1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
5 #include "cgroup-util.h"
6 #include "chase-symlinks.h"
7 #include "dns-domain.h"
12 #include "hexdecoct.h"
13 #include "hostname-util.h"
14 #include "memory-util.h"
15 #include "path-util.h"
16 #include "pkcs11-util.h"
17 #include "rlimit-util.h"
18 #include "stat-util.h"
19 #include "string-table.h"
21 #include "user-record.h"
22 #include "user-util.h"
24 #define DEFAULT_RATELIMIT_BURST 30
25 #define DEFAULT_RATELIMIT_INTERVAL_USEC (1*USEC_PER_MINUTE)
27 #if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES
28 static int parse_alloc_uid(const char *path
, const char *name
, const char *t
, uid_t
*ret_uid
) {
32 r
= parse_uid(t
, &uid
);
34 return log_debug_errno(r
, "%s: failed to parse %s %s, ignoring: %m", path
, name
, t
);
43 int read_login_defs(UGIDAllocationRange
*ret_defs
, const char *path
, const char *root
) {
44 UGIDAllocationRange defs
= {
45 .system_alloc_uid_min
= SYSTEM_ALLOC_UID_MIN
,
46 .system_uid_max
= SYSTEM_UID_MAX
,
47 .system_alloc_gid_min
= SYSTEM_ALLOC_GID_MIN
,
48 .system_gid_max
= SYSTEM_GID_MAX
,
51 #if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES
52 _cleanup_fclose_
FILE *f
= NULL
;
56 path
= "/etc/login.defs";
58 r
= chase_symlinks_and_fopen_unlocked(path
, root
, CHASE_PREFIX_ROOT
, "re", NULL
, &f
);
62 return log_debug_errno(r
, "Failed to open %s: %m", path
);
65 _cleanup_free_
char *line
= NULL
;
68 r
= read_line(f
, LINE_MAX
, &line
);
70 return log_debug_errno(r
, "Failed to read %s: %m", path
);
74 if ((t
= first_word(line
, "SYS_UID_MIN")))
75 (void) parse_alloc_uid(path
, "SYS_UID_MIN", t
, &defs
.system_alloc_uid_min
);
76 else if ((t
= first_word(line
, "SYS_UID_MAX")))
77 (void) parse_alloc_uid(path
, "SYS_UID_MAX", t
, &defs
.system_uid_max
);
78 else if ((t
= first_word(line
, "SYS_GID_MIN")))
79 (void) parse_alloc_uid(path
, "SYS_GID_MIN", t
, &defs
.system_alloc_gid_min
);
80 else if ((t
= first_word(line
, "SYS_GID_MAX")))
81 (void) parse_alloc_uid(path
, "SYS_GID_MAX", t
, &defs
.system_gid_max
);
85 if (defs
.system_alloc_uid_min
> defs
.system_uid_max
) {
86 log_debug("%s: SYS_UID_MIN > SYS_UID_MAX, resetting.", path
);
87 defs
.system_alloc_uid_min
= MIN(defs
.system_uid_max
- 1, (uid_t
) SYSTEM_ALLOC_UID_MIN
);
88 /* Look at sys_uid_max to make sure sys_uid_min..sys_uid_max remains a valid range. */
90 if (defs
.system_alloc_gid_min
> defs
.system_gid_max
) {
91 log_debug("%s: SYS_GID_MIN > SYS_GID_MAX, resetting.", path
);
92 defs
.system_alloc_gid_min
= MIN(defs
.system_gid_max
- 1, (gid_t
) SYSTEM_ALLOC_GID_MIN
);
93 /* Look at sys_gid_max to make sure sys_gid_min..sys_gid_max remains a valid range. */
101 const UGIDAllocationRange
*acquire_ugid_allocation_range(void) {
102 #if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES
103 static thread_local UGIDAllocationRange defs
= {
105 static const UGIDAllocationRange defs
= {
107 .system_alloc_uid_min
= SYSTEM_ALLOC_UID_MIN
,
108 .system_uid_max
= SYSTEM_UID_MAX
,
109 .system_alloc_gid_min
= SYSTEM_ALLOC_GID_MIN
,
110 .system_gid_max
= SYSTEM_GID_MAX
,
113 #if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES
114 /* This function will ignore failure to read the file, so it should only be called from places where
115 * we don't crucially depend on the answer. In other words, it's appropriate for journald, but
116 * probably not for sysusers. */
118 static thread_local
bool initialized
= false;
121 (void) read_login_defs(&defs
, NULL
, NULL
);
129 bool uid_is_system(uid_t uid
) {
130 const UGIDAllocationRange
*defs
;
131 assert_se(defs
= acquire_ugid_allocation_range());
133 return uid
<= defs
->system_uid_max
;
136 bool gid_is_system(gid_t gid
) {
137 const UGIDAllocationRange
*defs
;
138 assert_se(defs
= acquire_ugid_allocation_range());
140 return gid
<= defs
->system_gid_max
;
143 UserRecord
* user_record_new(void) {
146 h
= new(UserRecord
, 1);
152 .disposition
= _USER_DISPOSITION_INVALID
,
153 .last_change_usec
= UINT64_MAX
,
154 .last_password_change_usec
= UINT64_MAX
,
155 .umask
= MODE_INVALID
,
156 .nice_level
= INT_MAX
,
157 .not_before_usec
= UINT64_MAX
,
158 .not_after_usec
= UINT64_MAX
,
160 .storage
= _USER_STORAGE_INVALID
,
161 .access_mode
= MODE_INVALID
,
162 .disk_size
= UINT64_MAX
,
163 .disk_size_relative
= UINT64_MAX
,
164 .tasks_max
= UINT64_MAX
,
165 .memory_high
= UINT64_MAX
,
166 .memory_max
= UINT64_MAX
,
167 .cpu_weight
= UINT64_MAX
,
168 .io_weight
= UINT64_MAX
,
174 .luks_offline_discard
= -1,
175 .luks_volume_key_size
= UINT64_MAX
,
176 .luks_pbkdf_time_cost_usec
= UINT64_MAX
,
177 .luks_pbkdf_memory_cost
= UINT64_MAX
,
178 .luks_pbkdf_parallel_threads
= UINT64_MAX
,
179 .disk_usage
= UINT64_MAX
,
180 .disk_free
= UINT64_MAX
,
181 .disk_ceiling
= UINT64_MAX
,
182 .disk_floor
= UINT64_MAX
,
183 .signed_locally
= -1,
184 .good_authentication_counter
= UINT64_MAX
,
185 .bad_authentication_counter
= UINT64_MAX
,
186 .last_good_authentication_usec
= UINT64_MAX
,
187 .last_bad_authentication_usec
= UINT64_MAX
,
188 .ratelimit_begin_usec
= UINT64_MAX
,
189 .ratelimit_count
= UINT64_MAX
,
190 .ratelimit_interval_usec
= UINT64_MAX
,
191 .ratelimit_burst
= UINT64_MAX
,
193 .enforce_password_policy
= -1,
195 .stop_delay_usec
= UINT64_MAX
,
196 .kill_processes
= -1,
197 .password_change_min_usec
= UINT64_MAX
,
198 .password_change_max_usec
= UINT64_MAX
,
199 .password_change_warn_usec
= UINT64_MAX
,
200 .password_change_inactive_usec
= UINT64_MAX
,
201 .password_change_now
= -1,
202 .pkcs11_protected_authentication_path_permitted
= -1,
203 .fido2_user_presence_permitted
= -1,
204 .fido2_user_verification_permitted
= -1,
211 static void pkcs11_encrypted_key_done(Pkcs11EncryptedKey
*k
) {
216 erase_and_free(k
->data
);
217 erase_and_free(k
->hashed_password
);
220 static void fido2_hmac_credential_done(Fido2HmacCredential
*c
) {
227 static void fido2_hmac_salt_done(Fido2HmacSalt
*s
) {
231 fido2_hmac_credential_done(&s
->credential
);
232 erase_and_free(s
->salt
);
233 erase_and_free(s
->hashed_password
);
236 static void recovery_key_done(RecoveryKey
*k
) {
241 erase_and_free(k
->hashed_password
);
244 static UserRecord
* user_record_free(UserRecord
*h
) {
250 free(h
->user_name_and_realm_auto
);
252 free(h
->email_address
);
253 erase_and_free(h
->password_hint
);
259 strv_free(h
->environment
);
261 free(h
->preferred_language
);
262 rlimit_free_all(h
->rlimits
);
264 free(h
->skeleton_directory
);
266 strv_free_erase(h
->hashed_password
);
267 strv_free_erase(h
->ssh_authorized_keys
);
268 strv_free_erase(h
->password
);
269 strv_free_erase(h
->token_pin
);
271 free(h
->cifs_service
);
272 free(h
->cifs_user_name
);
273 free(h
->cifs_domain
);
276 free(h
->image_path_auto
);
277 free(h
->home_directory
);
278 free(h
->home_directory_auto
);
280 strv_free(h
->member_of
);
282 free(h
->file_system_type
);
283 free(h
->luks_cipher
);
284 free(h
->luks_cipher_mode
);
285 free(h
->luks_pbkdf_hash_algorithm
);
286 free(h
->luks_pbkdf_type
);
291 strv_free(h
->pkcs11_token_uri
);
292 for (size_t i
= 0; i
< h
->n_pkcs11_encrypted_key
; i
++)
293 pkcs11_encrypted_key_done(h
->pkcs11_encrypted_key
+ i
);
294 free(h
->pkcs11_encrypted_key
);
296 for (size_t i
= 0; i
< h
->n_fido2_hmac_credential
; i
++)
297 fido2_hmac_credential_done(h
->fido2_hmac_credential
+ i
);
298 for (size_t i
= 0; i
< h
->n_fido2_hmac_salt
; i
++)
299 fido2_hmac_salt_done(h
->fido2_hmac_salt
+ i
);
301 strv_free(h
->recovery_key_type
);
302 for (size_t i
= 0; i
< h
->n_recovery_key
; i
++)
303 recovery_key_done(h
->recovery_key
+ i
);
305 json_variant_unref(h
->json
);
310 DEFINE_TRIVIAL_REF_UNREF_FUNC(UserRecord
, user_record
, user_record_free
);
312 int json_dispatch_realm(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
317 if (json_variant_is_null(variant
)) {
322 if (!json_variant_is_string(variant
))
323 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a string.", strna(name
));
325 n
= json_variant_string(variant
);
326 r
= dns_name_is_valid(n
);
328 return json_log(variant
, flags
, r
, "Failed to check if JSON field '%s' is a valid DNS domain.", strna(name
));
330 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a valid DNS domain.", strna(name
));
332 r
= free_and_strdup(s
, n
);
334 return json_log(variant
, flags
, r
, "Failed to allocate string: %m");
339 int json_dispatch_gecos(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
343 if (json_variant_is_null(variant
)) {
348 if (!json_variant_is_string(variant
))
349 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a string.", strna(name
));
351 n
= json_variant_string(variant
);
352 if (valid_gecos(n
)) {
353 if (free_and_strdup(s
, n
) < 0)
354 return json_log_oom(variant
, flags
);
356 _cleanup_free_
char *m
= NULL
;
358 json_log(variant
, flags
|JSON_DEBUG
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a valid GECOS compatible string, mangling.", strna(name
));
362 return json_log_oom(variant
, flags
);
364 free_and_replace(*s
, m
);
370 static int json_dispatch_nice(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
374 if (json_variant_is_null(variant
)) {
379 if (!json_variant_is_integer(variant
))
380 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a string.", strna(name
));
382 m
= json_variant_integer(variant
);
383 if (m
< PRIO_MIN
|| m
>= PRIO_MAX
)
384 return json_log(variant
, flags
, SYNTHETIC_ERRNO(ERANGE
), "JSON field '%s' is not a valid nice level.", strna(name
));
390 static int json_dispatch_rlimit_value(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
391 rlim_t
*ret
= userdata
;
393 if (json_variant_is_null(variant
))
394 *ret
= RLIM_INFINITY
;
395 else if (json_variant_is_unsigned(variant
)) {
398 w
= json_variant_unsigned(variant
);
399 if (w
== RLIM_INFINITY
|| (uintmax_t) w
!= json_variant_unsigned(variant
))
400 return json_log(variant
, flags
, SYNTHETIC_ERRNO(ERANGE
), "Resource limit value '%s' is out of range.", name
);
404 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "Resource limit value '%s' is not an unsigned integer.", name
);
409 static int json_dispatch_rlimits(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
410 struct rlimit
** limits
= userdata
;
417 if (json_variant_is_null(variant
)) {
418 rlimit_free_all(limits
);
422 if (!json_variant_is_object(variant
))
423 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not an object.", strna(name
));
425 JSON_VARIANT_OBJECT_FOREACH(key
, value
, variant
) {
426 JsonVariant
*jcur
, *jmax
;
431 p
= startswith(key
, "RLIMIT_");
433 l
= -SYNTHETIC_ERRNO(EINVAL
);
435 l
= rlimit_from_string(p
);
437 return json_log(variant
, flags
, l
, "Resource limit '%s' not known.", key
);
439 if (!json_variant_is_object(value
))
440 return json_log(value
, flags
, SYNTHETIC_ERRNO(EINVAL
), "Resource limit '%s' has invalid value.", key
);
442 if (json_variant_elements(value
) != 4)
443 return json_log(value
, flags
, SYNTHETIC_ERRNO(EINVAL
), "Resource limit '%s' value is does not have two fields as expected.", key
);
445 jcur
= json_variant_by_key(value
, "cur");
447 return json_log(value
, flags
, SYNTHETIC_ERRNO(EINVAL
), "Resource limit '%s' lacks 'cur' field.", key
);
448 r
= json_dispatch_rlimit_value("cur", jcur
, flags
, &rl
.rlim_cur
);
452 jmax
= json_variant_by_key(value
, "max");
454 return json_log(value
, flags
, SYNTHETIC_ERRNO(EINVAL
), "Resource limit '%s' lacks 'max' field.", key
);
455 r
= json_dispatch_rlimit_value("max", jmax
, flags
, &rl
.rlim_max
);
462 limits
[l
] = newdup(struct rlimit
, &rl
, 1);
471 static int json_dispatch_filename_or_path(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
478 if (json_variant_is_null(variant
)) {
483 if (!json_variant_is_string(variant
))
484 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a string.", strna(name
));
486 n
= json_variant_string(variant
);
487 if (!filename_is_valid(n
) && !path_is_normalized(n
))
488 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a valid file name or normalized path.", strna(name
));
490 r
= free_and_strdup(s
, n
);
492 return json_log(variant
, flags
, r
, "Failed to allocate string: %m");
497 static int json_dispatch_path(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
502 if (json_variant_is_null(variant
)) {
507 if (!json_variant_is_string(variant
))
508 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a string.", strna(name
));
510 n
= json_variant_string(variant
);
511 if (!path_is_normalized(n
))
512 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a normalized file system path.", strna(name
));
513 if (!path_is_absolute(n
))
514 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not an absolute file system path.", strna(name
));
516 r
= free_and_strdup(s
, n
);
518 return json_log(variant
, flags
, r
, "Failed to allocate string: %m");
523 static int json_dispatch_home_directory(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
528 if (json_variant_is_null(variant
)) {
533 if (!json_variant_is_string(variant
))
534 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a string.", strna(name
));
536 n
= json_variant_string(variant
);
538 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a valid home directory path.", strna(name
));
540 r
= free_and_strdup(s
, n
);
542 return json_log(variant
, flags
, r
, "Failed to allocate string: %m");
547 static int json_dispatch_image_path(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
552 if (json_variant_is_null(variant
)) {
557 if (!json_variant_is_string(variant
))
558 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a string.", strna(name
));
560 n
= json_variant_string(variant
);
561 if (empty_or_root(n
) || !path_is_valid(n
) || !path_is_absolute(n
))
562 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a valid image path.", strna(name
));
564 r
= free_and_strdup(s
, n
);
566 return json_log(variant
, flags
, r
, "Failed to allocate string: %m");
571 static int json_dispatch_umask(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
572 mode_t
*m
= userdata
;
575 if (json_variant_is_null(variant
)) {
580 if (!json_variant_is_unsigned(variant
))
581 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a number.", strna(name
));
583 k
= json_variant_unsigned(variant
);
585 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' outside of valid range 0…0777.", strna(name
));
591 static int json_dispatch_access_mode(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
592 mode_t
*m
= userdata
;
595 if (json_variant_is_null(variant
)) {
600 if (!json_variant_is_unsigned(variant
))
601 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a number.", strna(name
));
603 k
= json_variant_unsigned(variant
);
605 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' outside of valid range 0…07777.", strna(name
));
611 static int json_dispatch_environment(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
612 _cleanup_strv_free_
char **n
= NULL
;
613 char ***l
= userdata
;
616 if (json_variant_is_null(variant
)) {
621 if (!json_variant_is_array(variant
))
622 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not an array.", strna(name
));
624 for (size_t i
= 0; i
< json_variant_elements(variant
); i
++) {
628 e
= json_variant_by_index(variant
, i
);
629 if (!json_variant_is_string(e
))
630 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not an array of strings.", strna(name
));
632 assert_se(a
= json_variant_string(e
));
634 if (!env_assignment_is_valid(a
))
635 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not an array of environment variables.", strna(name
));
637 r
= strv_env_replace_strdup(&n
, a
);
639 return json_log_oom(variant
, flags
);
642 return strv_free_and_replace(*l
, n
);
645 int json_dispatch_user_disposition(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
646 UserDisposition
*disposition
= userdata
, k
;
648 if (json_variant_is_null(variant
)) {
649 *disposition
= _USER_DISPOSITION_INVALID
;
653 if (!json_variant_is_string(variant
))
654 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a string.", strna(name
));
656 k
= user_disposition_from_string(json_variant_string(variant
));
658 return json_log(variant
, flags
, k
, "Disposition type '%s' not known.", json_variant_string(variant
));
664 static int json_dispatch_storage(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
665 UserStorage
*storage
= userdata
, k
;
667 if (json_variant_is_null(variant
)) {
668 *storage
= _USER_STORAGE_INVALID
;
672 if (!json_variant_is_string(variant
))
673 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a string.", strna(name
));
675 k
= user_storage_from_string(json_variant_string(variant
));
677 return json_log(variant
, flags
, k
, "Storage type '%s' not known.", json_variant_string(variant
));
683 static int json_dispatch_disk_size(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
684 uint64_t *size
= userdata
;
687 if (json_variant_is_null(variant
)) {
692 if (!json_variant_is_unsigned(variant
))
693 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not an integer.", strna(name
));
695 k
= json_variant_unsigned(variant
);
696 if (k
< USER_DISK_SIZE_MIN
|| k
> USER_DISK_SIZE_MAX
)
697 return json_log(variant
, flags
, SYNTHETIC_ERRNO(ERANGE
), "JSON field '%s' is not in valid range %" PRIu64
"…%" PRIu64
".", strna(name
), USER_DISK_SIZE_MIN
, USER_DISK_SIZE_MAX
);
703 static int json_dispatch_tasks_or_memory_max(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
704 uint64_t *limit
= userdata
;
707 if (json_variant_is_null(variant
)) {
712 if (!json_variant_is_unsigned(variant
))
713 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not an integer.", strna(name
));
715 k
= json_variant_unsigned(variant
);
716 if (k
<= 0 || k
>= UINT64_MAX
)
717 return json_log(variant
, flags
, SYNTHETIC_ERRNO(ERANGE
), "JSON field '%s' is not in valid range %" PRIu64
"…%" PRIu64
".", strna(name
), (uint64_t) 1, UINT64_MAX
-1);
723 static int json_dispatch_weight(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
724 uint64_t *weight
= userdata
;
727 if (json_variant_is_null(variant
)) {
728 *weight
= UINT64_MAX
;
732 if (!json_variant_is_unsigned(variant
))
733 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not an integer.", strna(name
));
735 k
= json_variant_unsigned(variant
);
736 if (k
<= CGROUP_WEIGHT_MIN
|| k
>= CGROUP_WEIGHT_MAX
)
737 return json_log(variant
, flags
, SYNTHETIC_ERRNO(ERANGE
), "JSON field '%s' is not in valid range %" PRIu64
"…%" PRIu64
".", strna(name
), (uint64_t) CGROUP_WEIGHT_MIN
, (uint64_t) CGROUP_WEIGHT_MAX
);
743 int json_dispatch_user_group_list(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
744 _cleanup_strv_free_
char **l
= NULL
;
745 char ***list
= userdata
;
749 if (!json_variant_is_array(variant
))
750 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not an array of strings.", strna(name
));
752 JSON_VARIANT_ARRAY_FOREACH(e
, variant
) {
754 if (!json_variant_is_string(e
))
755 return json_log(e
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON array element is not a string.");
757 if (!valid_user_group_name(json_variant_string(e
), FLAGS_SET(flags
, JSON_RELAX
) ? VALID_USER_RELAX
: 0))
758 return json_log(e
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON array element is not a valid user/group name: %s", json_variant_string(e
));
760 r
= strv_extend(&l
, json_variant_string(e
));
762 return json_log(e
, flags
, r
, "Failed to append array element: %m");
765 r
= strv_extend_strv(list
, l
, true);
767 return json_log(variant
, flags
, r
, "Failed to merge user/group arrays: %m");
772 static int dispatch_secret(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
774 static const JsonDispatch secret_dispatch_table
[] = {
775 { "password", _JSON_VARIANT_TYPE_INVALID
, json_dispatch_strv
, offsetof(UserRecord
, password
), 0 },
776 { "tokenPin", _JSON_VARIANT_TYPE_INVALID
, json_dispatch_strv
, offsetof(UserRecord
, token_pin
), 0 },
777 { "pkcs11Pin", /* legacy alias */ _JSON_VARIANT_TYPE_INVALID
, json_dispatch_strv
, offsetof(UserRecord
, token_pin
), 0 },
778 { "pkcs11ProtectedAuthenticationPathPermitted", JSON_VARIANT_BOOLEAN
, json_dispatch_tristate
, offsetof(UserRecord
, pkcs11_protected_authentication_path_permitted
), 0 },
779 { "fido2UserPresencePermitted", JSON_VARIANT_BOOLEAN
, json_dispatch_tristate
, offsetof(UserRecord
, fido2_user_presence_permitted
), 0 },
780 { "fido2UserVerificationPermitted", JSON_VARIANT_BOOLEAN
, json_dispatch_tristate
, offsetof(UserRecord
, fido2_user_verification_permitted
), 0 },
784 return json_dispatch(variant
, secret_dispatch_table
, NULL
, flags
, userdata
);
787 static int dispatch_pkcs11_uri(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
792 if (json_variant_is_null(variant
)) {
797 if (!json_variant_is_string(variant
))
798 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a string.", strna(name
));
800 n
= json_variant_string(variant
);
801 if (!pkcs11_uri_valid(n
))
802 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a valid RFC7512 PKCS#11 URI.", strna(name
));
804 r
= free_and_strdup(s
, n
);
806 return json_log(variant
, flags
, r
, "Failed to allocate string: %m");
811 static int dispatch_pkcs11_uri_array(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
812 _cleanup_strv_free_
char **z
= NULL
;
813 char ***l
= userdata
;
817 if (json_variant_is_null(variant
)) {
822 if (json_variant_is_string(variant
)) {
825 n
= json_variant_string(variant
);
826 if (!pkcs11_uri_valid(n
))
827 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a valid RFC7512 PKCS#11 URI.", strna(name
));
835 if (!json_variant_is_array(variant
))
836 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a string or array of strings.", strna(name
));
838 JSON_VARIANT_ARRAY_FOREACH(e
, variant
) {
841 if (!json_variant_is_string(e
))
842 return json_log(e
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON array element is not a string.");
844 n
= json_variant_string(e
);
845 if (!pkcs11_uri_valid(n
))
846 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON array element in '%s' is not a valid RFC7512 PKCS#11 URI: %s", strna(name
), n
);
848 r
= strv_extend(&z
, n
);
854 strv_free_and_replace(*l
, z
);
858 static int dispatch_pkcs11_key_data(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
859 Pkcs11EncryptedKey
*k
= userdata
;
864 if (json_variant_is_null(variant
)) {
865 k
->data
= erase_and_free(k
->data
);
870 if (!json_variant_is_string(variant
))
871 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a string.", strna(name
));
873 r
= unbase64mem(json_variant_string(variant
), SIZE_MAX
, &b
, &l
);
875 return json_log(variant
, flags
, r
, "Failed to decode encrypted PKCS#11 key: %m");
877 erase_and_free(k
->data
);
884 static int dispatch_pkcs11_key(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
885 UserRecord
*h
= userdata
;
889 if (!json_variant_is_array(variant
))
890 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not an array of objects.", strna(name
));
892 JSON_VARIANT_ARRAY_FOREACH(e
, variant
) {
893 Pkcs11EncryptedKey
*array
, *k
;
895 static const JsonDispatch pkcs11_key_dispatch_table
[] = {
896 { "uri", JSON_VARIANT_STRING
, dispatch_pkcs11_uri
, offsetof(Pkcs11EncryptedKey
, uri
), JSON_MANDATORY
},
897 { "data", JSON_VARIANT_STRING
, dispatch_pkcs11_key_data
, 0, JSON_MANDATORY
},
898 { "hashedPassword", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(Pkcs11EncryptedKey
, hashed_password
), JSON_MANDATORY
},
902 if (!json_variant_is_object(e
))
903 return json_log(e
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON array element is not an object.");
905 array
= reallocarray(h
->pkcs11_encrypted_key
, h
->n_pkcs11_encrypted_key
+ 1, sizeof(Pkcs11EncryptedKey
));
909 h
->pkcs11_encrypted_key
= array
;
910 k
= h
->pkcs11_encrypted_key
+ h
->n_pkcs11_encrypted_key
;
911 *k
= (Pkcs11EncryptedKey
) {};
913 r
= json_dispatch(e
, pkcs11_key_dispatch_table
, NULL
, flags
, k
);
915 pkcs11_encrypted_key_done(k
);
919 h
->n_pkcs11_encrypted_key
++;
925 static int dispatch_fido2_hmac_credential(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
926 Fido2HmacCredential
*k
= userdata
;
931 if (json_variant_is_null(variant
)) {
932 k
->id
= mfree(k
->id
);
937 if (!json_variant_is_string(variant
))
938 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a string.", strna(name
));
940 r
= unbase64mem(json_variant_string(variant
), SIZE_MAX
, &b
, &l
);
942 return json_log(variant
, flags
, r
, "Failed to decode FIDO2 credential ID: %m");
944 free_and_replace(k
->id
, b
);
950 static int dispatch_fido2_hmac_credential_array(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
951 UserRecord
*h
= userdata
;
955 if (!json_variant_is_array(variant
))
956 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not an array of strings.", strna(name
));
958 JSON_VARIANT_ARRAY_FOREACH(e
, variant
) {
959 Fido2HmacCredential
*array
;
963 if (!json_variant_is_string(e
))
964 return json_log(e
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON array element is not a string.");
966 array
= reallocarray(h
->fido2_hmac_credential
, h
->n_fido2_hmac_credential
+ 1, sizeof(Fido2HmacCredential
));
970 r
= unbase64mem(json_variant_string(e
), SIZE_MAX
, &b
, &l
);
972 return json_log(variant
, flags
, r
, "Failed to decode FIDO2 credential ID: %m");
974 h
->fido2_hmac_credential
= array
;
976 h
->fido2_hmac_credential
[h
->n_fido2_hmac_credential
++] = (Fido2HmacCredential
) {
985 static int dispatch_fido2_hmac_salt_value(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
986 Fido2HmacSalt
*k
= userdata
;
991 if (json_variant_is_null(variant
)) {
992 k
->salt
= erase_and_free(k
->salt
);
997 if (!json_variant_is_string(variant
))
998 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not a string.", strna(name
));
1000 r
= unbase64mem(json_variant_string(variant
), SIZE_MAX
, &b
, &l
);
1002 return json_log(variant
, flags
, r
, "Failed to decode FIDO2 salt: %m");
1004 erase_and_free(k
->salt
);
1011 static int dispatch_fido2_hmac_salt(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
1012 UserRecord
*h
= userdata
;
1016 if (!json_variant_is_array(variant
))
1017 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not an array of objects.", strna(name
));
1019 JSON_VARIANT_ARRAY_FOREACH(e
, variant
) {
1020 Fido2HmacSalt
*array
, *k
;
1022 static const JsonDispatch fido2_hmac_salt_dispatch_table
[] = {
1023 { "credential", JSON_VARIANT_STRING
, dispatch_fido2_hmac_credential
, offsetof(Fido2HmacSalt
, credential
), JSON_MANDATORY
},
1024 { "salt", JSON_VARIANT_STRING
, dispatch_fido2_hmac_salt_value
, 0, JSON_MANDATORY
},
1025 { "hashedPassword", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(Fido2HmacSalt
, hashed_password
), JSON_MANDATORY
},
1026 { "up", JSON_VARIANT_BOOLEAN
, json_dispatch_tristate
, offsetof(Fido2HmacSalt
, up
), 0 },
1027 { "uv", JSON_VARIANT_BOOLEAN
, json_dispatch_tristate
, offsetof(Fido2HmacSalt
, uv
), 0 },
1028 { "clientPin", JSON_VARIANT_BOOLEAN
, json_dispatch_tristate
, offsetof(Fido2HmacSalt
, client_pin
), 0 },
1032 if (!json_variant_is_object(e
))
1033 return json_log(e
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON array element is not an object.");
1035 array
= reallocarray(h
->fido2_hmac_salt
, h
->n_fido2_hmac_salt
+ 1, sizeof(Fido2HmacSalt
));
1039 h
->fido2_hmac_salt
= array
;
1040 k
= h
->fido2_hmac_salt
+ h
->n_fido2_hmac_salt
;
1041 *k
= (Fido2HmacSalt
) {
1047 r
= json_dispatch(e
, fido2_hmac_salt_dispatch_table
, NULL
, flags
, k
);
1049 fido2_hmac_salt_done(k
);
1053 h
->n_fido2_hmac_salt
++;
1059 static int dispatch_recovery_key(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
1060 UserRecord
*h
= userdata
;
1064 if (!json_variant_is_array(variant
))
1065 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not an array of objects.", strna(name
));
1067 JSON_VARIANT_ARRAY_FOREACH(e
, variant
) {
1068 RecoveryKey
*array
, *k
;
1070 static const JsonDispatch recovery_key_dispatch_table
[] = {
1071 { "type", JSON_VARIANT_STRING
, json_dispatch_string
, 0, JSON_MANDATORY
},
1072 { "hashedPassword", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(RecoveryKey
, hashed_password
), JSON_MANDATORY
},
1076 if (!json_variant_is_object(e
))
1077 return json_log(e
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON array element is not an object.");
1079 array
= reallocarray(h
->recovery_key
, h
->n_recovery_key
+ 1, sizeof(RecoveryKey
));
1083 h
->recovery_key
= array
;
1084 k
= h
->recovery_key
+ h
->n_recovery_key
;
1085 *k
= (RecoveryKey
) {};
1087 r
= json_dispatch(e
, recovery_key_dispatch_table
, NULL
, flags
, k
);
1089 recovery_key_done(k
);
1093 h
->n_recovery_key
++;
1099 static int dispatch_privileged(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
1101 static const JsonDispatch privileged_dispatch_table
[] = {
1102 { "passwordHint", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, password_hint
), 0 },
1103 { "hashedPassword", _JSON_VARIANT_TYPE_INVALID
, json_dispatch_strv
, offsetof(UserRecord
, hashed_password
), JSON_SAFE
},
1104 { "sshAuthorizedKeys", _JSON_VARIANT_TYPE_INVALID
, json_dispatch_strv
, offsetof(UserRecord
, ssh_authorized_keys
), 0 },
1105 { "pkcs11EncryptedKey", JSON_VARIANT_ARRAY
, dispatch_pkcs11_key
, 0, 0 },
1106 { "fido2HmacSalt", JSON_VARIANT_ARRAY
, dispatch_fido2_hmac_salt
, 0, 0 },
1107 { "recoveryKey", JSON_VARIANT_ARRAY
, dispatch_recovery_key
, 0, 0 },
1111 return json_dispatch(variant
, privileged_dispatch_table
, NULL
, flags
, userdata
);
1114 static int dispatch_binding(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
1116 static const JsonDispatch binding_dispatch_table
[] = {
1117 { "imagePath", JSON_VARIANT_STRING
, json_dispatch_image_path
, offsetof(UserRecord
, image_path
), 0 },
1118 { "homeDirectory", JSON_VARIANT_STRING
, json_dispatch_home_directory
, offsetof(UserRecord
, home_directory
), 0 },
1119 { "partitionUuid", JSON_VARIANT_STRING
, json_dispatch_id128
, offsetof(UserRecord
, partition_uuid
), 0 },
1120 { "luksUuid", JSON_VARIANT_STRING
, json_dispatch_id128
, offsetof(UserRecord
, luks_uuid
), 0 },
1121 { "fileSystemUuid", JSON_VARIANT_STRING
, json_dispatch_id128
, offsetof(UserRecord
, file_system_uuid
), 0 },
1122 { "uid", JSON_VARIANT_UNSIGNED
, json_dispatch_uid_gid
, offsetof(UserRecord
, uid
), 0 },
1123 { "gid", JSON_VARIANT_UNSIGNED
, json_dispatch_uid_gid
, offsetof(UserRecord
, gid
), 0 },
1124 { "storage", JSON_VARIANT_STRING
, json_dispatch_storage
, offsetof(UserRecord
, storage
), 0 },
1125 { "fileSystemType", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, file_system_type
), JSON_SAFE
},
1126 { "luksCipher", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, luks_cipher
), JSON_SAFE
},
1127 { "luksCipherMode", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, luks_cipher_mode
), JSON_SAFE
},
1128 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, luks_volume_key_size
), 0 },
1139 if (!json_variant_is_object(variant
))
1140 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not an object.", strna(name
));
1142 r
= sd_id128_get_machine(&mid
);
1144 return json_log(variant
, flags
, r
, "Failed to determine machine ID: %m");
1146 m
= json_variant_by_key(variant
, SD_ID128_TO_STRING(mid
));
1150 return json_dispatch(m
, binding_dispatch_table
, NULL
, flags
, userdata
);
1153 int per_machine_id_match(JsonVariant
*ids
, JsonDispatchFlags flags
) {
1157 r
= sd_id128_get_machine(&mid
);
1159 return json_log(ids
, flags
, r
, "Failed to acquire machine ID: %m");
1161 if (json_variant_is_string(ids
)) {
1164 r
= sd_id128_from_string(json_variant_string(ids
), &k
);
1166 json_log(ids
, flags
, r
, "%s is not a valid machine ID, ignoring: %m", json_variant_string(ids
));
1170 return sd_id128_equal(mid
, k
);
1173 if (json_variant_is_array(ids
)) {
1176 JSON_VARIANT_ARRAY_FOREACH(e
, ids
) {
1179 if (!json_variant_is_string(e
)) {
1180 json_log(e
, flags
, 0, "Machine ID is not a string, ignoring: %m");
1184 r
= sd_id128_from_string(json_variant_string(e
), &k
);
1186 json_log(e
, flags
, r
, "%s is not a valid machine ID, ignoring: %m", json_variant_string(e
));
1190 if (sd_id128_equal(mid
, k
))
1197 json_log(ids
, flags
, 0, "Machine ID is not a string or array of strings, ignoring: %m");
1201 int per_machine_hostname_match(JsonVariant
*hns
, JsonDispatchFlags flags
) {
1202 _cleanup_free_
char *hn
= NULL
;
1205 r
= gethostname_strict(&hn
);
1207 json_log(hns
, flags
, r
, "No hostname set, not matching perMachine hostname record: %m");
1211 return json_log(hns
, flags
, r
, "Failed to acquire hostname: %m");
1213 if (json_variant_is_string(hns
))
1214 return streq(json_variant_string(hns
), hn
);
1216 if (json_variant_is_array(hns
)) {
1219 JSON_VARIANT_ARRAY_FOREACH(e
, hns
) {
1221 if (!json_variant_is_string(e
)) {
1222 json_log(e
, flags
, 0, "Hostname is not a string, ignoring: %m");
1226 if (streq(json_variant_string(hns
), hn
))
1233 json_log(hns
, flags
, 0, "Hostname is not a string or array of strings, ignoring: %m");
1237 static int dispatch_per_machine(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
1239 static const JsonDispatch per_machine_dispatch_table
[] = {
1240 { "matchMachineId", _JSON_VARIANT_TYPE_INVALID
, NULL
, 0, 0 },
1241 { "matchHostname", _JSON_VARIANT_TYPE_INVALID
, NULL
, 0, 0 },
1242 { "iconName", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, icon_name
), JSON_SAFE
},
1243 { "location", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, location
), 0 },
1244 { "shell", JSON_VARIANT_STRING
, json_dispatch_filename_or_path
, offsetof(UserRecord
, shell
), 0 },
1245 { "umask", JSON_VARIANT_UNSIGNED
, json_dispatch_umask
, offsetof(UserRecord
, umask
), 0 },
1246 { "environment", JSON_VARIANT_ARRAY
, json_dispatch_environment
, offsetof(UserRecord
, environment
), 0 },
1247 { "timeZone", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, time_zone
), JSON_SAFE
},
1248 { "preferredLanguage", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, preferred_language
), JSON_SAFE
},
1249 { "niceLevel", _JSON_VARIANT_TYPE_INVALID
, json_dispatch_nice
, offsetof(UserRecord
, nice_level
), 0 },
1250 { "resourceLimits", _JSON_VARIANT_TYPE_INVALID
, json_dispatch_rlimits
, offsetof(UserRecord
, rlimits
), 0 },
1251 { "locked", JSON_VARIANT_BOOLEAN
, json_dispatch_tristate
, offsetof(UserRecord
, locked
), 0 },
1252 { "notBeforeUSec", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, not_before_usec
), 0 },
1253 { "notAfterUSec", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, not_after_usec
), 0 },
1254 { "storage", JSON_VARIANT_STRING
, json_dispatch_storage
, offsetof(UserRecord
, storage
), 0 },
1255 { "diskSize", JSON_VARIANT_UNSIGNED
, json_dispatch_disk_size
, offsetof(UserRecord
, disk_size
), 0 },
1256 { "diskSizeRelative", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, disk_size_relative
), 0 },
1257 { "skeletonDirectory", JSON_VARIANT_STRING
, json_dispatch_path
, offsetof(UserRecord
, skeleton_directory
), 0 },
1258 { "accessMode", JSON_VARIANT_UNSIGNED
, json_dispatch_access_mode
, offsetof(UserRecord
, access_mode
), 0 },
1259 { "tasksMax", JSON_VARIANT_UNSIGNED
, json_dispatch_tasks_or_memory_max
, offsetof(UserRecord
, tasks_max
), 0 },
1260 { "memoryHigh", JSON_VARIANT_UNSIGNED
, json_dispatch_tasks_or_memory_max
, offsetof(UserRecord
, memory_high
), 0 },
1261 { "memoryMax", JSON_VARIANT_UNSIGNED
, json_dispatch_tasks_or_memory_max
, offsetof(UserRecord
, memory_max
), 0 },
1262 { "cpuWeight", JSON_VARIANT_UNSIGNED
, json_dispatch_weight
, offsetof(UserRecord
, cpu_weight
), 0 },
1263 { "ioWeight", JSON_VARIANT_UNSIGNED
, json_dispatch_weight
, offsetof(UserRecord
, io_weight
), 0 },
1264 { "mountNoDevices", JSON_VARIANT_BOOLEAN
, json_dispatch_boolean
, offsetof(UserRecord
, nodev
), 0 },
1265 { "mountNoSuid", JSON_VARIANT_BOOLEAN
, json_dispatch_boolean
, offsetof(UserRecord
, nosuid
), 0 },
1266 { "mountNoExecute", JSON_VARIANT_BOOLEAN
, json_dispatch_boolean
, offsetof(UserRecord
, noexec
), 0 },
1267 { "cifsDomain", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, cifs_domain
), JSON_SAFE
},
1268 { "cifsUserName", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, cifs_user_name
), JSON_SAFE
},
1269 { "cifsService", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, cifs_service
), JSON_SAFE
},
1270 { "imagePath", JSON_VARIANT_STRING
, json_dispatch_path
, offsetof(UserRecord
, image_path
), 0 },
1271 { "uid", JSON_VARIANT_UNSIGNED
, json_dispatch_uid_gid
, offsetof(UserRecord
, uid
), 0 },
1272 { "gid", JSON_VARIANT_UNSIGNED
, json_dispatch_uid_gid
, offsetof(UserRecord
, gid
), 0 },
1273 { "memberOf", JSON_VARIANT_ARRAY
, json_dispatch_user_group_list
, offsetof(UserRecord
, member_of
), JSON_RELAX
},
1274 { "fileSystemType", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, file_system_type
), JSON_SAFE
},
1275 { "partitionUuid", JSON_VARIANT_STRING
, json_dispatch_id128
, offsetof(UserRecord
, partition_uuid
), 0 },
1276 { "luksUuid", JSON_VARIANT_STRING
, json_dispatch_id128
, offsetof(UserRecord
, luks_uuid
), 0 },
1277 { "fileSystemUuid", JSON_VARIANT_STRING
, json_dispatch_id128
, offsetof(UserRecord
, file_system_uuid
), 0 },
1278 { "luksDiscard", _JSON_VARIANT_TYPE_INVALID
, json_dispatch_tristate
, offsetof(UserRecord
, luks_discard
), 0, },
1279 { "luksOfflineDiscard", _JSON_VARIANT_TYPE_INVALID
, json_dispatch_tristate
, offsetof(UserRecord
, luks_offline_discard
), 0, },
1280 { "luksCipher", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, luks_cipher
), JSON_SAFE
},
1281 { "luksCipherMode", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, luks_cipher_mode
), JSON_SAFE
},
1282 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, luks_volume_key_size
), 0 },
1283 { "luksPbkdfHashAlgorithm", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, luks_pbkdf_hash_algorithm
), JSON_SAFE
},
1284 { "luksPbkdfType", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, luks_pbkdf_type
), JSON_SAFE
},
1285 { "luksPbkdfTimeCostUSec", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, luks_pbkdf_time_cost_usec
), 0 },
1286 { "luksPbkdfMemoryCost", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, luks_pbkdf_memory_cost
), 0 },
1287 { "luksPbkdfParallelThreads", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, luks_pbkdf_parallel_threads
), 0 },
1288 { "dropCaches", JSON_VARIANT_BOOLEAN
, json_dispatch_tristate
, offsetof(UserRecord
, drop_caches
), 0 },
1289 { "rateLimitIntervalUSec", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, ratelimit_interval_usec
), 0 },
1290 { "rateLimitBurst", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, ratelimit_burst
), 0 },
1291 { "enforcePasswordPolicy", JSON_VARIANT_BOOLEAN
, json_dispatch_tristate
, offsetof(UserRecord
, enforce_password_policy
), 0 },
1292 { "autoLogin", JSON_VARIANT_BOOLEAN
, json_dispatch_tristate
, offsetof(UserRecord
, auto_login
), 0 },
1293 { "stopDelayUSec", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, stop_delay_usec
), 0 },
1294 { "killProcesses", JSON_VARIANT_BOOLEAN
, json_dispatch_tristate
, offsetof(UserRecord
, kill_processes
), 0 },
1295 { "passwordChangeMinUSec", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, password_change_min_usec
), 0 },
1296 { "passwordChangeMaxUSec", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, password_change_max_usec
), 0 },
1297 { "passwordChangeWarnUSec", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, password_change_warn_usec
), 0 },
1298 { "passwordChangeInactiveUSec", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, password_change_inactive_usec
), 0 },
1299 { "passwordChangeNow", JSON_VARIANT_BOOLEAN
, json_dispatch_tristate
, offsetof(UserRecord
, password_change_now
), 0 },
1300 { "pkcs11TokenUri", JSON_VARIANT_ARRAY
, dispatch_pkcs11_uri_array
, offsetof(UserRecord
, pkcs11_token_uri
), 0 },
1301 { "fido2HmacCredential", JSON_VARIANT_ARRAY
, dispatch_fido2_hmac_credential_array
, 0, 0 },
1311 if (!json_variant_is_array(variant
))
1312 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not an array.", strna(name
));
1314 JSON_VARIANT_ARRAY_FOREACH(e
, variant
) {
1315 bool matching
= false;
1318 if (!json_variant_is_object(e
))
1319 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not an array of objects.", strna(name
));
1321 m
= json_variant_by_key(e
, "matchMachineId");
1323 r
= per_machine_id_match(m
, flags
);
1331 m
= json_variant_by_key(e
, "matchHostname");
1333 r
= per_machine_hostname_match(m
, flags
);
1344 r
= json_dispatch(e
, per_machine_dispatch_table
, NULL
, flags
, userdata
);
1352 static int dispatch_status(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
1354 static const JsonDispatch status_dispatch_table
[] = {
1355 { "diskUsage", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, disk_usage
), 0 },
1356 { "diskFree", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, disk_free
), 0 },
1357 { "diskSize", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, disk_size
), 0 },
1358 { "diskCeiling", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, disk_ceiling
), 0 },
1359 { "diskFloor", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, disk_floor
), 0 },
1360 { "state", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, state
), JSON_SAFE
},
1361 { "service", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, service
), JSON_SAFE
},
1362 { "signedLocally", _JSON_VARIANT_TYPE_INVALID
, json_dispatch_tristate
, offsetof(UserRecord
, signed_locally
), 0 },
1363 { "goodAuthenticationCounter", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, good_authentication_counter
), 0 },
1364 { "badAuthenticationCounter", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, bad_authentication_counter
), 0 },
1365 { "lastGoodAuthenticationUSec", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, last_good_authentication_usec
), 0 },
1366 { "lastBadAuthenticationUSec", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, last_bad_authentication_usec
), 0 },
1367 { "rateLimitBeginUSec", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, ratelimit_begin_usec
), 0 },
1368 { "rateLimitCount", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, ratelimit_count
), 0 },
1369 { "removable", JSON_VARIANT_BOOLEAN
, json_dispatch_boolean
, offsetof(UserRecord
, removable
), 0 },
1380 if (!json_variant_is_object(variant
))
1381 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not an object.", strna(name
));
1383 r
= sd_id128_get_machine(&mid
);
1385 return json_log(variant
, flags
, r
, "Failed to determine machine ID: %m");
1387 m
= json_variant_by_key(variant
, SD_ID128_TO_STRING(mid
));
1391 return json_dispatch(m
, status_dispatch_table
, NULL
, flags
, userdata
);
1394 int user_record_build_image_path(UserStorage storage
, const char *user_name_and_realm
, char **ret
) {
1398 assert(storage
>= 0);
1399 assert(user_name_and_realm
);
1402 if (storage
== USER_LUKS
)
1404 else if (IN_SET(storage
, USER_DIRECTORY
, USER_SUBVOLUME
, USER_FSCRYPT
))
1405 suffix
= ".homedir";
1411 z
= strjoin(get_home_root(), "/", user_name_and_realm
, suffix
);
1415 *ret
= path_simplify(z
);
1419 static int user_record_augment(UserRecord
*h
, JsonDispatchFlags json_flags
) {
1424 if (!FLAGS_SET(h
->mask
, USER_RECORD_REGULAR
))
1427 assert(h
->user_name
);
1429 if (!h
->user_name_and_realm_auto
&& h
->realm
) {
1430 h
->user_name_and_realm_auto
= strjoin(h
->user_name
, "@", h
->realm
);
1431 if (!h
->user_name_and_realm_auto
)
1432 return json_log_oom(h
->json
, json_flags
);
1435 /* Let's add in the following automatisms only for regular users, they don't make sense for any others */
1436 if (user_record_disposition(h
) != USER_REGULAR
)
1439 if (!h
->home_directory
&& !h
->home_directory_auto
) {
1440 h
->home_directory_auto
= path_join(get_home_root(), h
->user_name
);
1441 if (!h
->home_directory_auto
)
1442 return json_log_oom(h
->json
, json_flags
);
1445 if (!h
->image_path
&& !h
->image_path_auto
) {
1446 r
= user_record_build_image_path(user_record_storage(h
), user_record_user_name_and_realm(h
), &h
->image_path_auto
);
1448 return json_log(h
->json
, json_flags
, r
, "Failed to determine default image path: %m");
1454 int user_group_record_mangle(
1456 UserRecordLoadFlags load_flags
,
1457 JsonVariant
**ret_variant
,
1458 UserRecordMask
*ret_mask
) {
1460 static const struct {
1461 UserRecordMask mask
;
1464 { USER_RECORD_PRIVILEGED
, "privileged" },
1465 { USER_RECORD_SECRET
, "secret" },
1466 { USER_RECORD_BINDING
, "binding" },
1467 { USER_RECORD_PER_MACHINE
, "perMachine" },
1468 { USER_RECORD_STATUS
, "status" },
1469 { USER_RECORD_SIGNATURE
, "signature" },
1472 JsonDispatchFlags json_flags
= USER_RECORD_LOAD_FLAGS_TO_JSON_DISPATCH_FLAGS(load_flags
);
1473 _cleanup_(json_variant_unrefp
) JsonVariant
*w
= NULL
;
1474 JsonVariant
*array
[ELEMENTSOF(mask_field
) * 2];
1475 size_t n_retain
= 0;
1476 UserRecordMask m
= 0;
1479 assert((load_flags
& _USER_RECORD_MASK_MAX
) == 0); /* detect mistakes when accidentally passing
1480 * UserRecordMask bit masks as UserRecordLoadFlags
1484 assert(ret_variant
);
1487 /* Note that this function is shared with the group record parser, hence we try to be generic in our
1488 * log message wording here, to cover both cases. */
1490 if (!json_variant_is_object(v
))
1491 return json_log(v
, json_flags
, SYNTHETIC_ERRNO(EBADMSG
), "Record is not a JSON object, refusing.");
1493 if (USER_RECORD_ALLOW_MASK(load_flags
) == 0) /* allow nothing? */
1494 return json_log(v
, json_flags
, SYNTHETIC_ERRNO(EINVAL
), "Nothing allowed in record, refusing.");
1496 if (USER_RECORD_STRIP_MASK(load_flags
) == _USER_RECORD_MASK_MAX
) /* strip everything? */
1497 return json_log(v
, json_flags
, SYNTHETIC_ERRNO(EINVAL
), "Stripping everything from record, refusing.");
1499 /* Check if we have the special sections and if they match our flags set */
1500 for (size_t i
= 0; i
< ELEMENTSOF(mask_field
); i
++) {
1503 if (FLAGS_SET(USER_RECORD_STRIP_MASK(load_flags
), mask_field
[i
].mask
)) {
1505 w
= json_variant_ref(v
);
1507 r
= json_variant_filter(&w
, STRV_MAKE(mask_field
[i
].name
));
1509 return json_log(w
, json_flags
, r
, "Failed to remove field from variant: %m");
1514 e
= json_variant_by_key_full(v
, mask_field
[i
].name
, &k
);
1516 if (!FLAGS_SET(USER_RECORD_ALLOW_MASK(load_flags
), mask_field
[i
].mask
))
1517 return json_log(e
, json_flags
, SYNTHETIC_ERRNO(EBADMSG
), "Record contains '%s' field, which is not allowed.", mask_field
[i
].name
);
1519 if (FLAGS_SET(load_flags
, USER_RECORD_STRIP_REGULAR
)) {
1520 array
[n_retain
++] = k
;
1521 array
[n_retain
++] = e
;
1524 m
|= mask_field
[i
].mask
;
1526 if (FLAGS_SET(USER_RECORD_REQUIRE_MASK(load_flags
), mask_field
[i
].mask
))
1527 return json_log(v
, json_flags
, SYNTHETIC_ERRNO(EBADMSG
), "Record lacks '%s' field, which is required.", mask_field
[i
].name
);
1531 if (FLAGS_SET(load_flags
, USER_RECORD_STRIP_REGULAR
)) {
1532 /* If we are supposed to strip regular items, then let's instead just allocate a new object
1533 * with just the stuff we need. */
1535 w
= json_variant_unref(w
);
1536 r
= json_variant_new_object(&w
, array
, n_retain
);
1538 return json_log(v
, json_flags
, r
, "Failed to allocate new object: %m");
1540 /* And now check if there's anything else in the record */
1541 for (size_t i
= 0; i
< json_variant_elements(v
); i
+= 2) {
1543 bool special
= false;
1545 assert_se(f
= json_variant_string(json_variant_by_index(v
, i
)));
1547 for (size_t j
= 0; j
< ELEMENTSOF(mask_field
); j
++)
1548 if (streq(f
, mask_field
[j
].name
)) { /* already covered in the loop above */
1554 if ((load_flags
& (USER_RECORD_ALLOW_REGULAR
|USER_RECORD_REQUIRE_REGULAR
)) == 0)
1555 return json_log(v
, json_flags
, SYNTHETIC_ERRNO(EBADMSG
), "Record contains '%s' field, which is not allowed.", f
);
1557 m
|= USER_RECORD_REGULAR
;
1562 if (FLAGS_SET(load_flags
, USER_RECORD_REQUIRE_REGULAR
) && !FLAGS_SET(m
, USER_RECORD_REGULAR
))
1563 return json_log(v
, json_flags
, SYNTHETIC_ERRNO(EBADMSG
), "Record lacks basic identity fields, which are required.");
1565 if (!FLAGS_SET(load_flags
, USER_RECORD_EMPTY_OK
) && m
== 0)
1566 return json_log(v
, json_flags
, SYNTHETIC_ERRNO(EBADMSG
), "Record is empty.");
1569 *ret_variant
= TAKE_PTR(w
);
1571 *ret_variant
= json_variant_ref(v
);
1577 int user_record_load(UserRecord
*h
, JsonVariant
*v
, UserRecordLoadFlags load_flags
) {
1579 static const JsonDispatch user_dispatch_table
[] = {
1580 { "userName", JSON_VARIANT_STRING
, json_dispatch_user_group_name
, offsetof(UserRecord
, user_name
), JSON_RELAX
},
1581 { "realm", JSON_VARIANT_STRING
, json_dispatch_realm
, offsetof(UserRecord
, realm
), 0 },
1582 { "realName", JSON_VARIANT_STRING
, json_dispatch_gecos
, offsetof(UserRecord
, real_name
), 0 },
1583 { "emailAddress", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, email_address
), JSON_SAFE
},
1584 { "iconName", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, icon_name
), JSON_SAFE
},
1585 { "location", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, location
), 0 },
1586 { "disposition", JSON_VARIANT_STRING
, json_dispatch_user_disposition
, offsetof(UserRecord
, disposition
), 0 },
1587 { "lastChangeUSec", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, last_change_usec
), 0 },
1588 { "lastPasswordChangeUSec", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, last_password_change_usec
), 0 },
1589 { "shell", JSON_VARIANT_STRING
, json_dispatch_filename_or_path
, offsetof(UserRecord
, shell
), 0 },
1590 { "umask", JSON_VARIANT_UNSIGNED
, json_dispatch_umask
, offsetof(UserRecord
, umask
), 0 },
1591 { "environment", JSON_VARIANT_ARRAY
, json_dispatch_environment
, offsetof(UserRecord
, environment
), 0 },
1592 { "timeZone", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, time_zone
), JSON_SAFE
},
1593 { "preferredLanguage", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, preferred_language
), JSON_SAFE
},
1594 { "niceLevel", _JSON_VARIANT_TYPE_INVALID
, json_dispatch_nice
, offsetof(UserRecord
, nice_level
), 0 },
1595 { "resourceLimits", _JSON_VARIANT_TYPE_INVALID
, json_dispatch_rlimits
, offsetof(UserRecord
, rlimits
), 0 },
1596 { "locked", JSON_VARIANT_BOOLEAN
, json_dispatch_tristate
, offsetof(UserRecord
, locked
), 0 },
1597 { "notBeforeUSec", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, not_before_usec
), 0 },
1598 { "notAfterUSec", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, not_after_usec
), 0 },
1599 { "storage", JSON_VARIANT_STRING
, json_dispatch_storage
, offsetof(UserRecord
, storage
), 0 },
1600 { "diskSize", JSON_VARIANT_UNSIGNED
, json_dispatch_disk_size
, offsetof(UserRecord
, disk_size
), 0 },
1601 { "diskSizeRelative", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, disk_size_relative
), 0 },
1602 { "skeletonDirectory", JSON_VARIANT_STRING
, json_dispatch_path
, offsetof(UserRecord
, skeleton_directory
), 0 },
1603 { "accessMode", JSON_VARIANT_UNSIGNED
, json_dispatch_access_mode
, offsetof(UserRecord
, access_mode
), 0 },
1604 { "tasksMax", JSON_VARIANT_UNSIGNED
, json_dispatch_tasks_or_memory_max
, offsetof(UserRecord
, tasks_max
), 0 },
1605 { "memoryHigh", JSON_VARIANT_UNSIGNED
, json_dispatch_tasks_or_memory_max
, offsetof(UserRecord
, memory_high
), 0 },
1606 { "memoryMax", JSON_VARIANT_UNSIGNED
, json_dispatch_tasks_or_memory_max
, offsetof(UserRecord
, memory_max
), 0 },
1607 { "cpuWeight", JSON_VARIANT_UNSIGNED
, json_dispatch_weight
, offsetof(UserRecord
, cpu_weight
), 0 },
1608 { "ioWeight", JSON_VARIANT_UNSIGNED
, json_dispatch_weight
, offsetof(UserRecord
, io_weight
), 0 },
1609 { "mountNoDevices", JSON_VARIANT_BOOLEAN
, json_dispatch_boolean
, offsetof(UserRecord
, nodev
), 0 },
1610 { "mountNoSuid", JSON_VARIANT_BOOLEAN
, json_dispatch_boolean
, offsetof(UserRecord
, nosuid
), 0 },
1611 { "mountNoExecute", JSON_VARIANT_BOOLEAN
, json_dispatch_boolean
, offsetof(UserRecord
, noexec
), 0 },
1612 { "cifsDomain", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, cifs_domain
), JSON_SAFE
},
1613 { "cifsUserName", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, cifs_user_name
), JSON_SAFE
},
1614 { "cifsService", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, cifs_service
), JSON_SAFE
},
1615 { "imagePath", JSON_VARIANT_STRING
, json_dispatch_path
, offsetof(UserRecord
, image_path
), 0 },
1616 { "homeDirectory", JSON_VARIANT_STRING
, json_dispatch_home_directory
, offsetof(UserRecord
, home_directory
), 0 },
1617 { "uid", JSON_VARIANT_UNSIGNED
, json_dispatch_uid_gid
, offsetof(UserRecord
, uid
), 0 },
1618 { "gid", JSON_VARIANT_UNSIGNED
, json_dispatch_uid_gid
, offsetof(UserRecord
, gid
), 0 },
1619 { "memberOf", JSON_VARIANT_ARRAY
, json_dispatch_user_group_list
, offsetof(UserRecord
, member_of
), JSON_RELAX
},
1620 { "fileSystemType", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, file_system_type
), JSON_SAFE
},
1621 { "partitionUuid", JSON_VARIANT_STRING
, json_dispatch_id128
, offsetof(UserRecord
, partition_uuid
), 0 },
1622 { "luksUuid", JSON_VARIANT_STRING
, json_dispatch_id128
, offsetof(UserRecord
, luks_uuid
), 0 },
1623 { "fileSystemUuid", JSON_VARIANT_STRING
, json_dispatch_id128
, offsetof(UserRecord
, file_system_uuid
), 0 },
1624 { "luksDiscard", _JSON_VARIANT_TYPE_INVALID
, json_dispatch_tristate
, offsetof(UserRecord
, luks_discard
), 0 },
1625 { "luksOfflineDiscard", _JSON_VARIANT_TYPE_INVALID
, json_dispatch_tristate
, offsetof(UserRecord
, luks_offline_discard
), 0 },
1626 { "luksCipher", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, luks_cipher
), JSON_SAFE
},
1627 { "luksCipherMode", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, luks_cipher_mode
), JSON_SAFE
},
1628 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, luks_volume_key_size
), 0 },
1629 { "luksPbkdfHashAlgorithm", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, luks_pbkdf_hash_algorithm
), JSON_SAFE
},
1630 { "luksPbkdfType", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, luks_pbkdf_type
), JSON_SAFE
},
1631 { "luksPbkdfTimeCostUSec", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, luks_pbkdf_time_cost_usec
), 0 },
1632 { "luksPbkdfMemoryCost", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, luks_pbkdf_memory_cost
), 0 },
1633 { "luksPbkdfParallelThreads", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, luks_pbkdf_parallel_threads
), 0 },
1634 { "dropCaches", JSON_VARIANT_BOOLEAN
, json_dispatch_tristate
, offsetof(UserRecord
, drop_caches
), 0 },
1635 { "service", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(UserRecord
, service
), JSON_SAFE
},
1636 { "rateLimitIntervalUSec", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, ratelimit_interval_usec
), 0 },
1637 { "rateLimitBurst", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, ratelimit_burst
), 0 },
1638 { "enforcePasswordPolicy", JSON_VARIANT_BOOLEAN
, json_dispatch_tristate
, offsetof(UserRecord
, enforce_password_policy
), 0 },
1639 { "autoLogin", JSON_VARIANT_BOOLEAN
, json_dispatch_tristate
, offsetof(UserRecord
, auto_login
), 0 },
1640 { "stopDelayUSec", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, stop_delay_usec
), 0 },
1641 { "killProcesses", JSON_VARIANT_BOOLEAN
, json_dispatch_tristate
, offsetof(UserRecord
, kill_processes
), 0 },
1642 { "passwordChangeMinUSec", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, password_change_min_usec
), 0 },
1643 { "passwordChangeMaxUSec", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, password_change_max_usec
), 0 },
1644 { "passwordChangeWarnUSec", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, password_change_warn_usec
), 0 },
1645 { "passwordChangeInactiveUSec", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(UserRecord
, password_change_inactive_usec
), 0 },
1646 { "passwordChangeNow", JSON_VARIANT_BOOLEAN
, json_dispatch_tristate
, offsetof(UserRecord
, password_change_now
), 0 },
1647 { "pkcs11TokenUri", JSON_VARIANT_ARRAY
, dispatch_pkcs11_uri_array
, offsetof(UserRecord
, pkcs11_token_uri
), 0 },
1648 { "fido2HmacCredential", JSON_VARIANT_ARRAY
, dispatch_fido2_hmac_credential_array
, 0, 0 },
1649 { "recoveryKeyType", JSON_VARIANT_ARRAY
, json_dispatch_strv
, offsetof(UserRecord
, recovery_key_type
), 0 },
1651 { "secret", JSON_VARIANT_OBJECT
, dispatch_secret
, 0, 0 },
1652 { "privileged", JSON_VARIANT_OBJECT
, dispatch_privileged
, 0, 0 },
1654 /* Ignore the perMachine, binding, status stuff here, and process it later, so that it overrides whatever is set above */
1655 { "perMachine", JSON_VARIANT_ARRAY
, NULL
, 0, 0 },
1656 { "binding", JSON_VARIANT_OBJECT
, NULL
, 0, 0 },
1657 { "status", JSON_VARIANT_OBJECT
, NULL
, 0, 0 },
1659 /* Ignore 'signature', we check it with explicit accessors instead */
1660 { "signature", JSON_VARIANT_ARRAY
, NULL
, 0, 0 },
1664 JsonDispatchFlags json_flags
= USER_RECORD_LOAD_FLAGS_TO_JSON_DISPATCH_FLAGS(load_flags
);
1670 /* Note that this call will leave a half-initialized record around on failure! */
1672 r
= user_group_record_mangle(v
, load_flags
, &h
->json
, &h
->mask
);
1676 r
= json_dispatch(h
->json
, user_dispatch_table
, NULL
, json_flags
, h
);
1680 /* During the parsing operation above we ignored the 'perMachine', 'binding' and 'status' fields,
1681 * since we want them to override the global options. Let's process them now. */
1683 r
= dispatch_per_machine("perMachine", json_variant_by_key(h
->json
, "perMachine"), json_flags
, h
);
1687 r
= dispatch_binding("binding", json_variant_by_key(h
->json
, "binding"), json_flags
, h
);
1691 r
= dispatch_status("status", json_variant_by_key(h
->json
, "status"), json_flags
, h
);
1695 if (FLAGS_SET(h
->mask
, USER_RECORD_REGULAR
) && !h
->user_name
)
1696 return json_log(h
->json
, json_flags
, SYNTHETIC_ERRNO(EINVAL
), "User name field missing, refusing.");
1698 r
= user_record_augment(h
, json_flags
);
1705 int user_record_build(UserRecord
**ret
, ...) {
1706 _cleanup_(json_variant_unrefp
) JsonVariant
*v
= NULL
;
1707 _cleanup_(user_record_unrefp
) UserRecord
*u
= NULL
;
1714 r
= json_buildv(&v
, ap
);
1720 u
= user_record_new();
1724 r
= user_record_load(u
, v
, USER_RECORD_LOAD_FULL
);
1732 const char *user_record_user_name_and_realm(UserRecord
*h
) {
1735 /* Return the pre-initialized joined string if it is defined */
1736 if (h
->user_name_and_realm_auto
)
1737 return h
->user_name_and_realm_auto
;
1739 /* If it's not defined then we cannot have a realm */
1741 return h
->user_name
;
1744 UserStorage
user_record_storage(UserRecord
*h
) {
1747 if (h
->storage
>= 0)
1750 return USER_CLASSIC
;
1753 const char *user_record_file_system_type(UserRecord
*h
) {
1756 return h
->file_system_type
?: "btrfs";
1759 const char *user_record_skeleton_directory(UserRecord
*h
) {
1762 return h
->skeleton_directory
?: "/etc/skel";
1765 mode_t
user_record_access_mode(UserRecord
*h
) {
1768 return h
->access_mode
!= MODE_INVALID
? h
->access_mode
: 0700;
1771 const char* user_record_home_directory(UserRecord
*h
) {
1774 if (h
->home_directory
)
1775 return h
->home_directory
;
1776 if (h
->home_directory_auto
)
1777 return h
->home_directory_auto
;
1779 /* The root user is special, hence be special about it */
1780 if (streq_ptr(h
->user_name
, "root"))
1786 const char *user_record_image_path(UserRecord
*h
) {
1790 return h
->image_path
;
1791 if (h
->image_path_auto
)
1792 return h
->image_path_auto
;
1794 return IN_SET(user_record_storage(h
), USER_CLASSIC
, USER_DIRECTORY
, USER_SUBVOLUME
, USER_FSCRYPT
) ? user_record_home_directory(h
) : NULL
;
1797 const char *user_record_cifs_user_name(UserRecord
*h
) {
1800 return h
->cifs_user_name
?: h
->user_name
;
1803 unsigned long user_record_mount_flags(UserRecord
*h
) {
1806 return (h
->nosuid
? MS_NOSUID
: 0) |
1807 (h
->noexec
? MS_NOEXEC
: 0) |
1808 (h
->nodev
? MS_NODEV
: 0);
1811 const char *user_record_shell(UserRecord
*h
) {
1817 if (streq_ptr(h
->user_name
, "root"))
1820 if (user_record_disposition(h
) == USER_REGULAR
)
1826 const char *user_record_real_name(UserRecord
*h
) {
1829 return h
->real_name
?: h
->user_name
;
1832 bool user_record_luks_discard(UserRecord
*h
) {
1837 if (h
->luks_discard
>= 0)
1838 return h
->luks_discard
;
1840 ip
= user_record_image_path(h
);
1844 /* Use discard by default if we are referring to a real block device, but not when operating on a
1845 * loopback device. We want to optimize for SSD and flash storage after all, but we should be careful
1846 * when storing stuff on top of regular file systems in loopback files as doing discard then would
1847 * mean thin provisioning and we should not do that willy-nilly since it means we'll risk EIO later
1848 * on should the disk space to back our file systems not be available. */
1850 return path_startswith(ip
, "/dev/");
1853 bool user_record_luks_offline_discard(UserRecord
*h
) {
1858 if (h
->luks_offline_discard
>= 0)
1859 return h
->luks_offline_discard
;
1861 /* Discard while we are logged out should generally be a good idea, except when operating directly on
1862 * physical media, where we should just bind it to the online discard mode. */
1864 ip
= user_record_image_path(h
);
1868 if (path_startswith(ip
, "/dev/"))
1869 return user_record_luks_discard(h
);
1874 const char *user_record_luks_cipher(UserRecord
*h
) {
1877 return h
->luks_cipher
?: "aes";
1880 const char *user_record_luks_cipher_mode(UserRecord
*h
) {
1883 return h
->luks_cipher_mode
?: "xts-plain64";
1886 uint64_t user_record_luks_volume_key_size(UserRecord
*h
) {
1889 /* We return a value here that can be cast without loss into size_t which is what libcrypsetup expects */
1891 if (h
->luks_volume_key_size
== UINT64_MAX
)
1894 return MIN(h
->luks_volume_key_size
, SIZE_MAX
);
1897 const char* user_record_luks_pbkdf_type(UserRecord
*h
) {
1900 return h
->luks_pbkdf_type
?: "argon2id";
1903 uint64_t user_record_luks_pbkdf_time_cost_usec(UserRecord
*h
) {
1906 /* Returns a value with ms granularity, since that's what libcryptsetup expects */
1908 if (h
->luks_pbkdf_time_cost_usec
== UINT64_MAX
)
1909 return 500 * USEC_PER_MSEC
; /* We default to 500ms, in contrast to libcryptsetup's 2s, which is just awfully slow on every login */
1911 return MIN(DIV_ROUND_UP(h
->luks_pbkdf_time_cost_usec
, USEC_PER_MSEC
), UINT32_MAX
) * USEC_PER_MSEC
;
1914 uint64_t user_record_luks_pbkdf_memory_cost(UserRecord
*h
) {
1917 /* Returns a value with kb granularity, since that's what libcryptsetup expects */
1918 if (h
->luks_pbkdf_memory_cost
== UINT64_MAX
)
1919 return streq(user_record_luks_pbkdf_type(h
), "pbkdf2") ? 0 : /* doesn't apply for simple pbkdf2 */
1920 64*1024*1024; /* We default to 64M, since this should work on smaller systems too */
1922 return MIN(DIV_ROUND_UP(h
->luks_pbkdf_memory_cost
, 1024), UINT32_MAX
) * 1024;
1925 uint64_t user_record_luks_pbkdf_parallel_threads(UserRecord
*h
) {
1928 if (h
->luks_pbkdf_parallel_threads
== UINT64_MAX
)
1929 return streq(user_record_luks_pbkdf_type(h
), "pbkdf2") ? 0 : /* doesn't apply for simple pbkdf2 */
1930 1; /* We default to 1, since this should work on smaller systems too */
1932 return MIN(h
->luks_pbkdf_parallel_threads
, UINT32_MAX
);
1935 const char *user_record_luks_pbkdf_hash_algorithm(UserRecord
*h
) {
1938 return h
->luks_pbkdf_hash_algorithm
?: "sha512";
1941 gid_t
user_record_gid(UserRecord
*h
) {
1944 if (gid_is_valid(h
->gid
))
1947 return (gid_t
) h
->uid
;
1950 UserDisposition
user_record_disposition(UserRecord
*h
) {
1953 if (h
->disposition
>= 0)
1954 return h
->disposition
;
1956 /* If not declared, derive from UID */
1958 if (!uid_is_valid(h
->uid
))
1959 return _USER_DISPOSITION_INVALID
;
1961 if (h
->uid
== 0 || h
->uid
== UID_NOBODY
)
1962 return USER_INTRINSIC
;
1964 if (uid_is_system(h
->uid
))
1967 if (uid_is_dynamic(h
->uid
))
1968 return USER_DYNAMIC
;
1970 if (uid_is_container(h
->uid
))
1971 return USER_CONTAINER
;
1973 if (h
->uid
> INT32_MAX
)
1974 return USER_RESERVED
;
1976 return USER_REGULAR
;
1979 int user_record_removable(UserRecord
*h
) {
1980 UserStorage storage
;
1983 if (h
->removable
>= 0)
1984 return h
->removable
;
1986 /* Refuse to decide for classic records */
1987 storage
= user_record_storage(h
);
1988 if (h
->storage
< 0 || h
->storage
== USER_CLASSIC
)
1991 /* For now consider only LUKS home directories with a reference by path as removable */
1992 return storage
== USER_LUKS
&& path_startswith(user_record_image_path(h
), "/dev/");
1995 uint64_t user_record_ratelimit_interval_usec(UserRecord
*h
) {
1998 if (h
->ratelimit_interval_usec
== UINT64_MAX
)
1999 return DEFAULT_RATELIMIT_INTERVAL_USEC
;
2001 return h
->ratelimit_interval_usec
;
2004 uint64_t user_record_ratelimit_burst(UserRecord
*h
) {
2007 if (h
->ratelimit_burst
== UINT64_MAX
)
2008 return DEFAULT_RATELIMIT_BURST
;
2010 return h
->ratelimit_burst
;
2013 bool user_record_can_authenticate(UserRecord
*h
) {
2016 /* Returns true if there's some form of property configured that the user can authenticate against */
2018 if (h
->n_pkcs11_encrypted_key
> 0)
2021 if (h
->n_fido2_hmac_salt
> 0)
2024 return !strv_isempty(h
->hashed_password
);
2027 bool user_record_drop_caches(UserRecord
*h
) {
2030 if (h
->drop_caches
>= 0)
2031 return h
->drop_caches
;
2033 /* By default drop caches on fscrypt, not otherwise. */
2034 return user_record_storage(h
) == USER_FSCRYPT
;
2037 uint64_t user_record_ratelimit_next_try(UserRecord
*h
) {
2040 /* Calculates when the it's possible to login next. Returns:
2042 * UINT64_MAX → Nothing known
2044 * Any other → Next time in CLOCK_REALTIME in usec (which could be in the past)
2047 if (h
->ratelimit_begin_usec
== UINT64_MAX
||
2048 h
->ratelimit_count
== UINT64_MAX
)
2051 if (h
->ratelimit_begin_usec
> now(CLOCK_REALTIME
)) /* If the ratelimit time is in the future, then
2052 * the local clock is probably incorrect. Let's
2053 * not refuse login then. */
2056 if (h
->ratelimit_count
< user_record_ratelimit_burst(h
))
2059 return usec_add(h
->ratelimit_begin_usec
, user_record_ratelimit_interval_usec(h
));
2062 bool user_record_equal(UserRecord
*a
, UserRecord
*b
) {
2066 /* We assume that when a record is modified its JSON data is updated at the same time, hence it's
2067 * sufficient to compare the JSON data. */
2069 return json_variant_equal(a
->json
, b
->json
);
2072 bool user_record_compatible(UserRecord
*a
, UserRecord
*b
) {
2076 /* If either lacks the regular section, we can't really decide, let's hence say they are
2078 if (!(a
->mask
& b
->mask
& USER_RECORD_REGULAR
))
2081 return streq_ptr(a
->user_name
, b
->user_name
) &&
2082 streq_ptr(a
->realm
, b
->realm
);
2085 int user_record_compare_last_change(UserRecord
*a
, UserRecord
*b
) {
2089 if (a
->last_change_usec
== b
->last_change_usec
)
2092 /* Always consider a record with a timestamp newer than one without */
2093 if (a
->last_change_usec
== UINT64_MAX
)
2095 if (b
->last_change_usec
== UINT64_MAX
)
2098 return CMP(a
->last_change_usec
, b
->last_change_usec
);
2101 int user_record_clone(UserRecord
*h
, UserRecordLoadFlags flags
, UserRecord
**ret
) {
2102 _cleanup_(user_record_unrefp
) UserRecord
*c
= NULL
;
2108 c
= user_record_new();
2112 r
= user_record_load(c
, h
->json
, flags
);
2120 int user_record_masked_equal(UserRecord
*a
, UserRecord
*b
, UserRecordMask mask
) {
2121 _cleanup_(user_record_unrefp
) UserRecord
*x
= NULL
, *y
= NULL
;
2127 /* Compares the two records, but ignores anything not listed in the specified mask */
2129 if ((a
->mask
& ~mask
) != 0) {
2130 r
= user_record_clone(a
, USER_RECORD_ALLOW(mask
) | USER_RECORD_STRIP(~mask
& _USER_RECORD_MASK_MAX
) | USER_RECORD_PERMISSIVE
, &x
);
2137 if ((b
->mask
& ~mask
) != 0) {
2138 r
= user_record_clone(b
, USER_RECORD_ALLOW(mask
) | USER_RECORD_STRIP(~mask
& _USER_RECORD_MASK_MAX
) | USER_RECORD_PERMISSIVE
, &y
);
2145 return user_record_equal(a
, b
);
2148 int user_record_test_blocked(UserRecord
*h
) {
2151 /* Checks whether access to the specified user shall be allowed at the moment. Returns:
2153 * -ESTALE: Record is from the future
2154 * -ENOLCK: Record is blocked
2155 * -EL2HLT: Record is not valid yet
2156 * -EL3HLT: Record is not valid anymore
2165 n
= now(CLOCK_REALTIME
);
2167 if (h
->not_before_usec
!= UINT64_MAX
&& n
< h
->not_before_usec
)
2169 if (h
->not_after_usec
!= UINT64_MAX
&& n
> h
->not_after_usec
)
2172 if (h
->last_change_usec
!= UINT64_MAX
&&
2173 h
->last_change_usec
> n
) /* Complain during log-ins when the record is from the future */
2179 int user_record_test_password_change_required(UserRecord
*h
) {
2180 bool change_permitted
;
2185 /* Checks whether the user must change the password when logging in
2187 -EKEYREVOKED: Change password now because admin said so
2188 -EOWNERDEAD: Change password now because it expired
2189 -EKEYREJECTED: Password is expired, no changing is allowed
2190 -EKEYEXPIRED: Password is about to expire, warn user
2191 -ENETDOWN: Record has expiration info but no password change timestamp
2192 -EROFS: No password change required nor permitted
2193 -ESTALE: RTC likely incorrect, last password change is in the future
2194 0: No password change required, but permitted
2197 /* If a password change request has been set explicitly, it overrides everything */
2198 if (h
->password_change_now
> 0)
2199 return -EKEYREVOKED
;
2201 n
= now(CLOCK_REALTIME
);
2203 /* Password change in the future? Then our RTC is likely incorrect */
2204 if (h
->last_password_change_usec
!= UINT64_MAX
&&
2205 h
->last_password_change_usec
> n
&&
2206 (h
->password_change_min_usec
!= UINT64_MAX
||
2207 h
->password_change_max_usec
!= UINT64_MAX
||
2208 h
->password_change_inactive_usec
!= UINT64_MAX
))
2211 /* Then, let's check if password changing is currently allowed at all */
2212 if (h
->password_change_min_usec
!= UINT64_MAX
) {
2214 /* Expiry configured but no password change timestamp known? */
2215 if (h
->last_password_change_usec
== UINT64_MAX
)
2218 if (h
->password_change_min_usec
>= UINT64_MAX
- h
->last_password_change_usec
)
2219 change_permitted
= false;
2221 change_permitted
= n
>= h
->last_password_change_usec
+ h
->password_change_min_usec
;
2224 change_permitted
= true;
2226 /* Let's check whether the password has expired. */
2227 if (!(h
->password_change_max_usec
== UINT64_MAX
||
2228 h
->password_change_max_usec
>= UINT64_MAX
- h
->last_password_change_usec
)) {
2230 uint64_t change_before
;
2232 /* Expiry configured but no password change timestamp known? */
2233 if (h
->last_password_change_usec
== UINT64_MAX
)
2236 /* Password is in inactive phase? */
2237 if (h
->password_change_inactive_usec
!= UINT64_MAX
&&
2238 h
->password_change_inactive_usec
< UINT64_MAX
- h
->password_change_max_usec
) {
2241 added
= h
->password_change_inactive_usec
+ h
->password_change_max_usec
;
2242 if (added
< UINT64_MAX
- h
->last_password_change_usec
&&
2243 n
>= h
->last_password_change_usec
+ added
)
2244 return -EKEYREJECTED
;
2247 /* Password needs to be changed now? */
2248 change_before
= h
->last_password_change_usec
+ h
->password_change_max_usec
;
2249 if (n
>= change_before
)
2250 return change_permitted
? -EOWNERDEAD
: -EKEYREJECTED
;
2253 if (h
->password_change_warn_usec
!= UINT64_MAX
&&
2254 (change_before
< h
->password_change_warn_usec
||
2255 n
>= change_before
- h
->password_change_warn_usec
))
2256 return change_permitted
? -EKEYEXPIRED
: -EROFS
;
2259 /* No password changing necessary */
2260 return change_permitted
? 0 : -EROFS
;
2263 static const char* const user_storage_table
[_USER_STORAGE_MAX
] = {
2264 [USER_CLASSIC
] = "classic",
2265 [USER_LUKS
] = "luks",
2266 [USER_DIRECTORY
] = "directory",
2267 [USER_SUBVOLUME
] = "subvolume",
2268 [USER_FSCRYPT
] = "fscrypt",
2269 [USER_CIFS
] = "cifs",
2272 DEFINE_STRING_TABLE_LOOKUP(user_storage
, UserStorage
);
2274 static const char* const user_disposition_table
[_USER_DISPOSITION_MAX
] = {
2275 [USER_INTRINSIC
] = "intrinsic",
2276 [USER_SYSTEM
] = "system",
2277 [USER_DYNAMIC
] = "dynamic",
2278 [USER_REGULAR
] = "regular",
2279 [USER_CONTAINER
] = "container",
2280 [USER_RESERVED
] = "reserved",
2283 DEFINE_STRING_TABLE_LOOKUP(user_disposition
, UserDisposition
);