (home_get_state(h)) {
1487 case HOME_UNFIXATED:
1488 case HOME_ABSENT:
1489 case HOME_INACTIVE:
1490 case HOME_DIRTY:
1491 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s not active.", h->user_name);
1492 case HOME_LOCKED:
1493 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1494 case HOME_ACTIVE:
1495 case HOME_LINGERING:
1496 break;
1497 default:
1498 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1499 }
1500
1501 return home_deactivate_internal(h, force, error);
1502 }
1503
1504 int home_create(Home *h, UserRecord *secret, sd_bus_error *error) {
1505 int r;
1506
1507 assert(h);
1508
1509 switch (home_get_state(h)) {
1510 case HOME_INACTIVE: {
1511 int t;
1512
1513 if (h->record->storage < 0)
1514 break; /* if no storage is defined we don't know what precisely to look for, hence
1515 * HOME_INACTIVE is OK in that case too. */
1516
1517 t = user_record_test_image_path(h->record);
1518 if (IN_SET(t, USER_TEST_MAYBE, USER_TEST_UNDEFINED))
1519 break; /* And if the image path test isn't conclusive, let's also go on */
1520
1521 if (IN_SET(t, -EBADF, -ENOTDIR))
1522 return sd_bus_error_setf(error, BUS_ERROR_HOME_EXISTS, "Selected home image of user %s already exists or has wrong inode type.", h->user_name);
1523
1524 return sd_bus_error_setf(error, BUS_ERROR_HOME_EXISTS, "Selected home image of user %s already exists.", h->user_name);
1525 }
1526 case HOME_UNFIXATED:
1527 case HOME_DIRTY:
1528 return sd_bus_error_setf(error, BUS_ERROR_HOME_EXISTS, "Home of user %s already exists.", h->user_name);
1529 case HOME_ABSENT:
1530 break;
1531 case HOME_ACTIVE:
1532 case HOME_LINGERING:
1533 case HOME_LOCKED:
1534 default:
1535 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1536 }
1537
1538 if (h->record->enforce_password_policy == false)
1539 log_debug("Password quality check turned off for account, skipping.");
1540 else {
1541 r = user_record_check_password_quality(h->record, secret, error);
1542 if (r < 0)
1543 return r;
1544 }
1545
1546 r = home_start_work(h, "create", h->record, secret);
1547 if (r < 0)
1548 return r;
1549
1550 home_set_state(h, HOME_CREATING);
1551 return 0;
1552 }
1553
1554 int home_remove(Home *h, sd_bus_error *error) {
1555 HomeState state;
1556 int r;
1557
1558 assert(h);
1559
1560 state = home_get_state(h);
1561 switch (state) {
1562 case HOME_ABSENT: /* If the home directory is absent, then this is just like unregistering */
1563 return home_unregister(h, error);
1564 case HOME_LOCKED:
1565 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1566 case HOME_UNFIXATED:
1567 case HOME_INACTIVE:
1568 case HOME_DIRTY:
1569 break;
1570 case HOME_ACTIVE:
1571 case HOME_LINGERING:
1572 default:
1573 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1574 }
1575
1576 r = home_start_work(h, "remove", h->record, NULL);
1577 if (r < 0)
1578 return r;
1579
1580 home_set_state(h, HOME_REMOVING);
1581 return 0;
1582 }
1583
1584 static int user_record_extend_with_binding(UserRecord *hr, UserRecord *with_binding, UserRecordLoadFlags flags, UserRecord **ret) {
1585 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1586 _cleanup_(user_record_unrefp) UserRecord *nr = NULL;
1587 JsonVariant *binding;
1588 int r;
1589
1590 assert(hr);
1591 assert(with_binding);
1592 assert(ret);
1593
1594 assert_se(v = json_variant_ref(hr->json));
1595
1596 binding = json_variant_by_key(with_binding->json, "binding");
1597 if (binding) {
1598 r = json_variant_set_field(&v, "binding", binding);
1599 if (r < 0)
1600 return r;
1601 }
1602
1603 nr = user_record_new();
1604 if (!nr)
1605 return -ENOMEM;
1606
1607 r = user_record_load(nr, v, flags);
1608 if (r < 0)
1609 return r;
1610
1611 *ret = TAKE_PTR(nr);
1612 return 0;
1613 }
1614
1615 static int home_update_internal(
1616 Home *h,
1617 const char *verb,
1618 UserRecord *hr,
1619 UserRecord *secret,
1620 sd_bus_error *error) {
1621
1622 _cleanup_(user_record_unrefp) UserRecord *new_hr = NULL, *saved_secret = NULL, *signed_hr = NULL;
1623 int r, c;
1624
1625 assert(h);
1626 assert(verb);
1627 assert(hr);
1628
1629 if (!user_record_compatible(hr, h->record))
1630 return sd_bus_error_set(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Updated user record is not compatible with existing one.");
1631 c = user_record_compare_last_change(hr, h->record); /* refuse downgrades */
1632 if (c < 0)
1633 return sd_bus_error_set(error, BUS_ERROR_HOME_RECORD_DOWNGRADE, "Refusing to update to older home record.");
1634
1635 if (!secret && FLAGS_SET(hr->mask, USER_RECORD_SECRET)) {
1636 r = user_record_clone(hr, USER_RECORD_EXTRACT_SECRET|USER_RECORD_PERMISSIVE, &saved_secret);
1637 if (r < 0)
1638 return r;
1639
1640 secret = saved_secret;
1641 }
1642
1643 r = manager_verify_user_record(h->manager, hr);
1644 switch (r) {
1645
1646 case USER_RECORD_UNSIGNED:
1647 if (h->signed_locally <= 0) /* If the existing record is not owned by us, don't accept an
1648 * unsigned new record. i.e. only implicitly sign new records
1649 * that where previously signed by us too. */
1650 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1651
1652 /* The updated record is not signed, then do so now */
1653 r = manager_sign_user_record(h->manager, hr, &signed_hr, error);
1654 if (r < 0)
1655 return r;
1656
1657 hr = signed_hr;
1658 break;
1659
1660 case USER_RECORD_SIGNED_EXCLUSIVE:
1661 case USER_RECORD_SIGNED:
1662 case USER_RECORD_FOREIGN:
1663 /* Has already been signed. Great! */
1664 break;
1665
1666 case -ENOKEY:
1667 default:
1668 return r;
1669 }
1670
1671 r = user_record_extend_with_binding(hr, h->record, USER_RECORD_LOAD_MASK_SECRET|USER_RECORD_PERMISSIVE, &new_hr);
1672 if (r < 0)
1673 return r;
1674
1675 if (c == 0) {
1676 /* different payload but same lastChangeUSec field? That's not cool! */
1677
1678 r = user_record_masked_equal(new_hr, h->record, USER_RECORD_REGULAR|USER_RECORD_PRIVILEGED|USER_RECORD_PER_MACHINE);
1679 if (r < 0)
1680 return r;
1681 if (r == 0)
1682 return sd_bus_error_set(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Home record different but timestamp remained the same, refusing.");
1683 }
1684
1685 r = home_start_work(h, verb, new_hr, secret);
1686 if (r < 0)
1687 return r;
1688
1689 return 0;
1690 }
1691
1692 int home_update(Home *h, UserRecord *hr, sd_bus_error *error) {
1693 HomeState state;
1694 int r;
1695
1696 assert(h);
1697 assert(hr);
1698
1699 state = home_get_state(h);
1700 switch (state) {
1701 case HOME_UNFIXATED:
1702 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1703 case HOME_ABSENT:
1704 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1705 case HOME_LOCKED:
1706 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1707 case HOME_INACTIVE:
1708 case HOME_DIRTY:
1709 case HOME_ACTIVE:
1710 case HOME_LINGERING:
1711 break;
1712 default:
1713 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1714 }
1715
1716 r = home_ratelimit(h, error);
1717 if (r < 0)
1718 return r;
1719
1720 r = home_update_internal(h, "update", hr, NULL, error);
1721 if (r < 0)
1722 return r;
1723
1724 home_set_state(h, HOME_STATE_IS_ACTIVE(state) ? HOME_UPDATING_WHILE_ACTIVE : HOME_UPDATING);
1725 return 0;
1726 }
1727
1728 int home_resize(Home *h,
1729 uint64_t disk_size,
1730 UserRecord *secret,
1731 bool automatic,
1732 sd_bus_error *error) {
1733
1734 _cleanup_(user_record_unrefp) UserRecord *c = NULL;
1735 HomeState state;
1736 int r;
1737
1738 assert(h);
1739
1740 state = home_get_state(h);
1741 switch (state) {
1742 case HOME_UNFIXATED:
1743 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1744 case HOME_ABSENT:
1745 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1746 case HOME_LOCKED:
1747 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1748 case HOME_INACTIVE:
1749 case HOME_DIRTY:
1750 case HOME_ACTIVE:
1751 case HOME_LINGERING:
1752 break;
1753 default:
1754 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1755 }
1756
1757 r = home_ratelimit(h, error);
1758 if (r < 0)
1759 return r;
1760
1761 /* If the user didn't specify any size explicitly and rebalancing is on, then the disk size is
1762 * determined by automatic rebalancing and hence not user configured but determined by us and thus
1763 * applied anyway. */
1764 if (disk_size == UINT64_MAX && h->record->rebalance_weight != REBALANCE_WEIGHT_OFF)
1765 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Disk size is being determined by automatic disk space rebalancing.");
1766
1767 if (disk_size == UINT64_MAX || disk_size == h->record->disk_size) {
1768 if (h->record->disk_size == UINT64_MAX)
1769 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "No disk size to resize to specified.");
1770
1771 c = user_record_ref(h->record); /* Shortcut if size is unspecified or matches the record */
1772 } else {
1773 _cleanup_(user_record_unrefp) UserRecord *signed_c = NULL;
1774
1775 if (h->signed_locally <= 0) /* Don't allow changing of records not signed only by us */
1776 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1777
1778 r = user_record_clone(h->record, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE, &c);
1779 if (r < 0)
1780 return r;
1781
1782 r = user_record_set_disk_size(c, disk_size);
1783 if (r == -ERANGE)
1784 return sd_bus_error_setf(error, BUS_ERROR_BAD_HOME_SIZE, "Requested size for home %s out of acceptable range.", h->user_name);
1785 if (r < 0)
1786 return r;
1787
1788 /* If user picked an explicit size, then turn off rebalancing, so that we don't undo what user chose */
1789 r = user_record_set_rebalance_weight(c, REBALANCE_WEIGHT_OFF);
1790 if (r < 0)
1791 return r;
1792
1793 r = user_record_update_last_changed(c, false);
1794 if (r == -ECHRNG)
1795 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Record last change time of %s is newer than current time, cannot update.", h->user_name);
1796 if (r < 0)
1797 return r;
1798
1799 r = manager_sign_user_record(h->manager, c, &signed_c, error);
1800 if (r < 0)
1801 return r;
1802
1803 user_record_unref(c);
1804 c = TAKE_PTR(signed_c);
1805 }
1806
1807 r = home_update_internal(h, automatic ? "resize-auto" : "resize", c, secret, error);
1808 if (r < 0)
1809 return r;
1810
1811 home_set_state(h, HOME_STATE_IS_ACTIVE(state) ? HOME_RESIZING_WHILE_ACTIVE : HOME_RESIZING);
1812 return 0;
1813 }
1814
1815 static int home_may_change_password(
1816 Home *h,
1817 sd_bus_error *error) {
1818
1819 int r;
1820
1821 assert(h);
1822
1823 r = user_record_test_password_change_required(h->record);
1824 if (IN_SET(r, -EKEYREVOKED, -EOWNERDEAD, -EKEYEXPIRED, -ESTALE))
1825 return 0; /* expired in some form, but changing is allowed */
1826 if (IN_SET(r, -EKEYREJECTED, -EROFS))
1827 return sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Expiration settings of account %s do not allow changing of password.", h->user_name);
1828 if (r < 0)
1829 return log_error_errno(r, "Failed to test password expiry: %m");
1830
1831 return 0; /* not expired */
1832 }
1833
1834 int home_passwd(Home *h,
1835 UserRecord *new_secret,
1836 UserRecord *old_secret,
1837 sd_bus_error *error) {
1838
1839 _cleanup_(user_record_unrefp) UserRecord *c = NULL, *merged_secret = NULL, *signed_c = NULL;
1840 HomeState state;
1841 int r;
1842
1843 assert(h);
1844
1845 if (h->signed_locally <= 0) /* Don't allow changing of records not signed only by us */
1846 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1847
1848 state = home_get_state(h);
1849 switch (state) {
1850 case HOME_UNFIXATED:
1851 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1852 case HOME_ABSENT:
1853 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1854 case HOME_LOCKED:
1855 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1856 case HOME_INACTIVE:
1857 case HOME_DIRTY:
1858 case HOME_ACTIVE:
1859 case HOME_LINGERING:
1860 break;
1861 default:
1862 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1863 }
1864
1865 r = home_ratelimit(h, error);
1866 if (r < 0)
1867 return r;
1868
1869 r = home_may_change_password(h, error);
1870 if (r < 0)
1871 return r;
1872
1873 r = user_record_clone(h->record, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE, &c);
1874 if (r < 0)
1875 return r;
1876
1877 merged_secret = user_record_new();
1878 if (!merged_secret)
1879 return -ENOMEM;
1880
1881 r = user_record_merge_secret(merged_secret, old_secret);
1882 if (r < 0)
1883 return r;
1884
1885 r = user_record_merge_secret(merged_secret, new_secret);
1886 if (r < 0)
1887 return r;
1888
1889 if (!strv_isempty(new_secret->password)) {
1890 /* Update the password only if one is specified, otherwise let's just reuse the old password
1891 * data. This is useful as a way to propagate updated user records into the LUKS backends
1892 * properly. */
1893
1894 r = user_record_make_hashed_password(c, new_secret->password, /* extend = */ false);
1895 if (r < 0)
1896 return r;
1897
1898 r = user_record_set_password_change_now(c, -1 /* remove */);
1899 if (r < 0)
1900 return r;
1901 }
1902
1903 r = user_record_update_last_changed(c, true);
1904 if (r == -ECHRNG)
1905 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Record last change time of %s is newer than current time, cannot update.", h->user_name);
1906 if (r < 0)
1907 return r;
1908
1909 r = manager_sign_user_record(h->manager, c, &signed_c, error);
1910 if (r < 0)
1911 return r;
1912
1913 if (c->enforce_password_policy == false)
1914 log_debug("Password quality check turned off for account, skipping.");
1915 else {
1916 r = user_record_check_password_quality(c, merged_secret, error);
1917 if (r < 0)
1918 return r;
1919 }
1920
1921 r = home_update_internal(h, "passwd", signed_c, merged_secret, error);
1922 if (r < 0)
1923 return r;
1924
1925 home_set_state(h, HOME_STATE_IS_ACTIVE(state) ? HOME_PASSWD_WHILE_ACTIVE : HOME_PASSWD);
1926 return 0;
1927 }
1928
1929 int home_unregister(Home *h, sd_bus_error *error) {
1930 int r;
1931
1932 assert(h);
1933
1934 switch (home_get_state(h)) {
1935 case HOME_UNFIXATED:
1936 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s is not registered.", h->user_name);
1937 case HOME_LOCKED:
1938 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1939 case HOME_ABSENT:
1940 case HOME_INACTIVE:
1941 case HOME_DIRTY:
1942 break;
1943 case HOME_ACTIVE:
1944 case HOME_LINGERING:
1945 default:
1946 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1947 }
1948
1949 r = home_unlink_record(h);
1950 if (r < 0)
1951 return r;
1952
1953 /* And destroy the whole entry. The caller needs to be prepared for that. */
1954 h = home_free(h);
1955 return 1;
1956 }
1957
1958 int home_lock(Home *h, sd_bus_error *error) {
1959 int r;
1960
1961 assert(h);
1962
1963 switch (home_get_state(h)) {
1964 case HOME_UNFIXATED:
1965 case HOME_ABSENT:
1966 case HOME_INACTIVE:
1967 case HOME_DIRTY:
1968 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s is not active.", h->user_name);
1969 case HOME_LOCKED:
1970 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is already locked.", h->user_name);
1971 case HOME_ACTIVE:
1972 case HOME_LINGERING:
1973 break;
1974 default:
1975 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1976 }
1977
1978 r = home_start_work(h, "lock", h->record, NULL);
1979 if (r < 0)
1980 return r;
1981
1982 home_set_state(h, HOME_LOCKING);
1983 return 0;
1984 }
1985
1986 static int home_unlock_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1987 int r;
1988
1989 assert(h);
1990 assert(IN_SET(for_state, HOME_UNLOCKING, HOME_UNLOCKING_FOR_ACQUIRE));
1991
1992 r = home_start_work(h, "unlock", h->record, secret);
1993 if (r < 0)
1994 return r;
1995
1996 home_set_state(h, for_state);
1997 return 0;
1998 }
1999
2000 int home_unlock(Home *h, UserRecord *secret, sd_bus_error *error) {
2001 int r;
2002 assert(h);
2003
2004 r = home_ratelimit(h, error);
2005 if (r < 0)
2006 return r;
2007
2008 switch (home_get_state(h)) {
2009 case HOME_UNFIXATED:
2010 case HOME_ABSENT:
2011 case HOME_INACTIVE:
2012 case HOME_ACTIVE:
2013 case HOME_LINGERING:
2014 case HOME_DIRTY:
2015 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_LOCKED, "Home %s is not locked.", h->user_name);
2016 case HOME_LOCKED:
2017 break;
2018 default:
2019 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
2020 }
2021
2022 return home_unlock_internal(h, secret, HOME_UNLOCKING, error);
2023 }
2024
2025 HomeState home_get_state(Home *h) {
2026 int r;
2027 assert(h);
2028
2029 /* When the state field is initialized, it counts. */
2030 if (h->state >= 0)
2031 return h->state;
2032
2033 /* Otherwise, let's see if the home directory is mounted. If so, we assume for sure the home
2034 * directory is active */
2035 if (user_record_test_home_directory(h->record) == USER_TEST_MOUNTED)
2036 return h->retry_deactivate_event_source ? HOME_LINGERING : HOME_ACTIVE;
2037
2038 /* And if we see the image being gone, we report this as absent */
2039 r = user_record_test_image_path(h->record);
2040 if (r == USER_TEST_ABSENT)
2041 return HOME_ABSENT;
2042 if (r == USER_TEST_DIRTY)
2043 return HOME_DIRTY;
2044
2045 /* And for all other cases we return "inactive". */
2046 return HOME_INACTIVE;
2047 }
2048
2049 void home_process_notify(Home *h, char **l, int fd) {
2050 _cleanup_close_ int taken_fd = TAKE_FD(fd);
2051 const char *e;
2052 int error;
2053 int r;
2054
2055 assert(h);
2056
2057 e = strv_env_get(l, "SYSTEMD_LUKS_LOCK_FD");
2058 if (e) {
2059 r = parse_boolean(e);
2060 if (r < 0)
2061 return (void) log_debug_errno(r, "Failed to parse SYSTEMD_LUKS_LOCK_FD value: %m");
2062 if (r > 0) {
2063 if (taken_fd < 0)
2064 return (void) log_debug("Got notify message with SYSTEMD_LUKS_LOCK_FD=1 but no fd passed, ignoring: %m");
2065
2066 close_and_replace(h->luks_lock_fd, taken_fd);
2067
2068 log_debug("Successfully acquired LUKS lock fd from worker.");
2069
2070 /* Immediately check if we actually want to keep it */
2071 home_maybe_close_luks_lock_fd(h, _HOME_STATE_INVALID);
2072 } else {
2073 if (taken_fd >= 0)
2074 return (void) log_debug("Got notify message with SYSTEMD_LUKS_LOCK_FD=0 but fd passed, ignoring: %m");
2075
2076 h->luks_lock_fd = safe_close(h->luks_lock_fd);
2077 }
2078
2079 return;
2080 }
2081
2082 e = strv_env_get(l, "ERRNO");
2083 if (!e)
2084 return (void) log_debug("Got notify message lacking both ERRNO= and SYSTEMD_LUKS_LOCK_FD= field, ignoring.");
2085
2086 r = safe_atoi(e, &error);
2087 if (r < 0)
2088 return (void) log_debug_errno(r, "Failed to parse received error number, ignoring: %s", e);
2089 if (error <= 0)
2090 return (void) log_debug("Error number is out of range: %i", error);
2091
2092 h->worker_error_code = error;
2093 }
2094
2095 int home_killall(Home *h) {
2096 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2097 _cleanup_free_ char *unit = NULL;
2098 int r;
2099
2100 assert(h);
2101
2102 if (!uid_is_valid(h->uid))
2103 return 0;
2104
2105 assert(h->uid > 0); /* We never should be UID 0 */
2106
2107 /* Let's kill everything matching the specified UID */
2108 r = safe_fork("(sd-killer)",
2109 FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGKILL|FORK_WAIT|FORK_LOG|FORK_REOPEN_LOG,
2110 NULL);
2111 if (r < 0)
2112 return r;
2113 if (r == 0) {
2114 /* Child */
2115
2116 r = fully_set_uid_gid(h->uid, user_record_gid(h->record), /* supplementary_gids= */ NULL, /* n_supplementary_gids= */ 0);
2117 if (r < 0) {
2118 log_error_errno(r, "Failed to change UID/GID to " UID_FMT "/" GID_FMT ": %m", h->uid, user_record_gid(h->record));
2119 _exit(EXIT_FAILURE);
2120 }
2121
2122 if (kill(-1, SIGKILL) < 0) {
2123 log_error_errno(errno, "Failed to kill all processes of UID " UID_FMT ": %m", h->uid);
2124 _exit(EXIT_FAILURE);
2125 }
2126
2127 _exit(EXIT_SUCCESS);
2128 }
2129
2130 /* Let's also kill everything in the user's slice */
2131 if (asprintf(&unit, "user-" UID_FMT ".slice", h->uid) < 0)
2132 return log_oom();
2133
2134 r = bus_call_method(h->manager->bus, bus_systemd_mgr, "KillUnit", &error, NULL, "ssi", unit, "all", SIGKILL);
2135 if (r < 0)
2136 log_full_errno(sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_UNIT) ? LOG_DEBUG : LOG_WARNING,
2137 r, "Failed to kill login processes of user, ignoring: %s", bus_error_message(&error, r));
2138
2139 return 1;
2140 }
2141
2142 static int home_get_disk_status_luks(
2143 Home *h,
2144 HomeState state,
2145 uint64_t *ret_disk_size,
2146 uint64_t *ret_disk_usage,
2147 uint64_t *ret_disk_free,
2148 uint64_t *ret_disk_ceiling,
2149 uint64_t *ret_disk_floor,
2150 statfs_f_type_t *ret_fstype,
2151 mode_t *ret_access_mode) {
2152
2153 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX,
2154 disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX,
2155 stat_used = UINT64_MAX, fs_size = UINT64_MAX, header_size = 0;
2156 mode_t access_mode = MODE_INVALID;
2157 statfs_f_type_t fstype = 0;
2158 struct statfs sfs;
2159 struct stat st;
2160 const char *hd;
2161 int r;
2162
2163 assert(h);
2164
2165 if (state != HOME_ABSENT) {
2166 const char *ip;
2167
2168 ip = user_record_image_path(h->record);
2169 if (ip) {
2170 if (stat(ip, &st) < 0)
2171 log_debug_errno(errno, "Failed to stat() %s, ignoring: %m", ip);
2172 else if (S_ISREG(st.st_mode)) {
2173 _cleanup_free_ char *parent = NULL;
2174
2175 disk_size = st.st_size;
2176 stat_used = st.st_blocks * 512;
2177
2178 r = path_extract_directory(ip, &parent);
2179 if (r < 0)
2180 return log_error_errno(r, "Failed to extract parent directory from image path '%s': %m", ip);
2181
2182 if (statfs(parent, &sfs) < 0)
2183 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", parent);
2184 else
2185 disk_ceiling = stat_used + sfs.f_bsize * sfs.f_bavail;
2186
2187 } else if (S_ISBLK(st.st_mode)) {
2188 _cleanup_free_ char *szbuf = NULL;
2189 char p[SYS_BLOCK_PATH_MAX("/size")];
2190
2191 /* Let's read the size off sysfs, so that we don't have to open the device */
2192 xsprintf_sys_block_path(p, "/size", st.st_rdev);
2193 r = read_one_line_file(p, &szbuf);
2194 if (r < 0)
2195 log_debug_errno(r, "Failed to read %s, ignoring: %m", p);
2196 else {
2197 uint64_t sz;
2198
2199 r = safe_atou64(szbuf, &sz);
2200 if (r < 0)
2201 log_debug_errno(r, "Failed to parse %s, ignoring: %s", p, szbuf);
2202 else
2203 disk_size = sz * 512;
2204 }
2205 } else
2206 log_debug("Image path is not a block device or regular file, not able to acquire size.");
2207 }
2208 }
2209
2210 if (!HOME_STATE_IS_ACTIVE(state))
2211 goto finish;
2212
2213 hd = user_record_home_directory(h->record);
2214 if (!hd)
2215 goto finish;
2216
2217 if (stat(hd, &st) < 0) {
2218 log_debug_errno(errno, "Failed to stat() %s, ignoring: %m", hd);
2219 goto finish;
2220 }
2221
2222 r = stat_verify_directory(&st);
2223 if (r < 0) {
2224 log_debug_errno(r, "Home directory %s is not a directory, ignoring: %m", hd);
2225 goto finish;
2226 }
2227
2228 access_mode = st.st_mode & 07777;
2229
2230 if (statfs(hd, &sfs) < 0) {
2231 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", hd);
2232 goto finish;
2233 }
2234
2235 fstype = sfs.f_type;
2236
2237 disk_free = sfs.f_bsize * sfs.f_bavail;
2238 fs_size = sfs.f_bsize * sfs.f_blocks;
2239 if (disk_size != UINT64_MAX && disk_size > fs_size)
2240 header_size = disk_size - fs_size;
2241
2242 /* We take a perspective from the user here (as opposed to from the host): the used disk space is the
2243 * difference from the limit and what's free. This makes a difference if sparse mode is not used: in
2244 * that case the image is pre-allocated and thus appears all used from the host PoV but is not used
2245 * up at all yet from the user's PoV.
2246 *
2247 * That said, we use the stat() reported loopback file size as upper boundary: our footprint can
2248 * never be larger than what we take up on the lowest layers. */
2249
2250 if (disk_size != UINT64_MAX && disk_size > disk_free) {
2251 disk_usage = disk_size - disk_free;
2252
2253 if (stat_used != UINT64_MAX && disk_usage > stat_used)
2254 disk_usage = stat_used;
2255 } else
2256 disk_usage = stat_used;
2257
2258 /* If we have the magic, determine floor preferably by magic */
2259 disk_floor = minimal_size_by_fs_magic(sfs.f_type) + header_size;
2260
2261 finish:
2262 /* If we don't know the magic, go by file system name */
2263 if (disk_floor == UINT64_MAX)
2264 disk_floor = minimal_size_by_fs_name(user_record_file_system_type(h->record));
2265
2266 if (ret_disk_size)
2267 *ret_disk_size = disk_size;
2268 if (ret_disk_usage)
2269 *ret_disk_usage = disk_usage;
2270 if (ret_disk_free)
2271 *ret_disk_free = disk_free;
2272 if (ret_disk_ceiling)
2273 *ret_disk_ceiling = disk_ceiling;
2274 if (ret_disk_floor)
2275 *ret_disk_floor = disk_floor;
2276 if (ret_fstype)
2277 *ret_fstype = fstype;
2278 if (ret_access_mode)
2279 *ret_access_mode = access_mode;
2280
2281 return 0;
2282 }
2283
2284 static int home_get_disk_status_directory(
2285 Home *h,
2286 HomeState state,
2287 uint64_t *ret_disk_size,
2288 uint64_t *ret_disk_usage,
2289 uint64_t *ret_disk_free,
2290 uint64_t *ret_disk_ceiling,
2291 uint64_t *ret_disk_floor,
2292 statfs_f_type_t *ret_fstype,
2293 mode_t *ret_access_mode) {
2294
2295 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX,
2296 disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX;
2297 mode_t access_mode = MODE_INVALID;
2298 statfs_f_type_t fstype = 0;
2299 struct statfs sfs;
2300 struct dqblk req;
2301 const char *path = NULL;
2302 int r;
2303
2304 assert(h);
2305
2306 if (HOME_STATE_IS_ACTIVE(state))
2307 path = user_record_home_directory(h->record);
2308
2309 if (!path) {
2310 if (state == HOME_ABSENT)
2311 goto finish;
2312
2313 path = user_record_image_path(h->record);
2314 }
2315
2316 if (!path)
2317 goto finish;
2318
2319 if (statfs(path, &sfs) < 0)
2320 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", path);
2321 else {
2322 disk_free = sfs.f_bsize * sfs.f_bavail;
2323 disk_size = sfs.f_bsize * sfs.f_blocks;
2324
2325 /* We don't initialize disk_usage from statfs() data here, since the device is likely not used
2326 * by us alone, and disk_usage should only reflect our own use. */
2327
2328 fstype = sfs.f_type;
2329 }
2330
2331 if (IN_SET(h->record->storage, USER_CLASSIC, USER_DIRECTORY, USER_SUBVOLUME)) {
2332
2333 r = btrfs_is_subvol(path);
2334 if (r < 0)
2335 log_debug_errno(r, "Failed to determine whether %s is a btrfs subvolume: %m", path);
2336 else if (r > 0) {
2337 BtrfsQuotaInfo qi;
2338
2339 r = btrfs_subvol_get_subtree_quota(path, 0, &qi);
2340 if (r < 0)
2341 log_debug_errno(r, "Failed to query btrfs subtree quota, ignoring: %m");
2342 else {
2343 disk_usage = qi.referenced;
2344
2345 if (disk_free != UINT64_MAX) {
2346 disk_ceiling = qi.referenced + disk_free;
2347
2348 if (disk_size != UINT64_MAX && disk_ceiling > disk_size)
2349 disk_ceiling = disk_size;
2350 }
2351
2352 if (qi.referenced_max != UINT64_MAX) {
2353 if (disk_size != UINT64_MAX)
2354 disk_size = MIN(qi.referenced_max, disk_size);
2355 else
2356 disk_size = qi.referenced_max;
2357 }
2358
2359 if (disk_size != UINT64_MAX) {
2360 if (disk_size > disk_usage)
2361 disk_free = disk_size - disk_usage;
2362 else
2363 disk_free = 0;
2364 }
2365 }
2366
2367 goto finish;
2368 }
2369 }
2370
2371 if (IN_SET(h->record->storage, USER_CLASSIC, USER_DIRECTORY, USER_FSCRYPT)) {
2372 r = quotactl_path(QCMD_FIXED(Q_GETQUOTA, USRQUOTA), path, h->uid, &req);
2373 if (r < 0) {
2374 if (ERRNO_IS_NOT_SUPPORTED(r)) {
2375 log_debug_errno(r, "No UID quota support on %s.", path);
2376 goto finish;
2377 }
2378
2379 if (r != -ESRCH) {
2380 log_debug_errno(r, "Failed to query disk quota for UID " UID_FMT ": %m", h->uid);
2381 goto finish;
2382 }
2383
2384 disk_usage = 0; /* No record of this user? then nothing was used */
2385 } else {
2386 if (FLAGS_SET(req.dqb_valid, QIF_SPACE) && disk_free != UINT64_MAX) {
2387 disk_ceiling = req.dqb_curspace + disk_free;
2388
2389 if (disk_size != UINT64_MAX && disk_ceiling > disk_size)
2390 disk_ceiling = disk_size;
2391 }
2392
2393 if (FLAGS_SET(req.dqb_valid, QIF_BLIMITS)) {
2394 uint64_t q;
2395
2396 /* Take the minimum of the quota and the available disk space here */
2397 q = req.dqb_bhardlimit * QIF_DQBLKSIZE;
2398 if (disk_size != UINT64_MAX)
2399 disk_size = MIN(disk_size, q);
2400 else
2401 disk_size = q;
2402 }
2403 if (FLAGS_SET(req.dqb_valid, QIF_SPACE)) {
2404 disk_usage = req.dqb_curspace;
2405
2406 if (disk_size != UINT64_MAX) {
2407 if (disk_size > disk_usage)
2408 disk_free = disk_size - disk_usage;
2409 else
2410 disk_free = 0;
2411 }
2412 }
2413 }
2414 }
2415
2416 finish:
2417 if (ret_disk_size)
2418 *ret_disk_size = disk_size;
2419 if (ret_disk_usage)
2420 *ret_disk_usage = disk_usage;
2421 if (ret_disk_free)
2422 *ret_disk_free = disk_free;
2423 if (ret_disk_ceiling)
2424 *ret_disk_ceiling = disk_ceiling;
2425 if (ret_disk_floor)
2426 *ret_disk_floor = disk_floor;
2427 if (ret_fstype)
2428 *ret_fstype = fstype;
2429 if (ret_access_mode)
2430 *ret_access_mode = access_mode;
2431
2432 return 0;
2433 }
2434
2435 static int home_get_disk_status_internal(
2436 Home *h,
2437 HomeState state,
2438 uint64_t *ret_disk_size,
2439 uint64_t *ret_disk_usage,
2440 uint64_t *ret_disk_free,
2441 uint64_t *ret_disk_ceiling,
2442 uint64_t *ret_disk_floor,
2443 statfs_f_type_t *ret_fstype,
2444 mode_t *ret_access_mode) {
2445
2446 assert(h);
2447 assert(h->record);
2448
2449 switch (h->record->storage) {
2450
2451 case USER_LUKS:
2452 return home_get_disk_status_luks(h, state, ret_disk_size, ret_disk_usage, ret_disk_free, ret_disk_ceiling, ret_disk_floor, ret_fstype, ret_access_mode);
2453
2454 case USER_CLASSIC:
2455 case USER_DIRECTORY:
2456 case USER_SUBVOLUME:
2457 case USER_FSCRYPT:
2458 case USER_CIFS:
2459 return home_get_disk_status_directory(h, state, ret_disk_size, ret_disk_usage, ret_disk_free, ret_disk_ceiling, ret_disk_floor, ret_fstype, ret_access_mode);
2460
2461 default:
2462 /* don't know */
2463
2464 if (ret_disk_size)
2465 *ret_disk_size = UINT64_MAX;
2466 if (ret_disk_usage)
2467 *ret_disk_usage = UINT64_MAX;
2468 if (ret_disk_free)
2469 *ret_disk_free = UINT64_MAX;
2470 if (ret_disk_ceiling)
2471 *ret_disk_ceiling = UINT64_MAX;
2472 if (ret_disk_floor)
2473 *ret_disk_floor = UINT64_MAX;
2474 if (ret_fstype)
2475 *ret_fstype = 0;
2476 if (ret_access_mode)
2477 *ret_access_mode = MODE_INVALID;
2478
2479 return 0;
2480 }
2481 }
2482
2483 int home_get_disk_status(
2484 Home *h,
2485 uint64_t *ret_disk_size,
2486 uint64_t *ret_disk_usage,
2487 uint64_t *ret_disk_free,
2488 uint64_t *ret_disk_ceiling,
2489 uint64_t *ret_disk_floor,
2490 statfs_f_type_t *ret_fstype,
2491 mode_t *ret_access_mode) {
2492
2493 assert(h);
2494
2495 return home_get_disk_status_internal(
2496 h,
2497 home_get_state(h),
2498 ret_disk_size,
2499 ret_disk_usage,
2500 ret_disk_free,
2501 ret_disk_ceiling,
2502 ret_disk_floor,
2503 ret_fstype,
2504 ret_access_mode);
2505 }
2506
2507 int home_augment_status(
2508 Home *h,
2509 UserRecordLoadFlags flags,
2510 UserRecord **ret) {
2511
2512 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX, disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX;
2513 _cleanup_(json_variant_unrefp) JsonVariant *j = NULL, *v = NULL, *m = NULL, *status = NULL;
2514 _cleanup_(user_record_unrefp) UserRecord *ur = NULL;
2515 statfs_f_type_t magic;
2516 const char *fstype;
2517 mode_t access_mode;
2518 HomeState state;
2519 sd_id128_t id;
2520 int r;
2521
2522 assert(h);
2523 assert(ret);
2524
2525 /* We are supposed to add this, this can't be on hence. */
2526 assert(!FLAGS_SET(flags, USER_RECORD_STRIP_STATUS));
2527
2528 r = sd_id128_get_machine(&id);
2529 if (r < 0)
2530 return r;
2531
2532 state = home_get_state(h);
2533
2534 r = home_get_disk_status_internal(
2535 h, state,
2536 &disk_size,
2537 &disk_usage,
2538 &disk_free,
2539 &disk_ceiling,
2540 &disk_floor,
2541 &magic,
2542 &access_mode);
2543 if (r < 0)
2544 return r;
2545
2546 fstype = fs_type_to_string(magic);
2547
2548 if (disk_floor == UINT64_MAX || (disk_usage != UINT64_MAX && disk_floor < disk_usage))
2549 disk_floor = disk_usage;
2550 if (disk_floor == UINT64_MAX || disk_floor < USER_DISK_SIZE_MIN)
2551 disk_floor = USER_DISK_SIZE_MIN;
2552 if (disk_ceiling == UINT64_MAX || disk_ceiling > USER_DISK_SIZE_MAX)
2553 disk_ceiling = USER_DISK_SIZE_MAX;
2554
2555 r = json_build(&status,
2556 JSON_BUILD_OBJECT(
2557 JSON_BUILD_PAIR("state", JSON_BUILD_STRING(home_state_to_string(state))),
2558 JSON_BUILD_PAIR("service", JSON_BUILD_CONST_STRING("io.systemd.Home")),
2559 JSON_BUILD_PAIR_CONDITION(disk_size != UINT64_MAX, "diskSize", JSON_BUILD_UNSIGNED(disk_size)),
2560 JSON_BUILD_PAIR_CONDITION(disk_usage != UINT64_MAX, "diskUsage", JSON_BUILD_UNSIGNED(disk_usage)),
2561 JSON_BUILD_PAIR_CONDITION(disk_free != UINT64_MAX, "diskFree", JSON_BUILD_UNSIGNED(disk_free)),
2562 JSON_BUILD_PAIR_CONDITION(disk_ceiling != UINT64_MAX, "diskCeiling", JSON_BUILD_UNSIGNED(disk_ceiling)),
2563 JSON_BUILD_PAIR_CONDITION(disk_floor != UINT64_MAX, "diskFloor", JSON_BUILD_UNSIGNED(disk_floor)),
2564 JSON_BUILD_PAIR_CONDITION(h->signed_locally >= 0, "signedLocally", JSON_BUILD_BOOLEAN(h->signed_locally)),
2565 JSON_BUILD_PAIR_CONDITION(fstype, "fileSystemType", JSON_BUILD_STRING(fstype)),
2566 JSON_BUILD_PAIR_CONDITION(access_mode != MODE_INVALID, "accessMode", JSON_BUILD_UNSIGNED(access_mode))
2567 ));
2568 if (r < 0)
2569 return r;
2570
2571 j = json_variant_ref(h->record->json);
2572 v = json_variant_ref(json_variant_by_key(j, "status"));
2573 m = json_variant_ref(json_variant_by_key(v, SD_ID128_TO_STRING(id)));
2574
2575 r = json_variant_filter(&m, STRV_MAKE("diskSize", "diskUsage", "diskFree", "diskCeiling", "diskFloor", "signedLocally"));
2576 if (r < 0)
2577 return r;
2578
2579 r = json_variant_merge_object(&m, status);
2580 if (r < 0)
2581 return r;
2582
2583 r = json_variant_set_field(&v, SD_ID128_TO_STRING(id), m);
2584 if (r < 0)
2585 return r;
2586
2587 r = json_variant_set_field(&j, "status", v);
2588 if (r < 0)
2589 return r;
2590
2591 ur = user_record_new();
2592 if (!ur)
2593 return -ENOMEM;
2594
2595 r = user_record_load(ur, j, flags);
2596 if (r < 0)
2597 return r;
2598
2599 ur->incomplete =
2600 FLAGS_SET(h->record->mask, USER_RECORD_PRIVILEGED) &&
2601 !FLAGS_SET(ur->mask, USER_RECORD_PRIVILEGED);
2602
2603 *ret = TAKE_PTR(ur);
2604 return 0;
2605 }
2606
2607 static int on_home_ref_eof(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
2608 _cleanup_(operation_unrefp) Operation *o = NULL;
2609 Home *h = ASSERT_PTR(userdata);
2610
2611 assert(s);
2612
2613 if (h->ref_event_source_please_suspend == s)
2614 h->ref_event_source_please_suspend = sd_event_source_disable_unref(h->ref_event_source_please_suspend);
2615
2616 if (h->ref_event_source_dont_suspend == s)
2617 h->ref_event_source_dont_suspend = sd_event_source_disable_unref(h->ref_event_source_dont_suspend);
2618
2619 if (h->ref_event_source_dont_suspend || h->ref_event_source_please_suspend)
2620 return 0;
2621
2622 log_info("Got notification that all sessions of user %s ended, deactivating automatically.", h->user_name);
2623
2624 o = operation_new(OPERATION_PIPE_EOF, NULL);
2625 if (!o) {
2626 log_oom();
2627 return 0;
2628 }
2629
2630 home_schedule_operation(h, o, NULL);
2631 return 0;
2632 }
2633
2634 int home_create_fifo(Home *h, bool please_suspend) {
2635 _cleanup_close_ int ret_fd = -EBADF;
2636 sd_event_source **ss;
2637 const char *fn, *suffix;
2638 int r;
2639
2640 assert(h);
2641
2642 if (please_suspend) {
2643 suffix = ".please-suspend";
2644 ss = &h->ref_event_source_please_suspend;
2645 } else {
2646 suffix = ".dont-suspend";
2647 ss = &h->ref_event_source_dont_suspend;
2648 }
2649
2650 fn = strjoina("/run/systemd/home/", h->user_name, suffix);
2651
2652 if (!*ss) {
2653 _cleanup_close_ int ref_fd = -EBADF;
2654
2655 (void) mkdir("/run/systemd/home/", 0755);
2656 if (mkfifo(fn, 0600) < 0 && errno != EEXIST)
2657 return log_error_errno(errno, "Failed to create FIFO %s: %m", fn);
2658
2659 ref_fd = open(fn, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
2660 if (ref_fd < 0)
2661 return log_error_errno(errno, "Failed to open FIFO %s for reading: %m", fn);
2662
2663 r = sd_event_add_io(h->manager->event, ss, ref_fd, 0, on_home_ref_eof, h);
2664 if (r < 0)
2665 return log_error_errno(r, "Failed to allocate reference FIFO event source: %m");
2666
2667 (void) sd_event_source_set_description(*ss, "acquire-ref");
2668
2669 r = sd_event_source_set_priority(*ss, SD_EVENT_PRIORITY_IDLE-1);
2670 if (r < 0)
2671 return r;
2672
2673 r = sd_event_source_set_io_fd_own(*ss, true);
2674 if (r < 0)
2675 return log_error_errno(r, "Failed to pass ownership of FIFO event fd to event source: %m");
2676
2677 TAKE_FD(ref_fd);
2678 }
2679
2680 ret_fd = open(fn, O_WRONLY|O_CLOEXEC|O_NONBLOCK);
2681 if (ret_fd < 0)
2682 return log_error_errno(errno, "Failed to open FIFO %s for writing: %m", fn);
2683
2684 return TAKE_FD(ret_fd);
2685 }
2686
2687 static int home_dispatch_acquire(Home *h, Operation *o) {
2688 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2689 int (*call)(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) = NULL;
2690 HomeState for_state;
2691 int r;
2692
2693 assert(h);
2694 assert(o);
2695 assert(o->type == OPERATION_ACQUIRE);
2696
2697 switch (home_get_state(h)) {
2698
2699 case HOME_UNFIXATED:
2700 for_state = HOME_FIXATING_FOR_ACQUIRE;
2701 call = home_fixate_internal;
2702 break;
2703
2704 case HOME_ABSENT:
2705 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_ABSENT,
2706 "Home %s is currently missing or not plugged in.", h->user_name);
2707 goto check;
2708
2709 case HOME_INACTIVE:
2710 case HOME_DIRTY:
2711 for_state = HOME_ACTIVATING_FOR_ACQUIRE;
2712 call = home_activate_internal;
2713 break;
2714
2715 case HOME_ACTIVE:
2716 case HOME_LINGERING:
2717 for_state = HOME_AUTHENTICATING_FOR_ACQUIRE;
2718 call = home_authenticate_internal;
2719 break;
2720
2721 case HOME_LOCKED:
2722 for_state = HOME_UNLOCKING_FOR_ACQUIRE;
2723 call = home_unlock_internal;
2724 break;
2725
2726 default:
2727 /* All other cases means we are currently executing an operation, which means the job remains
2728 * pending. */
2729 return 0;
2730 }
2731
2732 assert(!h->current_operation);
2733
2734 r = home_ratelimit(h, &error);
2735 if (r >= 0)
2736 r = call(h, o->secret, for_state, &error);
2737
2738 check:
2739 if (r != 0) /* failure or completed */
2740 operation_result(o, r, &error);
2741 else /* ongoing */
2742 h->current_operation = operation_ref(o);
2743
2744 return 1;
2745 }
2746
2747 static int home_dispatch_release(Home *h, Operation *o) {
2748 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2749 int r;
2750
2751 assert(h);
2752 assert(o);
2753 assert(o->type == OPERATION_RELEASE);
2754
2755 if (h->ref_event_source_dont_suspend || h->ref_event_source_please_suspend)
2756 /* If there's now a reference again, then let's abort the release attempt */
2757 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_BUSY, "Home %s is currently referenced.", h->user_name);
2758 else {
2759 switch (home_get_state(h)) {
2760
2761 case HOME_UNFIXATED:
2762 case HOME_ABSENT:
2763 case HOME_INACTIVE:
2764 case HOME_DIRTY:
2765 r = 1; /* done */
2766 break;
2767
2768 case HOME_LOCKED:
2769 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
2770 break;
2771
2772 case HOME_ACTIVE:
2773 case HOME_LINGERING:
2774 r = home_deactivate_internal(h, false, &error);
2775 break;
2776
2777 default:
2778 /* All other cases means we are currently executing an operation, which means the job remains
2779 * pending. */
2780 return 0;
2781 }
2782 }
2783
2784 assert(!h->current_operation);
2785
2786 if (r != 0) /* failure or completed */
2787 operation_result(o, r, &error);
2788 else /* ongoing */
2789 h->current_operation = operation_ref(o);
2790
2791 return 1;
2792 }
2793
2794 static int home_dispatch_lock_all(Home *h, Operation *o) {
2795 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2796 int r;
2797
2798 assert(h);
2799 assert(o);
2800 assert(o->type == OPERATION_LOCK_ALL);
2801
2802 switch (home_get_state(h)) {
2803
2804 case HOME_UNFIXATED:
2805 case HOME_ABSENT:
2806 case HOME_INACTIVE:
2807 case HOME_DIRTY:
2808 log_info("Home %s is not active, no locking necessary.", h->user_name);
2809 r = 1; /* done */
2810 break;
2811
2812 case HOME_LOCKED:
2813 log_info("Home %s is already locked.", h->user_name);
2814 r = 1; /* done */
2815 break;
2816
2817 case HOME_ACTIVE:
2818 case HOME_LINGERING:
2819 log_info("Locking home %s.", h->user_name);
2820 r = home_lock(h, &error);
2821 break;
2822
2823 default:
2824 /* All other cases means we are currently executing an operation, which means the job remains
2825 * pending. */
2826 return 0;
2827 }
2828
2829 assert(!h->current_operation);
2830
2831 if (r != 0) /* failure or completed */
2832 operation_result(o, r, &error);
2833 else /* ongoing */
2834 h->current_operation = operation_ref(o);
2835
2836 return 1;
2837 }
2838
2839 static int home_dispatch_deactivate_all(Home *h, Operation *o) {
2840 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2841 int r;
2842
2843 assert(h);
2844 assert(o);
2845 assert(o->type == OPERATION_DEACTIVATE_ALL);
2846
2847 switch (home_get_state(h)) {
2848
2849 case HOME_UNFIXATED:
2850 case HOME_ABSENT:
2851 case HOME_INACTIVE:
2852 case HOME_DIRTY:
2853 log_info("Home %s is already deactivated.", h->user_name);
2854 r = 1; /* done */
2855 break;
2856
2857 case HOME_LOCKED:
2858 log_info("Home %s is currently locked, not deactivating.", h->user_name);
2859 r = 1; /* done */
2860 break;
2861
2862 case HOME_ACTIVE:
2863 case HOME_LINGERING:
2864 log_info("Deactivating home %s.", h->user_name);
2865 r = home_deactivate_internal(h, false, &error);
2866 break;
2867
2868 default:
2869 /* All other cases means we are currently executing an operation, which means the job remains
2870 * pending. */
2871 return 0;
2872 }
2873
2874 assert(!h->current_operation);
2875
2876 if (r != 0) /* failure or completed */
2877 operation_result(o, r, &error);
2878 else /* ongoing */
2879 h->current_operation = operation_ref(o);
2880
2881 return 1;
2882 }
2883
2884 static int home_dispatch_pipe_eof(Home *h, Operation *o) {
2885 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2886 int r;
2887
2888 assert(h);
2889 assert(o);
2890 assert(o->type == OPERATION_PIPE_EOF);
2891
2892 if (h->ref_event_source_please_suspend || h->ref_event_source_dont_suspend)
2893 return 1; /* Hmm, there's a reference again, let's cancel this */
2894
2895 switch (home_get_state(h)) {
2896
2897 case HOME_UNFIXATED:
2898 case HOME_ABSENT:
2899 case HOME_INACTIVE:
2900 case HOME_DIRTY:
2901 log_info("Home %s already deactivated, no automatic deactivation needed.", h->user_name);
2902 break;
2903
2904 case HOME_DEACTIVATING:
2905 log_info("Home %s is already being deactivated, automatic deactivated unnecessary.", h->user_name);
2906 break;
2907
2908 case HOME_ACTIVE:
2909 case HOME_LINGERING:
2910 r = home_deactivate_internal(h, false, &error);
2911 if (r < 0)
2912 log_warning_errno(r, "Failed to deactivate %s, ignoring: %s", h->user_name, bus_error_message(&error, r));
2913 break;
2914
2915 case HOME_LOCKED:
2916 default:
2917 /* If the device is locked or any operation is being executed, let's leave this pending */
2918 return 0;
2919 }
2920
2921 /* Note that we don't call operation_fail() or operation_success() here, because this kind of
2922 * operation has no message associated with it, and thus there's no need to propagate success. */
2923
2924 assert(!o->message);
2925 return 1;
2926 }
2927
2928 static int home_dispatch_deactivate_force(Home *h, Operation *o) {
2929 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2930 int r;
2931
2932 assert(h);
2933 assert(o);
2934 assert(o->type == OPERATION_DEACTIVATE_FORCE);
2935
2936 switch (home_get_state(h)) {
2937
2938 case HOME_UNFIXATED:
2939 case HOME_ABSENT:
2940 case HOME_INACTIVE:
2941 case HOME_DIRTY:
2942 log_debug("Home %s already deactivated, no forced deactivation due to unplug needed.", h->user_name);
2943 break;
2944
2945 case HOME_DEACTIVATING:
2946 log_debug("Home %s is already being deactivated, forced deactivation due to unplug unnecessary.", h->user_name);
2947 break;
2948
2949 case HOME_ACTIVE:
2950 case HOME_LOCKED:
2951 case HOME_LINGERING:
2952 r = home_deactivate_internal(h, true, &error);
2953 if (r < 0)
2954 log_warning_errno(r, "Failed to forcibly deactivate %s, ignoring: %s", h->user_name, bus_error_message(&error, r));
2955 break;
2956
2957 default:
2958 /* If any operation is being executed, let's leave this pending */
2959 return 0;
2960 }
2961
2962 /* Note that we don't call operation_fail() or operation_success() here, because this kind of
2963 * operation has no message associated with it, and thus there's no need to propagate success. */
2964
2965 assert(!o->message);
2966 return 1;
2967 }
2968
2969 static int on_pending(sd_event_source *s, void *userdata) {
2970 Home *h = ASSERT_PTR(userdata);
2971 Operation *o;
2972 int r;
2973
2974 assert(s);
2975
2976 o = ordered_set_first(h->pending_operations);
2977 if (o) {
2978 static int (* const operation_table[_OPERATION_MAX])(Home *h, Operation *o) = {
2979 [OPERATION_ACQUIRE] = home_dispatch_acquire,
2980 [OPERATION_RELEASE] = home_dispatch_release,
2981 [OPERATION_LOCK_ALL] = home_dispatch_lock_all,
2982 [OPERATION_DEACTIVATE_ALL] = home_dispatch_deactivate_all,
2983 [OPERATION_PIPE_EOF] = home_dispatch_pipe_eof,
2984 [OPERATION_DEACTIVATE_FORCE] = home_dispatch_deactivate_force,
2985 };
2986
2987 assert(operation_table[o->type]);
2988 r = operation_table[o->type](h, o);
2989 if (r != 0) {
2990 /* The operation completed, let's remove it from the pending list, and exit while
2991 * leaving the event source enabled as it is. */
2992 assert_se(ordered_set_remove(h->pending_operations, o) == o);
2993 operation_unref(o);
2994 return 0;
2995 }
2996 }
2997
2998 /* Nothing to do anymore, let's turn off this event source */
2999 r = sd_event_source_set_enabled(s, SD_EVENT_OFF);
3000 if (r < 0)
3001 return log_error_errno(r, "Failed to disable event source: %m");
3002
3003 /* No operations pending anymore, maybe this is a good time to trigger a rebalancing */
3004 manager_reschedule_rebalance(h->manager);
3005 return 0;
3006 }
3007
3008 int home_schedule_operation(Home *h, Operation *o, sd_bus_error *error) {
3009 int r;
3010
3011 assert(h);
3012
3013 if (o) {
3014 if (ordered_set_size(h->pending_operations) >= PENDING_OPERATIONS_MAX)
3015 return sd_bus_error_set(error, BUS_ERROR_TOO_MANY_OPERATIONS, "Too many client operations requested");
3016
3017 r = ordered_set_ensure_put(&h->pending_operations, &operation_hash_ops, o);
3018 if (r < 0)
3019 return r;
3020
3021 operation_ref(o);
3022 }
3023
3024 if (!h->pending_event_source) {
3025 r = sd_event_add_defer(h->manager->event, &h->pending_event_source, on_pending, h);
3026 if (r < 0)
3027 return log_error_errno(r, "Failed to allocate pending defer event source: %m");
3028
3029 (void) sd_event_source_set_description(h->pending_event_source, "pending");
3030
3031 r = sd_event_source_set_priority(h->pending_event_source, SD_EVENT_PRIORITY_IDLE);
3032 if (r < 0)
3033 return r;
3034 }
3035
3036 r = sd_event_source_set_enabled(h->pending_event_source, SD_EVENT_ON);
3037 if (r < 0)
3038 return log_error_errno(r, "Failed to trigger pending event source: %m");
3039
3040 return 0;
3041 }
3042
3043 static int home_get_image_path_seat(Home *h, char **ret) {
3044 _cleanup_(sd_device_unrefp) sd_device *d = NULL;
3045 _cleanup_free_ char *c = NULL;
3046 const char *ip, *seat;
3047 struct stat st;
3048 int r;
3049
3050 assert(h);
3051
3052 if (user_record_storage(h->record) != USER_LUKS)
3053 return -ENXIO;
3054
3055 ip = user_record_image_path(h->record);
3056 if (!ip)
3057 return -ENXIO;
3058
3059 if (!path_startswith(ip, "/dev/"))
3060 return -ENXIO;
3061
3062 if (stat(ip, &st) < 0)
3063 return -errno;
3064
3065 if (!S_ISBLK(st.st_mode))
3066 return -ENOTBLK;
3067
3068 r = sd_device_new_from_stat_rdev(&d, &st);
3069 if (r < 0)
3070 return r;
3071
3072 r = sd_device_get_property_value(d, "ID_SEAT", &seat);
3073 if (r == -ENOENT) /* no property means seat0 */
3074 seat = "seat0";
3075 else if (r < 0)
3076 return r;
3077
3078 c = strdup(seat);
3079 if (!c)
3080 return -ENOMEM;
3081
3082 *ret = TAKE_PTR(c);
3083 return 0;
3084 }
3085
3086 int home_auto_login(Home *h, char ***ret_seats) {
3087 _cleanup_free_ char *seat = NULL, *seat2 = NULL;
3088
3089 assert(h);
3090 assert(ret_seats);
3091
3092 (void) home_get_image_path_seat(h, &seat);
3093
3094 if (h->record->auto_login > 0 && !streq_ptr(seat, "seat0")) {
3095 /* For now, when the auto-login boolean is set for a user, let's make it mean
3096 * "seat0". Eventually we can extend the concept and allow configuration of any kind of seat,
3097 * but let's keep simple initially, most likely the feature is interesting on single-user
3098 * systems anyway, only.
3099 *
3100 * We filter out users marked for auto-login in we know for sure their home directory is
3101 * absent. */
3102
3103 if (user_record_test_image_path(h->record) != USER_TEST_ABSENT) {
3104 seat2 = strdup("seat0");
3105 if (!seat2)
3106 return -ENOMEM;
3107 }
3108 }
3109
3110 if (seat || seat2) {
3111 _cleanup_strv_free_ char **list = NULL;
3112 size_t i = 0;
3113
3114 list = new(char*, 3);
3115 if (!list)
3116 return -ENOMEM;
3117
3118 if (seat)
3119 list[i++] = TAKE_PTR(seat);
3120 if (seat2)
3121 list[i++] = TAKE_PTR(seat2);
3122
3123 list[i] = NULL;
3124 *ret_seats = TAKE_PTR(list);
3125 return 1;
3126 }
3127
3128 *ret_seats = NULL;
3129 return 0;
3130 }
3131
3132 int home_set_current_message(Home *h, sd_bus_message *m) {
3133 assert(h);
3134
3135 if (!m)
3136 return 0;
3137
3138 if (h->current_operation)
3139 return -EBUSY;
3140
3141 h->current_operation = operation_new(OPERATION_IMMEDIATE, m);
3142 if (!h->current_operation)
3143 return -ENOMEM;
3144
3145 return 1;
3146 }
3147
3148 int home_wait_for_worker(Home *h) {
3149 int r;
3150
3151 assert(h);
3152
3153 if (h->worker_pid <= 0)
3154 return 0;
3155
3156 log_info("Worker process for home %s is still running while exiting. Waiting for it to finish.", h->user_name);
3157
3158 r = wait_for_terminate_with_timeout(h->worker_pid, 30 * USEC_PER_SEC);
3159 if (r == -ETIMEDOUT)
3160 log_warning_errno(r, "Waiting for worker process for home %s timed out. Ignoring.", h->user_name);
3161 else if (r < 0)
3162 log_warning_errno(r, "Failed to wait for worker process for home %s. Ignoring.", h->user_name);
3163
3164 (void) hashmap_remove_value(h->manager->homes_by_worker_pid, PID_TO_PTR(h->worker_pid), h);
3165 h->worker_pid = 0;
3166 return 1;
3167 }
3168
3169 bool home_shall_rebalance(Home *h) {
3170 HomeState state;
3171
3172 assert(h);
3173
3174 /* Determines if the home directory is a candidate for rebalancing */
3175
3176 if (!user_record_shall_rebalance(h->record))
3177 return false;
3178
3179 state = home_get_state(h);
3180 if (!HOME_STATE_SHALL_REBALANCE(state))
3181 return false;
3182
3183 return true;
3184 }
3185
3186 bool home_is_busy(Home *h) {
3187 assert(h);
3188
3189 if (h->current_operation)
3190 return true;
3191
3192 if (!ordered_set_isempty(h->pending_operations))
3193 return true;
3194
3195 return HOME_STATE_IS_EXECUTING_OPERATION(home_get_state(h));
3196 }
3197
3198 static const char* const home_state_table[_HOME_STATE_MAX] = {
3199 [HOME_UNFIXATED] = "unfixated",
3200 [HOME_ABSENT] = "absent",
3201 [HOME_INACTIVE] = "inactive",
3202 [HOME_DIRTY] = "dirty",
3203 [HOME_FIXATING] = "fixating",
3204 [HOME_FIXATING_FOR_ACTIVATION] = "fixating-for-activation",
3205 [HOME_FIXATING_FOR_ACQUIRE] = "fixating-for-acquire",
3206 [HOME_ACTIVATING] = "activating",
3207 [HOME_ACTIVATING_FOR_ACQUIRE] = "activating-for-acquire",
3208 [HOME_DEACTIVATING] = "deactivating",
3209 [HOME_ACTIVE] = "active",
3210 [HOME_LINGERING] = "lingering",
3211 [HOME_LOCKING] = "locking",
3212 [HOME_LOCKED] = "locked",
3213 [HOME_UNLOCKING] = "unlocking",
3214 [HOME_UNLOCKING_FOR_ACQUIRE] = "unlocking-for-acquire",
3215 [HOME_CREATING] = "creating",
3216 [HOME_REMOVING] = "removing",
3217 [HOME_UPDATING] = "updating",
3218 [HOME_UPDATING_WHILE_ACTIVE] = "updating-while-active",
3219 [HOME_RESIZING] = "resizing",
3220 [HOME_RESIZING_WHILE_ACTIVE] = "resizing-while-active",
3221 [HOME_PASSWD] = "passwd",
3222 [HOME_PASSWD_WHILE_ACTIVE] = "passwd-while-active",
3223 [HOME_AUTHENTICATING] = "authenticating",
3224 [HOME_AUTHENTICATING_WHILE_ACTIVE] = "authenticating-while-active",
3225 [HOME_AUTHENTICATING_FOR_ACQUIRE] = "authenticating-for-acquire",
3226 };
3227
3228 DEFINE_STRING_TABLE_LOOKUP(home_state, HomeState);
Unnamed repository; edit this file 'description' to name the repository.