]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/home/homed-home.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
fileio: sync directory after rename, too
[thirdparty/systemd.git] / src / home / homed-home.c
CommitLineData
70a5db58
LP		 1/* SPDX-License-Identifier: LGPL-2.1+ */
2
3#if HAVE_LINUX_MEMFD_H
4#include <linux/memfd.h>
5#endif
6
7#include <sys/mman.h>
8#include <sys/quota.h>
9#include <sys/vfs.h>
10
11#include "blockdev-util.h"
12#include "btrfs-util.h"
13#include "bus-common-errors.h"
14#include "env-util.h"
15#include "errno-list.h"
16#include "errno-util.h"
17#include "fd-util.h"
18#include "fileio.h"
19#include "home-util.h"
20#include "homed-home-bus.h"
21#include "homed-home.h"
22#include "missing_syscall.h"
23#include "mkdir.h"
24#include "path-util.h"
25#include "process-util.h"
26#include "pwquality-util.h"
27#include "quota-util.h"
28#include "resize-fs.h"
29#include "set.h"
30#include "signal-util.h"
31#include "stat-util.h"
32#include "string-table.h"
33#include "strv.h"
34#include "user-record-sign.h"
35#include "user-record-util.h"
36#include "user-record.h"
37#include "user-util.h"
38
39#define HOME_USERS_MAX 500
40#define PENDING_OPERATIONS_MAX 100
41
42assert_cc(HOME_UID_MIN <= HOME_UID_MAX);
43assert_cc(HOME_USERS_MAX <= (HOME_UID_MAX - HOME_UID_MIN + 1));
44
45static int home_start_work(Home *h, const char *verb, UserRecord *hr, UserRecord *secret);
46
47DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(operation_hash_ops, void, trivial_hash_func, trivial_compare_func, Operation, operation_unref);
48
49static int suitable_home_record(UserRecord *hr) {
50 int r;
51
52 assert(hr);
53
54 if (!hr->user_name)
55 return -EUNATCH;
56
57 /* We are a bit more restrictive with what we accept as homed-managed user than what we accept in
58 * home records in general. Let's enforce the stricter rule here. */
59 if (!suitable_user_name(hr->user_name))
60 return -EINVAL;
61 if (!uid_is_valid(hr->uid))
62 return -EINVAL;
63
64 /* Insist we are outside of the dynamic and system range */
65 if (uid_is_system(hr->uid) || gid_is_system(user_record_gid(hr)) ||
66 uid_is_dynamic(hr->uid) || gid_is_dynamic(user_record_gid(hr)))
67 return -EADDRNOTAVAIL;
68
69 /* Insist that GID and UID match */
70 if (user_record_gid(hr) != (gid_t) hr->uid)
71 return -EBADSLT;
72
73 /* Similar for the realm */
74 if (hr->realm) {
75 r = suitable_realm(hr->realm);
76 if (r < 0)
77 return r;
78 if (r == 0)
79 return -EINVAL;
80 }
81
82 return 0;
83}
84
85int home_new(Manager *m, UserRecord *hr, const char *sysfs, Home **ret) {
86 _cleanup_(home_freep) Home *home = NULL;
87 _cleanup_free_ char *nm = NULL, *ns = NULL;
88 int r;
89
90 assert(m);
91 assert(hr);
92
93 r = suitable_home_record(hr);
94 if (r < 0)
95 return r;
96
97 if (hashmap_contains(m->homes_by_name, hr->user_name))
98 return -EBUSY;
99
100 if (hashmap_contains(m->homes_by_uid, UID_TO_PTR(hr->uid)))
101 return -EBUSY;
102
103 if (sysfs && hashmap_contains(m->homes_by_sysfs, sysfs))
104 return -EBUSY;
105
106 if (hashmap_size(m->homes_by_name) >= HOME_USERS_MAX)
107 return -EUSERS;
108
109 nm = strdup(hr->user_name);
110 if (!nm)
111 return -ENOMEM;
112
113 if (sysfs) {
114 ns = strdup(sysfs);
115 if (!ns)
116 return -ENOMEM;
117 }
118
119 home = new(Home, 1);
120 if (!home)
121 return -ENOMEM;
122
123 *home = (Home) {
124 .manager = m,
125 .user_name = TAKE_PTR(nm),
126 .uid = hr->uid,
127 .state = _HOME_STATE_INVALID,
128 .worker_stdout_fd = -1,
129 .sysfs = TAKE_PTR(ns),
130 .signed_locally = -1,
131 };
132
133 r = hashmap_put(m->homes_by_name, home->user_name, home);
134 if (r < 0)
135 return r;
136
137 r = hashmap_put(m->homes_by_uid, UID_TO_PTR(home->uid), home);
138 if (r < 0)
139 return r;
140
141 if (home->sysfs) {
142 r = hashmap_put(m->homes_by_sysfs, home->sysfs, home);
143 if (r < 0)
144 return r;
145 }
146
147 r = user_record_clone(hr, USER_RECORD_LOAD_MASK_SECRET, &home->record);
148 if (r < 0)
149 return r;
150
151 (void) bus_manager_emit_auto_login_changed(m);
152 (void) bus_home_emit_change(home);
153
154 if (ret)
155 *ret = TAKE_PTR(home);
156 else
157 TAKE_PTR(home);
158
159 return 0;
160}
161
162Home *home_free(Home *h) {
163
164 if (!h)
165 return NULL;
166
167 if (h->manager) {
168 (void) bus_home_emit_remove(h);
169 (void) bus_manager_emit_auto_login_changed(h->manager);
170
171 if (h->user_name)
172 (void) hashmap_remove_value(h->manager->homes_by_name, h->user_name, h);
173
174 if (uid_is_valid(h->uid))
175 (void) hashmap_remove_value(h->manager->homes_by_uid, UID_TO_PTR(h->uid), h);
176
177 if (h->sysfs)
178 (void) hashmap_remove_value(h->manager->homes_by_sysfs, h->sysfs, h);
179
180 if (h->worker_pid > 0)
181 (void) hashmap_remove_value(h->manager->homes_by_worker_pid, PID_TO_PTR(h->worker_pid), h);
182
183 if (h->manager->gc_focus == h)
184 h->manager->gc_focus = NULL;
185 }
186
187 user_record_unref(h->record);
188 user_record_unref(h->secret);
189
190 h->worker_event_source = sd_event_source_unref(h->worker_event_source);
191 safe_close(h->worker_stdout_fd);
192 free(h->user_name);
193 free(h->sysfs);
194
195 h->ref_event_source_please_suspend = sd_event_source_unref(h->ref_event_source_please_suspend);
196 h->ref_event_source_dont_suspend = sd_event_source_unref(h->ref_event_source_dont_suspend);
197
198 h->pending_operations = ordered_set_free(h->pending_operations);
199 h->pending_event_source = sd_event_source_unref(h->pending_event_source);
200 h->deferred_change_event_source = sd_event_source_unref(h->deferred_change_event_source);
201
202 h->current_operation = operation_unref(h->current_operation);
203
204 return mfree(h);
205}
206
207int home_set_record(Home *h, UserRecord *hr) {
208 _cleanup_(user_record_unrefp) UserRecord *new_hr = NULL;
209 Home *other;
210 int r;
211
212 assert(h);
213 assert(h->user_name);
214 assert(h->record);
215 assert(hr);
216
217 if (user_record_equal(h->record, hr))
218 return 0;
219
220 r = suitable_home_record(hr);
221 if (r < 0)
222 return r;
223
224 if (!user_record_compatible(h->record, hr))
225 return -EREMCHG;
226
227 if (!FLAGS_SET(hr->mask, USER_RECORD_REGULAR) ||
228 FLAGS_SET(hr->mask, USER_RECORD_SECRET))
229 return -EINVAL;
230
231 if (FLAGS_SET(h->record->mask, USER_RECORD_STATUS)) {
232 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
233
234 /* Hmm, the existing record has status fields? If so, copy them over */
235
236 v = json_variant_ref(hr->json);
237 r = json_variant_set_field(&v, "status", json_variant_by_key(h->record->json, "status"));
238 if (r < 0)
239 return r;
240
241 new_hr = user_record_new();
242 if (!new_hr)
243 return -ENOMEM;
244
245 r = user_record_load(new_hr, v, USER_RECORD_LOAD_REFUSE_SECRET);
246 if (r < 0)
247 return r;
248
249 hr = new_hr;
250 }
251
252 other = hashmap_get(h->manager->homes_by_uid, UID_TO_PTR(hr->uid));
253 if (other && other != h)
254 return -EBUSY;
255
256 if (h->uid != hr->uid) {
257 r = hashmap_remove_and_replace(h->manager->homes_by_uid, UID_TO_PTR(h->uid), UID_TO_PTR(hr->uid), h);
258 if (r < 0)
259 return r;
260 }
261
262 user_record_unref(h->record);
263 h->record = user_record_ref(hr);
264 h->uid = h->record->uid;
265
266 /* The updated record might have a different autologin setting, trigger a PropertiesChanged event for it */
267 (void) bus_manager_emit_auto_login_changed(h->manager);
268 (void) bus_home_emit_change(h);
269
270 return 0;
271}
272
273int home_save_record(Home *h) {
274 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
275 _cleanup_free_ char *text = NULL;
276 const char *fn;
277 int r;
278
279 assert(h);
280
281 v = json_variant_ref(h->record->json);
282 r = json_variant_normalize(&v);
283 if (r < 0)
284 log_warning_errno(r, "User record could not be normalized.");
285
286 r = json_variant_format(v, JSON_FORMAT_PRETTY|JSON_FORMAT_NEWLINE, &text);
287 if (r < 0)
288 return r;
289
290 (void) mkdir("/var/lib/systemd/", 0755);
291 (void) mkdir("/var/lib/systemd/home/", 0700);
292
293 fn = strjoina("/var/lib/systemd/home/", h->user_name, ".identity");
294
295 r = write_string_file(fn, text, WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_MODE_0600);
296 if (r < 0)
297 return r;
298
299 return 0;
300}
301
302int home_unlink_record(Home *h) {
303 const char *fn;
304
305 assert(h);
306
307 fn = strjoina("/var/lib/systemd/home/", h->user_name, ".identity");
308 if (unlink(fn) < 0 && errno != ENOENT)
309 return -errno;
310
311 fn = strjoina("/run/systemd/home/", h->user_name, ".ref");
312 if (unlink(fn) < 0 && errno != ENOENT)
313 return -errno;
314
315 return 0;
316}
317
318static void home_set_state(Home *h, HomeState state) {
319 HomeState old_state, new_state;
320
321 assert(h);
322
323 old_state = home_get_state(h);
324 h->state = state;
325 new_state = home_get_state(h); /* Query the new state, since the 'state' variable might be set to -1,
326 * in which case we synthesize an high-level state on demand */
327
328 log_info("%s: changing state %s → %s", h->user_name,
329 home_state_to_string(old_state),
330 home_state_to_string(new_state));
331
332 if (HOME_STATE_IS_EXECUTING_OPERATION(old_state) && !HOME_STATE_IS_EXECUTING_OPERATION(new_state)) {
333 /* If we just finished executing some operation, process the queue of pending operations. And
334 * enqueue it for GC too. */
335
336 home_schedule_operation(h, NULL, NULL);
337 manager_enqueue_gc(h->manager, h);
338 }
339}
340
341static int home_parse_worker_stdout(int _fd, UserRecord **ret) {
342 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
343 _cleanup_close_ int fd = _fd; /* take possession, even on failure */
344 _cleanup_(user_record_unrefp) UserRecord *hr = NULL;
345 _cleanup_fclose_ FILE *f = NULL;
346 unsigned line, column;
347 struct stat st;
348 int r;
349
350 if (fstat(fd, &st) < 0)
351 return log_error_errno(errno, "Failed to stat stdout fd: %m");
352
353 assert(S_ISREG(st.st_mode));
354
355 if (st.st_size == 0) { /* empty record */
356 *ret = NULL;
357 return 0;
358 }
359
360 if (lseek(fd, SEEK_SET, 0) == (off_t) -1)
361 return log_error_errno(errno, "Failed to seek to beginning of memfd: %m");
362
4fa744a3 363 f = take_fdopen(&fd, "r");
70a5db58
LP		 364 if (!f)
365 return log_error_errno(errno, "Failed to reopen memfd: %m");
366
70a5db58
LP		 367 if (DEBUG_LOGGING) {
368 _cleanup_free_ char *text = NULL;
369
370 r = read_full_stream(f, &text, NULL);
371 if (r < 0)
372 return log_error_errno(r, "Failed to read from client: %m");
373
374 log_debug("Got from worker: %s", text);
375 rewind(f);
376 }
377
378 r = json_parse_file(f, "stdout", JSON_PARSE_SENSITIVE, &v, &line, &column);
379 if (r < 0)
380 return log_error_errno(r, "Failed to parse identity at %u:%u: %m", line, column);
381
382 hr = user_record_new();
383 if (!hr)
384 return log_oom();
385
386 r = user_record_load(hr, v, USER_RECORD_LOAD_REFUSE_SECRET);
387 if (r < 0)
388 return log_error_errno(r, "Failed to load home record identity: %m");
389
390 *ret = TAKE_PTR(hr);
391 return 1;
392}
393
394static int home_verify_user_record(Home *h, UserRecord *hr, bool *ret_signed_locally, sd_bus_error *ret_error) {
395 int is_signed;
396
397 assert(h);
398 assert(hr);
399 assert(ret_signed_locally);
400
401 is_signed = manager_verify_user_record(h->manager, hr);
402 switch (is_signed) {
403
404 case USER_RECORD_SIGNED_EXCLUSIVE:
405 log_info("Home %s is signed exclusively by our key, accepting.", hr->user_name);
406 *ret_signed_locally = true;
407 return 0;
408
409 case USER_RECORD_SIGNED:
410 log_info("Home %s is signed by our key (and others), accepting.", hr->user_name);
411 *ret_signed_locally = false;
412 return 0;
413
414 case USER_RECORD_FOREIGN:
415 log_info("Home %s is signed by foreign key we like, accepting.", hr->user_name);
416 *ret_signed_locally = false;
417 return 0;
418
419 case USER_RECORD_UNSIGNED:
420 sd_bus_error_setf(ret_error, BUS_ERROR_BAD_SIGNATURE, "User record %s is not signed at all, refusing.", hr->user_name);
421 return log_error_errno(SYNTHETIC_ERRNO(EPERM), "Home %s contains user record that is not signed at all, refusing.", hr->user_name);
422
423 case -ENOKEY:
424 sd_bus_error_setf(ret_error, BUS_ERROR_BAD_SIGNATURE, "User record %s is not signed by any known key, refusing.", hr->user_name);
80ace4f2 425 return log_error_errno(is_signed, "Home %s contains user record that is not signed by any known key, refusing.", hr->user_name);
70a5db58
LP		 426
427 default:
428 assert(is_signed < 0);
429 return log_error_errno(is_signed, "Failed to verify signature on user record for %s, refusing fixation: %m", hr->user_name);
430 }
431}
432
433static int convert_worker_errno(Home *h, int e, sd_bus_error *error) {
434 /* Converts the error numbers the worker process returned into somewhat sensible dbus errors */
435
436 switch (e) {
437
438 case -EMSGSIZE:
162392b7 439 return sd_bus_error_setf(error, BUS_ERROR_BAD_HOME_SIZE, "File systems of this type cannot be shrunk");
70a5db58 440 case -ETXTBSY:
162392b7 441 return sd_bus_error_setf(error, BUS_ERROR_BAD_HOME_SIZE, "File systems of this type can only be shrunk offline");
70a5db58
LP		 442 case -ERANGE:
443 return sd_bus_error_setf(error, BUS_ERROR_BAD_HOME_SIZE, "File system size too small");
444 case -ENOLINK:
445 return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "System does not support selected storage backend");
446 case -EPROTONOSUPPORT:
447 return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "System does not support selected file system");
448 case -ENOTTY:
449 return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Operation not supported on storage backend");
450 case -ESOCKTNOSUPPORT:
451 return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Operation not supported on file system");
452 case -ENOKEY:
453 return sd_bus_error_setf(error, BUS_ERROR_BAD_PASSWORD, "Password for home %s is incorrect or not sufficient for authentication.", h->user_name);
454 case -EBADSLT:
455 return sd_bus_error_setf(error, BUS_ERROR_BAD_PASSWORD_AND_NO_TOKEN, "Password for home %s is incorrect or not sufficient, and configured security token not found either.", h->user_name);
456 case -ENOANO:
457 return sd_bus_error_setf(error, BUS_ERROR_TOKEN_PIN_NEEDED, "PIN for security token required.");
458 case -ERFKILL:
459 return sd_bus_error_setf(error, BUS_ERROR_TOKEN_PROTECTED_AUTHENTICATION_PATH_NEEDED, "Security token requires protected authentication path.");
460 case -EOWNERDEAD:
461 return sd_bus_error_setf(error, BUS_ERROR_TOKEN_PIN_LOCKED, "PIN of security token locked.");
462 case -ENOLCK:
463 return sd_bus_error_setf(error, BUS_ERROR_TOKEN_BAD_PIN, "Bad PIN of security token.");
464 case -ETOOMANYREFS:
465 return sd_bus_error_setf(error, BUS_ERROR_TOKEN_BAD_PIN_FEW_TRIES_LEFT, "Bad PIN of security token, and only a few tries left.");
466 case -EUCLEAN:
467 return sd_bus_error_setf(error, BUS_ERROR_TOKEN_BAD_PIN_ONE_TRY_LEFT, "Bad PIN of security token, and only one try left.");
468 case -EBUSY:
469 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
470 case -ENOEXEC:
471 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s is currently not active", h->user_name);
472 case -ENOSPC:
473 return sd_bus_error_setf(error, BUS_ERROR_NO_DISK_SPACE, "Not enough disk space for home %s", h->user_name);
cbffdcec
LP		 474 case -EKEYREVOKED:
475 return sd_bus_error_setf(error, BUS_ERROR_HOME_CANT_AUTHENTICATE, "Home %s has no password or other authentication mechanism defined.", h->user_name);
70a5db58
LP		 476 }
477
478 return 0;
479}
480
481static void home_count_bad_authentication(Home *h, bool save) {
482 int r;
483
484 assert(h);
485
486 r = user_record_bad_authentication(h->record);
487 if (r < 0) {
488 log_warning_errno(r, "Failed to increase bad authentication counter, ignoring: %m");
489 return;
490 }
491
492 if (save) {
493 r = home_save_record(h);
494 if (r < 0)
495 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
496 }
497}
498
499static void home_fixate_finish(Home *h, int ret, UserRecord *hr) {
500 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
501 _cleanup_(user_record_unrefp) UserRecord *secret = NULL;
502 bool signed_locally;
503 int r;
504
505 assert(h);
506 assert(IN_SET(h->state, HOME_FIXATING, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE));
507
508 secret = TAKE_PTR(h->secret); /* Take possession */
509
510 if (ret < 0) {
511 if (ret == -ENOKEY)
512 (void) home_count_bad_authentication(h, false);
513
514 (void) convert_worker_errno(h, ret, &error);
515 r = log_error_errno(ret, "Fixation failed: %m");
516 goto fail;
517 }
518 if (!hr) {
519 r = log_error_errno(SYNTHETIC_ERRNO(EIO), "Did not receive user record from worker process, fixation failed.");
520 goto fail;
521 }
522
523 r = home_verify_user_record(h, hr, &signed_locally, &error);
524 if (r < 0)
525 goto fail;
526
527 r = home_set_record(h, hr);
528 if (r < 0) {
529 log_error_errno(r, "Failed to update home record: %m");
530 goto fail;
531 }
532
533 h->signed_locally = signed_locally;
534
535 /* When we finished fixating (and don't follow-up with activation), let's count this as good authentication */
536 if (h->state == HOME_FIXATING) {
537 r = user_record_good_authentication(h->record);
538 if (r < 0)
539 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
540 }
541
542 r = home_save_record(h);
543 if (r < 0)
544 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
545
546 if (IN_SET(h->state, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE)) {
547
548 r = home_start_work(h, "activate", h->record, secret);
549 if (r < 0) {
550 h->current_operation = operation_result_unref(h->current_operation, r, NULL);
551 home_set_state(h, _HOME_STATE_INVALID);
552 } else
553 home_set_state(h, h->state == HOME_FIXATING_FOR_ACTIVATION ? HOME_ACTIVATING : HOME_ACTIVATING_FOR_ACQUIRE);
554
555 return;
556 }
557
558 log_debug("Fixation of %s completed.", h->user_name);
559
560 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
561
562 /* Reset the state to "invalid", which makes home_get_state() test if the image exists and returns
563 * HOME_ABSENT vs. HOME_INACTIVE as necessary. */
564 home_set_state(h, _HOME_STATE_INVALID);
565 return;
566
567fail:
568 /* If fixation fails, we stay in unfixated state! */
569 h->current_operation = operation_result_unref(h->current_operation, r, &error);
570 home_set_state(h, HOME_UNFIXATED);
571}
572
573static void home_activate_finish(Home *h, int ret, UserRecord *hr) {
574 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
575 int r;
576
577 assert(h);
578 assert(IN_SET(h->state, HOME_ACTIVATING, HOME_ACTIVATING_FOR_ACQUIRE));
579
580 if (ret < 0) {
581 if (ret == -ENOKEY)
582 home_count_bad_authentication(h, true);
583
584 (void) convert_worker_errno(h, ret, &error);
585 r = log_error_errno(ret, "Activation failed: %m");
586 goto finish;
587 }
588
589 if (hr) {
590 bool signed_locally;
591
592 r = home_verify_user_record(h, hr, &signed_locally, &error);
593 if (r < 0)
594 goto finish;
595
596 r = home_set_record(h, hr);
597 if (r < 0) {
598 log_error_errno(r, "Failed to update home record, ignoring: %m");
599 goto finish;
600 }
601
602 h->signed_locally = signed_locally;
603
604 r = user_record_good_authentication(h->record);
605 if (r < 0)
606 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
607
608 r = home_save_record(h);
609 if (r < 0)
610 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
611 }
612
613 log_debug("Activation of %s completed.", h->user_name);
614 r = 0;
615
616finish:
617 h->current_operation = operation_result_unref(h->current_operation, r, &error);
618 home_set_state(h, _HOME_STATE_INVALID);
619}
620
621static void home_deactivate_finish(Home *h, int ret, UserRecord *hr) {
622 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
623 int r;
624
625 assert(h);
626 assert(h->state == HOME_DEACTIVATING);
627 assert(!hr); /* We don't expect a record on this operation */
628
629 if (ret < 0) {
630 (void) convert_worker_errno(h, ret, &error);
631 r = log_error_errno(ret, "Deactivation of %s failed: %m", h->user_name);
632 goto finish;
633 }
634
635 log_debug("Deactivation of %s completed.", h->user_name);
636 r = 0;
637
638finish:
639 h->current_operation = operation_result_unref(h->current_operation, r, &error);
640 home_set_state(h, _HOME_STATE_INVALID);
641}
642
643static void home_remove_finish(Home *h, int ret, UserRecord *hr) {
644 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
645 Manager *m;
646 int r;
647
648 assert(h);
649 assert(h->state == HOME_REMOVING);
650 assert(!hr); /* We don't expect a record on this operation */
651
652 m = h->manager;
653
654 if (ret < 0 && ret != -EALREADY) {
655 (void) convert_worker_errno(h, ret, &error);
656 r = log_error_errno(ret, "Removing %s failed: %m", h->user_name);
657 goto fail;
658 }
659
660 /* For a couple of storage types we can't delete the actual data storage when called (such as LUKS on
661 * partitions like USB sticks, or so). Sometimes these storage locations are among those we normally
662 * automatically discover in /home or in udev. When such a home is deleted let's hence issue a rescan
663 * after completion, so that "unfixated" entries are rediscovered. */
664 if (!IN_SET(user_record_test_image_path(h->record), USER_TEST_UNDEFINED, USER_TEST_ABSENT))
665 manager_enqueue_rescan(m);
666
667 /* The image is now removed from disk. Now also remove our stored record */
668 r = home_unlink_record(h);
669 if (r < 0) {
670 log_error_errno(r, "Removing record file failed: %m");
671 goto fail;
672 }
673
674 log_debug("Removal of %s completed.", h->user_name);
675 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
676
677 /* Unload this record from memory too now. */
678 h = home_free(h);
679 return;
680
681fail:
682 h->current_operation = operation_result_unref(h->current_operation, r, &error);
683 home_set_state(h, _HOME_STATE_INVALID);
684}
685
686static void home_create_finish(Home *h, int ret, UserRecord *hr) {
687 int r;
688
689 assert(h);
690 assert(h->state == HOME_CREATING);
691
692 if (ret < 0) {
693 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
694
695 (void) convert_worker_errno(h, ret, &error);
696 log_error_errno(ret, "Operation on %s failed: %m", h->user_name);
697 h->current_operation = operation_result_unref(h->current_operation, ret, &error);
698
699 if (h->unregister_on_failure) {
700 (void) home_unlink_record(h);
701 h = home_free(h);
702 return;
703 }
704
705 home_set_state(h, _HOME_STATE_INVALID);
706 return;
707 }
708
709 if (hr) {
710 r = home_set_record(h, hr);
711 if (r < 0)
712 log_warning_errno(r, "Failed to update home record, ignoring: %m");
713 }
714
715 r = home_save_record(h);
716 if (r < 0)
717 log_warning_errno(r, "Failed to save record to disk, ignoring: %m");
718
719 log_debug("Creation of %s completed.", h->user_name);
720
721 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
722 home_set_state(h, _HOME_STATE_INVALID);
723}
724
725static void home_change_finish(Home *h, int ret, UserRecord *hr) {
726 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
727 int r;
728
729 assert(h);
730
731 if (ret < 0) {
732 if (ret == -ENOKEY)
733 (void) home_count_bad_authentication(h, true);
734
735 (void) convert_worker_errno(h, ret, &error);
736 r = log_error_errno(ret, "Change operation failed: %m");
737 goto finish;
738 }
739
740 if (hr) {
741 r = home_set_record(h, hr);
742 if (r < 0)
743 log_warning_errno(r, "Failed to update home record, ignoring: %m");
744 else {
745 r = user_record_good_authentication(h->record);
746 if (r < 0)
747 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
748
749 r = home_save_record(h);
750 if (r < 0)
751 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
752 }
753 }
754
755 log_debug("Change operation of %s completed.", h->user_name);
756 r = 0;
757
758finish:
759 h->current_operation = operation_result_unref(h->current_operation, r, &error);
760 home_set_state(h, _HOME_STATE_INVALID);
761}
762
763static void home_locking_finish(Home *h, int ret, UserRecord *hr) {
764 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
765 int r;
766
767 assert(h);
768 assert(h->state == HOME_LOCKING);
769
770 if (ret < 0) {
771 (void) convert_worker_errno(h, ret, &error);
772 r = log_error_errno(ret, "Locking operation failed: %m");
773 goto finish;
774 }
775
776 log_debug("Locking operation of %s completed.", h->user_name);
777 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
778 home_set_state(h, HOME_LOCKED);
779 return;
780
781finish:
782 /* If a specific home doesn't know the concept of locking, then that's totally OK, don't propagate
783 * the error if we are executing a LockAllHomes() operation. */
784
785 if (h->current_operation->type == OPERATION_LOCK_ALL && r == -ENOTTY)
786 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
787 else
788 h->current_operation = operation_result_unref(h->current_operation, r, &error);
789
790 home_set_state(h, _HOME_STATE_INVALID);
791}
792
793static void home_unlocking_finish(Home *h, int ret, UserRecord *hr) {
794 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
795 int r;
796
797 assert(h);
798 assert(IN_SET(h->state, HOME_UNLOCKING, HOME_UNLOCKING_FOR_ACQUIRE));
799
800 if (ret < 0) {
801 if (ret == -ENOKEY)
802 (void) home_count_bad_authentication(h, true);
803
804 (void) convert_worker_errno(h, ret, &error);
805 r = log_error_errno(ret, "Unlocking operation failed: %m");
806
807 /* Revert to locked state */
808 home_set_state(h, HOME_LOCKED);
809 h->current_operation = operation_result_unref(h->current_operation, r, &error);
810 return;
811 }
812
813 r = user_record_good_authentication(h->record);
814 if (r < 0)
815 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
816 else {
817 r = home_save_record(h);
818 if (r < 0)
819 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
820 }
821
822 log_debug("Unlocking operation of %s completed.", h->user_name);
823
824 h->current_operation = operation_result_unref(h->current_operation, r, &error);
825 home_set_state(h, _HOME_STATE_INVALID);
826 return;
827}
828
829static void home_authenticating_finish(Home *h, int ret, UserRecord *hr) {
830 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
831 int r;
832
833 assert(h);
834 assert(IN_SET(h->state, HOME_AUTHENTICATING, HOME_AUTHENTICATING_WHILE_ACTIVE, HOME_AUTHENTICATING_FOR_ACQUIRE));
835
836 if (ret < 0) {
837 if (ret == -ENOKEY)
838 (void) home_count_bad_authentication(h, true);
839
840 (void) convert_worker_errno(h, ret, &error);
841 r = log_error_errno(ret, "Authentication failed: %m");
842 goto finish;
843 }
844
845 if (hr) {
846 r = home_set_record(h, hr);
847 if (r < 0)
848 log_warning_errno(r, "Failed to update home record, ignoring: %m");
849 else {
850 r = user_record_good_authentication(h->record);
851 if (r < 0)
852 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
853
854 r = home_save_record(h);
855 if (r < 0)
856 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
857 }
858 }
859
860 log_debug("Authentication of %s completed.", h->user_name);
861 r = 0;
862
863finish:
864 h->current_operation = operation_result_unref(h->current_operation, r, &error);
865 home_set_state(h, _HOME_STATE_INVALID);
866}
867
868static int home_on_worker_process(sd_event_source *s, const siginfo_t *si, void *userdata) {
869 _cleanup_(user_record_unrefp) UserRecord *hr = NULL;
870 Home *h = userdata;
871 int ret;
872
873 assert(s);
874 assert(si);
875 assert(h);
876
877 assert(h->worker_pid == si->si_pid);
878 assert(h->worker_event_source);
879 assert(h->worker_stdout_fd >= 0);
880
881 (void) hashmap_remove_value(h->manager->homes_by_worker_pid, PID_TO_PTR(h->worker_pid), h);
882
883 h->worker_pid = 0;
884 h->worker_event_source = sd_event_source_unref(h->worker_event_source);
885
886 if (si->si_code != CLD_EXITED) {
887 assert(IN_SET(si->si_code, CLD_KILLED, CLD_DUMPED));
888 ret = log_debug_errno(SYNTHETIC_ERRNO(EPROTO), "Worker process died abnormally with signal %s.", signal_to_string(si->si_status));
889 } else if (si->si_status != EXIT_SUCCESS) {
890 /* If we received an error code via sd_notify(), use it */
891 if (h->worker_error_code != 0)
892 ret = log_debug_errno(h->worker_error_code, "Worker reported error code %s.", errno_to_name(h->worker_error_code));
893 else
894 ret = log_debug_errno(SYNTHETIC_ERRNO(EPROTO), "Worker exited with exit code %i.", si->si_status);
895 } else
896 ret = home_parse_worker_stdout(TAKE_FD(h->worker_stdout_fd), &hr);
897
898 h->worker_stdout_fd = safe_close(h->worker_stdout_fd);
899
900 switch (h->state) {
901
902 case HOME_FIXATING:
903 case HOME_FIXATING_FOR_ACTIVATION:
904 case HOME_FIXATING_FOR_ACQUIRE:
905 home_fixate_finish(h, ret, hr);
906 break;
907
908 case HOME_ACTIVATING:
909 case HOME_ACTIVATING_FOR_ACQUIRE:
910 home_activate_finish(h, ret, hr);
911 break;
912
913 case HOME_DEACTIVATING:
914 home_deactivate_finish(h, ret, hr);
915 break;
916
917 case HOME_LOCKING:
918 home_locking_finish(h, ret, hr);
919 break;
920
921 case HOME_UNLOCKING:
922 case HOME_UNLOCKING_FOR_ACQUIRE:
923 home_unlocking_finish(h, ret, hr);
924 break;
925
926 case HOME_CREATING:
927 home_create_finish(h, ret, hr);
928 break;
929
930 case HOME_REMOVING:
931 home_remove_finish(h, ret, hr);
932 break;
933
934 case HOME_UPDATING:
935 case HOME_UPDATING_WHILE_ACTIVE:
936 case HOME_RESIZING:
937 case HOME_RESIZING_WHILE_ACTIVE:
938 case HOME_PASSWD:
939 case HOME_PASSWD_WHILE_ACTIVE:
940 home_change_finish(h, ret, hr);
941 break;
942
943 case HOME_AUTHENTICATING:
944 case HOME_AUTHENTICATING_WHILE_ACTIVE:
945 case HOME_AUTHENTICATING_FOR_ACQUIRE:
946 home_authenticating_finish(h, ret, hr);
947 break;
948
949 default:
950 assert_not_reached("Unexpected state after worker exited");
951 }
952
953 return 0;
954}
955
956static int home_start_work(Home *h, const char *verb, UserRecord *hr, UserRecord *secret) {
957 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
958 _cleanup_(erase_and_freep) char *formatted = NULL;
959 _cleanup_close_ int stdin_fd = -1, stdout_fd = -1;
960 pid_t pid = 0;
961 int r;
962
963 assert(h);
964 assert(verb);
965 assert(hr);
966
967 if (h->worker_pid != 0)
968 return -EBUSY;
969
970 assert(h->worker_stdout_fd < 0);
971 assert(!h->worker_event_source);
972
973 v = json_variant_ref(hr->json);
974
975 if (secret) {
976 JsonVariant *sub = NULL;
977
978 sub = json_variant_by_key(secret->json, "secret");
979 if (!sub)
980 return -ENOKEY;
981
982 r = json_variant_set_field(&v, "secret", sub);
983 if (r < 0)
984 return r;
985 }
986
987 r = json_variant_format(v, 0, &formatted);
988 if (r < 0)
989 return r;
990
991 stdin_fd = acquire_data_fd(formatted, strlen(formatted), 0);
992 if (stdin_fd < 0)
993 return stdin_fd;
994
995 log_debug("Sending to worker: %s", formatted);
996
997 stdout_fd = memfd_create("homework-stdout", MFD_CLOEXEC);
998 if (stdout_fd < 0)
999 return -errno;
1000
1001 r = safe_fork_full("(sd-homework)",
1002 (int[]) { stdin_fd, stdout_fd }, 2,
1003 FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_LOG, &pid);
1004 if (r < 0)
1005 return r;
1006 if (r == 0) {
c06bcd4d
LP		 1007 const char *homework;
1008
70a5db58
LP		 1009 /* Child */
1010
1011 if (setenv("NOTIFY_SOCKET", "/run/systemd/home/notify", 1) < 0) {
1012 log_error_errno(errno, "Failed to set $NOTIFY_SOCKET: %m");
1013 _exit(EXIT_FAILURE);
1014 }
1015
c76dd733
LP		 1016 if (h->manager->default_storage >= 0)
1017 if (setenv("SYSTEMD_HOME_DEFAULT_STORAGE", user_storage_to_string(h->manager->default_storage), 1) < 0) {
1018 log_error_errno(errno, "Failed to set $SYSTEMD_HOME_DEFAULT_STORAGE: %m");
1019 _exit(EXIT_FAILURE);
1020 }
1021
1022 if (h->manager->default_file_system_type)
1023 if (setenv("SYSTEMD_HOME_DEFAULT_FILE_SYSTEM_TYPE", h->manager->default_file_system_type, 1) < 0) {
1024 log_error_errno(errno, "Failed to set $SYSTEMD_HOME_DEFAULT_FILE_SYSTEM_TYPE: %m");
1025 _exit(EXIT_FAILURE);
1026 }
1027
70a5db58
LP		 1028 r = rearrange_stdio(stdin_fd, stdout_fd, STDERR_FILENO);
1029 if (r < 0) {
1030 log_error_errno(r, "Failed to rearrange stdin/stdout/stderr: %m");
1031 _exit(EXIT_FAILURE);
1032 }
1033
1034 stdin_fd = stdout_fd = -1; /* have been invalidated by rearrange_stdio() */
1035
c06bcd4d
LP		 1036 /* Allow overriding the homework path via an environment variable, to make debugging
1037 * easier. */
1038 homework = getenv("SYSTEMD_HOMEWORK_PATH") ?: SYSTEMD_HOMEWORK_PATH;
1039
1040 execl(homework, homework, verb, NULL);
70a5db58
LP		 1041 log_error_errno(errno, "Failed to invoke " SYSTEMD_HOMEWORK_PATH ": %m");
1042 _exit(EXIT_FAILURE);
1043 }
1044
1045 r = sd_event_add_child(h->manager->event, &h->worker_event_source, pid, WEXITED, home_on_worker_process, h);
1046 if (r < 0)
1047 return r;
1048
1049 (void) sd_event_source_set_description(h->worker_event_source, "worker");
1050
1051 r = hashmap_put(h->manager->homes_by_worker_pid, PID_TO_PTR(pid), h);
1052 if (r < 0) {
1053 h->worker_event_source = sd_event_source_unref(h->worker_event_source);
1054 return r;
1055 }
1056
1057 h->worker_stdout_fd = TAKE_FD(stdout_fd);
1058 h->worker_pid = pid;
1059 h->worker_error_code = 0;
1060
1061 return 0;
1062}
1063
1064static int home_ratelimit(Home *h, sd_bus_error *error) {
1065 int r, ret;
1066
1067 assert(h);
1068
1069 ret = user_record_ratelimit(h->record);
1070 if (ret < 0)
1071 return ret;
1072
1073 if (h->state != HOME_UNFIXATED) {
1074 r = home_save_record(h);
1075 if (r < 0)
1076 log_warning_errno(r, "Failed to save updated record, ignoring: %m");
1077 }
1078
1079 if (ret == 0) {
1080 char buf[FORMAT_TIMESPAN_MAX];
1081 usec_t t, n;
1082
1083 n = now(CLOCK_REALTIME);
1084 t = user_record_ratelimit_next_try(h->record);
1085
1086 if (t != USEC_INFINITY && t > n)
1087 return sd_bus_error_setf(error, BUS_ERROR_AUTHENTICATION_LIMIT_HIT, "Too many login attempts, please try again in %s!",
1088 format_timespan(buf, sizeof(buf), t - n, USEC_PER_SEC));
1089
1090 return sd_bus_error_setf(error, BUS_ERROR_AUTHENTICATION_LIMIT_HIT, "Too many login attempts, please try again later.");
1091 }
1092
1093 return 0;
1094}
1095
1096static int home_fixate_internal(
1097 Home *h,
1098 UserRecord *secret,
1099 HomeState for_state,
1100 sd_bus_error *error) {
1101
1102 int r;
1103
1104 assert(h);
1105 assert(IN_SET(for_state, HOME_FIXATING, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE));
1106
1107 r = home_start_work(h, "inspect", h->record, secret);
1108 if (r < 0)
1109 return r;
1110
1111 if (for_state == HOME_FIXATING_FOR_ACTIVATION) {
1112 /* Remember the secret data, since we need it for the activation again, later on. */
1113 user_record_unref(h->secret);
1114 h->secret = user_record_ref(secret);
1115 }
1116
1117 home_set_state(h, for_state);
1118 return 0;
1119}
1120
1121int home_fixate(Home *h, UserRecord *secret, sd_bus_error *error) {
1122 int r;
1123
1124 assert(h);
1125
1126 switch (home_get_state(h)) {
1127 case HOME_ABSENT:
1128 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1129 case HOME_INACTIVE:
1130 case HOME_ACTIVE:
1131 case HOME_LOCKED:
1132 return sd_bus_error_setf(error, BUS_ERROR_HOME_ALREADY_FIXATED, "Home %s is already fixated.", h->user_name);
1133 case HOME_UNFIXATED:
1134 break;
1135 default:
1136 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1137 }
1138
1139 r = home_ratelimit(h, error);
1140 if (r < 0)
1141 return r;
1142
1143 return home_fixate_internal(h, secret, HOME_FIXATING, error);
1144}
1145
1146static int home_activate_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1147 int r;
1148
1149 assert(h);
1150 assert(IN_SET(for_state, HOME_ACTIVATING, HOME_ACTIVATING_FOR_ACQUIRE));
1151
1152 r = home_start_work(h, "activate", h->record, secret);
1153 if (r < 0)
1154 return r;
1155
1156 home_set_state(h, for_state);
1157 return 0;
1158}
1159
1160int home_activate(Home *h, UserRecord *secret, sd_bus_error *error) {
1161 int r;
1162
1163 assert(h);
1164
1165 switch (home_get_state(h)) {
1166 case HOME_UNFIXATED:
1167 return home_fixate_internal(h, secret, HOME_FIXATING_FOR_ACTIVATION, error);
1168 case HOME_ABSENT:
1169 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1170 case HOME_ACTIVE:
1171 return sd_bus_error_setf(error, BUS_ERROR_HOME_ALREADY_ACTIVE, "Home %s is already active.", h->user_name);
1172 case HOME_LOCKED:
1173 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1174 case HOME_INACTIVE:
1175 break;
1176 default:
1177 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1178 }
1179
1180 r = home_ratelimit(h, error);
1181 if (r < 0)
1182 return r;
1183
1184 return home_activate_internal(h, secret, HOME_ACTIVATING, error);
1185}
1186
1187static int home_authenticate_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1188 int r;
1189
1190 assert(h);
1191 assert(IN_SET(for_state, HOME_AUTHENTICATING, HOME_AUTHENTICATING_WHILE_ACTIVE, HOME_AUTHENTICATING_FOR_ACQUIRE));
1192
1193 r = home_start_work(h, "inspect", h->record, secret);
1194 if (r < 0)
1195 return r;
1196
1197 home_set_state(h, for_state);
1198 return 0;
1199}
1200
1201int home_authenticate(Home *h, UserRecord *secret, sd_bus_error *error) {
1202 HomeState state;
1203 int r;
1204
1205 assert(h);
1206
1207 state = home_get_state(h);
1208 switch (state) {
1209 case HOME_ABSENT:
1210 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1211 case HOME_LOCKED:
1212 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1213 case HOME_UNFIXATED:
1214 case HOME_INACTIVE:
1215 case HOME_ACTIVE:
1216 break;
1217 default:
1218 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1219 }
1220
1221 r = home_ratelimit(h, error);
1222 if (r < 0)
1223 return r;
1224
1225 return home_authenticate_internal(h, secret, state == HOME_ACTIVE ? HOME_AUTHENTICATING_WHILE_ACTIVE : HOME_AUTHENTICATING, error);
1226}
1227
1228static int home_deactivate_internal(Home *h, bool force, sd_bus_error *error) {
1229 int r;
1230
1231 assert(h);
1232
1233 r = home_start_work(h, force ? "deactivate-force" : "deactivate", h->record, NULL);
1234 if (r < 0)
1235 return r;
1236
1237 home_set_state(h, HOME_DEACTIVATING);
1238 return 0;
1239}
1240
1241int home_deactivate(Home *h, bool force, sd_bus_error *error) {
1242 assert(h);
1243
1244 switch (home_get_state(h)) {
1245 case HOME_UNFIXATED:
1246 case HOME_ABSENT:
1247 case HOME_INACTIVE:
1248 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s not active.", h->user_name);
1249 case HOME_LOCKED:
1250 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1251 case HOME_ACTIVE:
1252 break;
1253 default:
1254 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1255 }
1256
1257 return home_deactivate_internal(h, force, error);
1258}
1259
1260int home_create(Home *h, UserRecord *secret, sd_bus_error *error) {
1261 int r;
1262
1263 assert(h);
1264
1265 switch (home_get_state(h)) {
1266 case HOME_INACTIVE:
1267 if (h->record->storage < 0)
1268 break; /* if no storage is defined we don't know what precisely to look for, hence
1269 * HOME_INACTIVE is OK in that case too. */
1270
1271 if (IN_SET(user_record_test_image_path(h->record), USER_TEST_MAYBE, USER_TEST_UNDEFINED))
1272 break; /* And if the image path test isn't conclusive, let's also go on */
1273
1274 _fallthrough_;
1275 case HOME_UNFIXATED:
1276 return sd_bus_error_setf(error, BUS_ERROR_HOME_EXISTS, "Home of user %s already exists.", h->user_name);
1277 case HOME_ABSENT:
1278 break;
1279 case HOME_ACTIVE:
1280 case HOME_LOCKED:
1281 default:
1282 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1283 }
1284
1285 if (h->record->enforce_password_policy == false)
1286 log_debug("Password quality check turned off for account, skipping.");
1287 else {
1288 r = quality_check_password(h->record, secret, error);
1289 if (r < 0)
1290 return r;
1291 }
1292
1293 r = home_start_work(h, "create", h->record, secret);
1294 if (r < 0)
1295 return r;
1296
1297 home_set_state(h, HOME_CREATING);
1298 return 0;
1299}
1300
1301int home_remove(Home *h, sd_bus_error *error) {
1302 HomeState state;
1303 int r;
1304
1305 assert(h);
1306
1307 state = home_get_state(h);
1308 switch (state) {
1309 case HOME_ABSENT: /* If the home directory is absent, then this is just like unregistering */
1310 return home_unregister(h, error);
1311 case HOME_LOCKED:
1312 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1313 case HOME_UNFIXATED:
1314 case HOME_INACTIVE:
1315 break;
1316 case HOME_ACTIVE:
1317 default:
1318 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1319 }
1320
1321 r = home_start_work(h, "remove", h->record, NULL);
1322 if (r < 0)
1323 return r;
1324
1325 home_set_state(h, HOME_REMOVING);
1326 return 0;
1327}
1328
1329static int user_record_extend_with_binding(UserRecord *hr, UserRecord *with_binding, UserRecordLoadFlags flags, UserRecord **ret) {
1330 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1331 _cleanup_(user_record_unrefp) UserRecord *nr = NULL;
1332 JsonVariant *binding;
1333 int r;
1334
1335 assert(hr);
1336 assert(with_binding);
1337 assert(ret);
1338
1339 assert_se(v = json_variant_ref(hr->json));
1340
1341 binding = json_variant_by_key(with_binding->json, "binding");
1342 if (binding) {
1343 r = json_variant_set_field(&v, "binding", binding);
1344 if (r < 0)
1345 return r;
1346 }
1347
1348 nr = user_record_new();
1349 if (!nr)
1350 return -ENOMEM;
1351
1352 r = user_record_load(nr, v, flags);
1353 if (r < 0)
1354 return r;
1355
1356 *ret = TAKE_PTR(nr);
1357 return 0;
1358}
1359
1360static int home_update_internal(Home *h, const char *verb, UserRecord *hr, UserRecord *secret, sd_bus_error *error) {
1361 _cleanup_(user_record_unrefp) UserRecord *new_hr = NULL, *saved_secret = NULL, *signed_hr = NULL;
1362 int r, c;
1363
1364 assert(h);
1365 assert(verb);
1366 assert(hr);
1367
1368 if (!user_record_compatible(hr, h->record))
1369 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Updated user record is not compatible with existing one.");
1370 c = user_record_compare_last_change(hr, h->record); /* refuse downgrades */
1371 if (c < 0)
1372 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_DOWNGRADE, "Refusing to update to older home record.");
1373
1374 if (!secret && FLAGS_SET(hr->mask, USER_RECORD_SECRET)) {
1375 r = user_record_clone(hr, USER_RECORD_EXTRACT_SECRET, &saved_secret);
1376 if (r < 0)
1377 return r;
1378
1379 secret = saved_secret;
1380 }
1381
1382 r = manager_verify_user_record(h->manager, hr);
1383 switch (r) {
1384
1385 case USER_RECORD_UNSIGNED:
1386 if (h->signed_locally <= 0) /* If the existing record is not owned by us, don't accept an
1387 * unsigned new record. i.e. only implicitly sign new records
1388 * that where previously signed by us too. */
1389 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1390
1391 /* The updated record is not signed, then do so now */
1392 r = manager_sign_user_record(h->manager, hr, &signed_hr, error);
1393 if (r < 0)
1394 return r;
1395
1396 hr = signed_hr;
1397 break;
1398
1399 case USER_RECORD_SIGNED_EXCLUSIVE:
1400 case USER_RECORD_SIGNED:
1401 case USER_RECORD_FOREIGN:
1402 /* Has already been signed. Great! */
1403 break;
1404
1405 case -ENOKEY:
1406 default:
1407 return r;
1408 }
1409
1410 r = user_record_extend_with_binding(hr, h->record, USER_RECORD_LOAD_MASK_SECRET, &new_hr);
1411 if (r < 0)
1412 return r;
1413
1414 if (c == 0) {
1415 /* different payload but same lastChangeUSec field? That's not cool! */
1416
1417 r = user_record_masked_equal(new_hr, h->record, USER_RECORD_REGULAR|USER_RECORD_PRIVILEGED|USER_RECORD_PER_MACHINE);
1418 if (r < 0)
1419 return r;
1420 if (r == 0)
1421 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Home record different but timestamp remained the same, refusing.");
1422 }
1423
1424 r = home_start_work(h, verb, new_hr, secret);
1425 if (r < 0)
1426 return r;
1427
1428 return 0;
1429}
1430
1431int home_update(Home *h, UserRecord *hr, sd_bus_error *error) {
1432 HomeState state;
1433 int r;
1434
1435 assert(h);
1436 assert(hr);
1437
1438 state = home_get_state(h);
1439 switch (state) {
1440 case HOME_UNFIXATED:
1441 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1442 case HOME_ABSENT:
1443 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1444 case HOME_LOCKED:
1445 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1446 case HOME_INACTIVE:
1447 case HOME_ACTIVE:
1448 break;
1449 default:
1450 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1451 }
1452
1453 r = home_ratelimit(h, error);
1454 if (r < 0)
1455 return r;
1456
1457 r = home_update_internal(h, "update", hr, NULL, error);
1458 if (r < 0)
1459 return r;
1460
1461 home_set_state(h, state == HOME_ACTIVE ? HOME_UPDATING_WHILE_ACTIVE : HOME_UPDATING);
1462 return 0;
1463}
1464
1465int home_resize(Home *h, uint64_t disk_size, UserRecord *secret, sd_bus_error *error) {
1466 _cleanup_(user_record_unrefp) UserRecord *c = NULL;
1467 HomeState state;
1468 int r;
1469
1470 assert(h);
1471
1472 state = home_get_state(h);
1473 switch (state) {
1474 case HOME_UNFIXATED:
1475 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1476 case HOME_ABSENT:
1477 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1478 case HOME_LOCKED:
1479 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1480 case HOME_INACTIVE:
1481 case HOME_ACTIVE:
1482 break;
1483 default:
1484 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1485 }
1486
1487 r = home_ratelimit(h, error);
1488 if (r < 0)
1489 return r;
1490
1491 if (disk_size == UINT64_MAX || disk_size == h->record->disk_size) {
1492 if (h->record->disk_size == UINT64_MAX)
80ace4f2 1493 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "No disk size to resize to specified.");
70a5db58
LP		 1494
1495 c = user_record_ref(h->record); /* Shortcut if size is unspecified or matches the record */
1496 } else {
1497 _cleanup_(user_record_unrefp) UserRecord *signed_c = NULL;
1498
1499 if (h->signed_locally <= 0) /* Don't allow changing of records not signed only by us */
1500 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1501
1502 r = user_record_clone(h->record, USER_RECORD_LOAD_REFUSE_SECRET, &c);
1503 if (r < 0)
1504 return r;
1505
1506 r = user_record_set_disk_size(c, disk_size);
1507 if (r == -ERANGE)
1508 return sd_bus_error_setf(error, BUS_ERROR_BAD_HOME_SIZE, "Requested size for home %s out of acceptable range.", h->user_name);
1509 if (r < 0)
1510 return r;
1511
1512 r = user_record_update_last_changed(c, false);
1513 if (r == -ECHRNG)
1514 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Record last change time of %s is newer than current time, cannot update.", h->user_name);
1515 if (r < 0)
1516 return r;
1517
1518 r = manager_sign_user_record(h->manager, c, &signed_c, error);
1519 if (r < 0)
1520 return r;
1521
1522 user_record_unref(c);
1523 c = TAKE_PTR(signed_c);
1524 }
1525
1526 r = home_update_internal(h, "resize", c, secret, error);
1527 if (r < 0)
1528 return r;
1529
1530 home_set_state(h, state == HOME_ACTIVE ? HOME_RESIZING_WHILE_ACTIVE : HOME_RESIZING);
1531 return 0;
1532}
1533
1534static int home_may_change_password(
1535 Home *h,
1536 sd_bus_error *error) {
1537
1538 int r;
1539
1540 assert(h);
1541
1542 r = user_record_test_password_change_required(h->record);
1543 if (IN_SET(r, -EKEYREVOKED, -EOWNERDEAD, -EKEYEXPIRED))
86b52a39 1544 return 0; /* expired in some form, but changing is allowed */
70a5db58
LP		 1545 if (IN_SET(r, -EKEYREJECTED, -EROFS))
1546 return sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Expiration settings of account %s do not allow changing of password.", h->user_name);
1547 if (r < 0)
1548 return log_error_errno(r, "Failed to test password expiry: %m");
1549
1550 return 0; /* not expired */
1551}
1552
1553int home_passwd(Home *h,
1554 UserRecord *new_secret,
1555 UserRecord *old_secret,
1556 sd_bus_error *error) {
1557
1558 _cleanup_(user_record_unrefp) UserRecord *c = NULL, *merged_secret = NULL, *signed_c = NULL;
1559 HomeState state;
1560 int r;
1561
1562 assert(h);
1563
1564 if (h->signed_locally <= 0) /* Don't allow changing of records not signed only by us */
1565 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1566
1567 state = home_get_state(h);
1568 switch (state) {
1569 case HOME_UNFIXATED:
1570 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1571 case HOME_ABSENT:
1572 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1573 case HOME_LOCKED:
1574 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1575 case HOME_INACTIVE:
1576 case HOME_ACTIVE:
1577 break;
1578 default:
1579 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1580 }
1581
1582 r = home_ratelimit(h, error);
1583 if (r < 0)
1584 return r;
1585
1586 r = home_may_change_password(h, error);
1587 if (r < 0)
1588 return r;
1589
1590 r = user_record_clone(h->record, USER_RECORD_LOAD_REFUSE_SECRET, &c);
1591 if (r < 0)
1592 return r;
1593
1594 merged_secret = user_record_new();
1595 if (!merged_secret)
1596 return -ENOMEM;
1597
1598 r = user_record_merge_secret(merged_secret, old_secret);
1599 if (r < 0)
1600 return r;
1601
1602 r = user_record_merge_secret(merged_secret, new_secret);
1603 if (r < 0)
1604 return r;
1605
1606 if (!strv_isempty(new_secret->password)) {
1607 /* Update the password only if one is specified, otherwise let's just reuse the old password
1608 * data. This is useful as a way to propagate updated user records into the LUKS backends
1609 * properly. */
1610
1611 r = user_record_make_hashed_password(c, new_secret->password, /* extend = */ false);
1612 if (r < 0)
1613 return r;
1614
1615 r = user_record_set_password_change_now(c, -1 /* remove */);
1616 if (r < 0)
1617 return r;
1618 }
1619
1620 r = user_record_update_last_changed(c, true);
1621 if (r == -ECHRNG)
1622 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Record last change time of %s is newer than current time, cannot update.", h->user_name);
1623 if (r < 0)
1624 return r;
1625
1626 r = manager_sign_user_record(h->manager, c, &signed_c, error);
1627 if (r < 0)
1628 return r;
1629
1630 if (c->enforce_password_policy == false)
1631 log_debug("Password quality check turned off for account, skipping.");
1632 else {
1633 r = quality_check_password(c, merged_secret, error);
1634 if (r < 0)
1635 return r;
1636 }
1637
1638 r = home_update_internal(h, "passwd", signed_c, merged_secret, error);
1639 if (r < 0)
1640 return r;
1641
1642 home_set_state(h, state == HOME_ACTIVE ? HOME_PASSWD_WHILE_ACTIVE : HOME_PASSWD);
1643 return 0;
1644}
1645
1646int home_unregister(Home *h, sd_bus_error *error) {
1647 int r;
1648
1649 assert(h);
1650
1651 switch (home_get_state(h)) {
1652 case HOME_UNFIXATED:
1653 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s is not registered.", h->user_name);
1654 case HOME_LOCKED:
1655 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1656 case HOME_ABSENT:
1657 case HOME_INACTIVE:
1658 break;
1659 case HOME_ACTIVE:
1660 default:
1661 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1662 }
1663
1664 r = home_unlink_record(h);
1665 if (r < 0)
1666 return r;
1667
1668 /* And destroy the whole entry. The caller needs to be prepared for that. */
1669 h = home_free(h);
1670 return 1;
1671}
1672
1673int home_lock(Home *h, sd_bus_error *error) {
1674 int r;
1675
1676 assert(h);
1677
1678 switch (home_get_state(h)) {
1679 case HOME_UNFIXATED:
1680 case HOME_ABSENT:
1681 case HOME_INACTIVE:
1682 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s is not active.", h->user_name);
1683 case HOME_LOCKED:
1684 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is already locked.", h->user_name);
1685 case HOME_ACTIVE:
1686 break;
1687 default:
1688 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1689 }
1690
1691 r = home_start_work(h, "lock", h->record, NULL);
1692 if (r < 0)
1693 return r;
1694
1695 home_set_state(h, HOME_LOCKING);
1696 return 0;
1697}
1698
1699static int home_unlock_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1700 int r;
1701
1702 assert(h);
1703 assert(IN_SET(for_state, HOME_UNLOCKING, HOME_UNLOCKING_FOR_ACQUIRE));
1704
1705 r = home_start_work(h, "unlock", h->record, secret);
1706 if (r < 0)
1707 return r;
1708
1709 home_set_state(h, for_state);
1710 return 0;
1711}
1712
1713int home_unlock(Home *h, UserRecord *secret, sd_bus_error *error) {
1714 int r;
1715 assert(h);
1716
1717 r = home_ratelimit(h, error);
1718 if (r < 0)
1719 return r;
1720
1721 switch (home_get_state(h)) {
1722 case HOME_UNFIXATED:
1723 case HOME_ABSENT:
1724 case HOME_INACTIVE:
1725 case HOME_ACTIVE:
1726 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_LOCKED, "Home %s is not locked.", h->user_name);
1727 case HOME_LOCKED:
1728 break;
1729 default:
1730 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1731 }
1732
1733 return home_unlock_internal(h, secret, HOME_UNLOCKING, error);
1734}
1735
1736HomeState home_get_state(Home *h) {
1737 assert(h);
1738
1739 /* When the state field is initialized, it counts. */
1740 if (h->state >= 0)
1741 return h->state;
1742
1743 /* Otherwise, let's see if the home directory is mounted. If so, we assume for sure the home
1744 * directory is active */
1745 if (user_record_test_home_directory(h->record) == USER_TEST_MOUNTED)
1746 return HOME_ACTIVE;
1747
1748 /* And if we see the image being gone, we report this as absent */
1749 if (user_record_test_image_path(h->record) == USER_TEST_ABSENT)
1750 return HOME_ABSENT;
1751
1752 /* And for all other cases we return "inactive". */
1753 return HOME_INACTIVE;
1754}
1755
1756void home_process_notify(Home *h, char **l) {
1757 const char *e;
1758 int error;
1759 int r;
1760
1761 assert(h);
1762
1763 e = strv_env_get(l, "ERRNO");
1764 if (!e) {
1765 log_debug("Got notify message lacking ERRNO= field, ignoring.");
1766 return;
1767 }
1768
1769 r = safe_atoi(e, &error);
1770 if (r < 0) {
162392b7 1771 log_debug_errno(r, "Failed to parse received error number, ignoring: %s", e);
70a5db58
LP		 1772 return;
1773 }
1774 if (error <= 0) {
1775 log_debug("Error number is out of range: %i", error);
1776 return;
1777 }
1778
1779 h->worker_error_code = error;
1780}
1781
1782int home_killall(Home *h) {
1783 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1784 _cleanup_free_ char *unit = NULL;
1785 int r;
1786
1787 assert(h);
1788
1789 if (!uid_is_valid(h->uid))
1790 return 0;
1791
1792 assert(h->uid > 0); /* We never should be UID 0 */
1793
1794 /* Let's kill everything matching the specified UID */
1795 r = safe_fork("(sd-killer)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_WAIT|FORK_LOG, NULL);
1796 if (r < 0)
1797 return r;
1798 if (r == 0) {
1799 gid_t gid;
1800
1801 /* Child */
1802
1803 gid = user_record_gid(h->record);
1804 if (setresgid(gid, gid, gid) < 0) {
1805 log_error_errno(errno, "Failed to change GID to " GID_FMT ": %m", gid);
1806 _exit(EXIT_FAILURE);
1807 }
1808
1809 if (setgroups(0, NULL) < 0) {
1810 log_error_errno(errno, "Failed to reset auxiliary groups list: %m");
1811 _exit(EXIT_FAILURE);
1812 }
1813
1814 if (setresuid(h->uid, h->uid, h->uid) < 0) {
1815 log_error_errno(errno, "Failed to change UID to " UID_FMT ": %m", h->uid);
1816 _exit(EXIT_FAILURE);
1817 }
1818
1819 if (kill(-1, SIGKILL) < 0) {
1820 log_error_errno(errno, "Failed to kill all processes of UID " UID_FMT ": %m", h->uid);
1821 _exit(EXIT_FAILURE);
1822 }
1823
1824 _exit(EXIT_SUCCESS);
1825 }
1826
1827 /* Let's also kill everything in the user's slice */
1828 if (asprintf(&unit, "user-" UID_FMT ".slice", h->uid) < 0)
1829 return log_oom();
1830
1831 r = sd_bus_call_method(
1832 h->manager->bus,
1833 "org.freedesktop.systemd1",
1834 "/org/freedesktop/systemd1",
1835 "org.freedesktop.systemd1.Manager",
1836 "KillUnit",
1837 &error,
1838 NULL,
1839 "ssi", unit, "all", SIGKILL);
1840 if (r < 0)
1841 log_full_errno(sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_UNIT) ? LOG_DEBUG : LOG_WARNING,
1842 r, "Failed to kill login processes of user, ignoring: %s", bus_error_message(&error, r));
1843
1844 return 1;
1845}
1846
1847static int home_get_disk_status_luks(
1848 Home *h,
1849 HomeState state,
1850 uint64_t *ret_disk_size,
1851 uint64_t *ret_disk_usage,
1852 uint64_t *ret_disk_free,
1853 uint64_t *ret_disk_ceiling,
1854 uint64_t *ret_disk_floor) {
1855
1856 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX,
1857 disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX,
1858 stat_used = UINT64_MAX, fs_size = UINT64_MAX, header_size = 0;
1859
1860 struct statfs sfs;
1861 const char *hd;
1862 int r;
1863
1864 assert(h);
1865 assert(ret_disk_size);
1866 assert(ret_disk_usage);
1867 assert(ret_disk_free);
1868 assert(ret_disk_ceiling);
1869
1870 if (state != HOME_ABSENT) {
1871 const char *ip;
1872
1873 ip = user_record_image_path(h->record);
1874 if (ip) {
1875 struct stat st;
1876
1877 if (stat(ip, &st) < 0)
1878 log_debug_errno(errno, "Failed to stat() %s, ignoring: %m", ip);
1879 else if (S_ISREG(st.st_mode)) {
1880 _cleanup_free_ char *parent = NULL;
1881
1882 disk_size = st.st_size;
1883 stat_used = st.st_blocks * 512;
1884
1885 parent = dirname_malloc(ip);
1886 if (!parent)
1887 return log_oom();
1888
1889 if (statfs(parent, &sfs) < 0)
1890 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", parent);
1891 else
1892 disk_ceiling = stat_used + sfs.f_bsize * sfs.f_bavail;
1893
1894 } else if (S_ISBLK(st.st_mode)) {
1895 _cleanup_free_ char *szbuf = NULL;
1896 char p[SYS_BLOCK_PATH_MAX("/size")];
1897
1898 /* Let's read the size off sysfs, so that we don't have to open the device */
1899 xsprintf_sys_block_path(p, "/size", st.st_rdev);
1900 r = read_one_line_file(p, &szbuf);
1901 if (r < 0)
1902 log_debug_errno(r, "Failed to read %s, ignoring: %m", p);
1903 else {
1904 uint64_t sz;
1905
1906 r = safe_atou64(szbuf, &sz);
1907 if (r < 0)
1908 log_debug_errno(r, "Failed to parse %s, ignoring: %s", p, szbuf);
1909 else
1910 disk_size = sz * 512;
1911 }
1912 } else
1913 log_debug("Image path is not a block device or regular file, not able to acquire size.");
1914 }
1915 }
1916
1917 if (!HOME_STATE_IS_ACTIVE(state))
1918 goto finish;
1919
1920 hd = user_record_home_directory(h->record);
1921 if (!hd)
1922 goto finish;
1923
1924 if (statfs(hd, &sfs) < 0) {
80ace4f2 1925 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", hd);
70a5db58
LP		 1926 goto finish;
1927 }
1928
1929 disk_free = sfs.f_bsize * sfs.f_bavail;
1930 fs_size = sfs.f_bsize * sfs.f_blocks;
1931 if (disk_size != UINT64_MAX && disk_size > fs_size)
1932 header_size = disk_size - fs_size;
1933
1934 /* We take a perspective from the user here (as opposed to from the host): the used disk space is the
1935 * difference from the limit and what's free. This makes a difference if sparse mode is not used: in
1936 * that case the image is pre-allocated and thus appears all used from the host PoV but is not used
1937 * up at all yet from the user's PoV.
1938 *
1939 * That said, we use use the stat() reported loopback file size as upper boundary: our footprint can
1940 * never be larger than what we take up on the lowest layers. */
1941
1942 if (disk_size != UINT64_MAX && disk_size > disk_free) {
1943 disk_usage = disk_size - disk_free;
1944
1945 if (stat_used != UINT64_MAX && disk_usage > stat_used)
1946 disk_usage = stat_used;
1947 } else
1948 disk_usage = stat_used;
1949
1950 /* If we have the magic, determine floor preferably by magic */
1951 disk_floor = minimal_size_by_fs_magic(sfs.f_type) + header_size;
1952
1953finish:
1954 /* If we don't know the magic, go by file system name */
1955 if (disk_floor == UINT64_MAX)
1956 disk_floor = minimal_size_by_fs_name(user_record_file_system_type(h->record));
1957
1958 *ret_disk_size = disk_size;
1959 *ret_disk_usage = disk_usage;
1960 *ret_disk_free = disk_free;
1961 *ret_disk_ceiling = disk_ceiling;
1962 *ret_disk_floor = disk_floor;
1963
1964 return 0;
1965}
1966
1967static int home_get_disk_status_directory(
1968 Home *h,
1969 HomeState state,
1970 uint64_t *ret_disk_size,
1971 uint64_t *ret_disk_usage,
1972 uint64_t *ret_disk_free,
1973 uint64_t *ret_disk_ceiling,
1974 uint64_t *ret_disk_floor) {
1975
1976 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX,
1977 disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX;
1978 struct statfs sfs;
1979 struct dqblk req;
1980 const char *path = NULL;
1981 int r;
1982
1983 assert(ret_disk_size);
1984 assert(ret_disk_usage);
1985 assert(ret_disk_free);
1986 assert(ret_disk_ceiling);
1987 assert(ret_disk_floor);
1988
1989 if (HOME_STATE_IS_ACTIVE(state))
1990 path = user_record_home_directory(h->record);
1991
1992 if (!path) {
1993 if (state == HOME_ABSENT)
1994 goto finish;
1995
1996 path = user_record_image_path(h->record);
1997 }
1998
1999 if (!path)
2000 goto finish;
2001
2002 if (statfs(path, &sfs) < 0)
2003 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", path);
2004 else {
2005 disk_free = sfs.f_bsize * sfs.f_bavail;
2006 disk_size = sfs.f_bsize * sfs.f_blocks;
2007
2008 /* We don't initialize disk_usage from statfs() data here, since the device is likely not used
2009 * by us alone, and disk_usage should only reflect our own use. */
2010 }
2011
2012 if (IN_SET(h->record->storage, USER_CLASSIC, USER_DIRECTORY, USER_SUBVOLUME)) {
2013
2014 r = btrfs_is_subvol(path);
2015 if (r < 0)
2016 log_debug_errno(r, "Failed to determine whether %s is a btrfs subvolume: %m", path);
2017 else if (r > 0) {
2018 BtrfsQuotaInfo qi;
2019
2020 r = btrfs_subvol_get_subtree_quota(path, 0, &qi);
2021 if (r < 0)
2022 log_debug_errno(r, "Failed to query btrfs subtree quota, ignoring: %m");
2023 else {
2024 disk_usage = qi.referenced;
2025
2026 if (disk_free != UINT64_MAX) {
2027 disk_ceiling = qi.referenced + disk_free;
2028
2029 if (disk_size != UINT64_MAX && disk_ceiling > disk_size)
2030 disk_ceiling = disk_size;
2031 }
2032
2033 if (qi.referenced_max != UINT64_MAX) {
2034 if (disk_size != UINT64_MAX)
2035 disk_size = MIN(qi.referenced_max, disk_size);
2036 else
2037 disk_size = qi.referenced_max;
2038 }
2039
2040 if (disk_size != UINT64_MAX) {
2041 if (disk_size > disk_usage)
2042 disk_free = disk_size - disk_usage;
2043 else
2044 disk_free = 0;
2045 }
2046 }
2047
2048 goto finish;
2049 }
2050 }
2051
2052 if (IN_SET(h->record->storage, USER_CLASSIC, USER_DIRECTORY, USER_FSCRYPT)) {
2053 r = quotactl_path(QCMD_FIXED(Q_GETQUOTA, USRQUOTA), path, h->uid, &req);
2054 if (r < 0) {
2055 if (ERRNO_IS_NOT_SUPPORTED(r)) {
2056 log_debug_errno(r, "No UID quota support on %s.", path);
2057 goto finish;
2058 }
2059
2060 if (r != -ESRCH) {
2061 log_debug_errno(r, "Failed to query disk quota for UID " UID_FMT ": %m", h->uid);
2062 goto finish;
2063 }
2064
2065 disk_usage = 0; /* No record of this user? then nothing was used */
2066 } else {
2067 if (FLAGS_SET(req.dqb_valid, QIF_SPACE) && disk_free != UINT64_MAX) {
2068 disk_ceiling = req.dqb_curspace + disk_free;
2069
2070 if (disk_size != UINT64_MAX && disk_ceiling > disk_size)
2071 disk_ceiling = disk_size;
2072 }
2073
2074 if (FLAGS_SET(req.dqb_valid, QIF_BLIMITS)) {
2075 uint64_t q;
2076
2077 /* Take the minimum of the quota and the available disk space here */
2078 q = req.dqb_bhardlimit * QIF_DQBLKSIZE;
2079 if (disk_size != UINT64_MAX)
2080 disk_size = MIN(disk_size, q);
2081 else
2082 disk_size = q;
2083 }
2084 if (FLAGS_SET(req.dqb_valid, QIF_SPACE)) {
2085 disk_usage = req.dqb_curspace;
2086
2087 if (disk_size != UINT64_MAX) {
2088 if (disk_size > disk_usage)
2089 disk_free = disk_size - disk_usage;
2090 else
2091 disk_free = 0;
2092 }
2093 }
2094 }
2095 }
2096
2097finish:
2098 *ret_disk_size = disk_size;
2099 *ret_disk_usage = disk_usage;
2100 *ret_disk_free = disk_free;
2101 *ret_disk_ceiling = disk_ceiling;
2102 *ret_disk_floor = disk_floor;
2103
2104 return 0;
2105}
2106
2107int home_augment_status(
2108 Home *h,
2109 UserRecordLoadFlags flags,
2110 UserRecord **ret) {
2111
2112 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX, disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX;
2113 _cleanup_(json_variant_unrefp) JsonVariant *j = NULL, *v = NULL, *m = NULL, *status = NULL;
2114 _cleanup_(user_record_unrefp) UserRecord *ur = NULL;
2115 char ids[SD_ID128_STRING_MAX];
2116 HomeState state;
2117 sd_id128_t id;
2118 int r;
2119
2120 assert(h);
2121 assert(ret);
2122
2123 /* We are supposed to add this, this can't be on hence. */
2124 assert(!FLAGS_SET(flags, USER_RECORD_STRIP_STATUS));
2125
2126 r = sd_id128_get_machine(&id);
2127 if (r < 0)
2128 return r;
2129
2130 state = home_get_state(h);
2131
2132 switch (h->record->storage) {
2133
2134 case USER_LUKS:
2135 r = home_get_disk_status_luks(h, state, &disk_size, &disk_usage, &disk_free, &disk_ceiling, &disk_floor);
2136 if (r < 0)
2137 return r;
2138
2139 break;
2140
2141 case USER_CLASSIC:
2142 case USER_DIRECTORY:
2143 case USER_SUBVOLUME:
2144 case USER_FSCRYPT:
2145 case USER_CIFS:
2146 r = home_get_disk_status_directory(h, state, &disk_size, &disk_usage, &disk_free, &disk_ceiling, &disk_floor);
2147 if (r < 0)
2148 return r;
2149
2150 break;
2151
2152 default:
2153 ; /* unset */
2154 }
2155
2156 if (disk_floor == UINT64_MAX || (disk_usage != UINT64_MAX && disk_floor < disk_usage))
2157 disk_floor = disk_usage;
2158 if (disk_floor == UINT64_MAX || disk_floor < USER_DISK_SIZE_MIN)
2159 disk_floor = USER_DISK_SIZE_MIN;
2160 if (disk_ceiling == UINT64_MAX || disk_ceiling > USER_DISK_SIZE_MAX)
2161 disk_ceiling = USER_DISK_SIZE_MAX;
2162
2163 r = json_build(&status,
2164 JSON_BUILD_OBJECT(
2165 JSON_BUILD_PAIR("state", JSON_BUILD_STRING(home_state_to_string(state))),
2166 JSON_BUILD_PAIR("service", JSON_BUILD_STRING("io.systemd.Home")),
2167 JSON_BUILD_PAIR_CONDITION(disk_size != UINT64_MAX, "diskSize", JSON_BUILD_UNSIGNED(disk_size)),
2168 JSON_BUILD_PAIR_CONDITION(disk_usage != UINT64_MAX, "diskUsage", JSON_BUILD_UNSIGNED(disk_usage)),
2169 JSON_BUILD_PAIR_CONDITION(disk_free != UINT64_MAX, "diskFree", JSON_BUILD_UNSIGNED(disk_free)),
2170 JSON_BUILD_PAIR_CONDITION(disk_ceiling != UINT64_MAX, "diskCeiling", JSON_BUILD_UNSIGNED(disk_ceiling)),
2171 JSON_BUILD_PAIR_CONDITION(disk_floor != UINT64_MAX, "diskFloor", JSON_BUILD_UNSIGNED(disk_floor)),
2172 JSON_BUILD_PAIR_CONDITION(h->signed_locally >= 0, "signedLocally", JSON_BUILD_BOOLEAN(h->signed_locally))
2173 ));
2174 if (r < 0)
2175 return r;
2176
2177 j = json_variant_ref(h->record->json);
2178 v = json_variant_ref(json_variant_by_key(j, "status"));
2179 m = json_variant_ref(json_variant_by_key(v, sd_id128_to_string(id, ids)));
2180
2181 r = json_variant_filter(&m, STRV_MAKE("diskSize", "diskUsage", "diskFree", "diskCeiling", "diskFloor", "signedLocally"));
2182 if (r < 0)
2183 return r;
2184
2185 r = json_variant_merge(&m, status);
2186 if (r < 0)
2187 return r;
2188
2189 r = json_variant_set_field(&v, ids, m);
2190 if (r < 0)
2191 return r;
2192
2193 r = json_variant_set_field(&j, "status", v);
2194 if (r < 0)
2195 return r;
2196
2197 ur = user_record_new();
2198 if (!ur)
2199 return -ENOMEM;
2200
2201 r = user_record_load(ur, j, flags);
2202 if (r < 0)
2203 return r;
2204
2205 ur->incomplete =
2206 FLAGS_SET(h->record->mask, USER_RECORD_PRIVILEGED) &&
2207 !FLAGS_SET(ur->mask, USER_RECORD_PRIVILEGED);
2208
2209 *ret = TAKE_PTR(ur);
2210 return 0;
2211}
2212
2213static int on_home_ref_eof(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
2214 _cleanup_(operation_unrefp) Operation *o = NULL;
2215 Home *h = userdata;
2216
2217 assert(s);
2218 assert(h);
2219
2220 if (h->ref_event_source_please_suspend == s)
2221 h->ref_event_source_please_suspend = sd_event_source_disable_unref(h->ref_event_source_please_suspend);
2222
2223 if (h->ref_event_source_dont_suspend == s)
2224 h->ref_event_source_dont_suspend = sd_event_source_disable_unref(h->ref_event_source_dont_suspend);
2225
2226 if (h->ref_event_source_dont_suspend || h->ref_event_source_please_suspend)
2227 return 0;
2228
2229 log_info("Got notification that all sessions of user %s ended, deactivating automatically.", h->user_name);
2230
2231 o = operation_new(OPERATION_PIPE_EOF, NULL);
2232 if (!o) {
2233 log_oom();
2234 return 0;
2235 }
2236
2237 home_schedule_operation(h, o, NULL);
2238 return 0;
2239}
2240
2241int home_create_fifo(Home *h, bool please_suspend) {
2242 _cleanup_close_ int ret_fd = -1;
2243 sd_event_source **ss;
2244 const char *fn, *suffix;
2245 int r;
2246
2247 assert(h);
2248
2249 if (please_suspend) {
2250 suffix = ".please-suspend";
2251 ss = &h->ref_event_source_please_suspend;
2252 } else {
2253 suffix = ".dont-suspend";
2254 ss = &h->ref_event_source_dont_suspend;
2255 }
2256
2257 fn = strjoina("/run/systemd/home/", h->user_name, suffix);
2258
2259 if (!*ss) {
2260 _cleanup_close_ int ref_fd = -1;
2261
2262 (void) mkdir("/run/systemd/home/", 0755);
2263 if (mkfifo(fn, 0600) < 0 && errno != EEXIST)
2264 return log_error_errno(errno, "Failed to create FIFO %s: %m", fn);
2265
2266 ref_fd = open(fn, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
2267 if (ref_fd < 0)
2268 return log_error_errno(errno, "Failed to open FIFO %s for reading: %m", fn);
2269
2270 r = sd_event_add_io(h->manager->event, ss, ref_fd, 0, on_home_ref_eof, h);
2271 if (r < 0)
2272 return log_error_errno(r, "Failed to allocate reference FIFO event source: %m");
2273
2274 (void) sd_event_source_set_description(*ss, "acquire-ref");
2275
2276 r = sd_event_source_set_priority(*ss, SD_EVENT_PRIORITY_IDLE-1);
2277 if (r < 0)
2278 return r;
2279
2280 r = sd_event_source_set_io_fd_own(*ss, true);
2281 if (r < 0)
2282 return log_error_errno(r, "Failed to pass ownership of FIFO event fd to event source: %m");
2283
2284 TAKE_FD(ref_fd);
2285 }
2286
2287 ret_fd = open(fn, O_WRONLY|O_CLOEXEC|O_NONBLOCK);
2288 if (ret_fd < 0)
2289 return log_error_errno(errno, "Failed to open FIFO %s for writing: %m", fn);
2290
2291 return TAKE_FD(ret_fd);
2292}
2293
2294static int home_dispatch_acquire(Home *h, Operation *o) {
2295 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2296 int (*call)(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) = NULL;
2297 HomeState for_state;
2298 int r;
2299
2300 assert(h);
2301 assert(o);
2302 assert(o->type == OPERATION_ACQUIRE);
2303
2304 switch (home_get_state(h)) {
2305
2306 case HOME_UNFIXATED:
2307 for_state = HOME_FIXATING_FOR_ACQUIRE;
2308 call = home_fixate_internal;
2309 break;
2310
2311 case HOME_ABSENT:
2312 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
2313 break;
2314
2315 case HOME_INACTIVE:
2316 for_state = HOME_ACTIVATING_FOR_ACQUIRE;
2317 call = home_activate_internal;
2318 break;
2319
2320 case HOME_ACTIVE:
2321 for_state = HOME_AUTHENTICATING_FOR_ACQUIRE;
2322 call = home_authenticate_internal;
2323 break;
2324
2325 case HOME_LOCKED:
2326 for_state = HOME_UNLOCKING_FOR_ACQUIRE;
2327 call = home_unlock_internal;
2328 break;
2329
2330 default:
2331 /* All other cases means we are currently executing an operation, which means the job remains
2332 * pending. */
2333 return 0;
2334 }
2335
2336 assert(!h->current_operation);
2337
2338 if (call) {
2339 r = home_ratelimit(h, &error);
2340 if (r >= 0)
2341 r = call(h, o->secret, for_state, &error);
2342 }
2343
2344 if (r != 0) /* failure or completed */
2345 operation_result(o, r, &error);
2346 else /* ongoing */
2347 h->current_operation = operation_ref(o);
2348
2349 return 1;
2350}
2351
2352static int home_dispatch_release(Home *h, Operation *o) {
2353 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2354 int r;
2355
2356 assert(h);
2357 assert(o);
2358 assert(o->type == OPERATION_RELEASE);
2359
2360 if (h->ref_event_source_dont_suspend || h->ref_event_source_please_suspend)
2361 /* If there's now a reference again, then let's abort the release attempt */
2362 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_BUSY, "Home %s is currently referenced.", h->user_name);
2363 else {
2364 switch (home_get_state(h)) {
2365
2366 case HOME_UNFIXATED:
2367 case HOME_ABSENT:
2368 case HOME_INACTIVE:
a60416f3 2369 r = 1; /* done */
70a5db58
LP		 2370 break;
2371
2372 case HOME_LOCKED:
2373 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
2374 break;
2375
2376 case HOME_ACTIVE:
2377 r = home_deactivate_internal(h, false, &error);
2378 break;
2379
2380 default:
2381 /* All other cases means we are currently executing an operation, which means the job remains
2382 * pending. */
2383 return 0;
2384 }
2385 }
2386
2387 assert(!h->current_operation);
2388
a60416f3 2389 if (r != 0) /* failure or completed */
70a5db58
LP		 2390 operation_result(o, r, &error);
2391 else /* ongoing */
2392 h->current_operation = operation_ref(o);
2393
2394 return 1;
2395}
2396
2397static int home_dispatch_lock_all(Home *h, Operation *o) {
2398 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2399 int r;
2400
2401 assert(h);
2402 assert(o);
2403 assert(o->type == OPERATION_LOCK_ALL);
2404
2405 switch (home_get_state(h)) {
2406
2407 case HOME_UNFIXATED:
2408 case HOME_ABSENT:
2409 case HOME_INACTIVE:
2410 log_info("Home %s is not active, no locking necessary.", h->user_name);
a60416f3 2411 r = 1; /* done */
70a5db58
LP		 2412 break;
2413
2414 case HOME_LOCKED:
2415 log_info("Home %s is already locked.", h->user_name);
a60416f3 2416 r = 1; /* done */
70a5db58
LP		 2417 break;
2418
2419 case HOME_ACTIVE:
2420 log_info("Locking home %s.", h->user_name);
2421 r = home_lock(h, &error);
2422 break;
2423
2424 default:
2425 /* All other cases means we are currently executing an operation, which means the job remains
2426 * pending. */
2427 return 0;
2428 }
2429
2430 assert(!h->current_operation);
2431
2432 if (r != 0) /* failure or completed */
2433 operation_result(o, r, &error);
2434 else /* ongoing */
2435 h->current_operation = operation_ref(o);
2436
2437 return 1;
2438}
2439
2440static int home_dispatch_pipe_eof(Home *h, Operation *o) {
2441 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2442 int r;
2443
2444 assert(h);
2445 assert(o);
2446 assert(o->type == OPERATION_PIPE_EOF);
2447
2448 if (h->ref_event_source_please_suspend || h->ref_event_source_dont_suspend)
2449 return 1; /* Hmm, there's a reference again, let's cancel this */
2450
2451 switch (home_get_state(h)) {
2452
2453 case HOME_UNFIXATED:
2454 case HOME_ABSENT:
2455 case HOME_INACTIVE:
2456 log_info("Home %s already deactivated, no automatic deactivation needed.", h->user_name);
2457 break;
2458
2459 case HOME_DEACTIVATING:
2460 log_info("Home %s is already being deactivated, automatic deactivated unnecessary.", h->user_name);
2461 break;
2462
2463 case HOME_ACTIVE:
2464 r = home_deactivate_internal(h, false, &error);
2465 if (r < 0)
2466 log_warning_errno(r, "Failed to deactivate %s, ignoring: %s", h->user_name, bus_error_message(&error, r));
2467 break;
2468
2469 case HOME_LOCKED:
2470 default:
2471 /* If the device is locked or any operation is being executed, let's leave this pending */
2472 return 0;
2473 }
2474
2475 /* Note that we don't call operation_fail() or operation_success() here, because this kind of
2476 * operation has no message associated with it, and thus there's no need to propagate success. */
2477
2478 assert(!o->message);
2479 return 1;
2480}
2481
2482static int home_dispatch_deactivate_force(Home *h, Operation *o) {
2483 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2484 int r;
2485
2486 assert(h);
2487 assert(o);
2488 assert(o->type == OPERATION_DEACTIVATE_FORCE);
2489
2490 switch (home_get_state(h)) {
2491
2492 case HOME_UNFIXATED:
2493 case HOME_ABSENT:
2494 case HOME_INACTIVE:
2495 log_debug("Home %s already deactivated, no forced deactivation due to unplug needed.", h->user_name);
2496 break;
2497
2498 case HOME_DEACTIVATING:
2499 log_debug("Home %s is already being deactivated, forced deactivation due to unplug unnecessary.", h->user_name);
2500 break;
2501
2502 case HOME_ACTIVE:
2503 case HOME_LOCKED:
2504 r = home_deactivate_internal(h, true, &error);
2505 if (r < 0)
2506 log_warning_errno(r, "Failed to forcibly deactivate %s, ignoring: %s", h->user_name, bus_error_message(&error, r));
2507 break;
2508
2509 default:
2510 /* If any operation is being executed, let's leave this pending */
2511 return 0;
2512 }
2513
2514 /* Note that we don't call operation_fail() or operation_success() here, because this kind of
2515 * operation has no message associated with it, and thus there's no need to propagate success. */
2516
2517 assert(!o->message);
2518 return 1;
2519}
2520
2521static int on_pending(sd_event_source *s, void *userdata) {
2522 Home *h = userdata;
2523 Operation *o;
2524 int r;
2525
2526 assert(s);
2527 assert(h);
2528
2529 o = ordered_set_first(h->pending_operations);
2530 if (o) {
2531 static int (* const operation_table[_OPERATION_MAX])(Home *h, Operation *o) = {
2532 [OPERATION_ACQUIRE] = home_dispatch_acquire,
2533 [OPERATION_RELEASE] = home_dispatch_release,
2534 [OPERATION_LOCK_ALL] = home_dispatch_lock_all,
2535 [OPERATION_PIPE_EOF] = home_dispatch_pipe_eof,
2536 [OPERATION_DEACTIVATE_FORCE] = home_dispatch_deactivate_force,
2537 };
2538
2539 assert(operation_table[o->type]);
2540 r = operation_table[o->type](h, o);
2541 if (r != 0) {
2542 /* The operation completed, let's remove it from the pending list, and exit while
2543 * leaving the event source enabled as it is. */
2544 assert_se(ordered_set_remove(h->pending_operations, o) == o);
2545 operation_unref(o);
2546 return 0;
2547 }
2548 }
2549
2550 /* Nothing to do anymore, let's turn off this event source */
2551 r = sd_event_source_set_enabled(s, SD_EVENT_OFF);
2552 if (r < 0)
2553 return log_error_errno(r, "Failed to disable event source: %m");
2554
2555 return 0;
2556}
2557
2558int home_schedule_operation(Home *h, Operation *o, sd_bus_error *error) {
2559 int r;
2560
2561 assert(h);
2562
2563 if (o) {
2564 if (ordered_set_size(h->pending_operations) >= PENDING_OPERATIONS_MAX)
2565 return sd_bus_error_setf(error, BUS_ERROR_TOO_MANY_OPERATIONS, "Too many client operations requested");
2566
2567 r = ordered_set_ensure_allocated(&h->pending_operations, &operation_hash_ops);
2568 if (r < 0)
2569 return r;
2570
2571 r = ordered_set_put(h->pending_operations, o);
2572 if (r < 0)
2573 return r;
2574
2575 operation_ref(o);
2576 }
2577
2578 if (!h->pending_event_source) {
2579 r = sd_event_add_defer(h->manager->event, &h->pending_event_source, on_pending, h);
2580 if (r < 0)
2581 return log_error_errno(r, "Failed to allocate pending defer event source: %m");
2582
2583 (void) sd_event_source_set_description(h->pending_event_source, "pending");
2584
2585 r = sd_event_source_set_priority(h->pending_event_source, SD_EVENT_PRIORITY_IDLE);
2586 if (r < 0)
2587 return r;
2588 }
2589
2590 r = sd_event_source_set_enabled(h->pending_event_source, SD_EVENT_ON);
2591 if (r < 0)
2592 return log_error_errno(r, "Failed to trigger pending event source: %m");
2593
2594 return 0;
2595}
2596
2597static int home_get_image_path_seat(Home *h, char **ret) {
2598 _cleanup_(sd_device_unrefp) sd_device *d = NULL;
2599 _cleanup_free_ char *c = NULL;
2600 const char *ip, *seat;
2601 struct stat st;
2602 int r;
2603
2604 assert(h);
2605
2606 if (user_record_storage(h->record) != USER_LUKS)
2607 return -ENXIO;
2608
2609 ip = user_record_image_path(h->record);
2610 if (!ip)
2611 return -ENXIO;
2612
2613 if (!path_startswith(ip, "/dev/"))
2614 return -ENXIO;
2615
2616 if (stat(ip, &st) < 0)
2617 return -errno;
2618
2619 if (!S_ISBLK(st.st_mode))
2620 return -ENOTBLK;
2621
2622 r = sd_device_new_from_devnum(&d, 'b', st.st_rdev);
2623 if (r < 0)
2624 return r;
2625
2626 r = sd_device_get_property_value(d, "ID_SEAT", &seat);
2627 if (r == -ENOENT) /* no property means seat0 */
2628 seat = "seat0";
2629 else if (r < 0)
2630 return r;
2631
2632 c = strdup(seat);
2633 if (!c)
2634 return -ENOMEM;
2635
2636 *ret = TAKE_PTR(c);
2637 return 0;
2638}
2639
2640int home_auto_login(Home *h, char ***ret_seats) {
2641 _cleanup_free_ char *seat = NULL, *seat2 = NULL;
2642
2643 assert(h);
2644 assert(ret_seats);
2645
2646 (void) home_get_image_path_seat(h, &seat);
2647
2648 if (h->record->auto_login > 0 && !streq_ptr(seat, "seat0")) {
2649 /* For now, when the auto-login boolean is set for a user, let's make it mean
2650 * "seat0". Eventually we can extend the concept and allow configuration of any kind of seat,
2651 * but let's keep simple initially, most likely the feature is interesting on single-user
2652 * systems anyway, only.
2653 *
2654 * We filter out users marked for auto-login in we know for sure their home directory is
2655 * absent. */
2656
2657 if (user_record_test_image_path(h->record) != USER_TEST_ABSENT) {
2658 seat2 = strdup("seat0");
2659 if (!seat2)
2660 return -ENOMEM;
2661 }
2662 }
2663
2664 if (seat || seat2) {
2665 _cleanup_strv_free_ char **list = NULL;
2666 size_t i = 0;
2667
2668 list = new(char*, 3);
2669 if (!list)
2670 return -ENOMEM;
2671
2672 if (seat)
2673 list[i++] = TAKE_PTR(seat);
2674 if (seat2)
2675 list[i++] = TAKE_PTR(seat2);
2676
2677 list[i] = NULL;
2678 *ret_seats = TAKE_PTR(list);
2679 return 1;
2680 }
2681
2682 *ret_seats = NULL;
2683 return 0;
2684}
2685
2686int home_set_current_message(Home *h, sd_bus_message *m) {
2687 assert(h);
2688
2689 if (!m)
2690 return 0;
2691
2692 if (h->current_operation)
2693 return -EBUSY;
2694
2695 h->current_operation = operation_new(OPERATION_IMMEDIATE, m);
2696 if (!h->current_operation)
2697 return -ENOMEM;
2698
2699 return 1;
2700}
2701
2702static const char* const home_state_table[_HOME_STATE_MAX] = {
2703 [HOME_UNFIXATED] = "unfixated",
2704 [HOME_ABSENT] = "absent",
2705 [HOME_INACTIVE] = "inactive",
2706 [HOME_FIXATING] = "fixating",
2707 [HOME_FIXATING_FOR_ACTIVATION] = "fixating-for-activation",
2708 [HOME_FIXATING_FOR_ACQUIRE] = "fixating-for-acquire",
2709 [HOME_ACTIVATING] = "activating",
2710 [HOME_ACTIVATING_FOR_ACQUIRE] = "activating-for-acquire",
2711 [HOME_DEACTIVATING] = "deactivating",
2712 [HOME_ACTIVE] = "active",
2713 [HOME_LOCKING] = "locking",
2714 [HOME_LOCKED] = "locked",
2715 [HOME_UNLOCKING] = "unlocking",
2716 [HOME_UNLOCKING_FOR_ACQUIRE] = "unlocking-for-acquire",
2717 [HOME_CREATING] = "creating",
2718 [HOME_REMOVING] = "removing",
2719 [HOME_UPDATING] = "updating",
2720 [HOME_UPDATING_WHILE_ACTIVE] = "updating-while-active",
2721 [HOME_RESIZING] = "resizing",
2722 [HOME_RESIZING_WHILE_ACTIVE] = "resizing-while-active",
2723 [HOME_PASSWD] = "passwd",
2724 [HOME_PASSWD_WHILE_ACTIVE] = "passwd-while-active",
2725 [HOME_AUTHENTICATING] = "authenticating",
2726 [HOME_AUTHENTICATING_WHILE_ACTIVE] = "authenticating-while-active",
2727 [HOME_AUTHENTICATING_FOR_ACQUIRE] = "authenticating-for-acquire",
2728};
2729
2730DEFINE_STRING_TABLE_LOOKUP(home_state, HomeState);
Unnamed repository; edit this file 'description' to name the repository.