]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/home/homed-home.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tree-wide: check if return value of lseek() and friends is negative
[thirdparty/systemd.git] / src / home / homed-home.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #if HAVE_LINUX_MEMFD_H
4 #include <linux/memfd.h>
5 #endif
6
7 #include <sys/mman.h>
8 #include <sys/quota.h>
9 #include <sys/vfs.h>
10
11 #include "blockdev-util.h"
12 #include "btrfs-util.h"
13 #include "bus-common-errors.h"
14 #include "bus-locator.h"
15 #include "data-fd-util.h"
16 #include "env-util.h"
17 #include "errno-list.h"
18 #include "errno-util.h"
19 #include "fd-util.h"
20 #include "fileio.h"
21 #include "filesystems.h"
22 #include "fs-util.h"
23 #include "glyph-util.h"
24 #include "home-util.h"
25 #include "homed-home-bus.h"
26 #include "homed-home.h"
27 #include "memfd-util.h"
28 #include "missing_magic.h"
29 #include "missing_mman.h"
30 #include "missing_syscall.h"
31 #include "mkdir.h"
32 #include "path-util.h"
33 #include "process-util.h"
34 #include "quota-util.h"
35 #include "resize-fs.h"
36 #include "set.h"
37 #include "signal-util.h"
38 #include "stat-util.h"
39 #include "string-table.h"
40 #include "strv.h"
41 #include "uid-alloc-range.h"
42 #include "user-record-password-quality.h"
43 #include "user-record-sign.h"
44 #include "user-record-util.h"
45 #include "user-record.h"
46 #include "user-util.h"
47
48 /* Retry to deactivate home directories again and again every 15s until it works */
49 #define RETRY_DEACTIVATE_USEC (15U * USEC_PER_SEC)
50
51 #define HOME_USERS_MAX 500
52 #define PENDING_OPERATIONS_MAX 100
53
54 assert_cc(HOME_UID_MIN <= HOME_UID_MAX);
55 assert_cc(HOME_USERS_MAX <= (HOME_UID_MAX - HOME_UID_MIN + 1));
56
57 static int home_start_work(Home *h, const char *verb, UserRecord *hr, UserRecord *secret);
58
59 DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(operation_hash_ops, void, trivial_hash_func, trivial_compare_func, Operation, operation_unref);
60
61 static int suitable_home_record(UserRecord *hr) {
62 int r;
63
64 assert(hr);
65
66 if (!hr->user_name)
67 return -EUNATCH;
68
69 /* We are a bit more restrictive with what we accept as homed-managed user than what we accept in
70 * home records in general. Let's enforce the stricter rule here. */
71 if (!suitable_user_name(hr->user_name))
72 return -EINVAL;
73 if (!uid_is_valid(hr->uid))
74 return -EINVAL;
75
76 /* Insist we are outside of the dynamic and system range */
77 if (uid_is_system(hr->uid) || gid_is_system(user_record_gid(hr)) ||
78 uid_is_dynamic(hr->uid) || gid_is_dynamic(user_record_gid(hr)))
79 return -EADDRNOTAVAIL;
80
81 /* Insist that GID and UID match */
82 if (user_record_gid(hr) != (gid_t) hr->uid)
83 return -EBADSLT;
84
85 /* Similar for the realm */
86 if (hr->realm) {
87 r = suitable_realm(hr->realm);
88 if (r < 0)
89 return r;
90 if (r == 0)
91 return -EINVAL;
92 }
93
94 return 0;
95 }
96
97 int home_new(Manager *m, UserRecord *hr, const char *sysfs, Home **ret) {
98 _cleanup_(home_freep) Home *home = NULL;
99 _cleanup_free_ char *nm = NULL, *ns = NULL;
100 int r;
101
102 assert(m);
103 assert(hr);
104
105 r = suitable_home_record(hr);
106 if (r < 0)
107 return r;
108
109 if (hashmap_contains(m->homes_by_name, hr->user_name))
110 return -EBUSY;
111
112 if (hashmap_contains(m->homes_by_uid, UID_TO_PTR(hr->uid)))
113 return -EBUSY;
114
115 if (sysfs && hashmap_contains(m->homes_by_sysfs, sysfs))
116 return -EBUSY;
117
118 if (hashmap_size(m->homes_by_name) >= HOME_USERS_MAX)
119 return -EUSERS;
120
121 nm = strdup(hr->user_name);
122 if (!nm)
123 return -ENOMEM;
124
125 if (sysfs) {
126 ns = strdup(sysfs);
127 if (!ns)
128 return -ENOMEM;
129 }
130
131 home = new(Home, 1);
132 if (!home)
133 return -ENOMEM;
134
135 *home = (Home) {
136 .manager = m,
137 .user_name = TAKE_PTR(nm),
138 .uid = hr->uid,
139 .state = _HOME_STATE_INVALID,
140 .worker_stdout_fd = -EBADF,
141 .sysfs = TAKE_PTR(ns),
142 .signed_locally = -1,
143 .pin_fd = -EBADF,
144 .luks_lock_fd = -EBADF,
145 };
146
147 r = hashmap_put(m->homes_by_name, home->user_name, home);
148 if (r < 0)
149 return r;
150
151 r = hashmap_put(m->homes_by_uid, UID_TO_PTR(home->uid), home);
152 if (r < 0)
153 return r;
154
155 if (home->sysfs) {
156 r = hashmap_put(m->homes_by_sysfs, home->sysfs, home);
157 if (r < 0)
158 return r;
159 }
160
161 r = user_record_clone(hr, USER_RECORD_LOAD_MASK_SECRET|USER_RECORD_PERMISSIVE, &home->record);
162 if (r < 0)
163 return r;
164
165 (void) bus_manager_emit_auto_login_changed(m);
166 (void) bus_home_emit_change(home);
167 (void) manager_schedule_rebalance(m, /* immediately= */ false);
168
169 if (ret)
170 *ret = TAKE_PTR(home);
171 else
172 TAKE_PTR(home);
173
174 return 0;
175 }
176
177 Home *home_free(Home *h) {
178
179 if (!h)
180 return NULL;
181
182 if (h->manager) {
183 (void) bus_home_emit_remove(h);
184 (void) bus_manager_emit_auto_login_changed(h->manager);
185
186 if (h->user_name)
187 (void) hashmap_remove_value(h->manager->homes_by_name, h->user_name, h);
188
189 if (uid_is_valid(h->uid))
190 (void) hashmap_remove_value(h->manager->homes_by_uid, UID_TO_PTR(h->uid), h);
191
192 if (h->sysfs)
193 (void) hashmap_remove_value(h->manager->homes_by_sysfs, h->sysfs, h);
194
195 if (h->worker_pid > 0)
196 (void) hashmap_remove_value(h->manager->homes_by_worker_pid, PID_TO_PTR(h->worker_pid), h);
197
198 if (h->manager->gc_focus == h)
199 h->manager->gc_focus = NULL;
200
201 (void) manager_schedule_rebalance(h->manager, /* immediately= */ false);
202 }
203
204 user_record_unref(h->record);
205 user_record_unref(h->secret);
206
207 h->worker_event_source = sd_event_source_disable_unref(h->worker_event_source);
208 safe_close(h->worker_stdout_fd);
209 free(h->user_name);
210 free(h->sysfs);
211
212 h->ref_event_source_please_suspend = sd_event_source_disable_unref(h->ref_event_source_please_suspend);
213 h->ref_event_source_dont_suspend = sd_event_source_disable_unref(h->ref_event_source_dont_suspend);
214
215 h->pending_operations = ordered_set_free(h->pending_operations);
216 h->pending_event_source = sd_event_source_disable_unref(h->pending_event_source);
217 h->deferred_change_event_source = sd_event_source_disable_unref(h->deferred_change_event_source);
218
219 h->current_operation = operation_unref(h->current_operation);
220
221 safe_close(h->pin_fd);
222 safe_close(h->luks_lock_fd);
223
224 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
225
226 return mfree(h);
227 }
228
229 int home_set_record(Home *h, UserRecord *hr) {
230 _cleanup_(user_record_unrefp) UserRecord *new_hr = NULL;
231 Home *other;
232 int r;
233
234 assert(h);
235 assert(h->user_name);
236 assert(h->record);
237 assert(hr);
238
239 if (user_record_equal(h->record, hr))
240 return 0;
241
242 r = suitable_home_record(hr);
243 if (r < 0)
244 return r;
245
246 if (!user_record_compatible(h->record, hr))
247 return -EREMCHG;
248
249 if (!FLAGS_SET(hr->mask, USER_RECORD_REGULAR) ||
250 FLAGS_SET(hr->mask, USER_RECORD_SECRET))
251 return -EINVAL;
252
253 if (FLAGS_SET(h->record->mask, USER_RECORD_STATUS)) {
254 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
255
256 /* Hmm, the existing record has status fields? If so, copy them over */
257
258 v = json_variant_ref(hr->json);
259 r = json_variant_set_field(&v, "status", json_variant_by_key(h->record->json, "status"));
260 if (r < 0)
261 return r;
262
263 new_hr = user_record_new();
264 if (!new_hr)
265 return -ENOMEM;
266
267 r = user_record_load(new_hr, v, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE);
268 if (r < 0)
269 return r;
270
271 hr = new_hr;
272 }
273
274 other = hashmap_get(h->manager->homes_by_uid, UID_TO_PTR(hr->uid));
275 if (other && other != h)
276 return -EBUSY;
277
278 if (h->uid != hr->uid) {
279 r = hashmap_remove_and_replace(h->manager->homes_by_uid, UID_TO_PTR(h->uid), UID_TO_PTR(hr->uid), h);
280 if (r < 0)
281 return r;
282 }
283
284 user_record_unref(h->record);
285 h->record = user_record_ref(hr);
286 h->uid = h->record->uid;
287
288 /* The updated record might have a different autologin setting, trigger a PropertiesChanged event for it */
289 (void) bus_manager_emit_auto_login_changed(h->manager);
290 (void) bus_home_emit_change(h);
291
292 return 0;
293 }
294
295 int home_save_record(Home *h) {
296 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
297 _cleanup_free_ char *text = NULL;
298 const char *fn;
299 int r;
300
301 assert(h);
302
303 v = json_variant_ref(h->record->json);
304 r = json_variant_normalize(&v);
305 if (r < 0)
306 log_warning_errno(r, "User record could not be normalized.");
307
308 r = json_variant_format(v, JSON_FORMAT_PRETTY|JSON_FORMAT_NEWLINE, &text);
309 if (r < 0)
310 return r;
311
312 (void) mkdir("/var/lib/systemd/", 0755);
313 (void) mkdir(home_record_dir(), 0700);
314
315 fn = strjoina(home_record_dir(), "/", h->user_name, ".identity");
316
317 r = write_string_file(fn, text, WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_MODE_0600|WRITE_STRING_FILE_SYNC);
318 if (r < 0)
319 return r;
320
321 return 0;
322 }
323
324 int home_unlink_record(Home *h) {
325 const char *fn;
326
327 assert(h);
328
329 fn = strjoina(home_record_dir(), "/", h->user_name, ".identity");
330 if (unlink(fn) < 0 && errno != ENOENT)
331 return -errno;
332
333 fn = strjoina("/run/systemd/home/", h->user_name, ".ref");
334 if (unlink(fn) < 0 && errno != ENOENT)
335 return -errno;
336
337 return 0;
338 }
339
340 static void home_unpin(Home *h) {
341 assert(h);
342
343 if (h->pin_fd < 0)
344 return;
345
346 h->pin_fd = safe_close(h->pin_fd);
347 log_debug("Successfully closed pin fd on home for %s.", h->user_name);
348 }
349
350 static void home_pin(Home *h) {
351 const char *path;
352
353 assert(h);
354
355 if (h->pin_fd >= 0) /* Already pinned? */
356 return;
357
358 path = user_record_home_directory(h->record);
359 if (!path) {
360 log_warning("No home directory path to pin for %s, ignoring.", h->user_name);
361 return;
362 }
363
364 h->pin_fd = open(path, O_RDONLY|O_DIRECTORY|O_CLOEXEC);
365 if (h->pin_fd < 0) {
366 log_warning_errno(errno, "Couldn't open home directory '%s' for pinning, ignoring: %m", path);
367 return;
368 }
369
370 log_debug("Successfully pinned home directory '%s'.", path);
371 }
372
373 static void home_update_pin_fd(Home *h, HomeState state) {
374 assert(h);
375
376 if (state < 0)
377 state = home_get_state(h);
378
379 return HOME_STATE_SHALL_PIN(state) ? home_pin(h) : home_unpin(h);
380 }
381
382 static void home_maybe_close_luks_lock_fd(Home *h, HomeState state) {
383 assert(h);
384
385 if (h->luks_lock_fd < 0)
386 return;
387
388 if (state < 0)
389 state = home_get_state(h);
390
391 /* Keep the lock as long as the home dir is active or has some operation going */
392 if (HOME_STATE_IS_EXECUTING_OPERATION(state) || HOME_STATE_IS_ACTIVE(state) || state == HOME_LOCKED)
393 return;
394
395 h->luks_lock_fd = safe_close(h->luks_lock_fd);
396 log_debug("Successfully closed LUKS backing file lock for %s.", h->user_name);
397 }
398
399 static void home_maybe_stop_retry_deactivate(Home *h, HomeState state) {
400 assert(h);
401
402 /* Free the deactivation retry event source if we won't need it anymore. Specifically, we'll free the
403 * event source whenever the home directory is already deactivated (and we thus where successful) or
404 * if we start executing an operation that indicates that the home directory is going to be used or
405 * operated on again. Also, if the home is referenced again stop the timer */
406
407 if (HOME_STATE_MAY_RETRY_DEACTIVATE(state) &&
408 !h->ref_event_source_dont_suspend &&
409 !h->ref_event_source_please_suspend)
410 return;
411
412 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
413 }
414
415 static int home_deactivate_internal(Home *h, bool force, sd_bus_error *error);
416 static void home_start_retry_deactivate(Home *h);
417
418 static int home_on_retry_deactivate(sd_event_source *s, uint64_t usec, void *userdata) {
419 Home *h = ASSERT_PTR(userdata);
420 HomeState state;
421
422 assert(s);
423
424 /* 15s after the last attempt to deactivate the home directory passed. Let's try it one more time. */
425
426 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
427
428 state = home_get_state(h);
429 if (!HOME_STATE_MAY_RETRY_DEACTIVATE(state))
430 return 0;
431
432 if (IN_SET(state, HOME_ACTIVE, HOME_LINGERING)) {
433 log_info("Again trying to deactivate home directory.");
434
435 /* If we are not executing any operation, let's start deactivating now. Note that this will
436 * restart our timer again, we are gonna be called again if this doesn't work. */
437 (void) home_deactivate_internal(h, /* force= */ false, NULL);
438 } else
439 /* if we are executing an operation (specifically, area already running a deactivation
440 * operation), then simply reque the timer, so that we retry again. */
441 home_start_retry_deactivate(h);
442
443 return 0;
444 }
445
446 static void home_start_retry_deactivate(Home *h) {
447 int r;
448
449 assert(h);
450 assert(h->manager);
451
452 /* Already allocated? */
453 if (h->retry_deactivate_event_source)
454 return;
455
456 /* If the home directory is being used now don't start the timer */
457 if (h->ref_event_source_dont_suspend || h->ref_event_source_please_suspend)
458 return;
459
460 r = sd_event_add_time_relative(
461 h->manager->event,
462 &h->retry_deactivate_event_source,
463 CLOCK_MONOTONIC,
464 RETRY_DEACTIVATE_USEC,
465 1*USEC_PER_MINUTE,
466 home_on_retry_deactivate,
467 h);
468 if (r < 0)
469 return (void) log_warning_errno(r, "Failed to install retry-deactivate event source, ignoring: %m");
470
471 (void) sd_event_source_set_description(h->retry_deactivate_event_source, "retry-deactivate");
472 }
473
474 static void home_set_state(Home *h, HomeState state) {
475 HomeState old_state, new_state;
476
477 assert(h);
478
479 old_state = home_get_state(h);
480 h->state = state;
481 new_state = home_get_state(h); /* Query the new state, since the 'state' variable might be set to -1,
482 * in which case we synthesize an high-level state on demand */
483
484 log_info("%s: changing state %s %s %s", h->user_name,
485 home_state_to_string(old_state),
486 special_glyph(SPECIAL_GLYPH_ARROW_RIGHT),
487 home_state_to_string(new_state));
488
489 home_update_pin_fd(h, new_state);
490 home_maybe_close_luks_lock_fd(h, new_state);
491 home_maybe_stop_retry_deactivate(h, new_state);
492
493 if (HOME_STATE_IS_EXECUTING_OPERATION(old_state) && !HOME_STATE_IS_EXECUTING_OPERATION(new_state)) {
494 /* If we just finished executing some operation, process the queue of pending operations. And
495 * enqueue it for GC too. */
496
497 home_schedule_operation(h, NULL, NULL);
498 manager_reschedule_rebalance(h->manager);
499 manager_enqueue_gc(h->manager, h);
500 }
501 }
502
503 static int home_parse_worker_stdout(int _fd, UserRecord **ret) {
504 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
505 _cleanup_close_ int fd = _fd; /* take possession, even on failure */
506 _cleanup_(user_record_unrefp) UserRecord *hr = NULL;
507 _cleanup_fclose_ FILE *f = NULL;
508 unsigned line, column;
509 struct stat st;
510 int r;
511
512 if (fstat(fd, &st) < 0)
513 return log_error_errno(errno, "Failed to stat stdout fd: %m");
514
515 assert(S_ISREG(st.st_mode));
516
517 if (st.st_size == 0) { /* empty record */
518 *ret = NULL;
519 return 0;
520 }
521
522 if (lseek(fd, SEEK_SET, 0) < 0)
523 return log_error_errno(errno, "Failed to seek to beginning of memfd: %m");
524
525 f = take_fdopen(&fd, "r");
526 if (!f)
527 return log_error_errno(errno, "Failed to reopen memfd: %m");
528
529 if (DEBUG_LOGGING) {
530 _cleanup_free_ char *text = NULL;
531
532 r = read_full_stream(f, &text, NULL);
533 if (r < 0)
534 return log_error_errno(r, "Failed to read from client: %m");
535
536 log_debug("Got from worker: %s", text);
537 rewind(f);
538 }
539
540 r = json_parse_file(f, "stdout", JSON_PARSE_SENSITIVE, &v, &line, &column);
541 if (r < 0)
542 return log_error_errno(r, "Failed to parse identity at %u:%u: %m", line, column);
543
544 hr = user_record_new();
545 if (!hr)
546 return log_oom();
547
548 r = user_record_load(hr, v, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE);
549 if (r < 0)
550 return log_error_errno(r, "Failed to load home record identity: %m");
551
552 *ret = TAKE_PTR(hr);
553 return 1;
554 }
555
556 static int home_verify_user_record(Home *h, UserRecord *hr, bool *ret_signed_locally, sd_bus_error *ret_error) {
557 int is_signed;
558
559 assert(h);
560 assert(hr);
561 assert(ret_signed_locally);
562
563 is_signed = manager_verify_user_record(h->manager, hr);
564 switch (is_signed) {
565
566 case USER_RECORD_SIGNED_EXCLUSIVE:
567 log_info("Home %s is signed exclusively by our key, accepting.", hr->user_name);
568 *ret_signed_locally = true;
569 return 0;
570
571 case USER_RECORD_SIGNED:
572 log_info("Home %s is signed by our key (and others), accepting.", hr->user_name);
573 *ret_signed_locally = false;
574 return 0;
575
576 case USER_RECORD_FOREIGN:
577 log_info("Home %s is signed by foreign key we like, accepting.", hr->user_name);
578 *ret_signed_locally = false;
579 return 0;
580
581 case USER_RECORD_UNSIGNED:
582 sd_bus_error_setf(ret_error, BUS_ERROR_BAD_SIGNATURE, "User record %s is not signed at all, refusing.", hr->user_name);
583 return log_error_errno(SYNTHETIC_ERRNO(EPERM), "Home %s contains user record that is not signed at all, refusing.", hr->user_name);
584
585 case -ENOKEY:
586 sd_bus_error_setf(ret_error, BUS_ERROR_BAD_SIGNATURE, "User record %s is not signed by any known key, refusing.", hr->user_name);
587 return log_error_errno(is_signed, "Home %s contains user record that is not signed by any known key, refusing.", hr->user_name);
588
589 default:
590 assert(is_signed < 0);
591 return log_error_errno(is_signed, "Failed to verify signature on user record for %s, refusing fixation: %m", hr->user_name);
592 }
593 }
594
595 static int convert_worker_errno(Home *h, int e, sd_bus_error *error) {
596 /* Converts the error numbers the worker process returned into somewhat sensible dbus errors */
597
598 switch (e) {
599
600 case -EMSGSIZE:
601 return sd_bus_error_set(error, BUS_ERROR_BAD_HOME_SIZE, "File systems of this type cannot be shrunk");
602 case -ETXTBSY:
603 return sd_bus_error_set(error, BUS_ERROR_BAD_HOME_SIZE, "File systems of this type can only be shrunk offline");
604 case -ERANGE:
605 return sd_bus_error_set(error, BUS_ERROR_BAD_HOME_SIZE, "File system size too small");
606 case -ENOLINK:
607 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "System does not support selected storage backend");
608 case -EPROTONOSUPPORT:
609 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "System does not support selected file system");
610 case -ENOTTY:
611 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "Operation not supported on storage backend");
612 case -ESOCKTNOSUPPORT:
613 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "Operation not supported on file system");
614 case -ENOKEY:
615 return sd_bus_error_setf(error, BUS_ERROR_BAD_PASSWORD, "Password for home %s is incorrect or not sufficient for authentication.", h->user_name);
616 case -EBADSLT:
617 return sd_bus_error_setf(error, BUS_ERROR_BAD_PASSWORD_AND_NO_TOKEN, "Password for home %s is incorrect or not sufficient, and configured security token not found either.", h->user_name);
618 case -EREMOTEIO:
619 return sd_bus_error_setf(error, BUS_ERROR_BAD_RECOVERY_KEY, "Recovery key for home %s is incorrect or not sufficient for authentication.", h->user_name);
620 case -ENOANO:
621 return sd_bus_error_set(error, BUS_ERROR_TOKEN_PIN_NEEDED, "PIN for security token required.");
622 case -ERFKILL:
623 return sd_bus_error_set(error, BUS_ERROR_TOKEN_PROTECTED_AUTHENTICATION_PATH_NEEDED, "Security token requires protected authentication path.");
624 case -EMEDIUMTYPE:
625 return sd_bus_error_set(error, BUS_ERROR_TOKEN_USER_PRESENCE_NEEDED, "Security token requires presence confirmation.");
626 case -ENOCSI:
627 return sd_bus_error_set(error, BUS_ERROR_TOKEN_USER_VERIFICATION_NEEDED, "Security token requires user verification.");
628 case -ENOSTR:
629 return sd_bus_error_set(error, BUS_ERROR_TOKEN_ACTION_TIMEOUT, "Token action timeout. (User was supposed to verify presence or similar, by interacting with the token, and didn't do that in time.)");
630 case -EOWNERDEAD:
631 return sd_bus_error_set(error, BUS_ERROR_TOKEN_PIN_LOCKED, "PIN of security token locked.");
632 case -ENOLCK:
633 return sd_bus_error_set(error, BUS_ERROR_TOKEN_BAD_PIN, "Bad PIN of security token.");
634 case -ETOOMANYREFS:
635 return sd_bus_error_set(error, BUS_ERROR_TOKEN_BAD_PIN_FEW_TRIES_LEFT, "Bad PIN of security token, and only a few tries left.");
636 case -EUCLEAN:
637 return sd_bus_error_set(error, BUS_ERROR_TOKEN_BAD_PIN_ONE_TRY_LEFT, "Bad PIN of security token, and only one try left.");
638 case -EBUSY:
639 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
640 case -ENOEXEC:
641 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s is currently not active", h->user_name);
642 case -ENOSPC:
643 return sd_bus_error_setf(error, BUS_ERROR_NO_DISK_SPACE, "Not enough disk space for home %s", h->user_name);
644 case -EKEYREVOKED:
645 return sd_bus_error_setf(error, BUS_ERROR_HOME_CANT_AUTHENTICATE, "Home %s has no password or other authentication mechanism defined.", h->user_name);
646 case -EADDRINUSE:
647 return sd_bus_error_setf(error, BUS_ERROR_HOME_IN_USE, "Home %s is currently being used elsewhere.", h->user_name);
648 }
649
650 return 0;
651 }
652
653 static void home_count_bad_authentication(Home *h, bool save) {
654 int r;
655
656 assert(h);
657
658 r = user_record_bad_authentication(h->record);
659 if (r < 0) {
660 log_warning_errno(r, "Failed to increase bad authentication counter, ignoring: %m");
661 return;
662 }
663
664 if (save) {
665 r = home_save_record(h);
666 if (r < 0)
667 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
668 }
669 }
670
671 static void home_fixate_finish(Home *h, int ret, UserRecord *hr) {
672 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
673 _cleanup_(user_record_unrefp) UserRecord *secret = NULL;
674 bool signed_locally;
675 int r;
676
677 assert(h);
678 assert(IN_SET(h->state, HOME_FIXATING, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE));
679
680 secret = TAKE_PTR(h->secret); /* Take possession */
681
682 if (ret < 0) {
683 if (ret == -ENOKEY)
684 (void) home_count_bad_authentication(h, false);
685
686 (void) convert_worker_errno(h, ret, &error);
687 r = log_error_errno(ret, "Fixation failed: %m");
688 goto fail;
689 }
690 if (!hr) {
691 r = log_error_errno(SYNTHETIC_ERRNO(EIO), "Did not receive user record from worker process, fixation failed.");
692 goto fail;
693 }
694
695 r = home_verify_user_record(h, hr, &signed_locally, &error);
696 if (r < 0)
697 goto fail;
698
699 r = home_set_record(h, hr);
700 if (r < 0) {
701 log_error_errno(r, "Failed to update home record: %m");
702 goto fail;
703 }
704
705 h->signed_locally = signed_locally;
706
707 /* When we finished fixating (and don't follow-up with activation), let's count this as good authentication */
708 if (h->state == HOME_FIXATING) {
709 r = user_record_good_authentication(h->record);
710 if (r < 0)
711 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
712 }
713
714 r = home_save_record(h);
715 if (r < 0)
716 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
717
718 if (IN_SET(h->state, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE)) {
719
720 r = home_start_work(h, "activate", h->record, secret);
721 if (r < 0) {
722 h->current_operation = operation_result_unref(h->current_operation, r, NULL);
723 home_set_state(h, _HOME_STATE_INVALID);
724 } else
725 home_set_state(h, h->state == HOME_FIXATING_FOR_ACTIVATION ? HOME_ACTIVATING : HOME_ACTIVATING_FOR_ACQUIRE);
726
727 return;
728 }
729
730 log_debug("Fixation of %s completed.", h->user_name);
731
732 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
733
734 /* Reset the state to "invalid", which makes home_get_state() test if the image exists and returns
735 * HOME_ABSENT vs. HOME_INACTIVE as necessary. */
736 home_set_state(h, _HOME_STATE_INVALID);
737 (void) manager_schedule_rebalance(h->manager, /* immediately= */ false);
738 return;
739
740 fail:
741 /* If fixation fails, we stay in unfixated state! */
742 h->current_operation = operation_result_unref(h->current_operation, r, &error);
743 home_set_state(h, HOME_UNFIXATED);
744 }
745
746 static void home_activate_finish(Home *h, int ret, UserRecord *hr) {
747 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
748 int r;
749
750 assert(h);
751 assert(IN_SET(h->state, HOME_ACTIVATING, HOME_ACTIVATING_FOR_ACQUIRE));
752
753 if (ret < 0) {
754 if (ret == -ENOKEY)
755 home_count_bad_authentication(h, true);
756
757 (void) convert_worker_errno(h, ret, &error);
758 r = log_error_errno(ret, "Activation failed: %m");
759 goto finish;
760 }
761
762 if (hr) {
763 bool signed_locally;
764
765 r = home_verify_user_record(h, hr, &signed_locally, &error);
766 if (r < 0)
767 goto finish;
768
769 r = home_set_record(h, hr);
770 if (r < 0) {
771 log_error_errno(r, "Failed to update home record, ignoring: %m");
772 goto finish;
773 }
774
775 h->signed_locally = signed_locally;
776
777 r = user_record_good_authentication(h->record);
778 if (r < 0)
779 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
780
781 r = home_save_record(h);
782 if (r < 0)
783 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
784 }
785
786 log_debug("Activation of %s completed.", h->user_name);
787 r = 0;
788
789 finish:
790 h->current_operation = operation_result_unref(h->current_operation, r, &error);
791 home_set_state(h, _HOME_STATE_INVALID);
792
793 if (r >= 0)
794 (void) manager_schedule_rebalance(h->manager, /* immediately= */ true);
795 }
796
797 static void home_deactivate_finish(Home *h, int ret, UserRecord *hr) {
798 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
799 int r;
800
801 assert(h);
802 assert(h->state == HOME_DEACTIVATING);
803 assert(!hr); /* We don't expect a record on this operation */
804
805 if (ret < 0) {
806 (void) convert_worker_errno(h, ret, &error);
807 r = log_error_errno(ret, "Deactivation of %s failed: %m", h->user_name);
808 goto finish;
809 }
810
811 log_debug("Deactivation of %s completed.", h->user_name);
812 r = 0;
813
814 finish:
815 h->current_operation = operation_result_unref(h->current_operation, r, &error);
816 home_set_state(h, _HOME_STATE_INVALID);
817
818 if (r >= 0)
819 (void) manager_schedule_rebalance(h->manager, /* immediately= */ true);
820 }
821
822 static void home_remove_finish(Home *h, int ret, UserRecord *hr) {
823 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
824 Manager *m;
825 int r;
826
827 assert(h);
828 assert(h->state == HOME_REMOVING);
829 assert(!hr); /* We don't expect a record on this operation */
830
831 m = h->manager;
832
833 if (ret < 0 && ret != -EALREADY) {
834 (void) convert_worker_errno(h, ret, &error);
835 r = log_error_errno(ret, "Removing %s failed: %m", h->user_name);
836 goto fail;
837 }
838
839 /* For a couple of storage types we can't delete the actual data storage when called (such as LUKS on
840 * partitions like USB sticks, or so). Sometimes these storage locations are among those we normally
841 * automatically discover in /home or in udev. When such a home is deleted let's hence issue a rescan
842 * after completion, so that "unfixated" entries are rediscovered. */
843 if (!IN_SET(user_record_test_image_path(h->record), USER_TEST_UNDEFINED, USER_TEST_ABSENT))
844 manager_enqueue_rescan(m);
845
846 /* The image is now removed from disk. Now also remove our stored record */
847 r = home_unlink_record(h);
848 if (r < 0) {
849 log_error_errno(r, "Removing record file failed: %m");
850 goto fail;
851 }
852
853 log_debug("Removal of %s completed.", h->user_name);
854 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
855
856 /* Unload this record from memory too now. */
857 h = home_free(h);
858
859 (void) manager_schedule_rebalance(m, /* immediately= */ true);
860 return;
861
862 fail:
863 h->current_operation = operation_result_unref(h->current_operation, r, &error);
864 home_set_state(h, _HOME_STATE_INVALID);
865 }
866
867 static void home_create_finish(Home *h, int ret, UserRecord *hr) {
868 int r;
869
870 assert(h);
871 assert(h->state == HOME_CREATING);
872
873 if (ret < 0) {
874 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
875
876 (void) convert_worker_errno(h, ret, &error);
877 log_error_errno(ret, "Operation on %s failed: %m", h->user_name);
878 h->current_operation = operation_result_unref(h->current_operation, ret, &error);
879
880 if (h->unregister_on_failure) {
881 (void) home_unlink_record(h);
882 h = home_free(h);
883 return;
884 }
885
886 home_set_state(h, _HOME_STATE_INVALID);
887 return;
888 }
889
890 if (hr) {
891 r = home_set_record(h, hr);
892 if (r < 0)
893 log_warning_errno(r, "Failed to update home record, ignoring: %m");
894 }
895
896 r = home_save_record(h);
897 if (r < 0)
898 log_warning_errno(r, "Failed to save record to disk, ignoring: %m");
899
900 log_debug("Creation of %s completed.", h->user_name);
901
902 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
903 home_set_state(h, _HOME_STATE_INVALID);
904
905 (void) manager_schedule_rebalance(h->manager, /* immediately= */ true);
906 }
907
908 static void home_change_finish(Home *h, int ret, UserRecord *hr) {
909 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
910 int r;
911
912 assert(h);
913
914 if (ret < 0) {
915 if (ret == -ENOKEY)
916 (void) home_count_bad_authentication(h, true);
917
918 (void) convert_worker_errno(h, ret, &error);
919 r = log_error_errno(ret, "Change operation failed: %m");
920 goto finish;
921 }
922
923 if (hr) {
924 r = home_set_record(h, hr);
925 if (r < 0)
926 log_warning_errno(r, "Failed to update home record, ignoring: %m");
927 else {
928 r = user_record_good_authentication(h->record);
929 if (r < 0)
930 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
931
932 r = home_save_record(h);
933 if (r < 0)
934 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
935 }
936 }
937
938 log_debug("Change operation of %s completed.", h->user_name);
939 (void) manager_schedule_rebalance(h->manager, /* immediately= */ false);
940 r = 0;
941
942 finish:
943 h->current_operation = operation_result_unref(h->current_operation, r, &error);
944 home_set_state(h, _HOME_STATE_INVALID);
945 }
946
947 static void home_locking_finish(Home *h, int ret, UserRecord *hr) {
948 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
949 int r;
950
951 assert(h);
952 assert(h->state == HOME_LOCKING);
953
954 if (ret < 0) {
955 (void) convert_worker_errno(h, ret, &error);
956 r = log_error_errno(ret, "Locking operation failed: %m");
957 goto finish;
958 }
959
960 log_debug("Locking operation of %s completed.", h->user_name);
961 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
962 home_set_state(h, HOME_LOCKED);
963 return;
964
965 finish:
966 /* If a specific home doesn't know the concept of locking, then that's totally OK, don't propagate
967 * the error if we are executing a LockAllHomes() operation. */
968
969 if (h->current_operation->type == OPERATION_LOCK_ALL && r == -ENOTTY)
970 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
971 else
972 h->current_operation = operation_result_unref(h->current_operation, r, &error);
973
974 home_set_state(h, _HOME_STATE_INVALID);
975 }
976
977 static void home_unlocking_finish(Home *h, int ret, UserRecord *hr) {
978 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
979 int r;
980
981 assert(h);
982 assert(IN_SET(h->state, HOME_UNLOCKING, HOME_UNLOCKING_FOR_ACQUIRE));
983
984 if (ret < 0) {
985 if (ret == -ENOKEY)
986 (void) home_count_bad_authentication(h, true);
987
988 (void) convert_worker_errno(h, ret, &error);
989 r = log_error_errno(ret, "Unlocking operation failed: %m");
990
991 /* Revert to locked state */
992 home_set_state(h, HOME_LOCKED);
993 h->current_operation = operation_result_unref(h->current_operation, r, &error);
994 return;
995 }
996
997 r = user_record_good_authentication(h->record);
998 if (r < 0)
999 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
1000 else {
1001 r = home_save_record(h);
1002 if (r < 0)
1003 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
1004 }
1005
1006 log_debug("Unlocking operation of %s completed.", h->user_name);
1007
1008 h->current_operation = operation_result_unref(h->current_operation, r, &error);
1009 home_set_state(h, _HOME_STATE_INVALID);
1010 return;
1011 }
1012
1013 static void home_authenticating_finish(Home *h, int ret, UserRecord *hr) {
1014 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1015 int r;
1016
1017 assert(h);
1018 assert(IN_SET(h->state, HOME_AUTHENTICATING, HOME_AUTHENTICATING_WHILE_ACTIVE, HOME_AUTHENTICATING_FOR_ACQUIRE));
1019
1020 if (ret < 0) {
1021 if (ret == -ENOKEY)
1022 (void) home_count_bad_authentication(h, true);
1023
1024 (void) convert_worker_errno(h, ret, &error);
1025 r = log_error_errno(ret, "Authentication failed: %m");
1026 goto finish;
1027 }
1028
1029 if (hr) {
1030 r = home_set_record(h, hr);
1031 if (r < 0)
1032 log_warning_errno(r, "Failed to update home record, ignoring: %m");
1033 else {
1034 r = user_record_good_authentication(h->record);
1035 if (r < 0)
1036 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
1037
1038 r = home_save_record(h);
1039 if (r < 0)
1040 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
1041 }
1042 }
1043
1044 log_debug("Authentication of %s completed.", h->user_name);
1045 r = 0;
1046
1047 finish:
1048 h->current_operation = operation_result_unref(h->current_operation, r, &error);
1049 home_set_state(h, _HOME_STATE_INVALID);
1050 }
1051
1052 static int home_on_worker_process(sd_event_source *s, const siginfo_t *si, void *userdata) {
1053 _cleanup_(user_record_unrefp) UserRecord *hr = NULL;
1054 Home *h = ASSERT_PTR(userdata);
1055 int ret;
1056
1057 assert(s);
1058 assert(si);
1059
1060 assert(h->worker_pid == si->si_pid);
1061 assert(h->worker_event_source);
1062 assert(h->worker_stdout_fd >= 0);
1063
1064 (void) hashmap_remove_value(h->manager->homes_by_worker_pid, PID_TO_PTR(h->worker_pid), h);
1065
1066 h->worker_pid = 0;
1067 h->worker_event_source = sd_event_source_disable_unref(h->worker_event_source);
1068
1069 if (si->si_code != CLD_EXITED) {
1070 assert(IN_SET(si->si_code, CLD_KILLED, CLD_DUMPED));
1071 ret = log_debug_errno(SYNTHETIC_ERRNO(EPROTO), "Worker process died abnormally with signal %s.", signal_to_string(si->si_status));
1072 } else if (si->si_status != EXIT_SUCCESS) {
1073 /* If we received an error code via sd_notify(), use it */
1074 if (h->worker_error_code != 0)
1075 ret = log_debug_errno(h->worker_error_code, "Worker reported error code %s.", errno_to_name(h->worker_error_code));
1076 else
1077 ret = log_debug_errno(SYNTHETIC_ERRNO(EPROTO), "Worker exited with exit code %i.", si->si_status);
1078 } else
1079 ret = home_parse_worker_stdout(TAKE_FD(h->worker_stdout_fd), &hr);
1080
1081 h->worker_stdout_fd = safe_close(h->worker_stdout_fd);
1082
1083 switch (h->state) {
1084
1085 case HOME_FIXATING:
1086 case HOME_FIXATING_FOR_ACTIVATION:
1087 case HOME_FIXATING_FOR_ACQUIRE:
1088 home_fixate_finish(h, ret, hr);
1089 break;
1090
1091 case HOME_ACTIVATING:
1092 case HOME_ACTIVATING_FOR_ACQUIRE:
1093 home_activate_finish(h, ret, hr);
1094 break;
1095
1096 case HOME_DEACTIVATING:
1097 home_deactivate_finish(h, ret, hr);
1098 break;
1099
1100 case HOME_LOCKING:
1101 home_locking_finish(h, ret, hr);
1102 break;
1103
1104 case HOME_UNLOCKING:
1105 case HOME_UNLOCKING_FOR_ACQUIRE:
1106 home_unlocking_finish(h, ret, hr);
1107 break;
1108
1109 case HOME_CREATING:
1110 home_create_finish(h, ret, hr);
1111 break;
1112
1113 case HOME_REMOVING:
1114 home_remove_finish(h, ret, hr);
1115 break;
1116
1117 case HOME_UPDATING:
1118 case HOME_UPDATING_WHILE_ACTIVE:
1119 case HOME_RESIZING:
1120 case HOME_RESIZING_WHILE_ACTIVE:
1121 case HOME_PASSWD:
1122 case HOME_PASSWD_WHILE_ACTIVE:
1123 home_change_finish(h, ret, hr);
1124 break;
1125
1126 case HOME_AUTHENTICATING:
1127 case HOME_AUTHENTICATING_WHILE_ACTIVE:
1128 case HOME_AUTHENTICATING_FOR_ACQUIRE:
1129 home_authenticating_finish(h, ret, hr);
1130 break;
1131
1132 default:
1133 assert_not_reached();
1134 }
1135
1136 return 0;
1137 }
1138
1139 static int home_start_work(Home *h, const char *verb, UserRecord *hr, UserRecord *secret) {
1140 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1141 _cleanup_(erase_and_freep) char *formatted = NULL;
1142 _cleanup_close_ int stdin_fd = -EBADF, stdout_fd = -EBADF;
1143 pid_t pid = 0;
1144 int r;
1145
1146 assert(h);
1147 assert(verb);
1148 assert(hr);
1149
1150 if (h->worker_pid != 0)
1151 return -EBUSY;
1152
1153 assert(h->worker_stdout_fd < 0);
1154 assert(!h->worker_event_source);
1155
1156 v = json_variant_ref(hr->json);
1157
1158 if (secret) {
1159 JsonVariant *sub = NULL;
1160
1161 sub = json_variant_by_key(secret->json, "secret");
1162 if (!sub)
1163 return -ENOKEY;
1164
1165 r = json_variant_set_field(&v, "secret", sub);
1166 if (r < 0)
1167 return r;
1168 }
1169
1170 r = json_variant_format(v, 0, &formatted);
1171 if (r < 0)
1172 return r;
1173
1174 stdin_fd = acquire_data_fd(formatted, strlen(formatted), 0);
1175 if (stdin_fd < 0)
1176 return stdin_fd;
1177
1178 log_debug("Sending to worker: %s", formatted);
1179
1180 stdout_fd = memfd_create_wrapper("homework-stdout", MFD_CLOEXEC | MFD_NOEXEC_SEAL);
1181 if (stdout_fd < 0)
1182 return stdout_fd;
1183
1184 r = safe_fork_full("(sd-homework)",
1185 (int[]) { stdin_fd, stdout_fd, STDERR_FILENO },
1186 NULL, 0,
1187 FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_REARRANGE_STDIO|FORK_LOG|FORK_REOPEN_LOG, &pid);
1188 if (r < 0)
1189 return r;
1190 if (r == 0) {
1191 _cleanup_free_ char *joined = NULL;
1192 const char *homework, *suffix, *unix_path;
1193
1194 /* Child */
1195
1196 suffix = getenv("SYSTEMD_HOME_DEBUG_SUFFIX");
1197 if (suffix) {
1198 joined = strjoin("/run/systemd/home/notify.", suffix);
1199 if (!joined)
1200 return log_oom();
1201 unix_path = joined;
1202 } else
1203 unix_path = "/run/systemd/home/notify";
1204
1205 if (setenv("NOTIFY_SOCKET", unix_path, 1) < 0) {
1206 log_error_errno(errno, "Failed to set $NOTIFY_SOCKET: %m");
1207 _exit(EXIT_FAILURE);
1208 }
1209
1210 /* If we haven't locked the device yet, ask for a lock to be taken and be passed back to us via sd_notify(). */
1211 if (setenv("SYSTEMD_LUKS_LOCK", one_zero(h->luks_lock_fd < 0), 1) < 0) {
1212 log_error_errno(errno, "Failed to set $SYSTEMD_LUKS_LOCK: %m");
1213 _exit(EXIT_FAILURE);
1214 }
1215
1216 if (h->manager->default_storage >= 0)
1217 if (setenv("SYSTEMD_HOME_DEFAULT_STORAGE", user_storage_to_string(h->manager->default_storage), 1) < 0) {
1218 log_error_errno(errno, "Failed to set $SYSTEMD_HOME_DEFAULT_STORAGE: %m");
1219 _exit(EXIT_FAILURE);
1220 }
1221
1222 if (h->manager->default_file_system_type)
1223 if (setenv("SYSTEMD_HOME_DEFAULT_FILE_SYSTEM_TYPE", h->manager->default_file_system_type, 1) < 0) {
1224 log_error_errno(errno, "Failed to set $SYSTEMD_HOME_DEFAULT_FILE_SYSTEM_TYPE: %m");
1225 _exit(EXIT_FAILURE);
1226 }
1227
1228 r = setenv_systemd_exec_pid(true);
1229 if (r < 0)
1230 log_warning_errno(r, "Failed to update $SYSTEMD_EXEC_PID, ignoring: %m");
1231
1232 /* Allow overriding the homework path via an environment variable, to make debugging
1233 * easier. */
1234 homework = getenv("SYSTEMD_HOMEWORK_PATH") ?: SYSTEMD_HOMEWORK_PATH;
1235
1236 execl(homework, homework, verb, NULL);
1237 log_error_errno(errno, "Failed to invoke %s: %m", homework);
1238 _exit(EXIT_FAILURE);
1239 }
1240
1241 r = sd_event_add_child(h->manager->event, &h->worker_event_source, pid, WEXITED, home_on_worker_process, h);
1242 if (r < 0)
1243 return r;
1244
1245 (void) sd_event_source_set_description(h->worker_event_source, "worker");
1246
1247 r = hashmap_put(h->manager->homes_by_worker_pid, PID_TO_PTR(pid), h);
1248 if (r < 0) {
1249 h->worker_event_source = sd_event_source_disable_unref(h->worker_event_source);
1250 return r;
1251 }
1252
1253 h->worker_stdout_fd = TAKE_FD(stdout_fd);
1254 h->worker_pid = pid;
1255 h->worker_error_code = 0;
1256
1257 return 0;
1258 }
1259
1260 static int home_ratelimit(Home *h, sd_bus_error *error) {
1261 int r, ret;
1262
1263 assert(h);
1264
1265 ret = user_record_ratelimit(h->record);
1266 if (ret < 0)
1267 return ret;
1268
1269 if (h->state != HOME_UNFIXATED) {
1270 r = home_save_record(h);
1271 if (r < 0)
1272 log_warning_errno(r, "Failed to save updated record, ignoring: %m");
1273 }
1274
1275 if (ret == 0) {
1276 usec_t t, n;
1277
1278 n = now(CLOCK_REALTIME);
1279 t = user_record_ratelimit_next_try(h->record);
1280
1281 if (t != USEC_INFINITY && t > n)
1282 return sd_bus_error_setf(error, BUS_ERROR_AUTHENTICATION_LIMIT_HIT,
1283 "Too many login attempts, please try again in %s!",
1284 FORMAT_TIMESPAN(t - n, USEC_PER_SEC));
1285
1286 return sd_bus_error_set(error, BUS_ERROR_AUTHENTICATION_LIMIT_HIT, "Too many login attempts, please try again later.");
1287 }
1288
1289 return 0;
1290 }
1291
1292 static int home_fixate_internal(
1293 Home *h,
1294 UserRecord *secret,
1295 HomeState for_state,
1296 sd_bus_error *error) {
1297
1298 int r;
1299
1300 assert(h);
1301 assert(IN_SET(for_state, HOME_FIXATING, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE));
1302
1303 r = home_start_work(h, "inspect", h->record, secret);
1304 if (r < 0)
1305 return r;
1306
1307 if (IN_SET(for_state, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE)) {
1308 /* Remember the secret data, since we need it for the activation again, later on. */
1309 user_record_unref(h->secret);
1310 h->secret = user_record_ref(secret);
1311 }
1312
1313 home_set_state(h, for_state);
1314 return 0;
1315 }
1316
1317 int home_fixate(Home *h, UserRecord *secret, sd_bus_error *error) {
1318 int r;
1319
1320 assert(h);
1321
1322 switch (home_get_state(h)) {
1323 case HOME_ABSENT:
1324 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1325 case HOME_INACTIVE:
1326 case HOME_DIRTY:
1327 case HOME_ACTIVE:
1328 case HOME_LINGERING:
1329 case HOME_LOCKED:
1330 return sd_bus_error_setf(error, BUS_ERROR_HOME_ALREADY_FIXATED, "Home %s is already fixated.", h->user_name);
1331 case HOME_UNFIXATED:
1332 break;
1333 default:
1334 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1335 }
1336
1337 r = home_ratelimit(h, error);
1338 if (r < 0)
1339 return r;
1340
1341 return home_fixate_internal(h, secret, HOME_FIXATING, error);
1342 }
1343
1344 static int home_activate_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1345 int r;
1346
1347 assert(h);
1348 assert(IN_SET(for_state, HOME_ACTIVATING, HOME_ACTIVATING_FOR_ACQUIRE));
1349
1350 r = home_start_work(h, "activate", h->record, secret);
1351 if (r < 0)
1352 return r;
1353
1354 home_set_state(h, for_state);
1355 return 0;
1356 }
1357
1358 int home_activate(Home *h, UserRecord *secret, sd_bus_error *error) {
1359 int r;
1360
1361 assert(h);
1362
1363 switch (home_get_state(h)) {
1364 case HOME_UNFIXATED:
1365 return home_fixate_internal(h, secret, HOME_FIXATING_FOR_ACTIVATION, error);
1366 case HOME_ABSENT:
1367 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1368 case HOME_ACTIVE:
1369 return sd_bus_error_setf(error, BUS_ERROR_HOME_ALREADY_ACTIVE, "Home %s is already active.", h->user_name);
1370 case HOME_LINGERING:
1371 /* If we are lingering, i.e. active but are supposed to be deactivated, then cancel this
1372 * timer if the user explicitly asks us to be active */
1373 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
1374 return 0;
1375 case HOME_LOCKED:
1376 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1377 case HOME_INACTIVE:
1378 case HOME_DIRTY:
1379 break;
1380 default:
1381 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1382 }
1383
1384 r = home_ratelimit(h, error);
1385 if (r < 0)
1386 return r;
1387
1388 return home_activate_internal(h, secret, HOME_ACTIVATING, error);
1389 }
1390
1391 static int home_authenticate_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1392 int r;
1393
1394 assert(h);
1395 assert(IN_SET(for_state, HOME_AUTHENTICATING, HOME_AUTHENTICATING_WHILE_ACTIVE, HOME_AUTHENTICATING_FOR_ACQUIRE));
1396
1397 r = home_start_work(h, "inspect", h->record, secret);
1398 if (r < 0)
1399 return r;
1400
1401 home_set_state(h, for_state);
1402 return 0;
1403 }
1404
1405 int home_authenticate(Home *h, UserRecord *secret, sd_bus_error *error) {
1406 HomeState state;
1407 int r;
1408
1409 assert(h);
1410
1411 state = home_get_state(h);
1412 switch (state) {
1413 case HOME_ABSENT:
1414 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1415 case HOME_LOCKED:
1416 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1417 case HOME_UNFIXATED:
1418 case HOME_INACTIVE:
1419 case HOME_DIRTY:
1420 case HOME_ACTIVE:
1421 case HOME_LINGERING:
1422 break;
1423 default:
1424 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1425 }
1426
1427 r = home_ratelimit(h, error);
1428 if (r < 0)
1429 return r;
1430
1431 return home_authenticate_internal(h, secret, HOME_STATE_IS_ACTIVE(state) ? HOME_AUTHENTICATING_WHILE_ACTIVE : HOME_AUTHENTICATING, error);
1432 }
1433
1434 static int home_deactivate_internal(Home *h, bool force, sd_bus_error *error) {
1435 int r;
1436
1437 assert(h);
1438
1439 home_unpin(h); /* unpin so that we can deactivate */
1440
1441 r = home_start_work(h, force ? "deactivate-force" : "deactivate", h->record, NULL);
1442 if (r < 0)
1443 /* Operation failed before it even started, reacquire pin fd, if state still dictates so */
1444 home_update_pin_fd(h, _HOME_STATE_INVALID);
1445 else {
1446 home_set_state(h, HOME_DEACTIVATING);
1447 r = 0;
1448 }
1449
1450 /* Let's start a timer to retry deactivation in 15. We'll stop the timer once we manage to deactivate
1451 * the home directory again, or we start any other operation. */
1452 home_start_retry_deactivate(h);
1453
1454 return r;
1455 }
1456
1457 int home_deactivate(Home *h, bool force, sd_bus_error *error) {
1458 assert(h);
1459
1460 switch (home_get_state(h)) {
1461 case HOME_UNFIXATED:
1462 case HOME_ABSENT:
1463 case HOME_INACTIVE:
1464 case HOME_DIRTY:
1465 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s not active.", h->user_name);
1466 case HOME_LOCKED:
1467 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1468 case HOME_ACTIVE:
1469 case HOME_LINGERING:
1470 break;
1471 default:
1472 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1473 }
1474
1475 return home_deactivate_internal(h, force, error);
1476 }
1477
1478 int home_create(Home *h, UserRecord *secret, sd_bus_error *error) {
1479 int r;
1480
1481 assert(h);
1482
1483 switch (home_get_state(h)) {
1484 case HOME_INACTIVE: {
1485 int t;
1486
1487 if (h->record->storage < 0)
1488 break; /* if no storage is defined we don't know what precisely to look for, hence
1489 * HOME_INACTIVE is OK in that case too. */
1490
1491 t = user_record_test_image_path(h->record);
1492 if (IN_SET(t, USER_TEST_MAYBE, USER_TEST_UNDEFINED))
1493 break; /* And if the image path test isn't conclusive, let's also go on */
1494
1495 if (IN_SET(t, -EBADF, -ENOTDIR))
1496 return sd_bus_error_setf(error, BUS_ERROR_HOME_EXISTS, "Selected home image of user %s already exists or has wrong inode type.", h->user_name);
1497
1498 return sd_bus_error_setf(error, BUS_ERROR_HOME_EXISTS, "Selected home image of user %s already exists.", h->user_name);
1499 }
1500 case HOME_UNFIXATED:
1501 case HOME_DIRTY:
1502 return sd_bus_error_setf(error, BUS_ERROR_HOME_EXISTS, "Home of user %s already exists.", h->user_name);
1503 case HOME_ABSENT:
1504 break;
1505 case HOME_ACTIVE:
1506 case HOME_LINGERING:
1507 case HOME_LOCKED:
1508 default:
1509 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1510 }
1511
1512 if (h->record->enforce_password_policy == false)
1513 log_debug("Password quality check turned off for account, skipping.");
1514 else {
1515 r = user_record_check_password_quality(h->record, secret, error);
1516 if (r < 0)
1517 return r;
1518 }
1519
1520 r = home_start_work(h, "create", h->record, secret);
1521 if (r < 0)
1522 return r;
1523
1524 home_set_state(h, HOME_CREATING);
1525 return 0;
1526 }
1527
1528 int home_remove(Home *h, sd_bus_error *error) {
1529 HomeState state;
1530 int r;
1531
1532 assert(h);
1533
1534 state = home_get_state(h);
1535 switch (state) {
1536 case HOME_ABSENT: /* If the home directory is absent, then this is just like unregistering */
1537 return home_unregister(h, error);
1538 case HOME_LOCKED:
1539 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1540 case HOME_UNFIXATED:
1541 case HOME_INACTIVE:
1542 case HOME_DIRTY:
1543 break;
1544 case HOME_ACTIVE:
1545 case HOME_LINGERING:
1546 default:
1547 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1548 }
1549
1550 r = home_start_work(h, "remove", h->record, NULL);
1551 if (r < 0)
1552 return r;
1553
1554 home_set_state(h, HOME_REMOVING);
1555 return 0;
1556 }
1557
1558 static int user_record_extend_with_binding(UserRecord *hr, UserRecord *with_binding, UserRecordLoadFlags flags, UserRecord **ret) {
1559 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1560 _cleanup_(user_record_unrefp) UserRecord *nr = NULL;
1561 JsonVariant *binding;
1562 int r;
1563
1564 assert(hr);
1565 assert(with_binding);
1566 assert(ret);
1567
1568 assert_se(v = json_variant_ref(hr->json));
1569
1570 binding = json_variant_by_key(with_binding->json, "binding");
1571 if (binding) {
1572 r = json_variant_set_field(&v, "binding", binding);
1573 if (r < 0)
1574 return r;
1575 }
1576
1577 nr = user_record_new();
1578 if (!nr)
1579 return -ENOMEM;
1580
1581 r = user_record_load(nr, v, flags);
1582 if (r < 0)
1583 return r;
1584
1585 *ret = TAKE_PTR(nr);
1586 return 0;
1587 }
1588
1589 static int home_update_internal(
1590 Home *h,
1591 const char *verb,
1592 UserRecord *hr,
1593 UserRecord *secret,
1594 sd_bus_error *error) {
1595
1596 _cleanup_(user_record_unrefp) UserRecord *new_hr = NULL, *saved_secret = NULL, *signed_hr = NULL;
1597 int r, c;
1598
1599 assert(h);
1600 assert(verb);
1601 assert(hr);
1602
1603 if (!user_record_compatible(hr, h->record))
1604 return sd_bus_error_set(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Updated user record is not compatible with existing one.");
1605 c = user_record_compare_last_change(hr, h->record); /* refuse downgrades */
1606 if (c < 0)
1607 return sd_bus_error_set(error, BUS_ERROR_HOME_RECORD_DOWNGRADE, "Refusing to update to older home record.");
1608
1609 if (!secret && FLAGS_SET(hr->mask, USER_RECORD_SECRET)) {
1610 r = user_record_clone(hr, USER_RECORD_EXTRACT_SECRET|USER_RECORD_PERMISSIVE, &saved_secret);
1611 if (r < 0)
1612 return r;
1613
1614 secret = saved_secret;
1615 }
1616
1617 r = manager_verify_user_record(h->manager, hr);
1618 switch (r) {
1619
1620 case USER_RECORD_UNSIGNED:
1621 if (h->signed_locally <= 0) /* If the existing record is not owned by us, don't accept an
1622 * unsigned new record. i.e. only implicitly sign new records
1623 * that where previously signed by us too. */
1624 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1625
1626 /* The updated record is not signed, then do so now */
1627 r = manager_sign_user_record(h->manager, hr, &signed_hr, error);
1628 if (r < 0)
1629 return r;
1630
1631 hr = signed_hr;
1632 break;
1633
1634 case USER_RECORD_SIGNED_EXCLUSIVE:
1635 case USER_RECORD_SIGNED:
1636 case USER_RECORD_FOREIGN:
1637 /* Has already been signed. Great! */
1638 break;
1639
1640 case -ENOKEY:
1641 default:
1642 return r;
1643 }
1644
1645 r = user_record_extend_with_binding(hr, h->record, USER_RECORD_LOAD_MASK_SECRET|USER_RECORD_PERMISSIVE, &new_hr);
1646 if (r < 0)
1647 return r;
1648
1649 if (c == 0) {
1650 /* different payload but same lastChangeUSec field? That's not cool! */
1651
1652 r = user_record_masked_equal(new_hr, h->record, USER_RECORD_REGULAR|USER_RECORD_PRIVILEGED|USER_RECORD_PER_MACHINE);
1653 if (r < 0)
1654 return r;
1655 if (r == 0)
1656 return sd_bus_error_set(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Home record different but timestamp remained the same, refusing.");
1657 }
1658
1659 r = home_start_work(h, verb, new_hr, secret);
1660 if (r < 0)
1661 return r;
1662
1663 return 0;
1664 }
1665
1666 int home_update(Home *h, UserRecord *hr, sd_bus_error *error) {
1667 HomeState state;
1668 int r;
1669
1670 assert(h);
1671 assert(hr);
1672
1673 state = home_get_state(h);
1674 switch (state) {
1675 case HOME_UNFIXATED:
1676 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1677 case HOME_ABSENT:
1678 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1679 case HOME_LOCKED:
1680 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1681 case HOME_INACTIVE:
1682 case HOME_DIRTY:
1683 case HOME_ACTIVE:
1684 case HOME_LINGERING:
1685 break;
1686 default:
1687 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1688 }
1689
1690 r = home_ratelimit(h, error);
1691 if (r < 0)
1692 return r;
1693
1694 r = home_update_internal(h, "update", hr, NULL, error);
1695 if (r < 0)
1696 return r;
1697
1698 home_set_state(h, HOME_STATE_IS_ACTIVE(state) ? HOME_UPDATING_WHILE_ACTIVE : HOME_UPDATING);
1699 return 0;
1700 }
1701
1702 int home_resize(Home *h,
1703 uint64_t disk_size,
1704 UserRecord *secret,
1705 bool automatic,
1706 sd_bus_error *error) {
1707
1708 _cleanup_(user_record_unrefp) UserRecord *c = NULL;
1709 HomeState state;
1710 int r;
1711
1712 assert(h);
1713
1714 state = home_get_state(h);
1715 switch (state) {
1716 case HOME_UNFIXATED:
1717 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1718 case HOME_ABSENT:
1719 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1720 case HOME_LOCKED:
1721 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1722 case HOME_INACTIVE:
1723 case HOME_DIRTY:
1724 case HOME_ACTIVE:
1725 case HOME_LINGERING:
1726 break;
1727 default:
1728 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1729 }
1730
1731 r = home_ratelimit(h, error);
1732 if (r < 0)
1733 return r;
1734
1735 /* If the user didn't specify any size explicitly and rebalancing is on, then the disk size is
1736 * determined by automatic rebalancing and hence not user configured but determined by us and thus
1737 * applied anyway. */
1738 if (disk_size == UINT64_MAX && h->record->rebalance_weight != REBALANCE_WEIGHT_OFF)
1739 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Disk size is being determined by automatic disk space rebalancing.");
1740
1741 if (disk_size == UINT64_MAX || disk_size == h->record->disk_size) {
1742 if (h->record->disk_size == UINT64_MAX)
1743 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "No disk size to resize to specified.");
1744
1745 c = user_record_ref(h->record); /* Shortcut if size is unspecified or matches the record */
1746 } else {
1747 _cleanup_(user_record_unrefp) UserRecord *signed_c = NULL;
1748
1749 if (h->signed_locally <= 0) /* Don't allow changing of records not signed only by us */
1750 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1751
1752 r = user_record_clone(h->record, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE, &c);
1753 if (r < 0)
1754 return r;
1755
1756 r = user_record_set_disk_size(c, disk_size);
1757 if (r == -ERANGE)
1758 return sd_bus_error_setf(error, BUS_ERROR_BAD_HOME_SIZE, "Requested size for home %s out of acceptable range.", h->user_name);
1759 if (r < 0)
1760 return r;
1761
1762 /* If user picked an explicit size, then turn off rebalancing, so that we don't undo what user chose */
1763 r = user_record_set_rebalance_weight(c, REBALANCE_WEIGHT_OFF);
1764 if (r < 0)
1765 return r;
1766
1767 r = user_record_update_last_changed(c, false);
1768 if (r == -ECHRNG)
1769 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Record last change time of %s is newer than current time, cannot update.", h->user_name);
1770 if (r < 0)
1771 return r;
1772
1773 r = manager_sign_user_record(h->manager, c, &signed_c, error);
1774 if (r < 0)
1775 return r;
1776
1777 user_record_unref(c);
1778 c = TAKE_PTR(signed_c);
1779 }
1780
1781 r = home_update_internal(h, automatic ? "resize-auto" : "resize", c, secret, error);
1782 if (r < 0)
1783 return r;
1784
1785 home_set_state(h, HOME_STATE_IS_ACTIVE(state) ? HOME_RESIZING_WHILE_ACTIVE : HOME_RESIZING);
1786 return 0;
1787 }
1788
1789 static int home_may_change_password(
1790 Home *h,
1791 sd_bus_error *error) {
1792
1793 int r;
1794
1795 assert(h);
1796
1797 r = user_record_test_password_change_required(h->record);
1798 if (IN_SET(r, -EKEYREVOKED, -EOWNERDEAD, -EKEYEXPIRED, -ESTALE))
1799 return 0; /* expired in some form, but changing is allowed */
1800 if (IN_SET(r, -EKEYREJECTED, -EROFS))
1801 return sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Expiration settings of account %s do not allow changing of password.", h->user_name);
1802 if (r < 0)
1803 return log_error_errno(r, "Failed to test password expiry: %m");
1804
1805 return 0; /* not expired */
1806 }
1807
1808 int home_passwd(Home *h,
1809 UserRecord *new_secret,
1810 UserRecord *old_secret,
1811 sd_bus_error *error) {
1812
1813 _cleanup_(user_record_unrefp) UserRecord *c = NULL, *merged_secret = NULL, *signed_c = NULL;
1814 HomeState state;
1815 int r;
1816
1817 assert(h);
1818
1819 if (h->signed_locally <= 0) /* Don't allow changing of records not signed only by us */
1820 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1821
1822 state = home_get_state(h);
1823 switch (state) {
1824 case HOME_UNFIXATED:
1825 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1826 case HOME_ABSENT:
1827 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1828 case HOME_LOCKED:
1829 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1830 case HOME_INACTIVE:
1831 case HOME_DIRTY:
1832 case HOME_ACTIVE:
1833 case HOME_LINGERING:
1834 break;
1835 default:
1836 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1837 }
1838
1839 r = home_ratelimit(h, error);
1840 if (r < 0)
1841 return r;
1842
1843 r = home_may_change_password(h, error);
1844 if (r < 0)
1845 return r;
1846
1847 r = user_record_clone(h->record, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE, &c);
1848 if (r < 0)
1849 return r;
1850
1851 merged_secret = user_record_new();
1852 if (!merged_secret)
1853 return -ENOMEM;
1854
1855 r = user_record_merge_secret(merged_secret, old_secret);
1856 if (r < 0)
1857 return r;
1858
1859 r = user_record_merge_secret(merged_secret, new_secret);
1860 if (r < 0)
1861 return r;
1862
1863 if (!strv_isempty(new_secret->password)) {
1864 /* Update the password only if one is specified, otherwise let's just reuse the old password
1865 * data. This is useful as a way to propagate updated user records into the LUKS backends
1866 * properly. */
1867
1868 r = user_record_make_hashed_password(c, new_secret->password, /* extend = */ false);
1869 if (r < 0)
1870 return r;
1871
1872 r = user_record_set_password_change_now(c, -1 /* remove */);
1873 if (r < 0)
1874 return r;
1875 }
1876
1877 r = user_record_update_last_changed(c, true);
1878 if (r == -ECHRNG)
1879 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Record last change time of %s is newer than current time, cannot update.", h->user_name);
1880 if (r < 0)
1881 return r;
1882
1883 r = manager_sign_user_record(h->manager, c, &signed_c, error);
1884 if (r < 0)
1885 return r;
1886
1887 if (c->enforce_password_policy == false)
1888 log_debug("Password quality check turned off for account, skipping.");
1889 else {
1890 r = user_record_check_password_quality(c, merged_secret, error);
1891 if (r < 0)
1892 return r;
1893 }
1894
1895 r = home_update_internal(h, "passwd", signed_c, merged_secret, error);
1896 if (r < 0)
1897 return r;
1898
1899 home_set_state(h, HOME_STATE_IS_ACTIVE(state) ? HOME_PASSWD_WHILE_ACTIVE : HOME_PASSWD);
1900 return 0;
1901 }
1902
1903 int home_unregister(Home *h, sd_bus_error *error) {
1904 int r;
1905
1906 assert(h);
1907
1908 switch (home_get_state(h)) {
1909 case HOME_UNFIXATED:
1910 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s is not registered.", h->user_name);
1911 case HOME_LOCKED:
1912 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1913 case HOME_ABSENT:
1914 case HOME_INACTIVE:
1915 case HOME_DIRTY:
1916 break;
1917 case HOME_ACTIVE:
1918 case HOME_LINGERING:
1919 default:
1920 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1921 }
1922
1923 r = home_unlink_record(h);
1924 if (r < 0)
1925 return r;
1926
1927 /* And destroy the whole entry. The caller needs to be prepared for that. */
1928 h = home_free(h);
1929 return 1;
1930 }
1931
1932 int home_lock(Home *h, sd_bus_error *error) {
1933 int r;
1934
1935 assert(h);
1936
1937 switch (home_get_state(h)) {
1938 case HOME_UNFIXATED:
1939 case HOME_ABSENT:
1940 case HOME_INACTIVE:
1941 case HOME_DIRTY:
1942 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s is not active.", h->user_name);
1943 case HOME_LOCKED:
1944 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is already locked.", h->user_name);
1945 case HOME_ACTIVE:
1946 case HOME_LINGERING:
1947 break;
1948 default:
1949 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1950 }
1951
1952 r = home_start_work(h, "lock", h->record, NULL);
1953 if (r < 0)
1954 return r;
1955
1956 home_set_state(h, HOME_LOCKING);
1957 return 0;
1958 }
1959
1960 static int home_unlock_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1961 int r;
1962
1963 assert(h);
1964 assert(IN_SET(for_state, HOME_UNLOCKING, HOME_UNLOCKING_FOR_ACQUIRE));
1965
1966 r = home_start_work(h, "unlock", h->record, secret);
1967 if (r < 0)
1968 return r;
1969
1970 home_set_state(h, for_state);
1971 return 0;
1972 }
1973
1974 int home_unlock(Home *h, UserRecord *secret, sd_bus_error *error) {
1975 int r;
1976 assert(h);
1977
1978 r = home_ratelimit(h, error);
1979 if (r < 0)
1980 return r;
1981
1982 switch (home_get_state(h)) {
1983 case HOME_UNFIXATED:
1984 case HOME_ABSENT:
1985 case HOME_INACTIVE:
1986 case HOME_ACTIVE:
1987 case HOME_LINGERING:
1988 case HOME_DIRTY:
1989 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_LOCKED, "Home %s is not locked.", h->user_name);
1990 case HOME_LOCKED:
1991 break;
1992 default:
1993 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1994 }
1995
1996 return home_unlock_internal(h, secret, HOME_UNLOCKING, error);
1997 }
1998
1999 HomeState home_get_state(Home *h) {
2000 int r;
2001 assert(h);
2002
2003 /* When the state field is initialized, it counts. */
2004 if (h->state >= 0)
2005 return h->state;
2006
2007 /* Otherwise, let's see if the home directory is mounted. If so, we assume for sure the home
2008 * directory is active */
2009 if (user_record_test_home_directory(h->record) == USER_TEST_MOUNTED)
2010 return h->retry_deactivate_event_source ? HOME_LINGERING : HOME_ACTIVE;
2011
2012 /* And if we see the image being gone, we report this as absent */
2013 r = user_record_test_image_path(h->record);
2014 if (r == USER_TEST_ABSENT)
2015 return HOME_ABSENT;
2016 if (r == USER_TEST_DIRTY)
2017 return HOME_DIRTY;
2018
2019 /* And for all other cases we return "inactive". */
2020 return HOME_INACTIVE;
2021 }
2022
2023 void home_process_notify(Home *h, char **l, int fd) {
2024 _cleanup_close_ int taken_fd = TAKE_FD(fd);
2025 const char *e;
2026 int error;
2027 int r;
2028
2029 assert(h);
2030
2031 e = strv_env_get(l, "SYSTEMD_LUKS_LOCK_FD");
2032 if (e) {
2033 r = parse_boolean(e);
2034 if (r < 0)
2035 return (void) log_debug_errno(r, "Failed to parse SYSTEMD_LUKS_LOCK_FD value: %m");
2036 if (r > 0) {
2037 if (taken_fd < 0)
2038 return (void) log_debug("Got notify message with SYSTEMD_LUKS_LOCK_FD=1 but no fd passed, ignoring: %m");
2039
2040 close_and_replace(h->luks_lock_fd, taken_fd);
2041
2042 log_debug("Successfully acquired LUKS lock fd from worker.");
2043
2044 /* Immediately check if we actually want to keep it */
2045 home_maybe_close_luks_lock_fd(h, _HOME_STATE_INVALID);
2046 } else {
2047 if (taken_fd >= 0)
2048 return (void) log_debug("Got notify message with SYSTEMD_LUKS_LOCK_FD=0 but fd passed, ignoring: %m");
2049
2050 h->luks_lock_fd = safe_close(h->luks_lock_fd);
2051 }
2052
2053 return;
2054 }
2055
2056 e = strv_env_get(l, "ERRNO");
2057 if (!e)
2058 return (void) log_debug("Got notify message lacking both ERRNO= and SYSTEMD_LUKS_LOCK_FD= field, ignoring.");
2059
2060 r = safe_atoi(e, &error);
2061 if (r < 0)
2062 return (void) log_debug_errno(r, "Failed to parse received error number, ignoring: %s", e);
2063 if (error <= 0)
2064 return (void) log_debug("Error number is out of range: %i", error);
2065
2066 h->worker_error_code = error;
2067 }
2068
2069 int home_killall(Home *h) {
2070 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2071 _cleanup_free_ char *unit = NULL;
2072 int r;
2073
2074 assert(h);
2075
2076 if (!uid_is_valid(h->uid))
2077 return 0;
2078
2079 assert(h->uid > 0); /* We never should be UID 0 */
2080
2081 /* Let's kill everything matching the specified UID */
2082 r = safe_fork("(sd-killer)",
2083 FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_WAIT|FORK_LOG|FORK_REOPEN_LOG,
2084 NULL);
2085 if (r < 0)
2086 return r;
2087 if (r == 0) {
2088 gid_t gid;
2089
2090 /* Child */
2091
2092 gid = user_record_gid(h->record);
2093 if (setresgid(gid, gid, gid) < 0) {
2094 log_error_errno(errno, "Failed to change GID to " GID_FMT ": %m", gid);
2095 _exit(EXIT_FAILURE);
2096 }
2097
2098 if (setgroups(0, NULL) < 0) {
2099 log_error_errno(errno, "Failed to reset auxiliary groups list: %m");
2100 _exit(EXIT_FAILURE);
2101 }
2102
2103 if (setresuid(h->uid, h->uid, h->uid) < 0) {
2104 log_error_errno(errno, "Failed to change UID to " UID_FMT ": %m", h->uid);
2105 _exit(EXIT_FAILURE);
2106 }
2107
2108 if (kill(-1, SIGKILL) < 0) {
2109 log_error_errno(errno, "Failed to kill all processes of UID " UID_FMT ": %m", h->uid);
2110 _exit(EXIT_FAILURE);
2111 }
2112
2113 _exit(EXIT_SUCCESS);
2114 }
2115
2116 /* Let's also kill everything in the user's slice */
2117 if (asprintf(&unit, "user-" UID_FMT ".slice", h->uid) < 0)
2118 return log_oom();
2119
2120 r = bus_call_method(h->manager->bus, bus_systemd_mgr, "KillUnit", &error, NULL, "ssi", unit, "all", SIGKILL);
2121 if (r < 0)
2122 log_full_errno(sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_UNIT) ? LOG_DEBUG : LOG_WARNING,
2123 r, "Failed to kill login processes of user, ignoring: %s", bus_error_message(&error, r));
2124
2125 return 1;
2126 }
2127
2128 static int home_get_disk_status_luks(
2129 Home *h,
2130 HomeState state,
2131 uint64_t *ret_disk_size,
2132 uint64_t *ret_disk_usage,
2133 uint64_t *ret_disk_free,
2134 uint64_t *ret_disk_ceiling,
2135 uint64_t *ret_disk_floor,
2136 statfs_f_type_t *ret_fstype,
2137 mode_t *ret_access_mode) {
2138
2139 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX,
2140 disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX,
2141 stat_used = UINT64_MAX, fs_size = UINT64_MAX, header_size = 0;
2142 mode_t access_mode = MODE_INVALID;
2143 statfs_f_type_t fstype = 0;
2144 struct statfs sfs;
2145 struct stat st;
2146 const char *hd;
2147 int r;
2148
2149 assert(h);
2150
2151 if (state != HOME_ABSENT) {
2152 const char *ip;
2153
2154 ip = user_record_image_path(h->record);
2155 if (ip) {
2156 if (stat(ip, &st) < 0)
2157 log_debug_errno(errno, "Failed to stat() %s, ignoring: %m", ip);
2158 else if (S_ISREG(st.st_mode)) {
2159 _cleanup_free_ char *parent = NULL;
2160
2161 disk_size = st.st_size;
2162 stat_used = st.st_blocks * 512;
2163
2164 r = path_extract_directory(ip, &parent);
2165 if (r < 0)
2166 return log_error_errno(r, "Failed to extract parent directory from image path '%s': %m", ip);
2167
2168 if (statfs(parent, &sfs) < 0)
2169 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", parent);
2170 else
2171 disk_ceiling = stat_used + sfs.f_bsize * sfs.f_bavail;
2172
2173 } else if (S_ISBLK(st.st_mode)) {
2174 _cleanup_free_ char *szbuf = NULL;
2175 char p[SYS_BLOCK_PATH_MAX("/size")];
2176
2177 /* Let's read the size off sysfs, so that we don't have to open the device */
2178 xsprintf_sys_block_path(p, "/size", st.st_rdev);
2179 r = read_one_line_file(p, &szbuf);
2180 if (r < 0)
2181 log_debug_errno(r, "Failed to read %s, ignoring: %m", p);
2182 else {
2183 uint64_t sz;
2184
2185 r = safe_atou64(szbuf, &sz);
2186 if (r < 0)
2187 log_debug_errno(r, "Failed to parse %s, ignoring: %s", p, szbuf);
2188 else
2189 disk_size = sz * 512;
2190 }
2191 } else
2192 log_debug("Image path is not a block device or regular file, not able to acquire size.");
2193 }
2194 }
2195
2196 if (!HOME_STATE_IS_ACTIVE(state))
2197 goto finish;
2198
2199 hd = user_record_home_directory(h->record);
2200 if (!hd)
2201 goto finish;
2202
2203 if (stat(hd, &st) < 0) {
2204 log_debug_errno(errno, "Failed to stat() %s, ignoring: %m", hd);
2205 goto finish;
2206 }
2207
2208 r = stat_verify_directory(&st);
2209 if (r < 0) {
2210 log_debug_errno(r, "Home directory %s is not a directory, ignoring: %m", hd);
2211 goto finish;
2212 }
2213
2214 access_mode = st.st_mode & 07777;
2215
2216 if (statfs(hd, &sfs) < 0) {
2217 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", hd);
2218 goto finish;
2219 }
2220
2221 fstype = sfs.f_type;
2222
2223 disk_free = sfs.f_bsize * sfs.f_bavail;
2224 fs_size = sfs.f_bsize * sfs.f_blocks;
2225 if (disk_size != UINT64_MAX && disk_size > fs_size)
2226 header_size = disk_size - fs_size;
2227
2228 /* We take a perspective from the user here (as opposed to from the host): the used disk space is the
2229 * difference from the limit and what's free. This makes a difference if sparse mode is not used: in
2230 * that case the image is pre-allocated and thus appears all used from the host PoV but is not used
2231 * up at all yet from the user's PoV.
2232 *
2233 * That said, we use the stat() reported loopback file size as upper boundary: our footprint can
2234 * never be larger than what we take up on the lowest layers. */
2235
2236 if (disk_size != UINT64_MAX && disk_size > disk_free) {
2237 disk_usage = disk_size - disk_free;
2238
2239 if (stat_used != UINT64_MAX && disk_usage > stat_used)
2240 disk_usage = stat_used;
2241 } else
2242 disk_usage = stat_used;
2243
2244 /* If we have the magic, determine floor preferably by magic */
2245 disk_floor = minimal_size_by_fs_magic(sfs.f_type) + header_size;
2246
2247 finish:
2248 /* If we don't know the magic, go by file system name */
2249 if (disk_floor == UINT64_MAX)
2250 disk_floor = minimal_size_by_fs_name(user_record_file_system_type(h->record));
2251
2252 if (ret_disk_size)
2253 *ret_disk_size = disk_size;
2254 if (ret_disk_usage)
2255 *ret_disk_usage = disk_usage;
2256 if (ret_disk_free)
2257 *ret_disk_free = disk_free;
2258 if (ret_disk_ceiling)
2259 *ret_disk_ceiling = disk_ceiling;
2260 if (ret_disk_floor)
2261 *ret_disk_floor = disk_floor;
2262 if (ret_fstype)
2263 *ret_fstype = fstype;
2264 if (ret_access_mode)
2265 *ret_access_mode = access_mode;
2266
2267 return 0;
2268 }
2269
2270 static int home_get_disk_status_directory(
2271 Home *h,
2272 HomeState state,
2273 uint64_t *ret_disk_size,
2274 uint64_t *ret_disk_usage,
2275 uint64_t *ret_disk_free,
2276 uint64_t *ret_disk_ceiling,
2277 uint64_t *ret_disk_floor,
2278 statfs_f_type_t *ret_fstype,
2279 mode_t *ret_access_mode) {
2280
2281 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX,
2282 disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX;
2283 mode_t access_mode = MODE_INVALID;
2284 statfs_f_type_t fstype = 0;
2285 struct statfs sfs;
2286 struct dqblk req;
2287 const char *path = NULL;
2288 int r;
2289
2290 assert(h);
2291
2292 if (HOME_STATE_IS_ACTIVE(state))
2293 path = user_record_home_directory(h->record);
2294
2295 if (!path) {
2296 if (state == HOME_ABSENT)
2297 goto finish;
2298
2299 path = user_record_image_path(h->record);
2300 }
2301
2302 if (!path)
2303 goto finish;
2304
2305 if (statfs(path, &sfs) < 0)
2306 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", path);
2307 else {
2308 disk_free = sfs.f_bsize * sfs.f_bavail;
2309 disk_size = sfs.f_bsize * sfs.f_blocks;
2310
2311 /* We don't initialize disk_usage from statfs() data here, since the device is likely not used
2312 * by us alone, and disk_usage should only reflect our own use. */
2313
2314 fstype = sfs.f_type;
2315 }
2316
2317 if (IN_SET(h->record->storage, USER_CLASSIC, USER_DIRECTORY, USER_SUBVOLUME)) {
2318
2319 r = btrfs_is_subvol(path);
2320 if (r < 0)
2321 log_debug_errno(r, "Failed to determine whether %s is a btrfs subvolume: %m", path);
2322 else if (r > 0) {
2323 BtrfsQuotaInfo qi;
2324
2325 r = btrfs_subvol_get_subtree_quota(path, 0, &qi);
2326 if (r < 0)
2327 log_debug_errno(r, "Failed to query btrfs subtree quota, ignoring: %m");
2328 else {
2329 disk_usage = qi.referenced;
2330
2331 if (disk_free != UINT64_MAX) {
2332 disk_ceiling = qi.referenced + disk_free;
2333
2334 if (disk_size != UINT64_MAX && disk_ceiling > disk_size)
2335 disk_ceiling = disk_size;
2336 }
2337
2338 if (qi.referenced_max != UINT64_MAX) {
2339 if (disk_size != UINT64_MAX)
2340 disk_size = MIN(qi.referenced_max, disk_size);
2341 else
2342 disk_size = qi.referenced_max;
2343 }
2344
2345 if (disk_size != UINT64_MAX) {
2346 if (disk_size > disk_usage)
2347 disk_free = disk_size - disk_usage;
2348 else
2349 disk_free = 0;
2350 }
2351 }
2352
2353 goto finish;
2354 }
2355 }
2356
2357 if (IN_SET(h->record->storage, USER_CLASSIC, USER_DIRECTORY, USER_FSCRYPT)) {
2358 r = quotactl_path(QCMD_FIXED(Q_GETQUOTA, USRQUOTA), path, h->uid, &req);
2359 if (r < 0) {
2360 if (ERRNO_IS_NOT_SUPPORTED(r)) {
2361 log_debug_errno(r, "No UID quota support on %s.", path);
2362 goto finish;
2363 }
2364
2365 if (r != -ESRCH) {
2366 log_debug_errno(r, "Failed to query disk quota for UID " UID_FMT ": %m", h->uid);
2367 goto finish;
2368 }
2369
2370 disk_usage = 0; /* No record of this user? then nothing was used */
2371 } else {
2372 if (FLAGS_SET(req.dqb_valid, QIF_SPACE) && disk_free != UINT64_MAX) {
2373 disk_ceiling = req.dqb_curspace + disk_free;
2374
2375 if (disk_size != UINT64_MAX && disk_ceiling > disk_size)
2376 disk_ceiling = disk_size;
2377 }
2378
2379 if (FLAGS_SET(req.dqb_valid, QIF_BLIMITS)) {
2380 uint64_t q;
2381
2382 /* Take the minimum of the quota and the available disk space here */
2383 q = req.dqb_bhardlimit * QIF_DQBLKSIZE;
2384 if (disk_size != UINT64_MAX)
2385 disk_size = MIN(disk_size, q);
2386 else
2387 disk_size = q;
2388 }
2389 if (FLAGS_SET(req.dqb_valid, QIF_SPACE)) {
2390 disk_usage = req.dqb_curspace;
2391
2392 if (disk_size != UINT64_MAX) {
2393 if (disk_size > disk_usage)
2394 disk_free = disk_size - disk_usage;
2395 else
2396 disk_free = 0;
2397 }
2398 }
2399 }
2400 }
2401
2402 finish:
2403 if (ret_disk_size)
2404 *ret_disk_size = disk_size;
2405 if (ret_disk_usage)
2406 *ret_disk_usage = disk_usage;
2407 if (ret_disk_free)
2408 *ret_disk_free = disk_free;
2409 if (ret_disk_ceiling)
2410 *ret_disk_ceiling = disk_ceiling;
2411 if (ret_disk_floor)
2412 *ret_disk_floor = disk_floor;
2413 if (ret_fstype)
2414 *ret_fstype = fstype;
2415 if (ret_access_mode)
2416 *ret_access_mode = access_mode;
2417
2418 return 0;
2419 }
2420
2421 static int home_get_disk_status_internal(
2422 Home *h,
2423 HomeState state,
2424 uint64_t *ret_disk_size,
2425 uint64_t *ret_disk_usage,
2426 uint64_t *ret_disk_free,
2427 uint64_t *ret_disk_ceiling,
2428 uint64_t *ret_disk_floor,
2429 statfs_f_type_t *ret_fstype,
2430 mode_t *ret_access_mode) {
2431
2432 assert(h);
2433 assert(h->record);
2434
2435 switch (h->record->storage) {
2436
2437 case USER_LUKS:
2438 return home_get_disk_status_luks(h, state, ret_disk_size, ret_disk_usage, ret_disk_free, ret_disk_ceiling, ret_disk_floor, ret_fstype, ret_access_mode);
2439
2440 case USER_CLASSIC:
2441 case USER_DIRECTORY:
2442 case USER_SUBVOLUME:
2443 case USER_FSCRYPT:
2444 case USER_CIFS:
2445 return home_get_disk_status_directory(h, state, ret_disk_size, ret_disk_usage, ret_disk_free, ret_disk_ceiling, ret_disk_floor, ret_fstype, ret_access_mode);
2446
2447 default:
2448 /* don't know */
2449
2450 if (ret_disk_size)
2451 *ret_disk_size = UINT64_MAX;
2452 if (ret_disk_usage)
2453 *ret_disk_usage = UINT64_MAX;
2454 if (ret_disk_free)
2455 *ret_disk_free = UINT64_MAX;
2456 if (ret_disk_ceiling)
2457 *ret_disk_ceiling = UINT64_MAX;
2458 if (ret_disk_floor)
2459 *ret_disk_floor = UINT64_MAX;
2460 if (ret_fstype)
2461 *ret_fstype = 0;
2462 if (ret_access_mode)
2463 *ret_access_mode = MODE_INVALID;
2464
2465 return 0;
2466 }
2467 }
2468
2469 int home_get_disk_status(
2470 Home *h,
2471 uint64_t *ret_disk_size,
2472 uint64_t *ret_disk_usage,
2473 uint64_t *ret_disk_free,
2474 uint64_t *ret_disk_ceiling,
2475 uint64_t *ret_disk_floor,
2476 statfs_f_type_t *ret_fstype,
2477 mode_t *ret_access_mode) {
2478
2479 assert(h);
2480
2481 return home_get_disk_status_internal(
2482 h,
2483 home_get_state(h),
2484 ret_disk_size,
2485 ret_disk_usage,
2486 ret_disk_free,
2487 ret_disk_ceiling,
2488 ret_disk_floor,
2489 ret_fstype,
2490 ret_access_mode);
2491 }
2492
2493 int home_augment_status(
2494 Home *h,
2495 UserRecordLoadFlags flags,
2496 UserRecord **ret) {
2497
2498 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX, disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX;
2499 _cleanup_(json_variant_unrefp) JsonVariant *j = NULL, *v = NULL, *m = NULL, *status = NULL;
2500 _cleanup_(user_record_unrefp) UserRecord *ur = NULL;
2501 statfs_f_type_t magic;
2502 const char *fstype;
2503 mode_t access_mode;
2504 HomeState state;
2505 sd_id128_t id;
2506 int r;
2507
2508 assert(h);
2509 assert(ret);
2510
2511 /* We are supposed to add this, this can't be on hence. */
2512 assert(!FLAGS_SET(flags, USER_RECORD_STRIP_STATUS));
2513
2514 r = sd_id128_get_machine(&id);
2515 if (r < 0)
2516 return r;
2517
2518 state = home_get_state(h);
2519
2520 r = home_get_disk_status_internal(
2521 h, state,
2522 &disk_size,
2523 &disk_usage,
2524 &disk_free,
2525 &disk_ceiling,
2526 &disk_floor,
2527 &magic,
2528 &access_mode);
2529 if (r < 0)
2530 return r;
2531
2532 fstype = fs_type_to_string(magic);
2533
2534 if (disk_floor == UINT64_MAX || (disk_usage != UINT64_MAX && disk_floor < disk_usage))
2535 disk_floor = disk_usage;
2536 if (disk_floor == UINT64_MAX || disk_floor < USER_DISK_SIZE_MIN)
2537 disk_floor = USER_DISK_SIZE_MIN;
2538 if (disk_ceiling == UINT64_MAX || disk_ceiling > USER_DISK_SIZE_MAX)
2539 disk_ceiling = USER_DISK_SIZE_MAX;
2540
2541 r = json_build(&status,
2542 JSON_BUILD_OBJECT(
2543 JSON_BUILD_PAIR("state", JSON_BUILD_STRING(home_state_to_string(state))),
2544 JSON_BUILD_PAIR("service", JSON_BUILD_CONST_STRING("io.systemd.Home")),
2545 JSON_BUILD_PAIR_CONDITION(disk_size != UINT64_MAX, "diskSize", JSON_BUILD_UNSIGNED(disk_size)),
2546 JSON_BUILD_PAIR_CONDITION(disk_usage != UINT64_MAX, "diskUsage", JSON_BUILD_UNSIGNED(disk_usage)),
2547 JSON_BUILD_PAIR_CONDITION(disk_free != UINT64_MAX, "diskFree", JSON_BUILD_UNSIGNED(disk_free)),
2548 JSON_BUILD_PAIR_CONDITION(disk_ceiling != UINT64_MAX, "diskCeiling", JSON_BUILD_UNSIGNED(disk_ceiling)),
2549 JSON_BUILD_PAIR_CONDITION(disk_floor != UINT64_MAX, "diskFloor", JSON_BUILD_UNSIGNED(disk_floor)),
2550 JSON_BUILD_PAIR_CONDITION(h->signed_locally >= 0, "signedLocally", JSON_BUILD_BOOLEAN(h->signed_locally)),
2551 JSON_BUILD_PAIR_CONDITION(fstype, "fileSystemType", JSON_BUILD_STRING(fstype)),
2552 JSON_BUILD_PAIR_CONDITION(access_mode != MODE_INVALID, "accessMode", JSON_BUILD_UNSIGNED(access_mode))
2553 ));
2554 if (r < 0)
2555 return r;
2556
2557 j = json_variant_ref(h->record->json);
2558 v = json_variant_ref(json_variant_by_key(j, "status"));
2559 m = json_variant_ref(json_variant_by_key(v, SD_ID128_TO_STRING(id)));
2560
2561 r = json_variant_filter(&m, STRV_MAKE("diskSize", "diskUsage", "diskFree", "diskCeiling", "diskFloor", "signedLocally"));
2562 if (r < 0)
2563 return r;
2564
2565 r = json_variant_merge_object(&m, status);
2566 if (r < 0)
2567 return r;
2568
2569 r = json_variant_set_field(&v, SD_ID128_TO_STRING(id), m);
2570 if (r < 0)
2571 return r;
2572
2573 r = json_variant_set_field(&j, "status", v);
2574 if (r < 0)
2575 return r;
2576
2577 ur = user_record_new();
2578 if (!ur)
2579 return -ENOMEM;
2580
2581 r = user_record_load(ur, j, flags);
2582 if (r < 0)
2583 return r;
2584
2585 ur->incomplete =
2586 FLAGS_SET(h->record->mask, USER_RECORD_PRIVILEGED) &&
2587 !FLAGS_SET(ur->mask, USER_RECORD_PRIVILEGED);
2588
2589 *ret = TAKE_PTR(ur);
2590 return 0;
2591 }
2592
2593 static int on_home_ref_eof(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
2594 _cleanup_(operation_unrefp) Operation *o = NULL;
2595 Home *h = ASSERT_PTR(userdata);
2596
2597 assert(s);
2598
2599 if (h->ref_event_source_please_suspend == s)
2600 h->ref_event_source_please_suspend = sd_event_source_disable_unref(h->ref_event_source_please_suspend);
2601
2602 if (h->ref_event_source_dont_suspend == s)
2603 h->ref_event_source_dont_suspend = sd_event_source_disable_unref(h->ref_event_source_dont_suspend);
2604
2605 if (h->ref_event_source_dont_suspend || h->ref_event_source_please_suspend)
2606 return 0;
2607
2608 log_info("Got notification that all sessions of user %s ended, deactivating automatically.", h->user_name);
2609
2610 o = operation_new(OPERATION_PIPE_EOF, NULL);
2611 if (!o) {
2612 log_oom();
2613 return 0;
2614 }
2615
2616 home_schedule_operation(h, o, NULL);
2617 return 0;
2618 }
2619
2620 int home_create_fifo(Home *h, bool please_suspend) {
2621 _cleanup_close_ int ret_fd = -EBADF;
2622 sd_event_source **ss;
2623 const char *fn, *suffix;
2624 int r;
2625
2626 assert(h);
2627
2628 if (please_suspend) {
2629 suffix = ".please-suspend";
2630 ss = &h->ref_event_source_please_suspend;
2631 } else {
2632 suffix = ".dont-suspend";
2633 ss = &h->ref_event_source_dont_suspend;
2634 }
2635
2636 fn = strjoina("/run/systemd/home/", h->user_name, suffix);
2637
2638 if (!*ss) {
2639 _cleanup_close_ int ref_fd = -EBADF;
2640
2641 (void) mkdir("/run/systemd/home/", 0755);
2642 if (mkfifo(fn, 0600) < 0 && errno != EEXIST)
2643 return log_error_errno(errno, "Failed to create FIFO %s: %m", fn);
2644
2645 ref_fd = open(fn, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
2646 if (ref_fd < 0)
2647 return log_error_errno(errno, "Failed to open FIFO %s for reading: %m", fn);
2648
2649 r = sd_event_add_io(h->manager->event, ss, ref_fd, 0, on_home_ref_eof, h);
2650 if (r < 0)
2651 return log_error_errno(r, "Failed to allocate reference FIFO event source: %m");
2652
2653 (void) sd_event_source_set_description(*ss, "acquire-ref");
2654
2655 r = sd_event_source_set_priority(*ss, SD_EVENT_PRIORITY_IDLE-1);
2656 if (r < 0)
2657 return r;
2658
2659 r = sd_event_source_set_io_fd_own(*ss, true);
2660 if (r < 0)
2661 return log_error_errno(r, "Failed to pass ownership of FIFO event fd to event source: %m");
2662
2663 TAKE_FD(ref_fd);
2664 }
2665
2666 ret_fd = open(fn, O_WRONLY|O_CLOEXEC|O_NONBLOCK);
2667 if (ret_fd < 0)
2668 return log_error_errno(errno, "Failed to open FIFO %s for writing: %m", fn);
2669
2670 return TAKE_FD(ret_fd);
2671 }
2672
2673 static int home_dispatch_acquire(Home *h, Operation *o) {
2674 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2675 int (*call)(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) = NULL;
2676 HomeState for_state;
2677 int r;
2678
2679 assert(h);
2680 assert(o);
2681 assert(o->type == OPERATION_ACQUIRE);
2682
2683 switch (home_get_state(h)) {
2684
2685 case HOME_UNFIXATED:
2686 for_state = HOME_FIXATING_FOR_ACQUIRE;
2687 call = home_fixate_internal;
2688 break;
2689
2690 case HOME_ABSENT:
2691 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_ABSENT,
2692 "Home %s is currently missing or not plugged in.", h->user_name);
2693 goto check;
2694
2695 case HOME_INACTIVE:
2696 case HOME_DIRTY:
2697 for_state = HOME_ACTIVATING_FOR_ACQUIRE;
2698 call = home_activate_internal;
2699 break;
2700
2701 case HOME_ACTIVE:
2702 case HOME_LINGERING:
2703 for_state = HOME_AUTHENTICATING_FOR_ACQUIRE;
2704 call = home_authenticate_internal;
2705 break;
2706
2707 case HOME_LOCKED:
2708 for_state = HOME_UNLOCKING_FOR_ACQUIRE;
2709 call = home_unlock_internal;
2710 break;
2711
2712 default:
2713 /* All other cases means we are currently executing an operation, which means the job remains
2714 * pending. */
2715 return 0;
2716 }
2717
2718 assert(!h->current_operation);
2719
2720 r = home_ratelimit(h, &error);
2721 if (r >= 0)
2722 r = call(h, o->secret, for_state, &error);
2723
2724 check:
2725 if (r != 0) /* failure or completed */
2726 operation_result(o, r, &error);
2727 else /* ongoing */
2728 h->current_operation = operation_ref(o);
2729
2730 return 1;
2731 }
2732
2733 static int home_dispatch_release(Home *h, Operation *o) {
2734 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2735 int r;
2736
2737 assert(h);
2738 assert(o);
2739 assert(o->type == OPERATION_RELEASE);
2740
2741 if (h->ref_event_source_dont_suspend || h->ref_event_source_please_suspend)
2742 /* If there's now a reference again, then let's abort the release attempt */
2743 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_BUSY, "Home %s is currently referenced.", h->user_name);
2744 else {
2745 switch (home_get_state(h)) {
2746
2747 case HOME_UNFIXATED:
2748 case HOME_ABSENT:
2749 case HOME_INACTIVE:
2750 case HOME_DIRTY:
2751 r = 1; /* done */
2752 break;
2753
2754 case HOME_LOCKED:
2755 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
2756 break;
2757
2758 case HOME_ACTIVE:
2759 case HOME_LINGERING:
2760 r = home_deactivate_internal(h, false, &error);
2761 break;
2762
2763 default:
2764 /* All other cases means we are currently executing an operation, which means the job remains
2765 * pending. */
2766 return 0;
2767 }
2768 }
2769
2770 assert(!h->current_operation);
2771
2772 if (r != 0) /* failure or completed */
2773 operation_result(o, r, &error);
2774 else /* ongoing */
2775 h->current_operation = operation_ref(o);
2776
2777 return 1;
2778 }
2779
2780 static int home_dispatch_lock_all(Home *h, Operation *o) {
2781 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2782 int r;
2783
2784 assert(h);
2785 assert(o);
2786 assert(o->type == OPERATION_LOCK_ALL);
2787
2788 switch (home_get_state(h)) {
2789
2790 case HOME_UNFIXATED:
2791 case HOME_ABSENT:
2792 case HOME_INACTIVE:
2793 case HOME_DIRTY:
2794 log_info("Home %s is not active, no locking necessary.", h->user_name);
2795 r = 1; /* done */
2796 break;
2797
2798 case HOME_LOCKED:
2799 log_info("Home %s is already locked.", h->user_name);
2800 r = 1; /* done */
2801 break;
2802
2803 case HOME_ACTIVE:
2804 case HOME_LINGERING:
2805 log_info("Locking home %s.", h->user_name);
2806 r = home_lock(h, &error);
2807 break;
2808
2809 default:
2810 /* All other cases means we are currently executing an operation, which means the job remains
2811 * pending. */
2812 return 0;
2813 }
2814
2815 assert(!h->current_operation);
2816
2817 if (r != 0) /* failure or completed */
2818 operation_result(o, r, &error);
2819 else /* ongoing */
2820 h->current_operation = operation_ref(o);
2821
2822 return 1;
2823 }
2824
2825 static int home_dispatch_deactivate_all(Home *h, Operation *o) {
2826 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2827 int r;
2828
2829 assert(h);
2830 assert(o);
2831 assert(o->type == OPERATION_DEACTIVATE_ALL);
2832
2833 switch (home_get_state(h)) {
2834
2835 case HOME_UNFIXATED:
2836 case HOME_ABSENT:
2837 case HOME_INACTIVE:
2838 case HOME_DIRTY:
2839 log_info("Home %s is already deactivated.", h->user_name);
2840 r = 1; /* done */
2841 break;
2842
2843 case HOME_LOCKED:
2844 log_info("Home %s is currently locked, not deactivating.", h->user_name);
2845 r = 1; /* done */
2846 break;
2847
2848 case HOME_ACTIVE:
2849 case HOME_LINGERING:
2850 log_info("Deactivating home %s.", h->user_name);
2851 r = home_deactivate_internal(h, false, &error);
2852 break;
2853
2854 default:
2855 /* All other cases means we are currently executing an operation, which means the job remains
2856 * pending. */
2857 return 0;
2858 }
2859
2860 assert(!h->current_operation);
2861
2862 if (r != 0) /* failure or completed */
2863 operation_result(o, r, &error);
2864 else /* ongoing */
2865 h->current_operation = operation_ref(o);
2866
2867 return 1;
2868 }
2869
2870 static int home_dispatch_pipe_eof(Home *h, Operation *o) {
2871 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2872 int r;
2873
2874 assert(h);
2875 assert(o);
2876 assert(o->type == OPERATION_PIPE_EOF);
2877
2878 if (h->ref_event_source_please_suspend || h->ref_event_source_dont_suspend)
2879 return 1; /* Hmm, there's a reference again, let's cancel this */
2880
2881 switch (home_get_state(h)) {
2882
2883 case HOME_UNFIXATED:
2884 case HOME_ABSENT:
2885 case HOME_INACTIVE:
2886 case HOME_DIRTY:
2887 log_info("Home %s already deactivated, no automatic deactivation needed.", h->user_name);
2888 break;
2889
2890 case HOME_DEACTIVATING:
2891 log_info("Home %s is already being deactivated, automatic deactivated unnecessary.", h->user_name);
2892 break;
2893
2894 case HOME_ACTIVE:
2895 case HOME_LINGERING:
2896 r = home_deactivate_internal(h, false, &error);
2897 if (r < 0)
2898 log_warning_errno(r, "Failed to deactivate %s, ignoring: %s", h->user_name, bus_error_message(&error, r));
2899 break;
2900
2901 case HOME_LOCKED:
2902 default:
2903 /* If the device is locked or any operation is being executed, let's leave this pending */
2904 return 0;
2905 }
2906
2907 /* Note that we don't call operation_fail() or operation_success() here, because this kind of
2908 * operation has no message associated with it, and thus there's no need to propagate success. */
2909
2910 assert(!o->message);
2911 return 1;
2912 }
2913
2914 static int home_dispatch_deactivate_force(Home *h, Operation *o) {
2915 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2916 int r;
2917
2918 assert(h);
2919 assert(o);
2920 assert(o->type == OPERATION_DEACTIVATE_FORCE);
2921
2922 switch (home_get_state(h)) {
2923
2924 case HOME_UNFIXATED:
2925 case HOME_ABSENT:
2926 case HOME_INACTIVE:
2927 case HOME_DIRTY:
2928 log_debug("Home %s already deactivated, no forced deactivation due to unplug needed.", h->user_name);
2929 break;
2930
2931 case HOME_DEACTIVATING:
2932 log_debug("Home %s is already being deactivated, forced deactivation due to unplug unnecessary.", h->user_name);
2933 break;
2934
2935 case HOME_ACTIVE:
2936 case HOME_LOCKED:
2937 case HOME_LINGERING:
2938 r = home_deactivate_internal(h, true, &error);
2939 if (r < 0)
2940 log_warning_errno(r, "Failed to forcibly deactivate %s, ignoring: %s", h->user_name, bus_error_message(&error, r));
2941 break;
2942
2943 default:
2944 /* If any operation is being executed, let's leave this pending */
2945 return 0;
2946 }
2947
2948 /* Note that we don't call operation_fail() or operation_success() here, because this kind of
2949 * operation has no message associated with it, and thus there's no need to propagate success. */
2950
2951 assert(!o->message);
2952 return 1;
2953 }
2954
2955 static int on_pending(sd_event_source *s, void *userdata) {
2956 Home *h = ASSERT_PTR(userdata);
2957 Operation *o;
2958 int r;
2959
2960 assert(s);
2961
2962 o = ordered_set_first(h->pending_operations);
2963 if (o) {
2964 static int (* const operation_table[_OPERATION_MAX])(Home *h, Operation *o) = {
2965 [OPERATION_ACQUIRE] = home_dispatch_acquire,
2966 [OPERATION_RELEASE] = home_dispatch_release,
2967 [OPERATION_LOCK_ALL] = home_dispatch_lock_all,
2968 [OPERATION_DEACTIVATE_ALL] = home_dispatch_deactivate_all,
2969 [OPERATION_PIPE_EOF] = home_dispatch_pipe_eof,
2970 [OPERATION_DEACTIVATE_FORCE] = home_dispatch_deactivate_force,
2971 };
2972
2973 assert(operation_table[o->type]);
2974 r = operation_table[o->type](h, o);
2975 if (r != 0) {
2976 /* The operation completed, let's remove it from the pending list, and exit while
2977 * leaving the event source enabled as it is. */
2978 assert_se(ordered_set_remove(h->pending_operations, o) == o);
2979 operation_unref(o);
2980 return 0;
2981 }
2982 }
2983
2984 /* Nothing to do anymore, let's turn off this event source */
2985 r = sd_event_source_set_enabled(s, SD_EVENT_OFF);
2986 if (r < 0)
2987 return log_error_errno(r, "Failed to disable event source: %m");
2988
2989 /* No operations pending anymore, maybe this is a good time to trigger a rebalancing */
2990 manager_reschedule_rebalance(h->manager);
2991 return 0;
2992 }
2993
2994 int home_schedule_operation(Home *h, Operation *o, sd_bus_error *error) {
2995 int r;
2996
2997 assert(h);
2998
2999 if (o) {
3000 if (ordered_set_size(h->pending_operations) >= PENDING_OPERATIONS_MAX)
3001 return sd_bus_error_set(error, BUS_ERROR_TOO_MANY_OPERATIONS, "Too many client operations requested");
3002
3003 r = ordered_set_ensure_put(&h->pending_operations, &operation_hash_ops, o);
3004 if (r < 0)
3005 return r;
3006
3007 operation_ref(o);
3008 }
3009
3010 if (!h->pending_event_source) {
3011 r = sd_event_add_defer(h->manager->event, &h->pending_event_source, on_pending, h);
3012 if (r < 0)
3013 return log_error_errno(r, "Failed to allocate pending defer event source: %m");
3014
3015 (void) sd_event_source_set_description(h->pending_event_source, "pending");
3016
3017 r = sd_event_source_set_priority(h->pending_event_source, SD_EVENT_PRIORITY_IDLE);
3018 if (r < 0)
3019 return r;
3020 }
3021
3022 r = sd_event_source_set_enabled(h->pending_event_source, SD_EVENT_ON);
3023 if (r < 0)
3024 return log_error_errno(r, "Failed to trigger pending event source: %m");
3025
3026 return 0;
3027 }
3028
3029 static int home_get_image_path_seat(Home *h, char **ret) {
3030 _cleanup_(sd_device_unrefp) sd_device *d = NULL;
3031 _cleanup_free_ char *c = NULL;
3032 const char *ip, *seat;
3033 struct stat st;
3034 int r;
3035
3036 assert(h);
3037
3038 if (user_record_storage(h->record) != USER_LUKS)
3039 return -ENXIO;
3040
3041 ip = user_record_image_path(h->record);
3042 if (!ip)
3043 return -ENXIO;
3044
3045 if (!path_startswith(ip, "/dev/"))
3046 return -ENXIO;
3047
3048 if (stat(ip, &st) < 0)
3049 return -errno;
3050
3051 if (!S_ISBLK(st.st_mode))
3052 return -ENOTBLK;
3053
3054 r = sd_device_new_from_stat_rdev(&d, &st);
3055 if (r < 0)
3056 return r;
3057
3058 r = sd_device_get_property_value(d, "ID_SEAT", &seat);
3059 if (r == -ENOENT) /* no property means seat0 */
3060 seat = "seat0";
3061 else if (r < 0)
3062 return r;
3063
3064 c = strdup(seat);
3065 if (!c)
3066 return -ENOMEM;
3067
3068 *ret = TAKE_PTR(c);
3069 return 0;
3070 }
3071
3072 int home_auto_login(Home *h, char ***ret_seats) {
3073 _cleanup_free_ char *seat = NULL, *seat2 = NULL;
3074
3075 assert(h);
3076 assert(ret_seats);
3077
3078 (void) home_get_image_path_seat(h, &seat);
3079
3080 if (h->record->auto_login > 0 && !streq_ptr(seat, "seat0")) {
3081 /* For now, when the auto-login boolean is set for a user, let's make it mean
3082 * "seat0". Eventually we can extend the concept and allow configuration of any kind of seat,
3083 * but let's keep simple initially, most likely the feature is interesting on single-user
3084 * systems anyway, only.
3085 *
3086 * We filter out users marked for auto-login in we know for sure their home directory is
3087 * absent. */
3088
3089 if (user_record_test_image_path(h->record) != USER_TEST_ABSENT) {
3090 seat2 = strdup("seat0");
3091 if (!seat2)
3092 return -ENOMEM;
3093 }
3094 }
3095
3096 if (seat || seat2) {
3097 _cleanup_strv_free_ char **list = NULL;
3098 size_t i = 0;
3099
3100 list = new(char*, 3);
3101 if (!list)
3102 return -ENOMEM;
3103
3104 if (seat)
3105 list[i++] = TAKE_PTR(seat);
3106 if (seat2)
3107 list[i++] = TAKE_PTR(seat2);
3108
3109 list[i] = NULL;
3110 *ret_seats = TAKE_PTR(list);
3111 return 1;
3112 }
3113
3114 *ret_seats = NULL;
3115 return 0;
3116 }
3117
3118 int home_set_current_message(Home *h, sd_bus_message *m) {
3119 assert(h);
3120
3121 if (!m)
3122 return 0;
3123
3124 if (h->current_operation)
3125 return -EBUSY;
3126
3127 h->current_operation = operation_new(OPERATION_IMMEDIATE, m);
3128 if (!h->current_operation)
3129 return -ENOMEM;
3130
3131 return 1;
3132 }
3133
3134 int home_wait_for_worker(Home *h) {
3135 int r;
3136
3137 assert(h);
3138
3139 if (h->worker_pid <= 0)
3140 return 0;
3141
3142 log_info("Worker process for home %s is still running while exiting. Waiting for it to finish.", h->user_name);
3143
3144 r = wait_for_terminate_with_timeout(h->worker_pid, 30 * USEC_PER_SEC);
3145 if (r == -ETIMEDOUT)
3146 log_warning_errno(r, "Waiting for worker process for home %s timed out. Ignoring.", h->user_name);
3147 else
3148 log_warning_errno(r, "Failed to wait for worker process for home %s. Ignoring.", h->user_name);
3149
3150 (void) hashmap_remove_value(h->manager->homes_by_worker_pid, PID_TO_PTR(h->worker_pid), h);
3151 h->worker_pid = 0;
3152 return 1;
3153 }
3154
3155 bool home_shall_rebalance(Home *h) {
3156 HomeState state;
3157
3158 assert(h);
3159
3160 /* Determines if the home directory is a candidate for rebalancing */
3161
3162 if (!user_record_shall_rebalance(h->record))
3163 return false;
3164
3165 state = home_get_state(h);
3166 if (!HOME_STATE_SHALL_REBALANCE(state))
3167 return false;
3168
3169 return true;
3170 }
3171
3172 bool home_is_busy(Home *h) {
3173 assert(h);
3174
3175 if (h->current_operation)
3176 return true;
3177
3178 if (!ordered_set_isempty(h->pending_operations))
3179 return true;
3180
3181 return HOME_STATE_IS_EXECUTING_OPERATION(home_get_state(h));
3182 }
3183
3184 static const char* const home_state_table[_HOME_STATE_MAX] = {
3185 [HOME_UNFIXATED] = "unfixated",
3186 [HOME_ABSENT] = "absent",
3187 [HOME_INACTIVE] = "inactive",
3188 [HOME_DIRTY] = "dirty",
3189 [HOME_FIXATING] = "fixating",
3190 [HOME_FIXATING_FOR_ACTIVATION] = "fixating-for-activation",
3191 [HOME_FIXATING_FOR_ACQUIRE] = "fixating-for-acquire",
3192 [HOME_ACTIVATING] = "activating",
3193 [HOME_ACTIVATING_FOR_ACQUIRE] = "activating-for-acquire",
3194 [HOME_DEACTIVATING] = "deactivating",
3195 [HOME_ACTIVE] = "active",
3196 [HOME_LINGERING] = "lingering",
3197 [HOME_LOCKING] = "locking",
3198 [HOME_LOCKED] = "locked",
3199 [HOME_UNLOCKING] = "unlocking",
3200 [HOME_UNLOCKING_FOR_ACQUIRE] = "unlocking-for-acquire",
3201 [HOME_CREATING] = "creating",
3202 [HOME_REMOVING] = "removing",
3203 [HOME_UPDATING] = "updating",
3204 [HOME_UPDATING_WHILE_ACTIVE] = "updating-while-active",
3205 [HOME_RESIZING] = "resizing",
3206 [HOME_RESIZING_WHILE_ACTIVE] = "resizing-while-active",
3207 [HOME_PASSWD] = "passwd",
3208 [HOME_PASSWD_WHILE_ACTIVE] = "passwd-while-active",
3209 [HOME_AUTHENTICATING] = "authenticating",
3210 [HOME_AUTHENTICATING_WHILE_ACTIVE] = "authenticating-while-active",
3211 [HOME_AUTHENTICATING_FOR_ACQUIRE] = "authenticating-for-acquire",
3212 };
3213
3214 DEFINE_STRING_TABLE_LOOKUP(home_state, HomeState);
Unnamed repository; edit this file 'description' to name the repository.