]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/home/homed-home.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #27757 from dtardon/bus-locator
[thirdparty/systemd.git] / src / home / homed-home.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #if HAVE_LINUX_MEMFD_H
4 #include <linux/memfd.h>
5 #endif
6
7 #include <sys/mman.h>
8 #include <sys/quota.h>
9 #include <sys/vfs.h>
10
11 #include "blockdev-util.h"
12 #include "btrfs-util.h"
13 #include "bus-common-errors.h"
14 #include "bus-locator.h"
15 #include "data-fd-util.h"
16 #include "env-util.h"
17 #include "errno-list.h"
18 #include "errno-util.h"
19 #include "fd-util.h"
20 #include "fileio.h"
21 #include "filesystems.h"
22 #include "fs-util.h"
23 #include "glyph-util.h"
24 #include "home-util.h"
25 #include "homed-home-bus.h"
26 #include "homed-home.h"
27 #include "memfd-util.h"
28 #include "missing_magic.h"
29 #include "missing_mman.h"
30 #include "missing_syscall.h"
31 #include "mkdir.h"
32 #include "path-util.h"
33 #include "process-util.h"
34 #include "pwquality-util.h"
35 #include "quota-util.h"
36 #include "resize-fs.h"
37 #include "set.h"
38 #include "signal-util.h"
39 #include "stat-util.h"
40 #include "string-table.h"
41 #include "strv.h"
42 #include "uid-alloc-range.h"
43 #include "user-record-pwquality.h"
44 #include "user-record-sign.h"
45 #include "user-record-util.h"
46 #include "user-record.h"
47 #include "user-util.h"
48
49 /* Retry to deactivate home directories again and again every 15s until it works */
50 #define RETRY_DEACTIVATE_USEC (15U * USEC_PER_SEC)
51
52 #define HOME_USERS_MAX 500
53 #define PENDING_OPERATIONS_MAX 100
54
55 assert_cc(HOME_UID_MIN <= HOME_UID_MAX);
56 assert_cc(HOME_USERS_MAX <= (HOME_UID_MAX - HOME_UID_MIN + 1));
57
58 static int home_start_work(Home *h, const char *verb, UserRecord *hr, UserRecord *secret);
59
60 DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(operation_hash_ops, void, trivial_hash_func, trivial_compare_func, Operation, operation_unref);
61
62 static int suitable_home_record(UserRecord *hr) {
63 int r;
64
65 assert(hr);
66
67 if (!hr->user_name)
68 return -EUNATCH;
69
70 /* We are a bit more restrictive with what we accept as homed-managed user than what we accept in
71 * home records in general. Let's enforce the stricter rule here. */
72 if (!suitable_user_name(hr->user_name))
73 return -EINVAL;
74 if (!uid_is_valid(hr->uid))
75 return -EINVAL;
76
77 /* Insist we are outside of the dynamic and system range */
78 if (uid_is_system(hr->uid) || gid_is_system(user_record_gid(hr)) ||
79 uid_is_dynamic(hr->uid) || gid_is_dynamic(user_record_gid(hr)))
80 return -EADDRNOTAVAIL;
81
82 /* Insist that GID and UID match */
83 if (user_record_gid(hr) != (gid_t) hr->uid)
84 return -EBADSLT;
85
86 /* Similar for the realm */
87 if (hr->realm) {
88 r = suitable_realm(hr->realm);
89 if (r < 0)
90 return r;
91 if (r == 0)
92 return -EINVAL;
93 }
94
95 return 0;
96 }
97
98 int home_new(Manager *m, UserRecord *hr, const char *sysfs, Home **ret) {
99 _cleanup_(home_freep) Home *home = NULL;
100 _cleanup_free_ char *nm = NULL, *ns = NULL;
101 int r;
102
103 assert(m);
104 assert(hr);
105
106 r = suitable_home_record(hr);
107 if (r < 0)
108 return r;
109
110 if (hashmap_contains(m->homes_by_name, hr->user_name))
111 return -EBUSY;
112
113 if (hashmap_contains(m->homes_by_uid, UID_TO_PTR(hr->uid)))
114 return -EBUSY;
115
116 if (sysfs && hashmap_contains(m->homes_by_sysfs, sysfs))
117 return -EBUSY;
118
119 if (hashmap_size(m->homes_by_name) >= HOME_USERS_MAX)
120 return -EUSERS;
121
122 nm = strdup(hr->user_name);
123 if (!nm)
124 return -ENOMEM;
125
126 if (sysfs) {
127 ns = strdup(sysfs);
128 if (!ns)
129 return -ENOMEM;
130 }
131
132 home = new(Home, 1);
133 if (!home)
134 return -ENOMEM;
135
136 *home = (Home) {
137 .manager = m,
138 .user_name = TAKE_PTR(nm),
139 .uid = hr->uid,
140 .state = _HOME_STATE_INVALID,
141 .worker_stdout_fd = -EBADF,
142 .sysfs = TAKE_PTR(ns),
143 .signed_locally = -1,
144 .pin_fd = -EBADF,
145 .luks_lock_fd = -EBADF,
146 };
147
148 r = hashmap_put(m->homes_by_name, home->user_name, home);
149 if (r < 0)
150 return r;
151
152 r = hashmap_put(m->homes_by_uid, UID_TO_PTR(home->uid), home);
153 if (r < 0)
154 return r;
155
156 if (home->sysfs) {
157 r = hashmap_put(m->homes_by_sysfs, home->sysfs, home);
158 if (r < 0)
159 return r;
160 }
161
162 r = user_record_clone(hr, USER_RECORD_LOAD_MASK_SECRET|USER_RECORD_PERMISSIVE, &home->record);
163 if (r < 0)
164 return r;
165
166 (void) bus_manager_emit_auto_login_changed(m);
167 (void) bus_home_emit_change(home);
168 (void) manager_schedule_rebalance(m, /* immediately= */ false);
169
170 if (ret)
171 *ret = TAKE_PTR(home);
172 else
173 TAKE_PTR(home);
174
175 return 0;
176 }
177
178 Home *home_free(Home *h) {
179
180 if (!h)
181 return NULL;
182
183 if (h->manager) {
184 (void) bus_home_emit_remove(h);
185 (void) bus_manager_emit_auto_login_changed(h->manager);
186
187 if (h->user_name)
188 (void) hashmap_remove_value(h->manager->homes_by_name, h->user_name, h);
189
190 if (uid_is_valid(h->uid))
191 (void) hashmap_remove_value(h->manager->homes_by_uid, UID_TO_PTR(h->uid), h);
192
193 if (h->sysfs)
194 (void) hashmap_remove_value(h->manager->homes_by_sysfs, h->sysfs, h);
195
196 if (h->worker_pid > 0)
197 (void) hashmap_remove_value(h->manager->homes_by_worker_pid, PID_TO_PTR(h->worker_pid), h);
198
199 if (h->manager->gc_focus == h)
200 h->manager->gc_focus = NULL;
201
202 (void) manager_schedule_rebalance(h->manager, /* immediately= */ false);
203 }
204
205 user_record_unref(h->record);
206 user_record_unref(h->secret);
207
208 h->worker_event_source = sd_event_source_disable_unref(h->worker_event_source);
209 safe_close(h->worker_stdout_fd);
210 free(h->user_name);
211 free(h->sysfs);
212
213 h->ref_event_source_please_suspend = sd_event_source_disable_unref(h->ref_event_source_please_suspend);
214 h->ref_event_source_dont_suspend = sd_event_source_disable_unref(h->ref_event_source_dont_suspend);
215
216 h->pending_operations = ordered_set_free(h->pending_operations);
217 h->pending_event_source = sd_event_source_disable_unref(h->pending_event_source);
218 h->deferred_change_event_source = sd_event_source_disable_unref(h->deferred_change_event_source);
219
220 h->current_operation = operation_unref(h->current_operation);
221
222 safe_close(h->pin_fd);
223 safe_close(h->luks_lock_fd);
224
225 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
226
227 return mfree(h);
228 }
229
230 int home_set_record(Home *h, UserRecord *hr) {
231 _cleanup_(user_record_unrefp) UserRecord *new_hr = NULL;
232 Home *other;
233 int r;
234
235 assert(h);
236 assert(h->user_name);
237 assert(h->record);
238 assert(hr);
239
240 if (user_record_equal(h->record, hr))
241 return 0;
242
243 r = suitable_home_record(hr);
244 if (r < 0)
245 return r;
246
247 if (!user_record_compatible(h->record, hr))
248 return -EREMCHG;
249
250 if (!FLAGS_SET(hr->mask, USER_RECORD_REGULAR) ||
251 FLAGS_SET(hr->mask, USER_RECORD_SECRET))
252 return -EINVAL;
253
254 if (FLAGS_SET(h->record->mask, USER_RECORD_STATUS)) {
255 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
256
257 /* Hmm, the existing record has status fields? If so, copy them over */
258
259 v = json_variant_ref(hr->json);
260 r = json_variant_set_field(&v, "status", json_variant_by_key(h->record->json, "status"));
261 if (r < 0)
262 return r;
263
264 new_hr = user_record_new();
265 if (!new_hr)
266 return -ENOMEM;
267
268 r = user_record_load(new_hr, v, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE);
269 if (r < 0)
270 return r;
271
272 hr = new_hr;
273 }
274
275 other = hashmap_get(h->manager->homes_by_uid, UID_TO_PTR(hr->uid));
276 if (other && other != h)
277 return -EBUSY;
278
279 if (h->uid != hr->uid) {
280 r = hashmap_remove_and_replace(h->manager->homes_by_uid, UID_TO_PTR(h->uid), UID_TO_PTR(hr->uid), h);
281 if (r < 0)
282 return r;
283 }
284
285 user_record_unref(h->record);
286 h->record = user_record_ref(hr);
287 h->uid = h->record->uid;
288
289 /* The updated record might have a different autologin setting, trigger a PropertiesChanged event for it */
290 (void) bus_manager_emit_auto_login_changed(h->manager);
291 (void) bus_home_emit_change(h);
292
293 return 0;
294 }
295
296 int home_save_record(Home *h) {
297 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
298 _cleanup_free_ char *text = NULL;
299 const char *fn;
300 int r;
301
302 assert(h);
303
304 v = json_variant_ref(h->record->json);
305 r = json_variant_normalize(&v);
306 if (r < 0)
307 log_warning_errno(r, "User record could not be normalized.");
308
309 r = json_variant_format(v, JSON_FORMAT_PRETTY|JSON_FORMAT_NEWLINE, &text);
310 if (r < 0)
311 return r;
312
313 (void) mkdir("/var/lib/systemd/", 0755);
314 (void) mkdir(home_record_dir(), 0700);
315
316 fn = strjoina(home_record_dir(), "/", h->user_name, ".identity");
317
318 r = write_string_file(fn, text, WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_MODE_0600|WRITE_STRING_FILE_SYNC);
319 if (r < 0)
320 return r;
321
322 return 0;
323 }
324
325 int home_unlink_record(Home *h) {
326 const char *fn;
327
328 assert(h);
329
330 fn = strjoina(home_record_dir(), "/", h->user_name, ".identity");
331 if (unlink(fn) < 0 && errno != ENOENT)
332 return -errno;
333
334 fn = strjoina("/run/systemd/home/", h->user_name, ".ref");
335 if (unlink(fn) < 0 && errno != ENOENT)
336 return -errno;
337
338 return 0;
339 }
340
341 static void home_unpin(Home *h) {
342 assert(h);
343
344 if (h->pin_fd < 0)
345 return;
346
347 h->pin_fd = safe_close(h->pin_fd);
348 log_debug("Successfully closed pin fd on home for %s.", h->user_name);
349 }
350
351 static void home_pin(Home *h) {
352 const char *path;
353
354 assert(h);
355
356 if (h->pin_fd >= 0) /* Already pinned? */
357 return;
358
359 path = user_record_home_directory(h->record);
360 if (!path) {
361 log_warning("No home directory path to pin for %s, ignoring.", h->user_name);
362 return;
363 }
364
365 h->pin_fd = open(path, O_RDONLY|O_DIRECTORY|O_CLOEXEC);
366 if (h->pin_fd < 0) {
367 log_warning_errno(errno, "Couldn't open home directory '%s' for pinning, ignoring: %m", path);
368 return;
369 }
370
371 log_debug("Successfully pinned home directory '%s'.", path);
372 }
373
374 static void home_update_pin_fd(Home *h, HomeState state) {
375 assert(h);
376
377 if (state < 0)
378 state = home_get_state(h);
379
380 return HOME_STATE_SHALL_PIN(state) ? home_pin(h) : home_unpin(h);
381 }
382
383 static void home_maybe_close_luks_lock_fd(Home *h, HomeState state) {
384 assert(h);
385
386 if (h->luks_lock_fd < 0)
387 return;
388
389 if (state < 0)
390 state = home_get_state(h);
391
392 /* Keep the lock as long as the home dir is active or has some operation going */
393 if (HOME_STATE_IS_EXECUTING_OPERATION(state) || HOME_STATE_IS_ACTIVE(state) || state == HOME_LOCKED)
394 return;
395
396 h->luks_lock_fd = safe_close(h->luks_lock_fd);
397 log_debug("Successfully closed LUKS backing file lock for %s.", h->user_name);
398 }
399
400 static void home_maybe_stop_retry_deactivate(Home *h, HomeState state) {
401 assert(h);
402
403 /* Free the deactivation retry event source if we won't need it anymore. Specifically, we'll free the
404 * event source whenever the home directory is already deactivated (and we thus where successful) or
405 * if we start executing an operation that indicates that the home directory is going to be used or
406 * operated on again. Also, if the home is referenced again stop the timer */
407
408 if (HOME_STATE_MAY_RETRY_DEACTIVATE(state) &&
409 !h->ref_event_source_dont_suspend &&
410 !h->ref_event_source_please_suspend)
411 return;
412
413 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
414 }
415
416 static int home_deactivate_internal(Home *h, bool force, sd_bus_error *error);
417 static void home_start_retry_deactivate(Home *h);
418
419 static int home_on_retry_deactivate(sd_event_source *s, uint64_t usec, void *userdata) {
420 Home *h = ASSERT_PTR(userdata);
421 HomeState state;
422
423 assert(s);
424
425 /* 15s after the last attempt to deactivate the home directory passed. Let's try it one more time. */
426
427 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
428
429 state = home_get_state(h);
430 if (!HOME_STATE_MAY_RETRY_DEACTIVATE(state))
431 return 0;
432
433 if (IN_SET(state, HOME_ACTIVE, HOME_LINGERING)) {
434 log_info("Again trying to deactivate home directory.");
435
436 /* If we are not executing any operation, let's start deactivating now. Note that this will
437 * restart our timer again, we are gonna be called again if this doesn't work. */
438 (void) home_deactivate_internal(h, /* force= */ false, NULL);
439 } else
440 /* if we are executing an operation (specifically, area already running a deactivation
441 * operation), then simply reque the timer, so that we retry again. */
442 home_start_retry_deactivate(h);
443
444 return 0;
445 }
446
447 static void home_start_retry_deactivate(Home *h) {
448 int r;
449
450 assert(h);
451 assert(h->manager);
452
453 /* Already allocated? */
454 if (h->retry_deactivate_event_source)
455 return;
456
457 /* If the home directory is being used now don't start the timer */
458 if (h->ref_event_source_dont_suspend || h->ref_event_source_please_suspend)
459 return;
460
461 r = sd_event_add_time_relative(
462 h->manager->event,
463 &h->retry_deactivate_event_source,
464 CLOCK_MONOTONIC,
465 RETRY_DEACTIVATE_USEC,
466 1*USEC_PER_MINUTE,
467 home_on_retry_deactivate,
468 h);
469 if (r < 0)
470 return (void) log_warning_errno(r, "Failed to install retry-deactivate event source, ignoring: %m");
471
472 (void) sd_event_source_set_description(h->retry_deactivate_event_source, "retry-deactivate");
473 }
474
475 static void home_set_state(Home *h, HomeState state) {
476 HomeState old_state, new_state;
477
478 assert(h);
479
480 old_state = home_get_state(h);
481 h->state = state;
482 new_state = home_get_state(h); /* Query the new state, since the 'state' variable might be set to -1,
483 * in which case we synthesize an high-level state on demand */
484
485 log_info("%s: changing state %s %s %s", h->user_name,
486 home_state_to_string(old_state),
487 special_glyph(SPECIAL_GLYPH_ARROW_RIGHT),
488 home_state_to_string(new_state));
489
490 home_update_pin_fd(h, new_state);
491 home_maybe_close_luks_lock_fd(h, new_state);
492 home_maybe_stop_retry_deactivate(h, new_state);
493
494 if (HOME_STATE_IS_EXECUTING_OPERATION(old_state) && !HOME_STATE_IS_EXECUTING_OPERATION(new_state)) {
495 /* If we just finished executing some operation, process the queue of pending operations. And
496 * enqueue it for GC too. */
497
498 home_schedule_operation(h, NULL, NULL);
499 manager_reschedule_rebalance(h->manager);
500 manager_enqueue_gc(h->manager, h);
501 }
502 }
503
504 static int home_parse_worker_stdout(int _fd, UserRecord **ret) {
505 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
506 _cleanup_close_ int fd = _fd; /* take possession, even on failure */
507 _cleanup_(user_record_unrefp) UserRecord *hr = NULL;
508 _cleanup_fclose_ FILE *f = NULL;
509 unsigned line, column;
510 struct stat st;
511 int r;
512
513 if (fstat(fd, &st) < 0)
514 return log_error_errno(errno, "Failed to stat stdout fd: %m");
515
516 assert(S_ISREG(st.st_mode));
517
518 if (st.st_size == 0) { /* empty record */
519 *ret = NULL;
520 return 0;
521 }
522
523 if (lseek(fd, SEEK_SET, 0) == (off_t) -1)
524 return log_error_errno(errno, "Failed to seek to beginning of memfd: %m");
525
526 f = take_fdopen(&fd, "r");
527 if (!f)
528 return log_error_errno(errno, "Failed to reopen memfd: %m");
529
530 if (DEBUG_LOGGING) {
531 _cleanup_free_ char *text = NULL;
532
533 r = read_full_stream(f, &text, NULL);
534 if (r < 0)
535 return log_error_errno(r, "Failed to read from client: %m");
536
537 log_debug("Got from worker: %s", text);
538 rewind(f);
539 }
540
541 r = json_parse_file(f, "stdout", JSON_PARSE_SENSITIVE, &v, &line, &column);
542 if (r < 0)
543 return log_error_errno(r, "Failed to parse identity at %u:%u: %m", line, column);
544
545 hr = user_record_new();
546 if (!hr)
547 return log_oom();
548
549 r = user_record_load(hr, v, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE);
550 if (r < 0)
551 return log_error_errno(r, "Failed to load home record identity: %m");
552
553 *ret = TAKE_PTR(hr);
554 return 1;
555 }
556
557 static int home_verify_user_record(Home *h, UserRecord *hr, bool *ret_signed_locally, sd_bus_error *ret_error) {
558 int is_signed;
559
560 assert(h);
561 assert(hr);
562 assert(ret_signed_locally);
563
564 is_signed = manager_verify_user_record(h->manager, hr);
565 switch (is_signed) {
566
567 case USER_RECORD_SIGNED_EXCLUSIVE:
568 log_info("Home %s is signed exclusively by our key, accepting.", hr->user_name);
569 *ret_signed_locally = true;
570 return 0;
571
572 case USER_RECORD_SIGNED:
573 log_info("Home %s is signed by our key (and others), accepting.", hr->user_name);
574 *ret_signed_locally = false;
575 return 0;
576
577 case USER_RECORD_FOREIGN:
578 log_info("Home %s is signed by foreign key we like, accepting.", hr->user_name);
579 *ret_signed_locally = false;
580 return 0;
581
582 case USER_RECORD_UNSIGNED:
583 sd_bus_error_setf(ret_error, BUS_ERROR_BAD_SIGNATURE, "User record %s is not signed at all, refusing.", hr->user_name);
584 return log_error_errno(SYNTHETIC_ERRNO(EPERM), "Home %s contains user record that is not signed at all, refusing.", hr->user_name);
585
586 case -ENOKEY:
587 sd_bus_error_setf(ret_error, BUS_ERROR_BAD_SIGNATURE, "User record %s is not signed by any known key, refusing.", hr->user_name);
588 return log_error_errno(is_signed, "Home %s contains user record that is not signed by any known key, refusing.", hr->user_name);
589
590 default:
591 assert(is_signed < 0);
592 return log_error_errno(is_signed, "Failed to verify signature on user record for %s, refusing fixation: %m", hr->user_name);
593 }
594 }
595
596 static int convert_worker_errno(Home *h, int e, sd_bus_error *error) {
597 /* Converts the error numbers the worker process returned into somewhat sensible dbus errors */
598
599 switch (e) {
600
601 case -EMSGSIZE:
602 return sd_bus_error_set(error, BUS_ERROR_BAD_HOME_SIZE, "File systems of this type cannot be shrunk");
603 case -ETXTBSY:
604 return sd_bus_error_set(error, BUS_ERROR_BAD_HOME_SIZE, "File systems of this type can only be shrunk offline");
605 case -ERANGE:
606 return sd_bus_error_set(error, BUS_ERROR_BAD_HOME_SIZE, "File system size too small");
607 case -ENOLINK:
608 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "System does not support selected storage backend");
609 case -EPROTONOSUPPORT:
610 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "System does not support selected file system");
611 case -ENOTTY:
612 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "Operation not supported on storage backend");
613 case -ESOCKTNOSUPPORT:
614 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "Operation not supported on file system");
615 case -ENOKEY:
616 return sd_bus_error_setf(error, BUS_ERROR_BAD_PASSWORD, "Password for home %s is incorrect or not sufficient for authentication.", h->user_name);
617 case -EBADSLT:
618 return sd_bus_error_setf(error, BUS_ERROR_BAD_PASSWORD_AND_NO_TOKEN, "Password for home %s is incorrect or not sufficient, and configured security token not found either.", h->user_name);
619 case -EREMOTEIO:
620 return sd_bus_error_setf(error, BUS_ERROR_BAD_RECOVERY_KEY, "Recovery key for home %s is incorrect or not sufficient for authentication.", h->user_name);
621 case -ENOANO:
622 return sd_bus_error_set(error, BUS_ERROR_TOKEN_PIN_NEEDED, "PIN for security token required.");
623 case -ERFKILL:
624 return sd_bus_error_set(error, BUS_ERROR_TOKEN_PROTECTED_AUTHENTICATION_PATH_NEEDED, "Security token requires protected authentication path.");
625 case -EMEDIUMTYPE:
626 return sd_bus_error_set(error, BUS_ERROR_TOKEN_USER_PRESENCE_NEEDED, "Security token requires presence confirmation.");
627 case -ENOCSI:
628 return sd_bus_error_set(error, BUS_ERROR_TOKEN_USER_VERIFICATION_NEEDED, "Security token requires user verification.");
629 case -ENOSTR:
630 return sd_bus_error_set(error, BUS_ERROR_TOKEN_ACTION_TIMEOUT, "Token action timeout. (User was supposed to verify presence or similar, by interacting with the token, and didn't do that in time.)");
631 case -EOWNERDEAD:
632 return sd_bus_error_set(error, BUS_ERROR_TOKEN_PIN_LOCKED, "PIN of security token locked.");
633 case -ENOLCK:
634 return sd_bus_error_set(error, BUS_ERROR_TOKEN_BAD_PIN, "Bad PIN of security token.");
635 case -ETOOMANYREFS:
636 return sd_bus_error_set(error, BUS_ERROR_TOKEN_BAD_PIN_FEW_TRIES_LEFT, "Bad PIN of security token, and only a few tries left.");
637 case -EUCLEAN:
638 return sd_bus_error_set(error, BUS_ERROR_TOKEN_BAD_PIN_ONE_TRY_LEFT, "Bad PIN of security token, and only one try left.");
639 case -EBUSY:
640 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
641 case -ENOEXEC:
642 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s is currently not active", h->user_name);
643 case -ENOSPC:
644 return sd_bus_error_setf(error, BUS_ERROR_NO_DISK_SPACE, "Not enough disk space for home %s", h->user_name);
645 case -EKEYREVOKED:
646 return sd_bus_error_setf(error, BUS_ERROR_HOME_CANT_AUTHENTICATE, "Home %s has no password or other authentication mechanism defined.", h->user_name);
647 case -EADDRINUSE:
648 return sd_bus_error_setf(error, BUS_ERROR_HOME_IN_USE, "Home %s is currently being used elsewhere.", h->user_name);
649 }
650
651 return 0;
652 }
653
654 static void home_count_bad_authentication(Home *h, bool save) {
655 int r;
656
657 assert(h);
658
659 r = user_record_bad_authentication(h->record);
660 if (r < 0) {
661 log_warning_errno(r, "Failed to increase bad authentication counter, ignoring: %m");
662 return;
663 }
664
665 if (save) {
666 r = home_save_record(h);
667 if (r < 0)
668 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
669 }
670 }
671
672 static void home_fixate_finish(Home *h, int ret, UserRecord *hr) {
673 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
674 _cleanup_(user_record_unrefp) UserRecord *secret = NULL;
675 bool signed_locally;
676 int r;
677
678 assert(h);
679 assert(IN_SET(h->state, HOME_FIXATING, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE));
680
681 secret = TAKE_PTR(h->secret); /* Take possession */
682
683 if (ret < 0) {
684 if (ret == -ENOKEY)
685 (void) home_count_bad_authentication(h, false);
686
687 (void) convert_worker_errno(h, ret, &error);
688 r = log_error_errno(ret, "Fixation failed: %m");
689 goto fail;
690 }
691 if (!hr) {
692 r = log_error_errno(SYNTHETIC_ERRNO(EIO), "Did not receive user record from worker process, fixation failed.");
693 goto fail;
694 }
695
696 r = home_verify_user_record(h, hr, &signed_locally, &error);
697 if (r < 0)
698 goto fail;
699
700 r = home_set_record(h, hr);
701 if (r < 0) {
702 log_error_errno(r, "Failed to update home record: %m");
703 goto fail;
704 }
705
706 h->signed_locally = signed_locally;
707
708 /* When we finished fixating (and don't follow-up with activation), let's count this as good authentication */
709 if (h->state == HOME_FIXATING) {
710 r = user_record_good_authentication(h->record);
711 if (r < 0)
712 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
713 }
714
715 r = home_save_record(h);
716 if (r < 0)
717 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
718
719 if (IN_SET(h->state, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE)) {
720
721 r = home_start_work(h, "activate", h->record, secret);
722 if (r < 0) {
723 h->current_operation = operation_result_unref(h->current_operation, r, NULL);
724 home_set_state(h, _HOME_STATE_INVALID);
725 } else
726 home_set_state(h, h->state == HOME_FIXATING_FOR_ACTIVATION ? HOME_ACTIVATING : HOME_ACTIVATING_FOR_ACQUIRE);
727
728 return;
729 }
730
731 log_debug("Fixation of %s completed.", h->user_name);
732
733 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
734
735 /* Reset the state to "invalid", which makes home_get_state() test if the image exists and returns
736 * HOME_ABSENT vs. HOME_INACTIVE as necessary. */
737 home_set_state(h, _HOME_STATE_INVALID);
738 (void) manager_schedule_rebalance(h->manager, /* immediately= */ false);
739 return;
740
741 fail:
742 /* If fixation fails, we stay in unfixated state! */
743 h->current_operation = operation_result_unref(h->current_operation, r, &error);
744 home_set_state(h, HOME_UNFIXATED);
745 }
746
747 static void home_activate_finish(Home *h, int ret, UserRecord *hr) {
748 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
749 int r;
750
751 assert(h);
752 assert(IN_SET(h->state, HOME_ACTIVATING, HOME_ACTIVATING_FOR_ACQUIRE));
753
754 if (ret < 0) {
755 if (ret == -ENOKEY)
756 home_count_bad_authentication(h, true);
757
758 (void) convert_worker_errno(h, ret, &error);
759 r = log_error_errno(ret, "Activation failed: %m");
760 goto finish;
761 }
762
763 if (hr) {
764 bool signed_locally;
765
766 r = home_verify_user_record(h, hr, &signed_locally, &error);
767 if (r < 0)
768 goto finish;
769
770 r = home_set_record(h, hr);
771 if (r < 0) {
772 log_error_errno(r, "Failed to update home record, ignoring: %m");
773 goto finish;
774 }
775
776 h->signed_locally = signed_locally;
777
778 r = user_record_good_authentication(h->record);
779 if (r < 0)
780 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
781
782 r = home_save_record(h);
783 if (r < 0)
784 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
785 }
786
787 log_debug("Activation of %s completed.", h->user_name);
788 r = 0;
789
790 finish:
791 h->current_operation = operation_result_unref(h->current_operation, r, &error);
792 home_set_state(h, _HOME_STATE_INVALID);
793
794 if (r >= 0)
795 (void) manager_schedule_rebalance(h->manager, /* immediately= */ true);
796 }
797
798 static void home_deactivate_finish(Home *h, int ret, UserRecord *hr) {
799 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
800 int r;
801
802 assert(h);
803 assert(h->state == HOME_DEACTIVATING);
804 assert(!hr); /* We don't expect a record on this operation */
805
806 if (ret < 0) {
807 (void) convert_worker_errno(h, ret, &error);
808 r = log_error_errno(ret, "Deactivation of %s failed: %m", h->user_name);
809 goto finish;
810 }
811
812 log_debug("Deactivation of %s completed.", h->user_name);
813 r = 0;
814
815 finish:
816 h->current_operation = operation_result_unref(h->current_operation, r, &error);
817 home_set_state(h, _HOME_STATE_INVALID);
818
819 if (r >= 0)
820 (void) manager_schedule_rebalance(h->manager, /* immediately= */ true);
821 }
822
823 static void home_remove_finish(Home *h, int ret, UserRecord *hr) {
824 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
825 Manager *m;
826 int r;
827
828 assert(h);
829 assert(h->state == HOME_REMOVING);
830 assert(!hr); /* We don't expect a record on this operation */
831
832 m = h->manager;
833
834 if (ret < 0 && ret != -EALREADY) {
835 (void) convert_worker_errno(h, ret, &error);
836 r = log_error_errno(ret, "Removing %s failed: %m", h->user_name);
837 goto fail;
838 }
839
840 /* For a couple of storage types we can't delete the actual data storage when called (such as LUKS on
841 * partitions like USB sticks, or so). Sometimes these storage locations are among those we normally
842 * automatically discover in /home or in udev. When such a home is deleted let's hence issue a rescan
843 * after completion, so that "unfixated" entries are rediscovered. */
844 if (!IN_SET(user_record_test_image_path(h->record), USER_TEST_UNDEFINED, USER_TEST_ABSENT))
845 manager_enqueue_rescan(m);
846
847 /* The image is now removed from disk. Now also remove our stored record */
848 r = home_unlink_record(h);
849 if (r < 0) {
850 log_error_errno(r, "Removing record file failed: %m");
851 goto fail;
852 }
853
854 log_debug("Removal of %s completed.", h->user_name);
855 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
856
857 /* Unload this record from memory too now. */
858 h = home_free(h);
859
860 (void) manager_schedule_rebalance(m, /* immediately= */ true);
861 return;
862
863 fail:
864 h->current_operation = operation_result_unref(h->current_operation, r, &error);
865 home_set_state(h, _HOME_STATE_INVALID);
866 }
867
868 static void home_create_finish(Home *h, int ret, UserRecord *hr) {
869 int r;
870
871 assert(h);
872 assert(h->state == HOME_CREATING);
873
874 if (ret < 0) {
875 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
876
877 (void) convert_worker_errno(h, ret, &error);
878 log_error_errno(ret, "Operation on %s failed: %m", h->user_name);
879 h->current_operation = operation_result_unref(h->current_operation, ret, &error);
880
881 if (h->unregister_on_failure) {
882 (void) home_unlink_record(h);
883 h = home_free(h);
884 return;
885 }
886
887 home_set_state(h, _HOME_STATE_INVALID);
888 return;
889 }
890
891 if (hr) {
892 r = home_set_record(h, hr);
893 if (r < 0)
894 log_warning_errno(r, "Failed to update home record, ignoring: %m");
895 }
896
897 r = home_save_record(h);
898 if (r < 0)
899 log_warning_errno(r, "Failed to save record to disk, ignoring: %m");
900
901 log_debug("Creation of %s completed.", h->user_name);
902
903 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
904 home_set_state(h, _HOME_STATE_INVALID);
905
906 (void) manager_schedule_rebalance(h->manager, /* immediately= */ true);
907 }
908
909 static void home_change_finish(Home *h, int ret, UserRecord *hr) {
910 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
911 int r;
912
913 assert(h);
914
915 if (ret < 0) {
916 if (ret == -ENOKEY)
917 (void) home_count_bad_authentication(h, true);
918
919 (void) convert_worker_errno(h, ret, &error);
920 r = log_error_errno(ret, "Change operation failed: %m");
921 goto finish;
922 }
923
924 if (hr) {
925 r = home_set_record(h, hr);
926 if (r < 0)
927 log_warning_errno(r, "Failed to update home record, ignoring: %m");
928 else {
929 r = user_record_good_authentication(h->record);
930 if (r < 0)
931 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
932
933 r = home_save_record(h);
934 if (r < 0)
935 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
936 }
937 }
938
939 log_debug("Change operation of %s completed.", h->user_name);
940 (void) manager_schedule_rebalance(h->manager, /* immediately= */ false);
941 r = 0;
942
943 finish:
944 h->current_operation = operation_result_unref(h->current_operation, r, &error);
945 home_set_state(h, _HOME_STATE_INVALID);
946 }
947
948 static void home_locking_finish(Home *h, int ret, UserRecord *hr) {
949 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
950 int r;
951
952 assert(h);
953 assert(h->state == HOME_LOCKING);
954
955 if (ret < 0) {
956 (void) convert_worker_errno(h, ret, &error);
957 r = log_error_errno(ret, "Locking operation failed: %m");
958 goto finish;
959 }
960
961 log_debug("Locking operation of %s completed.", h->user_name);
962 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
963 home_set_state(h, HOME_LOCKED);
964 return;
965
966 finish:
967 /* If a specific home doesn't know the concept of locking, then that's totally OK, don't propagate
968 * the error if we are executing a LockAllHomes() operation. */
969
970 if (h->current_operation->type == OPERATION_LOCK_ALL && r == -ENOTTY)
971 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
972 else
973 h->current_operation = operation_result_unref(h->current_operation, r, &error);
974
975 home_set_state(h, _HOME_STATE_INVALID);
976 }
977
978 static void home_unlocking_finish(Home *h, int ret, UserRecord *hr) {
979 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
980 int r;
981
982 assert(h);
983 assert(IN_SET(h->state, HOME_UNLOCKING, HOME_UNLOCKING_FOR_ACQUIRE));
984
985 if (ret < 0) {
986 if (ret == -ENOKEY)
987 (void) home_count_bad_authentication(h, true);
988
989 (void) convert_worker_errno(h, ret, &error);
990 r = log_error_errno(ret, "Unlocking operation failed: %m");
991
992 /* Revert to locked state */
993 home_set_state(h, HOME_LOCKED);
994 h->current_operation = operation_result_unref(h->current_operation, r, &error);
995 return;
996 }
997
998 r = user_record_good_authentication(h->record);
999 if (r < 0)
1000 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
1001 else {
1002 r = home_save_record(h);
1003 if (r < 0)
1004 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
1005 }
1006
1007 log_debug("Unlocking operation of %s completed.", h->user_name);
1008
1009 h->current_operation = operation_result_unref(h->current_operation, r, &error);
1010 home_set_state(h, _HOME_STATE_INVALID);
1011 return;
1012 }
1013
1014 static void home_authenticating_finish(Home *h, int ret, UserRecord *hr) {
1015 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1016 int r;
1017
1018 assert(h);
1019 assert(IN_SET(h->state, HOME_AUTHENTICATING, HOME_AUTHENTICATING_WHILE_ACTIVE, HOME_AUTHENTICATING_FOR_ACQUIRE));
1020
1021 if (ret < 0) {
1022 if (ret == -ENOKEY)
1023 (void) home_count_bad_authentication(h, true);
1024
1025 (void) convert_worker_errno(h, ret, &error);
1026 r = log_error_errno(ret, "Authentication failed: %m");
1027 goto finish;
1028 }
1029
1030 if (hr) {
1031 r = home_set_record(h, hr);
1032 if (r < 0)
1033 log_warning_errno(r, "Failed to update home record, ignoring: %m");
1034 else {
1035 r = user_record_good_authentication(h->record);
1036 if (r < 0)
1037 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
1038
1039 r = home_save_record(h);
1040 if (r < 0)
1041 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
1042 }
1043 }
1044
1045 log_debug("Authentication of %s completed.", h->user_name);
1046 r = 0;
1047
1048 finish:
1049 h->current_operation = operation_result_unref(h->current_operation, r, &error);
1050 home_set_state(h, _HOME_STATE_INVALID);
1051 }
1052
1053 static int home_on_worker_process(sd_event_source *s, const siginfo_t *si, void *userdata) {
1054 _cleanup_(user_record_unrefp) UserRecord *hr = NULL;
1055 Home *h = ASSERT_PTR(userdata);
1056 int ret;
1057
1058 assert(s);
1059 assert(si);
1060
1061 assert(h->worker_pid == si->si_pid);
1062 assert(h->worker_event_source);
1063 assert(h->worker_stdout_fd >= 0);
1064
1065 (void) hashmap_remove_value(h->manager->homes_by_worker_pid, PID_TO_PTR(h->worker_pid), h);
1066
1067 h->worker_pid = 0;
1068 h->worker_event_source = sd_event_source_disable_unref(h->worker_event_source);
1069
1070 if (si->si_code != CLD_EXITED) {
1071 assert(IN_SET(si->si_code, CLD_KILLED, CLD_DUMPED));
1072 ret = log_debug_errno(SYNTHETIC_ERRNO(EPROTO), "Worker process died abnormally with signal %s.", signal_to_string(si->si_status));
1073 } else if (si->si_status != EXIT_SUCCESS) {
1074 /* If we received an error code via sd_notify(), use it */
1075 if (h->worker_error_code != 0)
1076 ret = log_debug_errno(h->worker_error_code, "Worker reported error code %s.", errno_to_name(h->worker_error_code));
1077 else
1078 ret = log_debug_errno(SYNTHETIC_ERRNO(EPROTO), "Worker exited with exit code %i.", si->si_status);
1079 } else
1080 ret = home_parse_worker_stdout(TAKE_FD(h->worker_stdout_fd), &hr);
1081
1082 h->worker_stdout_fd = safe_close(h->worker_stdout_fd);
1083
1084 switch (h->state) {
1085
1086 case HOME_FIXATING:
1087 case HOME_FIXATING_FOR_ACTIVATION:
1088 case HOME_FIXATING_FOR_ACQUIRE:
1089 home_fixate_finish(h, ret, hr);
1090 break;
1091
1092 case HOME_ACTIVATING:
1093 case HOME_ACTIVATING_FOR_ACQUIRE:
1094 home_activate_finish(h, ret, hr);
1095 break;
1096
1097 case HOME_DEACTIVATING:
1098 home_deactivate_finish(h, ret, hr);
1099 break;
1100
1101 case HOME_LOCKING:
1102 home_locking_finish(h, ret, hr);
1103 break;
1104
1105 case HOME_UNLOCKING:
1106 case HOME_UNLOCKING_FOR_ACQUIRE:
1107 home_unlocking_finish(h, ret, hr);
1108 break;
1109
1110 case HOME_CREATING:
1111 home_create_finish(h, ret, hr);
1112 break;
1113
1114 case HOME_REMOVING:
1115 home_remove_finish(h, ret, hr);
1116 break;
1117
1118 case HOME_UPDATING:
1119 case HOME_UPDATING_WHILE_ACTIVE:
1120 case HOME_RESIZING:
1121 case HOME_RESIZING_WHILE_ACTIVE:
1122 case HOME_PASSWD:
1123 case HOME_PASSWD_WHILE_ACTIVE:
1124 home_change_finish(h, ret, hr);
1125 break;
1126
1127 case HOME_AUTHENTICATING:
1128 case HOME_AUTHENTICATING_WHILE_ACTIVE:
1129 case HOME_AUTHENTICATING_FOR_ACQUIRE:
1130 home_authenticating_finish(h, ret, hr);
1131 break;
1132
1133 default:
1134 assert_not_reached();
1135 }
1136
1137 return 0;
1138 }
1139
1140 static int home_start_work(Home *h, const char *verb, UserRecord *hr, UserRecord *secret) {
1141 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1142 _cleanup_(erase_and_freep) char *formatted = NULL;
1143 _cleanup_close_ int stdin_fd = -EBADF, stdout_fd = -EBADF;
1144 pid_t pid = 0;
1145 int r;
1146
1147 assert(h);
1148 assert(verb);
1149 assert(hr);
1150
1151 if (h->worker_pid != 0)
1152 return -EBUSY;
1153
1154 assert(h->worker_stdout_fd < 0);
1155 assert(!h->worker_event_source);
1156
1157 v = json_variant_ref(hr->json);
1158
1159 if (secret) {
1160 JsonVariant *sub = NULL;
1161
1162 sub = json_variant_by_key(secret->json, "secret");
1163 if (!sub)
1164 return -ENOKEY;
1165
1166 r = json_variant_set_field(&v, "secret", sub);
1167 if (r < 0)
1168 return r;
1169 }
1170
1171 r = json_variant_format(v, 0, &formatted);
1172 if (r < 0)
1173 return r;
1174
1175 stdin_fd = acquire_data_fd(formatted, strlen(formatted), 0);
1176 if (stdin_fd < 0)
1177 return stdin_fd;
1178
1179 log_debug("Sending to worker: %s", formatted);
1180
1181 stdout_fd = memfd_create_wrapper("homework-stdout", MFD_CLOEXEC | MFD_NOEXEC_SEAL);
1182 if (stdout_fd < 0)
1183 return stdout_fd;
1184
1185 r = safe_fork_full("(sd-homework)",
1186 (int[]) { stdin_fd, stdout_fd, STDERR_FILENO },
1187 NULL, 0,
1188 FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_REARRANGE_STDIO|FORK_LOG|FORK_REOPEN_LOG, &pid);
1189 if (r < 0)
1190 return r;
1191 if (r == 0) {
1192 _cleanup_free_ char *joined = NULL;
1193 const char *homework, *suffix, *unix_path;
1194
1195 /* Child */
1196
1197 suffix = getenv("SYSTEMD_HOME_DEBUG_SUFFIX");
1198 if (suffix) {
1199 joined = strjoin("/run/systemd/home/notify.", suffix);
1200 if (!joined)
1201 return log_oom();
1202 unix_path = joined;
1203 } else
1204 unix_path = "/run/systemd/home/notify";
1205
1206 if (setenv("NOTIFY_SOCKET", unix_path, 1) < 0) {
1207 log_error_errno(errno, "Failed to set $NOTIFY_SOCKET: %m");
1208 _exit(EXIT_FAILURE);
1209 }
1210
1211 /* If we haven't locked the device yet, ask for a lock to be taken and be passed back to us via sd_notify(). */
1212 if (setenv("SYSTEMD_LUKS_LOCK", one_zero(h->luks_lock_fd < 0), 1) < 0) {
1213 log_error_errno(errno, "Failed to set $SYSTEMD_LUKS_LOCK: %m");
1214 _exit(EXIT_FAILURE);
1215 }
1216
1217 if (h->manager->default_storage >= 0)
1218 if (setenv("SYSTEMD_HOME_DEFAULT_STORAGE", user_storage_to_string(h->manager->default_storage), 1) < 0) {
1219 log_error_errno(errno, "Failed to set $SYSTEMD_HOME_DEFAULT_STORAGE: %m");
1220 _exit(EXIT_FAILURE);
1221 }
1222
1223 if (h->manager->default_file_system_type)
1224 if (setenv("SYSTEMD_HOME_DEFAULT_FILE_SYSTEM_TYPE", h->manager->default_file_system_type, 1) < 0) {
1225 log_error_errno(errno, "Failed to set $SYSTEMD_HOME_DEFAULT_FILE_SYSTEM_TYPE: %m");
1226 _exit(EXIT_FAILURE);
1227 }
1228
1229 r = setenv_systemd_exec_pid(true);
1230 if (r < 0)
1231 log_warning_errno(r, "Failed to update $SYSTEMD_EXEC_PID, ignoring: %m");
1232
1233 /* Allow overriding the homework path via an environment variable, to make debugging
1234 * easier. */
1235 homework = getenv("SYSTEMD_HOMEWORK_PATH") ?: SYSTEMD_HOMEWORK_PATH;
1236
1237 execl(homework, homework, verb, NULL);
1238 log_error_errno(errno, "Failed to invoke %s: %m", homework);
1239 _exit(EXIT_FAILURE);
1240 }
1241
1242 r = sd_event_add_child(h->manager->event, &h->worker_event_source, pid, WEXITED, home_on_worker_process, h);
1243 if (r < 0)
1244 return r;
1245
1246 (void) sd_event_source_set_description(h->worker_event_source, "worker");
1247
1248 r = hashmap_put(h->manager->homes_by_worker_pid, PID_TO_PTR(pid), h);
1249 if (r < 0) {
1250 h->worker_event_source = sd_event_source_disable_unref(h->worker_event_source);
1251 return r;
1252 }
1253
1254 h->worker_stdout_fd = TAKE_FD(stdout_fd);
1255 h->worker_pid = pid;
1256 h->worker_error_code = 0;
1257
1258 return 0;
1259 }
1260
1261 static int home_ratelimit(Home *h, sd_bus_error *error) {
1262 int r, ret;
1263
1264 assert(h);
1265
1266 ret = user_record_ratelimit(h->record);
1267 if (ret < 0)
1268 return ret;
1269
1270 if (h->state != HOME_UNFIXATED) {
1271 r = home_save_record(h);
1272 if (r < 0)
1273 log_warning_errno(r, "Failed to save updated record, ignoring: %m");
1274 }
1275
1276 if (ret == 0) {
1277 usec_t t, n;
1278
1279 n = now(CLOCK_REALTIME);
1280 t = user_record_ratelimit_next_try(h->record);
1281
1282 if (t != USEC_INFINITY && t > n)
1283 return sd_bus_error_setf(error, BUS_ERROR_AUTHENTICATION_LIMIT_HIT,
1284 "Too many login attempts, please try again in %s!",
1285 FORMAT_TIMESPAN(t - n, USEC_PER_SEC));
1286
1287 return sd_bus_error_set(error, BUS_ERROR_AUTHENTICATION_LIMIT_HIT, "Too many login attempts, please try again later.");
1288 }
1289
1290 return 0;
1291 }
1292
1293 static int home_fixate_internal(
1294 Home *h,
1295 UserRecord *secret,
1296 HomeState for_state,
1297 sd_bus_error *error) {
1298
1299 int r;
1300
1301 assert(h);
1302 assert(IN_SET(for_state, HOME_FIXATING, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE));
1303
1304 r = home_start_work(h, "inspect", h->record, secret);
1305 if (r < 0)
1306 return r;
1307
1308 if (IN_SET(for_state, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE)) {
1309 /* Remember the secret data, since we need it for the activation again, later on. */
1310 user_record_unref(h->secret);
1311 h->secret = user_record_ref(secret);
1312 }
1313
1314 home_set_state(h, for_state);
1315 return 0;
1316 }
1317
1318 int home_fixate(Home *h, UserRecord *secret, sd_bus_error *error) {
1319 int r;
1320
1321 assert(h);
1322
1323 switch (home_get_state(h)) {
1324 case HOME_ABSENT:
1325 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1326 case HOME_INACTIVE:
1327 case HOME_DIRTY:
1328 case HOME_ACTIVE:
1329 case HOME_LINGERING:
1330 case HOME_LOCKED:
1331 return sd_bus_error_setf(error, BUS_ERROR_HOME_ALREADY_FIXATED, "Home %s is already fixated.", h->user_name);
1332 case HOME_UNFIXATED:
1333 break;
1334 default:
1335 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1336 }
1337
1338 r = home_ratelimit(h, error);
1339 if (r < 0)
1340 return r;
1341
1342 return home_fixate_internal(h, secret, HOME_FIXATING, error);
1343 }
1344
1345 static int home_activate_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1346 int r;
1347
1348 assert(h);
1349 assert(IN_SET(for_state, HOME_ACTIVATING, HOME_ACTIVATING_FOR_ACQUIRE));
1350
1351 r = home_start_work(h, "activate", h->record, secret);
1352 if (r < 0)
1353 return r;
1354
1355 home_set_state(h, for_state);
1356 return 0;
1357 }
1358
1359 int home_activate(Home *h, UserRecord *secret, sd_bus_error *error) {
1360 int r;
1361
1362 assert(h);
1363
1364 switch (home_get_state(h)) {
1365 case HOME_UNFIXATED:
1366 return home_fixate_internal(h, secret, HOME_FIXATING_FOR_ACTIVATION, error);
1367 case HOME_ABSENT:
1368 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1369 case HOME_ACTIVE:
1370 return sd_bus_error_setf(error, BUS_ERROR_HOME_ALREADY_ACTIVE, "Home %s is already active.", h->user_name);
1371 case HOME_LINGERING:
1372 /* If we are lingering, i.e. active but are supposed to be deactivated, then cancel this
1373 * timer if the user explicitly asks us to be active */
1374 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
1375 return 0;
1376 case HOME_LOCKED:
1377 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1378 case HOME_INACTIVE:
1379 case HOME_DIRTY:
1380 break;
1381 default:
1382 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1383 }
1384
1385 r = home_ratelimit(h, error);
1386 if (r < 0)
1387 return r;
1388
1389 return home_activate_internal(h, secret, HOME_ACTIVATING, error);
1390 }
1391
1392 static int home_authenticate_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1393 int r;
1394
1395 assert(h);
1396 assert(IN_SET(for_state, HOME_AUTHENTICATING, HOME_AUTHENTICATING_WHILE_ACTIVE, HOME_AUTHENTICATING_FOR_ACQUIRE));
1397
1398 r = home_start_work(h, "inspect", h->record, secret);
1399 if (r < 0)
1400 return r;
1401
1402 home_set_state(h, for_state);
1403 return 0;
1404 }
1405
1406 int home_authenticate(Home *h, UserRecord *secret, sd_bus_error *error) {
1407 HomeState state;
1408 int r;
1409
1410 assert(h);
1411
1412 state = home_get_state(h);
1413 switch (state) {
1414 case HOME_ABSENT:
1415 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1416 case HOME_LOCKED:
1417 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1418 case HOME_UNFIXATED:
1419 case HOME_INACTIVE:
1420 case HOME_DIRTY:
1421 case HOME_ACTIVE:
1422 case HOME_LINGERING:
1423 break;
1424 default:
1425 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1426 }
1427
1428 r = home_ratelimit(h, error);
1429 if (r < 0)
1430 return r;
1431
1432 return home_authenticate_internal(h, secret, HOME_STATE_IS_ACTIVE(state) ? HOME_AUTHENTICATING_WHILE_ACTIVE : HOME_AUTHENTICATING, error);
1433 }
1434
1435 static int home_deactivate_internal(Home *h, bool force, sd_bus_error *error) {
1436 int r;
1437
1438 assert(h);
1439
1440 home_unpin(h); /* unpin so that we can deactivate */
1441
1442 r = home_start_work(h, force ? "deactivate-force" : "deactivate", h->record, NULL);
1443 if (r < 0)
1444 /* Operation failed before it even started, reacquire pin fd, if state still dictates so */
1445 home_update_pin_fd(h, _HOME_STATE_INVALID);
1446 else {
1447 home_set_state(h, HOME_DEACTIVATING);
1448 r = 0;
1449 }
1450
1451 /* Let's start a timer to retry deactivation in 15. We'll stop the timer once we manage to deactivate
1452 * the home directory again, or we start any other operation. */
1453 home_start_retry_deactivate(h);
1454
1455 return r;
1456 }
1457
1458 int home_deactivate(Home *h, bool force, sd_bus_error *error) {
1459 assert(h);
1460
1461 switch (home_get_state(h)) {
1462 case HOME_UNFIXATED:
1463 case HOME_ABSENT:
1464 case HOME_INACTIVE:
1465 case HOME_DIRTY:
1466 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s not active.", h->user_name);
1467 case HOME_LOCKED:
1468 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1469 case HOME_ACTIVE:
1470 case HOME_LINGERING:
1471 break;
1472 default:
1473 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1474 }
1475
1476 return home_deactivate_internal(h, force, error);
1477 }
1478
1479 int home_create(Home *h, UserRecord *secret, sd_bus_error *error) {
1480 int r;
1481
1482 assert(h);
1483
1484 switch (home_get_state(h)) {
1485 case HOME_INACTIVE: {
1486 int t;
1487
1488 if (h->record->storage < 0)
1489 break; /* if no storage is defined we don't know what precisely to look for, hence
1490 * HOME_INACTIVE is OK in that case too. */
1491
1492 t = user_record_test_image_path(h->record);
1493 if (IN_SET(t, USER_TEST_MAYBE, USER_TEST_UNDEFINED))
1494 break; /* And if the image path test isn't conclusive, let's also go on */
1495
1496 if (IN_SET(t, -EBADF, -ENOTDIR))
1497 return sd_bus_error_setf(error, BUS_ERROR_HOME_EXISTS, "Selected home image of user %s already exists or has wrong inode type.", h->user_name);
1498
1499 return sd_bus_error_setf(error, BUS_ERROR_HOME_EXISTS, "Selected home image of user %s already exists.", h->user_name);
1500 }
1501 case HOME_UNFIXATED:
1502 case HOME_DIRTY:
1503 return sd_bus_error_setf(error, BUS_ERROR_HOME_EXISTS, "Home of user %s already exists.", h->user_name);
1504 case HOME_ABSENT:
1505 break;
1506 case HOME_ACTIVE:
1507 case HOME_LINGERING:
1508 case HOME_LOCKED:
1509 default:
1510 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1511 }
1512
1513 if (h->record->enforce_password_policy == false)
1514 log_debug("Password quality check turned off for account, skipping.");
1515 else {
1516 r = user_record_quality_check_password(h->record, secret, error);
1517 if (r < 0)
1518 return r;
1519 }
1520
1521 r = home_start_work(h, "create", h->record, secret);
1522 if (r < 0)
1523 return r;
1524
1525 home_set_state(h, HOME_CREATING);
1526 return 0;
1527 }
1528
1529 int home_remove(Home *h, sd_bus_error *error) {
1530 HomeState state;
1531 int r;
1532
1533 assert(h);
1534
1535 state = home_get_state(h);
1536 switch (state) {
1537 case HOME_ABSENT: /* If the home directory is absent, then this is just like unregistering */
1538 return home_unregister(h, error);
1539 case HOME_LOCKED:
1540 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1541 case HOME_UNFIXATED:
1542 case HOME_INACTIVE:
1543 case HOME_DIRTY:
1544 break;
1545 case HOME_ACTIVE:
1546 case HOME_LINGERING:
1547 default:
1548 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1549 }
1550
1551 r = home_start_work(h, "remove", h->record, NULL);
1552 if (r < 0)
1553 return r;
1554
1555 home_set_state(h, HOME_REMOVING);
1556 return 0;
1557 }
1558
1559 static int user_record_extend_with_binding(UserRecord *hr, UserRecord *with_binding, UserRecordLoadFlags flags, UserRecord **ret) {
1560 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1561 _cleanup_(user_record_unrefp) UserRecord *nr = NULL;
1562 JsonVariant *binding;
1563 int r;
1564
1565 assert(hr);
1566 assert(with_binding);
1567 assert(ret);
1568
1569 assert_se(v = json_variant_ref(hr->json));
1570
1571 binding = json_variant_by_key(with_binding->json, "binding");
1572 if (binding) {
1573 r = json_variant_set_field(&v, "binding", binding);
1574 if (r < 0)
1575 return r;
1576 }
1577
1578 nr = user_record_new();
1579 if (!nr)
1580 return -ENOMEM;
1581
1582 r = user_record_load(nr, v, flags);
1583 if (r < 0)
1584 return r;
1585
1586 *ret = TAKE_PTR(nr);
1587 return 0;
1588 }
1589
1590 static int home_update_internal(
1591 Home *h,
1592 const char *verb,
1593 UserRecord *hr,
1594 UserRecord *secret,
1595 sd_bus_error *error) {
1596
1597 _cleanup_(user_record_unrefp) UserRecord *new_hr = NULL, *saved_secret = NULL, *signed_hr = NULL;
1598 int r, c;
1599
1600 assert(h);
1601 assert(verb);
1602 assert(hr);
1603
1604 if (!user_record_compatible(hr, h->record))
1605 return sd_bus_error_set(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Updated user record is not compatible with existing one.");
1606 c = user_record_compare_last_change(hr, h->record); /* refuse downgrades */
1607 if (c < 0)
1608 return sd_bus_error_set(error, BUS_ERROR_HOME_RECORD_DOWNGRADE, "Refusing to update to older home record.");
1609
1610 if (!secret && FLAGS_SET(hr->mask, USER_RECORD_SECRET)) {
1611 r = user_record_clone(hr, USER_RECORD_EXTRACT_SECRET|USER_RECORD_PERMISSIVE, &saved_secret);
1612 if (r < 0)
1613 return r;
1614
1615 secret = saved_secret;
1616 }
1617
1618 r = manager_verify_user_record(h->manager, hr);
1619 switch (r) {
1620
1621 case USER_RECORD_UNSIGNED:
1622 if (h->signed_locally <= 0) /* If the existing record is not owned by us, don't accept an
1623 * unsigned new record. i.e. only implicitly sign new records
1624 * that where previously signed by us too. */
1625 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1626
1627 /* The updated record is not signed, then do so now */
1628 r = manager_sign_user_record(h->manager, hr, &signed_hr, error);
1629 if (r < 0)
1630 return r;
1631
1632 hr = signed_hr;
1633 break;
1634
1635 case USER_RECORD_SIGNED_EXCLUSIVE:
1636 case USER_RECORD_SIGNED:
1637 case USER_RECORD_FOREIGN:
1638 /* Has already been signed. Great! */
1639 break;
1640
1641 case -ENOKEY:
1642 default:
1643 return r;
1644 }
1645
1646 r = user_record_extend_with_binding(hr, h->record, USER_RECORD_LOAD_MASK_SECRET|USER_RECORD_PERMISSIVE, &new_hr);
1647 if (r < 0)
1648 return r;
1649
1650 if (c == 0) {
1651 /* different payload but same lastChangeUSec field? That's not cool! */
1652
1653 r = user_record_masked_equal(new_hr, h->record, USER_RECORD_REGULAR|USER_RECORD_PRIVILEGED|USER_RECORD_PER_MACHINE);
1654 if (r < 0)
1655 return r;
1656 if (r == 0)
1657 return sd_bus_error_set(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Home record different but timestamp remained the same, refusing.");
1658 }
1659
1660 r = home_start_work(h, verb, new_hr, secret);
1661 if (r < 0)
1662 return r;
1663
1664 return 0;
1665 }
1666
1667 int home_update(Home *h, UserRecord *hr, sd_bus_error *error) {
1668 HomeState state;
1669 int r;
1670
1671 assert(h);
1672 assert(hr);
1673
1674 state = home_get_state(h);
1675 switch (state) {
1676 case HOME_UNFIXATED:
1677 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1678 case HOME_ABSENT:
1679 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1680 case HOME_LOCKED:
1681 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1682 case HOME_INACTIVE:
1683 case HOME_DIRTY:
1684 case HOME_ACTIVE:
1685 case HOME_LINGERING:
1686 break;
1687 default:
1688 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1689 }
1690
1691 r = home_ratelimit(h, error);
1692 if (r < 0)
1693 return r;
1694
1695 r = home_update_internal(h, "update", hr, NULL, error);
1696 if (r < 0)
1697 return r;
1698
1699 home_set_state(h, HOME_STATE_IS_ACTIVE(state) ? HOME_UPDATING_WHILE_ACTIVE : HOME_UPDATING);
1700 return 0;
1701 }
1702
1703 int home_resize(Home *h,
1704 uint64_t disk_size,
1705 UserRecord *secret,
1706 bool automatic,
1707 sd_bus_error *error) {
1708
1709 _cleanup_(user_record_unrefp) UserRecord *c = NULL;
1710 HomeState state;
1711 int r;
1712
1713 assert(h);
1714
1715 state = home_get_state(h);
1716 switch (state) {
1717 case HOME_UNFIXATED:
1718 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1719 case HOME_ABSENT:
1720 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1721 case HOME_LOCKED:
1722 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1723 case HOME_INACTIVE:
1724 case HOME_DIRTY:
1725 case HOME_ACTIVE:
1726 case HOME_LINGERING:
1727 break;
1728 default:
1729 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1730 }
1731
1732 r = home_ratelimit(h, error);
1733 if (r < 0)
1734 return r;
1735
1736 /* If the user didn't specify any size explicitly and rebalancing is on, then the disk size is
1737 * determined by automatic rebalancing and hence not user configured but determined by us and thus
1738 * applied anyway. */
1739 if (disk_size == UINT64_MAX && h->record->rebalance_weight != REBALANCE_WEIGHT_OFF)
1740 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Disk size is being determined by automatic disk space rebalancing.");
1741
1742 if (disk_size == UINT64_MAX || disk_size == h->record->disk_size) {
1743 if (h->record->disk_size == UINT64_MAX)
1744 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "No disk size to resize to specified.");
1745
1746 c = user_record_ref(h->record); /* Shortcut if size is unspecified or matches the record */
1747 } else {
1748 _cleanup_(user_record_unrefp) UserRecord *signed_c = NULL;
1749
1750 if (h->signed_locally <= 0) /* Don't allow changing of records not signed only by us */
1751 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1752
1753 r = user_record_clone(h->record, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE, &c);
1754 if (r < 0)
1755 return r;
1756
1757 r = user_record_set_disk_size(c, disk_size);
1758 if (r == -ERANGE)
1759 return sd_bus_error_setf(error, BUS_ERROR_BAD_HOME_SIZE, "Requested size for home %s out of acceptable range.", h->user_name);
1760 if (r < 0)
1761 return r;
1762
1763 /* If user picked an explicit size, then turn off rebalancing, so that we don't undo what user chose */
1764 r = user_record_set_rebalance_weight(c, REBALANCE_WEIGHT_OFF);
1765 if (r < 0)
1766 return r;
1767
1768 r = user_record_update_last_changed(c, false);
1769 if (r == -ECHRNG)
1770 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Record last change time of %s is newer than current time, cannot update.", h->user_name);
1771 if (r < 0)
1772 return r;
1773
1774 r = manager_sign_user_record(h->manager, c, &signed_c, error);
1775 if (r < 0)
1776 return r;
1777
1778 user_record_unref(c);
1779 c = TAKE_PTR(signed_c);
1780 }
1781
1782 r = home_update_internal(h, automatic ? "resize-auto" : "resize", c, secret, error);
1783 if (r < 0)
1784 return r;
1785
1786 home_set_state(h, HOME_STATE_IS_ACTIVE(state) ? HOME_RESIZING_WHILE_ACTIVE : HOME_RESIZING);
1787 return 0;
1788 }
1789
1790 static int home_may_change_password(
1791 Home *h,
1792 sd_bus_error *error) {
1793
1794 int r;
1795
1796 assert(h);
1797
1798 r = user_record_test_password_change_required(h->record);
1799 if (IN_SET(r, -EKEYREVOKED, -EOWNERDEAD, -EKEYEXPIRED, -ESTALE))
1800 return 0; /* expired in some form, but changing is allowed */
1801 if (IN_SET(r, -EKEYREJECTED, -EROFS))
1802 return sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Expiration settings of account %s do not allow changing of password.", h->user_name);
1803 if (r < 0)
1804 return log_error_errno(r, "Failed to test password expiry: %m");
1805
1806 return 0; /* not expired */
1807 }
1808
1809 int home_passwd(Home *h,
1810 UserRecord *new_secret,
1811 UserRecord *old_secret,
1812 sd_bus_error *error) {
1813
1814 _cleanup_(user_record_unrefp) UserRecord *c = NULL, *merged_secret = NULL, *signed_c = NULL;
1815 HomeState state;
1816 int r;
1817
1818 assert(h);
1819
1820 if (h->signed_locally <= 0) /* Don't allow changing of records not signed only by us */
1821 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1822
1823 state = home_get_state(h);
1824 switch (state) {
1825 case HOME_UNFIXATED:
1826 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1827 case HOME_ABSENT:
1828 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1829 case HOME_LOCKED:
1830 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1831 case HOME_INACTIVE:
1832 case HOME_DIRTY:
1833 case HOME_ACTIVE:
1834 case HOME_LINGERING:
1835 break;
1836 default:
1837 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1838 }
1839
1840 r = home_ratelimit(h, error);
1841 if (r < 0)
1842 return r;
1843
1844 r = home_may_change_password(h, error);
1845 if (r < 0)
1846 return r;
1847
1848 r = user_record_clone(h->record, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE, &c);
1849 if (r < 0)
1850 return r;
1851
1852 merged_secret = user_record_new();
1853 if (!merged_secret)
1854 return -ENOMEM;
1855
1856 r = user_record_merge_secret(merged_secret, old_secret);
1857 if (r < 0)
1858 return r;
1859
1860 r = user_record_merge_secret(merged_secret, new_secret);
1861 if (r < 0)
1862 return r;
1863
1864 if (!strv_isempty(new_secret->password)) {
1865 /* Update the password only if one is specified, otherwise let's just reuse the old password
1866 * data. This is useful as a way to propagate updated user records into the LUKS backends
1867 * properly. */
1868
1869 r = user_record_make_hashed_password(c, new_secret->password, /* extend = */ false);
1870 if (r < 0)
1871 return r;
1872
1873 r = user_record_set_password_change_now(c, -1 /* remove */);
1874 if (r < 0)
1875 return r;
1876 }
1877
1878 r = user_record_update_last_changed(c, true);
1879 if (r == -ECHRNG)
1880 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Record last change time of %s is newer than current time, cannot update.", h->user_name);
1881 if (r < 0)
1882 return r;
1883
1884 r = manager_sign_user_record(h->manager, c, &signed_c, error);
1885 if (r < 0)
1886 return r;
1887
1888 if (c->enforce_password_policy == false)
1889 log_debug("Password quality check turned off for account, skipping.");
1890 else {
1891 r = user_record_quality_check_password(c, merged_secret, error);
1892 if (r < 0)
1893 return r;
1894 }
1895
1896 r = home_update_internal(h, "passwd", signed_c, merged_secret, error);
1897 if (r < 0)
1898 return r;
1899
1900 home_set_state(h, HOME_STATE_IS_ACTIVE(state) ? HOME_PASSWD_WHILE_ACTIVE : HOME_PASSWD);
1901 return 0;
1902 }
1903
1904 int home_unregister(Home *h, sd_bus_error *error) {
1905 int r;
1906
1907 assert(h);
1908
1909 switch (home_get_state(h)) {
1910 case HOME_UNFIXATED:
1911 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s is not registered.", h->user_name);
1912 case HOME_LOCKED:
1913 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1914 case HOME_ABSENT:
1915 case HOME_INACTIVE:
1916 case HOME_DIRTY:
1917 break;
1918 case HOME_ACTIVE:
1919 case HOME_LINGERING:
1920 default:
1921 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1922 }
1923
1924 r = home_unlink_record(h);
1925 if (r < 0)
1926 return r;
1927
1928 /* And destroy the whole entry. The caller needs to be prepared for that. */
1929 h = home_free(h);
1930 return 1;
1931 }
1932
1933 int home_lock(Home *h, sd_bus_error *error) {
1934 int r;
1935
1936 assert(h);
1937
1938 switch (home_get_state(h)) {
1939 case HOME_UNFIXATED:
1940 case HOME_ABSENT:
1941 case HOME_INACTIVE:
1942 case HOME_DIRTY:
1943 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s is not active.", h->user_name);
1944 case HOME_LOCKED:
1945 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is already locked.", h->user_name);
1946 case HOME_ACTIVE:
1947 case HOME_LINGERING:
1948 break;
1949 default:
1950 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1951 }
1952
1953 r = home_start_work(h, "lock", h->record, NULL);
1954 if (r < 0)
1955 return r;
1956
1957 home_set_state(h, HOME_LOCKING);
1958 return 0;
1959 }
1960
1961 static int home_unlock_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1962 int r;
1963
1964 assert(h);
1965 assert(IN_SET(for_state, HOME_UNLOCKING, HOME_UNLOCKING_FOR_ACQUIRE));
1966
1967 r = home_start_work(h, "unlock", h->record, secret);
1968 if (r < 0)
1969 return r;
1970
1971 home_set_state(h, for_state);
1972 return 0;
1973 }
1974
1975 int home_unlock(Home *h, UserRecord *secret, sd_bus_error *error) {
1976 int r;
1977 assert(h);
1978
1979 r = home_ratelimit(h, error);
1980 if (r < 0)
1981 return r;
1982
1983 switch (home_get_state(h)) {
1984 case HOME_UNFIXATED:
1985 case HOME_ABSENT:
1986 case HOME_INACTIVE:
1987 case HOME_ACTIVE:
1988 case HOME_LINGERING:
1989 case HOME_DIRTY:
1990 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_LOCKED, "Home %s is not locked.", h->user_name);
1991 case HOME_LOCKED:
1992 break;
1993 default:
1994 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1995 }
1996
1997 return home_unlock_internal(h, secret, HOME_UNLOCKING, error);
1998 }
1999
2000 HomeState home_get_state(Home *h) {
2001 int r;
2002 assert(h);
2003
2004 /* When the state field is initialized, it counts. */
2005 if (h->state >= 0)
2006 return h->state;
2007
2008 /* Otherwise, let's see if the home directory is mounted. If so, we assume for sure the home
2009 * directory is active */
2010 if (user_record_test_home_directory(h->record) == USER_TEST_MOUNTED)
2011 return h->retry_deactivate_event_source ? HOME_LINGERING : HOME_ACTIVE;
2012
2013 /* And if we see the image being gone, we report this as absent */
2014 r = user_record_test_image_path(h->record);
2015 if (r == USER_TEST_ABSENT)
2016 return HOME_ABSENT;
2017 if (r == USER_TEST_DIRTY)
2018 return HOME_DIRTY;
2019
2020 /* And for all other cases we return "inactive". */
2021 return HOME_INACTIVE;
2022 }
2023
2024 void home_process_notify(Home *h, char **l, int fd) {
2025 _cleanup_close_ int taken_fd = TAKE_FD(fd);
2026 const char *e;
2027 int error;
2028 int r;
2029
2030 assert(h);
2031
2032 e = strv_env_get(l, "SYSTEMD_LUKS_LOCK_FD");
2033 if (e) {
2034 r = parse_boolean(e);
2035 if (r < 0)
2036 return (void) log_debug_errno(r, "Failed to parse SYSTEMD_LUKS_LOCK_FD value: %m");
2037 if (r > 0) {
2038 if (taken_fd < 0)
2039 return (void) log_debug("Got notify message with SYSTEMD_LUKS_LOCK_FD=1 but no fd passed, ignoring: %m");
2040
2041 close_and_replace(h->luks_lock_fd, taken_fd);
2042
2043 log_debug("Successfully acquired LUKS lock fd from worker.");
2044
2045 /* Immediately check if we actually want to keep it */
2046 home_maybe_close_luks_lock_fd(h, _HOME_STATE_INVALID);
2047 } else {
2048 if (taken_fd >= 0)
2049 return (void) log_debug("Got notify message with SYSTEMD_LUKS_LOCK_FD=0 but fd passed, ignoring: %m");
2050
2051 h->luks_lock_fd = safe_close(h->luks_lock_fd);
2052 }
2053
2054 return;
2055 }
2056
2057 e = strv_env_get(l, "ERRNO");
2058 if (!e)
2059 return (void) log_debug("Got notify message lacking both ERRNO= and SYSTEMD_LUKS_LOCK_FD= field, ignoring.");
2060
2061 r = safe_atoi(e, &error);
2062 if (r < 0)
2063 return (void) log_debug_errno(r, "Failed to parse received error number, ignoring: %s", e);
2064 if (error <= 0)
2065 return (void) log_debug("Error number is out of range: %i", error);
2066
2067 h->worker_error_code = error;
2068 }
2069
2070 int home_killall(Home *h) {
2071 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2072 _cleanup_free_ char *unit = NULL;
2073 int r;
2074
2075 assert(h);
2076
2077 if (!uid_is_valid(h->uid))
2078 return 0;
2079
2080 assert(h->uid > 0); /* We never should be UID 0 */
2081
2082 /* Let's kill everything matching the specified UID */
2083 r = safe_fork("(sd-killer)",
2084 FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_WAIT|FORK_LOG|FORK_REOPEN_LOG,
2085 NULL);
2086 if (r < 0)
2087 return r;
2088 if (r == 0) {
2089 gid_t gid;
2090
2091 /* Child */
2092
2093 gid = user_record_gid(h->record);
2094 if (setresgid(gid, gid, gid) < 0) {
2095 log_error_errno(errno, "Failed to change GID to " GID_FMT ": %m", gid);
2096 _exit(EXIT_FAILURE);
2097 }
2098
2099 if (setgroups(0, NULL) < 0) {
2100 log_error_errno(errno, "Failed to reset auxiliary groups list: %m");
2101 _exit(EXIT_FAILURE);
2102 }
2103
2104 if (setresuid(h->uid, h->uid, h->uid) < 0) {
2105 log_error_errno(errno, "Failed to change UID to " UID_FMT ": %m", h->uid);
2106 _exit(EXIT_FAILURE);
2107 }
2108
2109 if (kill(-1, SIGKILL) < 0) {
2110 log_error_errno(errno, "Failed to kill all processes of UID " UID_FMT ": %m", h->uid);
2111 _exit(EXIT_FAILURE);
2112 }
2113
2114 _exit(EXIT_SUCCESS);
2115 }
2116
2117 /* Let's also kill everything in the user's slice */
2118 if (asprintf(&unit, "user-" UID_FMT ".slice", h->uid) < 0)
2119 return log_oom();
2120
2121 r = bus_call_method(h->manager->bus, bus_systemd_mgr, "KillUnit", &error, NULL, "ssi", unit, "all", SIGKILL);
2122 if (r < 0)
2123 log_full_errno(sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_UNIT) ? LOG_DEBUG : LOG_WARNING,
2124 r, "Failed to kill login processes of user, ignoring: %s", bus_error_message(&error, r));
2125
2126 return 1;
2127 }
2128
2129 static int home_get_disk_status_luks(
2130 Home *h,
2131 HomeState state,
2132 uint64_t *ret_disk_size,
2133 uint64_t *ret_disk_usage,
2134 uint64_t *ret_disk_free,
2135 uint64_t *ret_disk_ceiling,
2136 uint64_t *ret_disk_floor,
2137 statfs_f_type_t *ret_fstype,
2138 mode_t *ret_access_mode) {
2139
2140 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX,
2141 disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX,
2142 stat_used = UINT64_MAX, fs_size = UINT64_MAX, header_size = 0;
2143 mode_t access_mode = MODE_INVALID;
2144 statfs_f_type_t fstype = 0;
2145 struct statfs sfs;
2146 struct stat st;
2147 const char *hd;
2148 int r;
2149
2150 assert(h);
2151
2152 if (state != HOME_ABSENT) {
2153 const char *ip;
2154
2155 ip = user_record_image_path(h->record);
2156 if (ip) {
2157 if (stat(ip, &st) < 0)
2158 log_debug_errno(errno, "Failed to stat() %s, ignoring: %m", ip);
2159 else if (S_ISREG(st.st_mode)) {
2160 _cleanup_free_ char *parent = NULL;
2161
2162 disk_size = st.st_size;
2163 stat_used = st.st_blocks * 512;
2164
2165 r = path_extract_directory(ip, &parent);
2166 if (r < 0)
2167 return log_error_errno(r, "Failed to extract parent directory from image path '%s': %m", ip);
2168
2169 if (statfs(parent, &sfs) < 0)
2170 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", parent);
2171 else
2172 disk_ceiling = stat_used + sfs.f_bsize * sfs.f_bavail;
2173
2174 } else if (S_ISBLK(st.st_mode)) {
2175 _cleanup_free_ char *szbuf = NULL;
2176 char p[SYS_BLOCK_PATH_MAX("/size")];
2177
2178 /* Let's read the size off sysfs, so that we don't have to open the device */
2179 xsprintf_sys_block_path(p, "/size", st.st_rdev);
2180 r = read_one_line_file(p, &szbuf);
2181 if (r < 0)
2182 log_debug_errno(r, "Failed to read %s, ignoring: %m", p);
2183 else {
2184 uint64_t sz;
2185
2186 r = safe_atou64(szbuf, &sz);
2187 if (r < 0)
2188 log_debug_errno(r, "Failed to parse %s, ignoring: %s", p, szbuf);
2189 else
2190 disk_size = sz * 512;
2191 }
2192 } else
2193 log_debug("Image path is not a block device or regular file, not able to acquire size.");
2194 }
2195 }
2196
2197 if (!HOME_STATE_IS_ACTIVE(state))
2198 goto finish;
2199
2200 hd = user_record_home_directory(h->record);
2201 if (!hd)
2202 goto finish;
2203
2204 if (stat(hd, &st) < 0) {
2205 log_debug_errno(errno, "Failed to stat() %s, ignoring: %m", hd);
2206 goto finish;
2207 }
2208
2209 r = stat_verify_directory(&st);
2210 if (r < 0) {
2211 log_debug_errno(r, "Home directory %s is not a directory, ignoring: %m", hd);
2212 goto finish;
2213 }
2214
2215 access_mode = st.st_mode & 07777;
2216
2217 if (statfs(hd, &sfs) < 0) {
2218 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", hd);
2219 goto finish;
2220 }
2221
2222 fstype = sfs.f_type;
2223
2224 disk_free = sfs.f_bsize * sfs.f_bavail;
2225 fs_size = sfs.f_bsize * sfs.f_blocks;
2226 if (disk_size != UINT64_MAX && disk_size > fs_size)
2227 header_size = disk_size - fs_size;
2228
2229 /* We take a perspective from the user here (as opposed to from the host): the used disk space is the
2230 * difference from the limit and what's free. This makes a difference if sparse mode is not used: in
2231 * that case the image is pre-allocated and thus appears all used from the host PoV but is not used
2232 * up at all yet from the user's PoV.
2233 *
2234 * That said, we use the stat() reported loopback file size as upper boundary: our footprint can
2235 * never be larger than what we take up on the lowest layers. */
2236
2237 if (disk_size != UINT64_MAX && disk_size > disk_free) {
2238 disk_usage = disk_size - disk_free;
2239
2240 if (stat_used != UINT64_MAX && disk_usage > stat_used)
2241 disk_usage = stat_used;
2242 } else
2243 disk_usage = stat_used;
2244
2245 /* If we have the magic, determine floor preferably by magic */
2246 disk_floor = minimal_size_by_fs_magic(sfs.f_type) + header_size;
2247
2248 finish:
2249 /* If we don't know the magic, go by file system name */
2250 if (disk_floor == UINT64_MAX)
2251 disk_floor = minimal_size_by_fs_name(user_record_file_system_type(h->record));
2252
2253 if (ret_disk_size)
2254 *ret_disk_size = disk_size;
2255 if (ret_disk_usage)
2256 *ret_disk_usage = disk_usage;
2257 if (ret_disk_free)
2258 *ret_disk_free = disk_free;
2259 if (ret_disk_ceiling)
2260 *ret_disk_ceiling = disk_ceiling;
2261 if (ret_disk_floor)
2262 *ret_disk_floor = disk_floor;
2263 if (ret_fstype)
2264 *ret_fstype = fstype;
2265 if (ret_access_mode)
2266 *ret_access_mode = access_mode;
2267
2268 return 0;
2269 }
2270
2271 static int home_get_disk_status_directory(
2272 Home *h,
2273 HomeState state,
2274 uint64_t *ret_disk_size,
2275 uint64_t *ret_disk_usage,
2276 uint64_t *ret_disk_free,
2277 uint64_t *ret_disk_ceiling,
2278 uint64_t *ret_disk_floor,
2279 statfs_f_type_t *ret_fstype,
2280 mode_t *ret_access_mode) {
2281
2282 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX,
2283 disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX;
2284 mode_t access_mode = MODE_INVALID;
2285 statfs_f_type_t fstype = 0;
2286 struct statfs sfs;
2287 struct dqblk req;
2288 const char *path = NULL;
2289 int r;
2290
2291 assert(h);
2292
2293 if (HOME_STATE_IS_ACTIVE(state))
2294 path = user_record_home_directory(h->record);
2295
2296 if (!path) {
2297 if (state == HOME_ABSENT)
2298 goto finish;
2299
2300 path = user_record_image_path(h->record);
2301 }
2302
2303 if (!path)
2304 goto finish;
2305
2306 if (statfs(path, &sfs) < 0)
2307 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", path);
2308 else {
2309 disk_free = sfs.f_bsize * sfs.f_bavail;
2310 disk_size = sfs.f_bsize * sfs.f_blocks;
2311
2312 /* We don't initialize disk_usage from statfs() data here, since the device is likely not used
2313 * by us alone, and disk_usage should only reflect our own use. */
2314
2315 fstype = sfs.f_type;
2316 }
2317
2318 if (IN_SET(h->record->storage, USER_CLASSIC, USER_DIRECTORY, USER_SUBVOLUME)) {
2319
2320 r = btrfs_is_subvol(path);
2321 if (r < 0)
2322 log_debug_errno(r, "Failed to determine whether %s is a btrfs subvolume: %m", path);
2323 else if (r > 0) {
2324 BtrfsQuotaInfo qi;
2325
2326 r = btrfs_subvol_get_subtree_quota(path, 0, &qi);
2327 if (r < 0)
2328 log_debug_errno(r, "Failed to query btrfs subtree quota, ignoring: %m");
2329 else {
2330 disk_usage = qi.referenced;
2331
2332 if (disk_free != UINT64_MAX) {
2333 disk_ceiling = qi.referenced + disk_free;
2334
2335 if (disk_size != UINT64_MAX && disk_ceiling > disk_size)
2336 disk_ceiling = disk_size;
2337 }
2338
2339 if (qi.referenced_max != UINT64_MAX) {
2340 if (disk_size != UINT64_MAX)
2341 disk_size = MIN(qi.referenced_max, disk_size);
2342 else
2343 disk_size = qi.referenced_max;
2344 }
2345
2346 if (disk_size != UINT64_MAX) {
2347 if (disk_size > disk_usage)
2348 disk_free = disk_size - disk_usage;
2349 else
2350 disk_free = 0;
2351 }
2352 }
2353
2354 goto finish;
2355 }
2356 }
2357
2358 if (IN_SET(h->record->storage, USER_CLASSIC, USER_DIRECTORY, USER_FSCRYPT)) {
2359 r = quotactl_path(QCMD_FIXED(Q_GETQUOTA, USRQUOTA), path, h->uid, &req);
2360 if (r < 0) {
2361 if (ERRNO_IS_NOT_SUPPORTED(r)) {
2362 log_debug_errno(r, "No UID quota support on %s.", path);
2363 goto finish;
2364 }
2365
2366 if (r != -ESRCH) {
2367 log_debug_errno(r, "Failed to query disk quota for UID " UID_FMT ": %m", h->uid);
2368 goto finish;
2369 }
2370
2371 disk_usage = 0; /* No record of this user? then nothing was used */
2372 } else {
2373 if (FLAGS_SET(req.dqb_valid, QIF_SPACE) && disk_free != UINT64_MAX) {
2374 disk_ceiling = req.dqb_curspace + disk_free;
2375
2376 if (disk_size != UINT64_MAX && disk_ceiling > disk_size)
2377 disk_ceiling = disk_size;
2378 }
2379
2380 if (FLAGS_SET(req.dqb_valid, QIF_BLIMITS)) {
2381 uint64_t q;
2382
2383 /* Take the minimum of the quota and the available disk space here */
2384 q = req.dqb_bhardlimit * QIF_DQBLKSIZE;
2385 if (disk_size != UINT64_MAX)
2386 disk_size = MIN(disk_size, q);
2387 else
2388 disk_size = q;
2389 }
2390 if (FLAGS_SET(req.dqb_valid, QIF_SPACE)) {
2391 disk_usage = req.dqb_curspace;
2392
2393 if (disk_size != UINT64_MAX) {
2394 if (disk_size > disk_usage)
2395 disk_free = disk_size - disk_usage;
2396 else
2397 disk_free = 0;
2398 }
2399 }
2400 }
2401 }
2402
2403 finish:
2404 if (ret_disk_size)
2405 *ret_disk_size = disk_size;
2406 if (ret_disk_usage)
2407 *ret_disk_usage = disk_usage;
2408 if (ret_disk_free)
2409 *ret_disk_free = disk_free;
2410 if (ret_disk_ceiling)
2411 *ret_disk_ceiling = disk_ceiling;
2412 if (ret_disk_floor)
2413 *ret_disk_floor = disk_floor;
2414 if (ret_fstype)
2415 *ret_fstype = fstype;
2416 if (ret_access_mode)
2417 *ret_access_mode = access_mode;
2418
2419 return 0;
2420 }
2421
2422 static int home_get_disk_status_internal(
2423 Home *h,
2424 HomeState state,
2425 uint64_t *ret_disk_size,
2426 uint64_t *ret_disk_usage,
2427 uint64_t *ret_disk_free,
2428 uint64_t *ret_disk_ceiling,
2429 uint64_t *ret_disk_floor,
2430 statfs_f_type_t *ret_fstype,
2431 mode_t *ret_access_mode) {
2432
2433 assert(h);
2434 assert(h->record);
2435
2436 switch (h->record->storage) {
2437
2438 case USER_LUKS:
2439 return home_get_disk_status_luks(h, state, ret_disk_size, ret_disk_usage, ret_disk_free, ret_disk_ceiling, ret_disk_floor, ret_fstype, ret_access_mode);
2440
2441 case USER_CLASSIC:
2442 case USER_DIRECTORY:
2443 case USER_SUBVOLUME:
2444 case USER_FSCRYPT:
2445 case USER_CIFS:
2446 return home_get_disk_status_directory(h, state, ret_disk_size, ret_disk_usage, ret_disk_free, ret_disk_ceiling, ret_disk_floor, ret_fstype, ret_access_mode);
2447
2448 default:
2449 /* don't know */
2450
2451 if (ret_disk_size)
2452 *ret_disk_size = UINT64_MAX;
2453 if (ret_disk_usage)
2454 *ret_disk_usage = UINT64_MAX;
2455 if (ret_disk_free)
2456 *ret_disk_free = UINT64_MAX;
2457 if (ret_disk_ceiling)
2458 *ret_disk_ceiling = UINT64_MAX;
2459 if (ret_disk_floor)
2460 *ret_disk_floor = UINT64_MAX;
2461 if (ret_fstype)
2462 *ret_fstype = 0;
2463 if (ret_access_mode)
2464 *ret_access_mode = MODE_INVALID;
2465
2466 return 0;
2467 }
2468 }
2469
2470 int home_get_disk_status(
2471 Home *h,
2472 uint64_t *ret_disk_size,
2473 uint64_t *ret_disk_usage,
2474 uint64_t *ret_disk_free,
2475 uint64_t *ret_disk_ceiling,
2476 uint64_t *ret_disk_floor,
2477 statfs_f_type_t *ret_fstype,
2478 mode_t *ret_access_mode) {
2479
2480 assert(h);
2481
2482 return home_get_disk_status_internal(
2483 h,
2484 home_get_state(h),
2485 ret_disk_size,
2486 ret_disk_usage,
2487 ret_disk_free,
2488 ret_disk_ceiling,
2489 ret_disk_floor,
2490 ret_fstype,
2491 ret_access_mode);
2492 }
2493
2494 int home_augment_status(
2495 Home *h,
2496 UserRecordLoadFlags flags,
2497 UserRecord **ret) {
2498
2499 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX, disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX;
2500 _cleanup_(json_variant_unrefp) JsonVariant *j = NULL, *v = NULL, *m = NULL, *status = NULL;
2501 _cleanup_(user_record_unrefp) UserRecord *ur = NULL;
2502 statfs_f_type_t magic;
2503 const char *fstype;
2504 mode_t access_mode;
2505 HomeState state;
2506 sd_id128_t id;
2507 int r;
2508
2509 assert(h);
2510 assert(ret);
2511
2512 /* We are supposed to add this, this can't be on hence. */
2513 assert(!FLAGS_SET(flags, USER_RECORD_STRIP_STATUS));
2514
2515 r = sd_id128_get_machine(&id);
2516 if (r < 0)
2517 return r;
2518
2519 state = home_get_state(h);
2520
2521 r = home_get_disk_status_internal(
2522 h, state,
2523 &disk_size,
2524 &disk_usage,
2525 &disk_free,
2526 &disk_ceiling,
2527 &disk_floor,
2528 &magic,
2529 &access_mode);
2530 if (r < 0)
2531 return r;
2532
2533 fstype = fs_type_to_string(magic);
2534
2535 if (disk_floor == UINT64_MAX || (disk_usage != UINT64_MAX && disk_floor < disk_usage))
2536 disk_floor = disk_usage;
2537 if (disk_floor == UINT64_MAX || disk_floor < USER_DISK_SIZE_MIN)
2538 disk_floor = USER_DISK_SIZE_MIN;
2539 if (disk_ceiling == UINT64_MAX || disk_ceiling > USER_DISK_SIZE_MAX)
2540 disk_ceiling = USER_DISK_SIZE_MAX;
2541
2542 r = json_build(&status,
2543 JSON_BUILD_OBJECT(
2544 JSON_BUILD_PAIR("state", JSON_BUILD_STRING(home_state_to_string(state))),
2545 JSON_BUILD_PAIR("service", JSON_BUILD_CONST_STRING("io.systemd.Home")),
2546 JSON_BUILD_PAIR_CONDITION(disk_size != UINT64_MAX, "diskSize", JSON_BUILD_UNSIGNED(disk_size)),
2547 JSON_BUILD_PAIR_CONDITION(disk_usage != UINT64_MAX, "diskUsage", JSON_BUILD_UNSIGNED(disk_usage)),
2548 JSON_BUILD_PAIR_CONDITION(disk_free != UINT64_MAX, "diskFree", JSON_BUILD_UNSIGNED(disk_free)),
2549 JSON_BUILD_PAIR_CONDITION(disk_ceiling != UINT64_MAX, "diskCeiling", JSON_BUILD_UNSIGNED(disk_ceiling)),
2550 JSON_BUILD_PAIR_CONDITION(disk_floor != UINT64_MAX, "diskFloor", JSON_BUILD_UNSIGNED(disk_floor)),
2551 JSON_BUILD_PAIR_CONDITION(h->signed_locally >= 0, "signedLocally", JSON_BUILD_BOOLEAN(h->signed_locally)),
2552 JSON_BUILD_PAIR_CONDITION(fstype, "fileSystemType", JSON_BUILD_STRING(fstype)),
2553 JSON_BUILD_PAIR_CONDITION(access_mode != MODE_INVALID, "accessMode", JSON_BUILD_UNSIGNED(access_mode))
2554 ));
2555 if (r < 0)
2556 return r;
2557
2558 j = json_variant_ref(h->record->json);
2559 v = json_variant_ref(json_variant_by_key(j, "status"));
2560 m = json_variant_ref(json_variant_by_key(v, SD_ID128_TO_STRING(id)));
2561
2562 r = json_variant_filter(&m, STRV_MAKE("diskSize", "diskUsage", "diskFree", "diskCeiling", "diskFloor", "signedLocally"));
2563 if (r < 0)
2564 return r;
2565
2566 r = json_variant_merge(&m, status);
2567 if (r < 0)
2568 return r;
2569
2570 r = json_variant_set_field(&v, SD_ID128_TO_STRING(id), m);
2571 if (r < 0)
2572 return r;
2573
2574 r = json_variant_set_field(&j, "status", v);
2575 if (r < 0)
2576 return r;
2577
2578 ur = user_record_new();
2579 if (!ur)
2580 return -ENOMEM;
2581
2582 r = user_record_load(ur, j, flags);
2583 if (r < 0)
2584 return r;
2585
2586 ur->incomplete =
2587 FLAGS_SET(h->record->mask, USER_RECORD_PRIVILEGED) &&
2588 !FLAGS_SET(ur->mask, USER_RECORD_PRIVILEGED);
2589
2590 *ret = TAKE_PTR(ur);
2591 return 0;
2592 }
2593
2594 static int on_home_ref_eof(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
2595 _cleanup_(operation_unrefp) Operation *o = NULL;
2596 Home *h = ASSERT_PTR(userdata);
2597
2598 assert(s);
2599
2600 if (h->ref_event_source_please_suspend == s)
2601 h->ref_event_source_please_suspend = sd_event_source_disable_unref(h->ref_event_source_please_suspend);
2602
2603 if (h->ref_event_source_dont_suspend == s)
2604 h->ref_event_source_dont_suspend = sd_event_source_disable_unref(h->ref_event_source_dont_suspend);
2605
2606 if (h->ref_event_source_dont_suspend || h->ref_event_source_please_suspend)
2607 return 0;
2608
2609 log_info("Got notification that all sessions of user %s ended, deactivating automatically.", h->user_name);
2610
2611 o = operation_new(OPERATION_PIPE_EOF, NULL);
2612 if (!o) {
2613 log_oom();
2614 return 0;
2615 }
2616
2617 home_schedule_operation(h, o, NULL);
2618 return 0;
2619 }
2620
2621 int home_create_fifo(Home *h, bool please_suspend) {
2622 _cleanup_close_ int ret_fd = -EBADF;
2623 sd_event_source **ss;
2624 const char *fn, *suffix;
2625 int r;
2626
2627 assert(h);
2628
2629 if (please_suspend) {
2630 suffix = ".please-suspend";
2631 ss = &h->ref_event_source_please_suspend;
2632 } else {
2633 suffix = ".dont-suspend";
2634 ss = &h->ref_event_source_dont_suspend;
2635 }
2636
2637 fn = strjoina("/run/systemd/home/", h->user_name, suffix);
2638
2639 if (!*ss) {
2640 _cleanup_close_ int ref_fd = -EBADF;
2641
2642 (void) mkdir("/run/systemd/home/", 0755);
2643 if (mkfifo(fn, 0600) < 0 && errno != EEXIST)
2644 return log_error_errno(errno, "Failed to create FIFO %s: %m", fn);
2645
2646 ref_fd = open(fn, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
2647 if (ref_fd < 0)
2648 return log_error_errno(errno, "Failed to open FIFO %s for reading: %m", fn);
2649
2650 r = sd_event_add_io(h->manager->event, ss, ref_fd, 0, on_home_ref_eof, h);
2651 if (r < 0)
2652 return log_error_errno(r, "Failed to allocate reference FIFO event source: %m");
2653
2654 (void) sd_event_source_set_description(*ss, "acquire-ref");
2655
2656 r = sd_event_source_set_priority(*ss, SD_EVENT_PRIORITY_IDLE-1);
2657 if (r < 0)
2658 return r;
2659
2660 r = sd_event_source_set_io_fd_own(*ss, true);
2661 if (r < 0)
2662 return log_error_errno(r, "Failed to pass ownership of FIFO event fd to event source: %m");
2663
2664 TAKE_FD(ref_fd);
2665 }
2666
2667 ret_fd = open(fn, O_WRONLY|O_CLOEXEC|O_NONBLOCK);
2668 if (ret_fd < 0)
2669 return log_error_errno(errno, "Failed to open FIFO %s for writing: %m", fn);
2670
2671 return TAKE_FD(ret_fd);
2672 }
2673
2674 static int home_dispatch_acquire(Home *h, Operation *o) {
2675 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2676 int (*call)(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) = NULL;
2677 HomeState for_state;
2678 int r;
2679
2680 assert(h);
2681 assert(o);
2682 assert(o->type == OPERATION_ACQUIRE);
2683
2684 assert(!h->current_operation);
2685
2686 switch (home_get_state(h)) {
2687
2688 case HOME_UNFIXATED:
2689 for_state = HOME_FIXATING_FOR_ACQUIRE;
2690 call = home_fixate_internal;
2691 break;
2692
2693 case HOME_ABSENT:
2694 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_ABSENT,
2695 "Home %s is currently missing or not plugged in.", h->user_name);
2696 goto check;
2697
2698 case HOME_INACTIVE:
2699 case HOME_DIRTY:
2700 for_state = HOME_ACTIVATING_FOR_ACQUIRE;
2701 call = home_activate_internal;
2702 break;
2703
2704 case HOME_ACTIVE:
2705 case HOME_LINGERING:
2706 for_state = HOME_AUTHENTICATING_FOR_ACQUIRE;
2707 call = home_authenticate_internal;
2708 break;
2709
2710 case HOME_LOCKED:
2711 for_state = HOME_UNLOCKING_FOR_ACQUIRE;
2712 call = home_unlock_internal;
2713 break;
2714
2715 default:
2716 /* All other cases means we are currently executing an operation, which means the job remains
2717 * pending. */
2718 return 0;
2719 }
2720
2721 r = home_ratelimit(h, &error);
2722 if (r >= 0)
2723 r = call(h, o->secret, for_state, &error);
2724
2725 check:
2726 if (r != 0) /* failure or completed */
2727 operation_result(o, r, &error);
2728 else /* ongoing */
2729 h->current_operation = operation_ref(o);
2730
2731 return 1;
2732 }
2733
2734 static int home_dispatch_release(Home *h, Operation *o) {
2735 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2736 int r;
2737
2738 assert(h);
2739 assert(o);
2740 assert(o->type == OPERATION_RELEASE);
2741
2742 if (h->ref_event_source_dont_suspend || h->ref_event_source_please_suspend)
2743 /* If there's now a reference again, then let's abort the release attempt */
2744 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_BUSY, "Home %s is currently referenced.", h->user_name);
2745 else {
2746 switch (home_get_state(h)) {
2747
2748 case HOME_UNFIXATED:
2749 case HOME_ABSENT:
2750 case HOME_INACTIVE:
2751 case HOME_DIRTY:
2752 r = 1; /* done */
2753 break;
2754
2755 case HOME_LOCKED:
2756 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
2757 break;
2758
2759 case HOME_ACTIVE:
2760 case HOME_LINGERING:
2761 r = home_deactivate_internal(h, false, &error);
2762 break;
2763
2764 default:
2765 /* All other cases means we are currently executing an operation, which means the job remains
2766 * pending. */
2767 return 0;
2768 }
2769 }
2770
2771 assert(!h->current_operation);
2772
2773 if (r != 0) /* failure or completed */
2774 operation_result(o, r, &error);
2775 else /* ongoing */
2776 h->current_operation = operation_ref(o);
2777
2778 return 1;
2779 }
2780
2781 static int home_dispatch_lock_all(Home *h, Operation *o) {
2782 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2783 int r;
2784
2785 assert(h);
2786 assert(o);
2787 assert(o->type == OPERATION_LOCK_ALL);
2788
2789 switch (home_get_state(h)) {
2790
2791 case HOME_UNFIXATED:
2792 case HOME_ABSENT:
2793 case HOME_INACTIVE:
2794 case HOME_DIRTY:
2795 log_info("Home %s is not active, no locking necessary.", h->user_name);
2796 r = 1; /* done */
2797 break;
2798
2799 case HOME_LOCKED:
2800 log_info("Home %s is already locked.", h->user_name);
2801 r = 1; /* done */
2802 break;
2803
2804 case HOME_ACTIVE:
2805 case HOME_LINGERING:
2806 log_info("Locking home %s.", h->user_name);
2807 r = home_lock(h, &error);
2808 break;
2809
2810 default:
2811 /* All other cases means we are currently executing an operation, which means the job remains
2812 * pending. */
2813 return 0;
2814 }
2815
2816 assert(!h->current_operation);
2817
2818 if (r != 0) /* failure or completed */
2819 operation_result(o, r, &error);
2820 else /* ongoing */
2821 h->current_operation = operation_ref(o);
2822
2823 return 1;
2824 }
2825
2826 static int home_dispatch_deactivate_all(Home *h, Operation *o) {
2827 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2828 int r;
2829
2830 assert(h);
2831 assert(o);
2832 assert(o->type == OPERATION_DEACTIVATE_ALL);
2833
2834 switch (home_get_state(h)) {
2835
2836 case HOME_UNFIXATED:
2837 case HOME_ABSENT:
2838 case HOME_INACTIVE:
2839 case HOME_DIRTY:
2840 log_info("Home %s is already deactivated.", h->user_name);
2841 r = 1; /* done */
2842 break;
2843
2844 case HOME_LOCKED:
2845 log_info("Home %s is currently locked, not deactivating.", h->user_name);
2846 r = 1; /* done */
2847 break;
2848
2849 case HOME_ACTIVE:
2850 case HOME_LINGERING:
2851 log_info("Deactivating home %s.", h->user_name);
2852 r = home_deactivate_internal(h, false, &error);
2853 break;
2854
2855 default:
2856 /* All other cases means we are currently executing an operation, which means the job remains
2857 * pending. */
2858 return 0;
2859 }
2860
2861 assert(!h->current_operation);
2862
2863 if (r != 0) /* failure or completed */
2864 operation_result(o, r, &error);
2865 else /* ongoing */
2866 h->current_operation = operation_ref(o);
2867
2868 return 1;
2869 }
2870
2871 static int home_dispatch_pipe_eof(Home *h, Operation *o) {
2872 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2873 int r;
2874
2875 assert(h);
2876 assert(o);
2877 assert(o->type == OPERATION_PIPE_EOF);
2878
2879 if (h->ref_event_source_please_suspend || h->ref_event_source_dont_suspend)
2880 return 1; /* Hmm, there's a reference again, let's cancel this */
2881
2882 switch (home_get_state(h)) {
2883
2884 case HOME_UNFIXATED:
2885 case HOME_ABSENT:
2886 case HOME_INACTIVE:
2887 case HOME_DIRTY:
2888 log_info("Home %s already deactivated, no automatic deactivation needed.", h->user_name);
2889 break;
2890
2891 case HOME_DEACTIVATING:
2892 log_info("Home %s is already being deactivated, automatic deactivated unnecessary.", h->user_name);
2893 break;
2894
2895 case HOME_ACTIVE:
2896 case HOME_LINGERING:
2897 r = home_deactivate_internal(h, false, &error);
2898 if (r < 0)
2899 log_warning_errno(r, "Failed to deactivate %s, ignoring: %s", h->user_name, bus_error_message(&error, r));
2900 break;
2901
2902 case HOME_LOCKED:
2903 default:
2904 /* If the device is locked or any operation is being executed, let's leave this pending */
2905 return 0;
2906 }
2907
2908 /* Note that we don't call operation_fail() or operation_success() here, because this kind of
2909 * operation has no message associated with it, and thus there's no need to propagate success. */
2910
2911 assert(!o->message);
2912 return 1;
2913 }
2914
2915 static int home_dispatch_deactivate_force(Home *h, Operation *o) {
2916 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2917 int r;
2918
2919 assert(h);
2920 assert(o);
2921 assert(o->type == OPERATION_DEACTIVATE_FORCE);
2922
2923 switch (home_get_state(h)) {
2924
2925 case HOME_UNFIXATED:
2926 case HOME_ABSENT:
2927 case HOME_INACTIVE:
2928 case HOME_DIRTY:
2929 log_debug("Home %s already deactivated, no forced deactivation due to unplug needed.", h->user_name);
2930 break;
2931
2932 case HOME_DEACTIVATING:
2933 log_debug("Home %s is already being deactivated, forced deactivation due to unplug unnecessary.", h->user_name);
2934 break;
2935
2936 case HOME_ACTIVE:
2937 case HOME_LOCKED:
2938 case HOME_LINGERING:
2939 r = home_deactivate_internal(h, true, &error);
2940 if (r < 0)
2941 log_warning_errno(r, "Failed to forcibly deactivate %s, ignoring: %s", h->user_name, bus_error_message(&error, r));
2942 break;
2943
2944 default:
2945 /* If any operation is being executed, let's leave this pending */
2946 return 0;
2947 }
2948
2949 /* Note that we don't call operation_fail() or operation_success() here, because this kind of
2950 * operation has no message associated with it, and thus there's no need to propagate success. */
2951
2952 assert(!o->message);
2953 return 1;
2954 }
2955
2956 static int on_pending(sd_event_source *s, void *userdata) {
2957 Home *h = ASSERT_PTR(userdata);
2958 Operation *o;
2959 int r;
2960
2961 assert(s);
2962
2963 o = ordered_set_first(h->pending_operations);
2964 if (o) {
2965 static int (* const operation_table[_OPERATION_MAX])(Home *h, Operation *o) = {
2966 [OPERATION_ACQUIRE] = home_dispatch_acquire,
2967 [OPERATION_RELEASE] = home_dispatch_release,
2968 [OPERATION_LOCK_ALL] = home_dispatch_lock_all,
2969 [OPERATION_DEACTIVATE_ALL] = home_dispatch_deactivate_all,
2970 [OPERATION_PIPE_EOF] = home_dispatch_pipe_eof,
2971 [OPERATION_DEACTIVATE_FORCE] = home_dispatch_deactivate_force,
2972 };
2973
2974 assert(operation_table[o->type]);
2975 r = operation_table[o->type](h, o);
2976 if (r != 0) {
2977 /* The operation completed, let's remove it from the pending list, and exit while
2978 * leaving the event source enabled as it is. */
2979 assert_se(ordered_set_remove(h->pending_operations, o) == o);
2980 operation_unref(o);
2981 return 0;
2982 }
2983 }
2984
2985 /* Nothing to do anymore, let's turn off this event source */
2986 r = sd_event_source_set_enabled(s, SD_EVENT_OFF);
2987 if (r < 0)
2988 return log_error_errno(r, "Failed to disable event source: %m");
2989
2990 /* No operations pending anymore, maybe this is a good time to trigger a rebalancing */
2991 manager_reschedule_rebalance(h->manager);
2992 return 0;
2993 }
2994
2995 int home_schedule_operation(Home *h, Operation *o, sd_bus_error *error) {
2996 int r;
2997
2998 assert(h);
2999
3000 if (o) {
3001 if (ordered_set_size(h->pending_operations) >= PENDING_OPERATIONS_MAX)
3002 return sd_bus_error_set(error, BUS_ERROR_TOO_MANY_OPERATIONS, "Too many client operations requested");
3003
3004 r = ordered_set_ensure_put(&h->pending_operations, &operation_hash_ops, o);
3005 if (r < 0)
3006 return r;
3007
3008 operation_ref(o);
3009 }
3010
3011 if (!h->pending_event_source) {
3012 r = sd_event_add_defer(h->manager->event, &h->pending_event_source, on_pending, h);
3013 if (r < 0)
3014 return log_error_errno(r, "Failed to allocate pending defer event source: %m");
3015
3016 (void) sd_event_source_set_description(h->pending_event_source, "pending");
3017
3018 r = sd_event_source_set_priority(h->pending_event_source, SD_EVENT_PRIORITY_IDLE);
3019 if (r < 0)
3020 return r;
3021 }
3022
3023 r = sd_event_source_set_enabled(h->pending_event_source, SD_EVENT_ON);
3024 if (r < 0)
3025 return log_error_errno(r, "Failed to trigger pending event source: %m");
3026
3027 return 0;
3028 }
3029
3030 static int home_get_image_path_seat(Home *h, char **ret) {
3031 _cleanup_(sd_device_unrefp) sd_device *d = NULL;
3032 _cleanup_free_ char *c = NULL;
3033 const char *ip, *seat;
3034 struct stat st;
3035 int r;
3036
3037 assert(h);
3038
3039 if (user_record_storage(h->record) != USER_LUKS)
3040 return -ENXIO;
3041
3042 ip = user_record_image_path(h->record);
3043 if (!ip)
3044 return -ENXIO;
3045
3046 if (!path_startswith(ip, "/dev/"))
3047 return -ENXIO;
3048
3049 if (stat(ip, &st) < 0)
3050 return -errno;
3051
3052 if (!S_ISBLK(st.st_mode))
3053 return -ENOTBLK;
3054
3055 r = sd_device_new_from_stat_rdev(&d, &st);
3056 if (r < 0)
3057 return r;
3058
3059 r = sd_device_get_property_value(d, "ID_SEAT", &seat);
3060 if (r == -ENOENT) /* no property means seat0 */
3061 seat = "seat0";
3062 else if (r < 0)
3063 return r;
3064
3065 c = strdup(seat);
3066 if (!c)
3067 return -ENOMEM;
3068
3069 *ret = TAKE_PTR(c);
3070 return 0;
3071 }
3072
3073 int home_auto_login(Home *h, char ***ret_seats) {
3074 _cleanup_free_ char *seat = NULL, *seat2 = NULL;
3075
3076 assert(h);
3077 assert(ret_seats);
3078
3079 (void) home_get_image_path_seat(h, &seat);
3080
3081 if (h->record->auto_login > 0 && !streq_ptr(seat, "seat0")) {
3082 /* For now, when the auto-login boolean is set for a user, let's make it mean
3083 * "seat0". Eventually we can extend the concept and allow configuration of any kind of seat,
3084 * but let's keep simple initially, most likely the feature is interesting on single-user
3085 * systems anyway, only.
3086 *
3087 * We filter out users marked for auto-login in we know for sure their home directory is
3088 * absent. */
3089
3090 if (user_record_test_image_path(h->record) != USER_TEST_ABSENT) {
3091 seat2 = strdup("seat0");
3092 if (!seat2)
3093 return -ENOMEM;
3094 }
3095 }
3096
3097 if (seat || seat2) {
3098 _cleanup_strv_free_ char **list = NULL;
3099 size_t i = 0;
3100
3101 list = new(char*, 3);
3102 if (!list)
3103 return -ENOMEM;
3104
3105 if (seat)
3106 list[i++] = TAKE_PTR(seat);
3107 if (seat2)
3108 list[i++] = TAKE_PTR(seat2);
3109
3110 list[i] = NULL;
3111 *ret_seats = TAKE_PTR(list);
3112 return 1;
3113 }
3114
3115 *ret_seats = NULL;
3116 return 0;
3117 }
3118
3119 int home_set_current_message(Home *h, sd_bus_message *m) {
3120 assert(h);
3121
3122 if (!m)
3123 return 0;
3124
3125 if (h->current_operation)
3126 return -EBUSY;
3127
3128 h->current_operation = operation_new(OPERATION_IMMEDIATE, m);
3129 if (!h->current_operation)
3130 return -ENOMEM;
3131
3132 return 1;
3133 }
3134
3135 int home_wait_for_worker(Home *h) {
3136 int r;
3137
3138 assert(h);
3139
3140 if (h->worker_pid <= 0)
3141 return 0;
3142
3143 log_info("Worker process for home %s is still running while exiting. Waiting for it to finish.", h->user_name);
3144
3145 r = wait_for_terminate_with_timeout(h->worker_pid, 30 * USEC_PER_SEC);
3146 if (r == -ETIMEDOUT)
3147 log_warning_errno(r, "Waiting for worker process for home %s timed out. Ignoring.", h->user_name);
3148 else
3149 log_warning_errno(r, "Failed to wait for worker process for home %s. Ignoring.", h->user_name);
3150
3151 (void) hashmap_remove_value(h->manager->homes_by_worker_pid, PID_TO_PTR(h->worker_pid), h);
3152 h->worker_pid = 0;
3153 return 1;
3154 }
3155
3156 bool home_shall_rebalance(Home *h) {
3157 HomeState state;
3158
3159 assert(h);
3160
3161 /* Determines if the home directory is a candidate for rebalancing */
3162
3163 if (!user_record_shall_rebalance(h->record))
3164 return false;
3165
3166 state = home_get_state(h);
3167 if (!HOME_STATE_SHALL_REBALANCE(state))
3168 return false;
3169
3170 return true;
3171 }
3172
3173 bool home_is_busy(Home *h) {
3174 assert(h);
3175
3176 if (h->current_operation)
3177 return true;
3178
3179 if (!ordered_set_isempty(h->pending_operations))
3180 return true;
3181
3182 return HOME_STATE_IS_EXECUTING_OPERATION(home_get_state(h));
3183 }
3184
3185 static const char* const home_state_table[_HOME_STATE_MAX] = {
3186 [HOME_UNFIXATED] = "unfixated",
3187 [HOME_ABSENT] = "absent",
3188 [HOME_INACTIVE] = "inactive",
3189 [HOME_DIRTY] = "dirty",
3190 [HOME_FIXATING] = "fixating",
3191 [HOME_FIXATING_FOR_ACTIVATION] = "fixating-for-activation",
3192 [HOME_FIXATING_FOR_ACQUIRE] = "fixating-for-acquire",
3193 [HOME_ACTIVATING] = "activating",
3194 [HOME_ACTIVATING_FOR_ACQUIRE] = "activating-for-acquire",
3195 [HOME_DEACTIVATING] = "deactivating",
3196 [HOME_ACTIVE] = "active",
3197 [HOME_LINGERING] = "lingering",
3198 [HOME_LOCKING] = "locking",
3199 [HOME_LOCKED] = "locked",
3200 [HOME_UNLOCKING] = "unlocking",
3201 [HOME_UNLOCKING_FOR_ACQUIRE] = "unlocking-for-acquire",
3202 [HOME_CREATING] = "creating",
3203 [HOME_REMOVING] = "removing",
3204 [HOME_UPDATING] = "updating",
3205 [HOME_UPDATING_WHILE_ACTIVE] = "updating-while-active",
3206 [HOME_RESIZING] = "resizing",
3207 [HOME_RESIZING_WHILE_ACTIVE] = "resizing-while-active",
3208 [HOME_PASSWD] = "passwd",
3209 [HOME_PASSWD_WHILE_ACTIVE] = "passwd-while-active",
3210 [HOME_AUTHENTICATING] = "authenticating",
3211 [HOME_AUTHENTICATING_WHILE_ACTIVE] = "authenticating-while-active",
3212 [HOME_AUTHENTICATING_FOR_ACQUIRE] = "authenticating-for-acquire",
3213 };
3214
3215 DEFINE_STRING_TABLE_LOOKUP(home_state, HomeState);
Unnamed repository; edit this file 'description' to name the repository.