]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/shared/user-record.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
homed: allow overriding the root directory for home dirs via env var (i.e. use a...
[thirdparty/systemd.git] / src / shared / user-record.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <sys/mount.h>
4
5 #include "cgroup-util.h"
6 #include "chase-symlinks.h"
7 #include "dns-domain.h"
8 #include "env-util.h"
9 #include "fd-util.h"
10 #include "fileio.h"
11 #include "fs-util.h"
12 #include "hexdecoct.h"
13 #include "hostname-util.h"
14 #include "memory-util.h"
15 #include "path-util.h"
16 #include "pkcs11-util.h"
17 #include "rlimit-util.h"
18 #include "stat-util.h"
19 #include "string-table.h"
20 #include "strv.h"
21 #include "user-record.h"
22 #include "user-util.h"
23
24 #define DEFAULT_RATELIMIT_BURST 30
25 #define DEFAULT_RATELIMIT_INTERVAL_USEC (1*USEC_PER_MINUTE)
26
27 #if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES
28 static int parse_alloc_uid(const char *path, const char *name, const char *t, uid_t *ret_uid) {
29 uid_t uid;
30 int r;
31
32 r = parse_uid(t, &uid);
33 if (r < 0)
34 return log_debug_errno(r, "%s: failed to parse %s %s, ignoring: %m", path, name, t);
35 if (uid == 0)
36 uid = 1;
37
38 *ret_uid = uid;
39 return 0;
40 }
41 #endif
42
43 int read_login_defs(UGIDAllocationRange *ret_defs, const char *path, const char *root) {
44 UGIDAllocationRange defs = {
45 .system_alloc_uid_min = SYSTEM_ALLOC_UID_MIN,
46 .system_uid_max = SYSTEM_UID_MAX,
47 .system_alloc_gid_min = SYSTEM_ALLOC_GID_MIN,
48 .system_gid_max = SYSTEM_GID_MAX,
49 };
50
51 #if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES
52 _cleanup_fclose_ FILE *f = NULL;
53 int r;
54
55 if (!path)
56 path = "/etc/login.defs";
57
58 r = chase_symlinks_and_fopen_unlocked(path, root, CHASE_PREFIX_ROOT, "re", NULL, &f);
59 if (r == -ENOENT)
60 goto assign;
61 if (r < 0)
62 return log_debug_errno(r, "Failed to open %s: %m", path);
63
64 for (;;) {
65 _cleanup_free_ char *line = NULL;
66 char *t;
67
68 r = read_line(f, LINE_MAX, &line);
69 if (r < 0)
70 return log_debug_errno(r, "Failed to read %s: %m", path);
71 if (r == 0)
72 break;
73
74 if ((t = first_word(line, "SYS_UID_MIN")))
75 (void) parse_alloc_uid(path, "SYS_UID_MIN", t, &defs.system_alloc_uid_min);
76 else if ((t = first_word(line, "SYS_UID_MAX")))
77 (void) parse_alloc_uid(path, "SYS_UID_MAX", t, &defs.system_uid_max);
78 else if ((t = first_word(line, "SYS_GID_MIN")))
79 (void) parse_alloc_uid(path, "SYS_GID_MIN", t, &defs.system_alloc_gid_min);
80 else if ((t = first_word(line, "SYS_GID_MAX")))
81 (void) parse_alloc_uid(path, "SYS_GID_MAX", t, &defs.system_gid_max);
82 }
83
84 assign:
85 if (defs.system_alloc_uid_min > defs.system_uid_max) {
86 log_debug("%s: SYS_UID_MIN > SYS_UID_MAX, resetting.", path);
87 defs.system_alloc_uid_min = MIN(defs.system_uid_max - 1, (uid_t) SYSTEM_ALLOC_UID_MIN);
88 /* Look at sys_uid_max to make sure sys_uid_min..sys_uid_max remains a valid range. */
89 }
90 if (defs.system_alloc_gid_min > defs.system_gid_max) {
91 log_debug("%s: SYS_GID_MIN > SYS_GID_MAX, resetting.", path);
92 defs.system_alloc_gid_min = MIN(defs.system_gid_max - 1, (gid_t) SYSTEM_ALLOC_GID_MIN);
93 /* Look at sys_gid_max to make sure sys_gid_min..sys_gid_max remains a valid range. */
94 }
95 #endif
96
97 *ret_defs = defs;
98 return 0;
99 }
100
101 const UGIDAllocationRange *acquire_ugid_allocation_range(void) {
102 #if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES
103 static thread_local UGIDAllocationRange defs = {
104 #else
105 static const UGIDAllocationRange defs = {
106 #endif
107 .system_alloc_uid_min = SYSTEM_ALLOC_UID_MIN,
108 .system_uid_max = SYSTEM_UID_MAX,
109 .system_alloc_gid_min = SYSTEM_ALLOC_GID_MIN,
110 .system_gid_max = SYSTEM_GID_MAX,
111 };
112
113 #if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES
114 /* This function will ignore failure to read the file, so it should only be called from places where
115 * we don't crucially depend on the answer. In other words, it's appropriate for journald, but
116 * probably not for sysusers. */
117
118 static thread_local bool initialized = false;
119
120 if (!initialized) {
121 (void) read_login_defs(&defs, NULL, NULL);
122 initialized = true;
123 }
124 #endif
125
126 return &defs;
127 }
128
129 bool uid_is_system(uid_t uid) {
130 const UGIDAllocationRange *defs;
131 assert_se(defs = acquire_ugid_allocation_range());
132
133 return uid <= defs->system_uid_max;
134 }
135
136 bool gid_is_system(gid_t gid) {
137 const UGIDAllocationRange *defs;
138 assert_se(defs = acquire_ugid_allocation_range());
139
140 return gid <= defs->system_gid_max;
141 }
142
143 UserRecord* user_record_new(void) {
144 UserRecord *h;
145
146 h = new(UserRecord, 1);
147 if (!h)
148 return NULL;
149
150 *h = (UserRecord) {
151 .n_ref = 1,
152 .disposition = _USER_DISPOSITION_INVALID,
153 .last_change_usec = UINT64_MAX,
154 .last_password_change_usec = UINT64_MAX,
155 .umask = MODE_INVALID,
156 .nice_level = INT_MAX,
157 .not_before_usec = UINT64_MAX,
158 .not_after_usec = UINT64_MAX,
159 .locked = -1,
160 .storage = _USER_STORAGE_INVALID,
161 .access_mode = MODE_INVALID,
162 .disk_size = UINT64_MAX,
163 .disk_size_relative = UINT64_MAX,
164 .tasks_max = UINT64_MAX,
165 .memory_high = UINT64_MAX,
166 .memory_max = UINT64_MAX,
167 .cpu_weight = UINT64_MAX,
168 .io_weight = UINT64_MAX,
169 .uid = UID_INVALID,
170 .gid = GID_INVALID,
171 .nodev = true,
172 .nosuid = true,
173 .luks_discard = -1,
174 .luks_offline_discard = -1,
175 .luks_volume_key_size = UINT64_MAX,
176 .luks_pbkdf_time_cost_usec = UINT64_MAX,
177 .luks_pbkdf_memory_cost = UINT64_MAX,
178 .luks_pbkdf_parallel_threads = UINT64_MAX,
179 .disk_usage = UINT64_MAX,
180 .disk_free = UINT64_MAX,
181 .disk_ceiling = UINT64_MAX,
182 .disk_floor = UINT64_MAX,
183 .signed_locally = -1,
184 .good_authentication_counter = UINT64_MAX,
185 .bad_authentication_counter = UINT64_MAX,
186 .last_good_authentication_usec = UINT64_MAX,
187 .last_bad_authentication_usec = UINT64_MAX,
188 .ratelimit_begin_usec = UINT64_MAX,
189 .ratelimit_count = UINT64_MAX,
190 .ratelimit_interval_usec = UINT64_MAX,
191 .ratelimit_burst = UINT64_MAX,
192 .removable = -1,
193 .enforce_password_policy = -1,
194 .auto_login = -1,
195 .stop_delay_usec = UINT64_MAX,
196 .kill_processes = -1,
197 .password_change_min_usec = UINT64_MAX,
198 .password_change_max_usec = UINT64_MAX,
199 .password_change_warn_usec = UINT64_MAX,
200 .password_change_inactive_usec = UINT64_MAX,
201 .password_change_now = -1,
202 .pkcs11_protected_authentication_path_permitted = -1,
203 .fido2_user_presence_permitted = -1,
204 .fido2_user_verification_permitted = -1,
205 .drop_caches = -1,
206 };
207
208 return h;
209 }
210
211 static void pkcs11_encrypted_key_done(Pkcs11EncryptedKey *k) {
212 if (!k)
213 return;
214
215 free(k->uri);
216 erase_and_free(k->data);
217 erase_and_free(k->hashed_password);
218 }
219
220 static void fido2_hmac_credential_done(Fido2HmacCredential *c) {
221 if (!c)
222 return;
223
224 free(c->id);
225 }
226
227 static void fido2_hmac_salt_done(Fido2HmacSalt *s) {
228 if (!s)
229 return;
230
231 fido2_hmac_credential_done(&s->credential);
232 erase_and_free(s->salt);
233 erase_and_free(s->hashed_password);
234 }
235
236 static void recovery_key_done(RecoveryKey *k) {
237 if (!k)
238 return;
239
240 free(k->type);
241 erase_and_free(k->hashed_password);
242 }
243
244 static UserRecord* user_record_free(UserRecord *h) {
245 if (!h)
246 return NULL;
247
248 free(h->user_name);
249 free(h->realm);
250 free(h->user_name_and_realm_auto);
251 free(h->real_name);
252 free(h->email_address);
253 erase_and_free(h->password_hint);
254 free(h->location);
255 free(h->icon_name);
256
257 free(h->shell);
258
259 strv_free(h->environment);
260 free(h->time_zone);
261 free(h->preferred_language);
262 rlimit_free_all(h->rlimits);
263
264 free(h->skeleton_directory);
265
266 strv_free_erase(h->hashed_password);
267 strv_free_erase(h->ssh_authorized_keys);
268 strv_free_erase(h->password);
269 strv_free_erase(h->token_pin);
270
271 free(h->cifs_service);
272 free(h->cifs_user_name);
273 free(h->cifs_domain);
274
275 free(h->image_path);
276 free(h->image_path_auto);
277 free(h->home_directory);
278 free(h->home_directory_auto);
279
280 strv_free(h->member_of);
281
282 free(h->file_system_type);
283 free(h->luks_cipher);
284 free(h->luks_cipher_mode);
285 free(h->luks_pbkdf_hash_algorithm);
286 free(h->luks_pbkdf_type);
287
288 free(h->state);
289 free(h->service);
290
291 strv_free(h->pkcs11_token_uri);
292 for (size_t i = 0; i < h->n_pkcs11_encrypted_key; i++)
293 pkcs11_encrypted_key_done(h->pkcs11_encrypted_key + i);
294 free(h->pkcs11_encrypted_key);
295
296 for (size_t i = 0; i < h->n_fido2_hmac_credential; i++)
297 fido2_hmac_credential_done(h->fido2_hmac_credential + i);
298 for (size_t i = 0; i < h->n_fido2_hmac_salt; i++)
299 fido2_hmac_salt_done(h->fido2_hmac_salt + i);
300
301 strv_free(h->recovery_key_type);
302 for (size_t i = 0; i < h->n_recovery_key; i++)
303 recovery_key_done(h->recovery_key + i);
304
305 json_variant_unref(h->json);
306
307 return mfree(h);
308 }
309
310 DEFINE_TRIVIAL_REF_UNREF_FUNC(UserRecord, user_record, user_record_free);
311
312 int json_dispatch_realm(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
313 char **s = userdata;
314 const char *n;
315 int r;
316
317 if (json_variant_is_null(variant)) {
318 *s = mfree(*s);
319 return 0;
320 }
321
322 if (!json_variant_is_string(variant))
323 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
324
325 n = json_variant_string(variant);
326 r = dns_name_is_valid(n);
327 if (r < 0)
328 return json_log(variant, flags, r, "Failed to check if JSON field '%s' is a valid DNS domain.", strna(name));
329 if (r == 0)
330 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid DNS domain.", strna(name));
331
332 r = free_and_strdup(s, n);
333 if (r < 0)
334 return json_log(variant, flags, r, "Failed to allocate string: %m");
335
336 return 0;
337 }
338
339 int json_dispatch_gecos(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
340 char **s = userdata;
341 const char *n;
342
343 if (json_variant_is_null(variant)) {
344 *s = mfree(*s);
345 return 0;
346 }
347
348 if (!json_variant_is_string(variant))
349 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
350
351 n = json_variant_string(variant);
352 if (valid_gecos(n)) {
353 if (free_and_strdup(s, n) < 0)
354 return json_log_oom(variant, flags);
355 } else {
356 _cleanup_free_ char *m = NULL;
357
358 json_log(variant, flags|JSON_DEBUG, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid GECOS compatible string, mangling.", strna(name));
359
360 m = mangle_gecos(n);
361 if (!m)
362 return json_log_oom(variant, flags);
363
364 free_and_replace(*s, m);
365 }
366
367 return 0;
368 }
369
370 static int json_dispatch_nice(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
371 int *nl = userdata;
372 intmax_t m;
373
374 if (json_variant_is_null(variant)) {
375 *nl = INT_MAX;
376 return 0;
377 }
378
379 if (!json_variant_is_integer(variant))
380 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
381
382 m = json_variant_integer(variant);
383 if (m < PRIO_MIN || m >= PRIO_MAX)
384 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not a valid nice level.", strna(name));
385
386 *nl = m;
387 return 0;
388 }
389
390 static int json_dispatch_rlimit_value(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
391 rlim_t *ret = userdata;
392
393 if (json_variant_is_null(variant))
394 *ret = RLIM_INFINITY;
395 else if (json_variant_is_unsigned(variant)) {
396 uintmax_t w;
397
398 w = json_variant_unsigned(variant);
399 if (w == RLIM_INFINITY || (uintmax_t) w != json_variant_unsigned(variant))
400 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "Resource limit value '%s' is out of range.", name);
401
402 *ret = (rlim_t) w;
403 } else
404 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit value '%s' is not an unsigned integer.", name);
405
406 return 0;
407 }
408
409 static int json_dispatch_rlimits(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
410 struct rlimit** limits = userdata;
411 JsonVariant *value;
412 const char *key;
413 int r;
414
415 assert_se(limits);
416
417 if (json_variant_is_null(variant)) {
418 rlimit_free_all(limits);
419 return 0;
420 }
421
422 if (!json_variant_is_object(variant))
423 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an object.", strna(name));
424
425 JSON_VARIANT_OBJECT_FOREACH(key, value, variant) {
426 JsonVariant *jcur, *jmax;
427 struct rlimit rl;
428 const char *p;
429 int l;
430
431 p = startswith(key, "RLIMIT_");
432 if (!p)
433 l = -SYNTHETIC_ERRNO(EINVAL);
434 else
435 l = rlimit_from_string(p);
436 if (l < 0)
437 return json_log(variant, flags, l, "Resource limit '%s' not known.", key);
438
439 if (!json_variant_is_object(value))
440 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' has invalid value.", key);
441
442 if (json_variant_elements(value) != 4)
443 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' value is does not have two fields as expected.", key);
444
445 jcur = json_variant_by_key(value, "cur");
446 if (!jcur)
447 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' lacks 'cur' field.", key);
448 r = json_dispatch_rlimit_value("cur", jcur, flags, &rl.rlim_cur);
449 if (r < 0)
450 return r;
451
452 jmax = json_variant_by_key(value, "max");
453 if (!jmax)
454 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' lacks 'max' field.", key);
455 r = json_dispatch_rlimit_value("max", jmax, flags, &rl.rlim_max);
456 if (r < 0)
457 return r;
458
459 if (limits[l])
460 *(limits[l]) = rl;
461 else {
462 limits[l] = newdup(struct rlimit, &rl, 1);
463 if (!limits[l])
464 return log_oom();
465 }
466 }
467
468 return 0;
469 }
470
471 static int json_dispatch_filename_or_path(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
472 char **s = userdata;
473 const char *n;
474 int r;
475
476 assert(s);
477
478 if (json_variant_is_null(variant)) {
479 *s = mfree(*s);
480 return 0;
481 }
482
483 if (!json_variant_is_string(variant))
484 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
485
486 n = json_variant_string(variant);
487 if (!filename_is_valid(n) && !path_is_normalized(n))
488 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid file name or normalized path.", strna(name));
489
490 r = free_and_strdup(s, n);
491 if (r < 0)
492 return json_log(variant, flags, r, "Failed to allocate string: %m");
493
494 return 0;
495 }
496
497 static int json_dispatch_path(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
498 char **s = userdata;
499 const char *n;
500 int r;
501
502 if (json_variant_is_null(variant)) {
503 *s = mfree(*s);
504 return 0;
505 }
506
507 if (!json_variant_is_string(variant))
508 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
509
510 n = json_variant_string(variant);
511 if (!path_is_normalized(n))
512 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a normalized file system path.", strna(name));
513 if (!path_is_absolute(n))
514 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an absolute file system path.", strna(name));
515
516 r = free_and_strdup(s, n);
517 if (r < 0)
518 return json_log(variant, flags, r, "Failed to allocate string: %m");
519
520 return 0;
521 }
522
523 static int json_dispatch_home_directory(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
524 char **s = userdata;
525 const char *n;
526 int r;
527
528 if (json_variant_is_null(variant)) {
529 *s = mfree(*s);
530 return 0;
531 }
532
533 if (!json_variant_is_string(variant))
534 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
535
536 n = json_variant_string(variant);
537 if (!valid_home(n))
538 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid home directory path.", strna(name));
539
540 r = free_and_strdup(s, n);
541 if (r < 0)
542 return json_log(variant, flags, r, "Failed to allocate string: %m");
543
544 return 0;
545 }
546
547 static int json_dispatch_image_path(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
548 char **s = userdata;
549 const char *n;
550 int r;
551
552 if (json_variant_is_null(variant)) {
553 *s = mfree(*s);
554 return 0;
555 }
556
557 if (!json_variant_is_string(variant))
558 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
559
560 n = json_variant_string(variant);
561 if (empty_or_root(n) || !path_is_valid(n) || !path_is_absolute(n))
562 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid image path.", strna(name));
563
564 r = free_and_strdup(s, n);
565 if (r < 0)
566 return json_log(variant, flags, r, "Failed to allocate string: %m");
567
568 return 0;
569 }
570
571 static int json_dispatch_umask(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
572 mode_t *m = userdata;
573 uintmax_t k;
574
575 if (json_variant_is_null(variant)) {
576 *m = MODE_INVALID;
577 return 0;
578 }
579
580 if (!json_variant_is_unsigned(variant))
581 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a number.", strna(name));
582
583 k = json_variant_unsigned(variant);
584 if (k > 0777)
585 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' outside of valid range 0…0777.", strna(name));
586
587 *m = (mode_t) k;
588 return 0;
589 }
590
591 static int json_dispatch_access_mode(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
592 mode_t *m = userdata;
593 uintmax_t k;
594
595 if (json_variant_is_null(variant)) {
596 *m = MODE_INVALID;
597 return 0;
598 }
599
600 if (!json_variant_is_unsigned(variant))
601 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a number.", strna(name));
602
603 k = json_variant_unsigned(variant);
604 if (k > 07777)
605 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' outside of valid range 0…07777.", strna(name));
606
607 *m = (mode_t) k;
608 return 0;
609 }
610
611 static int json_dispatch_environment(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
612 _cleanup_strv_free_ char **n = NULL;
613 char ***l = userdata;
614 int r;
615
616 if (json_variant_is_null(variant)) {
617 *l = strv_free(*l);
618 return 0;
619 }
620
621 if (!json_variant_is_array(variant))
622 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array.", strna(name));
623
624 for (size_t i = 0; i < json_variant_elements(variant); i++) {
625 JsonVariant *e;
626 const char *a;
627
628 e = json_variant_by_index(variant, i);
629 if (!json_variant_is_string(e))
630 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of strings.", strna(name));
631
632 assert_se(a = json_variant_string(e));
633
634 if (!env_assignment_is_valid(a))
635 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of environment variables.", strna(name));
636
637 r = strv_env_replace_strdup(&n, a);
638 if (r < 0)
639 return json_log_oom(variant, flags);
640 }
641
642 return strv_free_and_replace(*l, n);
643 }
644
645 int json_dispatch_user_disposition(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
646 UserDisposition *disposition = userdata, k;
647
648 if (json_variant_is_null(variant)) {
649 *disposition = _USER_DISPOSITION_INVALID;
650 return 0;
651 }
652
653 if (!json_variant_is_string(variant))
654 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
655
656 k = user_disposition_from_string(json_variant_string(variant));
657 if (k < 0)
658 return json_log(variant, flags, k, "Disposition type '%s' not known.", json_variant_string(variant));
659
660 *disposition = k;
661 return 0;
662 }
663
664 static int json_dispatch_storage(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
665 UserStorage *storage = userdata, k;
666
667 if (json_variant_is_null(variant)) {
668 *storage = _USER_STORAGE_INVALID;
669 return 0;
670 }
671
672 if (!json_variant_is_string(variant))
673 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
674
675 k = user_storage_from_string(json_variant_string(variant));
676 if (k < 0)
677 return json_log(variant, flags, k, "Storage type '%s' not known.", json_variant_string(variant));
678
679 *storage = k;
680 return 0;
681 }
682
683 static int json_dispatch_disk_size(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
684 uint64_t *size = userdata;
685 uintmax_t k;
686
687 if (json_variant_is_null(variant)) {
688 *size = UINT64_MAX;
689 return 0;
690 }
691
692 if (!json_variant_is_unsigned(variant))
693 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an integer.", strna(name));
694
695 k = json_variant_unsigned(variant);
696 if (k < USER_DISK_SIZE_MIN || k > USER_DISK_SIZE_MAX)
697 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not in valid range %" PRIu64 "…%" PRIu64 ".", strna(name), USER_DISK_SIZE_MIN, USER_DISK_SIZE_MAX);
698
699 *size = k;
700 return 0;
701 }
702
703 static int json_dispatch_tasks_or_memory_max(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
704 uint64_t *limit = userdata;
705 uintmax_t k;
706
707 if (json_variant_is_null(variant)) {
708 *limit = UINT64_MAX;
709 return 0;
710 }
711
712 if (!json_variant_is_unsigned(variant))
713 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an integer.", strna(name));
714
715 k = json_variant_unsigned(variant);
716 if (k <= 0 || k >= UINT64_MAX)
717 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not in valid range %" PRIu64 "…%" PRIu64 ".", strna(name), (uint64_t) 1, UINT64_MAX-1);
718
719 *limit = k;
720 return 0;
721 }
722
723 static int json_dispatch_weight(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
724 uint64_t *weight = userdata;
725 uintmax_t k;
726
727 if (json_variant_is_null(variant)) {
728 *weight = UINT64_MAX;
729 return 0;
730 }
731
732 if (!json_variant_is_unsigned(variant))
733 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an integer.", strna(name));
734
735 k = json_variant_unsigned(variant);
736 if (k <= CGROUP_WEIGHT_MIN || k >= CGROUP_WEIGHT_MAX)
737 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not in valid range %" PRIu64 "…%" PRIu64 ".", strna(name), (uint64_t) CGROUP_WEIGHT_MIN, (uint64_t) CGROUP_WEIGHT_MAX);
738
739 *weight = k;
740 return 0;
741 }
742
743 int json_dispatch_user_group_list(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
744 _cleanup_strv_free_ char **l = NULL;
745 char ***list = userdata;
746 JsonVariant *e;
747 int r;
748
749 if (!json_variant_is_array(variant))
750 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of strings.", strna(name));
751
752 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
753
754 if (!json_variant_is_string(e))
755 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string.");
756
757 if (!valid_user_group_name(json_variant_string(e), FLAGS_SET(flags, JSON_RELAX) ? VALID_USER_RELAX : 0))
758 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a valid user/group name: %s", json_variant_string(e));
759
760 r = strv_extend(&l, json_variant_string(e));
761 if (r < 0)
762 return json_log(e, flags, r, "Failed to append array element: %m");
763 }
764
765 r = strv_extend_strv(list, l, true);
766 if (r < 0)
767 return json_log(variant, flags, r, "Failed to merge user/group arrays: %m");
768
769 return 0;
770 }
771
772 static int dispatch_secret(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
773
774 static const JsonDispatch secret_dispatch_table[] = {
775 { "password", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, password), 0 },
776 { "tokenPin", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, token_pin), 0 },
777 { "pkcs11Pin", /* legacy alias */ _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, token_pin), 0 },
778 { "pkcs11ProtectedAuthenticationPathPermitted", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, pkcs11_protected_authentication_path_permitted), 0 },
779 { "fido2UserPresencePermitted", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, fido2_user_presence_permitted), 0 },
780 { "fido2UserVerificationPermitted", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, fido2_user_verification_permitted), 0 },
781 {},
782 };
783
784 return json_dispatch(variant, secret_dispatch_table, NULL, flags, userdata);
785 }
786
787 static int dispatch_pkcs11_uri(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
788 char **s = userdata;
789 const char *n;
790 int r;
791
792 if (json_variant_is_null(variant)) {
793 *s = mfree(*s);
794 return 0;
795 }
796
797 if (!json_variant_is_string(variant))
798 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
799
800 n = json_variant_string(variant);
801 if (!pkcs11_uri_valid(n))
802 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid RFC7512 PKCS#11 URI.", strna(name));
803
804 r = free_and_strdup(s, n);
805 if (r < 0)
806 return json_log(variant, flags, r, "Failed to allocate string: %m");
807
808 return 0;
809 }
810
811 static int dispatch_pkcs11_uri_array(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
812 _cleanup_strv_free_ char **z = NULL;
813 char ***l = userdata;
814 JsonVariant *e;
815 int r;
816
817 if (json_variant_is_null(variant)) {
818 *l = strv_free(*l);
819 return 0;
820 }
821
822 if (json_variant_is_string(variant)) {
823 const char *n;
824
825 n = json_variant_string(variant);
826 if (!pkcs11_uri_valid(n))
827 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid RFC7512 PKCS#11 URI.", strna(name));
828
829 z = strv_new(n);
830 if (!z)
831 return log_oom();
832
833 } else {
834
835 if (!json_variant_is_array(variant))
836 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string or array of strings.", strna(name));
837
838 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
839 const char *n;
840
841 if (!json_variant_is_string(e))
842 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string.");
843
844 n = json_variant_string(e);
845 if (!pkcs11_uri_valid(n))
846 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element in '%s' is not a valid RFC7512 PKCS#11 URI: %s", strna(name), n);
847
848 r = strv_extend(&z, n);
849 if (r < 0)
850 return log_oom();
851 }
852 }
853
854 strv_free_and_replace(*l, z);
855 return 0;
856 }
857
858 static int dispatch_pkcs11_key_data(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
859 Pkcs11EncryptedKey *k = userdata;
860 size_t l;
861 void *b;
862 int r;
863
864 if (json_variant_is_null(variant)) {
865 k->data = erase_and_free(k->data);
866 k->size = 0;
867 return 0;
868 }
869
870 if (!json_variant_is_string(variant))
871 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
872
873 r = unbase64mem(json_variant_string(variant), SIZE_MAX, &b, &l);
874 if (r < 0)
875 return json_log(variant, flags, r, "Failed to decode encrypted PKCS#11 key: %m");
876
877 erase_and_free(k->data);
878 k->data = b;
879 k->size = l;
880
881 return 0;
882 }
883
884 static int dispatch_pkcs11_key(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
885 UserRecord *h = userdata;
886 JsonVariant *e;
887 int r;
888
889 if (!json_variant_is_array(variant))
890 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
891
892 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
893 Pkcs11EncryptedKey *array, *k;
894
895 static const JsonDispatch pkcs11_key_dispatch_table[] = {
896 { "uri", JSON_VARIANT_STRING, dispatch_pkcs11_uri, offsetof(Pkcs11EncryptedKey, uri), JSON_MANDATORY },
897 { "data", JSON_VARIANT_STRING, dispatch_pkcs11_key_data, 0, JSON_MANDATORY },
898 { "hashedPassword", JSON_VARIANT_STRING, json_dispatch_string, offsetof(Pkcs11EncryptedKey, hashed_password), JSON_MANDATORY },
899 {},
900 };
901
902 if (!json_variant_is_object(e))
903 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not an object.");
904
905 array = reallocarray(h->pkcs11_encrypted_key, h->n_pkcs11_encrypted_key + 1, sizeof(Pkcs11EncryptedKey));
906 if (!array)
907 return log_oom();
908
909 h->pkcs11_encrypted_key = array;
910 k = h->pkcs11_encrypted_key + h->n_pkcs11_encrypted_key;
911 *k = (Pkcs11EncryptedKey) {};
912
913 r = json_dispatch(e, pkcs11_key_dispatch_table, NULL, flags, k);
914 if (r < 0) {
915 pkcs11_encrypted_key_done(k);
916 return r;
917 }
918
919 h->n_pkcs11_encrypted_key++;
920 }
921
922 return 0;
923 }
924
925 static int dispatch_fido2_hmac_credential(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
926 Fido2HmacCredential *k = userdata;
927 size_t l;
928 void *b;
929 int r;
930
931 if (json_variant_is_null(variant)) {
932 k->id = mfree(k->id);
933 k->size = 0;
934 return 0;
935 }
936
937 if (!json_variant_is_string(variant))
938 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
939
940 r = unbase64mem(json_variant_string(variant), SIZE_MAX, &b, &l);
941 if (r < 0)
942 return json_log(variant, flags, r, "Failed to decode FIDO2 credential ID: %m");
943
944 free_and_replace(k->id, b);
945 k->size = l;
946
947 return 0;
948 }
949
950 static int dispatch_fido2_hmac_credential_array(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
951 UserRecord *h = userdata;
952 JsonVariant *e;
953 int r;
954
955 if (!json_variant_is_array(variant))
956 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of strings.", strna(name));
957
958 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
959 Fido2HmacCredential *array;
960 size_t l;
961 void *b;
962
963 if (!json_variant_is_string(e))
964 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string.");
965
966 array = reallocarray(h->fido2_hmac_credential, h->n_fido2_hmac_credential + 1, sizeof(Fido2HmacCredential));
967 if (!array)
968 return log_oom();
969
970 r = unbase64mem(json_variant_string(e), SIZE_MAX, &b, &l);
971 if (r < 0)
972 return json_log(variant, flags, r, "Failed to decode FIDO2 credential ID: %m");
973
974 h->fido2_hmac_credential = array;
975
976 h->fido2_hmac_credential[h->n_fido2_hmac_credential++] = (Fido2HmacCredential) {
977 .id = b,
978 .size = l,
979 };
980 }
981
982 return 0;
983 }
984
985 static int dispatch_fido2_hmac_salt_value(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
986 Fido2HmacSalt *k = userdata;
987 size_t l;
988 void *b;
989 int r;
990
991 if (json_variant_is_null(variant)) {
992 k->salt = erase_and_free(k->salt);
993 k->salt_size = 0;
994 return 0;
995 }
996
997 if (!json_variant_is_string(variant))
998 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
999
1000 r = unbase64mem(json_variant_string(variant), SIZE_MAX, &b, &l);
1001 if (r < 0)
1002 return json_log(variant, flags, r, "Failed to decode FIDO2 salt: %m");
1003
1004 erase_and_free(k->salt);
1005 k->salt = b;
1006 k->salt_size = l;
1007
1008 return 0;
1009 }
1010
1011 static int dispatch_fido2_hmac_salt(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1012 UserRecord *h = userdata;
1013 JsonVariant *e;
1014 int r;
1015
1016 if (!json_variant_is_array(variant))
1017 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
1018
1019 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
1020 Fido2HmacSalt *array, *k;
1021
1022 static const JsonDispatch fido2_hmac_salt_dispatch_table[] = {
1023 { "credential", JSON_VARIANT_STRING, dispatch_fido2_hmac_credential, offsetof(Fido2HmacSalt, credential), JSON_MANDATORY },
1024 { "salt", JSON_VARIANT_STRING, dispatch_fido2_hmac_salt_value, 0, JSON_MANDATORY },
1025 { "hashedPassword", JSON_VARIANT_STRING, json_dispatch_string, offsetof(Fido2HmacSalt, hashed_password), JSON_MANDATORY },
1026 { "up", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(Fido2HmacSalt, up), 0 },
1027 { "uv", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(Fido2HmacSalt, uv), 0 },
1028 { "clientPin", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(Fido2HmacSalt, client_pin), 0 },
1029 {},
1030 };
1031
1032 if (!json_variant_is_object(e))
1033 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not an object.");
1034
1035 array = reallocarray(h->fido2_hmac_salt, h->n_fido2_hmac_salt + 1, sizeof(Fido2HmacSalt));
1036 if (!array)
1037 return log_oom();
1038
1039 h->fido2_hmac_salt = array;
1040 k = h->fido2_hmac_salt + h->n_fido2_hmac_salt;
1041 *k = (Fido2HmacSalt) {
1042 .uv = -1,
1043 .up = -1,
1044 .client_pin = -1,
1045 };
1046
1047 r = json_dispatch(e, fido2_hmac_salt_dispatch_table, NULL, flags, k);
1048 if (r < 0) {
1049 fido2_hmac_salt_done(k);
1050 return r;
1051 }
1052
1053 h->n_fido2_hmac_salt++;
1054 }
1055
1056 return 0;
1057 }
1058
1059 static int dispatch_recovery_key(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1060 UserRecord *h = userdata;
1061 JsonVariant *e;
1062 int r;
1063
1064 if (!json_variant_is_array(variant))
1065 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
1066
1067 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
1068 RecoveryKey *array, *k;
1069
1070 static const JsonDispatch recovery_key_dispatch_table[] = {
1071 { "type", JSON_VARIANT_STRING, json_dispatch_string, 0, JSON_MANDATORY },
1072 { "hashedPassword", JSON_VARIANT_STRING, json_dispatch_string, offsetof(RecoveryKey, hashed_password), JSON_MANDATORY },
1073 {},
1074 };
1075
1076 if (!json_variant_is_object(e))
1077 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not an object.");
1078
1079 array = reallocarray(h->recovery_key, h->n_recovery_key + 1, sizeof(RecoveryKey));
1080 if (!array)
1081 return log_oom();
1082
1083 h->recovery_key = array;
1084 k = h->recovery_key + h->n_recovery_key;
1085 *k = (RecoveryKey) {};
1086
1087 r = json_dispatch(e, recovery_key_dispatch_table, NULL, flags, k);
1088 if (r < 0) {
1089 recovery_key_done(k);
1090 return r;
1091 }
1092
1093 h->n_recovery_key++;
1094 }
1095
1096 return 0;
1097 }
1098
1099 static int dispatch_privileged(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1100
1101 static const JsonDispatch privileged_dispatch_table[] = {
1102 { "passwordHint", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, password_hint), 0 },
1103 { "hashedPassword", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, hashed_password), JSON_SAFE },
1104 { "sshAuthorizedKeys", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, ssh_authorized_keys), 0 },
1105 { "pkcs11EncryptedKey", JSON_VARIANT_ARRAY, dispatch_pkcs11_key, 0, 0 },
1106 { "fido2HmacSalt", JSON_VARIANT_ARRAY, dispatch_fido2_hmac_salt, 0, 0 },
1107 { "recoveryKey", JSON_VARIANT_ARRAY, dispatch_recovery_key, 0, 0 },
1108 {},
1109 };
1110
1111 return json_dispatch(variant, privileged_dispatch_table, NULL, flags, userdata);
1112 }
1113
1114 static int dispatch_binding(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1115
1116 static const JsonDispatch binding_dispatch_table[] = {
1117 { "imagePath", JSON_VARIANT_STRING, json_dispatch_image_path, offsetof(UserRecord, image_path), 0 },
1118 { "homeDirectory", JSON_VARIANT_STRING, json_dispatch_home_directory, offsetof(UserRecord, home_directory), 0 },
1119 { "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 },
1120 { "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 },
1121 { "fileSystemUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, file_system_uuid), 0 },
1122 { "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 },
1123 { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 },
1124 { "storage", JSON_VARIANT_STRING, json_dispatch_storage, offsetof(UserRecord, storage), 0 },
1125 { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
1126 { "luksCipher", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher), JSON_SAFE },
1127 { "luksCipherMode", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher_mode), JSON_SAFE },
1128 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_volume_key_size), 0 },
1129 {},
1130 };
1131
1132 JsonVariant *m;
1133 sd_id128_t mid;
1134 int r;
1135
1136 if (!variant)
1137 return 0;
1138
1139 if (!json_variant_is_object(variant))
1140 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an object.", strna(name));
1141
1142 r = sd_id128_get_machine(&mid);
1143 if (r < 0)
1144 return json_log(variant, flags, r, "Failed to determine machine ID: %m");
1145
1146 m = json_variant_by_key(variant, SD_ID128_TO_STRING(mid));
1147 if (!m)
1148 return 0;
1149
1150 return json_dispatch(m, binding_dispatch_table, NULL, flags, userdata);
1151 }
1152
1153 int per_machine_id_match(JsonVariant *ids, JsonDispatchFlags flags) {
1154 sd_id128_t mid;
1155 int r;
1156
1157 r = sd_id128_get_machine(&mid);
1158 if (r < 0)
1159 return json_log(ids, flags, r, "Failed to acquire machine ID: %m");
1160
1161 if (json_variant_is_string(ids)) {
1162 sd_id128_t k;
1163
1164 r = sd_id128_from_string(json_variant_string(ids), &k);
1165 if (r < 0) {
1166 json_log(ids, flags, r, "%s is not a valid machine ID, ignoring: %m", json_variant_string(ids));
1167 return 0;
1168 }
1169
1170 return sd_id128_equal(mid, k);
1171 }
1172
1173 if (json_variant_is_array(ids)) {
1174 JsonVariant *e;
1175
1176 JSON_VARIANT_ARRAY_FOREACH(e, ids) {
1177 sd_id128_t k;
1178
1179 if (!json_variant_is_string(e)) {
1180 json_log(e, flags, 0, "Machine ID is not a string, ignoring: %m");
1181 continue;
1182 }
1183
1184 r = sd_id128_from_string(json_variant_string(e), &k);
1185 if (r < 0) {
1186 json_log(e, flags, r, "%s is not a valid machine ID, ignoring: %m", json_variant_string(e));
1187 continue;
1188 }
1189
1190 if (sd_id128_equal(mid, k))
1191 return true;
1192 }
1193
1194 return false;
1195 }
1196
1197 json_log(ids, flags, 0, "Machine ID is not a string or array of strings, ignoring: %m");
1198 return false;
1199 }
1200
1201 int per_machine_hostname_match(JsonVariant *hns, JsonDispatchFlags flags) {
1202 _cleanup_free_ char *hn = NULL;
1203 int r;
1204
1205 r = gethostname_strict(&hn);
1206 if (r == -ENXIO) {
1207 json_log(hns, flags, r, "No hostname set, not matching perMachine hostname record: %m");
1208 return false;
1209 }
1210 if (r < 0)
1211 return json_log(hns, flags, r, "Failed to acquire hostname: %m");
1212
1213 if (json_variant_is_string(hns))
1214 return streq(json_variant_string(hns), hn);
1215
1216 if (json_variant_is_array(hns)) {
1217 JsonVariant *e;
1218
1219 JSON_VARIANT_ARRAY_FOREACH(e, hns) {
1220
1221 if (!json_variant_is_string(e)) {
1222 json_log(e, flags, 0, "Hostname is not a string, ignoring: %m");
1223 continue;
1224 }
1225
1226 if (streq(json_variant_string(hns), hn))
1227 return true;
1228 }
1229
1230 return false;
1231 }
1232
1233 json_log(hns, flags, 0, "Hostname is not a string or array of strings, ignoring: %m");
1234 return false;
1235 }
1236
1237 static int dispatch_per_machine(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1238
1239 static const JsonDispatch per_machine_dispatch_table[] = {
1240 { "matchMachineId", _JSON_VARIANT_TYPE_INVALID, NULL, 0, 0 },
1241 { "matchHostname", _JSON_VARIANT_TYPE_INVALID, NULL, 0, 0 },
1242 { "iconName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, icon_name), JSON_SAFE },
1243 { "location", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, location), 0 },
1244 { "shell", JSON_VARIANT_STRING, json_dispatch_filename_or_path, offsetof(UserRecord, shell), 0 },
1245 { "umask", JSON_VARIANT_UNSIGNED, json_dispatch_umask, offsetof(UserRecord, umask), 0 },
1246 { "environment", JSON_VARIANT_ARRAY, json_dispatch_environment, offsetof(UserRecord, environment), 0 },
1247 { "timeZone", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, time_zone), JSON_SAFE },
1248 { "preferredLanguage", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, preferred_language), JSON_SAFE },
1249 { "niceLevel", _JSON_VARIANT_TYPE_INVALID, json_dispatch_nice, offsetof(UserRecord, nice_level), 0 },
1250 { "resourceLimits", _JSON_VARIANT_TYPE_INVALID, json_dispatch_rlimits, offsetof(UserRecord, rlimits), 0 },
1251 { "locked", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, locked), 0 },
1252 { "notBeforeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_before_usec), 0 },
1253 { "notAfterUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_after_usec), 0 },
1254 { "storage", JSON_VARIANT_STRING, json_dispatch_storage, offsetof(UserRecord, storage), 0 },
1255 { "diskSize", JSON_VARIANT_UNSIGNED, json_dispatch_disk_size, offsetof(UserRecord, disk_size), 0 },
1256 { "diskSizeRelative", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_size_relative), 0 },
1257 { "skeletonDirectory", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, skeleton_directory), 0 },
1258 { "accessMode", JSON_VARIANT_UNSIGNED, json_dispatch_access_mode, offsetof(UserRecord, access_mode), 0 },
1259 { "tasksMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, tasks_max), 0 },
1260 { "memoryHigh", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_high), 0 },
1261 { "memoryMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_max), 0 },
1262 { "cpuWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, cpu_weight), 0 },
1263 { "ioWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, io_weight), 0 },
1264 { "mountNoDevices", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nodev), 0 },
1265 { "mountNoSuid", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nosuid), 0 },
1266 { "mountNoExecute", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, noexec), 0 },
1267 { "cifsDomain", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_domain), JSON_SAFE },
1268 { "cifsUserName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_user_name), JSON_SAFE },
1269 { "cifsService", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_service), JSON_SAFE },
1270 { "imagePath", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, image_path), 0 },
1271 { "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 },
1272 { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 },
1273 { "memberOf", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(UserRecord, member_of), JSON_RELAX},
1274 { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
1275 { "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 },
1276 { "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 },
1277 { "fileSystemUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, file_system_uuid), 0 },
1278 { "luksDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_discard), 0, },
1279 { "luksOfflineDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_offline_discard), 0, },
1280 { "luksCipher", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher), JSON_SAFE },
1281 { "luksCipherMode", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher_mode), JSON_SAFE },
1282 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_volume_key_size), 0 },
1283 { "luksPbkdfHashAlgorithm", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_hash_algorithm), JSON_SAFE },
1284 { "luksPbkdfType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_type), JSON_SAFE },
1285 { "luksPbkdfTimeCostUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_time_cost_usec), 0 },
1286 { "luksPbkdfMemoryCost", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_memory_cost), 0 },
1287 { "luksPbkdfParallelThreads", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_parallel_threads), 0 },
1288 { "dropCaches", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, drop_caches), 0 },
1289 { "rateLimitIntervalUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_interval_usec), 0 },
1290 { "rateLimitBurst", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_burst), 0 },
1291 { "enforcePasswordPolicy", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, enforce_password_policy), 0 },
1292 { "autoLogin", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, auto_login), 0 },
1293 { "stopDelayUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, stop_delay_usec), 0 },
1294 { "killProcesses", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, kill_processes), 0 },
1295 { "passwordChangeMinUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_min_usec), 0 },
1296 { "passwordChangeMaxUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_max_usec), 0 },
1297 { "passwordChangeWarnUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_warn_usec), 0 },
1298 { "passwordChangeInactiveUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_inactive_usec), 0 },
1299 { "passwordChangeNow", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, password_change_now), 0 },
1300 { "pkcs11TokenUri", JSON_VARIANT_ARRAY, dispatch_pkcs11_uri_array, offsetof(UserRecord, pkcs11_token_uri), 0 },
1301 { "fido2HmacCredential", JSON_VARIANT_ARRAY, dispatch_fido2_hmac_credential_array, 0, 0 },
1302 {},
1303 };
1304
1305 JsonVariant *e;
1306 int r;
1307
1308 if (!variant)
1309 return 0;
1310
1311 if (!json_variant_is_array(variant))
1312 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array.", strna(name));
1313
1314 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
1315 bool matching = false;
1316 JsonVariant *m;
1317
1318 if (!json_variant_is_object(e))
1319 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
1320
1321 m = json_variant_by_key(e, "matchMachineId");
1322 if (m) {
1323 r = per_machine_id_match(m, flags);
1324 if (r < 0)
1325 return r;
1326
1327 matching = r > 0;
1328 }
1329
1330 if (!matching) {
1331 m = json_variant_by_key(e, "matchHostname");
1332 if (m) {
1333 r = per_machine_hostname_match(m, flags);
1334 if (r < 0)
1335 return r;
1336
1337 matching = r > 0;
1338 }
1339 }
1340
1341 if (!matching)
1342 continue;
1343
1344 r = json_dispatch(e, per_machine_dispatch_table, NULL, flags, userdata);
1345 if (r < 0)
1346 return r;
1347 }
1348
1349 return 0;
1350 }
1351
1352 static int dispatch_status(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1353
1354 static const JsonDispatch status_dispatch_table[] = {
1355 { "diskUsage", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_usage), 0 },
1356 { "diskFree", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_free), 0 },
1357 { "diskSize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_size), 0 },
1358 { "diskCeiling", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_ceiling), 0 },
1359 { "diskFloor", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_floor), 0 },
1360 { "state", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, state), JSON_SAFE },
1361 { "service", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, service), JSON_SAFE },
1362 { "signedLocally", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, signed_locally), 0 },
1363 { "goodAuthenticationCounter", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, good_authentication_counter), 0 },
1364 { "badAuthenticationCounter", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, bad_authentication_counter), 0 },
1365 { "lastGoodAuthenticationUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_good_authentication_usec), 0 },
1366 { "lastBadAuthenticationUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_bad_authentication_usec), 0 },
1367 { "rateLimitBeginUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_begin_usec), 0 },
1368 { "rateLimitCount", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_count), 0 },
1369 { "removable", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, removable), 0 },
1370 {},
1371 };
1372
1373 JsonVariant *m;
1374 sd_id128_t mid;
1375 int r;
1376
1377 if (!variant)
1378 return 0;
1379
1380 if (!json_variant_is_object(variant))
1381 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an object.", strna(name));
1382
1383 r = sd_id128_get_machine(&mid);
1384 if (r < 0)
1385 return json_log(variant, flags, r, "Failed to determine machine ID: %m");
1386
1387 m = json_variant_by_key(variant, SD_ID128_TO_STRING(mid));
1388 if (!m)
1389 return 0;
1390
1391 return json_dispatch(m, status_dispatch_table, NULL, flags, userdata);
1392 }
1393
1394 int user_record_build_image_path(UserStorage storage, const char *user_name_and_realm, char **ret) {
1395 const char *suffix;
1396 char *z;
1397
1398 assert(storage >= 0);
1399 assert(user_name_and_realm);
1400 assert(ret);
1401
1402 if (storage == USER_LUKS)
1403 suffix = ".home";
1404 else if (IN_SET(storage, USER_DIRECTORY, USER_SUBVOLUME, USER_FSCRYPT))
1405 suffix = ".homedir";
1406 else {
1407 *ret = NULL;
1408 return 0;
1409 }
1410
1411 z = strjoin(get_home_root(), "/", user_name_and_realm, suffix);
1412 if (!z)
1413 return -ENOMEM;
1414
1415 *ret = path_simplify(z);
1416 return 1;
1417 }
1418
1419 static int user_record_augment(UserRecord *h, JsonDispatchFlags json_flags) {
1420 int r;
1421
1422 assert(h);
1423
1424 if (!FLAGS_SET(h->mask, USER_RECORD_REGULAR))
1425 return 0;
1426
1427 assert(h->user_name);
1428
1429 if (!h->user_name_and_realm_auto && h->realm) {
1430 h->user_name_and_realm_auto = strjoin(h->user_name, "@", h->realm);
1431 if (!h->user_name_and_realm_auto)
1432 return json_log_oom(h->json, json_flags);
1433 }
1434
1435 /* Let's add in the following automatisms only for regular users, they don't make sense for any others */
1436 if (user_record_disposition(h) != USER_REGULAR)
1437 return 0;
1438
1439 if (!h->home_directory && !h->home_directory_auto) {
1440 h->home_directory_auto = path_join(get_home_root(), h->user_name);
1441 if (!h->home_directory_auto)
1442 return json_log_oom(h->json, json_flags);
1443 }
1444
1445 if (!h->image_path && !h->image_path_auto) {
1446 r = user_record_build_image_path(user_record_storage(h), user_record_user_name_and_realm(h), &h->image_path_auto);
1447 if (r < 0)
1448 return json_log(h->json, json_flags, r, "Failed to determine default image path: %m");
1449 }
1450
1451 return 0;
1452 }
1453
1454 int user_group_record_mangle(
1455 JsonVariant *v,
1456 UserRecordLoadFlags load_flags,
1457 JsonVariant **ret_variant,
1458 UserRecordMask *ret_mask) {
1459
1460 static const struct {
1461 UserRecordMask mask;
1462 const char *name;
1463 } mask_field[] = {
1464 { USER_RECORD_PRIVILEGED, "privileged" },
1465 { USER_RECORD_SECRET, "secret" },
1466 { USER_RECORD_BINDING, "binding" },
1467 { USER_RECORD_PER_MACHINE, "perMachine" },
1468 { USER_RECORD_STATUS, "status" },
1469 { USER_RECORD_SIGNATURE, "signature" },
1470 };
1471
1472 JsonDispatchFlags json_flags = USER_RECORD_LOAD_FLAGS_TO_JSON_DISPATCH_FLAGS(load_flags);
1473 _cleanup_(json_variant_unrefp) JsonVariant *w = NULL;
1474 JsonVariant *array[ELEMENTSOF(mask_field) * 2];
1475 size_t n_retain = 0;
1476 UserRecordMask m = 0;
1477 int r;
1478
1479 assert((load_flags & _USER_RECORD_MASK_MAX) == 0); /* detect mistakes when accidentally passing
1480 * UserRecordMask bit masks as UserRecordLoadFlags
1481 * value */
1482
1483 assert(v);
1484 assert(ret_variant);
1485 assert(ret_mask);
1486
1487 /* Note that this function is shared with the group record parser, hence we try to be generic in our
1488 * log message wording here, to cover both cases. */
1489
1490 if (!json_variant_is_object(v))
1491 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record is not a JSON object, refusing.");
1492
1493 if (USER_RECORD_ALLOW_MASK(load_flags) == 0) /* allow nothing? */
1494 return json_log(v, json_flags, SYNTHETIC_ERRNO(EINVAL), "Nothing allowed in record, refusing.");
1495
1496 if (USER_RECORD_STRIP_MASK(load_flags) == _USER_RECORD_MASK_MAX) /* strip everything? */
1497 return json_log(v, json_flags, SYNTHETIC_ERRNO(EINVAL), "Stripping everything from record, refusing.");
1498
1499 /* Check if we have the special sections and if they match our flags set */
1500 for (size_t i = 0; i < ELEMENTSOF(mask_field); i++) {
1501 JsonVariant *e, *k;
1502
1503 if (FLAGS_SET(USER_RECORD_STRIP_MASK(load_flags), mask_field[i].mask)) {
1504 if (!w)
1505 w = json_variant_ref(v);
1506
1507 r = json_variant_filter(&w, STRV_MAKE(mask_field[i].name));
1508 if (r < 0)
1509 return json_log(w, json_flags, r, "Failed to remove field from variant: %m");
1510
1511 continue;
1512 }
1513
1514 e = json_variant_by_key_full(v, mask_field[i].name, &k);
1515 if (e) {
1516 if (!FLAGS_SET(USER_RECORD_ALLOW_MASK(load_flags), mask_field[i].mask))
1517 return json_log(e, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record contains '%s' field, which is not allowed.", mask_field[i].name);
1518
1519 if (FLAGS_SET(load_flags, USER_RECORD_STRIP_REGULAR)) {
1520 array[n_retain++] = k;
1521 array[n_retain++] = e;
1522 }
1523
1524 m |= mask_field[i].mask;
1525 } else {
1526 if (FLAGS_SET(USER_RECORD_REQUIRE_MASK(load_flags), mask_field[i].mask))
1527 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record lacks '%s' field, which is required.", mask_field[i].name);
1528 }
1529 }
1530
1531 if (FLAGS_SET(load_flags, USER_RECORD_STRIP_REGULAR)) {
1532 /* If we are supposed to strip regular items, then let's instead just allocate a new object
1533 * with just the stuff we need. */
1534
1535 w = json_variant_unref(w);
1536 r = json_variant_new_object(&w, array, n_retain);
1537 if (r < 0)
1538 return json_log(v, json_flags, r, "Failed to allocate new object: %m");
1539 } else
1540 /* And now check if there's anything else in the record */
1541 for (size_t i = 0; i < json_variant_elements(v); i += 2) {
1542 const char *f;
1543 bool special = false;
1544
1545 assert_se(f = json_variant_string(json_variant_by_index(v, i)));
1546
1547 for (size_t j = 0; j < ELEMENTSOF(mask_field); j++)
1548 if (streq(f, mask_field[j].name)) { /* already covered in the loop above */
1549 special = true;
1550 continue;
1551 }
1552
1553 if (!special) {
1554 if ((load_flags & (USER_RECORD_ALLOW_REGULAR|USER_RECORD_REQUIRE_REGULAR)) == 0)
1555 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record contains '%s' field, which is not allowed.", f);
1556
1557 m |= USER_RECORD_REGULAR;
1558 break;
1559 }
1560 }
1561
1562 if (FLAGS_SET(load_flags, USER_RECORD_REQUIRE_REGULAR) && !FLAGS_SET(m, USER_RECORD_REGULAR))
1563 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record lacks basic identity fields, which are required.");
1564
1565 if (!FLAGS_SET(load_flags, USER_RECORD_EMPTY_OK) && m == 0)
1566 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record is empty.");
1567
1568 if (w)
1569 *ret_variant = TAKE_PTR(w);
1570 else
1571 *ret_variant = json_variant_ref(v);
1572
1573 *ret_mask = m;
1574 return 0;
1575 }
1576
1577 int user_record_load(UserRecord *h, JsonVariant *v, UserRecordLoadFlags load_flags) {
1578
1579 static const JsonDispatch user_dispatch_table[] = {
1580 { "userName", JSON_VARIANT_STRING, json_dispatch_user_group_name, offsetof(UserRecord, user_name), JSON_RELAX},
1581 { "realm", JSON_VARIANT_STRING, json_dispatch_realm, offsetof(UserRecord, realm), 0 },
1582 { "realName", JSON_VARIANT_STRING, json_dispatch_gecos, offsetof(UserRecord, real_name), 0 },
1583 { "emailAddress", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, email_address), JSON_SAFE },
1584 { "iconName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, icon_name), JSON_SAFE },
1585 { "location", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, location), 0 },
1586 { "disposition", JSON_VARIANT_STRING, json_dispatch_user_disposition, offsetof(UserRecord, disposition), 0 },
1587 { "lastChangeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_change_usec), 0 },
1588 { "lastPasswordChangeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_password_change_usec), 0 },
1589 { "shell", JSON_VARIANT_STRING, json_dispatch_filename_or_path, offsetof(UserRecord, shell), 0 },
1590 { "umask", JSON_VARIANT_UNSIGNED, json_dispatch_umask, offsetof(UserRecord, umask), 0 },
1591 { "environment", JSON_VARIANT_ARRAY, json_dispatch_environment, offsetof(UserRecord, environment), 0 },
1592 { "timeZone", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, time_zone), JSON_SAFE },
1593 { "preferredLanguage", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, preferred_language), JSON_SAFE },
1594 { "niceLevel", _JSON_VARIANT_TYPE_INVALID, json_dispatch_nice, offsetof(UserRecord, nice_level), 0 },
1595 { "resourceLimits", _JSON_VARIANT_TYPE_INVALID, json_dispatch_rlimits, offsetof(UserRecord, rlimits), 0 },
1596 { "locked", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, locked), 0 },
1597 { "notBeforeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_before_usec), 0 },
1598 { "notAfterUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_after_usec), 0 },
1599 { "storage", JSON_VARIANT_STRING, json_dispatch_storage, offsetof(UserRecord, storage), 0 },
1600 { "diskSize", JSON_VARIANT_UNSIGNED, json_dispatch_disk_size, offsetof(UserRecord, disk_size), 0 },
1601 { "diskSizeRelative", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_size_relative), 0 },
1602 { "skeletonDirectory", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, skeleton_directory), 0 },
1603 { "accessMode", JSON_VARIANT_UNSIGNED, json_dispatch_access_mode, offsetof(UserRecord, access_mode), 0 },
1604 { "tasksMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, tasks_max), 0 },
1605 { "memoryHigh", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_high), 0 },
1606 { "memoryMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_max), 0 },
1607 { "cpuWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, cpu_weight), 0 },
1608 { "ioWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, io_weight), 0 },
1609 { "mountNoDevices", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nodev), 0 },
1610 { "mountNoSuid", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nosuid), 0 },
1611 { "mountNoExecute", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, noexec), 0 },
1612 { "cifsDomain", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_domain), JSON_SAFE },
1613 { "cifsUserName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_user_name), JSON_SAFE },
1614 { "cifsService", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_service), JSON_SAFE },
1615 { "imagePath", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, image_path), 0 },
1616 { "homeDirectory", JSON_VARIANT_STRING, json_dispatch_home_directory, offsetof(UserRecord, home_directory), 0 },
1617 { "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 },
1618 { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 },
1619 { "memberOf", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(UserRecord, member_of), JSON_RELAX},
1620 { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
1621 { "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 },
1622 { "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 },
1623 { "fileSystemUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, file_system_uuid), 0 },
1624 { "luksDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_discard), 0 },
1625 { "luksOfflineDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_offline_discard), 0 },
1626 { "luksCipher", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher), JSON_SAFE },
1627 { "luksCipherMode", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher_mode), JSON_SAFE },
1628 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_volume_key_size), 0 },
1629 { "luksPbkdfHashAlgorithm", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_hash_algorithm), JSON_SAFE },
1630 { "luksPbkdfType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_type), JSON_SAFE },
1631 { "luksPbkdfTimeCostUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_time_cost_usec), 0 },
1632 { "luksPbkdfMemoryCost", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_memory_cost), 0 },
1633 { "luksPbkdfParallelThreads", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_parallel_threads), 0 },
1634 { "dropCaches", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, drop_caches), 0 },
1635 { "service", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, service), JSON_SAFE },
1636 { "rateLimitIntervalUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_interval_usec), 0 },
1637 { "rateLimitBurst", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_burst), 0 },
1638 { "enforcePasswordPolicy", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, enforce_password_policy), 0 },
1639 { "autoLogin", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, auto_login), 0 },
1640 { "stopDelayUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, stop_delay_usec), 0 },
1641 { "killProcesses", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, kill_processes), 0 },
1642 { "passwordChangeMinUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_min_usec), 0 },
1643 { "passwordChangeMaxUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_max_usec), 0 },
1644 { "passwordChangeWarnUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_warn_usec), 0 },
1645 { "passwordChangeInactiveUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_inactive_usec), 0 },
1646 { "passwordChangeNow", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, password_change_now), 0 },
1647 { "pkcs11TokenUri", JSON_VARIANT_ARRAY, dispatch_pkcs11_uri_array, offsetof(UserRecord, pkcs11_token_uri), 0 },
1648 { "fido2HmacCredential", JSON_VARIANT_ARRAY, dispatch_fido2_hmac_credential_array, 0, 0 },
1649 { "recoveryKeyType", JSON_VARIANT_ARRAY, json_dispatch_strv, offsetof(UserRecord, recovery_key_type), 0 },
1650
1651 { "secret", JSON_VARIANT_OBJECT, dispatch_secret, 0, 0 },
1652 { "privileged", JSON_VARIANT_OBJECT, dispatch_privileged, 0, 0 },
1653
1654 /* Ignore the perMachine, binding, status stuff here, and process it later, so that it overrides whatever is set above */
1655 { "perMachine", JSON_VARIANT_ARRAY, NULL, 0, 0 },
1656 { "binding", JSON_VARIANT_OBJECT, NULL, 0, 0 },
1657 { "status", JSON_VARIANT_OBJECT, NULL, 0, 0 },
1658
1659 /* Ignore 'signature', we check it with explicit accessors instead */
1660 { "signature", JSON_VARIANT_ARRAY, NULL, 0, 0 },
1661 {},
1662 };
1663
1664 JsonDispatchFlags json_flags = USER_RECORD_LOAD_FLAGS_TO_JSON_DISPATCH_FLAGS(load_flags);
1665 int r;
1666
1667 assert(h);
1668 assert(!h->json);
1669
1670 /* Note that this call will leave a half-initialized record around on failure! */
1671
1672 r = user_group_record_mangle(v, load_flags, &h->json, &h->mask);
1673 if (r < 0)
1674 return r;
1675
1676 r = json_dispatch(h->json, user_dispatch_table, NULL, json_flags, h);
1677 if (r < 0)
1678 return r;
1679
1680 /* During the parsing operation above we ignored the 'perMachine', 'binding' and 'status' fields,
1681 * since we want them to override the global options. Let's process them now. */
1682
1683 r = dispatch_per_machine("perMachine", json_variant_by_key(h->json, "perMachine"), json_flags, h);
1684 if (r < 0)
1685 return r;
1686
1687 r = dispatch_binding("binding", json_variant_by_key(h->json, "binding"), json_flags, h);
1688 if (r < 0)
1689 return r;
1690
1691 r = dispatch_status("status", json_variant_by_key(h->json, "status"), json_flags, h);
1692 if (r < 0)
1693 return r;
1694
1695 if (FLAGS_SET(h->mask, USER_RECORD_REGULAR) && !h->user_name)
1696 return json_log(h->json, json_flags, SYNTHETIC_ERRNO(EINVAL), "User name field missing, refusing.");
1697
1698 r = user_record_augment(h, json_flags);
1699 if (r < 0)
1700 return r;
1701
1702 return 0;
1703 }
1704
1705 int user_record_build(UserRecord **ret, ...) {
1706 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1707 _cleanup_(user_record_unrefp) UserRecord *u = NULL;
1708 va_list ap;
1709 int r;
1710
1711 assert(ret);
1712
1713 va_start(ap, ret);
1714 r = json_buildv(&v, ap);
1715 va_end(ap);
1716
1717 if (r < 0)
1718 return r;
1719
1720 u = user_record_new();
1721 if (!u)
1722 return -ENOMEM;
1723
1724 r = user_record_load(u, v, USER_RECORD_LOAD_FULL);
1725 if (r < 0)
1726 return r;
1727
1728 *ret = TAKE_PTR(u);
1729 return 0;
1730 }
1731
1732 const char *user_record_user_name_and_realm(UserRecord *h) {
1733 assert(h);
1734
1735 /* Return the pre-initialized joined string if it is defined */
1736 if (h->user_name_and_realm_auto)
1737 return h->user_name_and_realm_auto;
1738
1739 /* If it's not defined then we cannot have a realm */
1740 assert(!h->realm);
1741 return h->user_name;
1742 }
1743
1744 UserStorage user_record_storage(UserRecord *h) {
1745 assert(h);
1746
1747 if (h->storage >= 0)
1748 return h->storage;
1749
1750 return USER_CLASSIC;
1751 }
1752
1753 const char *user_record_file_system_type(UserRecord *h) {
1754 assert(h);
1755
1756 return h->file_system_type ?: "btrfs";
1757 }
1758
1759 const char *user_record_skeleton_directory(UserRecord *h) {
1760 assert(h);
1761
1762 return h->skeleton_directory ?: "/etc/skel";
1763 }
1764
1765 mode_t user_record_access_mode(UserRecord *h) {
1766 assert(h);
1767
1768 return h->access_mode != MODE_INVALID ? h->access_mode : 0700;
1769 }
1770
1771 const char* user_record_home_directory(UserRecord *h) {
1772 assert(h);
1773
1774 if (h->home_directory)
1775 return h->home_directory;
1776 if (h->home_directory_auto)
1777 return h->home_directory_auto;
1778
1779 /* The root user is special, hence be special about it */
1780 if (streq_ptr(h->user_name, "root"))
1781 return "/root";
1782
1783 return "/";
1784 }
1785
1786 const char *user_record_image_path(UserRecord *h) {
1787 assert(h);
1788
1789 if (h->image_path)
1790 return h->image_path;
1791 if (h->image_path_auto)
1792 return h->image_path_auto;
1793
1794 return IN_SET(user_record_storage(h), USER_CLASSIC, USER_DIRECTORY, USER_SUBVOLUME, USER_FSCRYPT) ? user_record_home_directory(h) : NULL;
1795 }
1796
1797 const char *user_record_cifs_user_name(UserRecord *h) {
1798 assert(h);
1799
1800 return h->cifs_user_name ?: h->user_name;
1801 }
1802
1803 unsigned long user_record_mount_flags(UserRecord *h) {
1804 assert(h);
1805
1806 return (h->nosuid ? MS_NOSUID : 0) |
1807 (h->noexec ? MS_NOEXEC : 0) |
1808 (h->nodev ? MS_NODEV : 0);
1809 }
1810
1811 const char *user_record_shell(UserRecord *h) {
1812 assert(h);
1813
1814 if (h->shell)
1815 return h->shell;
1816
1817 if (streq_ptr(h->user_name, "root"))
1818 return "/bin/sh";
1819
1820 if (user_record_disposition(h) == USER_REGULAR)
1821 return "/bin/bash";
1822
1823 return NOLOGIN;
1824 }
1825
1826 const char *user_record_real_name(UserRecord *h) {
1827 assert(h);
1828
1829 return h->real_name ?: h->user_name;
1830 }
1831
1832 bool user_record_luks_discard(UserRecord *h) {
1833 const char *ip;
1834
1835 assert(h);
1836
1837 if (h->luks_discard >= 0)
1838 return h->luks_discard;
1839
1840 ip = user_record_image_path(h);
1841 if (!ip)
1842 return false;
1843
1844 /* Use discard by default if we are referring to a real block device, but not when operating on a
1845 * loopback device. We want to optimize for SSD and flash storage after all, but we should be careful
1846 * when storing stuff on top of regular file systems in loopback files as doing discard then would
1847 * mean thin provisioning and we should not do that willy-nilly since it means we'll risk EIO later
1848 * on should the disk space to back our file systems not be available. */
1849
1850 return path_startswith(ip, "/dev/");
1851 }
1852
1853 bool user_record_luks_offline_discard(UserRecord *h) {
1854 const char *ip;
1855
1856 assert(h);
1857
1858 if (h->luks_offline_discard >= 0)
1859 return h->luks_offline_discard;
1860
1861 /* Discard while we are logged out should generally be a good idea, except when operating directly on
1862 * physical media, where we should just bind it to the online discard mode. */
1863
1864 ip = user_record_image_path(h);
1865 if (!ip)
1866 return false;
1867
1868 if (path_startswith(ip, "/dev/"))
1869 return user_record_luks_discard(h);
1870
1871 return true;
1872 }
1873
1874 const char *user_record_luks_cipher(UserRecord *h) {
1875 assert(h);
1876
1877 return h->luks_cipher ?: "aes";
1878 }
1879
1880 const char *user_record_luks_cipher_mode(UserRecord *h) {
1881 assert(h);
1882
1883 return h->luks_cipher_mode ?: "xts-plain64";
1884 }
1885
1886 uint64_t user_record_luks_volume_key_size(UserRecord *h) {
1887 assert(h);
1888
1889 /* We return a value here that can be cast without loss into size_t which is what libcrypsetup expects */
1890
1891 if (h->luks_volume_key_size == UINT64_MAX)
1892 return 256 / 8;
1893
1894 return MIN(h->luks_volume_key_size, SIZE_MAX);
1895 }
1896
1897 const char* user_record_luks_pbkdf_type(UserRecord *h) {
1898 assert(h);
1899
1900 return h->luks_pbkdf_type ?: "argon2id";
1901 }
1902
1903 uint64_t user_record_luks_pbkdf_time_cost_usec(UserRecord *h) {
1904 assert(h);
1905
1906 /* Returns a value with ms granularity, since that's what libcryptsetup expects */
1907
1908 if (h->luks_pbkdf_time_cost_usec == UINT64_MAX)
1909 return 500 * USEC_PER_MSEC; /* We default to 500ms, in contrast to libcryptsetup's 2s, which is just awfully slow on every login */
1910
1911 return MIN(DIV_ROUND_UP(h->luks_pbkdf_time_cost_usec, USEC_PER_MSEC), UINT32_MAX) * USEC_PER_MSEC;
1912 }
1913
1914 uint64_t user_record_luks_pbkdf_memory_cost(UserRecord *h) {
1915 assert(h);
1916
1917 /* Returns a value with kb granularity, since that's what libcryptsetup expects */
1918 if (h->luks_pbkdf_memory_cost == UINT64_MAX)
1919 return streq(user_record_luks_pbkdf_type(h), "pbkdf2") ? 0 : /* doesn't apply for simple pbkdf2 */
1920 64*1024*1024; /* We default to 64M, since this should work on smaller systems too */
1921
1922 return MIN(DIV_ROUND_UP(h->luks_pbkdf_memory_cost, 1024), UINT32_MAX) * 1024;
1923 }
1924
1925 uint64_t user_record_luks_pbkdf_parallel_threads(UserRecord *h) {
1926 assert(h);
1927
1928 if (h->luks_pbkdf_parallel_threads == UINT64_MAX)
1929 return streq(user_record_luks_pbkdf_type(h), "pbkdf2") ? 0 : /* doesn't apply for simple pbkdf2 */
1930 1; /* We default to 1, since this should work on smaller systems too */
1931
1932 return MIN(h->luks_pbkdf_parallel_threads, UINT32_MAX);
1933 }
1934
1935 const char *user_record_luks_pbkdf_hash_algorithm(UserRecord *h) {
1936 assert(h);
1937
1938 return h->luks_pbkdf_hash_algorithm ?: "sha512";
1939 }
1940
1941 gid_t user_record_gid(UserRecord *h) {
1942 assert(h);
1943
1944 if (gid_is_valid(h->gid))
1945 return h->gid;
1946
1947 return (gid_t) h->uid;
1948 }
1949
1950 UserDisposition user_record_disposition(UserRecord *h) {
1951 assert(h);
1952
1953 if (h->disposition >= 0)
1954 return h->disposition;
1955
1956 /* If not declared, derive from UID */
1957
1958 if (!uid_is_valid(h->uid))
1959 return _USER_DISPOSITION_INVALID;
1960
1961 if (h->uid == 0 || h->uid == UID_NOBODY)
1962 return USER_INTRINSIC;
1963
1964 if (uid_is_system(h->uid))
1965 return USER_SYSTEM;
1966
1967 if (uid_is_dynamic(h->uid))
1968 return USER_DYNAMIC;
1969
1970 if (uid_is_container(h->uid))
1971 return USER_CONTAINER;
1972
1973 if (h->uid > INT32_MAX)
1974 return USER_RESERVED;
1975
1976 return USER_REGULAR;
1977 }
1978
1979 int user_record_removable(UserRecord *h) {
1980 UserStorage storage;
1981 assert(h);
1982
1983 if (h->removable >= 0)
1984 return h->removable;
1985
1986 /* Refuse to decide for classic records */
1987 storage = user_record_storage(h);
1988 if (h->storage < 0 || h->storage == USER_CLASSIC)
1989 return -1;
1990
1991 /* For now consider only LUKS home directories with a reference by path as removable */
1992 return storage == USER_LUKS && path_startswith(user_record_image_path(h), "/dev/");
1993 }
1994
1995 uint64_t user_record_ratelimit_interval_usec(UserRecord *h) {
1996 assert(h);
1997
1998 if (h->ratelimit_interval_usec == UINT64_MAX)
1999 return DEFAULT_RATELIMIT_INTERVAL_USEC;
2000
2001 return h->ratelimit_interval_usec;
2002 }
2003
2004 uint64_t user_record_ratelimit_burst(UserRecord *h) {
2005 assert(h);
2006
2007 if (h->ratelimit_burst == UINT64_MAX)
2008 return DEFAULT_RATELIMIT_BURST;
2009
2010 return h->ratelimit_burst;
2011 }
2012
2013 bool user_record_can_authenticate(UserRecord *h) {
2014 assert(h);
2015
2016 /* Returns true if there's some form of property configured that the user can authenticate against */
2017
2018 if (h->n_pkcs11_encrypted_key > 0)
2019 return true;
2020
2021 if (h->n_fido2_hmac_salt > 0)
2022 return true;
2023
2024 return !strv_isempty(h->hashed_password);
2025 }
2026
2027 bool user_record_drop_caches(UserRecord *h) {
2028 assert(h);
2029
2030 if (h->drop_caches >= 0)
2031 return h->drop_caches;
2032
2033 /* By default drop caches on fscrypt, not otherwise. */
2034 return user_record_storage(h) == USER_FSCRYPT;
2035 }
2036
2037 uint64_t user_record_ratelimit_next_try(UserRecord *h) {
2038 assert(h);
2039
2040 /* Calculates when the it's possible to login next. Returns:
2041 *
2042 * UINT64_MAX → Nothing known
2043 * 0 → Right away
2044 * Any other → Next time in CLOCK_REALTIME in usec (which could be in the past)
2045 */
2046
2047 if (h->ratelimit_begin_usec == UINT64_MAX ||
2048 h->ratelimit_count == UINT64_MAX)
2049 return UINT64_MAX;
2050
2051 if (h->ratelimit_begin_usec > now(CLOCK_REALTIME)) /* If the ratelimit time is in the future, then
2052 * the local clock is probably incorrect. Let's
2053 * not refuse login then. */
2054 return UINT64_MAX;
2055
2056 if (h->ratelimit_count < user_record_ratelimit_burst(h))
2057 return 0;
2058
2059 return usec_add(h->ratelimit_begin_usec, user_record_ratelimit_interval_usec(h));
2060 }
2061
2062 bool user_record_equal(UserRecord *a, UserRecord *b) {
2063 assert(a);
2064 assert(b);
2065
2066 /* We assume that when a record is modified its JSON data is updated at the same time, hence it's
2067 * sufficient to compare the JSON data. */
2068
2069 return json_variant_equal(a->json, b->json);
2070 }
2071
2072 bool user_record_compatible(UserRecord *a, UserRecord *b) {
2073 assert(a);
2074 assert(b);
2075
2076 /* If either lacks the regular section, we can't really decide, let's hence say they are
2077 * incompatible. */
2078 if (!(a->mask & b->mask & USER_RECORD_REGULAR))
2079 return false;
2080
2081 return streq_ptr(a->user_name, b->user_name) &&
2082 streq_ptr(a->realm, b->realm);
2083 }
2084
2085 int user_record_compare_last_change(UserRecord *a, UserRecord *b) {
2086 assert(a);
2087 assert(b);
2088
2089 if (a->last_change_usec == b->last_change_usec)
2090 return 0;
2091
2092 /* Always consider a record with a timestamp newer than one without */
2093 if (a->last_change_usec == UINT64_MAX)
2094 return -1;
2095 if (b->last_change_usec == UINT64_MAX)
2096 return 1;
2097
2098 return CMP(a->last_change_usec, b->last_change_usec);
2099 }
2100
2101 int user_record_clone(UserRecord *h, UserRecordLoadFlags flags, UserRecord **ret) {
2102 _cleanup_(user_record_unrefp) UserRecord *c = NULL;
2103 int r;
2104
2105 assert(h);
2106 assert(ret);
2107
2108 c = user_record_new();
2109 if (!c)
2110 return -ENOMEM;
2111
2112 r = user_record_load(c, h->json, flags);
2113 if (r < 0)
2114 return r;
2115
2116 *ret = TAKE_PTR(c);
2117 return 0;
2118 }
2119
2120 int user_record_masked_equal(UserRecord *a, UserRecord *b, UserRecordMask mask) {
2121 _cleanup_(user_record_unrefp) UserRecord *x = NULL, *y = NULL;
2122 int r;
2123
2124 assert(a);
2125 assert(b);
2126
2127 /* Compares the two records, but ignores anything not listed in the specified mask */
2128
2129 if ((a->mask & ~mask) != 0) {
2130 r = user_record_clone(a, USER_RECORD_ALLOW(mask) | USER_RECORD_STRIP(~mask & _USER_RECORD_MASK_MAX) | USER_RECORD_PERMISSIVE, &x);
2131 if (r < 0)
2132 return r;
2133
2134 a = x;
2135 }
2136
2137 if ((b->mask & ~mask) != 0) {
2138 r = user_record_clone(b, USER_RECORD_ALLOW(mask) | USER_RECORD_STRIP(~mask & _USER_RECORD_MASK_MAX) | USER_RECORD_PERMISSIVE, &y);
2139 if (r < 0)
2140 return r;
2141
2142 b = y;
2143 }
2144
2145 return user_record_equal(a, b);
2146 }
2147
2148 int user_record_test_blocked(UserRecord *h) {
2149 usec_t n;
2150
2151 /* Checks whether access to the specified user shall be allowed at the moment. Returns:
2152 *
2153 * -ESTALE: Record is from the future
2154 * -ENOLCK: Record is blocked
2155 * -EL2HLT: Record is not valid yet
2156 * -EL3HLT: Record is not valid anymore
2157 *
2158 */
2159
2160 assert(h);
2161
2162 if (h->locked > 0)
2163 return -ENOLCK;
2164
2165 n = now(CLOCK_REALTIME);
2166
2167 if (h->not_before_usec != UINT64_MAX && n < h->not_before_usec)
2168 return -EL2HLT;
2169 if (h->not_after_usec != UINT64_MAX && n > h->not_after_usec)
2170 return -EL3HLT;
2171
2172 if (h->last_change_usec != UINT64_MAX &&
2173 h->last_change_usec > n) /* Complain during log-ins when the record is from the future */
2174 return -ESTALE;
2175
2176 return 0;
2177 }
2178
2179 int user_record_test_password_change_required(UserRecord *h) {
2180 bool change_permitted;
2181 usec_t n;
2182
2183 assert(h);
2184
2185 /* Checks whether the user must change the password when logging in
2186
2187 -EKEYREVOKED: Change password now because admin said so
2188 -EOWNERDEAD: Change password now because it expired
2189 -EKEYREJECTED: Password is expired, no changing is allowed
2190 -EKEYEXPIRED: Password is about to expire, warn user
2191 -ENETDOWN: Record has expiration info but no password change timestamp
2192 -EROFS: No password change required nor permitted
2193 -ESTALE: RTC likely incorrect, last password change is in the future
2194 0: No password change required, but permitted
2195 */
2196
2197 /* If a password change request has been set explicitly, it overrides everything */
2198 if (h->password_change_now > 0)
2199 return -EKEYREVOKED;
2200
2201 n = now(CLOCK_REALTIME);
2202
2203 /* Password change in the future? Then our RTC is likely incorrect */
2204 if (h->last_password_change_usec != UINT64_MAX &&
2205 h->last_password_change_usec > n &&
2206 (h->password_change_min_usec != UINT64_MAX ||
2207 h->password_change_max_usec != UINT64_MAX ||
2208 h->password_change_inactive_usec != UINT64_MAX))
2209 return -ESTALE;
2210
2211 /* Then, let's check if password changing is currently allowed at all */
2212 if (h->password_change_min_usec != UINT64_MAX) {
2213
2214 /* Expiry configured but no password change timestamp known? */
2215 if (h->last_password_change_usec == UINT64_MAX)
2216 return -ENETDOWN;
2217
2218 if (h->password_change_min_usec >= UINT64_MAX - h->last_password_change_usec)
2219 change_permitted = false;
2220 else
2221 change_permitted = n >= h->last_password_change_usec + h->password_change_min_usec;
2222
2223 } else
2224 change_permitted = true;
2225
2226 /* Let's check whether the password has expired. */
2227 if (!(h->password_change_max_usec == UINT64_MAX ||
2228 h->password_change_max_usec >= UINT64_MAX - h->last_password_change_usec)) {
2229
2230 uint64_t change_before;
2231
2232 /* Expiry configured but no password change timestamp known? */
2233 if (h->last_password_change_usec == UINT64_MAX)
2234 return -ENETDOWN;
2235
2236 /* Password is in inactive phase? */
2237 if (h->password_change_inactive_usec != UINT64_MAX &&
2238 h->password_change_inactive_usec < UINT64_MAX - h->password_change_max_usec) {
2239 usec_t added;
2240
2241 added = h->password_change_inactive_usec + h->password_change_max_usec;
2242 if (added < UINT64_MAX - h->last_password_change_usec &&
2243 n >= h->last_password_change_usec + added)
2244 return -EKEYREJECTED;
2245 }
2246
2247 /* Password needs to be changed now? */
2248 change_before = h->last_password_change_usec + h->password_change_max_usec;
2249 if (n >= change_before)
2250 return change_permitted ? -EOWNERDEAD : -EKEYREJECTED;
2251
2252 /* Warn user? */
2253 if (h->password_change_warn_usec != UINT64_MAX &&
2254 (change_before < h->password_change_warn_usec ||
2255 n >= change_before - h->password_change_warn_usec))
2256 return change_permitted ? -EKEYEXPIRED : -EROFS;
2257 }
2258
2259 /* No password changing necessary */
2260 return change_permitted ? 0 : -EROFS;
2261 }
2262
2263 static const char* const user_storage_table[_USER_STORAGE_MAX] = {
2264 [USER_CLASSIC] = "classic",
2265 [USER_LUKS] = "luks",
2266 [USER_DIRECTORY] = "directory",
2267 [USER_SUBVOLUME] = "subvolume",
2268 [USER_FSCRYPT] = "fscrypt",
2269 [USER_CIFS] = "cifs",
2270 };
2271
2272 DEFINE_STRING_TABLE_LOOKUP(user_storage, UserStorage);
2273
2274 static const char* const user_disposition_table[_USER_DISPOSITION_MAX] = {
2275 [USER_INTRINSIC] = "intrinsic",
2276 [USER_SYSTEM] = "system",
2277 [USER_DYNAMIC] = "dynamic",
2278 [USER_REGULAR] = "regular",
2279 [USER_CONTAINER] = "container",
2280 [USER_RESERVED] = "reserved",
2281 };
2282
2283 DEFINE_STRING_TABLE_LOOKUP(user_disposition, UserDisposition);
Unnamed repository; edit this file 'description' to name the repository.