src/core/core-varlink.c

   1 /* SPDX-License-Identifier: LGPL-2.1+ */
   2
   3 #include "core-varlink.h"
   4 #include "mkdir.h"
   5 #include "user-util.h"
   6 #include "varlink.h"
   7
   8 typedef struct LookupParameters {
   9         const char *user_name;
  10         const char *group_name;
  11         union {
  12                 uid_t uid;
  13                 gid_t gid;
  14         };
  15         const char *service;
  16 } LookupParameters;
  17
  18 static int build_user_json(const char *user_name, uid_t uid, JsonVariant **ret) {
  19         assert(user_name);
  20         assert(uid_is_valid(uid));
  21         assert(ret);
  22
  23         return json_build(ret, JSON_BUILD_OBJECT(
  24                                           JSON_BUILD_PAIR("record", JSON_BUILD_OBJECT(
  25                                                                           JSON_BUILD_PAIR("userName", JSON_BUILD_STRING(user_name)),
  26                                                                           JSON_BUILD_PAIR("uid", JSON_BUILD_UNSIGNED(uid)),
  27                                                                           JSON_BUILD_PAIR("gid", JSON_BUILD_UNSIGNED(uid)),
  28                                                                           JSON_BUILD_PAIR("realName", JSON_BUILD_STRING("Dynamic User")),
  29                                                                           JSON_BUILD_PAIR("homeDirectory", JSON_BUILD_STRING("/")),
  30                                                                           JSON_BUILD_PAIR("shell", JSON_BUILD_STRING(NOLOGIN)),
  31                                                                           JSON_BUILD_PAIR("locked", JSON_BUILD_BOOLEAN(true)),
  32                                                                           JSON_BUILD_PAIR("service", JSON_BUILD_STRING("io.systemd.DynamicUser")),
  33                                                                           JSON_BUILD_PAIR("disposition", JSON_BUILD_STRING("dynamic"))))));
  34 }
  35
  36 static bool user_match_lookup_parameters(LookupParameters *p, const char *name, uid_t uid) {
  37         assert(p);
  38
  39         if (p->user_name && !streq(name, p->user_name))
  40                 return false;
  41
  42         if (uid_is_valid(p->uid) && uid != p->uid)
  43                 return false;
  44
  45         return true;
  46 }
  47
  48 static int vl_method_get_user_record(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
  49
  50         static const JsonDispatch dispatch_table[] = {
  51                 { "uid",      JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid,      offsetof(LookupParameters, uid),       0         },
  52                 { "userName", JSON_VARIANT_STRING,   json_dispatch_const_string, offsetof(LookupParameters, user_name), JSON_SAFE },
  53                 { "service",  JSON_VARIANT_STRING,   json_dispatch_const_string, offsetof(LookupParameters, service),   0         },
  54                 {}
  55         };
  56
  57         _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
  58         LookupParameters p = {
  59                 .uid = UID_INVALID,
  60         };
  61         _cleanup_free_ char *found_name = NULL;
  62         uid_t found_uid = UID_INVALID, uid;
  63         Manager *m = userdata;
  64         const char *un;
  65         int r;
  66
  67         assert(parameters);
  68         assert(m);
  69
  70         r = json_dispatch(parameters, dispatch_table, NULL, 0, &p);
  71         if (r < 0)
  72                 return r;
  73
  74         if (!streq_ptr(p.service, "io.systemd.DynamicUser"))
  75                 return varlink_error(link, "io.systemd.UserDatabase.BadService", NULL);
  76
  77         if (uid_is_valid(p.uid))
  78                 r = dynamic_user_lookup_uid(m, p.uid, &found_name);
  79         else if (p.user_name)
  80                 r = dynamic_user_lookup_name(m, p.user_name, &found_uid);
  81         else {
  82                 Iterator i;
  83                 DynamicUser *d;
  84
  85                 HASHMAP_FOREACH(d, m->dynamic_users, i) {
  86                         r = dynamic_user_current(d, &uid);
  87                         if (r == -EAGAIN) /* not realized yet? */
  88                                 continue;
  89                         if (r < 0)
  90                                 return r;
  91
  92                         if (!user_match_lookup_parameters(&p, d->name, uid))
  93                                 continue;
  94
  95                         if (v) {
  96                                 r = varlink_notify(link, v);
  97                                 if (r < 0)
  98                                         return r;
  99
 100                                 v = json_variant_unref(v);
 101                         }
 102
 103                         r = build_user_json(d->name, uid, &v);
 104                         if (r < 0)
 105                                 return r;
 106                 }
 107
 108                 if (!v)
 109                         return varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL);
 110
 111                 return varlink_reply(link, v);
 112         }
 113         if (r == -ESRCH)
 114                 return varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL);
 115         if (r < 0)
 116                 return r;
 117
 118         uid = uid_is_valid(found_uid) ? found_uid : p.uid;
 119         un = found_name ?: p.user_name;
 120
 121         if (!user_match_lookup_parameters(&p, un, uid))
 122                 return varlink_error(link, "io.systemd.UserDatabase.ConflictingRecordFound", NULL);
 123
 124         r = build_user_json(un, uid, &v);
 125         if (r < 0)
 126                 return r;
 127
 128         return varlink_reply(link, v);
 129 }
 130
 131 static int build_group_json(const char *group_name, gid_t gid, JsonVariant **ret) {
 132         assert(group_name);
 133         assert(gid_is_valid(gid));
 134         assert(ret);
 135
 136         return json_build(ret, JSON_BUILD_OBJECT(
 137                                           JSON_BUILD_PAIR("record", JSON_BUILD_OBJECT(
 138                                                                           JSON_BUILD_PAIR("groupName", JSON_BUILD_STRING(group_name)),
 139                                                                           JSON_BUILD_PAIR("gid", JSON_BUILD_UNSIGNED(gid)),
 140                                                                           JSON_BUILD_PAIR("service", JSON_BUILD_STRING("io.systemd.DynamicUser")),
 141                                                                           JSON_BUILD_PAIR("disposition", JSON_BUILD_STRING("dynamic"))))));
 142 }
 143
 144 static bool group_match_lookup_parameters(LookupParameters *p, const char *name, gid_t gid) {
 145         assert(p);
 146
 147         if (p->group_name && !streq(name, p->group_name))
 148                 return false;
 149
 150         if (gid_is_valid(p->gid) && gid != p->gid)
 151                 return false;
 152
 153         return true;
 154 }
 155
 156 static int vl_method_get_group_record(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
 157
 158         static const JsonDispatch dispatch_table[] = {
 159                 { "gid",       JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid,      offsetof(LookupParameters, gid),        0         },
 160                 { "groupName", JSON_VARIANT_STRING,   json_dispatch_const_string, offsetof(LookupParameters, group_name), JSON_SAFE },
 161                 { "service",   JSON_VARIANT_STRING,   json_dispatch_const_string, offsetof(LookupParameters, service),    0         },
 162                 {}
 163         };
 164
 165         _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
 166         LookupParameters p = {
 167                 .gid = GID_INVALID,
 168         };
 169         _cleanup_free_ char *found_name = NULL;
 170         uid_t found_gid = GID_INVALID, gid;
 171         Manager *m = userdata;
 172         const char *gn;
 173         int r;
 174
 175         assert(parameters);
 176         assert(m);
 177
 178         r = json_dispatch(parameters, dispatch_table, NULL, 0, &p);
 179         if (r < 0)
 180                 return r;
 181
 182         if (!streq_ptr(p.service, "io.systemd.DynamicUser"))
 183                 return varlink_error(link, "io.systemd.UserDatabase.BadService", NULL);
 184
 185         if (gid_is_valid(p.gid))
 186                 r = dynamic_user_lookup_uid(m, (uid_t) p.gid, &found_name);
 187         else if (p.group_name)
 188                 r = dynamic_user_lookup_name(m, p.group_name, (uid_t*) &found_gid);
 189         else {
 190                 DynamicUser *d;
 191                 Iterator i;
 192
 193                 HASHMAP_FOREACH(d, m->dynamic_users, i) {
 194                         uid_t uid;
 195
 196                         r = dynamic_user_current(d, &uid);
 197                         if (r == -EAGAIN)
 198                                 continue;
 199                         if (r < 0)
 200                                 return r;
 201
 202                         if (!group_match_lookup_parameters(&p, d->name, (gid_t) uid))
 203                                 continue;
 204
 205                         if (v) {
 206                                 r = varlink_notify(link, v);
 207                                 if (r < 0)
 208                                         return r;
 209
 210                                 v = json_variant_unref(v);
 211                         }
 212
 213                         r = build_group_json(d->name, (gid_t) uid, &v);
 214                         if (r < 0)
 215                                 return r;
 216                 }
 217
 218                 if (!v)
 219                         return varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL);
 220
 221                 return varlink_reply(link, v);
 222         }
 223         if (r == -ESRCH)
 224                 return varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL);
 225         if (r < 0)
 226                 return r;
 227
 228         gid = gid_is_valid(found_gid) ? found_gid : p.gid;
 229         gn = found_name ?: p.group_name;
 230
 231         if (!group_match_lookup_parameters(&p, gn, gid))
 232                 return varlink_error(link, "io.systemd.UserDatabase.ConflictingRecordFound", NULL);
 233
 234         r = build_group_json(gn, gid, &v);
 235         if (r < 0)
 236                 return r;
 237
 238         return varlink_reply(link, v);
 239 }
 240
 241 static int vl_method_get_memberships(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
 242
 243         static const JsonDispatch dispatch_table[] = {
 244                 { "userName",  JSON_VARIANT_STRING, json_dispatch_const_string, offsetof(LookupParameters, user_name),  JSON_SAFE },
 245                 { "groupName", JSON_VARIANT_STRING, json_dispatch_const_string, offsetof(LookupParameters, group_name), JSON_SAFE },
 246                 { "service",   JSON_VARIANT_STRING, json_dispatch_const_string, offsetof(LookupParameters, service),    0         },
 247                 {}
 248         };
 249
 250         LookupParameters p = {};
 251         int r;
 252
 253         assert(parameters);
 254
 255         r = json_dispatch(parameters, dispatch_table, NULL, 0, &p);
 256         if (r < 0)
 257                 return r;
 258
 259         if (!streq_ptr(p.service, "io.systemd.DynamicUser"))
 260                 return varlink_error(link, "io.systemd.UserDatabase.BadService", NULL);
 261
 262         /* We don't support auxiliary groups with dynamic users. */
 263         return varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL);
 264 }
 265
 266 int manager_varlink_init(Manager *m) {
 267         _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL;
 268         int r;
 269
 270         assert(m);
 271
 272         if (m->varlink_server)
 273                 return 0;
 274
 275         if (!MANAGER_IS_SYSTEM(m))
 276                 return 0;
 277
 278         r = varlink_server_new(&s, VARLINK_SERVER_ACCOUNT_UID);
 279         if (r < 0)
 280                 return log_error_errno(r, "Failed to allocate varlink server object: %m");
 281
 282         varlink_server_set_userdata(s, m);
 283
 284         r = varlink_server_bind_method_many(
 285                         s,
 286                         "io.systemd.UserDatabase.GetUserRecord",  vl_method_get_user_record,
 287                         "io.systemd.UserDatabase.GetGroupRecord", vl_method_get_group_record,
 288                         "io.systemd.UserDatabase.GetMemberships", vl_method_get_memberships);
 289         if (r < 0)
 290                 return log_error_errno(r, "Failed to register varlink methods: %m");
 291
 292         (void) mkdir_p("/run/systemd/userdb", 0755);
 293
 294         r = varlink_server_listen_address(s, "/run/systemd/userdb/io.systemd.DynamicUser", 0666);
 295         if (r < 0)
 296                 return log_error_errno(r, "Failed to bind to varlink socket: %m");
 297
 298         r = varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL);
 299         if (r < 0)
 300                 return log_error_errno(r, "Failed to attach varlink connection to event loop: %m");
 301
 302         m->varlink_server = TAKE_PTR(s);
 303         return 0;
 304 }
 305
 306 void manager_varlink_done(Manager *m) {
 307         assert(m);
 308
 309         m->varlink_server = varlink_server_unref(m->varlink_server);
 310 }