]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/home/homed-home.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #24567 from poettering/homed-wait-timeout
[thirdparty/systemd.git] / src / home / homed-home.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #if HAVE_LINUX_MEMFD_H
4 #include <linux/memfd.h>
5 #endif
6
7 #include <sys/mman.h>
8 #include <sys/quota.h>
9 #include <sys/vfs.h>
10
11 #include "blockdev-util.h"
12 #include "btrfs-util.h"
13 #include "bus-common-errors.h"
14 #include "data-fd-util.h"
15 #include "env-util.h"
16 #include "errno-list.h"
17 #include "errno-util.h"
18 #include "fd-util.h"
19 #include "fileio.h"
20 #include "filesystems.h"
21 #include "fs-util.h"
22 #include "glyph-util.h"
23 #include "home-util.h"
24 #include "homed-home-bus.h"
25 #include "homed-home.h"
26 #include "missing_magic.h"
27 #include "missing_syscall.h"
28 #include "mkdir.h"
29 #include "path-util.h"
30 #include "process-util.h"
31 #include "pwquality-util.h"
32 #include "quota-util.h"
33 #include "resize-fs.h"
34 #include "set.h"
35 #include "signal-util.h"
36 #include "stat-util.h"
37 #include "string-table.h"
38 #include "strv.h"
39 #include "uid-alloc-range.h"
40 #include "user-record-pwquality.h"
41 #include "user-record-sign.h"
42 #include "user-record-util.h"
43 #include "user-record.h"
44 #include "user-util.h"
45
46 /* Retry to deactivate home directories again and again every 15s until it works */
47 #define RETRY_DEACTIVATE_USEC (15U * USEC_PER_SEC)
48
49 #define HOME_USERS_MAX 500
50 #define PENDING_OPERATIONS_MAX 100
51
52 assert_cc(HOME_UID_MIN <= HOME_UID_MAX);
53 assert_cc(HOME_USERS_MAX <= (HOME_UID_MAX - HOME_UID_MIN + 1));
54
55 static int home_start_work(Home *h, const char *verb, UserRecord *hr, UserRecord *secret);
56
57 DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(operation_hash_ops, void, trivial_hash_func, trivial_compare_func, Operation, operation_unref);
58
59 static int suitable_home_record(UserRecord *hr) {
60 int r;
61
62 assert(hr);
63
64 if (!hr->user_name)
65 return -EUNATCH;
66
67 /* We are a bit more restrictive with what we accept as homed-managed user than what we accept in
68 * home records in general. Let's enforce the stricter rule here. */
69 if (!suitable_user_name(hr->user_name))
70 return -EINVAL;
71 if (!uid_is_valid(hr->uid))
72 return -EINVAL;
73
74 /* Insist we are outside of the dynamic and system range */
75 if (uid_is_system(hr->uid) || gid_is_system(user_record_gid(hr)) ||
76 uid_is_dynamic(hr->uid) || gid_is_dynamic(user_record_gid(hr)))
77 return -EADDRNOTAVAIL;
78
79 /* Insist that GID and UID match */
80 if (user_record_gid(hr) != (gid_t) hr->uid)
81 return -EBADSLT;
82
83 /* Similar for the realm */
84 if (hr->realm) {
85 r = suitable_realm(hr->realm);
86 if (r < 0)
87 return r;
88 if (r == 0)
89 return -EINVAL;
90 }
91
92 return 0;
93 }
94
95 int home_new(Manager *m, UserRecord *hr, const char *sysfs, Home **ret) {
96 _cleanup_(home_freep) Home *home = NULL;
97 _cleanup_free_ char *nm = NULL, *ns = NULL;
98 int r;
99
100 assert(m);
101 assert(hr);
102
103 r = suitable_home_record(hr);
104 if (r < 0)
105 return r;
106
107 if (hashmap_contains(m->homes_by_name, hr->user_name))
108 return -EBUSY;
109
110 if (hashmap_contains(m->homes_by_uid, UID_TO_PTR(hr->uid)))
111 return -EBUSY;
112
113 if (sysfs && hashmap_contains(m->homes_by_sysfs, sysfs))
114 return -EBUSY;
115
116 if (hashmap_size(m->homes_by_name) >= HOME_USERS_MAX)
117 return -EUSERS;
118
119 nm = strdup(hr->user_name);
120 if (!nm)
121 return -ENOMEM;
122
123 if (sysfs) {
124 ns = strdup(sysfs);
125 if (!ns)
126 return -ENOMEM;
127 }
128
129 home = new(Home, 1);
130 if (!home)
131 return -ENOMEM;
132
133 *home = (Home) {
134 .manager = m,
135 .user_name = TAKE_PTR(nm),
136 .uid = hr->uid,
137 .state = _HOME_STATE_INVALID,
138 .worker_stdout_fd = -1,
139 .sysfs = TAKE_PTR(ns),
140 .signed_locally = -1,
141 .pin_fd = -1,
142 .luks_lock_fd = -1,
143 };
144
145 r = hashmap_put(m->homes_by_name, home->user_name, home);
146 if (r < 0)
147 return r;
148
149 r = hashmap_put(m->homes_by_uid, UID_TO_PTR(home->uid), home);
150 if (r < 0)
151 return r;
152
153 if (home->sysfs) {
154 r = hashmap_put(m->homes_by_sysfs, home->sysfs, home);
155 if (r < 0)
156 return r;
157 }
158
159 r = user_record_clone(hr, USER_RECORD_LOAD_MASK_SECRET|USER_RECORD_PERMISSIVE, &home->record);
160 if (r < 0)
161 return r;
162
163 (void) bus_manager_emit_auto_login_changed(m);
164 (void) bus_home_emit_change(home);
165 (void) manager_schedule_rebalance(m, /* immediately= */ false);
166
167 if (ret)
168 *ret = TAKE_PTR(home);
169 else
170 TAKE_PTR(home);
171
172 return 0;
173 }
174
175 Home *home_free(Home *h) {
176
177 if (!h)
178 return NULL;
179
180 if (h->manager) {
181 (void) bus_home_emit_remove(h);
182 (void) bus_manager_emit_auto_login_changed(h->manager);
183
184 if (h->user_name)
185 (void) hashmap_remove_value(h->manager->homes_by_name, h->user_name, h);
186
187 if (uid_is_valid(h->uid))
188 (void) hashmap_remove_value(h->manager->homes_by_uid, UID_TO_PTR(h->uid), h);
189
190 if (h->sysfs)
191 (void) hashmap_remove_value(h->manager->homes_by_sysfs, h->sysfs, h);
192
193 if (h->worker_pid > 0)
194 (void) hashmap_remove_value(h->manager->homes_by_worker_pid, PID_TO_PTR(h->worker_pid), h);
195
196 if (h->manager->gc_focus == h)
197 h->manager->gc_focus = NULL;
198
199 (void) manager_schedule_rebalance(h->manager, /* immediately= */ false);
200 }
201
202 user_record_unref(h->record);
203 user_record_unref(h->secret);
204
205 h->worker_event_source = sd_event_source_disable_unref(h->worker_event_source);
206 safe_close(h->worker_stdout_fd);
207 free(h->user_name);
208 free(h->sysfs);
209
210 h->ref_event_source_please_suspend = sd_event_source_disable_unref(h->ref_event_source_please_suspend);
211 h->ref_event_source_dont_suspend = sd_event_source_disable_unref(h->ref_event_source_dont_suspend);
212
213 h->pending_operations = ordered_set_free(h->pending_operations);
214 h->pending_event_source = sd_event_source_disable_unref(h->pending_event_source);
215 h->deferred_change_event_source = sd_event_source_disable_unref(h->deferred_change_event_source);
216
217 h->current_operation = operation_unref(h->current_operation);
218
219 safe_close(h->pin_fd);
220 safe_close(h->luks_lock_fd);
221
222 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
223
224 return mfree(h);
225 }
226
227 int home_set_record(Home *h, UserRecord *hr) {
228 _cleanup_(user_record_unrefp) UserRecord *new_hr = NULL;
229 Home *other;
230 int r;
231
232 assert(h);
233 assert(h->user_name);
234 assert(h->record);
235 assert(hr);
236
237 if (user_record_equal(h->record, hr))
238 return 0;
239
240 r = suitable_home_record(hr);
241 if (r < 0)
242 return r;
243
244 if (!user_record_compatible(h->record, hr))
245 return -EREMCHG;
246
247 if (!FLAGS_SET(hr->mask, USER_RECORD_REGULAR) ||
248 FLAGS_SET(hr->mask, USER_RECORD_SECRET))
249 return -EINVAL;
250
251 if (FLAGS_SET(h->record->mask, USER_RECORD_STATUS)) {
252 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
253
254 /* Hmm, the existing record has status fields? If so, copy them over */
255
256 v = json_variant_ref(hr->json);
257 r = json_variant_set_field(&v, "status", json_variant_by_key(h->record->json, "status"));
258 if (r < 0)
259 return r;
260
261 new_hr = user_record_new();
262 if (!new_hr)
263 return -ENOMEM;
264
265 r = user_record_load(new_hr, v, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE);
266 if (r < 0)
267 return r;
268
269 hr = new_hr;
270 }
271
272 other = hashmap_get(h->manager->homes_by_uid, UID_TO_PTR(hr->uid));
273 if (other && other != h)
274 return -EBUSY;
275
276 if (h->uid != hr->uid) {
277 r = hashmap_remove_and_replace(h->manager->homes_by_uid, UID_TO_PTR(h->uid), UID_TO_PTR(hr->uid), h);
278 if (r < 0)
279 return r;
280 }
281
282 user_record_unref(h->record);
283 h->record = user_record_ref(hr);
284 h->uid = h->record->uid;
285
286 /* The updated record might have a different autologin setting, trigger a PropertiesChanged event for it */
287 (void) bus_manager_emit_auto_login_changed(h->manager);
288 (void) bus_home_emit_change(h);
289
290 return 0;
291 }
292
293 int home_save_record(Home *h) {
294 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
295 _cleanup_free_ char *text = NULL;
296 const char *fn;
297 int r;
298
299 assert(h);
300
301 v = json_variant_ref(h->record->json);
302 r = json_variant_normalize(&v);
303 if (r < 0)
304 log_warning_errno(r, "User record could not be normalized.");
305
306 r = json_variant_format(v, JSON_FORMAT_PRETTY|JSON_FORMAT_NEWLINE, &text);
307 if (r < 0)
308 return r;
309
310 (void) mkdir("/var/lib/systemd/", 0755);
311 (void) mkdir(home_record_dir(), 0700);
312
313 fn = strjoina(home_record_dir(), "/", h->user_name, ".identity");
314
315 r = write_string_file(fn, text, WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_MODE_0600|WRITE_STRING_FILE_SYNC);
316 if (r < 0)
317 return r;
318
319 return 0;
320 }
321
322 int home_unlink_record(Home *h) {
323 const char *fn;
324
325 assert(h);
326
327 fn = strjoina(home_record_dir(), "/", h->user_name, ".identity");
328 if (unlink(fn) < 0 && errno != ENOENT)
329 return -errno;
330
331 fn = strjoina("/run/systemd/home/", h->user_name, ".ref");
332 if (unlink(fn) < 0 && errno != ENOENT)
333 return -errno;
334
335 return 0;
336 }
337
338 static void home_unpin(Home *h) {
339 assert(h);
340
341 if (h->pin_fd < 0)
342 return;
343
344 h->pin_fd = safe_close(h->pin_fd);
345 log_debug("Successfully closed pin fd on home for %s.", h->user_name);
346 }
347
348 static void home_pin(Home *h) {
349 const char *path;
350
351 assert(h);
352
353 if (h->pin_fd >= 0) /* Already pinned? */
354 return;
355
356 path = user_record_home_directory(h->record);
357 if (!path) {
358 log_warning("No home directory path to pin for %s, ignoring.", h->user_name);
359 return;
360 }
361
362 h->pin_fd = open(path, O_RDONLY|O_DIRECTORY|O_CLOEXEC);
363 if (h->pin_fd < 0) {
364 log_warning_errno(errno, "Couldn't open home directory '%s' for pinning, ignoring: %m", path);
365 return;
366 }
367
368 log_debug("Successfully pinned home directory '%s'.", path);
369 }
370
371 static void home_update_pin_fd(Home *h, HomeState state) {
372 assert(h);
373
374 if (state < 0)
375 state = home_get_state(h);
376
377 return HOME_STATE_SHALL_PIN(state) ? home_pin(h) : home_unpin(h);
378 }
379
380 static void home_maybe_close_luks_lock_fd(Home *h, HomeState state) {
381 assert(h);
382
383 if (h->luks_lock_fd < 0)
384 return;
385
386 if (state < 0)
387 state = home_get_state(h);
388
389 /* Keep the lock as long as the home dir is active or has some operation going */
390 if (HOME_STATE_IS_EXECUTING_OPERATION(state) || HOME_STATE_IS_ACTIVE(state) || state == HOME_LOCKED)
391 return;
392
393 h->luks_lock_fd = safe_close(h->luks_lock_fd);
394 log_debug("Successfully closed LUKS backing file lock for %s.", h->user_name);
395 }
396
397 static void home_maybe_stop_retry_deactivate(Home *h, HomeState state) {
398 assert(h);
399
400 /* Free the deactivation retry event source if we won't need it anymore. Specifically, we'll free the
401 * event source whenever the home directory is already deactivated (and we thus where successful) or
402 * if we start executing an operation that indicates that the home directory is going to be used or
403 * operated on again. Also, if the home is referenced again stop the timer */
404
405 if (HOME_STATE_MAY_RETRY_DEACTIVATE(state) &&
406 !h->ref_event_source_dont_suspend &&
407 !h->ref_event_source_please_suspend)
408 return;
409
410 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
411 }
412
413 static int home_deactivate_internal(Home *h, bool force, sd_bus_error *error);
414 static void home_start_retry_deactivate(Home *h);
415
416 static int home_on_retry_deactivate(sd_event_source *s, uint64_t usec, void *userdata) {
417 Home *h = userdata;
418 HomeState state;
419
420 assert(s);
421 assert(h);
422
423 /* 15s after the last attempt to deactivate the home directory passed. Let's try it one more time. */
424
425 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
426
427 state = home_get_state(h);
428 if (!HOME_STATE_MAY_RETRY_DEACTIVATE(state))
429 return 0;
430
431 if (IN_SET(state, HOME_ACTIVE, HOME_LINGERING)) {
432 log_info("Again trying to deactivate home directory.");
433
434 /* If we are not executing any operation, let's start deactivating now. Note that this will
435 * restart our timer again, we are gonna be called again if this doesn't work. */
436 (void) home_deactivate_internal(h, /* force= */ false, NULL);
437 } else
438 /* if we are executing an operation (specifically, area already running a deactivation
439 * operation), then simply reque the timer, so that we retry again. */
440 home_start_retry_deactivate(h);
441
442 return 0;
443 }
444
445 static void home_start_retry_deactivate(Home *h) {
446 int r;
447
448 assert(h);
449 assert(h->manager);
450
451 /* Already allocated? */
452 if (h->retry_deactivate_event_source)
453 return;
454
455 /* If the home directory is being used now don't start the timer */
456 if (h->ref_event_source_dont_suspend || h->ref_event_source_please_suspend)
457 return;
458
459 r = sd_event_add_time_relative(
460 h->manager->event,
461 &h->retry_deactivate_event_source,
462 CLOCK_MONOTONIC,
463 RETRY_DEACTIVATE_USEC,
464 1*USEC_PER_MINUTE,
465 home_on_retry_deactivate,
466 h);
467 if (r < 0)
468 return (void) log_warning_errno(r, "Failed to install retry-deactivate event source, ignoring: %m");
469
470 (void) sd_event_source_set_description(h->retry_deactivate_event_source, "retry-deactivate");
471 }
472
473 static void home_set_state(Home *h, HomeState state) {
474 HomeState old_state, new_state;
475
476 assert(h);
477
478 old_state = home_get_state(h);
479 h->state = state;
480 new_state = home_get_state(h); /* Query the new state, since the 'state' variable might be set to -1,
481 * in which case we synthesize an high-level state on demand */
482
483 log_info("%s: changing state %s %s %s", h->user_name,
484 home_state_to_string(old_state),
485 special_glyph(SPECIAL_GLYPH_ARROW_RIGHT),
486 home_state_to_string(new_state));
487
488 home_update_pin_fd(h, new_state);
489 home_maybe_close_luks_lock_fd(h, new_state);
490 home_maybe_stop_retry_deactivate(h, new_state);
491
492 if (HOME_STATE_IS_EXECUTING_OPERATION(old_state) && !HOME_STATE_IS_EXECUTING_OPERATION(new_state)) {
493 /* If we just finished executing some operation, process the queue of pending operations. And
494 * enqueue it for GC too. */
495
496 home_schedule_operation(h, NULL, NULL);
497 manager_reschedule_rebalance(h->manager);
498 manager_enqueue_gc(h->manager, h);
499 }
500 }
501
502 static int home_parse_worker_stdout(int _fd, UserRecord **ret) {
503 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
504 _cleanup_close_ int fd = _fd; /* take possession, even on failure */
505 _cleanup_(user_record_unrefp) UserRecord *hr = NULL;
506 _cleanup_fclose_ FILE *f = NULL;
507 unsigned line, column;
508 struct stat st;
509 int r;
510
511 if (fstat(fd, &st) < 0)
512 return log_error_errno(errno, "Failed to stat stdout fd: %m");
513
514 assert(S_ISREG(st.st_mode));
515
516 if (st.st_size == 0) { /* empty record */
517 *ret = NULL;
518 return 0;
519 }
520
521 if (lseek(fd, SEEK_SET, 0) == (off_t) -1)
522 return log_error_errno(errno, "Failed to seek to beginning of memfd: %m");
523
524 f = take_fdopen(&fd, "r");
525 if (!f)
526 return log_error_errno(errno, "Failed to reopen memfd: %m");
527
528 if (DEBUG_LOGGING) {
529 _cleanup_free_ char *text = NULL;
530
531 r = read_full_stream(f, &text, NULL);
532 if (r < 0)
533 return log_error_errno(r, "Failed to read from client: %m");
534
535 log_debug("Got from worker: %s", text);
536 rewind(f);
537 }
538
539 r = json_parse_file(f, "stdout", JSON_PARSE_SENSITIVE, &v, &line, &column);
540 if (r < 0)
541 return log_error_errno(r, "Failed to parse identity at %u:%u: %m", line, column);
542
543 hr = user_record_new();
544 if (!hr)
545 return log_oom();
546
547 r = user_record_load(hr, v, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE);
548 if (r < 0)
549 return log_error_errno(r, "Failed to load home record identity: %m");
550
551 *ret = TAKE_PTR(hr);
552 return 1;
553 }
554
555 static int home_verify_user_record(Home *h, UserRecord *hr, bool *ret_signed_locally, sd_bus_error *ret_error) {
556 int is_signed;
557
558 assert(h);
559 assert(hr);
560 assert(ret_signed_locally);
561
562 is_signed = manager_verify_user_record(h->manager, hr);
563 switch (is_signed) {
564
565 case USER_RECORD_SIGNED_EXCLUSIVE:
566 log_info("Home %s is signed exclusively by our key, accepting.", hr->user_name);
567 *ret_signed_locally = true;
568 return 0;
569
570 case USER_RECORD_SIGNED:
571 log_info("Home %s is signed by our key (and others), accepting.", hr->user_name);
572 *ret_signed_locally = false;
573 return 0;
574
575 case USER_RECORD_FOREIGN:
576 log_info("Home %s is signed by foreign key we like, accepting.", hr->user_name);
577 *ret_signed_locally = false;
578 return 0;
579
580 case USER_RECORD_UNSIGNED:
581 sd_bus_error_setf(ret_error, BUS_ERROR_BAD_SIGNATURE, "User record %s is not signed at all, refusing.", hr->user_name);
582 return log_error_errno(SYNTHETIC_ERRNO(EPERM), "Home %s contains user record that is not signed at all, refusing.", hr->user_name);
583
584 case -ENOKEY:
585 sd_bus_error_setf(ret_error, BUS_ERROR_BAD_SIGNATURE, "User record %s is not signed by any known key, refusing.", hr->user_name);
586 return log_error_errno(is_signed, "Home %s contains user record that is not signed by any known key, refusing.", hr->user_name);
587
588 default:
589 assert(is_signed < 0);
590 return log_error_errno(is_signed, "Failed to verify signature on user record for %s, refusing fixation: %m", hr->user_name);
591 }
592 }
593
594 static int convert_worker_errno(Home *h, int e, sd_bus_error *error) {
595 /* Converts the error numbers the worker process returned into somewhat sensible dbus errors */
596
597 switch (e) {
598
599 case -EMSGSIZE:
600 return sd_bus_error_set(error, BUS_ERROR_BAD_HOME_SIZE, "File systems of this type cannot be shrunk");
601 case -ETXTBSY:
602 return sd_bus_error_set(error, BUS_ERROR_BAD_HOME_SIZE, "File systems of this type can only be shrunk offline");
603 case -ERANGE:
604 return sd_bus_error_set(error, BUS_ERROR_BAD_HOME_SIZE, "File system size too small");
605 case -ENOLINK:
606 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "System does not support selected storage backend");
607 case -EPROTONOSUPPORT:
608 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "System does not support selected file system");
609 case -ENOTTY:
610 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "Operation not supported on storage backend");
611 case -ESOCKTNOSUPPORT:
612 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "Operation not supported on file system");
613 case -ENOKEY:
614 return sd_bus_error_setf(error, BUS_ERROR_BAD_PASSWORD, "Password for home %s is incorrect or not sufficient for authentication.", h->user_name);
615 case -EBADSLT:
616 return sd_bus_error_setf(error, BUS_ERROR_BAD_PASSWORD_AND_NO_TOKEN, "Password for home %s is incorrect or not sufficient, and configured security token not found either.", h->user_name);
617 case -EREMOTEIO:
618 return sd_bus_error_setf(error, BUS_ERROR_BAD_RECOVERY_KEY, "Recovery key for home %s is incorrect or not sufficient for authentication.", h->user_name);
619 case -ENOANO:
620 return sd_bus_error_set(error, BUS_ERROR_TOKEN_PIN_NEEDED, "PIN for security token required.");
621 case -ERFKILL:
622 return sd_bus_error_set(error, BUS_ERROR_TOKEN_PROTECTED_AUTHENTICATION_PATH_NEEDED, "Security token requires protected authentication path.");
623 case -EMEDIUMTYPE:
624 return sd_bus_error_set(error, BUS_ERROR_TOKEN_USER_PRESENCE_NEEDED, "Security token requires presence confirmation.");
625 case -ENOCSI:
626 return sd_bus_error_set(error, BUS_ERROR_TOKEN_USER_VERIFICATION_NEEDED, "Security token requires user verification.");
627 case -ENOSTR:
628 return sd_bus_error_set(error, BUS_ERROR_TOKEN_ACTION_TIMEOUT, "Token action timeout. (User was supposed to verify presence or similar, by interacting with the token, and didn't do that in time.)");
629 case -EOWNERDEAD:
630 return sd_bus_error_set(error, BUS_ERROR_TOKEN_PIN_LOCKED, "PIN of security token locked.");
631 case -ENOLCK:
632 return sd_bus_error_set(error, BUS_ERROR_TOKEN_BAD_PIN, "Bad PIN of security token.");
633 case -ETOOMANYREFS:
634 return sd_bus_error_set(error, BUS_ERROR_TOKEN_BAD_PIN_FEW_TRIES_LEFT, "Bad PIN of security token, and only a few tries left.");
635 case -EUCLEAN:
636 return sd_bus_error_set(error, BUS_ERROR_TOKEN_BAD_PIN_ONE_TRY_LEFT, "Bad PIN of security token, and only one try left.");
637 case -EBUSY:
638 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
639 case -ENOEXEC:
640 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s is currently not active", h->user_name);
641 case -ENOSPC:
642 return sd_bus_error_setf(error, BUS_ERROR_NO_DISK_SPACE, "Not enough disk space for home %s", h->user_name);
643 case -EKEYREVOKED:
644 return sd_bus_error_setf(error, BUS_ERROR_HOME_CANT_AUTHENTICATE, "Home %s has no password or other authentication mechanism defined.", h->user_name);
645 case -EADDRINUSE:
646 return sd_bus_error_setf(error, BUS_ERROR_HOME_IN_USE, "Home %s is currently being used elsewhere.", h->user_name);
647 }
648
649 return 0;
650 }
651
652 static void home_count_bad_authentication(Home *h, bool save) {
653 int r;
654
655 assert(h);
656
657 r = user_record_bad_authentication(h->record);
658 if (r < 0) {
659 log_warning_errno(r, "Failed to increase bad authentication counter, ignoring: %m");
660 return;
661 }
662
663 if (save) {
664 r = home_save_record(h);
665 if (r < 0)
666 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
667 }
668 }
669
670 static void home_fixate_finish(Home *h, int ret, UserRecord *hr) {
671 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
672 _cleanup_(user_record_unrefp) UserRecord *secret = NULL;
673 bool signed_locally;
674 int r;
675
676 assert(h);
677 assert(IN_SET(h->state, HOME_FIXATING, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE));
678
679 secret = TAKE_PTR(h->secret); /* Take possession */
680
681 if (ret < 0) {
682 if (ret == -ENOKEY)
683 (void) home_count_bad_authentication(h, false);
684
685 (void) convert_worker_errno(h, ret, &error);
686 r = log_error_errno(ret, "Fixation failed: %m");
687 goto fail;
688 }
689 if (!hr) {
690 r = log_error_errno(SYNTHETIC_ERRNO(EIO), "Did not receive user record from worker process, fixation failed.");
691 goto fail;
692 }
693
694 r = home_verify_user_record(h, hr, &signed_locally, &error);
695 if (r < 0)
696 goto fail;
697
698 r = home_set_record(h, hr);
699 if (r < 0) {
700 log_error_errno(r, "Failed to update home record: %m");
701 goto fail;
702 }
703
704 h->signed_locally = signed_locally;
705
706 /* When we finished fixating (and don't follow-up with activation), let's count this as good authentication */
707 if (h->state == HOME_FIXATING) {
708 r = user_record_good_authentication(h->record);
709 if (r < 0)
710 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
711 }
712
713 r = home_save_record(h);
714 if (r < 0)
715 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
716
717 if (IN_SET(h->state, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE)) {
718
719 r = home_start_work(h, "activate", h->record, secret);
720 if (r < 0) {
721 h->current_operation = operation_result_unref(h->current_operation, r, NULL);
722 home_set_state(h, _HOME_STATE_INVALID);
723 } else
724 home_set_state(h, h->state == HOME_FIXATING_FOR_ACTIVATION ? HOME_ACTIVATING : HOME_ACTIVATING_FOR_ACQUIRE);
725
726 return;
727 }
728
729 log_debug("Fixation of %s completed.", h->user_name);
730
731 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
732
733 /* Reset the state to "invalid", which makes home_get_state() test if the image exists and returns
734 * HOME_ABSENT vs. HOME_INACTIVE as necessary. */
735 home_set_state(h, _HOME_STATE_INVALID);
736 (void) manager_schedule_rebalance(h->manager, /* immediately= */ false);
737 return;
738
739 fail:
740 /* If fixation fails, we stay in unfixated state! */
741 h->current_operation = operation_result_unref(h->current_operation, r, &error);
742 home_set_state(h, HOME_UNFIXATED);
743 }
744
745 static void home_activate_finish(Home *h, int ret, UserRecord *hr) {
746 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
747 int r;
748
749 assert(h);
750 assert(IN_SET(h->state, HOME_ACTIVATING, HOME_ACTIVATING_FOR_ACQUIRE));
751
752 if (ret < 0) {
753 if (ret == -ENOKEY)
754 home_count_bad_authentication(h, true);
755
756 (void) convert_worker_errno(h, ret, &error);
757 r = log_error_errno(ret, "Activation failed: %m");
758 goto finish;
759 }
760
761 if (hr) {
762 bool signed_locally;
763
764 r = home_verify_user_record(h, hr, &signed_locally, &error);
765 if (r < 0)
766 goto finish;
767
768 r = home_set_record(h, hr);
769 if (r < 0) {
770 log_error_errno(r, "Failed to update home record, ignoring: %m");
771 goto finish;
772 }
773
774 h->signed_locally = signed_locally;
775
776 r = user_record_good_authentication(h->record);
777 if (r < 0)
778 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
779
780 r = home_save_record(h);
781 if (r < 0)
782 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
783 }
784
785 log_debug("Activation of %s completed.", h->user_name);
786 r = 0;
787
788 finish:
789 h->current_operation = operation_result_unref(h->current_operation, r, &error);
790 home_set_state(h, _HOME_STATE_INVALID);
791
792 if (r >= 0)
793 (void) manager_schedule_rebalance(h->manager, /* immediately= */ true);
794 }
795
796 static void home_deactivate_finish(Home *h, int ret, UserRecord *hr) {
797 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
798 int r;
799
800 assert(h);
801 assert(h->state == HOME_DEACTIVATING);
802 assert(!hr); /* We don't expect a record on this operation */
803
804 if (ret < 0) {
805 (void) convert_worker_errno(h, ret, &error);
806 r = log_error_errno(ret, "Deactivation of %s failed: %m", h->user_name);
807 goto finish;
808 }
809
810 log_debug("Deactivation of %s completed.", h->user_name);
811 r = 0;
812
813 finish:
814 h->current_operation = operation_result_unref(h->current_operation, r, &error);
815 home_set_state(h, _HOME_STATE_INVALID);
816
817 if (r >= 0)
818 (void) manager_schedule_rebalance(h->manager, /* immediately= */ true);
819 }
820
821 static void home_remove_finish(Home *h, int ret, UserRecord *hr) {
822 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
823 Manager *m;
824 int r;
825
826 assert(h);
827 assert(h->state == HOME_REMOVING);
828 assert(!hr); /* We don't expect a record on this operation */
829
830 m = h->manager;
831
832 if (ret < 0 && ret != -EALREADY) {
833 (void) convert_worker_errno(h, ret, &error);
834 r = log_error_errno(ret, "Removing %s failed: %m", h->user_name);
835 goto fail;
836 }
837
838 /* For a couple of storage types we can't delete the actual data storage when called (such as LUKS on
839 * partitions like USB sticks, or so). Sometimes these storage locations are among those we normally
840 * automatically discover in /home or in udev. When such a home is deleted let's hence issue a rescan
841 * after completion, so that "unfixated" entries are rediscovered. */
842 if (!IN_SET(user_record_test_image_path(h->record), USER_TEST_UNDEFINED, USER_TEST_ABSENT))
843 manager_enqueue_rescan(m);
844
845 /* The image is now removed from disk. Now also remove our stored record */
846 r = home_unlink_record(h);
847 if (r < 0) {
848 log_error_errno(r, "Removing record file failed: %m");
849 goto fail;
850 }
851
852 log_debug("Removal of %s completed.", h->user_name);
853 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
854
855 /* Unload this record from memory too now. */
856 h = home_free(h);
857
858 (void) manager_schedule_rebalance(m, /* immediately= */ true);
859 return;
860
861 fail:
862 h->current_operation = operation_result_unref(h->current_operation, r, &error);
863 home_set_state(h, _HOME_STATE_INVALID);
864 }
865
866 static void home_create_finish(Home *h, int ret, UserRecord *hr) {
867 int r;
868
869 assert(h);
870 assert(h->state == HOME_CREATING);
871
872 if (ret < 0) {
873 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
874
875 (void) convert_worker_errno(h, ret, &error);
876 log_error_errno(ret, "Operation on %s failed: %m", h->user_name);
877 h->current_operation = operation_result_unref(h->current_operation, ret, &error);
878
879 if (h->unregister_on_failure) {
880 (void) home_unlink_record(h);
881 h = home_free(h);
882 return;
883 }
884
885 home_set_state(h, _HOME_STATE_INVALID);
886 return;
887 }
888
889 if (hr) {
890 r = home_set_record(h, hr);
891 if (r < 0)
892 log_warning_errno(r, "Failed to update home record, ignoring: %m");
893 }
894
895 r = home_save_record(h);
896 if (r < 0)
897 log_warning_errno(r, "Failed to save record to disk, ignoring: %m");
898
899 log_debug("Creation of %s completed.", h->user_name);
900
901 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
902 home_set_state(h, _HOME_STATE_INVALID);
903
904 (void) manager_schedule_rebalance(h->manager, /* immediately= */ true);
905 }
906
907 static void home_change_finish(Home *h, int ret, UserRecord *hr) {
908 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
909 int r;
910
911 assert(h);
912
913 if (ret < 0) {
914 if (ret == -ENOKEY)
915 (void) home_count_bad_authentication(h, true);
916
917 (void) convert_worker_errno(h, ret, &error);
918 r = log_error_errno(ret, "Change operation failed: %m");
919 goto finish;
920 }
921
922 if (hr) {
923 r = home_set_record(h, hr);
924 if (r < 0)
925 log_warning_errno(r, "Failed to update home record, ignoring: %m");
926 else {
927 r = user_record_good_authentication(h->record);
928 if (r < 0)
929 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
930
931 r = home_save_record(h);
932 if (r < 0)
933 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
934 }
935 }
936
937 log_debug("Change operation of %s completed.", h->user_name);
938 (void) manager_schedule_rebalance(h->manager, /* immediately= */ false);
939 r = 0;
940
941 finish:
942 h->current_operation = operation_result_unref(h->current_operation, r, &error);
943 home_set_state(h, _HOME_STATE_INVALID);
944 }
945
946 static void home_locking_finish(Home *h, int ret, UserRecord *hr) {
947 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
948 int r;
949
950 assert(h);
951 assert(h->state == HOME_LOCKING);
952
953 if (ret < 0) {
954 (void) convert_worker_errno(h, ret, &error);
955 r = log_error_errno(ret, "Locking operation failed: %m");
956 goto finish;
957 }
958
959 log_debug("Locking operation of %s completed.", h->user_name);
960 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
961 home_set_state(h, HOME_LOCKED);
962 return;
963
964 finish:
965 /* If a specific home doesn't know the concept of locking, then that's totally OK, don't propagate
966 * the error if we are executing a LockAllHomes() operation. */
967
968 if (h->current_operation->type == OPERATION_LOCK_ALL && r == -ENOTTY)
969 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
970 else
971 h->current_operation = operation_result_unref(h->current_operation, r, &error);
972
973 home_set_state(h, _HOME_STATE_INVALID);
974 }
975
976 static void home_unlocking_finish(Home *h, int ret, UserRecord *hr) {
977 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
978 int r;
979
980 assert(h);
981 assert(IN_SET(h->state, HOME_UNLOCKING, HOME_UNLOCKING_FOR_ACQUIRE));
982
983 if (ret < 0) {
984 if (ret == -ENOKEY)
985 (void) home_count_bad_authentication(h, true);
986
987 (void) convert_worker_errno(h, ret, &error);
988 r = log_error_errno(ret, "Unlocking operation failed: %m");
989
990 /* Revert to locked state */
991 home_set_state(h, HOME_LOCKED);
992 h->current_operation = operation_result_unref(h->current_operation, r, &error);
993 return;
994 }
995
996 r = user_record_good_authentication(h->record);
997 if (r < 0)
998 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
999 else {
1000 r = home_save_record(h);
1001 if (r < 0)
1002 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
1003 }
1004
1005 log_debug("Unlocking operation of %s completed.", h->user_name);
1006
1007 h->current_operation = operation_result_unref(h->current_operation, r, &error);
1008 home_set_state(h, _HOME_STATE_INVALID);
1009 return;
1010 }
1011
1012 static void home_authenticating_finish(Home *h, int ret, UserRecord *hr) {
1013 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1014 int r;
1015
1016 assert(h);
1017 assert(IN_SET(h->state, HOME_AUTHENTICATING, HOME_AUTHENTICATING_WHILE_ACTIVE, HOME_AUTHENTICATING_FOR_ACQUIRE));
1018
1019 if (ret < 0) {
1020 if (ret == -ENOKEY)
1021 (void) home_count_bad_authentication(h, true);
1022
1023 (void) convert_worker_errno(h, ret, &error);
1024 r = log_error_errno(ret, "Authentication failed: %m");
1025 goto finish;
1026 }
1027
1028 if (hr) {
1029 r = home_set_record(h, hr);
1030 if (r < 0)
1031 log_warning_errno(r, "Failed to update home record, ignoring: %m");
1032 else {
1033 r = user_record_good_authentication(h->record);
1034 if (r < 0)
1035 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
1036
1037 r = home_save_record(h);
1038 if (r < 0)
1039 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
1040 }
1041 }
1042
1043 log_debug("Authentication of %s completed.", h->user_name);
1044 r = 0;
1045
1046 finish:
1047 h->current_operation = operation_result_unref(h->current_operation, r, &error);
1048 home_set_state(h, _HOME_STATE_INVALID);
1049 }
1050
1051 static int home_on_worker_process(sd_event_source *s, const siginfo_t *si, void *userdata) {
1052 _cleanup_(user_record_unrefp) UserRecord *hr = NULL;
1053 Home *h = userdata;
1054 int ret;
1055
1056 assert(s);
1057 assert(si);
1058 assert(h);
1059
1060 assert(h->worker_pid == si->si_pid);
1061 assert(h->worker_event_source);
1062 assert(h->worker_stdout_fd >= 0);
1063
1064 (void) hashmap_remove_value(h->manager->homes_by_worker_pid, PID_TO_PTR(h->worker_pid), h);
1065
1066 h->worker_pid = 0;
1067 h->worker_event_source = sd_event_source_disable_unref(h->worker_event_source);
1068
1069 if (si->si_code != CLD_EXITED) {
1070 assert(IN_SET(si->si_code, CLD_KILLED, CLD_DUMPED));
1071 ret = log_debug_errno(SYNTHETIC_ERRNO(EPROTO), "Worker process died abnormally with signal %s.", signal_to_string(si->si_status));
1072 } else if (si->si_status != EXIT_SUCCESS) {
1073 /* If we received an error code via sd_notify(), use it */
1074 if (h->worker_error_code != 0)
1075 ret = log_debug_errno(h->worker_error_code, "Worker reported error code %s.", errno_to_name(h->worker_error_code));
1076 else
1077 ret = log_debug_errno(SYNTHETIC_ERRNO(EPROTO), "Worker exited with exit code %i.", si->si_status);
1078 } else
1079 ret = home_parse_worker_stdout(TAKE_FD(h->worker_stdout_fd), &hr);
1080
1081 h->worker_stdout_fd = safe_close(h->worker_stdout_fd);
1082
1083 switch (h->state) {
1084
1085 case HOME_FIXATING:
1086 case HOME_FIXATING_FOR_ACTIVATION:
1087 case HOME_FIXATING_FOR_ACQUIRE:
1088 home_fixate_finish(h, ret, hr);
1089 break;
1090
1091 case HOME_ACTIVATING:
1092 case HOME_ACTIVATING_FOR_ACQUIRE:
1093 home_activate_finish(h, ret, hr);
1094 break;
1095
1096 case HOME_DEACTIVATING:
1097 home_deactivate_finish(h, ret, hr);
1098 break;
1099
1100 case HOME_LOCKING:
1101 home_locking_finish(h, ret, hr);
1102 break;
1103
1104 case HOME_UNLOCKING:
1105 case HOME_UNLOCKING_FOR_ACQUIRE:
1106 home_unlocking_finish(h, ret, hr);
1107 break;
1108
1109 case HOME_CREATING:
1110 home_create_finish(h, ret, hr);
1111 break;
1112
1113 case HOME_REMOVING:
1114 home_remove_finish(h, ret, hr);
1115 break;
1116
1117 case HOME_UPDATING:
1118 case HOME_UPDATING_WHILE_ACTIVE:
1119 case HOME_RESIZING:
1120 case HOME_RESIZING_WHILE_ACTIVE:
1121 case HOME_PASSWD:
1122 case HOME_PASSWD_WHILE_ACTIVE:
1123 home_change_finish(h, ret, hr);
1124 break;
1125
1126 case HOME_AUTHENTICATING:
1127 case HOME_AUTHENTICATING_WHILE_ACTIVE:
1128 case HOME_AUTHENTICATING_FOR_ACQUIRE:
1129 home_authenticating_finish(h, ret, hr);
1130 break;
1131
1132 default:
1133 assert_not_reached();
1134 }
1135
1136 return 0;
1137 }
1138
1139 static int home_start_work(Home *h, const char *verb, UserRecord *hr, UserRecord *secret) {
1140 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1141 _cleanup_(erase_and_freep) char *formatted = NULL;
1142 _cleanup_close_ int stdin_fd = -1, stdout_fd = -1;
1143 pid_t pid = 0;
1144 int r;
1145
1146 assert(h);
1147 assert(verb);
1148 assert(hr);
1149
1150 if (h->worker_pid != 0)
1151 return -EBUSY;
1152
1153 assert(h->worker_stdout_fd < 0);
1154 assert(!h->worker_event_source);
1155
1156 v = json_variant_ref(hr->json);
1157
1158 if (secret) {
1159 JsonVariant *sub = NULL;
1160
1161 sub = json_variant_by_key(secret->json, "secret");
1162 if (!sub)
1163 return -ENOKEY;
1164
1165 r = json_variant_set_field(&v, "secret", sub);
1166 if (r < 0)
1167 return r;
1168 }
1169
1170 r = json_variant_format(v, 0, &formatted);
1171 if (r < 0)
1172 return r;
1173
1174 stdin_fd = acquire_data_fd(formatted, strlen(formatted), 0);
1175 if (stdin_fd < 0)
1176 return stdin_fd;
1177
1178 log_debug("Sending to worker: %s", formatted);
1179
1180 stdout_fd = memfd_create("homework-stdout", MFD_CLOEXEC);
1181 if (stdout_fd < 0)
1182 return -errno;
1183
1184 r = safe_fork_full("(sd-homework)",
1185 (int[]) { stdin_fd, stdout_fd }, 2,
1186 FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_LOG|FORK_REOPEN_LOG, &pid);
1187 if (r < 0)
1188 return r;
1189 if (r == 0) {
1190 _cleanup_free_ char *joined = NULL;
1191 const char *homework, *suffix, *unix_path;
1192
1193 /* Child */
1194
1195 suffix = getenv("SYSTEMD_HOME_DEBUG_SUFFIX");
1196 if (suffix) {
1197 joined = strjoin("/run/systemd/home/notify.", suffix);
1198 if (!joined)
1199 return log_oom();
1200 unix_path = joined;
1201 } else
1202 unix_path = "/run/systemd/home/notify";
1203
1204 if (setenv("NOTIFY_SOCKET", unix_path, 1) < 0) {
1205 log_error_errno(errno, "Failed to set $NOTIFY_SOCKET: %m");
1206 _exit(EXIT_FAILURE);
1207 }
1208
1209 /* If we haven't locked the device yet, ask for a lock to be taken and be passed back to us via sd_notify(). */
1210 if (setenv("SYSTEMD_LUKS_LOCK", one_zero(h->luks_lock_fd < 0), 1) < 0) {
1211 log_error_errno(errno, "Failed to set $SYSTEMD_LUKS_LOCK: %m");
1212 _exit(EXIT_FAILURE);
1213 }
1214
1215 if (h->manager->default_storage >= 0)
1216 if (setenv("SYSTEMD_HOME_DEFAULT_STORAGE", user_storage_to_string(h->manager->default_storage), 1) < 0) {
1217 log_error_errno(errno, "Failed to set $SYSTEMD_HOME_DEFAULT_STORAGE: %m");
1218 _exit(EXIT_FAILURE);
1219 }
1220
1221 if (h->manager->default_file_system_type)
1222 if (setenv("SYSTEMD_HOME_DEFAULT_FILE_SYSTEM_TYPE", h->manager->default_file_system_type, 1) < 0) {
1223 log_error_errno(errno, "Failed to set $SYSTEMD_HOME_DEFAULT_FILE_SYSTEM_TYPE: %m");
1224 _exit(EXIT_FAILURE);
1225 }
1226
1227 r = setenv_systemd_exec_pid(true);
1228 if (r < 0)
1229 log_warning_errno(r, "Failed to update $SYSTEMD_EXEC_PID, ignoring: %m");
1230
1231 r = rearrange_stdio(TAKE_FD(stdin_fd), TAKE_FD(stdout_fd), STDERR_FILENO); /* fds are invalidated by rearrange_stdio() even on failure */
1232 if (r < 0) {
1233 log_error_errno(r, "Failed to rearrange stdin/stdout/stderr: %m");
1234 _exit(EXIT_FAILURE);
1235 }
1236
1237
1238 /* Allow overriding the homework path via an environment variable, to make debugging
1239 * easier. */
1240 homework = getenv("SYSTEMD_HOMEWORK_PATH") ?: SYSTEMD_HOMEWORK_PATH;
1241
1242 execl(homework, homework, verb, NULL);
1243 log_error_errno(errno, "Failed to invoke %s: %m", homework);
1244 _exit(EXIT_FAILURE);
1245 }
1246
1247 r = sd_event_add_child(h->manager->event, &h->worker_event_source, pid, WEXITED, home_on_worker_process, h);
1248 if (r < 0)
1249 return r;
1250
1251 (void) sd_event_source_set_description(h->worker_event_source, "worker");
1252
1253 r = hashmap_put(h->manager->homes_by_worker_pid, PID_TO_PTR(pid), h);
1254 if (r < 0) {
1255 h->worker_event_source = sd_event_source_disable_unref(h->worker_event_source);
1256 return r;
1257 }
1258
1259 h->worker_stdout_fd = TAKE_FD(stdout_fd);
1260 h->worker_pid = pid;
1261 h->worker_error_code = 0;
1262
1263 return 0;
1264 }
1265
1266 static int home_ratelimit(Home *h, sd_bus_error *error) {
1267 int r, ret;
1268
1269 assert(h);
1270
1271 ret = user_record_ratelimit(h->record);
1272 if (ret < 0)
1273 return ret;
1274
1275 if (h->state != HOME_UNFIXATED) {
1276 r = home_save_record(h);
1277 if (r < 0)
1278 log_warning_errno(r, "Failed to save updated record, ignoring: %m");
1279 }
1280
1281 if (ret == 0) {
1282 usec_t t, n;
1283
1284 n = now(CLOCK_REALTIME);
1285 t = user_record_ratelimit_next_try(h->record);
1286
1287 if (t != USEC_INFINITY && t > n)
1288 return sd_bus_error_setf(error, BUS_ERROR_AUTHENTICATION_LIMIT_HIT,
1289 "Too many login attempts, please try again in %s!",
1290 FORMAT_TIMESPAN(t - n, USEC_PER_SEC));
1291
1292 return sd_bus_error_set(error, BUS_ERROR_AUTHENTICATION_LIMIT_HIT, "Too many login attempts, please try again later.");
1293 }
1294
1295 return 0;
1296 }
1297
1298 static int home_fixate_internal(
1299 Home *h,
1300 UserRecord *secret,
1301 HomeState for_state,
1302 sd_bus_error *error) {
1303
1304 int r;
1305
1306 assert(h);
1307 assert(IN_SET(for_state, HOME_FIXATING, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE));
1308
1309 r = home_start_work(h, "inspect", h->record, secret);
1310 if (r < 0)
1311 return r;
1312
1313 if (IN_SET(for_state, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE)) {
1314 /* Remember the secret data, since we need it for the activation again, later on. */
1315 user_record_unref(h->secret);
1316 h->secret = user_record_ref(secret);
1317 }
1318
1319 home_set_state(h, for_state);
1320 return 0;
1321 }
1322
1323 int home_fixate(Home *h, UserRecord *secret, sd_bus_error *error) {
1324 int r;
1325
1326 assert(h);
1327
1328 switch (home_get_state(h)) {
1329 case HOME_ABSENT:
1330 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1331 case HOME_INACTIVE:
1332 case HOME_DIRTY:
1333 case HOME_ACTIVE:
1334 case HOME_LINGERING:
1335 case HOME_LOCKED:
1336 return sd_bus_error_setf(error, BUS_ERROR_HOME_ALREADY_FIXATED, "Home %s is already fixated.", h->user_name);
1337 case HOME_UNFIXATED:
1338 break;
1339 default:
1340 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1341 }
1342
1343 r = home_ratelimit(h, error);
1344 if (r < 0)
1345 return r;
1346
1347 return home_fixate_internal(h, secret, HOME_FIXATING, error);
1348 }
1349
1350 static int home_activate_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1351 int r;
1352
1353 assert(h);
1354 assert(IN_SET(for_state, HOME_ACTIVATING, HOME_ACTIVATING_FOR_ACQUIRE));
1355
1356 r = home_start_work(h, "activate", h->record, secret);
1357 if (r < 0)
1358 return r;
1359
1360 home_set_state(h, for_state);
1361 return 0;
1362 }
1363
1364 int home_activate(Home *h, UserRecord *secret, sd_bus_error *error) {
1365 int r;
1366
1367 assert(h);
1368
1369 switch (home_get_state(h)) {
1370 case HOME_UNFIXATED:
1371 return home_fixate_internal(h, secret, HOME_FIXATING_FOR_ACTIVATION, error);
1372 case HOME_ABSENT:
1373 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1374 case HOME_ACTIVE:
1375 return sd_bus_error_setf(error, BUS_ERROR_HOME_ALREADY_ACTIVE, "Home %s is already active.", h->user_name);
1376 case HOME_LINGERING:
1377 /* If we are lingering, i.e. active but are supposed to be deactivated, then cancel this
1378 * timer if the user explicitly asks us to be active */
1379 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
1380 return 0;
1381 case HOME_LOCKED:
1382 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1383 case HOME_INACTIVE:
1384 case HOME_DIRTY:
1385 break;
1386 default:
1387 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1388 }
1389
1390 r = home_ratelimit(h, error);
1391 if (r < 0)
1392 return r;
1393
1394 return home_activate_internal(h, secret, HOME_ACTIVATING, error);
1395 }
1396
1397 static int home_authenticate_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1398 int r;
1399
1400 assert(h);
1401 assert(IN_SET(for_state, HOME_AUTHENTICATING, HOME_AUTHENTICATING_WHILE_ACTIVE, HOME_AUTHENTICATING_FOR_ACQUIRE));
1402
1403 r = home_start_work(h, "inspect", h->record, secret);
1404 if (r < 0)
1405 return r;
1406
1407 home_set_state(h, for_state);
1408 return 0;
1409 }
1410
1411 int home_authenticate(Home *h, UserRecord *secret, sd_bus_error *error) {
1412 HomeState state;
1413 int r;
1414
1415 assert(h);
1416
1417 state = home_get_state(h);
1418 switch (state) {
1419 case HOME_ABSENT:
1420 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1421 case HOME_LOCKED:
1422 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1423 case HOME_UNFIXATED:
1424 case HOME_INACTIVE:
1425 case HOME_DIRTY:
1426 case HOME_ACTIVE:
1427 case HOME_LINGERING:
1428 break;
1429 default:
1430 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1431 }
1432
1433 r = home_ratelimit(h, error);
1434 if (r < 0)
1435 return r;
1436
1437 return home_authenticate_internal(h, secret, HOME_STATE_IS_ACTIVE(state) ? HOME_AUTHENTICATING_WHILE_ACTIVE : HOME_AUTHENTICATING, error);
1438 }
1439
1440 static int home_deactivate_internal(Home *h, bool force, sd_bus_error *error) {
1441 int r;
1442
1443 assert(h);
1444
1445 home_unpin(h); /* unpin so that we can deactivate */
1446
1447 r = home_start_work(h, force ? "deactivate-force" : "deactivate", h->record, NULL);
1448 if (r < 0)
1449 /* Operation failed before it even started, reacquire pin fd, if state still dictates so */
1450 home_update_pin_fd(h, _HOME_STATE_INVALID);
1451 else {
1452 home_set_state(h, HOME_DEACTIVATING);
1453 r = 0;
1454 }
1455
1456 /* Let's start a timer to retry deactivation in 15. We'll stop the timer once we manage to deactivate
1457 * the home directory again, or we start any other operation. */
1458 home_start_retry_deactivate(h);
1459
1460 return r;
1461 }
1462
1463 int home_deactivate(Home *h, bool force, sd_bus_error *error) {
1464 assert(h);
1465
1466 switch (home_get_state(h)) {
1467 case HOME_UNFIXATED:
1468 case HOME_ABSENT:
1469 case HOME_INACTIVE:
1470 case HOME_DIRTY:
1471 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s not active.", h->user_name);
1472 case HOME_LOCKED:
1473 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1474 case HOME_ACTIVE:
1475 case HOME_LINGERING:
1476 break;
1477 default:
1478 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1479 }
1480
1481 return home_deactivate_internal(h, force, error);
1482 }
1483
1484 int home_create(Home *h, UserRecord *secret, sd_bus_error *error) {
1485 int r;
1486
1487 assert(h);
1488
1489 switch (home_get_state(h)) {
1490 case HOME_INACTIVE: {
1491 int t;
1492
1493 if (h->record->storage < 0)
1494 break; /* if no storage is defined we don't know what precisely to look for, hence
1495 * HOME_INACTIVE is OK in that case too. */
1496
1497 t = user_record_test_image_path(h->record);
1498 if (IN_SET(t, USER_TEST_MAYBE, USER_TEST_UNDEFINED))
1499 break; /* And if the image path test isn't conclusive, let's also go on */
1500
1501 if (IN_SET(t, -EBADFD, -ENOTDIR))
1502 return sd_bus_error_setf(error, BUS_ERROR_HOME_EXISTS, "Selected home image of user %s already exists or has wrong inode type.", h->user_name);
1503
1504 return sd_bus_error_setf(error, BUS_ERROR_HOME_EXISTS, "Selected home image of user %s already exists.", h->user_name);
1505 }
1506 case HOME_UNFIXATED:
1507 case HOME_DIRTY:
1508 return sd_bus_error_setf(error, BUS_ERROR_HOME_EXISTS, "Home of user %s already exists.", h->user_name);
1509 case HOME_ABSENT:
1510 break;
1511 case HOME_ACTIVE:
1512 case HOME_LINGERING:
1513 case HOME_LOCKED:
1514 default:
1515 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1516 }
1517
1518 if (h->record->enforce_password_policy == false)
1519 log_debug("Password quality check turned off for account, skipping.");
1520 else {
1521 r = user_record_quality_check_password(h->record, secret, error);
1522 if (r < 0)
1523 return r;
1524 }
1525
1526 r = home_start_work(h, "create", h->record, secret);
1527 if (r < 0)
1528 return r;
1529
1530 home_set_state(h, HOME_CREATING);
1531 return 0;
1532 }
1533
1534 int home_remove(Home *h, sd_bus_error *error) {
1535 HomeState state;
1536 int r;
1537
1538 assert(h);
1539
1540 state = home_get_state(h);
1541 switch (state) {
1542 case HOME_ABSENT: /* If the home directory is absent, then this is just like unregistering */
1543 return home_unregister(h, error);
1544 case HOME_LOCKED:
1545 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1546 case HOME_UNFIXATED:
1547 case HOME_INACTIVE:
1548 case HOME_DIRTY:
1549 break;
1550 case HOME_ACTIVE:
1551 case HOME_LINGERING:
1552 default:
1553 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1554 }
1555
1556 r = home_start_work(h, "remove", h->record, NULL);
1557 if (r < 0)
1558 return r;
1559
1560 home_set_state(h, HOME_REMOVING);
1561 return 0;
1562 }
1563
1564 static int user_record_extend_with_binding(UserRecord *hr, UserRecord *with_binding, UserRecordLoadFlags flags, UserRecord **ret) {
1565 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1566 _cleanup_(user_record_unrefp) UserRecord *nr = NULL;
1567 JsonVariant *binding;
1568 int r;
1569
1570 assert(hr);
1571 assert(with_binding);
1572 assert(ret);
1573
1574 assert_se(v = json_variant_ref(hr->json));
1575
1576 binding = json_variant_by_key(with_binding->json, "binding");
1577 if (binding) {
1578 r = json_variant_set_field(&v, "binding", binding);
1579 if (r < 0)
1580 return r;
1581 }
1582
1583 nr = user_record_new();
1584 if (!nr)
1585 return -ENOMEM;
1586
1587 r = user_record_load(nr, v, flags);
1588 if (r < 0)
1589 return r;
1590
1591 *ret = TAKE_PTR(nr);
1592 return 0;
1593 }
1594
1595 static int home_update_internal(
1596 Home *h,
1597 const char *verb,
1598 UserRecord *hr,
1599 UserRecord *secret,
1600 sd_bus_error *error) {
1601
1602 _cleanup_(user_record_unrefp) UserRecord *new_hr = NULL, *saved_secret = NULL, *signed_hr = NULL;
1603 int r, c;
1604
1605 assert(h);
1606 assert(verb);
1607 assert(hr);
1608
1609 if (!user_record_compatible(hr, h->record))
1610 return sd_bus_error_set(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Updated user record is not compatible with existing one.");
1611 c = user_record_compare_last_change(hr, h->record); /* refuse downgrades */
1612 if (c < 0)
1613 return sd_bus_error_set(error, BUS_ERROR_HOME_RECORD_DOWNGRADE, "Refusing to update to older home record.");
1614
1615 if (!secret && FLAGS_SET(hr->mask, USER_RECORD_SECRET)) {
1616 r = user_record_clone(hr, USER_RECORD_EXTRACT_SECRET|USER_RECORD_PERMISSIVE, &saved_secret);
1617 if (r < 0)
1618 return r;
1619
1620 secret = saved_secret;
1621 }
1622
1623 r = manager_verify_user_record(h->manager, hr);
1624 switch (r) {
1625
1626 case USER_RECORD_UNSIGNED:
1627 if (h->signed_locally <= 0) /* If the existing record is not owned by us, don't accept an
1628 * unsigned new record. i.e. only implicitly sign new records
1629 * that where previously signed by us too. */
1630 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1631
1632 /* The updated record is not signed, then do so now */
1633 r = manager_sign_user_record(h->manager, hr, &signed_hr, error);
1634 if (r < 0)
1635 return r;
1636
1637 hr = signed_hr;
1638 break;
1639
1640 case USER_RECORD_SIGNED_EXCLUSIVE:
1641 case USER_RECORD_SIGNED:
1642 case USER_RECORD_FOREIGN:
1643 /* Has already been signed. Great! */
1644 break;
1645
1646 case -ENOKEY:
1647 default:
1648 return r;
1649 }
1650
1651 r = user_record_extend_with_binding(hr, h->record, USER_RECORD_LOAD_MASK_SECRET|USER_RECORD_PERMISSIVE, &new_hr);
1652 if (r < 0)
1653 return r;
1654
1655 if (c == 0) {
1656 /* different payload but same lastChangeUSec field? That's not cool! */
1657
1658 r = user_record_masked_equal(new_hr, h->record, USER_RECORD_REGULAR|USER_RECORD_PRIVILEGED|USER_RECORD_PER_MACHINE);
1659 if (r < 0)
1660 return r;
1661 if (r == 0)
1662 return sd_bus_error_set(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Home record different but timestamp remained the same, refusing.");
1663 }
1664
1665 r = home_start_work(h, verb, new_hr, secret);
1666 if (r < 0)
1667 return r;
1668
1669 return 0;
1670 }
1671
1672 int home_update(Home *h, UserRecord *hr, sd_bus_error *error) {
1673 HomeState state;
1674 int r;
1675
1676 assert(h);
1677 assert(hr);
1678
1679 state = home_get_state(h);
1680 switch (state) {
1681 case HOME_UNFIXATED:
1682 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1683 case HOME_ABSENT:
1684 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1685 case HOME_LOCKED:
1686 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1687 case HOME_INACTIVE:
1688 case HOME_DIRTY:
1689 case HOME_ACTIVE:
1690 case HOME_LINGERING:
1691 break;
1692 default:
1693 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1694 }
1695
1696 r = home_ratelimit(h, error);
1697 if (r < 0)
1698 return r;
1699
1700 r = home_update_internal(h, "update", hr, NULL, error);
1701 if (r < 0)
1702 return r;
1703
1704 home_set_state(h, HOME_STATE_IS_ACTIVE(state) ? HOME_UPDATING_WHILE_ACTIVE : HOME_UPDATING);
1705 return 0;
1706 }
1707
1708 int home_resize(Home *h,
1709 uint64_t disk_size,
1710 UserRecord *secret,
1711 bool automatic,
1712 sd_bus_error *error) {
1713
1714 _cleanup_(user_record_unrefp) UserRecord *c = NULL;
1715 HomeState state;
1716 int r;
1717
1718 assert(h);
1719
1720 state = home_get_state(h);
1721 switch (state) {
1722 case HOME_UNFIXATED:
1723 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1724 case HOME_ABSENT:
1725 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1726 case HOME_LOCKED:
1727 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1728 case HOME_INACTIVE:
1729 case HOME_DIRTY:
1730 case HOME_ACTIVE:
1731 case HOME_LINGERING:
1732 break;
1733 default:
1734 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1735 }
1736
1737 r = home_ratelimit(h, error);
1738 if (r < 0)
1739 return r;
1740
1741 /* If the user didn't specify any size explicitly and rebalancing is on, then the disk size is
1742 * determined by automatic rebalancing and hence not user configured but determined by us and thus
1743 * applied anyway. */
1744 if (disk_size == UINT64_MAX && h->record->rebalance_weight != REBALANCE_WEIGHT_OFF)
1745 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Disk size is being determined by automatic disk space rebalancing.");
1746
1747 if (disk_size == UINT64_MAX || disk_size == h->record->disk_size) {
1748 if (h->record->disk_size == UINT64_MAX)
1749 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "No disk size to resize to specified.");
1750
1751 c = user_record_ref(h->record); /* Shortcut if size is unspecified or matches the record */
1752 } else {
1753 _cleanup_(user_record_unrefp) UserRecord *signed_c = NULL;
1754
1755 if (h->signed_locally <= 0) /* Don't allow changing of records not signed only by us */
1756 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1757
1758 r = user_record_clone(h->record, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE, &c);
1759 if (r < 0)
1760 return r;
1761
1762 r = user_record_set_disk_size(c, disk_size);
1763 if (r == -ERANGE)
1764 return sd_bus_error_setf(error, BUS_ERROR_BAD_HOME_SIZE, "Requested size for home %s out of acceptable range.", h->user_name);
1765 if (r < 0)
1766 return r;
1767
1768 /* If user picked an explicit size, then turn off rebalancing, so that we don't undo what user chose */
1769 r = user_record_set_rebalance_weight(c, REBALANCE_WEIGHT_OFF);
1770 if (r < 0)
1771 return r;
1772
1773 r = user_record_update_last_changed(c, false);
1774 if (r == -ECHRNG)
1775 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Record last change time of %s is newer than current time, cannot update.", h->user_name);
1776 if (r < 0)
1777 return r;
1778
1779 r = manager_sign_user_record(h->manager, c, &signed_c, error);
1780 if (r < 0)
1781 return r;
1782
1783 user_record_unref(c);
1784 c = TAKE_PTR(signed_c);
1785 }
1786
1787 r = home_update_internal(h, automatic ? "resize-auto" : "resize", c, secret, error);
1788 if (r < 0)
1789 return r;
1790
1791 home_set_state(h, HOME_STATE_IS_ACTIVE(state) ? HOME_RESIZING_WHILE_ACTIVE : HOME_RESIZING);
1792 return 0;
1793 }
1794
1795 static int home_may_change_password(
1796 Home *h,
1797 sd_bus_error *error) {
1798
1799 int r;
1800
1801 assert(h);
1802
1803 r = user_record_test_password_change_required(h->record);
1804 if (IN_SET(r, -EKEYREVOKED, -EOWNERDEAD, -EKEYEXPIRED, -ESTALE))
1805 return 0; /* expired in some form, but changing is allowed */
1806 if (IN_SET(r, -EKEYREJECTED, -EROFS))
1807 return sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Expiration settings of account %s do not allow changing of password.", h->user_name);
1808 if (r < 0)
1809 return log_error_errno(r, "Failed to test password expiry: %m");
1810
1811 return 0; /* not expired */
1812 }
1813
1814 int home_passwd(Home *h,
1815 UserRecord *new_secret,
1816 UserRecord *old_secret,
1817 sd_bus_error *error) {
1818
1819 _cleanup_(user_record_unrefp) UserRecord *c = NULL, *merged_secret = NULL, *signed_c = NULL;
1820 HomeState state;
1821 int r;
1822
1823 assert(h);
1824
1825 if (h->signed_locally <= 0) /* Don't allow changing of records not signed only by us */
1826 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1827
1828 state = home_get_state(h);
1829 switch (state) {
1830 case HOME_UNFIXATED:
1831 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1832 case HOME_ABSENT:
1833 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1834 case HOME_LOCKED:
1835 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1836 case HOME_INACTIVE:
1837 case HOME_DIRTY:
1838 case HOME_ACTIVE:
1839 case HOME_LINGERING:
1840 break;
1841 default:
1842 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1843 }
1844
1845 r = home_ratelimit(h, error);
1846 if (r < 0)
1847 return r;
1848
1849 r = home_may_change_password(h, error);
1850 if (r < 0)
1851 return r;
1852
1853 r = user_record_clone(h->record, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE, &c);
1854 if (r < 0)
1855 return r;
1856
1857 merged_secret = user_record_new();
1858 if (!merged_secret)
1859 return -ENOMEM;
1860
1861 r = user_record_merge_secret(merged_secret, old_secret);
1862 if (r < 0)
1863 return r;
1864
1865 r = user_record_merge_secret(merged_secret, new_secret);
1866 if (r < 0)
1867 return r;
1868
1869 if (!strv_isempty(new_secret->password)) {
1870 /* Update the password only if one is specified, otherwise let's just reuse the old password
1871 * data. This is useful as a way to propagate updated user records into the LUKS backends
1872 * properly. */
1873
1874 r = user_record_make_hashed_password(c, new_secret->password, /* extend = */ false);
1875 if (r < 0)
1876 return r;
1877
1878 r = user_record_set_password_change_now(c, -1 /* remove */);
1879 if (r < 0)
1880 return r;
1881 }
1882
1883 r = user_record_update_last_changed(c, true);
1884 if (r == -ECHRNG)
1885 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Record last change time of %s is newer than current time, cannot update.", h->user_name);
1886 if (r < 0)
1887 return r;
1888
1889 r = manager_sign_user_record(h->manager, c, &signed_c, error);
1890 if (r < 0)
1891 return r;
1892
1893 if (c->enforce_password_policy == false)
1894 log_debug("Password quality check turned off for account, skipping.");
1895 else {
1896 r = user_record_quality_check_password(c, merged_secret, error);
1897 if (r < 0)
1898 return r;
1899 }
1900
1901 r = home_update_internal(h, "passwd", signed_c, merged_secret, error);
1902 if (r < 0)
1903 return r;
1904
1905 home_set_state(h, HOME_STATE_IS_ACTIVE(state) ? HOME_PASSWD_WHILE_ACTIVE : HOME_PASSWD);
1906 return 0;
1907 }
1908
1909 int home_unregister(Home *h, sd_bus_error *error) {
1910 int r;
1911
1912 assert(h);
1913
1914 switch (home_get_state(h)) {
1915 case HOME_UNFIXATED:
1916 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s is not registered.", h->user_name);
1917 case HOME_LOCKED:
1918 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1919 case HOME_ABSENT:
1920 case HOME_INACTIVE:
1921 case HOME_DIRTY:
1922 break;
1923 case HOME_ACTIVE:
1924 case HOME_LINGERING:
1925 default:
1926 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1927 }
1928
1929 r = home_unlink_record(h);
1930 if (r < 0)
1931 return r;
1932
1933 /* And destroy the whole entry. The caller needs to be prepared for that. */
1934 h = home_free(h);
1935 return 1;
1936 }
1937
1938 int home_lock(Home *h, sd_bus_error *error) {
1939 int r;
1940
1941 assert(h);
1942
1943 switch (home_get_state(h)) {
1944 case HOME_UNFIXATED:
1945 case HOME_ABSENT:
1946 case HOME_INACTIVE:
1947 case HOME_DIRTY:
1948 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s is not active.", h->user_name);
1949 case HOME_LOCKED:
1950 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is already locked.", h->user_name);
1951 case HOME_ACTIVE:
1952 case HOME_LINGERING:
1953 break;
1954 default:
1955 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1956 }
1957
1958 r = home_start_work(h, "lock", h->record, NULL);
1959 if (r < 0)
1960 return r;
1961
1962 home_set_state(h, HOME_LOCKING);
1963 return 0;
1964 }
1965
1966 static int home_unlock_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1967 int r;
1968
1969 assert(h);
1970 assert(IN_SET(for_state, HOME_UNLOCKING, HOME_UNLOCKING_FOR_ACQUIRE));
1971
1972 r = home_start_work(h, "unlock", h->record, secret);
1973 if (r < 0)
1974 return r;
1975
1976 home_set_state(h, for_state);
1977 return 0;
1978 }
1979
1980 int home_unlock(Home *h, UserRecord *secret, sd_bus_error *error) {
1981 int r;
1982 assert(h);
1983
1984 r = home_ratelimit(h, error);
1985 if (r < 0)
1986 return r;
1987
1988 switch (home_get_state(h)) {
1989 case HOME_UNFIXATED:
1990 case HOME_ABSENT:
1991 case HOME_INACTIVE:
1992 case HOME_ACTIVE:
1993 case HOME_LINGERING:
1994 case HOME_DIRTY:
1995 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_LOCKED, "Home %s is not locked.", h->user_name);
1996 case HOME_LOCKED:
1997 break;
1998 default:
1999 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
2000 }
2001
2002 return home_unlock_internal(h, secret, HOME_UNLOCKING, error);
2003 }
2004
2005 HomeState home_get_state(Home *h) {
2006 int r;
2007 assert(h);
2008
2009 /* When the state field is initialized, it counts. */
2010 if (h->state >= 0)
2011 return h->state;
2012
2013 /* Otherwise, let's see if the home directory is mounted. If so, we assume for sure the home
2014 * directory is active */
2015 if (user_record_test_home_directory(h->record) == USER_TEST_MOUNTED)
2016 return h->retry_deactivate_event_source ? HOME_LINGERING : HOME_ACTIVE;
2017
2018 /* And if we see the image being gone, we report this as absent */
2019 r = user_record_test_image_path(h->record);
2020 if (r == USER_TEST_ABSENT)
2021 return HOME_ABSENT;
2022 if (r == USER_TEST_DIRTY)
2023 return HOME_DIRTY;
2024
2025 /* And for all other cases we return "inactive". */
2026 return HOME_INACTIVE;
2027 }
2028
2029 void home_process_notify(Home *h, char **l, int fd) {
2030 _cleanup_close_ int taken_fd = TAKE_FD(fd);
2031 const char *e;
2032 int error;
2033 int r;
2034
2035 assert(h);
2036
2037 e = strv_env_get(l, "SYSTEMD_LUKS_LOCK_FD");
2038 if (e) {
2039 r = parse_boolean(e);
2040 if (r < 0)
2041 return (void) log_debug_errno(r, "Failed to parse SYSTEMD_LUKS_LOCK_FD value: %m");
2042 if (r > 0) {
2043 if (taken_fd < 0)
2044 return (void) log_debug("Got notify message with SYSTEMD_LUKS_LOCK_FD=1 but no fd passed, ignoring: %m");
2045
2046 safe_close(h->luks_lock_fd);
2047 h->luks_lock_fd = TAKE_FD(taken_fd);
2048
2049 log_debug("Successfully acquired LUKS lock fd from worker.");
2050
2051 /* Immediately check if we actually want to keep it */
2052 home_maybe_close_luks_lock_fd(h, _HOME_STATE_INVALID);
2053 } else {
2054 if (taken_fd >= 0)
2055 return (void) log_debug("Got notify message with SYSTEMD_LUKS_LOCK_FD=0 but fd passed, ignoring: %m");
2056
2057 h->luks_lock_fd = safe_close(h->luks_lock_fd);
2058 }
2059
2060 return;
2061 }
2062
2063 e = strv_env_get(l, "ERRNO");
2064 if (!e)
2065 return (void) log_debug("Got notify message lacking both ERRNO= and SYSTEMD_LUKS_LOCK_FD= field, ignoring.");
2066
2067 r = safe_atoi(e, &error);
2068 if (r < 0)
2069 return (void) log_debug_errno(r, "Failed to parse received error number, ignoring: %s", e);
2070 if (error <= 0)
2071 return (void) log_debug("Error number is out of range: %i", error);
2072
2073 h->worker_error_code = error;
2074 }
2075
2076 int home_killall(Home *h) {
2077 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2078 _cleanup_free_ char *unit = NULL;
2079 int r;
2080
2081 assert(h);
2082
2083 if (!uid_is_valid(h->uid))
2084 return 0;
2085
2086 assert(h->uid > 0); /* We never should be UID 0 */
2087
2088 /* Let's kill everything matching the specified UID */
2089 r = safe_fork("(sd-killer)",
2090 FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_WAIT|FORK_LOG|FORK_REOPEN_LOG,
2091 NULL);
2092 if (r < 0)
2093 return r;
2094 if (r == 0) {
2095 gid_t gid;
2096
2097 /* Child */
2098
2099 gid = user_record_gid(h->record);
2100 if (setresgid(gid, gid, gid) < 0) {
2101 log_error_errno(errno, "Failed to change GID to " GID_FMT ": %m", gid);
2102 _exit(EXIT_FAILURE);
2103 }
2104
2105 if (setgroups(0, NULL) < 0) {
2106 log_error_errno(errno, "Failed to reset auxiliary groups list: %m");
2107 _exit(EXIT_FAILURE);
2108 }
2109
2110 if (setresuid(h->uid, h->uid, h->uid) < 0) {
2111 log_error_errno(errno, "Failed to change UID to " UID_FMT ": %m", h->uid);
2112 _exit(EXIT_FAILURE);
2113 }
2114
2115 if (kill(-1, SIGKILL) < 0) {
2116 log_error_errno(errno, "Failed to kill all processes of UID " UID_FMT ": %m", h->uid);
2117 _exit(EXIT_FAILURE);
2118 }
2119
2120 _exit(EXIT_SUCCESS);
2121 }
2122
2123 /* Let's also kill everything in the user's slice */
2124 if (asprintf(&unit, "user-" UID_FMT ".slice", h->uid) < 0)
2125 return log_oom();
2126
2127 r = sd_bus_call_method(
2128 h->manager->bus,
2129 "org.freedesktop.systemd1",
2130 "/org/freedesktop/systemd1",
2131 "org.freedesktop.systemd1.Manager",
2132 "KillUnit",
2133 &error,
2134 NULL,
2135 "ssi", unit, "all", SIGKILL);
2136 if (r < 0)
2137 log_full_errno(sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_UNIT) ? LOG_DEBUG : LOG_WARNING,
2138 r, "Failed to kill login processes of user, ignoring: %s", bus_error_message(&error, r));
2139
2140 return 1;
2141 }
2142
2143 static int home_get_disk_status_luks(
2144 Home *h,
2145 HomeState state,
2146 uint64_t *ret_disk_size,
2147 uint64_t *ret_disk_usage,
2148 uint64_t *ret_disk_free,
2149 uint64_t *ret_disk_ceiling,
2150 uint64_t *ret_disk_floor,
2151 statfs_f_type_t *ret_fstype,
2152 mode_t *ret_access_mode) {
2153
2154 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX,
2155 disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX,
2156 stat_used = UINT64_MAX, fs_size = UINT64_MAX, header_size = 0;
2157 mode_t access_mode = MODE_INVALID;
2158 statfs_f_type_t fstype = 0;
2159 struct statfs sfs;
2160 struct stat st;
2161 const char *hd;
2162 int r;
2163
2164 assert(h);
2165
2166 if (state != HOME_ABSENT) {
2167 const char *ip;
2168
2169 ip = user_record_image_path(h->record);
2170 if (ip) {
2171 if (stat(ip, &st) < 0)
2172 log_debug_errno(errno, "Failed to stat() %s, ignoring: %m", ip);
2173 else if (S_ISREG(st.st_mode)) {
2174 _cleanup_free_ char *parent = NULL;
2175
2176 disk_size = st.st_size;
2177 stat_used = st.st_blocks * 512;
2178
2179 r = path_extract_directory(ip, &parent);
2180 if (r < 0)
2181 return log_error_errno(r, "Failed to extract parent directory from image path '%s': %m", ip);
2182
2183 if (statfs(parent, &sfs) < 0)
2184 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", parent);
2185 else
2186 disk_ceiling = stat_used + sfs.f_bsize * sfs.f_bavail;
2187
2188 } else if (S_ISBLK(st.st_mode)) {
2189 _cleanup_free_ char *szbuf = NULL;
2190 char p[SYS_BLOCK_PATH_MAX("/size")];
2191
2192 /* Let's read the size off sysfs, so that we don't have to open the device */
2193 xsprintf_sys_block_path(p, "/size", st.st_rdev);
2194 r = read_one_line_file(p, &szbuf);
2195 if (r < 0)
2196 log_debug_errno(r, "Failed to read %s, ignoring: %m", p);
2197 else {
2198 uint64_t sz;
2199
2200 r = safe_atou64(szbuf, &sz);
2201 if (r < 0)
2202 log_debug_errno(r, "Failed to parse %s, ignoring: %s", p, szbuf);
2203 else
2204 disk_size = sz * 512;
2205 }
2206 } else
2207 log_debug("Image path is not a block device or regular file, not able to acquire size.");
2208 }
2209 }
2210
2211 if (!HOME_STATE_IS_ACTIVE(state))
2212 goto finish;
2213
2214 hd = user_record_home_directory(h->record);
2215 if (!hd)
2216 goto finish;
2217
2218 if (stat(hd, &st) < 0) {
2219 log_debug_errno(errno, "Failed to stat() %s, ignoring: %m", hd);
2220 goto finish;
2221 }
2222
2223 r = stat_verify_directory(&st);
2224 if (r < 0) {
2225 log_debug_errno(r, "Home directory %s is not a directory, ignoring: %m", hd);
2226 goto finish;
2227 }
2228
2229 access_mode = st.st_mode & 07777;
2230
2231 if (statfs(hd, &sfs) < 0) {
2232 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", hd);
2233 goto finish;
2234 }
2235
2236 fstype = sfs.f_type;
2237
2238 disk_free = sfs.f_bsize * sfs.f_bavail;
2239 fs_size = sfs.f_bsize * sfs.f_blocks;
2240 if (disk_size != UINT64_MAX && disk_size > fs_size)
2241 header_size = disk_size - fs_size;
2242
2243 /* We take a perspective from the user here (as opposed to from the host): the used disk space is the
2244 * difference from the limit and what's free. This makes a difference if sparse mode is not used: in
2245 * that case the image is pre-allocated and thus appears all used from the host PoV but is not used
2246 * up at all yet from the user's PoV.
2247 *
2248 * That said, we use use the stat() reported loopback file size as upper boundary: our footprint can
2249 * never be larger than what we take up on the lowest layers. */
2250
2251 if (disk_size != UINT64_MAX && disk_size > disk_free) {
2252 disk_usage = disk_size - disk_free;
2253
2254 if (stat_used != UINT64_MAX && disk_usage > stat_used)
2255 disk_usage = stat_used;
2256 } else
2257 disk_usage = stat_used;
2258
2259 /* If we have the magic, determine floor preferably by magic */
2260 disk_floor = minimal_size_by_fs_magic(sfs.f_type) + header_size;
2261
2262 finish:
2263 /* If we don't know the magic, go by file system name */
2264 if (disk_floor == UINT64_MAX)
2265 disk_floor = minimal_size_by_fs_name(user_record_file_system_type(h->record));
2266
2267 if (ret_disk_size)
2268 *ret_disk_size = disk_size;
2269 if (ret_disk_usage)
2270 *ret_disk_usage = disk_usage;
2271 if (ret_disk_free)
2272 *ret_disk_free = disk_free;
2273 if (ret_disk_ceiling)
2274 *ret_disk_ceiling = disk_ceiling;
2275 if (ret_disk_floor)
2276 *ret_disk_floor = disk_floor;
2277 if (ret_fstype)
2278 *ret_fstype = fstype;
2279 if (ret_access_mode)
2280 *ret_access_mode = access_mode;
2281
2282 return 0;
2283 }
2284
2285 static int home_get_disk_status_directory(
2286 Home *h,
2287 HomeState state,
2288 uint64_t *ret_disk_size,
2289 uint64_t *ret_disk_usage,
2290 uint64_t *ret_disk_free,
2291 uint64_t *ret_disk_ceiling,
2292 uint64_t *ret_disk_floor,
2293 statfs_f_type_t *ret_fstype,
2294 mode_t *ret_access_mode) {
2295
2296 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX,
2297 disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX;
2298 mode_t access_mode = MODE_INVALID;
2299 statfs_f_type_t fstype = 0;
2300 struct statfs sfs;
2301 struct dqblk req;
2302 const char *path = NULL;
2303 int r;
2304
2305 assert(h);
2306
2307 if (HOME_STATE_IS_ACTIVE(state))
2308 path = user_record_home_directory(h->record);
2309
2310 if (!path) {
2311 if (state == HOME_ABSENT)
2312 goto finish;
2313
2314 path = user_record_image_path(h->record);
2315 }
2316
2317 if (!path)
2318 goto finish;
2319
2320 if (statfs(path, &sfs) < 0)
2321 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", path);
2322 else {
2323 disk_free = sfs.f_bsize * sfs.f_bavail;
2324 disk_size = sfs.f_bsize * sfs.f_blocks;
2325
2326 /* We don't initialize disk_usage from statfs() data here, since the device is likely not used
2327 * by us alone, and disk_usage should only reflect our own use. */
2328
2329 fstype = sfs.f_type;
2330 }
2331
2332 if (IN_SET(h->record->storage, USER_CLASSIC, USER_DIRECTORY, USER_SUBVOLUME)) {
2333
2334 r = btrfs_is_subvol(path);
2335 if (r < 0)
2336 log_debug_errno(r, "Failed to determine whether %s is a btrfs subvolume: %m", path);
2337 else if (r > 0) {
2338 BtrfsQuotaInfo qi;
2339
2340 r = btrfs_subvol_get_subtree_quota(path, 0, &qi);
2341 if (r < 0)
2342 log_debug_errno(r, "Failed to query btrfs subtree quota, ignoring: %m");
2343 else {
2344 disk_usage = qi.referenced;
2345
2346 if (disk_free != UINT64_MAX) {
2347 disk_ceiling = qi.referenced + disk_free;
2348
2349 if (disk_size != UINT64_MAX && disk_ceiling > disk_size)
2350 disk_ceiling = disk_size;
2351 }
2352
2353 if (qi.referenced_max != UINT64_MAX) {
2354 if (disk_size != UINT64_MAX)
2355 disk_size = MIN(qi.referenced_max, disk_size);
2356 else
2357 disk_size = qi.referenced_max;
2358 }
2359
2360 if (disk_size != UINT64_MAX) {
2361 if (disk_size > disk_usage)
2362 disk_free = disk_size - disk_usage;
2363 else
2364 disk_free = 0;
2365 }
2366 }
2367
2368 goto finish;
2369 }
2370 }
2371
2372 if (IN_SET(h->record->storage, USER_CLASSIC, USER_DIRECTORY, USER_FSCRYPT)) {
2373 r = quotactl_path(QCMD_FIXED(Q_GETQUOTA, USRQUOTA), path, h->uid, &req);
2374 if (r < 0) {
2375 if (ERRNO_IS_NOT_SUPPORTED(r)) {
2376 log_debug_errno(r, "No UID quota support on %s.", path);
2377 goto finish;
2378 }
2379
2380 if (r != -ESRCH) {
2381 log_debug_errno(r, "Failed to query disk quota for UID " UID_FMT ": %m", h->uid);
2382 goto finish;
2383 }
2384
2385 disk_usage = 0; /* No record of this user? then nothing was used */
2386 } else {
2387 if (FLAGS_SET(req.dqb_valid, QIF_SPACE) && disk_free != UINT64_MAX) {
2388 disk_ceiling = req.dqb_curspace + disk_free;
2389
2390 if (disk_size != UINT64_MAX && disk_ceiling > disk_size)
2391 disk_ceiling = disk_size;
2392 }
2393
2394 if (FLAGS_SET(req.dqb_valid, QIF_BLIMITS)) {
2395 uint64_t q;
2396
2397 /* Take the minimum of the quota and the available disk space here */
2398 q = req.dqb_bhardlimit * QIF_DQBLKSIZE;
2399 if (disk_size != UINT64_MAX)
2400 disk_size = MIN(disk_size, q);
2401 else
2402 disk_size = q;
2403 }
2404 if (FLAGS_SET(req.dqb_valid, QIF_SPACE)) {
2405 disk_usage = req.dqb_curspace;
2406
2407 if (disk_size != UINT64_MAX) {
2408 if (disk_size > disk_usage)
2409 disk_free = disk_size - disk_usage;
2410 else
2411 disk_free = 0;
2412 }
2413 }
2414 }
2415 }
2416
2417 finish:
2418 if (ret_disk_size)
2419 *ret_disk_size = disk_size;
2420 if (ret_disk_usage)
2421 *ret_disk_usage = disk_usage;
2422 if (ret_disk_free)
2423 *ret_disk_free = disk_free;
2424 if (ret_disk_ceiling)
2425 *ret_disk_ceiling = disk_ceiling;
2426 if (ret_disk_floor)
2427 *ret_disk_floor = disk_floor;
2428 if (ret_fstype)
2429 *ret_fstype = fstype;
2430 if (ret_access_mode)
2431 *ret_access_mode = access_mode;
2432
2433 return 0;
2434 }
2435
2436 static int home_get_disk_status_internal(
2437 Home *h,
2438 HomeState state,
2439 uint64_t *ret_disk_size,
2440 uint64_t *ret_disk_usage,
2441 uint64_t *ret_disk_free,
2442 uint64_t *ret_disk_ceiling,
2443 uint64_t *ret_disk_floor,
2444 statfs_f_type_t *ret_fstype,
2445 mode_t *ret_access_mode) {
2446
2447 assert(h);
2448 assert(h->record);
2449
2450 switch (h->record->storage) {
2451
2452 case USER_LUKS:
2453 return home_get_disk_status_luks(h, state, ret_disk_size, ret_disk_usage, ret_disk_free, ret_disk_ceiling, ret_disk_floor, ret_fstype, ret_access_mode);
2454
2455 case USER_CLASSIC:
2456 case USER_DIRECTORY:
2457 case USER_SUBVOLUME:
2458 case USER_FSCRYPT:
2459 case USER_CIFS:
2460 return home_get_disk_status_directory(h, state, ret_disk_size, ret_disk_usage, ret_disk_free, ret_disk_ceiling, ret_disk_floor, ret_fstype, ret_access_mode);
2461
2462 default:
2463 /* don't know */
2464
2465 if (ret_disk_size)
2466 *ret_disk_size = UINT64_MAX;
2467 if (ret_disk_usage)
2468 *ret_disk_usage = UINT64_MAX;
2469 if (ret_disk_free)
2470 *ret_disk_free = UINT64_MAX;
2471 if (ret_disk_ceiling)
2472 *ret_disk_ceiling = UINT64_MAX;
2473 if (ret_disk_floor)
2474 *ret_disk_floor = UINT64_MAX;
2475 if (ret_fstype)
2476 *ret_fstype = 0;
2477 if (ret_access_mode)
2478 *ret_access_mode = MODE_INVALID;
2479
2480 return 0;
2481 }
2482 }
2483
2484 int home_get_disk_status(
2485 Home *h,
2486 uint64_t *ret_disk_size,
2487 uint64_t *ret_disk_usage,
2488 uint64_t *ret_disk_free,
2489 uint64_t *ret_disk_ceiling,
2490 uint64_t *ret_disk_floor,
2491 statfs_f_type_t *ret_fstype,
2492 mode_t *ret_access_mode) {
2493
2494 assert(h);
2495
2496 return home_get_disk_status_internal(
2497 h,
2498 home_get_state(h),
2499 ret_disk_size,
2500 ret_disk_usage,
2501 ret_disk_free,
2502 ret_disk_ceiling,
2503 ret_disk_floor,
2504 ret_fstype,
2505 ret_access_mode);
2506 }
2507
2508 int home_augment_status(
2509 Home *h,
2510 UserRecordLoadFlags flags,
2511 UserRecord **ret) {
2512
2513 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX, disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX;
2514 _cleanup_(json_variant_unrefp) JsonVariant *j = NULL, *v = NULL, *m = NULL, *status = NULL;
2515 _cleanup_(user_record_unrefp) UserRecord *ur = NULL;
2516 statfs_f_type_t magic;
2517 const char *fstype;
2518 mode_t access_mode;
2519 HomeState state;
2520 sd_id128_t id;
2521 int r;
2522
2523 assert(h);
2524 assert(ret);
2525
2526 /* We are supposed to add this, this can't be on hence. */
2527 assert(!FLAGS_SET(flags, USER_RECORD_STRIP_STATUS));
2528
2529 r = sd_id128_get_machine(&id);
2530 if (r < 0)
2531 return r;
2532
2533 state = home_get_state(h);
2534
2535 r = home_get_disk_status_internal(
2536 h, state,
2537 &disk_size,
2538 &disk_usage,
2539 &disk_free,
2540 &disk_ceiling,
2541 &disk_floor,
2542 &magic,
2543 &access_mode);
2544 if (r < 0)
2545 return r;
2546
2547 fstype = fs_type_to_string(magic);
2548
2549 if (disk_floor == UINT64_MAX || (disk_usage != UINT64_MAX && disk_floor < disk_usage))
2550 disk_floor = disk_usage;
2551 if (disk_floor == UINT64_MAX || disk_floor < USER_DISK_SIZE_MIN)
2552 disk_floor = USER_DISK_SIZE_MIN;
2553 if (disk_ceiling == UINT64_MAX || disk_ceiling > USER_DISK_SIZE_MAX)
2554 disk_ceiling = USER_DISK_SIZE_MAX;
2555
2556 r = json_build(&status,
2557 JSON_BUILD_OBJECT(
2558 JSON_BUILD_PAIR("state", JSON_BUILD_STRING(home_state_to_string(state))),
2559 JSON_BUILD_PAIR("service", JSON_BUILD_CONST_STRING("io.systemd.Home")),
2560 JSON_BUILD_PAIR_CONDITION(disk_size != UINT64_MAX, "diskSize", JSON_BUILD_UNSIGNED(disk_size)),
2561 JSON_BUILD_PAIR_CONDITION(disk_usage != UINT64_MAX, "diskUsage", JSON_BUILD_UNSIGNED(disk_usage)),
2562 JSON_BUILD_PAIR_CONDITION(disk_free != UINT64_MAX, "diskFree", JSON_BUILD_UNSIGNED(disk_free)),
2563 JSON_BUILD_PAIR_CONDITION(disk_ceiling != UINT64_MAX, "diskCeiling", JSON_BUILD_UNSIGNED(disk_ceiling)),
2564 JSON_BUILD_PAIR_CONDITION(disk_floor != UINT64_MAX, "diskFloor", JSON_BUILD_UNSIGNED(disk_floor)),
2565 JSON_BUILD_PAIR_CONDITION(h->signed_locally >= 0, "signedLocally", JSON_BUILD_BOOLEAN(h->signed_locally)),
2566 JSON_BUILD_PAIR_CONDITION(fstype, "fileSystemType", JSON_BUILD_STRING(fstype)),
2567 JSON_BUILD_PAIR_CONDITION(access_mode != MODE_INVALID, "accessMode", JSON_BUILD_UNSIGNED(access_mode))
2568 ));
2569 if (r < 0)
2570 return r;
2571
2572 j = json_variant_ref(h->record->json);
2573 v = json_variant_ref(json_variant_by_key(j, "status"));
2574 m = json_variant_ref(json_variant_by_key(v, SD_ID128_TO_STRING(id)));
2575
2576 r = json_variant_filter(&m, STRV_MAKE("diskSize", "diskUsage", "diskFree", "diskCeiling", "diskFloor", "signedLocally"));
2577 if (r < 0)
2578 return r;
2579
2580 r = json_variant_merge(&m, status);
2581 if (r < 0)
2582 return r;
2583
2584 r = json_variant_set_field(&v, SD_ID128_TO_STRING(id), m);
2585 if (r < 0)
2586 return r;
2587
2588 r = json_variant_set_field(&j, "status", v);
2589 if (r < 0)
2590 return r;
2591
2592 ur = user_record_new();
2593 if (!ur)
2594 return -ENOMEM;
2595
2596 r = user_record_load(ur, j, flags);
2597 if (r < 0)
2598 return r;
2599
2600 ur->incomplete =
2601 FLAGS_SET(h->record->mask, USER_RECORD_PRIVILEGED) &&
2602 !FLAGS_SET(ur->mask, USER_RECORD_PRIVILEGED);
2603
2604 *ret = TAKE_PTR(ur);
2605 return 0;
2606 }
2607
2608 static int on_home_ref_eof(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
2609 _cleanup_(operation_unrefp) Operation *o = NULL;
2610 Home *h = userdata;
2611
2612 assert(s);
2613 assert(h);
2614
2615 if (h->ref_event_source_please_suspend == s)
2616 h->ref_event_source_please_suspend = sd_event_source_disable_unref(h->ref_event_source_please_suspend);
2617
2618 if (h->ref_event_source_dont_suspend == s)
2619 h->ref_event_source_dont_suspend = sd_event_source_disable_unref(h->ref_event_source_dont_suspend);
2620
2621 if (h->ref_event_source_dont_suspend || h->ref_event_source_please_suspend)
2622 return 0;
2623
2624 log_info("Got notification that all sessions of user %s ended, deactivating automatically.", h->user_name);
2625
2626 o = operation_new(OPERATION_PIPE_EOF, NULL);
2627 if (!o) {
2628 log_oom();
2629 return 0;
2630 }
2631
2632 home_schedule_operation(h, o, NULL);
2633 return 0;
2634 }
2635
2636 int home_create_fifo(Home *h, bool please_suspend) {
2637 _cleanup_close_ int ret_fd = -1;
2638 sd_event_source **ss;
2639 const char *fn, *suffix;
2640 int r;
2641
2642 assert(h);
2643
2644 if (please_suspend) {
2645 suffix = ".please-suspend";
2646 ss = &h->ref_event_source_please_suspend;
2647 } else {
2648 suffix = ".dont-suspend";
2649 ss = &h->ref_event_source_dont_suspend;
2650 }
2651
2652 fn = strjoina("/run/systemd/home/", h->user_name, suffix);
2653
2654 if (!*ss) {
2655 _cleanup_close_ int ref_fd = -1;
2656
2657 (void) mkdir("/run/systemd/home/", 0755);
2658 if (mkfifo(fn, 0600) < 0 && errno != EEXIST)
2659 return log_error_errno(errno, "Failed to create FIFO %s: %m", fn);
2660
2661 ref_fd = open(fn, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
2662 if (ref_fd < 0)
2663 return log_error_errno(errno, "Failed to open FIFO %s for reading: %m", fn);
2664
2665 r = sd_event_add_io(h->manager->event, ss, ref_fd, 0, on_home_ref_eof, h);
2666 if (r < 0)
2667 return log_error_errno(r, "Failed to allocate reference FIFO event source: %m");
2668
2669 (void) sd_event_source_set_description(*ss, "acquire-ref");
2670
2671 r = sd_event_source_set_priority(*ss, SD_EVENT_PRIORITY_IDLE-1);
2672 if (r < 0)
2673 return r;
2674
2675 r = sd_event_source_set_io_fd_own(*ss, true);
2676 if (r < 0)
2677 return log_error_errno(r, "Failed to pass ownership of FIFO event fd to event source: %m");
2678
2679 TAKE_FD(ref_fd);
2680 }
2681
2682 ret_fd = open(fn, O_WRONLY|O_CLOEXEC|O_NONBLOCK);
2683 if (ret_fd < 0)
2684 return log_error_errno(errno, "Failed to open FIFO %s for writing: %m", fn);
2685
2686 return TAKE_FD(ret_fd);
2687 }
2688
2689 static int home_dispatch_acquire(Home *h, Operation *o) {
2690 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2691 int (*call)(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) = NULL;
2692 HomeState for_state;
2693 int r;
2694
2695 assert(h);
2696 assert(o);
2697 assert(o->type == OPERATION_ACQUIRE);
2698
2699 assert(!h->current_operation);
2700
2701 switch (home_get_state(h)) {
2702
2703 case HOME_UNFIXATED:
2704 for_state = HOME_FIXATING_FOR_ACQUIRE;
2705 call = home_fixate_internal;
2706 break;
2707
2708 case HOME_ABSENT:
2709 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_ABSENT,
2710 "Home %s is currently missing or not plugged in.", h->user_name);
2711 goto check;
2712
2713 case HOME_INACTIVE:
2714 case HOME_DIRTY:
2715 for_state = HOME_ACTIVATING_FOR_ACQUIRE;
2716 call = home_activate_internal;
2717 break;
2718
2719 case HOME_ACTIVE:
2720 case HOME_LINGERING:
2721 for_state = HOME_AUTHENTICATING_FOR_ACQUIRE;
2722 call = home_authenticate_internal;
2723 break;
2724
2725 case HOME_LOCKED:
2726 for_state = HOME_UNLOCKING_FOR_ACQUIRE;
2727 call = home_unlock_internal;
2728 break;
2729
2730 default:
2731 /* All other cases means we are currently executing an operation, which means the job remains
2732 * pending. */
2733 return 0;
2734 }
2735
2736 r = home_ratelimit(h, &error);
2737 if (r >= 0)
2738 r = call(h, o->secret, for_state, &error);
2739
2740 check:
2741 if (r != 0) /* failure or completed */
2742 operation_result(o, r, &error);
2743 else /* ongoing */
2744 h->current_operation = operation_ref(o);
2745
2746 return 1;
2747 }
2748
2749 static int home_dispatch_release(Home *h, Operation *o) {
2750 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2751 int r;
2752
2753 assert(h);
2754 assert(o);
2755 assert(o->type == OPERATION_RELEASE);
2756
2757 if (h->ref_event_source_dont_suspend || h->ref_event_source_please_suspend)
2758 /* If there's now a reference again, then let's abort the release attempt */
2759 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_BUSY, "Home %s is currently referenced.", h->user_name);
2760 else {
2761 switch (home_get_state(h)) {
2762
2763 case HOME_UNFIXATED:
2764 case HOME_ABSENT:
2765 case HOME_INACTIVE:
2766 case HOME_DIRTY:
2767 r = 1; /* done */
2768 break;
2769
2770 case HOME_LOCKED:
2771 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
2772 break;
2773
2774 case HOME_ACTIVE:
2775 case HOME_LINGERING:
2776 r = home_deactivate_internal(h, false, &error);
2777 break;
2778
2779 default:
2780 /* All other cases means we are currently executing an operation, which means the job remains
2781 * pending. */
2782 return 0;
2783 }
2784 }
2785
2786 assert(!h->current_operation);
2787
2788 if (r != 0) /* failure or completed */
2789 operation_result(o, r, &error);
2790 else /* ongoing */
2791 h->current_operation = operation_ref(o);
2792
2793 return 1;
2794 }
2795
2796 static int home_dispatch_lock_all(Home *h, Operation *o) {
2797 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2798 int r;
2799
2800 assert(h);
2801 assert(o);
2802 assert(o->type == OPERATION_LOCK_ALL);
2803
2804 switch (home_get_state(h)) {
2805
2806 case HOME_UNFIXATED:
2807 case HOME_ABSENT:
2808 case HOME_INACTIVE:
2809 case HOME_DIRTY:
2810 log_info("Home %s is not active, no locking necessary.", h->user_name);
2811 r = 1; /* done */
2812 break;
2813
2814 case HOME_LOCKED:
2815 log_info("Home %s is already locked.", h->user_name);
2816 r = 1; /* done */
2817 break;
2818
2819 case HOME_ACTIVE:
2820 case HOME_LINGERING:
2821 log_info("Locking home %s.", h->user_name);
2822 r = home_lock(h, &error);
2823 break;
2824
2825 default:
2826 /* All other cases means we are currently executing an operation, which means the job remains
2827 * pending. */
2828 return 0;
2829 }
2830
2831 assert(!h->current_operation);
2832
2833 if (r != 0) /* failure or completed */
2834 operation_result(o, r, &error);
2835 else /* ongoing */
2836 h->current_operation = operation_ref(o);
2837
2838 return 1;
2839 }
2840
2841 static int home_dispatch_deactivate_all(Home *h, Operation *o) {
2842 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2843 int r;
2844
2845 assert(h);
2846 assert(o);
2847 assert(o->type == OPERATION_DEACTIVATE_ALL);
2848
2849 switch (home_get_state(h)) {
2850
2851 case HOME_UNFIXATED:
2852 case HOME_ABSENT:
2853 case HOME_INACTIVE:
2854 case HOME_DIRTY:
2855 log_info("Home %s is already deactivated.", h->user_name);
2856 r = 1; /* done */
2857 break;
2858
2859 case HOME_LOCKED:
2860 log_info("Home %s is currently locked, not deactivating.", h->user_name);
2861 r = 1; /* done */
2862 break;
2863
2864 case HOME_ACTIVE:
2865 case HOME_LINGERING:
2866 log_info("Deactivating home %s.", h->user_name);
2867 r = home_deactivate_internal(h, false, &error);
2868 break;
2869
2870 default:
2871 /* All other cases means we are currently executing an operation, which means the job remains
2872 * pending. */
2873 return 0;
2874 }
2875
2876 assert(!h->current_operation);
2877
2878 if (r != 0) /* failure or completed */
2879 operation_result(o, r, &error);
2880 else /* ongoing */
2881 h->current_operation = operation_ref(o);
2882
2883 return 1;
2884 }
2885
2886 static int home_dispatch_pipe_eof(Home *h, Operation *o) {
2887 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2888 int r;
2889
2890 assert(h);
2891 assert(o);
2892 assert(o->type == OPERATION_PIPE_EOF);
2893
2894 if (h->ref_event_source_please_suspend || h->ref_event_source_dont_suspend)
2895 return 1; /* Hmm, there's a reference again, let's cancel this */
2896
2897 switch (home_get_state(h)) {
2898
2899 case HOME_UNFIXATED:
2900 case HOME_ABSENT:
2901 case HOME_INACTIVE:
2902 case HOME_DIRTY:
2903 log_info("Home %s already deactivated, no automatic deactivation needed.", h->user_name);
2904 break;
2905
2906 case HOME_DEACTIVATING:
2907 log_info("Home %s is already being deactivated, automatic deactivated unnecessary.", h->user_name);
2908 break;
2909
2910 case HOME_ACTIVE:
2911 case HOME_LINGERING:
2912 r = home_deactivate_internal(h, false, &error);
2913 if (r < 0)
2914 log_warning_errno(r, "Failed to deactivate %s, ignoring: %s", h->user_name, bus_error_message(&error, r));
2915 break;
2916
2917 case HOME_LOCKED:
2918 default:
2919 /* If the device is locked or any operation is being executed, let's leave this pending */
2920 return 0;
2921 }
2922
2923 /* Note that we don't call operation_fail() or operation_success() here, because this kind of
2924 * operation has no message associated with it, and thus there's no need to propagate success. */
2925
2926 assert(!o->message);
2927 return 1;
2928 }
2929
2930 static int home_dispatch_deactivate_force(Home *h, Operation *o) {
2931 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2932 int r;
2933
2934 assert(h);
2935 assert(o);
2936 assert(o->type == OPERATION_DEACTIVATE_FORCE);
2937
2938 switch (home_get_state(h)) {
2939
2940 case HOME_UNFIXATED:
2941 case HOME_ABSENT:
2942 case HOME_INACTIVE:
2943 case HOME_DIRTY:
2944 log_debug("Home %s already deactivated, no forced deactivation due to unplug needed.", h->user_name);
2945 break;
2946
2947 case HOME_DEACTIVATING:
2948 log_debug("Home %s is already being deactivated, forced deactivation due to unplug unnecessary.", h->user_name);
2949 break;
2950
2951 case HOME_ACTIVE:
2952 case HOME_LOCKED:
2953 case HOME_LINGERING:
2954 r = home_deactivate_internal(h, true, &error);
2955 if (r < 0)
2956 log_warning_errno(r, "Failed to forcibly deactivate %s, ignoring: %s", h->user_name, bus_error_message(&error, r));
2957 break;
2958
2959 default:
2960 /* If any operation is being executed, let's leave this pending */
2961 return 0;
2962 }
2963
2964 /* Note that we don't call operation_fail() or operation_success() here, because this kind of
2965 * operation has no message associated with it, and thus there's no need to propagate success. */
2966
2967 assert(!o->message);
2968 return 1;
2969 }
2970
2971 static int on_pending(sd_event_source *s, void *userdata) {
2972 Home *h = userdata;
2973 Operation *o;
2974 int r;
2975
2976 assert(s);
2977 assert(h);
2978
2979 o = ordered_set_first(h->pending_operations);
2980 if (o) {
2981 static int (* const operation_table[_OPERATION_MAX])(Home *h, Operation *o) = {
2982 [OPERATION_ACQUIRE] = home_dispatch_acquire,
2983 [OPERATION_RELEASE] = home_dispatch_release,
2984 [OPERATION_LOCK_ALL] = home_dispatch_lock_all,
2985 [OPERATION_DEACTIVATE_ALL] = home_dispatch_deactivate_all,
2986 [OPERATION_PIPE_EOF] = home_dispatch_pipe_eof,
2987 [OPERATION_DEACTIVATE_FORCE] = home_dispatch_deactivate_force,
2988 };
2989
2990 assert(operation_table[o->type]);
2991 r = operation_table[o->type](h, o);
2992 if (r != 0) {
2993 /* The operation completed, let's remove it from the pending list, and exit while
2994 * leaving the event source enabled as it is. */
2995 assert_se(ordered_set_remove(h->pending_operations, o) == o);
2996 operation_unref(o);
2997 return 0;
2998 }
2999 }
3000
3001 /* Nothing to do anymore, let's turn off this event source */
3002 r = sd_event_source_set_enabled(s, SD_EVENT_OFF);
3003 if (r < 0)
3004 return log_error_errno(r, "Failed to disable event source: %m");
3005
3006 /* No operations pending anymore, maybe this is a good time to trigger a rebalancing */
3007 manager_reschedule_rebalance(h->manager);
3008 return 0;
3009 }
3010
3011 int home_schedule_operation(Home *h, Operation *o, sd_bus_error *error) {
3012 int r;
3013
3014 assert(h);
3015
3016 if (o) {
3017 if (ordered_set_size(h->pending_operations) >= PENDING_OPERATIONS_MAX)
3018 return sd_bus_error_set(error, BUS_ERROR_TOO_MANY_OPERATIONS, "Too many client operations requested");
3019
3020 r = ordered_set_ensure_put(&h->pending_operations, &operation_hash_ops, o);
3021 if (r < 0)
3022 return r;
3023
3024 operation_ref(o);
3025 }
3026
3027 if (!h->pending_event_source) {
3028 r = sd_event_add_defer(h->manager->event, &h->pending_event_source, on_pending, h);
3029 if (r < 0)
3030 return log_error_errno(r, "Failed to allocate pending defer event source: %m");
3031
3032 (void) sd_event_source_set_description(h->pending_event_source, "pending");
3033
3034 r = sd_event_source_set_priority(h->pending_event_source, SD_EVENT_PRIORITY_IDLE);
3035 if (r < 0)
3036 return r;
3037 }
3038
3039 r = sd_event_source_set_enabled(h->pending_event_source, SD_EVENT_ON);
3040 if (r < 0)
3041 return log_error_errno(r, "Failed to trigger pending event source: %m");
3042
3043 return 0;
3044 }
3045
3046 static int home_get_image_path_seat(Home *h, char **ret) {
3047 _cleanup_(sd_device_unrefp) sd_device *d = NULL;
3048 _cleanup_free_ char *c = NULL;
3049 const char *ip, *seat;
3050 struct stat st;
3051 int r;
3052
3053 assert(h);
3054
3055 if (user_record_storage(h->record) != USER_LUKS)
3056 return -ENXIO;
3057
3058 ip = user_record_image_path(h->record);
3059 if (!ip)
3060 return -ENXIO;
3061
3062 if (!path_startswith(ip, "/dev/"))
3063 return -ENXIO;
3064
3065 if (stat(ip, &st) < 0)
3066 return -errno;
3067
3068 if (!S_ISBLK(st.st_mode))
3069 return -ENOTBLK;
3070
3071 r = sd_device_new_from_stat_rdev(&d, &st);
3072 if (r < 0)
3073 return r;
3074
3075 r = sd_device_get_property_value(d, "ID_SEAT", &seat);
3076 if (r == -ENOENT) /* no property means seat0 */
3077 seat = "seat0";
3078 else if (r < 0)
3079 return r;
3080
3081 c = strdup(seat);
3082 if (!c)
3083 return -ENOMEM;
3084
3085 *ret = TAKE_PTR(c);
3086 return 0;
3087 }
3088
3089 int home_auto_login(Home *h, char ***ret_seats) {
3090 _cleanup_free_ char *seat = NULL, *seat2 = NULL;
3091
3092 assert(h);
3093 assert(ret_seats);
3094
3095 (void) home_get_image_path_seat(h, &seat);
3096
3097 if (h->record->auto_login > 0 && !streq_ptr(seat, "seat0")) {
3098 /* For now, when the auto-login boolean is set for a user, let's make it mean
3099 * "seat0". Eventually we can extend the concept and allow configuration of any kind of seat,
3100 * but let's keep simple initially, most likely the feature is interesting on single-user
3101 * systems anyway, only.
3102 *
3103 * We filter out users marked for auto-login in we know for sure their home directory is
3104 * absent. */
3105
3106 if (user_record_test_image_path(h->record) != USER_TEST_ABSENT) {
3107 seat2 = strdup("seat0");
3108 if (!seat2)
3109 return -ENOMEM;
3110 }
3111 }
3112
3113 if (seat || seat2) {
3114 _cleanup_strv_free_ char **list = NULL;
3115 size_t i = 0;
3116
3117 list = new(char*, 3);
3118 if (!list)
3119 return -ENOMEM;
3120
3121 if (seat)
3122 list[i++] = TAKE_PTR(seat);
3123 if (seat2)
3124 list[i++] = TAKE_PTR(seat2);
3125
3126 list[i] = NULL;
3127 *ret_seats = TAKE_PTR(list);
3128 return 1;
3129 }
3130
3131 *ret_seats = NULL;
3132 return 0;
3133 }
3134
3135 int home_set_current_message(Home *h, sd_bus_message *m) {
3136 assert(h);
3137
3138 if (!m)
3139 return 0;
3140
3141 if (h->current_operation)
3142 return -EBUSY;
3143
3144 h->current_operation = operation_new(OPERATION_IMMEDIATE, m);
3145 if (!h->current_operation)
3146 return -ENOMEM;
3147
3148 return 1;
3149 }
3150
3151 int home_wait_for_worker(Home *h) {
3152 int r;
3153
3154 assert(h);
3155
3156 if (h->worker_pid <= 0)
3157 return 0;
3158
3159 log_info("Worker process for home %s is still running while exiting. Waiting for it to finish.", h->user_name);
3160
3161 r = wait_for_terminate_with_timeout(h->worker_pid, 30 * USEC_PER_SEC);
3162 if (r == -ETIMEDOUT)
3163 log_warning_errno(r, "Waiting for worker process for home %s timed out. Ignoring.", h->user_name);
3164 else
3165 log_warning_errno(r, "Failed to wait for worker process for home %s. Ignoring.", h->user_name);
3166
3167 (void) hashmap_remove_value(h->manager->homes_by_worker_pid, PID_TO_PTR(h->worker_pid), h);
3168 h->worker_pid = 0;
3169 return 1;
3170 }
3171
3172 bool home_shall_rebalance(Home *h) {
3173 HomeState state;
3174
3175 assert(h);
3176
3177 /* Determines if the home directory is a candidate for rebalancing */
3178
3179 if (!user_record_shall_rebalance(h->record))
3180 return false;
3181
3182 state = home_get_state(h);
3183 if (!HOME_STATE_SHALL_REBALANCE(state))
3184 return false;
3185
3186 return true;
3187 }
3188
3189 bool home_is_busy(Home *h) {
3190 assert(h);
3191
3192 if (h->current_operation)
3193 return true;
3194
3195 if (!ordered_set_isempty(h->pending_operations))
3196 return true;
3197
3198 return HOME_STATE_IS_EXECUTING_OPERATION(home_get_state(h));
3199 }
3200
3201 static const char* const home_state_table[_HOME_STATE_MAX] = {
3202 [HOME_UNFIXATED] = "unfixated",
3203 [HOME_ABSENT] = "absent",
3204 [HOME_INACTIVE] = "inactive",
3205 [HOME_DIRTY] = "dirty",
3206 [HOME_FIXATING] = "fixating",
3207 [HOME_FIXATING_FOR_ACTIVATION] = "fixating-for-activation",
3208 [HOME_FIXATING_FOR_ACQUIRE] = "fixating-for-acquire",
3209 [HOME_ACTIVATING] = "activating",
3210 [HOME_ACTIVATING_FOR_ACQUIRE] = "activating-for-acquire",
3211 [HOME_DEACTIVATING] = "deactivating",
3212 [HOME_ACTIVE] = "active",
3213 [HOME_LINGERING] = "lingering",
3214 [HOME_LOCKING] = "locking",
3215 [HOME_LOCKED] = "locked",
3216 [HOME_UNLOCKING] = "unlocking",
3217 [HOME_UNLOCKING_FOR_ACQUIRE] = "unlocking-for-acquire",
3218 [HOME_CREATING] = "creating",
3219 [HOME_REMOVING] = "removing",
3220 [HOME_UPDATING] = "updating",
3221 [HOME_UPDATING_WHILE_ACTIVE] = "updating-while-active",
3222 [HOME_RESIZING] = "resizing",
3223 [HOME_RESIZING_WHILE_ACTIVE] = "resizing-while-active",
3224 [HOME_PASSWD] = "passwd",
3225 [HOME_PASSWD_WHILE_ACTIVE] = "passwd-while-active",
3226 [HOME_AUTHENTICATING] = "authenticating",
3227 [HOME_AUTHENTICATING_WHILE_ACTIVE] = "authenticating-while-active",
3228 [HOME_AUTHENTICATING_FOR_ACQUIRE] = "authenticating-for-acquire",
3229 };
3230
3231 DEFINE_STRING_TABLE_LOOKUP(home_state, HomeState);
Unnamed repository; edit this file 'description' to name the repository.