]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/shared/user-record.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #15442 from poettering/fido2
[thirdparty/systemd.git] / src / shared / user-record.c
CommitLineData
71d0b9d4
LP		 1/* SPDX-License-Identifier: LGPL-2.1+ */
2
3#include <sys/mount.h>
4
5#include "cgroup-util.h"
6#include "dns-domain.h"
7#include "env-util.h"
8#include "fs-util.h"
9#include "hexdecoct.h"
10#include "hostname-util.h"
11#include "memory-util.h"
12#include "path-util.h"
13#include "pkcs11-util.h"
14#include "rlimit-util.h"
15#include "stat-util.h"
16#include "string-table.h"
17#include "strv.h"
18#include "user-record.h"
19#include "user-util.h"
20
21#define DEFAULT_RATELIMIT_BURST 30
22#define DEFAULT_RATELIMIT_INTERVAL_USEC (1*USEC_PER_MINUTE)
23
24UserRecord* user_record_new(void) {
25 UserRecord *h;
26
27 h = new(UserRecord, 1);
28 if (!h)
29 return NULL;
30
31 *h = (UserRecord) {
32 .n_ref = 1,
33 .disposition = _USER_DISPOSITION_INVALID,
34 .last_change_usec = UINT64_MAX,
35 .last_password_change_usec = UINT64_MAX,
36 .umask = MODE_INVALID,
37 .nice_level = INT_MAX,
38 .not_before_usec = UINT64_MAX,
39 .not_after_usec = UINT64_MAX,
40 .locked = -1,
41 .storage = _USER_STORAGE_INVALID,
42 .access_mode = MODE_INVALID,
43 .disk_size = UINT64_MAX,
44 .disk_size_relative = UINT64_MAX,
45 .tasks_max = UINT64_MAX,
46 .memory_high = UINT64_MAX,
47 .memory_max = UINT64_MAX,
48 .cpu_weight = UINT64_MAX,
49 .io_weight = UINT64_MAX,
50 .uid = UID_INVALID,
51 .gid = GID_INVALID,
52 .nodev = true,
53 .nosuid = true,
54 .luks_discard = -1,
5e86c82a 55 .luks_offline_discard = -1,
71d0b9d4
LP		 56 .luks_volume_key_size = UINT64_MAX,
57 .luks_pbkdf_time_cost_usec = UINT64_MAX,
58 .luks_pbkdf_memory_cost = UINT64_MAX,
59 .luks_pbkdf_parallel_threads = UINT64_MAX,
60 .disk_usage = UINT64_MAX,
61 .disk_free = UINT64_MAX,
62 .disk_ceiling = UINT64_MAX,
63 .disk_floor = UINT64_MAX,
64 .signed_locally = -1,
65 .good_authentication_counter = UINT64_MAX,
66 .bad_authentication_counter = UINT64_MAX,
67 .last_good_authentication_usec = UINT64_MAX,
68 .last_bad_authentication_usec = UINT64_MAX,
69 .ratelimit_begin_usec = UINT64_MAX,
70 .ratelimit_count = UINT64_MAX,
71 .ratelimit_interval_usec = UINT64_MAX,
72 .ratelimit_burst = UINT64_MAX,
73 .removable = -1,
74 .enforce_password_policy = -1,
75 .auto_login = -1,
76 .stop_delay_usec = UINT64_MAX,
77 .kill_processes = -1,
78 .password_change_min_usec = UINT64_MAX,
79 .password_change_max_usec = UINT64_MAX,
80 .password_change_warn_usec = UINT64_MAX,
81 .password_change_inactive_usec = UINT64_MAX,
82 .password_change_now = -1,
83 .pkcs11_protected_authentication_path_permitted = -1,
7b78db28 84 .fido2_user_presence_permitted = -1,
71d0b9d4
LP		 85 };
86
87 return h;
88}
89
90static void pkcs11_encrypted_key_done(Pkcs11EncryptedKey *k) {
91 if (!k)
92 return;
93
94 free(k->uri);
95 erase_and_free(k->data);
96 erase_and_free(k->hashed_password);
97}
98
5e4fa456
LP		 99static void fido2_hmac_credential_done(Fido2HmacCredential *c) {
100 if (!c)
101 return;
102
103 free(c->id);
104}
105
106static void fido2_hmac_salt_done(Fido2HmacSalt *s) {
107 if (!s)
108 return;
109
110 fido2_hmac_credential_done(&s->credential);
111 erase_and_free(s->salt);
112 erase_and_free(s->hashed_password);
113}
114
71d0b9d4
LP		 115static UserRecord* user_record_free(UserRecord *h) {
116 if (!h)
117 return NULL;
118
119 free(h->user_name);
120 free(h->realm);
121 free(h->user_name_and_realm_auto);
122 free(h->real_name);
123 free(h->email_address);
124 erase_and_free(h->password_hint);
125 free(h->location);
126 free(h->icon_name);
127
128 free(h->shell);
129
130 strv_free(h->environment);
131 free(h->time_zone);
132 free(h->preferred_language);
133 rlimit_free_all(h->rlimits);
134
135 free(h->skeleton_directory);
136
137 strv_free_erase(h->hashed_password);
138 strv_free_erase(h->ssh_authorized_keys);
139 strv_free_erase(h->password);
c0bde0d2 140 strv_free_erase(h->token_pin);
71d0b9d4
LP		 141
142 free(h->cifs_service);
143 free(h->cifs_user_name);
144 free(h->cifs_domain);
145
146 free(h->image_path);
147 free(h->image_path_auto);
148 free(h->home_directory);
149 free(h->home_directory_auto);
150
151 strv_free(h->member_of);
152
153 free(h->file_system_type);
154 free(h->luks_cipher);
155 free(h->luks_cipher_mode);
156 free(h->luks_pbkdf_hash_algorithm);
157 free(h->luks_pbkdf_type);
158
159 free(h->state);
160 free(h->service);
161
162 strv_free(h->pkcs11_token_uri);
163 for (size_t i = 0; i < h->n_pkcs11_encrypted_key; i++)
164 pkcs11_encrypted_key_done(h->pkcs11_encrypted_key + i);
165 free(h->pkcs11_encrypted_key);
166
5e4fa456
LP		 167 for (size_t i = 0; i < h->n_fido2_hmac_credential; i++)
168 fido2_hmac_credential_done(h->fido2_hmac_credential + i);
169 for (size_t i = 0; i < h->n_fido2_hmac_salt; i++)
170 fido2_hmac_salt_done(h->fido2_hmac_salt + i);
171
71d0b9d4
LP		 172 json_variant_unref(h->json);
173
174 return mfree(h);
175}
176
177DEFINE_TRIVIAL_REF_UNREF_FUNC(UserRecord, user_record, user_record_free);
178
179int json_dispatch_realm(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
180 char **s = userdata;
181 const char *n;
182 int r;
183
184 if (json_variant_is_null(variant)) {
185 *s = mfree(*s);
186 return 0;
187 }
188
189 if (!json_variant_is_string(variant))
190 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
191
192 n = json_variant_string(variant);
193 r = dns_name_is_valid(n);
194 if (r < 0)
195 return json_log(variant, flags, r, "Failed to check if JSON field '%s' is a valid DNS domain.", strna(name));
196 if (r == 0)
197 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid DNS domain.", strna(name));
198
199 r = free_and_strdup(s, n);
200 if (r < 0)
201 return json_log(variant, flags, r, "Failed to allocate string: %m");
202
203 return 0;
204}
205
206static int json_dispatch_gecos(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
207 char **s = userdata;
208 const char *n;
209 int r;
210
211 if (json_variant_is_null(variant)) {
212 *s = mfree(*s);
213 return 0;
214 }
215
216 if (!json_variant_is_string(variant))
217 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
218
219 n = json_variant_string(variant);
220 if (!valid_gecos(n))
221 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid GECOS compatible real name.", strna(name));
222
223 r = free_and_strdup(s, n);
224 if (r < 0)
225 return json_log(variant, flags, r, "Failed to allocate string: %m");
226
227 return 0;
228}
229
230static int json_dispatch_nice(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
231 int *nl = userdata;
232 intmax_t m;
233
234 if (json_variant_is_null(variant)) {
235 *nl = INT_MAX;
236 return 0;
237 }
238
239 if (!json_variant_is_integer(variant))
240 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
241
242 m = json_variant_integer(variant);
243 if (m < PRIO_MIN || m >= PRIO_MAX)
244 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not a valid nice level.", strna(name));
245
246 *nl = m;
247 return 0;
248}
249
250static int json_dispatch_rlimit_value(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
251 rlim_t *ret = userdata;
252
253 if (json_variant_is_null(variant))
254 *ret = RLIM_INFINITY;
255 else if (json_variant_is_unsigned(variant)) {
256 uintmax_t w;
257
258 w = json_variant_unsigned(variant);
259 if (w == RLIM_INFINITY || (uintmax_t) w != json_variant_unsigned(variant))
260 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "Resource limit value '%s' is out of range.", name);
261
262 *ret = (rlim_t) w;
263 } else
264 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit value '%s' is not an unsigned integer.", name);
265
266 return 0;
267}
268
269static int json_dispatch_rlimits(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
270 struct rlimit** limits = userdata;
271 JsonVariant *value;
272 const char *key;
273 int r;
274
275 assert_se(limits);
276
277 if (json_variant_is_null(variant)) {
278 rlimit_free_all(limits);
279 return 0;
280 }
281
282 if (!json_variant_is_object(variant))
283 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an object.", strna(name));
284
285 JSON_VARIANT_OBJECT_FOREACH(key, value, variant) {
286 JsonVariant *jcur, *jmax;
287 struct rlimit rl;
288 const char *p;
289 int l;
290
291 p = startswith(key, "RLIMIT_");
292 if (!p)
293 l = -1;
294 else
295 l = rlimit_from_string(p);
296 if (l < 0)
297 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' not known.", key);
298
299 if (!json_variant_is_object(value))
300 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' has invalid value.", key);
301
302 if (json_variant_elements(value) != 4)
303 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' value is does not have two fields as expected.", key);
304
305 jcur = json_variant_by_key(value, "cur");
306 if (!jcur)
307 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' lacks 'cur' field.", key);
308 r = json_dispatch_rlimit_value("cur", jcur, flags, &rl.rlim_cur);
309 if (r < 0)
310 return r;
311
312 jmax = json_variant_by_key(value, "max");
313 if (!jmax)
314 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' lacks 'max' field.", key);
315 r = json_dispatch_rlimit_value("max", jmax, flags, &rl.rlim_max);
316 if (r < 0)
317 return r;
318
319 if (limits[l])
320 *(limits[l]) = rl;
321 else {
322 limits[l] = newdup(struct rlimit, &rl, 1);
323 if (!limits[l])
324 return log_oom();
325 }
326 }
327
328 return 0;
329}
330
331static int json_dispatch_filename_or_path(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
332 char **s = userdata;
333 const char *n;
334 int r;
335
336 assert(s);
337
338 if (json_variant_is_null(variant)) {
339 *s = mfree(*s);
340 return 0;
341 }
342
343 if (!json_variant_is_string(variant))
344 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
345
346 n = json_variant_string(variant);
347 if (!filename_is_valid(n) && !path_is_normalized(n))
348 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid file name or normalized path.", strna(name));
349
350 r = free_and_strdup(s, n);
351 if (r < 0)
352 return json_log(variant, flags, r, "Failed to allocate string: %m");
353
354 return 0;
355}
356
357static int json_dispatch_path(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
358 char **s = userdata;
359 const char *n;
360 int r;
361
362 if (json_variant_is_null(variant)) {
363 *s = mfree(*s);
364 return 0;
365 }
366
367 if (!json_variant_is_string(variant))
368 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
369
370 n = json_variant_string(variant);
371 if (!path_is_normalized(n))
372 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a normalized file system path.", strna(name));
373 if (!path_is_absolute(n))
374 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an absolute file system path.", strna(name));
375
376 r = free_and_strdup(s, n);
377 if (r < 0)
378 return json_log(variant, flags, r, "Failed to allocate string: %m");
379
380 return 0;
381}
382
383static int json_dispatch_home_directory(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
384 char **s = userdata;
385 const char *n;
386 int r;
387
388 if (json_variant_is_null(variant)) {
389 *s = mfree(*s);
390 return 0;
391 }
392
393 if (!json_variant_is_string(variant))
394 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
395
396 n = json_variant_string(variant);
397 if (!valid_home(n))
398 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid home directory path.", strna(name));
399
400 r = free_and_strdup(s, n);
401 if (r < 0)
402 return json_log(variant, flags, r, "Failed to allocate string: %m");
403
404 return 0;
405}
406
407static int json_dispatch_image_path(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
408 char **s = userdata;
409 const char *n;
410 int r;
411
412 if (json_variant_is_null(variant)) {
413 *s = mfree(*s);
414 return 0;
415 }
416
417 if (!json_variant_is_string(variant))
418 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
419
420 n = json_variant_string(variant);
421 if (empty_or_root(n) || !path_is_valid(n) || !path_is_absolute(n))
422 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid image path.", strna(name));
423
424 r = free_and_strdup(s, n);
425 if (r < 0)
426 return json_log(variant, flags, r, "Failed to allocate string: %m");
427
428 return 0;
429}
430
431static int json_dispatch_umask(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
432 mode_t *m = userdata;
433 uintmax_t k;
434
435 if (json_variant_is_null(variant)) {
436 *m = (mode_t) -1;
437 return 0;
438 }
439
440 if (!json_variant_is_unsigned(variant))
441 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a number.", strna(name));
442
443 k = json_variant_unsigned(variant);
444 if (k > 0777)
445 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' outside of valid range 0…0777.", strna(name));
446
447 *m = (mode_t) k;
448 return 0;
449}
450
451static int json_dispatch_access_mode(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
452 mode_t *m = userdata;
453 uintmax_t k;
454
455 if (json_variant_is_null(variant)) {
456 *m = (mode_t) -1;
457 return 0;
458 }
459
460 if (!json_variant_is_unsigned(variant))
461 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a number.", strna(name));
462
463 k = json_variant_unsigned(variant);
464 if (k > 07777)
465 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' outside of valid range 0…07777.", strna(name));
466
467 *m = (mode_t) k;
468 return 0;
469}
470
471static int json_dispatch_environment(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
472 _cleanup_strv_free_ char **n = NULL;
473 char ***l = userdata;
474 size_t i;
475 int r;
476
477 if (json_variant_is_null(variant)) {
478 *l = strv_free(*l);
479 return 0;
480 }
481
482 if (!json_variant_is_array(variant))
483 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array.", strna(name));
484
485 for (i = 0; i < json_variant_elements(variant); i++) {
486 _cleanup_free_ char *c = NULL;
487 JsonVariant *e;
488 const char *a;
489
490 e = json_variant_by_index(variant, i);
491 if (!json_variant_is_string(e))
492 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of strings.", strna(name));
493
494 assert_se(a = json_variant_string(e));
495
496 if (!env_assignment_is_valid(a))
497 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of environment variables.", strna(name));
498
499 c = strdup(a);
500 if (!c)
501 return json_log_oom(variant, flags);
502
503 r = strv_env_replace(&n, c);
504 if (r < 0)
505 return json_log_oom(variant, flags);
506
507 c = NULL;
508 }
509
510 strv_free_and_replace(*l, n);
511 return 0;
512}
513
514int json_dispatch_user_disposition(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
515 UserDisposition *disposition = userdata, k;
516
517 if (json_variant_is_null(variant)) {
518 *disposition = _USER_DISPOSITION_INVALID;
519 return 0;
520 }
521
522 if (!json_variant_is_string(variant))
523 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
524
525 k = user_disposition_from_string(json_variant_string(variant));
526 if (k < 0)
527 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Disposition type '%s' not known.", json_variant_string(variant));
528
529 *disposition = k;
530 return 0;
531}
532
533static int json_dispatch_storage(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
534 UserStorage *storage = userdata, k;
535
536 if (json_variant_is_null(variant)) {
537 *storage = _USER_STORAGE_INVALID;
538 return 0;
539 }
540
541 if (!json_variant_is_string(variant))
542 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
543
544 k = user_storage_from_string(json_variant_string(variant));
545 if (k < 0)
546 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Storage type '%s' not known.", json_variant_string(variant));
547
548 *storage = k;
549 return 0;
550}
551
552static int json_dispatch_disk_size(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
553 uint64_t *size = userdata;
554 uintmax_t k;
555
556 if (json_variant_is_null(variant)) {
557 *size = UINT64_MAX;
558 return 0;
559 }
560
561 if (!json_variant_is_unsigned(variant))
562 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an integer.", strna(name));
563
564 k = json_variant_unsigned(variant);
565 if (k < USER_DISK_SIZE_MIN || k > USER_DISK_SIZE_MAX)
566 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not in valid range %" PRIu64 "…%" PRIu64 ".", strna(name), USER_DISK_SIZE_MIN, USER_DISK_SIZE_MAX);
567
568 *size = k;
569 return 0;
570}
571
572static int json_dispatch_tasks_or_memory_max(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
573 uint64_t *limit = userdata;
574 uintmax_t k;
575
576 if (json_variant_is_null(variant)) {
577 *limit = UINT64_MAX;
578 return 0;
579 }
580
581 if (!json_variant_is_unsigned(variant))
582 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a integer.", strna(name));
583
584 k = json_variant_unsigned(variant);
585 if (k <= 0 || k >= UINT64_MAX)
586 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not in valid range %" PRIu64 "…%" PRIu64 ".", strna(name), (uint64_t) 1, UINT64_MAX-1);
587
588 *limit = k;
589 return 0;
590}
591
592static int json_dispatch_weight(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
593 uint64_t *weight = userdata;
594 uintmax_t k;
595
596 if (json_variant_is_null(variant)) {
597 *weight = UINT64_MAX;
598 return 0;
599 }
600
601 if (!json_variant_is_unsigned(variant))
602 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a integer.", strna(name));
603
604 k = json_variant_unsigned(variant);
605 if (k <= CGROUP_WEIGHT_MIN || k >= CGROUP_WEIGHT_MAX)
606 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not in valid range %" PRIu64 "…%" PRIu64 ".", strna(name), (uint64_t) CGROUP_WEIGHT_MIN, (uint64_t) CGROUP_WEIGHT_MAX);
607
608 *weight = k;
609 return 0;
610}
611
612int json_dispatch_user_group_list(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
613 _cleanup_strv_free_ char **l = NULL;
614 char ***list = userdata;
615 JsonVariant *e;
616 int r;
617
618 if (!json_variant_is_array(variant))
619 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of strings.", strna(name));
620
621 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
622
623 if (!json_variant_is_string(e))
624 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string.");
625
7a8867ab 626 if (!valid_user_group_name(json_variant_string(e), FLAGS_SET(flags, JSON_RELAX) ? VALID_USER_RELAX : 0))
71d0b9d4
LP		 627 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a valid user/group name: %s", json_variant_string(e));
628
629 r = strv_extend(&l, json_variant_string(e));
630 if (r < 0)
631 return json_log(e, flags, r, "Failed to append array element: %m");
632 }
633
634 r = strv_extend_strv(list, l, true);
635 if (r < 0)
636 return json_log(variant, flags, r, "Failed to merge user/group arrays: %m");
637
638 return 0;
639}
640
641static int dispatch_secret(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
642
643 static const JsonDispatch secret_dispatch_table[] = {
644 { "password", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, password), 0 },
c0bde0d2
LP		 645 { "tokenPin", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, token_pin), 0 },
646 { "pkcs11Pin", /* legacy alias */ _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, token_pin), 0 },
71d0b9d4 647 { "pkcs11ProtectedAuthenticationPathPermitted", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, pkcs11_protected_authentication_path_permitted), 0 },
7b78db28 648 { "fido2UserPresencePermitted", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, fido2_user_presence_permitted), 0 },
71d0b9d4
LP		 649 {},
650 };
651
652 return json_dispatch(variant, secret_dispatch_table, NULL, flags, userdata);
653}
654
655static int dispatch_pkcs11_uri(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
656 char **s = userdata;
657 const char *n;
658 int r;
659
660 if (json_variant_is_null(variant)) {
661 *s = mfree(*s);
662 return 0;
663 }
664
665 if (!json_variant_is_string(variant))
666 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
667
668 n = json_variant_string(variant);
669 if (!pkcs11_uri_valid(n))
670 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid RFC7512 PKCS#11 URI.", strna(name));
671
672 r = free_and_strdup(s, n);
673 if (r < 0)
674 return json_log(variant, flags, r, "Failed to allocate string: %m");
675
676 return 0;
677}
678
679static int dispatch_pkcs11_uri_array(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
680 _cleanup_strv_free_ char **z = NULL;
681 char ***l = userdata;
682 JsonVariant *e;
683 int r;
684
685 if (json_variant_is_null(variant)) {
686 *l = strv_free(*l);
687 return 0;
688 }
689
690 if (json_variant_is_string(variant)) {
691 const char *n;
692
693 n = json_variant_string(variant);
694 if (!pkcs11_uri_valid(n))
695 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid RFC7512 PKCS#11 URI.", strna(name));
696
697 z = strv_new(n);
698 if (!z)
699 return log_oom();
700
701 } else {
702
703 if (!json_variant_is_array(variant))
704 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string or array of strings.", strna(name));
705
706 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
707 const char *n;
708
709 if (!json_variant_is_string(e))
710 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string.");
711
712 n = json_variant_string(e);
713 if (!pkcs11_uri_valid(n))
714 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element in '%s' is not a valid RFC7512 PKCS#11 URI: %s", strna(name), n);
715
716 r = strv_extend(&z, n);
717 if (r < 0)
718 return log_oom();
719 }
720 }
721
722 strv_free_and_replace(*l, z);
723 return 0;
724}
725
726static int dispatch_pkcs11_key_data(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
727 Pkcs11EncryptedKey *k = userdata;
728 size_t l;
729 void *b;
730 int r;
731
732 if (json_variant_is_null(variant)) {
d00f3183 733 k->data = erase_and_free(k->data);
71d0b9d4
LP		 734 k->size = 0;
735 return 0;
736 }
737
738 if (!json_variant_is_string(variant))
739 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
740
741 r = unbase64mem(json_variant_string(variant), (size_t) -1, &b, &l);
742 if (r < 0)
743 return json_log(variant, flags, r, "Failed to decode encrypted PKCS#11 key: %m");
744
745 erase_and_free(k->data);
746 k->data = b;
747 k->size = l;
748
749 return 0;
750}
751
752static int dispatch_pkcs11_key(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
753 UserRecord *h = userdata;
754 JsonVariant *e;
755 int r;
756
757 if (!json_variant_is_array(variant))
758 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
759
760 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
761 Pkcs11EncryptedKey *array, *k;
762
763 static const JsonDispatch pkcs11_key_dispatch_table[] = {
764 { "uri", JSON_VARIANT_STRING, dispatch_pkcs11_uri, offsetof(Pkcs11EncryptedKey, uri), JSON_MANDATORY },
765 { "data", JSON_VARIANT_STRING, dispatch_pkcs11_key_data, 0, JSON_MANDATORY },
766 { "hashedPassword", JSON_VARIANT_STRING, json_dispatch_string, offsetof(Pkcs11EncryptedKey, hashed_password), JSON_MANDATORY },
767 {},
768 };
769
770 if (!json_variant_is_object(e))
771 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not an object.");
772
773 array = reallocarray(h->pkcs11_encrypted_key, h->n_pkcs11_encrypted_key + 1, sizeof(Pkcs11EncryptedKey));
774 if (!array)
775 return log_oom();
776
777 h->pkcs11_encrypted_key = array;
778 k = h->pkcs11_encrypted_key + h->n_pkcs11_encrypted_key;
779 *k = (Pkcs11EncryptedKey) {};
780
781 r = json_dispatch(e, pkcs11_key_dispatch_table, NULL, flags, k);
782 if (r < 0) {
783 pkcs11_encrypted_key_done(k);
784 return r;
785 }
786
787 h->n_pkcs11_encrypted_key++;
788 }
789
790 return 0;
791}
792
5e4fa456
LP		 793static int dispatch_fido2_hmac_credential(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
794 Fido2HmacCredential *k = userdata;
795 size_t l;
796 void *b;
797 int r;
798
799 if (json_variant_is_null(variant)) {
800 k->id = mfree(k->id);
801 k->size = 0;
802 return 0;
803 }
804
805 if (!json_variant_is_string(variant))
806 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
807
808 r = unbase64mem(json_variant_string(variant), (size_t) -1, &b, &l);
809 if (r < 0)
810 return json_log(variant, flags, r, "Failed to decode FIDO2 credential ID: %m");
811
812 free_and_replace(k->id, b);
813 k->size = l;
814
815 return 0;
816}
817
818static int dispatch_fido2_hmac_credential_array(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
819 UserRecord *h = userdata;
820 JsonVariant *e;
821 int r;
822
823 if (!json_variant_is_array(variant))
824 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of strings.", strna(name));
825
826 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
827 Fido2HmacCredential *array;
828 size_t l;
829 void *b;
830
831 if (!json_variant_is_string(e))
832 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string.");
833
834 array = reallocarray(h->fido2_hmac_credential, h->n_fido2_hmac_credential + 1, sizeof(Fido2HmacCredential));
835 if (!array)
836 return log_oom();
837
838 r = unbase64mem(json_variant_string(e), (size_t) -1, &b, &l);
839 if (r < 0)
840 return json_log(variant, flags, r, "Failed to decode FIDO2 credential ID: %m");
841
842 h->fido2_hmac_credential = array;
843
844 h->fido2_hmac_credential[h->n_fido2_hmac_credential++] = (Fido2HmacCredential) {
845 .id = b,
846 .size = l,
847 };
848 }
849
850 return 0;
851}
852
853static int dispatch_fido2_hmac_salt_value(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
854 Fido2HmacSalt *k = userdata;
855 size_t l;
856 void *b;
857 int r;
858
859 if (json_variant_is_null(variant)) {
860 k->salt = erase_and_free(k->salt);
861 k->salt_size = 0;
862 return 0;
863 }
864
865 if (!json_variant_is_string(variant))
866 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
867
868 r = unbase64mem(json_variant_string(variant), (size_t) -1, &b, &l);
869 if (r < 0)
870 return json_log(variant, flags, r, "Failed to decode FIDO2 salt: %m");
871
872 erase_and_free(k->salt);
873 k->salt = b;
874 k->salt_size = l;
875
876 return 0;
877}
878
879static int dispatch_fido2_hmac_salt(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
880 UserRecord *h = userdata;
881 JsonVariant *e;
882 int r;
883
884 if (!json_variant_is_array(variant))
885 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
886
887 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
888 Fido2HmacSalt *array, *k;
889
890 static const JsonDispatch fido2_hmac_salt_dispatch_table[] = {
891 { "credential", JSON_VARIANT_STRING, dispatch_fido2_hmac_credential, offsetof(Fido2HmacSalt, credential), JSON_MANDATORY },
892 { "salt", JSON_VARIANT_STRING, dispatch_fido2_hmac_salt_value, 0, JSON_MANDATORY },
893 { "hashedPassword", JSON_VARIANT_STRING, json_dispatch_string, offsetof(Fido2HmacSalt, hashed_password), JSON_MANDATORY },
894 {},
895 };
896
897 if (!json_variant_is_object(e))
898 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not an object.");
899
900 array = reallocarray(h->fido2_hmac_salt, h->n_fido2_hmac_salt + 1, sizeof(Fido2HmacSalt));
901 if (!array)
902 return log_oom();
903
904 h->fido2_hmac_salt = array;
905 k = h->fido2_hmac_salt + h->n_fido2_hmac_salt;
906 *k = (Fido2HmacSalt) {};
907
908 r = json_dispatch(e, fido2_hmac_salt_dispatch_table, NULL, flags, k);
909 if (r < 0) {
910 fido2_hmac_salt_done(k);
911 return r;
912 }
913
914 h->n_fido2_hmac_salt++;
915 }
916
917 return 0;
918}
919
71d0b9d4
LP		 920static int dispatch_privileged(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
921
922 static const JsonDispatch privileged_dispatch_table[] = {
5e4fa456
LP		 923 { "passwordHint", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, password_hint), 0 },
924 { "hashedPassword", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, hashed_password), JSON_SAFE },
925 { "sshAuthorizedKeys", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, ssh_authorized_keys), 0 },
926 { "pkcs11EncryptedKey", JSON_VARIANT_ARRAY, dispatch_pkcs11_key, 0, 0 },
927 { "fido2HmacSalt", JSON_VARIANT_ARRAY, dispatch_fido2_hmac_salt, 0, 0 },
71d0b9d4
LP		 928 {},
929 };
930
931 return json_dispatch(variant, privileged_dispatch_table, NULL, flags, userdata);
932}
933
934static int dispatch_binding(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
935
936 static const JsonDispatch binding_dispatch_table[] = {
937 { "imagePath", JSON_VARIANT_STRING, json_dispatch_image_path, offsetof(UserRecord, image_path), 0 },
938 { "homeDirectory", JSON_VARIANT_STRING, json_dispatch_home_directory, offsetof(UserRecord, home_directory), 0 },
939 { "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 },
940 { "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 },
941 { "fileSystemUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, file_system_uuid), 0 },
942 { "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 },
943 { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 },
944 { "storage", JSON_VARIANT_STRING, json_dispatch_storage, offsetof(UserRecord, storage), 0 },
945 { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
946 { "luksCipher", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher), JSON_SAFE },
947 { "luksCipherMode", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher_mode), JSON_SAFE },
948 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_volume_key_size), 0 },
949 {},
950 };
951
952 char smid[SD_ID128_STRING_MAX];
953 JsonVariant *m;
954 sd_id128_t mid;
955 int r;
956
957 if (!variant)
958 return 0;
959
960 if (!json_variant_is_object(variant))
961 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an object.", strna(name));
962
963 r = sd_id128_get_machine(&mid);
964 if (r < 0)
965 return json_log(variant, flags, r, "Failed to determine machine ID: %m");
966
967 m = json_variant_by_key(variant, sd_id128_to_string(mid, smid));
968 if (!m)
969 return 0;
970
971 return json_dispatch(m, binding_dispatch_table, NULL, flags, userdata);
972}
973
974int per_machine_id_match(JsonVariant *ids, JsonDispatchFlags flags) {
975 sd_id128_t mid;
976 int r;
977
978 r = sd_id128_get_machine(&mid);
979 if (r < 0)
980 return json_log(ids, flags, r, "Failed to acquire machine ID: %m");
981
982 if (json_variant_is_string(ids)) {
983 sd_id128_t k;
984
985 r = sd_id128_from_string(json_variant_string(ids), &k);
986 if (r < 0) {
987 json_log(ids, flags, r, "%s is not a valid machine ID, ignoring: %m", json_variant_string(ids));
988 return 0;
989 }
990
991 return sd_id128_equal(mid, k);
992 }
993
994 if (json_variant_is_array(ids)) {
995 JsonVariant *e;
996
997 JSON_VARIANT_ARRAY_FOREACH(e, ids) {
998 sd_id128_t k;
999
1000 if (!json_variant_is_string(e)) {
1001 json_log(e, flags, 0, "Machine ID is not a string, ignoring: %m");
1002 continue;
1003 }
1004
1005 r = sd_id128_from_string(json_variant_string(e), &k);
1006 if (r < 0) {
1007 json_log(e, flags, r, "%s is not a valid machine ID, ignoring: %m", json_variant_string(e));
1008 continue;
1009 }
1010
1011 if (sd_id128_equal(mid, k))
1012 return true;
1013 }
1014
1015 return false;
1016 }
1017
1018 json_log(ids, flags, 0, "Machine ID is not a string or array of strings, ignoring: %m");
1019 return false;
1020}
1021
1022int per_machine_hostname_match(JsonVariant *hns, JsonDispatchFlags flags) {
1023 _cleanup_free_ char *hn = NULL;
1024 int r;
1025
1026 r = gethostname_strict(&hn);
1027 if (r == -ENXIO) {
1028 json_log(hns, flags, r, "No hostname set, not matching perMachine hostname record: %m");
1029 return false;
1030 }
1031 if (r < 0)
1032 return json_log(hns, flags, r, "Failed to acquire hostname: %m");
1033
1034 if (json_variant_is_string(hns))
1035 return streq(json_variant_string(hns), hn);
1036
1037 if (json_variant_is_array(hns)) {
1038 JsonVariant *e;
1039
1040 JSON_VARIANT_ARRAY_FOREACH(e, hns) {
1041
1042 if (!json_variant_is_string(e)) {
1043 json_log(e, flags, 0, "Hostname is not a string, ignoring: %m");
1044 continue;
1045 }
1046
1047 if (streq(json_variant_string(hns), hn))
1048 return true;
1049 }
1050
1051 return false;
1052 }
1053
1054 json_log(hns, flags, 0, "Hostname is not a string or array of strings, ignoring: %m");
1055 return false;
1056}
1057
1058static int dispatch_per_machine(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1059
1060 static const JsonDispatch per_machine_dispatch_table[] = {
5e4fa456
LP		 1061 { "matchMachineId", _JSON_VARIANT_TYPE_INVALID, NULL, 0, 0 },
1062 { "matchHostname", _JSON_VARIANT_TYPE_INVALID, NULL, 0, 0 },
1063 { "iconName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, icon_name), JSON_SAFE },
1064 { "location", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, location), 0 },
1065 { "shell", JSON_VARIANT_STRING, json_dispatch_filename_or_path, offsetof(UserRecord, shell), 0 },
1066 { "umask", JSON_VARIANT_UNSIGNED, json_dispatch_umask, offsetof(UserRecord, umask), 0 },
1067 { "environment", JSON_VARIANT_ARRAY, json_dispatch_environment, offsetof(UserRecord, environment), 0 },
1068 { "timeZone", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, time_zone), JSON_SAFE },
1069 { "preferredLanguage", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, preferred_language), JSON_SAFE },
1070 { "niceLevel", _JSON_VARIANT_TYPE_INVALID, json_dispatch_nice, offsetof(UserRecord, nice_level), 0 },
1071 { "resourceLimits", _JSON_VARIANT_TYPE_INVALID, json_dispatch_rlimits, offsetof(UserRecord, rlimits), 0 },
1072 { "locked", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, locked), 0 },
1073 { "notBeforeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_before_usec), 0 },
1074 { "notAfterUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_after_usec), 0 },
1075 { "storage", JSON_VARIANT_STRING, json_dispatch_storage, offsetof(UserRecord, storage), 0 },
1076 { "diskSize", JSON_VARIANT_UNSIGNED, json_dispatch_disk_size, offsetof(UserRecord, disk_size), 0 },
1077 { "diskSizeRelative", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_size_relative), 0 },
1078 { "skeletonDirectory", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, skeleton_directory), 0 },
1079 { "accessMode", JSON_VARIANT_UNSIGNED, json_dispatch_access_mode, offsetof(UserRecord, access_mode), 0 },
1080 { "tasksMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, tasks_max), 0 },
1081 { "memoryHigh", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_high), 0 },
1082 { "memoryMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_max), 0 },
1083 { "cpuWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, cpu_weight), 0 },
1084 { "ioWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, io_weight), 0 },
1085 { "mountNoDevices", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nodev), 0 },
1086 { "mountNoSuid", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nosuid), 0 },
1087 { "mountNoExecute", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, noexec), 0 },
1088 { "cifsDomain", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_domain), JSON_SAFE },
1089 { "cifsUserName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_user_name), JSON_SAFE },
1090 { "cifsService", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_service), JSON_SAFE },
1091 { "imagePath", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, image_path), 0 },
1092 { "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 },
1093 { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 },
1094 { "memberOf", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(UserRecord, member_of), JSON_RELAX},
1095 { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
1096 { "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 },
1097 { "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 },
1098 { "fileSystemUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, file_system_uuid), 0 },
1099 { "luksDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_discard), 0, },
1100 { "luksOfflineDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_offline_discard), 0, },
1101 { "luksCipher", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher), JSON_SAFE },
1102 { "luksCipherMode", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher_mode), JSON_SAFE },
1103 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_volume_key_size), 0 },
1104 { "luksPbkdfHashAlgorithm", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_hash_algorithm), JSON_SAFE },
1105 { "luksPbkdfType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_type), JSON_SAFE },
1106 { "luksPbkdfTimeCostUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_time_cost_usec), 0 },
1107 { "luksPbkdfMemoryCost", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_memory_cost), 0 },
1108 { "luksPbkdfParallelThreads", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_parallel_threads), 0 },
1109 { "rateLimitIntervalUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_interval_usec), 0 },
1110 { "rateLimitBurst", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_burst), 0 },
1111 { "enforcePasswordPolicy", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, enforce_password_policy), 0 },
1112 { "autoLogin", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, auto_login), 0 },
1113 { "stopDelayUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, stop_delay_usec), 0 },
1114 { "killProcesses", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, kill_processes), 0 },
1115 { "passwordChangeMinUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_min_usec), 0 },
1116 { "passwordChangeMaxUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_max_usec), 0 },
1117 { "passwordChangeWarnUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_warn_usec), 0 },
1118 { "passwordChangeInactiveUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_inactive_usec), 0 },
1119 { "passwordChangeNow", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, password_change_now), 0 },
1120 { "pkcs11TokenUri", JSON_VARIANT_ARRAY, dispatch_pkcs11_uri_array, offsetof(UserRecord, pkcs11_token_uri), 0 },
1121 { "fido2HmacCredential", JSON_VARIANT_ARRAY, dispatch_fido2_hmac_credential_array, 0, 0 },
71d0b9d4
LP		 1122 {},
1123 };
1124
1125 JsonVariant *e;
1126 int r;
1127
1128 if (!variant)
1129 return 0;
1130
1131 if (!json_variant_is_array(variant))
1132 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array.", strna(name));
1133
1134 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
1135 bool matching = false;
1136 JsonVariant *m;
1137
1138 if (!json_variant_is_object(e))
1139 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
1140
1141 m = json_variant_by_key(e, "matchMachineId");
1142 if (m) {
1143 r = per_machine_id_match(m, flags);
1144 if (r < 0)
1145 return r;
1146
1147 matching = r > 0;
1148 }
1149
1150 if (!matching) {
1151 m = json_variant_by_key(e, "matchHostname");
1152 if (m) {
1153 r = per_machine_hostname_match(m, flags);
1154 if (r < 0)
1155 return r;
1156
1157 matching = r > 0;
1158 }
1159 }
1160
1161 if (!matching)
1162 continue;
1163
1164 r = json_dispatch(e, per_machine_dispatch_table, NULL, flags, userdata);
1165 if (r < 0)
1166 return r;
1167 }
1168
1169 return 0;
1170}
1171
1172static int dispatch_status(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1173
1174 static const JsonDispatch status_dispatch_table[] = {
1175 { "diskUsage", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_usage), 0 },
1176 { "diskFree", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_free), 0 },
1177 { "diskSize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_size), 0 },
1178 { "diskCeiling", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_ceiling), 0 },
1179 { "diskFloor", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_floor), 0 },
1180 { "state", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, state), JSON_SAFE },
1181 { "service", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, service), JSON_SAFE },
1182 { "signedLocally", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, signed_locally), 0 },
1183 { "goodAuthenticationCounter", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, good_authentication_counter), 0 },
1184 { "badAuthenticationCounter", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, bad_authentication_counter), 0 },
1185 { "lastGoodAuthenticationUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_good_authentication_usec), 0 },
1186 { "lastBadAuthenticationUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_bad_authentication_usec), 0 },
1187 { "rateLimitBeginUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_begin_usec), 0 },
1188 { "rateLimitCount", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_count), 0 },
1189 { "removable", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, removable), 0 },
1190 {},
1191 };
1192
1193 char smid[SD_ID128_STRING_MAX];
1194 JsonVariant *m;
1195 sd_id128_t mid;
1196 int r;
1197
1198 if (!variant)
1199 return 0;
1200
1201 if (!json_variant_is_object(variant))
1202 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an object.", strna(name));
1203
1204 r = sd_id128_get_machine(&mid);
1205 if (r < 0)
1206 return json_log(variant, flags, r, "Failed to determine machine ID: %m");
1207
1208 m = json_variant_by_key(variant, sd_id128_to_string(mid, smid));
1209 if (!m)
1210 return 0;
1211
1212 return json_dispatch(m, status_dispatch_table, NULL, flags, userdata);
1213}
1214
a43eddbd
LP		 1215int user_record_build_image_path(UserStorage storage, const char *user_name_and_realm, char **ret) {
1216 const char *suffix;
1217 char *z;
1218
1219 assert(storage >= 0);
1220 assert(user_name_and_realm);
1221 assert(ret);
1222
1223 if (storage == USER_LUKS)
1224 suffix = ".home";
1225 else if (IN_SET(storage, USER_DIRECTORY, USER_SUBVOLUME, USER_FSCRYPT))
1226 suffix = ".homedir";
1227 else {
1228 *ret = NULL;
1229 return 0;
1230 }
1231
1232 z = strjoin("/home/", user_name_and_realm, suffix);
1233 if (!z)
1234 return -ENOMEM;
1235
1236 *ret = z;
1237 return 1;
1238}
1239
71d0b9d4 1240static int user_record_augment(UserRecord *h, JsonDispatchFlags json_flags) {
a43eddbd
LP		 1241 int r;
1242
71d0b9d4
LP		 1243 assert(h);
1244
1245 if (!FLAGS_SET(h->mask, USER_RECORD_REGULAR))
1246 return 0;
1247
1248 assert(h->user_name);
1249
1250 if (!h->user_name_and_realm_auto && h->realm) {
1251 h->user_name_and_realm_auto = strjoin(h->user_name, "@", h->realm);
1252 if (!h->user_name_and_realm_auto)
1253 return json_log_oom(h->json, json_flags);
1254 }
1255
162392b7 1256 /* Let's add in the following automatisms only for regular users, they don't make sense for any others */
71d0b9d4
LP		 1257 if (user_record_disposition(h) != USER_REGULAR)
1258 return 0;
1259
1260 if (!h->home_directory && !h->home_directory_auto) {
1261 h->home_directory_auto = path_join("/home/", h->user_name);
1262 if (!h->home_directory_auto)
1263 return json_log_oom(h->json, json_flags);
1264 }
1265
1266 if (!h->image_path && !h->image_path_auto) {
a43eddbd
LP		 1267 r = user_record_build_image_path(user_record_storage(h), user_record_user_name_and_realm(h), &h->image_path_auto);
1268 if (r < 0)
1269 return json_log(h->json, json_flags, r, "Failed to determine default image path: %m");
71d0b9d4
LP		 1270 }
1271
1272 return 0;
1273}
1274
1275int user_group_record_mangle(
1276 JsonVariant *v,
1277 UserRecordLoadFlags load_flags,
1278 JsonVariant **ret_variant,
1279 UserRecordMask *ret_mask) {
1280
1281 static const struct {
1282 UserRecordMask mask;
1283 const char *name;
1284 } mask_field[] = {
1285 { USER_RECORD_PRIVILEGED, "privileged" },
1286 { USER_RECORD_SECRET, "secret" },
1287 { USER_RECORD_BINDING, "binding" },
1288 { USER_RECORD_PER_MACHINE, "perMachine" },
1289 { USER_RECORD_STATUS, "status" },
1290 { USER_RECORD_SIGNATURE, "signature" },
1291 };
1292
1293 JsonDispatchFlags json_flags = USER_RECORD_LOAD_FLAGS_TO_JSON_DISPATCH_FLAGS(load_flags);
1294 _cleanup_(json_variant_unrefp) JsonVariant *w = NULL;
1295 JsonVariant *array[ELEMENTSOF(mask_field) * 2];
1296 size_t n_retain = 0, i;
1297 UserRecordMask m = 0;
1298 int r;
1299
1300 assert((load_flags & _USER_RECORD_MASK_MAX) == 0); /* detect mistakes when accidentally passing
1301 * UserRecordMask bit masks as UserRecordLoadFlags
1302 * value */
1303
1304 assert(v);
1305 assert(ret_variant);
1306 assert(ret_mask);
1307
1308 /* Note that this function is shared with the group record parser, hence we try to be generic in our
1309 * log message wording here, to cover both cases. */
1310
1311 if (!json_variant_is_object(v))
1312 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record is not a JSON object, refusing.");
1313
1314 if (USER_RECORD_ALLOW_MASK(load_flags) == 0) /* allow nothing? */
1315 return json_log(v, json_flags, SYNTHETIC_ERRNO(EINVAL), "Nothing allowed in record, refusing.");
1316
1317 if (USER_RECORD_STRIP_MASK(load_flags) == _USER_RECORD_MASK_MAX) /* strip everything? */
1318 return json_log(v, json_flags, SYNTHETIC_ERRNO(EINVAL), "Stripping everything from record, refusing.");
1319
1320 /* Check if we have the special sections and if they match our flags set */
1321 for (i = 0; i < ELEMENTSOF(mask_field); i++) {
1322 JsonVariant *e, *k;
1323
1324 if (FLAGS_SET(USER_RECORD_STRIP_MASK(load_flags), mask_field[i].mask)) {
1325 if (!w)
1326 w = json_variant_ref(v);
1327
1328 r = json_variant_filter(&w, STRV_MAKE(mask_field[i].name));
1329 if (r < 0)
1330 return json_log(w, json_flags, r, "Failed to remove field from variant: %m");
1331
1332 continue;
1333 }
1334
1335 e = json_variant_by_key_full(v, mask_field[i].name, &k);
1336 if (e) {
1337 if (!FLAGS_SET(USER_RECORD_ALLOW_MASK(load_flags), mask_field[i].mask))
1338 return json_log(e, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record contains '%s' field, which is not allowed.", mask_field[i].name);
1339
1340 if (FLAGS_SET(load_flags, USER_RECORD_STRIP_REGULAR)) {
1341 array[n_retain++] = k;
1342 array[n_retain++] = e;
1343 }
1344
1345 m |= mask_field[i].mask;
1346 } else {
1347 if (FLAGS_SET(USER_RECORD_REQUIRE_MASK(load_flags), mask_field[i].mask))
1348 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record lacks '%s' field, which is required.", mask_field[i].name);
1349 }
1350 }
1351
1352 if (FLAGS_SET(load_flags, USER_RECORD_STRIP_REGULAR)) {
1353 /* If we are supposed to strip regular items, then let's instead just allocate a new object
1354 * with just the stuff we need. */
1355
1356 w = json_variant_unref(w);
1357 r = json_variant_new_object(&w, array, n_retain);
1358 if (r < 0)
1359 return json_log(v, json_flags, r, "Failed to allocate new object: %m");
1360 } else {
1361 /* And now check if there's anything else in the record */
1362 for (i = 0; i < json_variant_elements(v); i += 2) {
1363 const char *f;
1364 bool special = false;
1365 size_t j;
1366
1367 assert_se(f = json_variant_string(json_variant_by_index(v, i)));
1368
1369 for (j = 0; j < ELEMENTSOF(mask_field); j++)
1370 if (streq(f, mask_field[j].name)) { /* already covered in the loop above */
1371 special = true;
1372 continue;
1373 }
1374
1375 if (!special) {
1376 if ((load_flags & (USER_RECORD_ALLOW_REGULAR|USER_RECORD_REQUIRE_REGULAR)) == 0)
1377 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record contains '%s' field, which is not allowed.", f);
1378
1379 m |= USER_RECORD_REGULAR;
1380 break;
1381 }
1382 }
1383 }
1384
1385 if (FLAGS_SET(load_flags, USER_RECORD_REQUIRE_REGULAR) && !FLAGS_SET(m, USER_RECORD_REGULAR))
1386 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record lacks basic identity fields, which are required.");
1387
1388 if (m == 0)
1389 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record is empty.");
1390
1391 if (w)
1392 *ret_variant = TAKE_PTR(w);
1393 else
1394 *ret_variant = json_variant_ref(v);
1395
1396 *ret_mask = m;
1397 return 0;
1398}
1399
1400int user_record_load(UserRecord *h, JsonVariant *v, UserRecordLoadFlags load_flags) {
1401
1402 static const JsonDispatch user_dispatch_table[] = {
5e4fa456
LP		 1403 { "userName", JSON_VARIANT_STRING, json_dispatch_user_group_name, offsetof(UserRecord, user_name), JSON_RELAX},
1404 { "realm", JSON_VARIANT_STRING, json_dispatch_realm, offsetof(UserRecord, realm), 0 },
1405 { "realName", JSON_VARIANT_STRING, json_dispatch_gecos, offsetof(UserRecord, real_name), 0 },
1406 { "emailAddress", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, email_address), JSON_SAFE },
1407 { "iconName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, icon_name), JSON_SAFE },
1408 { "location", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, location), 0 },
1409 { "disposition", JSON_VARIANT_STRING, json_dispatch_user_disposition, offsetof(UserRecord, disposition), 0 },
1410 { "lastChangeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_change_usec), 0 },
1411 { "lastPasswordChangeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_password_change_usec), 0 },
1412 { "shell", JSON_VARIANT_STRING, json_dispatch_filename_or_path, offsetof(UserRecord, shell), 0 },
1413 { "umask", JSON_VARIANT_UNSIGNED, json_dispatch_umask, offsetof(UserRecord, umask), 0 },
1414 { "environment", JSON_VARIANT_ARRAY, json_dispatch_environment, offsetof(UserRecord, environment), 0 },
1415 { "timeZone", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, time_zone), JSON_SAFE },
1416 { "preferredLanguage", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, preferred_language), JSON_SAFE },
1417 { "niceLevel", _JSON_VARIANT_TYPE_INVALID, json_dispatch_nice, offsetof(UserRecord, nice_level), 0 },
1418 { "resourceLimits", _JSON_VARIANT_TYPE_INVALID, json_dispatch_rlimits, offsetof(UserRecord, rlimits), 0 },
1419 { "locked", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, locked), 0 },
1420 { "notBeforeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_before_usec), 0 },
1421 { "notAfterUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_after_usec), 0 },
1422 { "storage", JSON_VARIANT_STRING, json_dispatch_storage, offsetof(UserRecord, storage), 0 },
1423 { "diskSize", JSON_VARIANT_UNSIGNED, json_dispatch_disk_size, offsetof(UserRecord, disk_size), 0 },
1424 { "diskSizeRelative", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_size_relative), 0 },
1425 { "skeletonDirectory", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, skeleton_directory), 0 },
1426 { "accessMode", JSON_VARIANT_UNSIGNED, json_dispatch_access_mode, offsetof(UserRecord, access_mode), 0 },
1427 { "tasksMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, tasks_max), 0 },
1428 { "memoryHigh", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_high), 0 },
1429 { "memoryMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_max), 0 },
1430 { "cpuWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, cpu_weight), 0 },
1431 { "ioWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, io_weight), 0 },
1432 { "mountNoDevices", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nodev), 0 },
1433 { "mountNoSuid", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nosuid), 0 },
1434 { "mountNoExecute", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, noexec), 0 },
1435 { "cifsDomain", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_domain), JSON_SAFE },
1436 { "cifsUserName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_user_name), JSON_SAFE },
1437 { "cifsService", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_service), JSON_SAFE },
1438 { "imagePath", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, image_path), 0 },
1439 { "homeDirectory", JSON_VARIANT_STRING, json_dispatch_home_directory, offsetof(UserRecord, home_directory), 0 },
1440 { "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 },
1441 { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 },
1442 { "memberOf", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(UserRecord, member_of), JSON_RELAX},
1443 { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
1444 { "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 },
1445 { "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 },
1446 { "fileSystemUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, file_system_uuid), 0 },
1447 { "luksDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_discard), 0 },
5e86c82a 1448 { "luksOfflineDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_offline_discard), 0 },
5e4fa456
LP		 1449 { "luksCipher", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher), JSON_SAFE },
1450 { "luksCipherMode", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher_mode), JSON_SAFE },
1451 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_volume_key_size), 0 },
1452 { "luksPbkdfHashAlgorithm", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_hash_algorithm), JSON_SAFE },
1453 { "luksPbkdfType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_type), JSON_SAFE },
1454 { "luksPbkdfTimeCostUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_time_cost_usec), 0 },
1455 { "luksPbkdfMemoryCost", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_memory_cost), 0 },
1456 { "luksPbkdfParallelThreads", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_parallel_threads), 0 },
1457 { "service", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, service), JSON_SAFE },
1458 { "rateLimitIntervalUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_interval_usec), 0 },
1459 { "rateLimitBurst", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_burst), 0 },
1460 { "enforcePasswordPolicy", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, enforce_password_policy), 0 },
1461 { "autoLogin", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, auto_login), 0 },
1462 { "stopDelayUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, stop_delay_usec), 0 },
1463 { "killProcesses", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, kill_processes), 0 },
1464 { "passwordChangeMinUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_min_usec), 0 },
1465 { "passwordChangeMaxUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_max_usec), 0 },
1466 { "passwordChangeWarnUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_warn_usec), 0 },
1467 { "passwordChangeInactiveUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_inactive_usec), 0 },
1468 { "passwordChangeNow", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, password_change_now), 0 },
1469 { "pkcs11TokenUri", JSON_VARIANT_ARRAY, dispatch_pkcs11_uri_array, offsetof(UserRecord, pkcs11_token_uri), 0 },
1470 { "fido2HmacCredential", JSON_VARIANT_ARRAY, dispatch_fido2_hmac_credential_array, 0, 0 },
1471
1472 { "secret", JSON_VARIANT_OBJECT, dispatch_secret, 0, 0 },
1473 { "privileged", JSON_VARIANT_OBJECT, dispatch_privileged, 0, 0 },
71d0b9d4
LP		 1474
1475 /* Ignore the perMachine, binding, status stuff here, and process it later, so that it overrides whatever is set above */
5e4fa456
LP		 1476 { "perMachine", JSON_VARIANT_ARRAY, NULL, 0, 0 },
1477 { "binding", JSON_VARIANT_OBJECT, NULL, 0, 0 },
1478 { "status", JSON_VARIANT_OBJECT, NULL, 0, 0 },
71d0b9d4
LP		 1479
1480 /* Ignore 'signature', we check it with explicit accessors instead */
5e4fa456 1481 { "signature", JSON_VARIANT_ARRAY, NULL, 0, 0 },
71d0b9d4
LP		 1482 {},
1483 };
1484
1485 JsonDispatchFlags json_flags = USER_RECORD_LOAD_FLAGS_TO_JSON_DISPATCH_FLAGS(load_flags);
1486 int r;
1487
1488 assert(h);
1489 assert(!h->json);
1490
1491 /* Note that this call will leave a half-initialized record around on failure! */
1492
1493 r = user_group_record_mangle(v, load_flags, &h->json, &h->mask);
1494 if (r < 0)
1495 return r;
1496
1497 r = json_dispatch(h->json, user_dispatch_table, NULL, json_flags, h);
1498 if (r < 0)
1499 return r;
1500
1501 /* During the parsing operation above we ignored the 'perMachine', 'binding' and 'status' fields,
1502 * since we want them to override the global options. Let's process them now. */
1503
1504 r = dispatch_per_machine("perMachine", json_variant_by_key(h->json, "perMachine"), json_flags, h);
1505 if (r < 0)
1506 return r;
1507
1508 r = dispatch_binding("binding", json_variant_by_key(h->json, "binding"), json_flags, h);
1509 if (r < 0)
1510 return r;
1511
1512 r = dispatch_status("status", json_variant_by_key(h->json, "status"), json_flags, h);
1513 if (r < 0)
1514 return r;
1515
1516 if (FLAGS_SET(h->mask, USER_RECORD_REGULAR) && !h->user_name)
1517 return json_log(h->json, json_flags, SYNTHETIC_ERRNO(EINVAL), "User name field missing, refusing.");
1518
1519 r = user_record_augment(h, json_flags);
1520 if (r < 0)
1521 return r;
1522
1523 return 0;
1524}
1525
1526int user_record_build(UserRecord **ret, ...) {
1527 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1528 _cleanup_(user_record_unrefp) UserRecord *u = NULL;
1529 va_list ap;
1530 int r;
1531
1532 assert(ret);
1533
1534 va_start(ap, ret);
1535 r = json_buildv(&v, ap);
1536 va_end(ap);
1537
1538 if (r < 0)
1539 return r;
1540
1541 u = user_record_new();
1542 if (!u)
1543 return -ENOMEM;
1544
1545 r = user_record_load(u, v, USER_RECORD_LOAD_FULL);
1546 if (r < 0)
1547 return r;
1548
1549 *ret = TAKE_PTR(u);
1550 return 0;
1551}
1552
1553const char *user_record_user_name_and_realm(UserRecord *h) {
1554 assert(h);
1555
1556 /* Return the pre-initialized joined string if it is defined */
1557 if (h->user_name_and_realm_auto)
1558 return h->user_name_and_realm_auto;
1559
1560 /* If it's not defined then we cannot have a realm */
1561 assert(!h->realm);
1562 return h->user_name;
1563}
1564
1565UserStorage user_record_storage(UserRecord *h) {
1566 assert(h);
1567
1568 if (h->storage >= 0)
1569 return h->storage;
1570
1571 return USER_CLASSIC;
1572}
1573
1574const char *user_record_file_system_type(UserRecord *h) {
1575 assert(h);
1576
1577 return h->file_system_type ?: "ext4";
1578}
1579
1580const char *user_record_skeleton_directory(UserRecord *h) {
1581 assert(h);
1582
1583 return h->skeleton_directory ?: "/etc/skel";
1584}
1585
1586mode_t user_record_access_mode(UserRecord *h) {
1587 assert(h);
1588
1589 return h->access_mode != (mode_t) -1 ? h->access_mode : 0700;
1590}
1591
1592const char* user_record_home_directory(UserRecord *h) {
1593 assert(h);
1594
1595 if (h->home_directory)
1596 return h->home_directory;
1597 if (h->home_directory_auto)
1598 return h->home_directory_auto;
1599
1600 /* The root user is special, hence be special about it */
1601 if (streq_ptr(h->user_name, "root"))
1602 return "/root";
1603
1604 return "/";
1605}
1606
1607const char *user_record_image_path(UserRecord *h) {
1608 assert(h);
1609
1610 if (h->image_path)
1611 return h->image_path;
1612 if (h->image_path_auto)
1613 return h->image_path_auto;
1614
1615 return IN_SET(user_record_storage(h), USER_CLASSIC, USER_DIRECTORY, USER_SUBVOLUME, USER_FSCRYPT) ? user_record_home_directory(h) : NULL;
1616}
1617
1618const char *user_record_cifs_user_name(UserRecord *h) {
1619 assert(h);
1620
1621 return h->cifs_user_name ?: h->user_name;
1622}
1623
1624unsigned long user_record_mount_flags(UserRecord *h) {
1625 assert(h);
1626
1627 return (h->nosuid ? MS_NOSUID : 0) |
1628 (h->noexec ? MS_NOEXEC : 0) |
1629 (h->nodev ? MS_NODEV : 0);
1630}
1631
1632const char *user_record_shell(UserRecord *h) {
1633 assert(h);
1634
1635 if (h->shell)
1636 return h->shell;
1637
1638 if (streq_ptr(h->user_name, "root"))
1639 return "/bin/sh";
1640
1641 if (user_record_disposition(h) == USER_REGULAR)
1642 return "/bin/bash";
1643
1644 return NOLOGIN;
1645}
1646
1647const char *user_record_real_name(UserRecord *h) {
1648 assert(h);
1649
1650 return h->real_name ?: h->user_name;
1651}
1652
1653bool user_record_luks_discard(UserRecord *h) {
1654 const char *ip;
1655
1656 assert(h);
1657
1658 if (h->luks_discard >= 0)
1659 return h->luks_discard;
1660
1661 ip = user_record_image_path(h);
1662 if (!ip)
1663 return false;
1664
1665 /* Use discard by default if we are referring to a real block device, but not when operating on a
1666 * loopback device. We want to optimize for SSD and flash storage after all, but we should be careful
1667 * when storing stuff on top of regular file systems in loopback files as doing discard then would
1668 * mean thin provisioning and we should not do that willy-nilly since it means we'll risk EIO later
1669 * on should the disk space to back our file systems not be available. */
1670
1671 return path_startswith(ip, "/dev/");
1672}
1673
5e86c82a
LP		 1674bool user_record_luks_offline_discard(UserRecord *h) {
1675 const char *ip;
1676
1677 assert(h);
1678
1679 if (h->luks_offline_discard >= 0)
1680 return h->luks_offline_discard;
1681
1682 /* Discard while we are logged out should generally be a good idea, except when operating directly on
1683 * physical media, where we should just bind it to the online discard mode. */
1684
1685 ip = user_record_image_path(h);
1686 if (!ip)
1687 return false;
1688
1689 if (path_startswith(ip, "/dev/"))
1690 return user_record_luks_discard(h);
1691
1692 return true;
1693}
1694
71d0b9d4
LP		 1695const char *user_record_luks_cipher(UserRecord *h) {
1696 assert(h);
1697
1698 return h->luks_cipher ?: "aes";
1699}
1700
1701const char *user_record_luks_cipher_mode(UserRecord *h) {
1702 assert(h);
1703
1704 return h->luks_cipher_mode ?: "xts-plain64";
1705}
1706
1707uint64_t user_record_luks_volume_key_size(UserRecord *h) {
1708 assert(h);
1709
1710 /* We return a value here that can be cast without loss into size_t which is what libcrypsetup expects */
1711
1712 if (h->luks_volume_key_size == UINT64_MAX)
1713 return 256 / 8;
1714
1715 return MIN(h->luks_volume_key_size, SIZE_MAX);
1716}
1717
1718const char* user_record_luks_pbkdf_type(UserRecord *h) {
1719 assert(h);
1720
1721 return h->luks_pbkdf_type ?: "argon2i";
1722}
1723
1724uint64_t user_record_luks_pbkdf_time_cost_usec(UserRecord *h) {
1725 assert(h);
1726
1727 /* Returns a value with ms granularity, since that's what libcryptsetup expects */
1728
1729 if (h->luks_pbkdf_time_cost_usec == UINT64_MAX)
1730 return 500 * USEC_PER_MSEC; /* We default to 500ms, in contrast to libcryptsetup's 2s, which is just awfully slow on every login */
1731
1732 return MIN(DIV_ROUND_UP(h->luks_pbkdf_time_cost_usec, USEC_PER_MSEC), UINT32_MAX) * USEC_PER_MSEC;
1733}
1734
1735uint64_t user_record_luks_pbkdf_memory_cost(UserRecord *h) {
1736 assert(h);
1737
1738 /* Returns a value with kb granularity, since that's what libcryptsetup expects */
1739
1740 if (h->luks_pbkdf_memory_cost == UINT64_MAX)
1741 return 64*1024*1024; /* We default to 64M, since this should work on smaller systems too */
1742
1743 return MIN(DIV_ROUND_UP(h->luks_pbkdf_memory_cost, 1024), UINT32_MAX) * 1024;
1744}
1745
1746uint64_t user_record_luks_pbkdf_parallel_threads(UserRecord *h) {
1747 assert(h);
1748
1749 if (h->luks_pbkdf_memory_cost == UINT64_MAX)
1750 return 1; /* We default to 1, since this should work on smaller systems too */
1751
1752 return MIN(h->luks_pbkdf_parallel_threads, UINT32_MAX);
1753}
1754
1755const char *user_record_luks_pbkdf_hash_algorithm(UserRecord *h) {
1756 assert(h);
1757
1758 return h->luks_pbkdf_hash_algorithm ?: "sha512";
1759}
1760
1761gid_t user_record_gid(UserRecord *h) {
1762 assert(h);
1763
1764 if (gid_is_valid(h->gid))
1765 return h->gid;
1766
1767 return (gid_t) h->uid;
1768}
1769
1770UserDisposition user_record_disposition(UserRecord *h) {
1771 assert(h);
1772
1773 if (h->disposition >= 0)
1774 return h->disposition;
1775
1776 /* If not declared, derive from UID */
1777
1778 if (!uid_is_valid(h->uid))
1779 return _USER_DISPOSITION_INVALID;
1780
1781 if (h->uid == 0 || h->uid == UID_NOBODY)
1782 return USER_INTRINSIC;
1783
1784 if (uid_is_system(h->uid))
1785 return USER_SYSTEM;
1786
1787 if (uid_is_dynamic(h->uid))
1788 return USER_DYNAMIC;
1789
1790 if (uid_is_container(h->uid))
1791 return USER_CONTAINER;
1792
1793 if (h->uid > INT32_MAX)
1794 return USER_RESERVED;
1795
1796 return USER_REGULAR;
1797}
1798
1799int user_record_removable(UserRecord *h) {
1800 UserStorage storage;
1801 assert(h);
1802
1803 if (h->removable >= 0)
1804 return h->removable;
1805
1806 /* Refuse to decide for classic records */
1807 storage = user_record_storage(h);
1808 if (h->storage < 0 || h->storage == USER_CLASSIC)
1809 return -1;
1810
1811 /* For now consider only LUKS home directories with a reference by path as removable */
1812 return storage == USER_LUKS && path_startswith(user_record_image_path(h), "/dev/");
1813}
1814
1815uint64_t user_record_ratelimit_interval_usec(UserRecord *h) {
1816 assert(h);
1817
1818 if (h->ratelimit_interval_usec == UINT64_MAX)
1819 return DEFAULT_RATELIMIT_INTERVAL_USEC;
1820
1821 return h->ratelimit_interval_usec;
1822}
1823
1824uint64_t user_record_ratelimit_burst(UserRecord *h) {
1825 assert(h);
1826
1827 if (h->ratelimit_burst == UINT64_MAX)
1828 return DEFAULT_RATELIMIT_BURST;
1829
1830 return h->ratelimit_burst;
1831}
1832
1833bool user_record_can_authenticate(UserRecord *h) {
1834 assert(h);
1835
1836 /* Returns true if there's some form of property configured that the user can authenticate against */
1837
1838 if (h->n_pkcs11_encrypted_key > 0)
1839 return true;
1840
5e4fa456
LP		 1841 if (h->n_fido2_hmac_salt > 0)
1842 return true;
1843
71d0b9d4
LP		 1844 return !strv_isempty(h->hashed_password);
1845}
1846
1847uint64_t user_record_ratelimit_next_try(UserRecord *h) {
1848 assert(h);
1849
1850 /* Calculates when the it's possible to login next. Returns:
1851 *
1852 * UINT64_MAX → Nothing known
1853 * 0 → Right away
1854 * Any other → Next time in CLOCK_REALTIME in usec (which could be in the past)
1855 */
1856
1857 if (h->ratelimit_begin_usec == UINT64_MAX ||
1858 h->ratelimit_count == UINT64_MAX)
1859 return UINT64_MAX;
1860
1861 if (h->ratelimit_count < user_record_ratelimit_burst(h))
1862 return 0;
1863
1864 return usec_add(h->ratelimit_begin_usec, user_record_ratelimit_interval_usec(h));
1865}
1866
1867bool user_record_equal(UserRecord *a, UserRecord *b) {
1868 assert(a);
1869 assert(b);
1870
1871 /* We assume that when a record is modified its JSON data is updated at the same time, hence it's
1872 * sufficient to compare the JSON data. */
1873
1874 return json_variant_equal(a->json, b->json);
1875}
1876
1877bool user_record_compatible(UserRecord *a, UserRecord *b) {
1878 assert(a);
1879 assert(b);
1880
1881 /* If either lacks a the regular section, we can't really decide, let's hence say they are
1882 * incompatible. */
1883 if (!(a->mask & b->mask & USER_RECORD_REGULAR))
1884 return false;
1885
1886 return streq_ptr(a->user_name, b->user_name) &&
1887 streq_ptr(a->realm, b->realm);
1888}
1889
1890int user_record_compare_last_change(UserRecord *a, UserRecord *b) {
1891 assert(a);
1892 assert(b);
1893
1894 if (a->last_change_usec == b->last_change_usec)
1895 return 0;
1896
1897 /* Always consider a record with a timestamp newer than one without */
1898 if (a->last_change_usec == UINT64_MAX)
1899 return -1;
1900 if (b->last_change_usec == UINT64_MAX)
1901 return 1;
1902
1903 return CMP(a->last_change_usec, b->last_change_usec);
1904}
1905
1906int user_record_clone(UserRecord *h, UserRecordLoadFlags flags, UserRecord **ret) {
1907 _cleanup_(user_record_unrefp) UserRecord *c = NULL;
1908 int r;
1909
1910 assert(h);
1911 assert(ret);
1912
1913 c = user_record_new();
1914 if (!c)
1915 return -ENOMEM;
1916
1917 r = user_record_load(c, h->json, flags);
1918 if (r < 0)
1919 return r;
1920
1921 *ret = TAKE_PTR(c);
1922 return 0;
1923}
1924
1925int user_record_masked_equal(UserRecord *a, UserRecord *b, UserRecordMask mask) {
1926 _cleanup_(user_record_unrefp) UserRecord *x = NULL, *y = NULL;
1927 int r;
1928
1929 assert(a);
1930 assert(b);
1931
1932 /* Compares the two records, but ignores anything not listed in the specified mask */
1933
1934 if ((a->mask & ~mask) != 0) {
1935 r = user_record_clone(a, USER_RECORD_ALLOW(mask) | USER_RECORD_STRIP(~mask & _USER_RECORD_MASK_MAX), &x);
1936 if (r < 0)
1937 return r;
1938
1939 a = x;
1940 }
1941
1942 if ((b->mask & ~mask) != 0) {
1943 r = user_record_clone(b, USER_RECORD_ALLOW(mask) | USER_RECORD_STRIP(~mask & _USER_RECORD_MASK_MAX), &y);
1944 if (r < 0)
1945 return r;
1946
1947 b = y;
1948 }
1949
1950 return user_record_equal(a, b);
1951}
1952
1953int user_record_test_blocked(UserRecord *h) {
1954 usec_t n;
1955
1956 /* Checks whether access to the specified user shall be allowed at the moment. Returns:
1957 *
1958 * -ESTALE: Record is from the future
1959 * -ENOLCK: Record is blocked
1960 * -EL2HLT: Record is not valid yet
1961 * -EL3HLT: Record is not valid anymore
1962 *
1963 */
1964
1965 assert(h);
1966
1967 n = now(CLOCK_REALTIME);
1968 if (h->last_change_usec != UINT64_MAX &&
1969 h->last_change_usec > n) /* Don't allow log ins when the record is from the future */
1970 return -ESTALE;
1971
1972 if (h->locked > 0)
1973 return -ENOLCK;
1974
1975 if (h->not_before_usec != UINT64_MAX && n < h->not_before_usec)
1976 return -EL2HLT;
1977 if (h->not_after_usec != UINT64_MAX && n > h->not_after_usec)
1978 return -EL3HLT;
1979
1980 return 0;
1981}
1982
1983int user_record_test_password_change_required(UserRecord *h) {
1984 bool change_permitted;
1985 usec_t n;
1986
1987 assert(h);
1988
1989 /* Checks whether the user must change the password when logging in
1990
1991 -EKEYREVOKED: Change password now because admin said so
1992 -EOWNERDEAD: Change password now because it expired
1993 -EKEYREJECTED: Password is expired, no changing is allowed
1994 -EKEYEXPIRED: Password is about to expire, warn user
1995 -ENETDOWN: Record has expiration info but no password change timestamp
1996 -EROFS: No password change required nor permitted
1997 0: No password change required, but permitted
1998 */
1999
162392b7 2000 /* If a password change request has been set explicitly, it overrides everything */
71d0b9d4
LP		 2001 if (h->password_change_now > 0)
2002 return -EKEYREVOKED;
2003
2004 n = now(CLOCK_REALTIME);
2005
2006 /* Then, let's check if password changing is currently allowed at all */
2007 if (h->password_change_min_usec != UINT64_MAX) {
2008
2009 /* Expiry configured but no password change timestamp known? */
2010 if (h->last_password_change_usec == UINT64_MAX)
2011 return -ENETDOWN;
2012
2013 if (h->password_change_min_usec >= UINT64_MAX - h->last_password_change_usec)
2014 change_permitted = false;
2015 else
2016 change_permitted = n >= h->last_password_change_usec + h->password_change_min_usec;
2017
2018 } else
2019 change_permitted = true;
2020
2021 /* Let's check whether the password has expired. */
2022 if (!(h->password_change_max_usec == UINT64_MAX ||
2023 h->password_change_max_usec >= UINT64_MAX - h->last_password_change_usec)) {
2024
2025 uint64_t change_before;
2026
2027 /* Expiry configured but no password change timestamp known? */
2028 if (h->last_password_change_usec == UINT64_MAX)
2029 return -ENETDOWN;
2030
2031 /* Password is in inactive phase? */
2032 if (h->password_change_inactive_usec != UINT64_MAX &&
2033 h->password_change_inactive_usec < UINT64_MAX - h->password_change_max_usec) {
2034 usec_t added;
2035
2036 added = h->password_change_inactive_usec + h->password_change_max_usec;
2037 if (added < UINT64_MAX - h->last_password_change_usec &&
2038 n >= h->last_password_change_usec + added)
2039 return -EKEYREJECTED;
2040 }
2041
2042 /* Password needs to be changed now? */
2043 change_before = h->last_password_change_usec + h->password_change_max_usec;
2044 if (n >= change_before)
2045 return change_permitted ? -EOWNERDEAD : -EKEYREJECTED;
2046
2047 /* Warn user? */
2048 if (h->password_change_warn_usec != UINT64_MAX &&
2049 (change_before < h->password_change_warn_usec ||
2050 n >= change_before - h->password_change_warn_usec))
2051 return change_permitted ? -EKEYEXPIRED : -EROFS;
2052 }
2053
2054 /* No password changing necessary */
2055 return change_permitted ? 0 : -EROFS;
2056}
2057
2058static const char* const user_storage_table[_USER_STORAGE_MAX] = {
2059 [USER_CLASSIC] = "classic",
2060 [USER_LUKS] = "luks",
2061 [USER_DIRECTORY] = "directory",
2062 [USER_SUBVOLUME] = "subvolume",
2063 [USER_FSCRYPT] = "fscrypt",
2064 [USER_CIFS] = "cifs",
2065};
2066
2067DEFINE_STRING_TABLE_LOOKUP(user_storage, UserStorage);
2068
2069static const char* const user_disposition_table[_USER_DISPOSITION_MAX] = {
2070 [USER_INTRINSIC] = "intrinsic",
2071 [USER_SYSTEM] = "system",
2072 [USER_DYNAMIC] = "dynamic",
2073 [USER_REGULAR] = "regular",
2074 [USER_CONTAINER] = "container",
2075 [USER_RESERVED] = "reserved",
2076};
2077
2078DEFINE_STRING_TABLE_LOOKUP(user_disposition, UserDisposition);
Unnamed repository; edit this file 'description' to name the repository.