]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/home/homed-home.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #26528 from keszybz/valgrind-simplification
[thirdparty/systemd.git] / src / home / homed-home.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #if HAVE_LINUX_MEMFD_H
4 #include <linux/memfd.h>
5 #endif
6
7 #include <sys/mman.h>
8 #include <sys/quota.h>
9 #include <sys/vfs.h>
10
11 #include "blockdev-util.h"
12 #include "btrfs-util.h"
13 #include "bus-common-errors.h"
14 #include "data-fd-util.h"
15 #include "env-util.h"
16 #include "errno-list.h"
17 #include "errno-util.h"
18 #include "fd-util.h"
19 #include "fileio.h"
20 #include "filesystems.h"
21 #include "fs-util.h"
22 #include "glyph-util.h"
23 #include "home-util.h"
24 #include "homed-home-bus.h"
25 #include "homed-home.h"
26 #include "missing_magic.h"
27 #include "missing_syscall.h"
28 #include "mkdir.h"
29 #include "path-util.h"
30 #include "process-util.h"
31 #include "pwquality-util.h"
32 #include "quota-util.h"
33 #include "resize-fs.h"
34 #include "set.h"
35 #include "signal-util.h"
36 #include "stat-util.h"
37 #include "string-table.h"
38 #include "strv.h"
39 #include "uid-alloc-range.h"
40 #include "user-record-pwquality.h"
41 #include "user-record-sign.h"
42 #include "user-record-util.h"
43 #include "user-record.h"
44 #include "user-util.h"
45
46 /* Retry to deactivate home directories again and again every 15s until it works */
47 #define RETRY_DEACTIVATE_USEC (15U * USEC_PER_SEC)
48
49 #define HOME_USERS_MAX 500
50 #define PENDING_OPERATIONS_MAX 100
51
52 assert_cc(HOME_UID_MIN <= HOME_UID_MAX);
53 assert_cc(HOME_USERS_MAX <= (HOME_UID_MAX - HOME_UID_MIN + 1));
54
55 static int home_start_work(Home *h, const char *verb, UserRecord *hr, UserRecord *secret);
56
57 DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(operation_hash_ops, void, trivial_hash_func, trivial_compare_func, Operation, operation_unref);
58
59 static int suitable_home_record(UserRecord *hr) {
60 int r;
61
62 assert(hr);
63
64 if (!hr->user_name)
65 return -EUNATCH;
66
67 /* We are a bit more restrictive with what we accept as homed-managed user than what we accept in
68 * home records in general. Let's enforce the stricter rule here. */
69 if (!suitable_user_name(hr->user_name))
70 return -EINVAL;
71 if (!uid_is_valid(hr->uid))
72 return -EINVAL;
73
74 /* Insist we are outside of the dynamic and system range */
75 if (uid_is_system(hr->uid) || gid_is_system(user_record_gid(hr)) ||
76 uid_is_dynamic(hr->uid) || gid_is_dynamic(user_record_gid(hr)))
77 return -EADDRNOTAVAIL;
78
79 /* Insist that GID and UID match */
80 if (user_record_gid(hr) != (gid_t) hr->uid)
81 return -EBADSLT;
82
83 /* Similar for the realm */
84 if (hr->realm) {
85 r = suitable_realm(hr->realm);
86 if (r < 0)
87 return r;
88 if (r == 0)
89 return -EINVAL;
90 }
91
92 return 0;
93 }
94
95 int home_new(Manager *m, UserRecord *hr, const char *sysfs, Home **ret) {
96 _cleanup_(home_freep) Home *home = NULL;
97 _cleanup_free_ char *nm = NULL, *ns = NULL;
98 int r;
99
100 assert(m);
101 assert(hr);
102
103 r = suitable_home_record(hr);
104 if (r < 0)
105 return r;
106
107 if (hashmap_contains(m->homes_by_name, hr->user_name))
108 return -EBUSY;
109
110 if (hashmap_contains(m->homes_by_uid, UID_TO_PTR(hr->uid)))
111 return -EBUSY;
112
113 if (sysfs && hashmap_contains(m->homes_by_sysfs, sysfs))
114 return -EBUSY;
115
116 if (hashmap_size(m->homes_by_name) >= HOME_USERS_MAX)
117 return -EUSERS;
118
119 nm = strdup(hr->user_name);
120 if (!nm)
121 return -ENOMEM;
122
123 if (sysfs) {
124 ns = strdup(sysfs);
125 if (!ns)
126 return -ENOMEM;
127 }
128
129 home = new(Home, 1);
130 if (!home)
131 return -ENOMEM;
132
133 *home = (Home) {
134 .manager = m,
135 .user_name = TAKE_PTR(nm),
136 .uid = hr->uid,
137 .state = _HOME_STATE_INVALID,
138 .worker_stdout_fd = -EBADF,
139 .sysfs = TAKE_PTR(ns),
140 .signed_locally = -1,
141 .pin_fd = -EBADF,
142 .luks_lock_fd = -EBADF,
143 };
144
145 r = hashmap_put(m->homes_by_name, home->user_name, home);
146 if (r < 0)
147 return r;
148
149 r = hashmap_put(m->homes_by_uid, UID_TO_PTR(home->uid), home);
150 if (r < 0)
151 return r;
152
153 if (home->sysfs) {
154 r = hashmap_put(m->homes_by_sysfs, home->sysfs, home);
155 if (r < 0)
156 return r;
157 }
158
159 r = user_record_clone(hr, USER_RECORD_LOAD_MASK_SECRET|USER_RECORD_PERMISSIVE, &home->record);
160 if (r < 0)
161 return r;
162
163 (void) bus_manager_emit_auto_login_changed(m);
164 (void) bus_home_emit_change(home);
165 (void) manager_schedule_rebalance(m, /* immediately= */ false);
166
167 if (ret)
168 *ret = TAKE_PTR(home);
169 else
170 TAKE_PTR(home);
171
172 return 0;
173 }
174
175 Home *home_free(Home *h) {
176
177 if (!h)
178 return NULL;
179
180 if (h->manager) {
181 (void) bus_home_emit_remove(h);
182 (void) bus_manager_emit_auto_login_changed(h->manager);
183
184 if (h->user_name)
185 (void) hashmap_remove_value(h->manager->homes_by_name, h->user_name, h);
186
187 if (uid_is_valid(h->uid))
188 (void) hashmap_remove_value(h->manager->homes_by_uid, UID_TO_PTR(h->uid), h);
189
190 if (h->sysfs)
191 (void) hashmap_remove_value(h->manager->homes_by_sysfs, h->sysfs, h);
192
193 if (h->worker_pid > 0)
194 (void) hashmap_remove_value(h->manager->homes_by_worker_pid, PID_TO_PTR(h->worker_pid), h);
195
196 if (h->manager->gc_focus == h)
197 h->manager->gc_focus = NULL;
198
199 (void) manager_schedule_rebalance(h->manager, /* immediately= */ false);
200 }
201
202 user_record_unref(h->record);
203 user_record_unref(h->secret);
204
205 h->worker_event_source = sd_event_source_disable_unref(h->worker_event_source);
206 safe_close(h->worker_stdout_fd);
207 free(h->user_name);
208 free(h->sysfs);
209
210 h->ref_event_source_please_suspend = sd_event_source_disable_unref(h->ref_event_source_please_suspend);
211 h->ref_event_source_dont_suspend = sd_event_source_disable_unref(h->ref_event_source_dont_suspend);
212
213 h->pending_operations = ordered_set_free(h->pending_operations);
214 h->pending_event_source = sd_event_source_disable_unref(h->pending_event_source);
215 h->deferred_change_event_source = sd_event_source_disable_unref(h->deferred_change_event_source);
216
217 h->current_operation = operation_unref(h->current_operation);
218
219 safe_close(h->pin_fd);
220 safe_close(h->luks_lock_fd);
221
222 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
223
224 return mfree(h);
225 }
226
227 int home_set_record(Home *h, UserRecord *hr) {
228 _cleanup_(user_record_unrefp) UserRecord *new_hr = NULL;
229 Home *other;
230 int r;
231
232 assert(h);
233 assert(h->user_name);
234 assert(h->record);
235 assert(hr);
236
237 if (user_record_equal(h->record, hr))
238 return 0;
239
240 r = suitable_home_record(hr);
241 if (r < 0)
242 return r;
243
244 if (!user_record_compatible(h->record, hr))
245 return -EREMCHG;
246
247 if (!FLAGS_SET(hr->mask, USER_RECORD_REGULAR) ||
248 FLAGS_SET(hr->mask, USER_RECORD_SECRET))
249 return -EINVAL;
250
251 if (FLAGS_SET(h->record->mask, USER_RECORD_STATUS)) {
252 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
253
254 /* Hmm, the existing record has status fields? If so, copy them over */
255
256 v = json_variant_ref(hr->json);
257 r = json_variant_set_field(&v, "status", json_variant_by_key(h->record->json, "status"));
258 if (r < 0)
259 return r;
260
261 new_hr = user_record_new();
262 if (!new_hr)
263 return -ENOMEM;
264
265 r = user_record_load(new_hr, v, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE);
266 if (r < 0)
267 return r;
268
269 hr = new_hr;
270 }
271
272 other = hashmap_get(h->manager->homes_by_uid, UID_TO_PTR(hr->uid));
273 if (other && other != h)
274 return -EBUSY;
275
276 if (h->uid != hr->uid) {
277 r = hashmap_remove_and_replace(h->manager->homes_by_uid, UID_TO_PTR(h->uid), UID_TO_PTR(hr->uid), h);
278 if (r < 0)
279 return r;
280 }
281
282 user_record_unref(h->record);
283 h->record = user_record_ref(hr);
284 h->uid = h->record->uid;
285
286 /* The updated record might have a different autologin setting, trigger a PropertiesChanged event for it */
287 (void) bus_manager_emit_auto_login_changed(h->manager);
288 (void) bus_home_emit_change(h);
289
290 return 0;
291 }
292
293 int home_save_record(Home *h) {
294 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
295 _cleanup_free_ char *text = NULL;
296 const char *fn;
297 int r;
298
299 assert(h);
300
301 v = json_variant_ref(h->record->json);
302 r = json_variant_normalize(&v);
303 if (r < 0)
304 log_warning_errno(r, "User record could not be normalized.");
305
306 r = json_variant_format(v, JSON_FORMAT_PRETTY|JSON_FORMAT_NEWLINE, &text);
307 if (r < 0)
308 return r;
309
310 (void) mkdir("/var/lib/systemd/", 0755);
311 (void) mkdir(home_record_dir(), 0700);
312
313 fn = strjoina(home_record_dir(), "/", h->user_name, ".identity");
314
315 r = write_string_file(fn, text, WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_MODE_0600|WRITE_STRING_FILE_SYNC);
316 if (r < 0)
317 return r;
318
319 return 0;
320 }
321
322 int home_unlink_record(Home *h) {
323 const char *fn;
324
325 assert(h);
326
327 fn = strjoina(home_record_dir(), "/", h->user_name, ".identity");
328 if (unlink(fn) < 0 && errno != ENOENT)
329 return -errno;
330
331 fn = strjoina("/run/systemd/home/", h->user_name, ".ref");
332 if (unlink(fn) < 0 && errno != ENOENT)
333 return -errno;
334
335 return 0;
336 }
337
338 static void home_unpin(Home *h) {
339 assert(h);
340
341 if (h->pin_fd < 0)
342 return;
343
344 h->pin_fd = safe_close(h->pin_fd);
345 log_debug("Successfully closed pin fd on home for %s.", h->user_name);
346 }
347
348 static void home_pin(Home *h) {
349 const char *path;
350
351 assert(h);
352
353 if (h->pin_fd >= 0) /* Already pinned? */
354 return;
355
356 path = user_record_home_directory(h->record);
357 if (!path) {
358 log_warning("No home directory path to pin for %s, ignoring.", h->user_name);
359 return;
360 }
361
362 h->pin_fd = open(path, O_RDONLY|O_DIRECTORY|O_CLOEXEC);
363 if (h->pin_fd < 0) {
364 log_warning_errno(errno, "Couldn't open home directory '%s' for pinning, ignoring: %m", path);
365 return;
366 }
367
368 log_debug("Successfully pinned home directory '%s'.", path);
369 }
370
371 static void home_update_pin_fd(Home *h, HomeState state) {
372 assert(h);
373
374 if (state < 0)
375 state = home_get_state(h);
376
377 return HOME_STATE_SHALL_PIN(state) ? home_pin(h) : home_unpin(h);
378 }
379
380 static void home_maybe_close_luks_lock_fd(Home *h, HomeState state) {
381 assert(h);
382
383 if (h->luks_lock_fd < 0)
384 return;
385
386 if (state < 0)
387 state = home_get_state(h);
388
389 /* Keep the lock as long as the home dir is active or has some operation going */
390 if (HOME_STATE_IS_EXECUTING_OPERATION(state) || HOME_STATE_IS_ACTIVE(state) || state == HOME_LOCKED)
391 return;
392
393 h->luks_lock_fd = safe_close(h->luks_lock_fd);
394 log_debug("Successfully closed LUKS backing file lock for %s.", h->user_name);
395 }
396
397 static void home_maybe_stop_retry_deactivate(Home *h, HomeState state) {
398 assert(h);
399
400 /* Free the deactivation retry event source if we won't need it anymore. Specifically, we'll free the
401 * event source whenever the home directory is already deactivated (and we thus where successful) or
402 * if we start executing an operation that indicates that the home directory is going to be used or
403 * operated on again. Also, if the home is referenced again stop the timer */
404
405 if (HOME_STATE_MAY_RETRY_DEACTIVATE(state) &&
406 !h->ref_event_source_dont_suspend &&
407 !h->ref_event_source_please_suspend)
408 return;
409
410 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
411 }
412
413 static int home_deactivate_internal(Home *h, bool force, sd_bus_error *error);
414 static void home_start_retry_deactivate(Home *h);
415
416 static int home_on_retry_deactivate(sd_event_source *s, uint64_t usec, void *userdata) {
417 Home *h = ASSERT_PTR(userdata);
418 HomeState state;
419
420 assert(s);
421
422 /* 15s after the last attempt to deactivate the home directory passed. Let's try it one more time. */
423
424 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
425
426 state = home_get_state(h);
427 if (!HOME_STATE_MAY_RETRY_DEACTIVATE(state))
428 return 0;
429
430 if (IN_SET(state, HOME_ACTIVE, HOME_LINGERING)) {
431 log_info("Again trying to deactivate home directory.");
432
433 /* If we are not executing any operation, let's start deactivating now. Note that this will
434 * restart our timer again, we are gonna be called again if this doesn't work. */
435 (void) home_deactivate_internal(h, /* force= */ false, NULL);
436 } else
437 /* if we are executing an operation (specifically, area already running a deactivation
438 * operation), then simply reque the timer, so that we retry again. */
439 home_start_retry_deactivate(h);
440
441 return 0;
442 }
443
444 static void home_start_retry_deactivate(Home *h) {
445 int r;
446
447 assert(h);
448 assert(h->manager);
449
450 /* Already allocated? */
451 if (h->retry_deactivate_event_source)
452 return;
453
454 /* If the home directory is being used now don't start the timer */
455 if (h->ref_event_source_dont_suspend || h->ref_event_source_please_suspend)
456 return;
457
458 r = sd_event_add_time_relative(
459 h->manager->event,
460 &h->retry_deactivate_event_source,
461 CLOCK_MONOTONIC,
462 RETRY_DEACTIVATE_USEC,
463 1*USEC_PER_MINUTE,
464 home_on_retry_deactivate,
465 h);
466 if (r < 0)
467 return (void) log_warning_errno(r, "Failed to install retry-deactivate event source, ignoring: %m");
468
469 (void) sd_event_source_set_description(h->retry_deactivate_event_source, "retry-deactivate");
470 }
471
472 static void home_set_state(Home *h, HomeState state) {
473 HomeState old_state, new_state;
474
475 assert(h);
476
477 old_state = home_get_state(h);
478 h->state = state;
479 new_state = home_get_state(h); /* Query the new state, since the 'state' variable might be set to -1,
480 * in which case we synthesize an high-level state on demand */
481
482 log_info("%s: changing state %s %s %s", h->user_name,
483 home_state_to_string(old_state),
484 special_glyph(SPECIAL_GLYPH_ARROW_RIGHT),
485 home_state_to_string(new_state));
486
487 home_update_pin_fd(h, new_state);
488 home_maybe_close_luks_lock_fd(h, new_state);
489 home_maybe_stop_retry_deactivate(h, new_state);
490
491 if (HOME_STATE_IS_EXECUTING_OPERATION(old_state) && !HOME_STATE_IS_EXECUTING_OPERATION(new_state)) {
492 /* If we just finished executing some operation, process the queue of pending operations. And
493 * enqueue it for GC too. */
494
495 home_schedule_operation(h, NULL, NULL);
496 manager_reschedule_rebalance(h->manager);
497 manager_enqueue_gc(h->manager, h);
498 }
499 }
500
501 static int home_parse_worker_stdout(int _fd, UserRecord **ret) {
502 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
503 _cleanup_close_ int fd = _fd; /* take possession, even on failure */
504 _cleanup_(user_record_unrefp) UserRecord *hr = NULL;
505 _cleanup_fclose_ FILE *f = NULL;
506 unsigned line, column;
507 struct stat st;
508 int r;
509
510 if (fstat(fd, &st) < 0)
511 return log_error_errno(errno, "Failed to stat stdout fd: %m");
512
513 assert(S_ISREG(st.st_mode));
514
515 if (st.st_size == 0) { /* empty record */
516 *ret = NULL;
517 return 0;
518 }
519
520 if (lseek(fd, SEEK_SET, 0) == (off_t) -1)
521 return log_error_errno(errno, "Failed to seek to beginning of memfd: %m");
522
523 f = take_fdopen(&fd, "r");
524 if (!f)
525 return log_error_errno(errno, "Failed to reopen memfd: %m");
526
527 if (DEBUG_LOGGING) {
528 _cleanup_free_ char *text = NULL;
529
530 r = read_full_stream(f, &text, NULL);
531 if (r < 0)
532 return log_error_errno(r, "Failed to read from client: %m");
533
534 log_debug("Got from worker: %s", text);
535 rewind(f);
536 }
537
538 r = json_parse_file(f, "stdout", JSON_PARSE_SENSITIVE, &v, &line, &column);
539 if (r < 0)
540 return log_error_errno(r, "Failed to parse identity at %u:%u: %m", line, column);
541
542 hr = user_record_new();
543 if (!hr)
544 return log_oom();
545
546 r = user_record_load(hr, v, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE);
547 if (r < 0)
548 return log_error_errno(r, "Failed to load home record identity: %m");
549
550 *ret = TAKE_PTR(hr);
551 return 1;
552 }
553
554 static int home_verify_user_record(Home *h, UserRecord *hr, bool *ret_signed_locally, sd_bus_error *ret_error) {
555 int is_signed;
556
557 assert(h);
558 assert(hr);
559 assert(ret_signed_locally);
560
561 is_signed = manager_verify_user_record(h->manager, hr);
562 switch (is_signed) {
563
564 case USER_RECORD_SIGNED_EXCLUSIVE:
565 log_info("Home %s is signed exclusively by our key, accepting.", hr->user_name);
566 *ret_signed_locally = true;
567 return 0;
568
569 case USER_RECORD_SIGNED:
570 log_info("Home %s is signed by our key (and others), accepting.", hr->user_name);
571 *ret_signed_locally = false;
572 return 0;
573
574 case USER_RECORD_FOREIGN:
575 log_info("Home %s is signed by foreign key we like, accepting.", hr->user_name);
576 *ret_signed_locally = false;
577 return 0;
578
579 case USER_RECORD_UNSIGNED:
580 sd_bus_error_setf(ret_error, BUS_ERROR_BAD_SIGNATURE, "User record %s is not signed at all, refusing.", hr->user_name);
581 return log_error_errno(SYNTHETIC_ERRNO(EPERM), "Home %s contains user record that is not signed at all, refusing.", hr->user_name);
582
583 case -ENOKEY:
584 sd_bus_error_setf(ret_error, BUS_ERROR_BAD_SIGNATURE, "User record %s is not signed by any known key, refusing.", hr->user_name);
585 return log_error_errno(is_signed, "Home %s contains user record that is not signed by any known key, refusing.", hr->user_name);
586
587 default:
588 assert(is_signed < 0);
589 return log_error_errno(is_signed, "Failed to verify signature on user record for %s, refusing fixation: %m", hr->user_name);
590 }
591 }
592
593 static int convert_worker_errno(Home *h, int e, sd_bus_error *error) {
594 /* Converts the error numbers the worker process returned into somewhat sensible dbus errors */
595
596 switch (e) {
597
598 case -EMSGSIZE:
599 return sd_bus_error_set(error, BUS_ERROR_BAD_HOME_SIZE, "File systems of this type cannot be shrunk");
600 case -ETXTBSY:
601 return sd_bus_error_set(error, BUS_ERROR_BAD_HOME_SIZE, "File systems of this type can only be shrunk offline");
602 case -ERANGE:
603 return sd_bus_error_set(error, BUS_ERROR_BAD_HOME_SIZE, "File system size too small");
604 case -ENOLINK:
605 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "System does not support selected storage backend");
606 case -EPROTONOSUPPORT:
607 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "System does not support selected file system");
608 case -ENOTTY:
609 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "Operation not supported on storage backend");
610 case -ESOCKTNOSUPPORT:
611 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "Operation not supported on file system");
612 case -ENOKEY:
613 return sd_bus_error_setf(error, BUS_ERROR_BAD_PASSWORD, "Password for home %s is incorrect or not sufficient for authentication.", h->user_name);
614 case -EBADSLT:
615 return sd_bus_error_setf(error, BUS_ERROR_BAD_PASSWORD_AND_NO_TOKEN, "Password for home %s is incorrect or not sufficient, and configured security token not found either.", h->user_name);
616 case -EREMOTEIO:
617 return sd_bus_error_setf(error, BUS_ERROR_BAD_RECOVERY_KEY, "Recovery key for home %s is incorrect or not sufficient for authentication.", h->user_name);
618 case -ENOANO:
619 return sd_bus_error_set(error, BUS_ERROR_TOKEN_PIN_NEEDED, "PIN for security token required.");
620 case -ERFKILL:
621 return sd_bus_error_set(error, BUS_ERROR_TOKEN_PROTECTED_AUTHENTICATION_PATH_NEEDED, "Security token requires protected authentication path.");
622 case -EMEDIUMTYPE:
623 return sd_bus_error_set(error, BUS_ERROR_TOKEN_USER_PRESENCE_NEEDED, "Security token requires presence confirmation.");
624 case -ENOCSI:
625 return sd_bus_error_set(error, BUS_ERROR_TOKEN_USER_VERIFICATION_NEEDED, "Security token requires user verification.");
626 case -ENOSTR:
627 return sd_bus_error_set(error, BUS_ERROR_TOKEN_ACTION_TIMEOUT, "Token action timeout. (User was supposed to verify presence or similar, by interacting with the token, and didn't do that in time.)");
628 case -EOWNERDEAD:
629 return sd_bus_error_set(error, BUS_ERROR_TOKEN_PIN_LOCKED, "PIN of security token locked.");
630 case -ENOLCK:
631 return sd_bus_error_set(error, BUS_ERROR_TOKEN_BAD_PIN, "Bad PIN of security token.");
632 case -ETOOMANYREFS:
633 return sd_bus_error_set(error, BUS_ERROR_TOKEN_BAD_PIN_FEW_TRIES_LEFT, "Bad PIN of security token, and only a few tries left.");
634 case -EUCLEAN:
635 return sd_bus_error_set(error, BUS_ERROR_TOKEN_BAD_PIN_ONE_TRY_LEFT, "Bad PIN of security token, and only one try left.");
636 case -EBUSY:
637 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
638 case -ENOEXEC:
639 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s is currently not active", h->user_name);
640 case -ENOSPC:
641 return sd_bus_error_setf(error, BUS_ERROR_NO_DISK_SPACE, "Not enough disk space for home %s", h->user_name);
642 case -EKEYREVOKED:
643 return sd_bus_error_setf(error, BUS_ERROR_HOME_CANT_AUTHENTICATE, "Home %s has no password or other authentication mechanism defined.", h->user_name);
644 case -EADDRINUSE:
645 return sd_bus_error_setf(error, BUS_ERROR_HOME_IN_USE, "Home %s is currently being used elsewhere.", h->user_name);
646 }
647
648 return 0;
649 }
650
651 static void home_count_bad_authentication(Home *h, bool save) {
652 int r;
653
654 assert(h);
655
656 r = user_record_bad_authentication(h->record);
657 if (r < 0) {
658 log_warning_errno(r, "Failed to increase bad authentication counter, ignoring: %m");
659 return;
660 }
661
662 if (save) {
663 r = home_save_record(h);
664 if (r < 0)
665 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
666 }
667 }
668
669 static void home_fixate_finish(Home *h, int ret, UserRecord *hr) {
670 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
671 _cleanup_(user_record_unrefp) UserRecord *secret = NULL;
672 bool signed_locally;
673 int r;
674
675 assert(h);
676 assert(IN_SET(h->state, HOME_FIXATING, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE));
677
678 secret = TAKE_PTR(h->secret); /* Take possession */
679
680 if (ret < 0) {
681 if (ret == -ENOKEY)
682 (void) home_count_bad_authentication(h, false);
683
684 (void) convert_worker_errno(h, ret, &error);
685 r = log_error_errno(ret, "Fixation failed: %m");
686 goto fail;
687 }
688 if (!hr) {
689 r = log_error_errno(SYNTHETIC_ERRNO(EIO), "Did not receive user record from worker process, fixation failed.");
690 goto fail;
691 }
692
693 r = home_verify_user_record(h, hr, &signed_locally, &error);
694 if (r < 0)
695 goto fail;
696
697 r = home_set_record(h, hr);
698 if (r < 0) {
699 log_error_errno(r, "Failed to update home record: %m");
700 goto fail;
701 }
702
703 h->signed_locally = signed_locally;
704
705 /* When we finished fixating (and don't follow-up with activation), let's count this as good authentication */
706 if (h->state == HOME_FIXATING) {
707 r = user_record_good_authentication(h->record);
708 if (r < 0)
709 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
710 }
711
712 r = home_save_record(h);
713 if (r < 0)
714 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
715
716 if (IN_SET(h->state, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE)) {
717
718 r = home_start_work(h, "activate", h->record, secret);
719 if (r < 0) {
720 h->current_operation = operation_result_unref(h->current_operation, r, NULL);
721 home_set_state(h, _HOME_STATE_INVALID);
722 } else
723 home_set_state(h, h->state == HOME_FIXATING_FOR_ACTIVATION ? HOME_ACTIVATING : HOME_ACTIVATING_FOR_ACQUIRE);
724
725 return;
726 }
727
728 log_debug("Fixation of %s completed.", h->user_name);
729
730 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
731
732 /* Reset the state to "invalid", which makes home_get_state() test if the image exists and returns
733 * HOME_ABSENT vs. HOME_INACTIVE as necessary. */
734 home_set_state(h, _HOME_STATE_INVALID);
735 (void) manager_schedule_rebalance(h->manager, /* immediately= */ false);
736 return;
737
738 fail:
739 /* If fixation fails, we stay in unfixated state! */
740 h->current_operation = operation_result_unref(h->current_operation, r, &error);
741 home_set_state(h, HOME_UNFIXATED);
742 }
743
744 static void home_activate_finish(Home *h, int ret, UserRecord *hr) {
745 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
746 int r;
747
748 assert(h);
749 assert(IN_SET(h->state, HOME_ACTIVATING, HOME_ACTIVATING_FOR_ACQUIRE));
750
751 if (ret < 0) {
752 if (ret == -ENOKEY)
753 home_count_bad_authentication(h, true);
754
755 (void) convert_worker_errno(h, ret, &error);
756 r = log_error_errno(ret, "Activation failed: %m");
757 goto finish;
758 }
759
760 if (hr) {
761 bool signed_locally;
762
763 r = home_verify_user_record(h, hr, &signed_locally, &error);
764 if (r < 0)
765 goto finish;
766
767 r = home_set_record(h, hr);
768 if (r < 0) {
769 log_error_errno(r, "Failed to update home record, ignoring: %m");
770 goto finish;
771 }
772
773 h->signed_locally = signed_locally;
774
775 r = user_record_good_authentication(h->record);
776 if (r < 0)
777 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
778
779 r = home_save_record(h);
780 if (r < 0)
781 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
782 }
783
784 log_debug("Activation of %s completed.", h->user_name);
785 r = 0;
786
787 finish:
788 h->current_operation = operation_result_unref(h->current_operation, r, &error);
789 home_set_state(h, _HOME_STATE_INVALID);
790
791 if (r >= 0)
792 (void) manager_schedule_rebalance(h->manager, /* immediately= */ true);
793 }
794
795 static void home_deactivate_finish(Home *h, int ret, UserRecord *hr) {
796 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
797 int r;
798
799 assert(h);
800 assert(h->state == HOME_DEACTIVATING);
801 assert(!hr); /* We don't expect a record on this operation */
802
803 if (ret < 0) {
804 (void) convert_worker_errno(h, ret, &error);
805 r = log_error_errno(ret, "Deactivation of %s failed: %m", h->user_name);
806 goto finish;
807 }
808
809 log_debug("Deactivation of %s completed.", h->user_name);
810 r = 0;
811
812 finish:
813 h->current_operation = operation_result_unref(h->current_operation, r, &error);
814 home_set_state(h, _HOME_STATE_INVALID);
815
816 if (r >= 0)
817 (void) manager_schedule_rebalance(h->manager, /* immediately= */ true);
818 }
819
820 static void home_remove_finish(Home *h, int ret, UserRecord *hr) {
821 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
822 Manager *m;
823 int r;
824
825 assert(h);
826 assert(h->state == HOME_REMOVING);
827 assert(!hr); /* We don't expect a record on this operation */
828
829 m = h->manager;
830
831 if (ret < 0 && ret != -EALREADY) {
832 (void) convert_worker_errno(h, ret, &error);
833 r = log_error_errno(ret, "Removing %s failed: %m", h->user_name);
834 goto fail;
835 }
836
837 /* For a couple of storage types we can't delete the actual data storage when called (such as LUKS on
838 * partitions like USB sticks, or so). Sometimes these storage locations are among those we normally
839 * automatically discover in /home or in udev. When such a home is deleted let's hence issue a rescan
840 * after completion, so that "unfixated" entries are rediscovered. */
841 if (!IN_SET(user_record_test_image_path(h->record), USER_TEST_UNDEFINED, USER_TEST_ABSENT))
842 manager_enqueue_rescan(m);
843
844 /* The image is now removed from disk. Now also remove our stored record */
845 r = home_unlink_record(h);
846 if (r < 0) {
847 log_error_errno(r, "Removing record file failed: %m");
848 goto fail;
849 }
850
851 log_debug("Removal of %s completed.", h->user_name);
852 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
853
854 /* Unload this record from memory too now. */
855 h = home_free(h);
856
857 (void) manager_schedule_rebalance(m, /* immediately= */ true);
858 return;
859
860 fail:
861 h->current_operation = operation_result_unref(h->current_operation, r, &error);
862 home_set_state(h, _HOME_STATE_INVALID);
863 }
864
865 static void home_create_finish(Home *h, int ret, UserRecord *hr) {
866 int r;
867
868 assert(h);
869 assert(h->state == HOME_CREATING);
870
871 if (ret < 0) {
872 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
873
874 (void) convert_worker_errno(h, ret, &error);
875 log_error_errno(ret, "Operation on %s failed: %m", h->user_name);
876 h->current_operation = operation_result_unref(h->current_operation, ret, &error);
877
878 if (h->unregister_on_failure) {
879 (void) home_unlink_record(h);
880 h = home_free(h);
881 return;
882 }
883
884 home_set_state(h, _HOME_STATE_INVALID);
885 return;
886 }
887
888 if (hr) {
889 r = home_set_record(h, hr);
890 if (r < 0)
891 log_warning_errno(r, "Failed to update home record, ignoring: %m");
892 }
893
894 r = home_save_record(h);
895 if (r < 0)
896 log_warning_errno(r, "Failed to save record to disk, ignoring: %m");
897
898 log_debug("Creation of %s completed.", h->user_name);
899
900 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
901 home_set_state(h, _HOME_STATE_INVALID);
902
903 (void) manager_schedule_rebalance(h->manager, /* immediately= */ true);
904 }
905
906 static void home_change_finish(Home *h, int ret, UserRecord *hr) {
907 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
908 int r;
909
910 assert(h);
911
912 if (ret < 0) {
913 if (ret == -ENOKEY)
914 (void) home_count_bad_authentication(h, true);
915
916 (void) convert_worker_errno(h, ret, &error);
917 r = log_error_errno(ret, "Change operation failed: %m");
918 goto finish;
919 }
920
921 if (hr) {
922 r = home_set_record(h, hr);
923 if (r < 0)
924 log_warning_errno(r, "Failed to update home record, ignoring: %m");
925 else {
926 r = user_record_good_authentication(h->record);
927 if (r < 0)
928 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
929
930 r = home_save_record(h);
931 if (r < 0)
932 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
933 }
934 }
935
936 log_debug("Change operation of %s completed.", h->user_name);
937 (void) manager_schedule_rebalance(h->manager, /* immediately= */ false);
938 r = 0;
939
940 finish:
941 h->current_operation = operation_result_unref(h->current_operation, r, &error);
942 home_set_state(h, _HOME_STATE_INVALID);
943 }
944
945 static void home_locking_finish(Home *h, int ret, UserRecord *hr) {
946 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
947 int r;
948
949 assert(h);
950 assert(h->state == HOME_LOCKING);
951
952 if (ret < 0) {
953 (void) convert_worker_errno(h, ret, &error);
954 r = log_error_errno(ret, "Locking operation failed: %m");
955 goto finish;
956 }
957
958 log_debug("Locking operation of %s completed.", h->user_name);
959 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
960 home_set_state(h, HOME_LOCKED);
961 return;
962
963 finish:
964 /* If a specific home doesn't know the concept of locking, then that's totally OK, don't propagate
965 * the error if we are executing a LockAllHomes() operation. */
966
967 if (h->current_operation->type == OPERATION_LOCK_ALL && r == -ENOTTY)
968 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
969 else
970 h->current_operation = operation_result_unref(h->current_operation, r, &error);
971
972 home_set_state(h, _HOME_STATE_INVALID);
973 }
974
975 static void home_unlocking_finish(Home *h, int ret, UserRecord *hr) {
976 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
977 int r;
978
979 assert(h);
980 assert(IN_SET(h->state, HOME_UNLOCKING, HOME_UNLOCKING_FOR_ACQUIRE));
981
982 if (ret < 0) {
983 if (ret == -ENOKEY)
984 (void) home_count_bad_authentication(h, true);
985
986 (void) convert_worker_errno(h, ret, &error);
987 r = log_error_errno(ret, "Unlocking operation failed: %m");
988
989 /* Revert to locked state */
990 home_set_state(h, HOME_LOCKED);
991 h->current_operation = operation_result_unref(h->current_operation, r, &error);
992 return;
993 }
994
995 r = user_record_good_authentication(h->record);
996 if (r < 0)
997 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
998 else {
999 r = home_save_record(h);
1000 if (r < 0)
1001 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
1002 }
1003
1004 log_debug("Unlocking operation of %s completed.", h->user_name);
1005
1006 h->current_operation = operation_result_unref(h->current_operation, r, &error);
1007 home_set_state(h, _HOME_STATE_INVALID);
1008 return;
1009 }
1010
1011 static void home_authenticating_finish(Home *h, int ret, UserRecord *hr) {
1012 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1013 int r;
1014
1015 assert(h);
1016 assert(IN_SET(h->state, HOME_AUTHENTICATING, HOME_AUTHENTICATING_WHILE_ACTIVE, HOME_AUTHENTICATING_FOR_ACQUIRE));
1017
1018 if (ret < 0) {
1019 if (ret == -ENOKEY)
1020 (void) home_count_bad_authentication(h, true);
1021
1022 (void) convert_worker_errno(h, ret, &error);
1023 r = log_error_errno(ret, "Authentication failed: %m");
1024 goto finish;
1025 }
1026
1027 if (hr) {
1028 r = home_set_record(h, hr);
1029 if (r < 0)
1030 log_warning_errno(r, "Failed to update home record, ignoring: %m");
1031 else {
1032 r = user_record_good_authentication(h->record);
1033 if (r < 0)
1034 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
1035
1036 r = home_save_record(h);
1037 if (r < 0)
1038 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
1039 }
1040 }
1041
1042 log_debug("Authentication of %s completed.", h->user_name);
1043 r = 0;
1044
1045 finish:
1046 h->current_operation = operation_result_unref(h->current_operation, r, &error);
1047 home_set_state(h, _HOME_STATE_INVALID);
1048 }
1049
1050 static int home_on_worker_process(sd_event_source *s, const siginfo_t *si, void *userdata) {
1051 _cleanup_(user_record_unrefp) UserRecord *hr = NULL;
1052 Home *h = ASSERT_PTR(userdata);
1053 int ret;
1054
1055 assert(s);
1056 assert(si);
1057
1058 assert(h->worker_pid == si->si_pid);
1059 assert(h->worker_event_source);
1060 assert(h->worker_stdout_fd >= 0);
1061
1062 (void) hashmap_remove_value(h->manager->homes_by_worker_pid, PID_TO_PTR(h->worker_pid), h);
1063
1064 h->worker_pid = 0;
1065 h->worker_event_source = sd_event_source_disable_unref(h->worker_event_source);
1066
1067 if (si->si_code != CLD_EXITED) {
1068 assert(IN_SET(si->si_code, CLD_KILLED, CLD_DUMPED));
1069 ret = log_debug_errno(SYNTHETIC_ERRNO(EPROTO), "Worker process died abnormally with signal %s.", signal_to_string(si->si_status));
1070 } else if (si->si_status != EXIT_SUCCESS) {
1071 /* If we received an error code via sd_notify(), use it */
1072 if (h->worker_error_code != 0)
1073 ret = log_debug_errno(h->worker_error_code, "Worker reported error code %s.", errno_to_name(h->worker_error_code));
1074 else
1075 ret = log_debug_errno(SYNTHETIC_ERRNO(EPROTO), "Worker exited with exit code %i.", si->si_status);
1076 } else
1077 ret = home_parse_worker_stdout(TAKE_FD(h->worker_stdout_fd), &hr);
1078
1079 h->worker_stdout_fd = safe_close(h->worker_stdout_fd);
1080
1081 switch (h->state) {
1082
1083 case HOME_FIXATING:
1084 case HOME_FIXATING_FOR_ACTIVATION:
1085 case HOME_FIXATING_FOR_ACQUIRE:
1086 home_fixate_finish(h, ret, hr);
1087 break;
1088
1089 case HOME_ACTIVATING:
1090 case HOME_ACTIVATING_FOR_ACQUIRE:
1091 home_activate_finish(h, ret, hr);
1092 break;
1093
1094 case HOME_DEACTIVATING:
1095 home_deactivate_finish(h, ret, hr);
1096 break;
1097
1098 case HOME_LOCKING:
1099 home_locking_finish(h, ret, hr);
1100 break;
1101
1102 case HOME_UNLOCKING:
1103 case HOME_UNLOCKING_FOR_ACQUIRE:
1104 home_unlocking_finish(h, ret, hr);
1105 break;
1106
1107 case HOME_CREATING:
1108 home_create_finish(h, ret, hr);
1109 break;
1110
1111 case HOME_REMOVING:
1112 home_remove_finish(h, ret, hr);
1113 break;
1114
1115 case HOME_UPDATING:
1116 case HOME_UPDATING_WHILE_ACTIVE:
1117 case HOME_RESIZING:
1118 case HOME_RESIZING_WHILE_ACTIVE:
1119 case HOME_PASSWD:
1120 case HOME_PASSWD_WHILE_ACTIVE:
1121 home_change_finish(h, ret, hr);
1122 break;
1123
1124 case HOME_AUTHENTICATING:
1125 case HOME_AUTHENTICATING_WHILE_ACTIVE:
1126 case HOME_AUTHENTICATING_FOR_ACQUIRE:
1127 home_authenticating_finish(h, ret, hr);
1128 break;
1129
1130 default:
1131 assert_not_reached();
1132 }
1133
1134 return 0;
1135 }
1136
1137 static int home_start_work(Home *h, const char *verb, UserRecord *hr, UserRecord *secret) {
1138 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1139 _cleanup_(erase_and_freep) char *formatted = NULL;
1140 _cleanup_close_ int stdin_fd = -EBADF, stdout_fd = -EBADF;
1141 pid_t pid = 0;
1142 int r;
1143
1144 assert(h);
1145 assert(verb);
1146 assert(hr);
1147
1148 if (h->worker_pid != 0)
1149 return -EBUSY;
1150
1151 assert(h->worker_stdout_fd < 0);
1152 assert(!h->worker_event_source);
1153
1154 v = json_variant_ref(hr->json);
1155
1156 if (secret) {
1157 JsonVariant *sub = NULL;
1158
1159 sub = json_variant_by_key(secret->json, "secret");
1160 if (!sub)
1161 return -ENOKEY;
1162
1163 r = json_variant_set_field(&v, "secret", sub);
1164 if (r < 0)
1165 return r;
1166 }
1167
1168 r = json_variant_format(v, 0, &formatted);
1169 if (r < 0)
1170 return r;
1171
1172 stdin_fd = acquire_data_fd(formatted, strlen(formatted), 0);
1173 if (stdin_fd < 0)
1174 return stdin_fd;
1175
1176 log_debug("Sending to worker: %s", formatted);
1177
1178 stdout_fd = memfd_create("homework-stdout", MFD_CLOEXEC);
1179 if (stdout_fd < 0)
1180 return -errno;
1181
1182 r = safe_fork_full("(sd-homework)",
1183 (int[]) { stdin_fd, stdout_fd, STDERR_FILENO },
1184 NULL, 0,
1185 FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_REARRANGE_STDIO|FORK_LOG|FORK_REOPEN_LOG, &pid);
1186 if (r < 0)
1187 return r;
1188 if (r == 0) {
1189 _cleanup_free_ char *joined = NULL;
1190 const char *homework, *suffix, *unix_path;
1191
1192 /* Child */
1193
1194 suffix = getenv("SYSTEMD_HOME_DEBUG_SUFFIX");
1195 if (suffix) {
1196 joined = strjoin("/run/systemd/home/notify.", suffix);
1197 if (!joined)
1198 return log_oom();
1199 unix_path = joined;
1200 } else
1201 unix_path = "/run/systemd/home/notify";
1202
1203 if (setenv("NOTIFY_SOCKET", unix_path, 1) < 0) {
1204 log_error_errno(errno, "Failed to set $NOTIFY_SOCKET: %m");
1205 _exit(EXIT_FAILURE);
1206 }
1207
1208 /* If we haven't locked the device yet, ask for a lock to be taken and be passed back to us via sd_notify(). */
1209 if (setenv("SYSTEMD_LUKS_LOCK", one_zero(h->luks_lock_fd < 0), 1) < 0) {
1210 log_error_errno(errno, "Failed to set $SYSTEMD_LUKS_LOCK: %m");
1211 _exit(EXIT_FAILURE);
1212 }
1213
1214 if (h->manager->default_storage >= 0)
1215 if (setenv("SYSTEMD_HOME_DEFAULT_STORAGE", user_storage_to_string(h->manager->default_storage), 1) < 0) {
1216 log_error_errno(errno, "Failed to set $SYSTEMD_HOME_DEFAULT_STORAGE: %m");
1217 _exit(EXIT_FAILURE);
1218 }
1219
1220 if (h->manager->default_file_system_type)
1221 if (setenv("SYSTEMD_HOME_DEFAULT_FILE_SYSTEM_TYPE", h->manager->default_file_system_type, 1) < 0) {
1222 log_error_errno(errno, "Failed to set $SYSTEMD_HOME_DEFAULT_FILE_SYSTEM_TYPE: %m");
1223 _exit(EXIT_FAILURE);
1224 }
1225
1226 r = setenv_systemd_exec_pid(true);
1227 if (r < 0)
1228 log_warning_errno(r, "Failed to update $SYSTEMD_EXEC_PID, ignoring: %m");
1229
1230 /* Allow overriding the homework path via an environment variable, to make debugging
1231 * easier. */
1232 homework = getenv("SYSTEMD_HOMEWORK_PATH") ?: SYSTEMD_HOMEWORK_PATH;
1233
1234 execl(homework, homework, verb, NULL);
1235 log_error_errno(errno, "Failed to invoke %s: %m", homework);
1236 _exit(EXIT_FAILURE);
1237 }
1238
1239 r = sd_event_add_child(h->manager->event, &h->worker_event_source, pid, WEXITED, home_on_worker_process, h);
1240 if (r < 0)
1241 return r;
1242
1243 (void) sd_event_source_set_description(h->worker_event_source, "worker");
1244
1245 r = hashmap_put(h->manager->homes_by_worker_pid, PID_TO_PTR(pid), h);
1246 if (r < 0) {
1247 h->worker_event_source = sd_event_source_disable_unref(h->worker_event_source);
1248 return r;
1249 }
1250
1251 h->worker_stdout_fd = TAKE_FD(stdout_fd);
1252 h->worker_pid = pid;
1253 h->worker_error_code = 0;
1254
1255 return 0;
1256 }
1257
1258 static int home_ratelimit(Home *h, sd_bus_error *error) {
1259 int r, ret;
1260
1261 assert(h);
1262
1263 ret = user_record_ratelimit(h->record);
1264 if (ret < 0)
1265 return ret;
1266
1267 if (h->state != HOME_UNFIXATED) {
1268 r = home_save_record(h);
1269 if (r < 0)
1270 log_warning_errno(r, "Failed to save updated record, ignoring: %m");
1271 }
1272
1273 if (ret == 0) {
1274 usec_t t, n;
1275
1276 n = now(CLOCK_REALTIME);
1277 t = user_record_ratelimit_next_try(h->record);
1278
1279 if (t != USEC_INFINITY && t > n)
1280 return sd_bus_error_setf(error, BUS_ERROR_AUTHENTICATION_LIMIT_HIT,
1281 "Too many login attempts, please try again in %s!",
1282 FORMAT_TIMESPAN(t - n, USEC_PER_SEC));
1283
1284 return sd_bus_error_set(error, BUS_ERROR_AUTHENTICATION_LIMIT_HIT, "Too many login attempts, please try again later.");
1285 }
1286
1287 return 0;
1288 }
1289
1290 static int home_fixate_internal(
1291 Home *h,
1292 UserRecord *secret,
1293 HomeState for_state,
1294 sd_bus_error *error) {
1295
1296 int r;
1297
1298 assert(h);
1299 assert(IN_SET(for_state, HOME_FIXATING, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE));
1300
1301 r = home_start_work(h, "inspect", h->record, secret);
1302 if (r < 0)
1303 return r;
1304
1305 if (IN_SET(for_state, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE)) {
1306 /* Remember the secret data, since we need it for the activation again, later on. */
1307 user_record_unref(h->secret);
1308 h->secret = user_record_ref(secret);
1309 }
1310
1311 home_set_state(h, for_state);
1312 return 0;
1313 }
1314
1315 int home_fixate(Home *h, UserRecord *secret, sd_bus_error *error) {
1316 int r;
1317
1318 assert(h);
1319
1320 switch (home_get_state(h)) {
1321 case HOME_ABSENT:
1322 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1323 case HOME_INACTIVE:
1324 case HOME_DIRTY:
1325 case HOME_ACTIVE:
1326 case HOME_LINGERING:
1327 case HOME_LOCKED:
1328 return sd_bus_error_setf(error, BUS_ERROR_HOME_ALREADY_FIXATED, "Home %s is already fixated.", h->user_name);
1329 case HOME_UNFIXATED:
1330 break;
1331 default:
1332 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1333 }
1334
1335 r = home_ratelimit(h, error);
1336 if (r < 0)
1337 return r;
1338
1339 return home_fixate_internal(h, secret, HOME_FIXATING, error);
1340 }
1341
1342 static int home_activate_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1343 int r;
1344
1345 assert(h);
1346 assert(IN_SET(for_state, HOME_ACTIVATING, HOME_ACTIVATING_FOR_ACQUIRE));
1347
1348 r = home_start_work(h, "activate", h->record, secret);
1349 if (r < 0)
1350 return r;
1351
1352 home_set_state(h, for_state);
1353 return 0;
1354 }
1355
1356 int home_activate(Home *h, UserRecord *secret, sd_bus_error *error) {
1357 int r;
1358
1359 assert(h);
1360
1361 switch (home_get_state(h)) {
1362 case HOME_UNFIXATED:
1363 return home_fixate_internal(h, secret, HOME_FIXATING_FOR_ACTIVATION, error);
1364 case HOME_ABSENT:
1365 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1366 case HOME_ACTIVE:
1367 return sd_bus_error_setf(error, BUS_ERROR_HOME_ALREADY_ACTIVE, "Home %s is already active.", h->user_name);
1368 case HOME_LINGERING:
1369 /* If we are lingering, i.e. active but are supposed to be deactivated, then cancel this
1370 * timer if the user explicitly asks us to be active */
1371 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
1372 return 0;
1373 case HOME_LOCKED:
1374 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1375 case HOME_INACTIVE:
1376 case HOME_DIRTY:
1377 break;
1378 default:
1379 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1380 }
1381
1382 r = home_ratelimit(h, error);
1383 if (r < 0)
1384 return r;
1385
1386 return home_activate_internal(h, secret, HOME_ACTIVATING, error);
1387 }
1388
1389 static int home_authenticate_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1390 int r;
1391
1392 assert(h);
1393 assert(IN_SET(for_state, HOME_AUTHENTICATING, HOME_AUTHENTICATING_WHILE_ACTIVE, HOME_AUTHENTICATING_FOR_ACQUIRE));
1394
1395 r = home_start_work(h, "inspect", h->record, secret);
1396 if (r < 0)
1397 return r;
1398
1399 home_set_state(h, for_state);
1400 return 0;
1401 }
1402
1403 int home_authenticate(Home *h, UserRecord *secret, sd_bus_error *error) {
1404 HomeState state;
1405 int r;
1406
1407 assert(h);
1408
1409 state = home_get_state(h);
1410 switch (state) {
1411 case HOME_ABSENT:
1412 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1413 case HOME_LOCKED:
1414 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1415 case HOME_UNFIXATED:
1416 case HOME_INACTIVE:
1417 case HOME_DIRTY:
1418 case HOME_ACTIVE:
1419 case HOME_LINGERING:
1420 break;
1421 default:
1422 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1423 }
1424
1425 r = home_ratelimit(h, error);
1426 if (r < 0)
1427 return r;
1428
1429 return home_authenticate_internal(h, secret, HOME_STATE_IS_ACTIVE(state) ? HOME_AUTHENTICATING_WHILE_ACTIVE : HOME_AUTHENTICATING, error);
1430 }
1431
1432 static int home_deactivate_internal(Home *h, bool force, sd_bus_error *error) {
1433 int r;
1434
1435 assert(h);
1436
1437 home_unpin(h); /* unpin so that we can deactivate */
1438
1439 r = home_start_work(h, force ? "deactivate-force" : "deactivate", h->record, NULL);
1440 if (r < 0)
1441 /* Operation failed before it even started, reacquire pin fd, if state still dictates so */
1442 home_update_pin_fd(h, _HOME_STATE_INVALID);
1443 else {
1444 home_set_state(h, HOME_DEACTIVATING);
1445 r = 0;
1446 }
1447
1448 /* Let's start a timer to retry deactivation in 15. We'll stop the timer once we manage to deactivate
1449 * the home directory again, or we start any other operation. */
1450 home_start_retry_deactivate(h);
1451
1452 return r;
1453 }
1454
1455 int home_deactivate(Home *h, bool force, sd_bus_error *error) {
1456 assert(h);
1457
1458 switch (home_get_state(h)) {
1459 case HOME_UNFIXATED:
1460 case HOME_ABSENT:
1461 case HOME_INACTIVE:
1462 case HOME_DIRTY:
1463 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s not active.", h->user_name);
1464 case HOME_LOCKED:
1465 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1466 case HOME_ACTIVE:
1467 case HOME_LINGERING:
1468 break;
1469 default:
1470 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1471 }
1472
1473 return home_deactivate_internal(h, force, error);
1474 }
1475
1476 int home_create(Home *h, UserRecord *secret, sd_bus_error *error) {
1477 int r;
1478
1479 assert(h);
1480
1481 switch (home_get_state(h)) {
1482 case HOME_INACTIVE: {
1483 int t;
1484
1485 if (h->record->storage < 0)
1486 break; /* if no storage is defined we don't know what precisely to look for, hence
1487 * HOME_INACTIVE is OK in that case too. */
1488
1489 t = user_record_test_image_path(h->record);
1490 if (IN_SET(t, USER_TEST_MAYBE, USER_TEST_UNDEFINED))
1491 break; /* And if the image path test isn't conclusive, let's also go on */
1492
1493 if (IN_SET(t, -EBADF, -ENOTDIR))
1494 return sd_bus_error_setf(error, BUS_ERROR_HOME_EXISTS, "Selected home image of user %s already exists or has wrong inode type.", h->user_name);
1495
1496 return sd_bus_error_setf(error, BUS_ERROR_HOME_EXISTS, "Selected home image of user %s already exists.", h->user_name);
1497 }
1498 case HOME_UNFIXATED:
1499 case HOME_DIRTY:
1500 return sd_bus_error_setf(error, BUS_ERROR_HOME_EXISTS, "Home of user %s already exists.", h->user_name);
1501 case HOME_ABSENT:
1502 break;
1503 case HOME_ACTIVE:
1504 case HOME_LINGERING:
1505 case HOME_LOCKED:
1506 default:
1507 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1508 }
1509
1510 if (h->record->enforce_password_policy == false)
1511 log_debug("Password quality check turned off for account, skipping.");
1512 else {
1513 r = user_record_quality_check_password(h->record, secret, error);
1514 if (r < 0)
1515 return r;
1516 }
1517
1518 r = home_start_work(h, "create", h->record, secret);
1519 if (r < 0)
1520 return r;
1521
1522 home_set_state(h, HOME_CREATING);
1523 return 0;
1524 }
1525
1526 int home_remove(Home *h, sd_bus_error *error) {
1527 HomeState state;
1528 int r;
1529
1530 assert(h);
1531
1532 state = home_get_state(h);
1533 switch (state) {
1534 case HOME_ABSENT: /* If the home directory is absent, then this is just like unregistering */
1535 return home_unregister(h, error);
1536 case HOME_LOCKED:
1537 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1538 case HOME_UNFIXATED:
1539 case HOME_INACTIVE:
1540 case HOME_DIRTY:
1541 break;
1542 case HOME_ACTIVE:
1543 case HOME_LINGERING:
1544 default:
1545 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1546 }
1547
1548 r = home_start_work(h, "remove", h->record, NULL);
1549 if (r < 0)
1550 return r;
1551
1552 home_set_state(h, HOME_REMOVING);
1553 return 0;
1554 }
1555
1556 static int user_record_extend_with_binding(UserRecord *hr, UserRecord *with_binding, UserRecordLoadFlags flags, UserRecord **ret) {
1557 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1558 _cleanup_(user_record_unrefp) UserRecord *nr = NULL;
1559 JsonVariant *binding;
1560 int r;
1561
1562 assert(hr);
1563 assert(with_binding);
1564 assert(ret);
1565
1566 assert_se(v = json_variant_ref(hr->json));
1567
1568 binding = json_variant_by_key(with_binding->json, "binding");
1569 if (binding) {
1570 r = json_variant_set_field(&v, "binding", binding);
1571 if (r < 0)
1572 return r;
1573 }
1574
1575 nr = user_record_new();
1576 if (!nr)
1577 return -ENOMEM;
1578
1579 r = user_record_load(nr, v, flags);
1580 if (r < 0)
1581 return r;
1582
1583 *ret = TAKE_PTR(nr);
1584 return 0;
1585 }
1586
1587 static int home_update_internal(
1588 Home *h,
1589 const char *verb,
1590 UserRecord *hr,
1591 UserRecord *secret,
1592 sd_bus_error *error) {
1593
1594 _cleanup_(user_record_unrefp) UserRecord *new_hr = NULL, *saved_secret = NULL, *signed_hr = NULL;
1595 int r, c;
1596
1597 assert(h);
1598 assert(verb);
1599 assert(hr);
1600
1601 if (!user_record_compatible(hr, h->record))
1602 return sd_bus_error_set(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Updated user record is not compatible with existing one.");
1603 c = user_record_compare_last_change(hr, h->record); /* refuse downgrades */
1604 if (c < 0)
1605 return sd_bus_error_set(error, BUS_ERROR_HOME_RECORD_DOWNGRADE, "Refusing to update to older home record.");
1606
1607 if (!secret && FLAGS_SET(hr->mask, USER_RECORD_SECRET)) {
1608 r = user_record_clone(hr, USER_RECORD_EXTRACT_SECRET|USER_RECORD_PERMISSIVE, &saved_secret);
1609 if (r < 0)
1610 return r;
1611
1612 secret = saved_secret;
1613 }
1614
1615 r = manager_verify_user_record(h->manager, hr);
1616 switch (r) {
1617
1618 case USER_RECORD_UNSIGNED:
1619 if (h->signed_locally <= 0) /* If the existing record is not owned by us, don't accept an
1620 * unsigned new record. i.e. only implicitly sign new records
1621 * that where previously signed by us too. */
1622 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1623
1624 /* The updated record is not signed, then do so now */
1625 r = manager_sign_user_record(h->manager, hr, &signed_hr, error);
1626 if (r < 0)
1627 return r;
1628
1629 hr = signed_hr;
1630 break;
1631
1632 case USER_RECORD_SIGNED_EXCLUSIVE:
1633 case USER_RECORD_SIGNED:
1634 case USER_RECORD_FOREIGN:
1635 /* Has already been signed. Great! */
1636 break;
1637
1638 case -ENOKEY:
1639 default:
1640 return r;
1641 }
1642
1643 r = user_record_extend_with_binding(hr, h->record, USER_RECORD_LOAD_MASK_SECRET|USER_RECORD_PERMISSIVE, &new_hr);
1644 if (r < 0)
1645 return r;
1646
1647 if (c == 0) {
1648 /* different payload but same lastChangeUSec field? That's not cool! */
1649
1650 r = user_record_masked_equal(new_hr, h->record, USER_RECORD_REGULAR|USER_RECORD_PRIVILEGED|USER_RECORD_PER_MACHINE);
1651 if (r < 0)
1652 return r;
1653 if (r == 0)
1654 return sd_bus_error_set(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Home record different but timestamp remained the same, refusing.");
1655 }
1656
1657 r = home_start_work(h, verb, new_hr, secret);
1658 if (r < 0)
1659 return r;
1660
1661 return 0;
1662 }
1663
1664 int home_update(Home *h, UserRecord *hr, sd_bus_error *error) {
1665 HomeState state;
1666 int r;
1667
1668 assert(h);
1669 assert(hr);
1670
1671 state = home_get_state(h);
1672 switch (state) {
1673 case HOME_UNFIXATED:
1674 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1675 case HOME_ABSENT:
1676 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1677 case HOME_LOCKED:
1678 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1679 case HOME_INACTIVE:
1680 case HOME_DIRTY:
1681 case HOME_ACTIVE:
1682 case HOME_LINGERING:
1683 break;
1684 default:
1685 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1686 }
1687
1688 r = home_ratelimit(h, error);
1689 if (r < 0)
1690 return r;
1691
1692 r = home_update_internal(h, "update", hr, NULL, error);
1693 if (r < 0)
1694 return r;
1695
1696 home_set_state(h, HOME_STATE_IS_ACTIVE(state) ? HOME_UPDATING_WHILE_ACTIVE : HOME_UPDATING);
1697 return 0;
1698 }
1699
1700 int home_resize(Home *h,
1701 uint64_t disk_size,
1702 UserRecord *secret,
1703 bool automatic,
1704 sd_bus_error *error) {
1705
1706 _cleanup_(user_record_unrefp) UserRecord *c = NULL;
1707 HomeState state;
1708 int r;
1709
1710 assert(h);
1711
1712 state = home_get_state(h);
1713 switch (state) {
1714 case HOME_UNFIXATED:
1715 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1716 case HOME_ABSENT:
1717 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1718 case HOME_LOCKED:
1719 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1720 case HOME_INACTIVE:
1721 case HOME_DIRTY:
1722 case HOME_ACTIVE:
1723 case HOME_LINGERING:
1724 break;
1725 default:
1726 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1727 }
1728
1729 r = home_ratelimit(h, error);
1730 if (r < 0)
1731 return r;
1732
1733 /* If the user didn't specify any size explicitly and rebalancing is on, then the disk size is
1734 * determined by automatic rebalancing and hence not user configured but determined by us and thus
1735 * applied anyway. */
1736 if (disk_size == UINT64_MAX && h->record->rebalance_weight != REBALANCE_WEIGHT_OFF)
1737 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Disk size is being determined by automatic disk space rebalancing.");
1738
1739 if (disk_size == UINT64_MAX || disk_size == h->record->disk_size) {
1740 if (h->record->disk_size == UINT64_MAX)
1741 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "No disk size to resize to specified.");
1742
1743 c = user_record_ref(h->record); /* Shortcut if size is unspecified or matches the record */
1744 } else {
1745 _cleanup_(user_record_unrefp) UserRecord *signed_c = NULL;
1746
1747 if (h->signed_locally <= 0) /* Don't allow changing of records not signed only by us */
1748 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1749
1750 r = user_record_clone(h->record, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE, &c);
1751 if (r < 0)
1752 return r;
1753
1754 r = user_record_set_disk_size(c, disk_size);
1755 if (r == -ERANGE)
1756 return sd_bus_error_setf(error, BUS_ERROR_BAD_HOME_SIZE, "Requested size for home %s out of acceptable range.", h->user_name);
1757 if (r < 0)
1758 return r;
1759
1760 /* If user picked an explicit size, then turn off rebalancing, so that we don't undo what user chose */
1761 r = user_record_set_rebalance_weight(c, REBALANCE_WEIGHT_OFF);
1762 if (r < 0)
1763 return r;
1764
1765 r = user_record_update_last_changed(c, false);
1766 if (r == -ECHRNG)
1767 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Record last change time of %s is newer than current time, cannot update.", h->user_name);
1768 if (r < 0)
1769 return r;
1770
1771 r = manager_sign_user_record(h->manager, c, &signed_c, error);
1772 if (r < 0)
1773 return r;
1774
1775 user_record_unref(c);
1776 c = TAKE_PTR(signed_c);
1777 }
1778
1779 r = home_update_internal(h, automatic ? "resize-auto" : "resize", c, secret, error);
1780 if (r < 0)
1781 return r;
1782
1783 home_set_state(h, HOME_STATE_IS_ACTIVE(state) ? HOME_RESIZING_WHILE_ACTIVE : HOME_RESIZING);
1784 return 0;
1785 }
1786
1787 static int home_may_change_password(
1788 Home *h,
1789 sd_bus_error *error) {
1790
1791 int r;
1792
1793 assert(h);
1794
1795 r = user_record_test_password_change_required(h->record);
1796 if (IN_SET(r, -EKEYREVOKED, -EOWNERDEAD, -EKEYEXPIRED, -ESTALE))
1797 return 0; /* expired in some form, but changing is allowed */
1798 if (IN_SET(r, -EKEYREJECTED, -EROFS))
1799 return sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Expiration settings of account %s do not allow changing of password.", h->user_name);
1800 if (r < 0)
1801 return log_error_errno(r, "Failed to test password expiry: %m");
1802
1803 return 0; /* not expired */
1804 }
1805
1806 int home_passwd(Home *h,
1807 UserRecord *new_secret,
1808 UserRecord *old_secret,
1809 sd_bus_error *error) {
1810
1811 _cleanup_(user_record_unrefp) UserRecord *c = NULL, *merged_secret = NULL, *signed_c = NULL;
1812 HomeState state;
1813 int r;
1814
1815 assert(h);
1816
1817 if (h->signed_locally <= 0) /* Don't allow changing of records not signed only by us */
1818 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1819
1820 state = home_get_state(h);
1821 switch (state) {
1822 case HOME_UNFIXATED:
1823 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1824 case HOME_ABSENT:
1825 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1826 case HOME_LOCKED:
1827 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1828 case HOME_INACTIVE:
1829 case HOME_DIRTY:
1830 case HOME_ACTIVE:
1831 case HOME_LINGERING:
1832 break;
1833 default:
1834 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1835 }
1836
1837 r = home_ratelimit(h, error);
1838 if (r < 0)
1839 return r;
1840
1841 r = home_may_change_password(h, error);
1842 if (r < 0)
1843 return r;
1844
1845 r = user_record_clone(h->record, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE, &c);
1846 if (r < 0)
1847 return r;
1848
1849 merged_secret = user_record_new();
1850 if (!merged_secret)
1851 return -ENOMEM;
1852
1853 r = user_record_merge_secret(merged_secret, old_secret);
1854 if (r < 0)
1855 return r;
1856
1857 r = user_record_merge_secret(merged_secret, new_secret);
1858 if (r < 0)
1859 return r;
1860
1861 if (!strv_isempty(new_secret->password)) {
1862 /* Update the password only if one is specified, otherwise let's just reuse the old password
1863 * data. This is useful as a way to propagate updated user records into the LUKS backends
1864 * properly. */
1865
1866 r = user_record_make_hashed_password(c, new_secret->password, /* extend = */ false);
1867 if (r < 0)
1868 return r;
1869
1870 r = user_record_set_password_change_now(c, -1 /* remove */);
1871 if (r < 0)
1872 return r;
1873 }
1874
1875 r = user_record_update_last_changed(c, true);
1876 if (r == -ECHRNG)
1877 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Record last change time of %s is newer than current time, cannot update.", h->user_name);
1878 if (r < 0)
1879 return r;
1880
1881 r = manager_sign_user_record(h->manager, c, &signed_c, error);
1882 if (r < 0)
1883 return r;
1884
1885 if (c->enforce_password_policy == false)
1886 log_debug("Password quality check turned off for account, skipping.");
1887 else {
1888 r = user_record_quality_check_password(c, merged_secret, error);
1889 if (r < 0)
1890 return r;
1891 }
1892
1893 r = home_update_internal(h, "passwd", signed_c, merged_secret, error);
1894 if (r < 0)
1895 return r;
1896
1897 home_set_state(h, HOME_STATE_IS_ACTIVE(state) ? HOME_PASSWD_WHILE_ACTIVE : HOME_PASSWD);
1898 return 0;
1899 }
1900
1901 int home_unregister(Home *h, sd_bus_error *error) {
1902 int r;
1903
1904 assert(h);
1905
1906 switch (home_get_state(h)) {
1907 case HOME_UNFIXATED:
1908 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s is not registered.", h->user_name);
1909 case HOME_LOCKED:
1910 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1911 case HOME_ABSENT:
1912 case HOME_INACTIVE:
1913 case HOME_DIRTY:
1914 break;
1915 case HOME_ACTIVE:
1916 case HOME_LINGERING:
1917 default:
1918 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1919 }
1920
1921 r = home_unlink_record(h);
1922 if (r < 0)
1923 return r;
1924
1925 /* And destroy the whole entry. The caller needs to be prepared for that. */
1926 h = home_free(h);
1927 return 1;
1928 }
1929
1930 int home_lock(Home *h, sd_bus_error *error) {
1931 int r;
1932
1933 assert(h);
1934
1935 switch (home_get_state(h)) {
1936 case HOME_UNFIXATED:
1937 case HOME_ABSENT:
1938 case HOME_INACTIVE:
1939 case HOME_DIRTY:
1940 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s is not active.", h->user_name);
1941 case HOME_LOCKED:
1942 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is already locked.", h->user_name);
1943 case HOME_ACTIVE:
1944 case HOME_LINGERING:
1945 break;
1946 default:
1947 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1948 }
1949
1950 r = home_start_work(h, "lock", h->record, NULL);
1951 if (r < 0)
1952 return r;
1953
1954 home_set_state(h, HOME_LOCKING);
1955 return 0;
1956 }
1957
1958 static int home_unlock_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1959 int r;
1960
1961 assert(h);
1962 assert(IN_SET(for_state, HOME_UNLOCKING, HOME_UNLOCKING_FOR_ACQUIRE));
1963
1964 r = home_start_work(h, "unlock", h->record, secret);
1965 if (r < 0)
1966 return r;
1967
1968 home_set_state(h, for_state);
1969 return 0;
1970 }
1971
1972 int home_unlock(Home *h, UserRecord *secret, sd_bus_error *error) {
1973 int r;
1974 assert(h);
1975
1976 r = home_ratelimit(h, error);
1977 if (r < 0)
1978 return r;
1979
1980 switch (home_get_state(h)) {
1981 case HOME_UNFIXATED:
1982 case HOME_ABSENT:
1983 case HOME_INACTIVE:
1984 case HOME_ACTIVE:
1985 case HOME_LINGERING:
1986 case HOME_DIRTY:
1987 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_LOCKED, "Home %s is not locked.", h->user_name);
1988 case HOME_LOCKED:
1989 break;
1990 default:
1991 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1992 }
1993
1994 return home_unlock_internal(h, secret, HOME_UNLOCKING, error);
1995 }
1996
1997 HomeState home_get_state(Home *h) {
1998 int r;
1999 assert(h);
2000
2001 /* When the state field is initialized, it counts. */
2002 if (h->state >= 0)
2003 return h->state;
2004
2005 /* Otherwise, let's see if the home directory is mounted. If so, we assume for sure the home
2006 * directory is active */
2007 if (user_record_test_home_directory(h->record) == USER_TEST_MOUNTED)
2008 return h->retry_deactivate_event_source ? HOME_LINGERING : HOME_ACTIVE;
2009
2010 /* And if we see the image being gone, we report this as absent */
2011 r = user_record_test_image_path(h->record);
2012 if (r == USER_TEST_ABSENT)
2013 return HOME_ABSENT;
2014 if (r == USER_TEST_DIRTY)
2015 return HOME_DIRTY;
2016
2017 /* And for all other cases we return "inactive". */
2018 return HOME_INACTIVE;
2019 }
2020
2021 void home_process_notify(Home *h, char **l, int fd) {
2022 _cleanup_close_ int taken_fd = TAKE_FD(fd);
2023 const char *e;
2024 int error;
2025 int r;
2026
2027 assert(h);
2028
2029 e = strv_env_get(l, "SYSTEMD_LUKS_LOCK_FD");
2030 if (e) {
2031 r = parse_boolean(e);
2032 if (r < 0)
2033 return (void) log_debug_errno(r, "Failed to parse SYSTEMD_LUKS_LOCK_FD value: %m");
2034 if (r > 0) {
2035 if (taken_fd < 0)
2036 return (void) log_debug("Got notify message with SYSTEMD_LUKS_LOCK_FD=1 but no fd passed, ignoring: %m");
2037
2038 close_and_replace(h->luks_lock_fd, taken_fd);
2039
2040 log_debug("Successfully acquired LUKS lock fd from worker.");
2041
2042 /* Immediately check if we actually want to keep it */
2043 home_maybe_close_luks_lock_fd(h, _HOME_STATE_INVALID);
2044 } else {
2045 if (taken_fd >= 0)
2046 return (void) log_debug("Got notify message with SYSTEMD_LUKS_LOCK_FD=0 but fd passed, ignoring: %m");
2047
2048 h->luks_lock_fd = safe_close(h->luks_lock_fd);
2049 }
2050
2051 return;
2052 }
2053
2054 e = strv_env_get(l, "ERRNO");
2055 if (!e)
2056 return (void) log_debug("Got notify message lacking both ERRNO= and SYSTEMD_LUKS_LOCK_FD= field, ignoring.");
2057
2058 r = safe_atoi(e, &error);
2059 if (r < 0)
2060 return (void) log_debug_errno(r, "Failed to parse received error number, ignoring: %s", e);
2061 if (error <= 0)
2062 return (void) log_debug("Error number is out of range: %i", error);
2063
2064 h->worker_error_code = error;
2065 }
2066
2067 int home_killall(Home *h) {
2068 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2069 _cleanup_free_ char *unit = NULL;
2070 int r;
2071
2072 assert(h);
2073
2074 if (!uid_is_valid(h->uid))
2075 return 0;
2076
2077 assert(h->uid > 0); /* We never should be UID 0 */
2078
2079 /* Let's kill everything matching the specified UID */
2080 r = safe_fork("(sd-killer)",
2081 FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_WAIT|FORK_LOG|FORK_REOPEN_LOG,
2082 NULL);
2083 if (r < 0)
2084 return r;
2085 if (r == 0) {
2086 gid_t gid;
2087
2088 /* Child */
2089
2090 gid = user_record_gid(h->record);
2091 if (setresgid(gid, gid, gid) < 0) {
2092 log_error_errno(errno, "Failed to change GID to " GID_FMT ": %m", gid);
2093 _exit(EXIT_FAILURE);
2094 }
2095
2096 if (setgroups(0, NULL) < 0) {
2097 log_error_errno(errno, "Failed to reset auxiliary groups list: %m");
2098 _exit(EXIT_FAILURE);
2099 }
2100
2101 if (setresuid(h->uid, h->uid, h->uid) < 0) {
2102 log_error_errno(errno, "Failed to change UID to " UID_FMT ": %m", h->uid);
2103 _exit(EXIT_FAILURE);
2104 }
2105
2106 if (kill(-1, SIGKILL) < 0) {
2107 log_error_errno(errno, "Failed to kill all processes of UID " UID_FMT ": %m", h->uid);
2108 _exit(EXIT_FAILURE);
2109 }
2110
2111 _exit(EXIT_SUCCESS);
2112 }
2113
2114 /* Let's also kill everything in the user's slice */
2115 if (asprintf(&unit, "user-" UID_FMT ".slice", h->uid) < 0)
2116 return log_oom();
2117
2118 r = sd_bus_call_method(
2119 h->manager->bus,
2120 "org.freedesktop.systemd1",
2121 "/org/freedesktop/systemd1",
2122 "org.freedesktop.systemd1.Manager",
2123 "KillUnit",
2124 &error,
2125 NULL,
2126 "ssi", unit, "all", SIGKILL);
2127 if (r < 0)
2128 log_full_errno(sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_UNIT) ? LOG_DEBUG : LOG_WARNING,
2129 r, "Failed to kill login processes of user, ignoring: %s", bus_error_message(&error, r));
2130
2131 return 1;
2132 }
2133
2134 static int home_get_disk_status_luks(
2135 Home *h,
2136 HomeState state,
2137 uint64_t *ret_disk_size,
2138 uint64_t *ret_disk_usage,
2139 uint64_t *ret_disk_free,
2140 uint64_t *ret_disk_ceiling,
2141 uint64_t *ret_disk_floor,
2142 statfs_f_type_t *ret_fstype,
2143 mode_t *ret_access_mode) {
2144
2145 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX,
2146 disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX,
2147 stat_used = UINT64_MAX, fs_size = UINT64_MAX, header_size = 0;
2148 mode_t access_mode = MODE_INVALID;
2149 statfs_f_type_t fstype = 0;
2150 struct statfs sfs;
2151 struct stat st;
2152 const char *hd;
2153 int r;
2154
2155 assert(h);
2156
2157 if (state != HOME_ABSENT) {
2158 const char *ip;
2159
2160 ip = user_record_image_path(h->record);
2161 if (ip) {
2162 if (stat(ip, &st) < 0)
2163 log_debug_errno(errno, "Failed to stat() %s, ignoring: %m", ip);
2164 else if (S_ISREG(st.st_mode)) {
2165 _cleanup_free_ char *parent = NULL;
2166
2167 disk_size = st.st_size;
2168 stat_used = st.st_blocks * 512;
2169
2170 r = path_extract_directory(ip, &parent);
2171 if (r < 0)
2172 return log_error_errno(r, "Failed to extract parent directory from image path '%s': %m", ip);
2173
2174 if (statfs(parent, &sfs) < 0)
2175 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", parent);
2176 else
2177 disk_ceiling = stat_used + sfs.f_bsize * sfs.f_bavail;
2178
2179 } else if (S_ISBLK(st.st_mode)) {
2180 _cleanup_free_ char *szbuf = NULL;
2181 char p[SYS_BLOCK_PATH_MAX("/size")];
2182
2183 /* Let's read the size off sysfs, so that we don't have to open the device */
2184 xsprintf_sys_block_path(p, "/size", st.st_rdev);
2185 r = read_one_line_file(p, &szbuf);
2186 if (r < 0)
2187 log_debug_errno(r, "Failed to read %s, ignoring: %m", p);
2188 else {
2189 uint64_t sz;
2190
2191 r = safe_atou64(szbuf, &sz);
2192 if (r < 0)
2193 log_debug_errno(r, "Failed to parse %s, ignoring: %s", p, szbuf);
2194 else
2195 disk_size = sz * 512;
2196 }
2197 } else
2198 log_debug("Image path is not a block device or regular file, not able to acquire size.");
2199 }
2200 }
2201
2202 if (!HOME_STATE_IS_ACTIVE(state))
2203 goto finish;
2204
2205 hd = user_record_home_directory(h->record);
2206 if (!hd)
2207 goto finish;
2208
2209 if (stat(hd, &st) < 0) {
2210 log_debug_errno(errno, "Failed to stat() %s, ignoring: %m", hd);
2211 goto finish;
2212 }
2213
2214 r = stat_verify_directory(&st);
2215 if (r < 0) {
2216 log_debug_errno(r, "Home directory %s is not a directory, ignoring: %m", hd);
2217 goto finish;
2218 }
2219
2220 access_mode = st.st_mode & 07777;
2221
2222 if (statfs(hd, &sfs) < 0) {
2223 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", hd);
2224 goto finish;
2225 }
2226
2227 fstype = sfs.f_type;
2228
2229 disk_free = sfs.f_bsize * sfs.f_bavail;
2230 fs_size = sfs.f_bsize * sfs.f_blocks;
2231 if (disk_size != UINT64_MAX && disk_size > fs_size)
2232 header_size = disk_size - fs_size;
2233
2234 /* We take a perspective from the user here (as opposed to from the host): the used disk space is the
2235 * difference from the limit and what's free. This makes a difference if sparse mode is not used: in
2236 * that case the image is pre-allocated and thus appears all used from the host PoV but is not used
2237 * up at all yet from the user's PoV.
2238 *
2239 * That said, we use the stat() reported loopback file size as upper boundary: our footprint can
2240 * never be larger than what we take up on the lowest layers. */
2241
2242 if (disk_size != UINT64_MAX && disk_size > disk_free) {
2243 disk_usage = disk_size - disk_free;
2244
2245 if (stat_used != UINT64_MAX && disk_usage > stat_used)
2246 disk_usage = stat_used;
2247 } else
2248 disk_usage = stat_used;
2249
2250 /* If we have the magic, determine floor preferably by magic */
2251 disk_floor = minimal_size_by_fs_magic(sfs.f_type) + header_size;
2252
2253 finish:
2254 /* If we don't know the magic, go by file system name */
2255 if (disk_floor == UINT64_MAX)
2256 disk_floor = minimal_size_by_fs_name(user_record_file_system_type(h->record));
2257
2258 if (ret_disk_size)
2259 *ret_disk_size = disk_size;
2260 if (ret_disk_usage)
2261 *ret_disk_usage = disk_usage;
2262 if (ret_disk_free)
2263 *ret_disk_free = disk_free;
2264 if (ret_disk_ceiling)
2265 *ret_disk_ceiling = disk_ceiling;
2266 if (ret_disk_floor)
2267 *ret_disk_floor = disk_floor;
2268 if (ret_fstype)
2269 *ret_fstype = fstype;
2270 if (ret_access_mode)
2271 *ret_access_mode = access_mode;
2272
2273 return 0;
2274 }
2275
2276 static int home_get_disk_status_directory(
2277 Home *h,
2278 HomeState state,
2279 uint64_t *ret_disk_size,
2280 uint64_t *ret_disk_usage,
2281 uint64_t *ret_disk_free,
2282 uint64_t *ret_disk_ceiling,
2283 uint64_t *ret_disk_floor,
2284 statfs_f_type_t *ret_fstype,
2285 mode_t *ret_access_mode) {
2286
2287 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX,
2288 disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX;
2289 mode_t access_mode = MODE_INVALID;
2290 statfs_f_type_t fstype = 0;
2291 struct statfs sfs;
2292 struct dqblk req;
2293 const char *path = NULL;
2294 int r;
2295
2296 assert(h);
2297
2298 if (HOME_STATE_IS_ACTIVE(state))
2299 path = user_record_home_directory(h->record);
2300
2301 if (!path) {
2302 if (state == HOME_ABSENT)
2303 goto finish;
2304
2305 path = user_record_image_path(h->record);
2306 }
2307
2308 if (!path)
2309 goto finish;
2310
2311 if (statfs(path, &sfs) < 0)
2312 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", path);
2313 else {
2314 disk_free = sfs.f_bsize * sfs.f_bavail;
2315 disk_size = sfs.f_bsize * sfs.f_blocks;
2316
2317 /* We don't initialize disk_usage from statfs() data here, since the device is likely not used
2318 * by us alone, and disk_usage should only reflect our own use. */
2319
2320 fstype = sfs.f_type;
2321 }
2322
2323 if (IN_SET(h->record->storage, USER_CLASSIC, USER_DIRECTORY, USER_SUBVOLUME)) {
2324
2325 r = btrfs_is_subvol(path);
2326 if (r < 0)
2327 log_debug_errno(r, "Failed to determine whether %s is a btrfs subvolume: %m", path);
2328 else if (r > 0) {
2329 BtrfsQuotaInfo qi;
2330
2331 r = btrfs_subvol_get_subtree_quota(path, 0, &qi);
2332 if (r < 0)
2333 log_debug_errno(r, "Failed to query btrfs subtree quota, ignoring: %m");
2334 else {
2335 disk_usage = qi.referenced;
2336
2337 if (disk_free != UINT64_MAX) {
2338 disk_ceiling = qi.referenced + disk_free;
2339
2340 if (disk_size != UINT64_MAX && disk_ceiling > disk_size)
2341 disk_ceiling = disk_size;
2342 }
2343
2344 if (qi.referenced_max != UINT64_MAX) {
2345 if (disk_size != UINT64_MAX)
2346 disk_size = MIN(qi.referenced_max, disk_size);
2347 else
2348 disk_size = qi.referenced_max;
2349 }
2350
2351 if (disk_size != UINT64_MAX) {
2352 if (disk_size > disk_usage)
2353 disk_free = disk_size - disk_usage;
2354 else
2355 disk_free = 0;
2356 }
2357 }
2358
2359 goto finish;
2360 }
2361 }
2362
2363 if (IN_SET(h->record->storage, USER_CLASSIC, USER_DIRECTORY, USER_FSCRYPT)) {
2364 r = quotactl_path(QCMD_FIXED(Q_GETQUOTA, USRQUOTA), path, h->uid, &req);
2365 if (r < 0) {
2366 if (ERRNO_IS_NOT_SUPPORTED(r)) {
2367 log_debug_errno(r, "No UID quota support on %s.", path);
2368 goto finish;
2369 }
2370
2371 if (r != -ESRCH) {
2372 log_debug_errno(r, "Failed to query disk quota for UID " UID_FMT ": %m", h->uid);
2373 goto finish;
2374 }
2375
2376 disk_usage = 0; /* No record of this user? then nothing was used */
2377 } else {
2378 if (FLAGS_SET(req.dqb_valid, QIF_SPACE) && disk_free != UINT64_MAX) {
2379 disk_ceiling = req.dqb_curspace + disk_free;
2380
2381 if (disk_size != UINT64_MAX && disk_ceiling > disk_size)
2382 disk_ceiling = disk_size;
2383 }
2384
2385 if (FLAGS_SET(req.dqb_valid, QIF_BLIMITS)) {
2386 uint64_t q;
2387
2388 /* Take the minimum of the quota and the available disk space here */
2389 q = req.dqb_bhardlimit * QIF_DQBLKSIZE;
2390 if (disk_size != UINT64_MAX)
2391 disk_size = MIN(disk_size, q);
2392 else
2393 disk_size = q;
2394 }
2395 if (FLAGS_SET(req.dqb_valid, QIF_SPACE)) {
2396 disk_usage = req.dqb_curspace;
2397
2398 if (disk_size != UINT64_MAX) {
2399 if (disk_size > disk_usage)
2400 disk_free = disk_size - disk_usage;
2401 else
2402 disk_free = 0;
2403 }
2404 }
2405 }
2406 }
2407
2408 finish:
2409 if (ret_disk_size)
2410 *ret_disk_size = disk_size;
2411 if (ret_disk_usage)
2412 *ret_disk_usage = disk_usage;
2413 if (ret_disk_free)
2414 *ret_disk_free = disk_free;
2415 if (ret_disk_ceiling)
2416 *ret_disk_ceiling = disk_ceiling;
2417 if (ret_disk_floor)
2418 *ret_disk_floor = disk_floor;
2419 if (ret_fstype)
2420 *ret_fstype = fstype;
2421 if (ret_access_mode)
2422 *ret_access_mode = access_mode;
2423
2424 return 0;
2425 }
2426
2427 static int home_get_disk_status_internal(
2428 Home *h,
2429 HomeState state,
2430 uint64_t *ret_disk_size,
2431 uint64_t *ret_disk_usage,
2432 uint64_t *ret_disk_free,
2433 uint64_t *ret_disk_ceiling,
2434 uint64_t *ret_disk_floor,
2435 statfs_f_type_t *ret_fstype,
2436 mode_t *ret_access_mode) {
2437
2438 assert(h);
2439 assert(h->record);
2440
2441 switch (h->record->storage) {
2442
2443 case USER_LUKS:
2444 return home_get_disk_status_luks(h, state, ret_disk_size, ret_disk_usage, ret_disk_free, ret_disk_ceiling, ret_disk_floor, ret_fstype, ret_access_mode);
2445
2446 case USER_CLASSIC:
2447 case USER_DIRECTORY:
2448 case USER_SUBVOLUME:
2449 case USER_FSCRYPT:
2450 case USER_CIFS:
2451 return home_get_disk_status_directory(h, state, ret_disk_size, ret_disk_usage, ret_disk_free, ret_disk_ceiling, ret_disk_floor, ret_fstype, ret_access_mode);
2452
2453 default:
2454 /* don't know */
2455
2456 if (ret_disk_size)
2457 *ret_disk_size = UINT64_MAX;
2458 if (ret_disk_usage)
2459 *ret_disk_usage = UINT64_MAX;
2460 if (ret_disk_free)
2461 *ret_disk_free = UINT64_MAX;
2462 if (ret_disk_ceiling)
2463 *ret_disk_ceiling = UINT64_MAX;
2464 if (ret_disk_floor)
2465 *ret_disk_floor = UINT64_MAX;
2466 if (ret_fstype)
2467 *ret_fstype = 0;
2468 if (ret_access_mode)
2469 *ret_access_mode = MODE_INVALID;
2470
2471 return 0;
2472 }
2473 }
2474
2475 int home_get_disk_status(
2476 Home *h,
2477 uint64_t *ret_disk_size,
2478 uint64_t *ret_disk_usage,
2479 uint64_t *ret_disk_free,
2480 uint64_t *ret_disk_ceiling,
2481 uint64_t *ret_disk_floor,
2482 statfs_f_type_t *ret_fstype,
2483 mode_t *ret_access_mode) {
2484
2485 assert(h);
2486
2487 return home_get_disk_status_internal(
2488 h,
2489 home_get_state(h),
2490 ret_disk_size,
2491 ret_disk_usage,
2492 ret_disk_free,
2493 ret_disk_ceiling,
2494 ret_disk_floor,
2495 ret_fstype,
2496 ret_access_mode);
2497 }
2498
2499 int home_augment_status(
2500 Home *h,
2501 UserRecordLoadFlags flags,
2502 UserRecord **ret) {
2503
2504 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX, disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX;
2505 _cleanup_(json_variant_unrefp) JsonVariant *j = NULL, *v = NULL, *m = NULL, *status = NULL;
2506 _cleanup_(user_record_unrefp) UserRecord *ur = NULL;
2507 statfs_f_type_t magic;
2508 const char *fstype;
2509 mode_t access_mode;
2510 HomeState state;
2511 sd_id128_t id;
2512 int r;
2513
2514 assert(h);
2515 assert(ret);
2516
2517 /* We are supposed to add this, this can't be on hence. */
2518 assert(!FLAGS_SET(flags, USER_RECORD_STRIP_STATUS));
2519
2520 r = sd_id128_get_machine(&id);
2521 if (r < 0)
2522 return r;
2523
2524 state = home_get_state(h);
2525
2526 r = home_get_disk_status_internal(
2527 h, state,
2528 &disk_size,
2529 &disk_usage,
2530 &disk_free,
2531 &disk_ceiling,
2532 &disk_floor,
2533 &magic,
2534 &access_mode);
2535 if (r < 0)
2536 return r;
2537
2538 fstype = fs_type_to_string(magic);
2539
2540 if (disk_floor == UINT64_MAX || (disk_usage != UINT64_MAX && disk_floor < disk_usage))
2541 disk_floor = disk_usage;
2542 if (disk_floor == UINT64_MAX || disk_floor < USER_DISK_SIZE_MIN)
2543 disk_floor = USER_DISK_SIZE_MIN;
2544 if (disk_ceiling == UINT64_MAX || disk_ceiling > USER_DISK_SIZE_MAX)
2545 disk_ceiling = USER_DISK_SIZE_MAX;
2546
2547 r = json_build(&status,
2548 JSON_BUILD_OBJECT(
2549 JSON_BUILD_PAIR("state", JSON_BUILD_STRING(home_state_to_string(state))),
2550 JSON_BUILD_PAIR("service", JSON_BUILD_CONST_STRING("io.systemd.Home")),
2551 JSON_BUILD_PAIR_CONDITION(disk_size != UINT64_MAX, "diskSize", JSON_BUILD_UNSIGNED(disk_size)),
2552 JSON_BUILD_PAIR_CONDITION(disk_usage != UINT64_MAX, "diskUsage", JSON_BUILD_UNSIGNED(disk_usage)),
2553 JSON_BUILD_PAIR_CONDITION(disk_free != UINT64_MAX, "diskFree", JSON_BUILD_UNSIGNED(disk_free)),
2554 JSON_BUILD_PAIR_CONDITION(disk_ceiling != UINT64_MAX, "diskCeiling", JSON_BUILD_UNSIGNED(disk_ceiling)),
2555 JSON_BUILD_PAIR_CONDITION(disk_floor != UINT64_MAX, "diskFloor", JSON_BUILD_UNSIGNED(disk_floor)),
2556 JSON_BUILD_PAIR_CONDITION(h->signed_locally >= 0, "signedLocally", JSON_BUILD_BOOLEAN(h->signed_locally)),
2557 JSON_BUILD_PAIR_CONDITION(fstype, "fileSystemType", JSON_BUILD_STRING(fstype)),
2558 JSON_BUILD_PAIR_CONDITION(access_mode != MODE_INVALID, "accessMode", JSON_BUILD_UNSIGNED(access_mode))
2559 ));
2560 if (r < 0)
2561 return r;
2562
2563 j = json_variant_ref(h->record->json);
2564 v = json_variant_ref(json_variant_by_key(j, "status"));
2565 m = json_variant_ref(json_variant_by_key(v, SD_ID128_TO_STRING(id)));
2566
2567 r = json_variant_filter(&m, STRV_MAKE("diskSize", "diskUsage", "diskFree", "diskCeiling", "diskFloor", "signedLocally"));
2568 if (r < 0)
2569 return r;
2570
2571 r = json_variant_merge(&m, status);
2572 if (r < 0)
2573 return r;
2574
2575 r = json_variant_set_field(&v, SD_ID128_TO_STRING(id), m);
2576 if (r < 0)
2577 return r;
2578
2579 r = json_variant_set_field(&j, "status", v);
2580 if (r < 0)
2581 return r;
2582
2583 ur = user_record_new();
2584 if (!ur)
2585 return -ENOMEM;
2586
2587 r = user_record_load(ur, j, flags);
2588 if (r < 0)
2589 return r;
2590
2591 ur->incomplete =
2592 FLAGS_SET(h->record->mask, USER_RECORD_PRIVILEGED) &&
2593 !FLAGS_SET(ur->mask, USER_RECORD_PRIVILEGED);
2594
2595 *ret = TAKE_PTR(ur);
2596 return 0;
2597 }
2598
2599 static int on_home_ref_eof(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
2600 _cleanup_(operation_unrefp) Operation *o = NULL;
2601 Home *h = ASSERT_PTR(userdata);
2602
2603 assert(s);
2604
2605 if (h->ref_event_source_please_suspend == s)
2606 h->ref_event_source_please_suspend = sd_event_source_disable_unref(h->ref_event_source_please_suspend);
2607
2608 if (h->ref_event_source_dont_suspend == s)
2609 h->ref_event_source_dont_suspend = sd_event_source_disable_unref(h->ref_event_source_dont_suspend);
2610
2611 if (h->ref_event_source_dont_suspend || h->ref_event_source_please_suspend)
2612 return 0;
2613
2614 log_info("Got notification that all sessions of user %s ended, deactivating automatically.", h->user_name);
2615
2616 o = operation_new(OPERATION_PIPE_EOF, NULL);
2617 if (!o) {
2618 log_oom();
2619 return 0;
2620 }
2621
2622 home_schedule_operation(h, o, NULL);
2623 return 0;
2624 }
2625
2626 int home_create_fifo(Home *h, bool please_suspend) {
2627 _cleanup_close_ int ret_fd = -EBADF;
2628 sd_event_source **ss;
2629 const char *fn, *suffix;
2630 int r;
2631
2632 assert(h);
2633
2634 if (please_suspend) {
2635 suffix = ".please-suspend";
2636 ss = &h->ref_event_source_please_suspend;
2637 } else {
2638 suffix = ".dont-suspend";
2639 ss = &h->ref_event_source_dont_suspend;
2640 }
2641
2642 fn = strjoina("/run/systemd/home/", h->user_name, suffix);
2643
2644 if (!*ss) {
2645 _cleanup_close_ int ref_fd = -EBADF;
2646
2647 (void) mkdir("/run/systemd/home/", 0755);
2648 if (mkfifo(fn, 0600) < 0 && errno != EEXIST)
2649 return log_error_errno(errno, "Failed to create FIFO %s: %m", fn);
2650
2651 ref_fd = open(fn, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
2652 if (ref_fd < 0)
2653 return log_error_errno(errno, "Failed to open FIFO %s for reading: %m", fn);
2654
2655 r = sd_event_add_io(h->manager->event, ss, ref_fd, 0, on_home_ref_eof, h);
2656 if (r < 0)
2657 return log_error_errno(r, "Failed to allocate reference FIFO event source: %m");
2658
2659 (void) sd_event_source_set_description(*ss, "acquire-ref");
2660
2661 r = sd_event_source_set_priority(*ss, SD_EVENT_PRIORITY_IDLE-1);
2662 if (r < 0)
2663 return r;
2664
2665 r = sd_event_source_set_io_fd_own(*ss, true);
2666 if (r < 0)
2667 return log_error_errno(r, "Failed to pass ownership of FIFO event fd to event source: %m");
2668
2669 TAKE_FD(ref_fd);
2670 }
2671
2672 ret_fd = open(fn, O_WRONLY|O_CLOEXEC|O_NONBLOCK);
2673 if (ret_fd < 0)
2674 return log_error_errno(errno, "Failed to open FIFO %s for writing: %m", fn);
2675
2676 return TAKE_FD(ret_fd);
2677 }
2678
2679 static int home_dispatch_acquire(Home *h, Operation *o) {
2680 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2681 int (*call)(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) = NULL;
2682 HomeState for_state;
2683 int r;
2684
2685 assert(h);
2686 assert(o);
2687 assert(o->type == OPERATION_ACQUIRE);
2688
2689 assert(!h->current_operation);
2690
2691 switch (home_get_state(h)) {
2692
2693 case HOME_UNFIXATED:
2694 for_state = HOME_FIXATING_FOR_ACQUIRE;
2695 call = home_fixate_internal;
2696 break;
2697
2698 case HOME_ABSENT:
2699 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_ABSENT,
2700 "Home %s is currently missing or not plugged in.", h->user_name);
2701 goto check;
2702
2703 case HOME_INACTIVE:
2704 case HOME_DIRTY:
2705 for_state = HOME_ACTIVATING_FOR_ACQUIRE;
2706 call = home_activate_internal;
2707 break;
2708
2709 case HOME_ACTIVE:
2710 case HOME_LINGERING:
2711 for_state = HOME_AUTHENTICATING_FOR_ACQUIRE;
2712 call = home_authenticate_internal;
2713 break;
2714
2715 case HOME_LOCKED:
2716 for_state = HOME_UNLOCKING_FOR_ACQUIRE;
2717 call = home_unlock_internal;
2718 break;
2719
2720 default:
2721 /* All other cases means we are currently executing an operation, which means the job remains
2722 * pending. */
2723 return 0;
2724 }
2725
2726 r = home_ratelimit(h, &error);
2727 if (r >= 0)
2728 r = call(h, o->secret, for_state, &error);
2729
2730 check:
2731 if (r != 0) /* failure or completed */
2732 operation_result(o, r, &error);
2733 else /* ongoing */
2734 h->current_operation = operation_ref(o);
2735
2736 return 1;
2737 }
2738
2739 static int home_dispatch_release(Home *h, Operation *o) {
2740 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2741 int r;
2742
2743 assert(h);
2744 assert(o);
2745 assert(o->type == OPERATION_RELEASE);
2746
2747 if (h->ref_event_source_dont_suspend || h->ref_event_source_please_suspend)
2748 /* If there's now a reference again, then let's abort the release attempt */
2749 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_BUSY, "Home %s is currently referenced.", h->user_name);
2750 else {
2751 switch (home_get_state(h)) {
2752
2753 case HOME_UNFIXATED:
2754 case HOME_ABSENT:
2755 case HOME_INACTIVE:
2756 case HOME_DIRTY:
2757 r = 1; /* done */
2758 break;
2759
2760 case HOME_LOCKED:
2761 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
2762 break;
2763
2764 case HOME_ACTIVE:
2765 case HOME_LINGERING:
2766 r = home_deactivate_internal(h, false, &error);
2767 break;
2768
2769 default:
2770 /* All other cases means we are currently executing an operation, which means the job remains
2771 * pending. */
2772 return 0;
2773 }
2774 }
2775
2776 assert(!h->current_operation);
2777
2778 if (r != 0) /* failure or completed */
2779 operation_result(o, r, &error);
2780 else /* ongoing */
2781 h->current_operation = operation_ref(o);
2782
2783 return 1;
2784 }
2785
2786 static int home_dispatch_lock_all(Home *h, Operation *o) {
2787 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2788 int r;
2789
2790 assert(h);
2791 assert(o);
2792 assert(o->type == OPERATION_LOCK_ALL);
2793
2794 switch (home_get_state(h)) {
2795
2796 case HOME_UNFIXATED:
2797 case HOME_ABSENT:
2798 case HOME_INACTIVE:
2799 case HOME_DIRTY:
2800 log_info("Home %s is not active, no locking necessary.", h->user_name);
2801 r = 1; /* done */
2802 break;
2803
2804 case HOME_LOCKED:
2805 log_info("Home %s is already locked.", h->user_name);
2806 r = 1; /* done */
2807 break;
2808
2809 case HOME_ACTIVE:
2810 case HOME_LINGERING:
2811 log_info("Locking home %s.", h->user_name);
2812 r = home_lock(h, &error);
2813 break;
2814
2815 default:
2816 /* All other cases means we are currently executing an operation, which means the job remains
2817 * pending. */
2818 return 0;
2819 }
2820
2821 assert(!h->current_operation);
2822
2823 if (r != 0) /* failure or completed */
2824 operation_result(o, r, &error);
2825 else /* ongoing */
2826 h->current_operation = operation_ref(o);
2827
2828 return 1;
2829 }
2830
2831 static int home_dispatch_deactivate_all(Home *h, Operation *o) {
2832 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2833 int r;
2834
2835 assert(h);
2836 assert(o);
2837 assert(o->type == OPERATION_DEACTIVATE_ALL);
2838
2839 switch (home_get_state(h)) {
2840
2841 case HOME_UNFIXATED:
2842 case HOME_ABSENT:
2843 case HOME_INACTIVE:
2844 case HOME_DIRTY:
2845 log_info("Home %s is already deactivated.", h->user_name);
2846 r = 1; /* done */
2847 break;
2848
2849 case HOME_LOCKED:
2850 log_info("Home %s is currently locked, not deactivating.", h->user_name);
2851 r = 1; /* done */
2852 break;
2853
2854 case HOME_ACTIVE:
2855 case HOME_LINGERING:
2856 log_info("Deactivating home %s.", h->user_name);
2857 r = home_deactivate_internal(h, false, &error);
2858 break;
2859
2860 default:
2861 /* All other cases means we are currently executing an operation, which means the job remains
2862 * pending. */
2863 return 0;
2864 }
2865
2866 assert(!h->current_operation);
2867
2868 if (r != 0) /* failure or completed */
2869 operation_result(o, r, &error);
2870 else /* ongoing */
2871 h->current_operation = operation_ref(o);
2872
2873 return 1;
2874 }
2875
2876 static int home_dispatch_pipe_eof(Home *h, Operation *o) {
2877 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2878 int r;
2879
2880 assert(h);
2881 assert(o);
2882 assert(o->type == OPERATION_PIPE_EOF);
2883
2884 if (h->ref_event_source_please_suspend || h->ref_event_source_dont_suspend)
2885 return 1; /* Hmm, there's a reference again, let's cancel this */
2886
2887 switch (home_get_state(h)) {
2888
2889 case HOME_UNFIXATED:
2890 case HOME_ABSENT:
2891 case HOME_INACTIVE:
2892 case HOME_DIRTY:
2893 log_info("Home %s already deactivated, no automatic deactivation needed.", h->user_name);
2894 break;
2895
2896 case HOME_DEACTIVATING:
2897 log_info("Home %s is already being deactivated, automatic deactivated unnecessary.", h->user_name);
2898 break;
2899
2900 case HOME_ACTIVE:
2901 case HOME_LINGERING:
2902 r = home_deactivate_internal(h, false, &error);
2903 if (r < 0)
2904 log_warning_errno(r, "Failed to deactivate %s, ignoring: %s", h->user_name, bus_error_message(&error, r));
2905 break;
2906
2907 case HOME_LOCKED:
2908 default:
2909 /* If the device is locked or any operation is being executed, let's leave this pending */
2910 return 0;
2911 }
2912
2913 /* Note that we don't call operation_fail() or operation_success() here, because this kind of
2914 * operation has no message associated with it, and thus there's no need to propagate success. */
2915
2916 assert(!o->message);
2917 return 1;
2918 }
2919
2920 static int home_dispatch_deactivate_force(Home *h, Operation *o) {
2921 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2922 int r;
2923
2924 assert(h);
2925 assert(o);
2926 assert(o->type == OPERATION_DEACTIVATE_FORCE);
2927
2928 switch (home_get_state(h)) {
2929
2930 case HOME_UNFIXATED:
2931 case HOME_ABSENT:
2932 case HOME_INACTIVE:
2933 case HOME_DIRTY:
2934 log_debug("Home %s already deactivated, no forced deactivation due to unplug needed.", h->user_name);
2935 break;
2936
2937 case HOME_DEACTIVATING:
2938 log_debug("Home %s is already being deactivated, forced deactivation due to unplug unnecessary.", h->user_name);
2939 break;
2940
2941 case HOME_ACTIVE:
2942 case HOME_LOCKED:
2943 case HOME_LINGERING:
2944 r = home_deactivate_internal(h, true, &error);
2945 if (r < 0)
2946 log_warning_errno(r, "Failed to forcibly deactivate %s, ignoring: %s", h->user_name, bus_error_message(&error, r));
2947 break;
2948
2949 default:
2950 /* If any operation is being executed, let's leave this pending */
2951 return 0;
2952 }
2953
2954 /* Note that we don't call operation_fail() or operation_success() here, because this kind of
2955 * operation has no message associated with it, and thus there's no need to propagate success. */
2956
2957 assert(!o->message);
2958 return 1;
2959 }
2960
2961 static int on_pending(sd_event_source *s, void *userdata) {
2962 Home *h = ASSERT_PTR(userdata);
2963 Operation *o;
2964 int r;
2965
2966 assert(s);
2967
2968 o = ordered_set_first(h->pending_operations);
2969 if (o) {
2970 static int (* const operation_table[_OPERATION_MAX])(Home *h, Operation *o) = {
2971 [OPERATION_ACQUIRE] = home_dispatch_acquire,
2972 [OPERATION_RELEASE] = home_dispatch_release,
2973 [OPERATION_LOCK_ALL] = home_dispatch_lock_all,
2974 [OPERATION_DEACTIVATE_ALL] = home_dispatch_deactivate_all,
2975 [OPERATION_PIPE_EOF] = home_dispatch_pipe_eof,
2976 [OPERATION_DEACTIVATE_FORCE] = home_dispatch_deactivate_force,
2977 };
2978
2979 assert(operation_table[o->type]);
2980 r = operation_table[o->type](h, o);
2981 if (r != 0) {
2982 /* The operation completed, let's remove it from the pending list, and exit while
2983 * leaving the event source enabled as it is. */
2984 assert_se(ordered_set_remove(h->pending_operations, o) == o);
2985 operation_unref(o);
2986 return 0;
2987 }
2988 }
2989
2990 /* Nothing to do anymore, let's turn off this event source */
2991 r = sd_event_source_set_enabled(s, SD_EVENT_OFF);
2992 if (r < 0)
2993 return log_error_errno(r, "Failed to disable event source: %m");
2994
2995 /* No operations pending anymore, maybe this is a good time to trigger a rebalancing */
2996 manager_reschedule_rebalance(h->manager);
2997 return 0;
2998 }
2999
3000 int home_schedule_operation(Home *h, Operation *o, sd_bus_error *error) {
3001 int r;
3002
3003 assert(h);
3004
3005 if (o) {
3006 if (ordered_set_size(h->pending_operations) >= PENDING_OPERATIONS_MAX)
3007 return sd_bus_error_set(error, BUS_ERROR_TOO_MANY_OPERATIONS, "Too many client operations requested");
3008
3009 r = ordered_set_ensure_put(&h->pending_operations, &operation_hash_ops, o);
3010 if (r < 0)
3011 return r;
3012
3013 operation_ref(o);
3014 }
3015
3016 if (!h->pending_event_source) {
3017 r = sd_event_add_defer(h->manager->event, &h->pending_event_source, on_pending, h);
3018 if (r < 0)
3019 return log_error_errno(r, "Failed to allocate pending defer event source: %m");
3020
3021 (void) sd_event_source_set_description(h->pending_event_source, "pending");
3022
3023 r = sd_event_source_set_priority(h->pending_event_source, SD_EVENT_PRIORITY_IDLE);
3024 if (r < 0)
3025 return r;
3026 }
3027
3028 r = sd_event_source_set_enabled(h->pending_event_source, SD_EVENT_ON);
3029 if (r < 0)
3030 return log_error_errno(r, "Failed to trigger pending event source: %m");
3031
3032 return 0;
3033 }
3034
3035 static int home_get_image_path_seat(Home *h, char **ret) {
3036 _cleanup_(sd_device_unrefp) sd_device *d = NULL;
3037 _cleanup_free_ char *c = NULL;
3038 const char *ip, *seat;
3039 struct stat st;
3040 int r;
3041
3042 assert(h);
3043
3044 if (user_record_storage(h->record) != USER_LUKS)
3045 return -ENXIO;
3046
3047 ip = user_record_image_path(h->record);
3048 if (!ip)
3049 return -ENXIO;
3050
3051 if (!path_startswith(ip, "/dev/"))
3052 return -ENXIO;
3053
3054 if (stat(ip, &st) < 0)
3055 return -errno;
3056
3057 if (!S_ISBLK(st.st_mode))
3058 return -ENOTBLK;
3059
3060 r = sd_device_new_from_stat_rdev(&d, &st);
3061 if (r < 0)
3062 return r;
3063
3064 r = sd_device_get_property_value(d, "ID_SEAT", &seat);
3065 if (r == -ENOENT) /* no property means seat0 */
3066 seat = "seat0";
3067 else if (r < 0)
3068 return r;
3069
3070 c = strdup(seat);
3071 if (!c)
3072 return -ENOMEM;
3073
3074 *ret = TAKE_PTR(c);
3075 return 0;
3076 }
3077
3078 int home_auto_login(Home *h, char ***ret_seats) {
3079 _cleanup_free_ char *seat = NULL, *seat2 = NULL;
3080
3081 assert(h);
3082 assert(ret_seats);
3083
3084 (void) home_get_image_path_seat(h, &seat);
3085
3086 if (h->record->auto_login > 0 && !streq_ptr(seat, "seat0")) {
3087 /* For now, when the auto-login boolean is set for a user, let's make it mean
3088 * "seat0". Eventually we can extend the concept and allow configuration of any kind of seat,
3089 * but let's keep simple initially, most likely the feature is interesting on single-user
3090 * systems anyway, only.
3091 *
3092 * We filter out users marked for auto-login in we know for sure their home directory is
3093 * absent. */
3094
3095 if (user_record_test_image_path(h->record) != USER_TEST_ABSENT) {
3096 seat2 = strdup("seat0");
3097 if (!seat2)
3098 return -ENOMEM;
3099 }
3100 }
3101
3102 if (seat || seat2) {
3103 _cleanup_strv_free_ char **list = NULL;
3104 size_t i = 0;
3105
3106 list = new(char*, 3);
3107 if (!list)
3108 return -ENOMEM;
3109
3110 if (seat)
3111 list[i++] = TAKE_PTR(seat);
3112 if (seat2)
3113 list[i++] = TAKE_PTR(seat2);
3114
3115 list[i] = NULL;
3116 *ret_seats = TAKE_PTR(list);
3117 return 1;
3118 }
3119
3120 *ret_seats = NULL;
3121 return 0;
3122 }
3123
3124 int home_set_current_message(Home *h, sd_bus_message *m) {
3125 assert(h);
3126
3127 if (!m)
3128 return 0;
3129
3130 if (h->current_operation)
3131 return -EBUSY;
3132
3133 h->current_operation = operation_new(OPERATION_IMMEDIATE, m);
3134 if (!h->current_operation)
3135 return -ENOMEM;
3136
3137 return 1;
3138 }
3139
3140 int home_wait_for_worker(Home *h) {
3141 int r;
3142
3143 assert(h);
3144
3145 if (h->worker_pid <= 0)
3146 return 0;
3147
3148 log_info("Worker process for home %s is still running while exiting. Waiting for it to finish.", h->user_name);
3149
3150 r = wait_for_terminate_with_timeout(h->worker_pid, 30 * USEC_PER_SEC);
3151 if (r == -ETIMEDOUT)
3152 log_warning_errno(r, "Waiting for worker process for home %s timed out. Ignoring.", h->user_name);
3153 else
3154 log_warning_errno(r, "Failed to wait for worker process for home %s. Ignoring.", h->user_name);
3155
3156 (void) hashmap_remove_value(h->manager->homes_by_worker_pid, PID_TO_PTR(h->worker_pid), h);
3157 h->worker_pid = 0;
3158 return 1;
3159 }
3160
3161 bool home_shall_rebalance(Home *h) {
3162 HomeState state;
3163
3164 assert(h);
3165
3166 /* Determines if the home directory is a candidate for rebalancing */
3167
3168 if (!user_record_shall_rebalance(h->record))
3169 return false;
3170
3171 state = home_get_state(h);
3172 if (!HOME_STATE_SHALL_REBALANCE(state))
3173 return false;
3174
3175 return true;
3176 }
3177
3178 bool home_is_busy(Home *h) {
3179 assert(h);
3180
3181 if (h->current_operation)
3182 return true;
3183
3184 if (!ordered_set_isempty(h->pending_operations))
3185 return true;
3186
3187 return HOME_STATE_IS_EXECUTING_OPERATION(home_get_state(h));
3188 }
3189
3190 static const char* const home_state_table[_HOME_STATE_MAX] = {
3191 [HOME_UNFIXATED] = "unfixated",
3192 [HOME_ABSENT] = "absent",
3193 [HOME_INACTIVE] = "inactive",
3194 [HOME_DIRTY] = "dirty",
3195 [HOME_FIXATING] = "fixating",
3196 [HOME_FIXATING_FOR_ACTIVATION] = "fixating-for-activation",
3197 [HOME_FIXATING_FOR_ACQUIRE] = "fixating-for-acquire",
3198 [HOME_ACTIVATING] = "activating",
3199 [HOME_ACTIVATING_FOR_ACQUIRE] = "activating-for-acquire",
3200 [HOME_DEACTIVATING] = "deactivating",
3201 [HOME_ACTIVE] = "active",
3202 [HOME_LINGERING] = "lingering",
3203 [HOME_LOCKING] = "locking",
3204 [HOME_LOCKED] = "locked",
3205 [HOME_UNLOCKING] = "unlocking",
3206 [HOME_UNLOCKING_FOR_ACQUIRE] = "unlocking-for-acquire",
3207 [HOME_CREATING] = "creating",
3208 [HOME_REMOVING] = "removing",
3209 [HOME_UPDATING] = "updating",
3210 [HOME_UPDATING_WHILE_ACTIVE] = "updating-while-active",
3211 [HOME_RESIZING] = "resizing",
3212 [HOME_RESIZING_WHILE_ACTIVE] = "resizing-while-active",
3213 [HOME_PASSWD] = "passwd",
3214 [HOME_PASSWD_WHILE_ACTIVE] = "passwd-while-active",
3215 [HOME_AUTHENTICATING] = "authenticating",
3216 [HOME_AUTHENTICATING_WHILE_ACTIVE] = "authenticating-while-active",
3217 [HOME_AUTHENTICATING_FOR_ACQUIRE] = "authenticating-for-acquire",
3218 };
3219
3220 DEFINE_STRING_TABLE_LOOKUP(home_state, HomeState);
Unnamed repository; edit this file 'description' to name the repository.