1 /* SPDX-License-Identifier: LGPL-2.1+ */
4 #include <linux/memfd.h>
11 #include "blockdev-util.h"
12 #include "btrfs-util.h"
13 #include "bus-common-errors.h"
15 #include "errno-list.h"
16 #include "errno-util.h"
19 #include "home-util.h"
20 #include "homed-home-bus.h"
21 #include "homed-home.h"
22 #include "missing_syscall.h"
24 #include "path-util.h"
25 #include "process-util.h"
26 #include "pwquality-util.h"
27 #include "quota-util.h"
28 #include "resize-fs.h"
30 #include "signal-util.h"
31 #include "stat-util.h"
32 #include "string-table.h"
34 #include "user-record-sign.h"
35 #include "user-record-util.h"
36 #include "user-record-pwquality.h"
37 #include "user-record.h"
38 #include "user-util.h"
40 #define HOME_USERS_MAX 500
41 #define PENDING_OPERATIONS_MAX 100
43 assert_cc(HOME_UID_MIN
<= HOME_UID_MAX
);
44 assert_cc(HOME_USERS_MAX
<= (HOME_UID_MAX
- HOME_UID_MIN
+ 1));
46 static int home_start_work(Home
*h
, const char *verb
, UserRecord
*hr
, UserRecord
*secret
);
48 DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(operation_hash_ops
, void, trivial_hash_func
, trivial_compare_func
, Operation
, operation_unref
);
50 static int suitable_home_record(UserRecord
*hr
) {
58 /* We are a bit more restrictive with what we accept as homed-managed user than what we accept in
59 * home records in general. Let's enforce the stricter rule here. */
60 if (!suitable_user_name(hr
->user_name
))
62 if (!uid_is_valid(hr
->uid
))
65 /* Insist we are outside of the dynamic and system range */
66 if (uid_is_system(hr
->uid
) || gid_is_system(user_record_gid(hr
)) ||
67 uid_is_dynamic(hr
->uid
) || gid_is_dynamic(user_record_gid(hr
)))
68 return -EADDRNOTAVAIL
;
70 /* Insist that GID and UID match */
71 if (user_record_gid(hr
) != (gid_t
) hr
->uid
)
74 /* Similar for the realm */
76 r
= suitable_realm(hr
->realm
);
86 int home_new(Manager
*m
, UserRecord
*hr
, const char *sysfs
, Home
**ret
) {
87 _cleanup_(home_freep
) Home
*home
= NULL
;
88 _cleanup_free_
char *nm
= NULL
, *ns
= NULL
;
94 r
= suitable_home_record(hr
);
98 if (hashmap_contains(m
->homes_by_name
, hr
->user_name
))
101 if (hashmap_contains(m
->homes_by_uid
, UID_TO_PTR(hr
->uid
)))
104 if (sysfs
&& hashmap_contains(m
->homes_by_sysfs
, sysfs
))
107 if (hashmap_size(m
->homes_by_name
) >= HOME_USERS_MAX
)
110 nm
= strdup(hr
->user_name
);
126 .user_name
= TAKE_PTR(nm
),
128 .state
= _HOME_STATE_INVALID
,
129 .worker_stdout_fd
= -1,
130 .sysfs
= TAKE_PTR(ns
),
131 .signed_locally
= -1,
134 r
= hashmap_put(m
->homes_by_name
, home
->user_name
, home
);
138 r
= hashmap_put(m
->homes_by_uid
, UID_TO_PTR(home
->uid
), home
);
143 r
= hashmap_put(m
->homes_by_sysfs
, home
->sysfs
, home
);
148 r
= user_record_clone(hr
, USER_RECORD_LOAD_MASK_SECRET
, &home
->record
);
152 (void) bus_manager_emit_auto_login_changed(m
);
153 (void) bus_home_emit_change(home
);
156 *ret
= TAKE_PTR(home
);
163 Home
*home_free(Home
*h
) {
169 (void) bus_home_emit_remove(h
);
170 (void) bus_manager_emit_auto_login_changed(h
->manager
);
173 (void) hashmap_remove_value(h
->manager
->homes_by_name
, h
->user_name
, h
);
175 if (uid_is_valid(h
->uid
))
176 (void) hashmap_remove_value(h
->manager
->homes_by_uid
, UID_TO_PTR(h
->uid
), h
);
179 (void) hashmap_remove_value(h
->manager
->homes_by_sysfs
, h
->sysfs
, h
);
181 if (h
->worker_pid
> 0)
182 (void) hashmap_remove_value(h
->manager
->homes_by_worker_pid
, PID_TO_PTR(h
->worker_pid
), h
);
184 if (h
->manager
->gc_focus
== h
)
185 h
->manager
->gc_focus
= NULL
;
188 user_record_unref(h
->record
);
189 user_record_unref(h
->secret
);
191 h
->worker_event_source
= sd_event_source_unref(h
->worker_event_source
);
192 safe_close(h
->worker_stdout_fd
);
196 h
->ref_event_source_please_suspend
= sd_event_source_unref(h
->ref_event_source_please_suspend
);
197 h
->ref_event_source_dont_suspend
= sd_event_source_unref(h
->ref_event_source_dont_suspend
);
199 h
->pending_operations
= ordered_set_free(h
->pending_operations
);
200 h
->pending_event_source
= sd_event_source_unref(h
->pending_event_source
);
201 h
->deferred_change_event_source
= sd_event_source_unref(h
->deferred_change_event_source
);
203 h
->current_operation
= operation_unref(h
->current_operation
);
208 int home_set_record(Home
*h
, UserRecord
*hr
) {
209 _cleanup_(user_record_unrefp
) UserRecord
*new_hr
= NULL
;
214 assert(h
->user_name
);
218 if (user_record_equal(h
->record
, hr
))
221 r
= suitable_home_record(hr
);
225 if (!user_record_compatible(h
->record
, hr
))
228 if (!FLAGS_SET(hr
->mask
, USER_RECORD_REGULAR
) ||
229 FLAGS_SET(hr
->mask
, USER_RECORD_SECRET
))
232 if (FLAGS_SET(h
->record
->mask
, USER_RECORD_STATUS
)) {
233 _cleanup_(json_variant_unrefp
) JsonVariant
*v
= NULL
;
235 /* Hmm, the existing record has status fields? If so, copy them over */
237 v
= json_variant_ref(hr
->json
);
238 r
= json_variant_set_field(&v
, "status", json_variant_by_key(h
->record
->json
, "status"));
242 new_hr
= user_record_new();
246 r
= user_record_load(new_hr
, v
, USER_RECORD_LOAD_REFUSE_SECRET
);
253 other
= hashmap_get(h
->manager
->homes_by_uid
, UID_TO_PTR(hr
->uid
));
254 if (other
&& other
!= h
)
257 if (h
->uid
!= hr
->uid
) {
258 r
= hashmap_remove_and_replace(h
->manager
->homes_by_uid
, UID_TO_PTR(h
->uid
), UID_TO_PTR(hr
->uid
), h
);
263 user_record_unref(h
->record
);
264 h
->record
= user_record_ref(hr
);
265 h
->uid
= h
->record
->uid
;
267 /* The updated record might have a different autologin setting, trigger a PropertiesChanged event for it */
268 (void) bus_manager_emit_auto_login_changed(h
->manager
);
269 (void) bus_home_emit_change(h
);
274 int home_save_record(Home
*h
) {
275 _cleanup_(json_variant_unrefp
) JsonVariant
*v
= NULL
;
276 _cleanup_free_
char *text
= NULL
;
282 v
= json_variant_ref(h
->record
->json
);
283 r
= json_variant_normalize(&v
);
285 log_warning_errno(r
, "User record could not be normalized.");
287 r
= json_variant_format(v
, JSON_FORMAT_PRETTY
|JSON_FORMAT_NEWLINE
, &text
);
291 (void) mkdir("/var/lib/systemd/", 0755);
292 (void) mkdir("/var/lib/systemd/home/", 0700);
294 fn
= strjoina("/var/lib/systemd/home/", h
->user_name
, ".identity");
296 r
= write_string_file(fn
, text
, WRITE_STRING_FILE_ATOMIC
|WRITE_STRING_FILE_CREATE
|WRITE_STRING_FILE_MODE_0600
|WRITE_STRING_FILE_SYNC
);
303 int home_unlink_record(Home
*h
) {
308 fn
= strjoina("/var/lib/systemd/home/", h
->user_name
, ".identity");
309 if (unlink(fn
) < 0 && errno
!= ENOENT
)
312 fn
= strjoina("/run/systemd/home/", h
->user_name
, ".ref");
313 if (unlink(fn
) < 0 && errno
!= ENOENT
)
319 static void home_set_state(Home
*h
, HomeState state
) {
320 HomeState old_state
, new_state
;
324 old_state
= home_get_state(h
);
326 new_state
= home_get_state(h
); /* Query the new state, since the 'state' variable might be set to -1,
327 * in which case we synthesize an high-level state on demand */
329 log_info("%s: changing state %s → %s", h
->user_name
,
330 home_state_to_string(old_state
),
331 home_state_to_string(new_state
));
333 if (HOME_STATE_IS_EXECUTING_OPERATION(old_state
) && !HOME_STATE_IS_EXECUTING_OPERATION(new_state
)) {
334 /* If we just finished executing some operation, process the queue of pending operations. And
335 * enqueue it for GC too. */
337 home_schedule_operation(h
, NULL
, NULL
);
338 manager_enqueue_gc(h
->manager
, h
);
342 static int home_parse_worker_stdout(int _fd
, UserRecord
**ret
) {
343 _cleanup_(json_variant_unrefp
) JsonVariant
*v
= NULL
;
344 _cleanup_close_
int fd
= _fd
; /* take possession, even on failure */
345 _cleanup_(user_record_unrefp
) UserRecord
*hr
= NULL
;
346 _cleanup_fclose_
FILE *f
= NULL
;
347 unsigned line
, column
;
351 if (fstat(fd
, &st
) < 0)
352 return log_error_errno(errno
, "Failed to stat stdout fd: %m");
354 assert(S_ISREG(st
.st_mode
));
356 if (st
.st_size
== 0) { /* empty record */
361 if (lseek(fd
, SEEK_SET
, 0) == (off_t
) -1)
362 return log_error_errno(errno
, "Failed to seek to beginning of memfd: %m");
364 f
= take_fdopen(&fd
, "r");
366 return log_error_errno(errno
, "Failed to reopen memfd: %m");
369 _cleanup_free_
char *text
= NULL
;
371 r
= read_full_stream(f
, &text
, NULL
);
373 return log_error_errno(r
, "Failed to read from client: %m");
375 log_debug("Got from worker: %s", text
);
379 r
= json_parse_file(f
, "stdout", JSON_PARSE_SENSITIVE
, &v
, &line
, &column
);
381 return log_error_errno(r
, "Failed to parse identity at %u:%u: %m", line
, column
);
383 hr
= user_record_new();
387 r
= user_record_load(hr
, v
, USER_RECORD_LOAD_REFUSE_SECRET
);
389 return log_error_errno(r
, "Failed to load home record identity: %m");
395 static int home_verify_user_record(Home
*h
, UserRecord
*hr
, bool *ret_signed_locally
, sd_bus_error
*ret_error
) {
400 assert(ret_signed_locally
);
402 is_signed
= manager_verify_user_record(h
->manager
, hr
);
405 case USER_RECORD_SIGNED_EXCLUSIVE
:
406 log_info("Home %s is signed exclusively by our key, accepting.", hr
->user_name
);
407 *ret_signed_locally
= true;
410 case USER_RECORD_SIGNED
:
411 log_info("Home %s is signed by our key (and others), accepting.", hr
->user_name
);
412 *ret_signed_locally
= false;
415 case USER_RECORD_FOREIGN
:
416 log_info("Home %s is signed by foreign key we like, accepting.", hr
->user_name
);
417 *ret_signed_locally
= false;
420 case USER_RECORD_UNSIGNED
:
421 sd_bus_error_setf(ret_error
, BUS_ERROR_BAD_SIGNATURE
, "User record %s is not signed at all, refusing.", hr
->user_name
);
422 return log_error_errno(SYNTHETIC_ERRNO(EPERM
), "Home %s contains user record that is not signed at all, refusing.", hr
->user_name
);
425 sd_bus_error_setf(ret_error
, BUS_ERROR_BAD_SIGNATURE
, "User record %s is not signed by any known key, refusing.", hr
->user_name
);
426 return log_error_errno(is_signed
, "Home %s contains user record that is not signed by any known key, refusing.", hr
->user_name
);
429 assert(is_signed
< 0);
430 return log_error_errno(is_signed
, "Failed to verify signature on user record for %s, refusing fixation: %m", hr
->user_name
);
434 static int convert_worker_errno(Home
*h
, int e
, sd_bus_error
*error
) {
435 /* Converts the error numbers the worker process returned into somewhat sensible dbus errors */
440 return sd_bus_error_setf(error
, BUS_ERROR_BAD_HOME_SIZE
, "File systems of this type cannot be shrunk");
442 return sd_bus_error_setf(error
, BUS_ERROR_BAD_HOME_SIZE
, "File systems of this type can only be shrunk offline");
444 return sd_bus_error_setf(error
, BUS_ERROR_BAD_HOME_SIZE
, "File system size too small");
446 return sd_bus_error_setf(error
, SD_BUS_ERROR_NOT_SUPPORTED
, "System does not support selected storage backend");
447 case -EPROTONOSUPPORT
:
448 return sd_bus_error_setf(error
, SD_BUS_ERROR_NOT_SUPPORTED
, "System does not support selected file system");
450 return sd_bus_error_setf(error
, SD_BUS_ERROR_NOT_SUPPORTED
, "Operation not supported on storage backend");
451 case -ESOCKTNOSUPPORT
:
452 return sd_bus_error_setf(error
, SD_BUS_ERROR_NOT_SUPPORTED
, "Operation not supported on file system");
454 return sd_bus_error_setf(error
, BUS_ERROR_BAD_PASSWORD
, "Password for home %s is incorrect or not sufficient for authentication.", h
->user_name
);
456 return sd_bus_error_setf(error
, BUS_ERROR_BAD_PASSWORD_AND_NO_TOKEN
, "Password for home %s is incorrect or not sufficient, and configured security token not found either.", h
->user_name
);
458 return sd_bus_error_setf(error
, BUS_ERROR_BAD_RECOVERY_KEY
, "Recovery key for home %s is incorrect or not sufficient for authentication.", h
->user_name
);
460 return sd_bus_error_setf(error
, BUS_ERROR_TOKEN_PIN_NEEDED
, "PIN for security token required.");
462 return sd_bus_error_setf(error
, BUS_ERROR_TOKEN_PROTECTED_AUTHENTICATION_PATH_NEEDED
, "Security token requires protected authentication path.");
464 return sd_bus_error_setf(error
, BUS_ERROR_TOKEN_USER_PRESENCE_NEEDED
, "Security token requires user presence.");
466 return sd_bus_error_setf(error
, BUS_ERROR_TOKEN_ACTION_TIMEOUT
, "Token action timeout. (User was supposed to verify presence or similar, by interacting with the token, and didn't do that in time.)");
468 return sd_bus_error_setf(error
, BUS_ERROR_TOKEN_PIN_LOCKED
, "PIN of security token locked.");
470 return sd_bus_error_setf(error
, BUS_ERROR_TOKEN_BAD_PIN
, "Bad PIN of security token.");
472 return sd_bus_error_setf(error
, BUS_ERROR_TOKEN_BAD_PIN_FEW_TRIES_LEFT
, "Bad PIN of security token, and only a few tries left.");
474 return sd_bus_error_setf(error
, BUS_ERROR_TOKEN_BAD_PIN_ONE_TRY_LEFT
, "Bad PIN of security token, and only one try left.");
476 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "Home %s is currently being used, or an operation on home %s is currently being executed.", h
->user_name
, h
->user_name
);
478 return sd_bus_error_setf(error
, BUS_ERROR_HOME_NOT_ACTIVE
, "Home %s is currently not active", h
->user_name
);
480 return sd_bus_error_setf(error
, BUS_ERROR_NO_DISK_SPACE
, "Not enough disk space for home %s", h
->user_name
);
482 return sd_bus_error_setf(error
, BUS_ERROR_HOME_CANT_AUTHENTICATE
, "Home %s has no password or other authentication mechanism defined.", h
->user_name
);
488 static void home_count_bad_authentication(Home
*h
, bool save
) {
493 r
= user_record_bad_authentication(h
->record
);
495 log_warning_errno(r
, "Failed to increase bad authentication counter, ignoring: %m");
500 r
= home_save_record(h
);
502 log_warning_errno(r
, "Failed to write home record to disk, ignoring: %m");
506 static void home_fixate_finish(Home
*h
, int ret
, UserRecord
*hr
) {
507 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
508 _cleanup_(user_record_unrefp
) UserRecord
*secret
= NULL
;
513 assert(IN_SET(h
->state
, HOME_FIXATING
, HOME_FIXATING_FOR_ACTIVATION
, HOME_FIXATING_FOR_ACQUIRE
));
515 secret
= TAKE_PTR(h
->secret
); /* Take possession */
519 (void) home_count_bad_authentication(h
, false);
521 (void) convert_worker_errno(h
, ret
, &error
);
522 r
= log_error_errno(ret
, "Fixation failed: %m");
526 r
= log_error_errno(SYNTHETIC_ERRNO(EIO
), "Did not receive user record from worker process, fixation failed.");
530 r
= home_verify_user_record(h
, hr
, &signed_locally
, &error
);
534 r
= home_set_record(h
, hr
);
536 log_error_errno(r
, "Failed to update home record: %m");
540 h
->signed_locally
= signed_locally
;
542 /* When we finished fixating (and don't follow-up with activation), let's count this as good authentication */
543 if (h
->state
== HOME_FIXATING
) {
544 r
= user_record_good_authentication(h
->record
);
546 log_warning_errno(r
, "Failed to increase good authentication counter, ignoring: %m");
549 r
= home_save_record(h
);
551 log_warning_errno(r
, "Failed to write home record to disk, ignoring: %m");
553 if (IN_SET(h
->state
, HOME_FIXATING_FOR_ACTIVATION
, HOME_FIXATING_FOR_ACQUIRE
)) {
555 r
= home_start_work(h
, "activate", h
->record
, secret
);
557 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, NULL
);
558 home_set_state(h
, _HOME_STATE_INVALID
);
560 home_set_state(h
, h
->state
== HOME_FIXATING_FOR_ACTIVATION
? HOME_ACTIVATING
: HOME_ACTIVATING_FOR_ACQUIRE
);
565 log_debug("Fixation of %s completed.", h
->user_name
);
567 h
->current_operation
= operation_result_unref(h
->current_operation
, 0, NULL
);
569 /* Reset the state to "invalid", which makes home_get_state() test if the image exists and returns
570 * HOME_ABSENT vs. HOME_INACTIVE as necessary. */
571 home_set_state(h
, _HOME_STATE_INVALID
);
575 /* If fixation fails, we stay in unfixated state! */
576 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
577 home_set_state(h
, HOME_UNFIXATED
);
580 static void home_activate_finish(Home
*h
, int ret
, UserRecord
*hr
) {
581 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
585 assert(IN_SET(h
->state
, HOME_ACTIVATING
, HOME_ACTIVATING_FOR_ACQUIRE
));
589 home_count_bad_authentication(h
, true);
591 (void) convert_worker_errno(h
, ret
, &error
);
592 r
= log_error_errno(ret
, "Activation failed: %m");
599 r
= home_verify_user_record(h
, hr
, &signed_locally
, &error
);
603 r
= home_set_record(h
, hr
);
605 log_error_errno(r
, "Failed to update home record, ignoring: %m");
609 h
->signed_locally
= signed_locally
;
611 r
= user_record_good_authentication(h
->record
);
613 log_warning_errno(r
, "Failed to increase good authentication counter, ignoring: %m");
615 r
= home_save_record(h
);
617 log_warning_errno(r
, "Failed to write home record to disk, ignoring: %m");
620 log_debug("Activation of %s completed.", h
->user_name
);
624 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
625 home_set_state(h
, _HOME_STATE_INVALID
);
628 static void home_deactivate_finish(Home
*h
, int ret
, UserRecord
*hr
) {
629 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
633 assert(h
->state
== HOME_DEACTIVATING
);
634 assert(!hr
); /* We don't expect a record on this operation */
637 (void) convert_worker_errno(h
, ret
, &error
);
638 r
= log_error_errno(ret
, "Deactivation of %s failed: %m", h
->user_name
);
642 log_debug("Deactivation of %s completed.", h
->user_name
);
646 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
647 home_set_state(h
, _HOME_STATE_INVALID
);
650 static void home_remove_finish(Home
*h
, int ret
, UserRecord
*hr
) {
651 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
656 assert(h
->state
== HOME_REMOVING
);
657 assert(!hr
); /* We don't expect a record on this operation */
661 if (ret
< 0 && ret
!= -EALREADY
) {
662 (void) convert_worker_errno(h
, ret
, &error
);
663 r
= log_error_errno(ret
, "Removing %s failed: %m", h
->user_name
);
667 /* For a couple of storage types we can't delete the actual data storage when called (such as LUKS on
668 * partitions like USB sticks, or so). Sometimes these storage locations are among those we normally
669 * automatically discover in /home or in udev. When such a home is deleted let's hence issue a rescan
670 * after completion, so that "unfixated" entries are rediscovered. */
671 if (!IN_SET(user_record_test_image_path(h
->record
), USER_TEST_UNDEFINED
, USER_TEST_ABSENT
))
672 manager_enqueue_rescan(m
);
674 /* The image is now removed from disk. Now also remove our stored record */
675 r
= home_unlink_record(h
);
677 log_error_errno(r
, "Removing record file failed: %m");
681 log_debug("Removal of %s completed.", h
->user_name
);
682 h
->current_operation
= operation_result_unref(h
->current_operation
, 0, NULL
);
684 /* Unload this record from memory too now. */
689 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
690 home_set_state(h
, _HOME_STATE_INVALID
);
693 static void home_create_finish(Home
*h
, int ret
, UserRecord
*hr
) {
697 assert(h
->state
== HOME_CREATING
);
700 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
702 (void) convert_worker_errno(h
, ret
, &error
);
703 log_error_errno(ret
, "Operation on %s failed: %m", h
->user_name
);
704 h
->current_operation
= operation_result_unref(h
->current_operation
, ret
, &error
);
706 if (h
->unregister_on_failure
) {
707 (void) home_unlink_record(h
);
712 home_set_state(h
, _HOME_STATE_INVALID
);
717 r
= home_set_record(h
, hr
);
719 log_warning_errno(r
, "Failed to update home record, ignoring: %m");
722 r
= home_save_record(h
);
724 log_warning_errno(r
, "Failed to save record to disk, ignoring: %m");
726 log_debug("Creation of %s completed.", h
->user_name
);
728 h
->current_operation
= operation_result_unref(h
->current_operation
, 0, NULL
);
729 home_set_state(h
, _HOME_STATE_INVALID
);
732 static void home_change_finish(Home
*h
, int ret
, UserRecord
*hr
) {
733 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
740 (void) home_count_bad_authentication(h
, true);
742 (void) convert_worker_errno(h
, ret
, &error
);
743 r
= log_error_errno(ret
, "Change operation failed: %m");
748 r
= home_set_record(h
, hr
);
750 log_warning_errno(r
, "Failed to update home record, ignoring: %m");
752 r
= user_record_good_authentication(h
->record
);
754 log_warning_errno(r
, "Failed to increase good authentication counter, ignoring: %m");
756 r
= home_save_record(h
);
758 log_warning_errno(r
, "Failed to write home record to disk, ignoring: %m");
762 log_debug("Change operation of %s completed.", h
->user_name
);
766 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
767 home_set_state(h
, _HOME_STATE_INVALID
);
770 static void home_locking_finish(Home
*h
, int ret
, UserRecord
*hr
) {
771 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
775 assert(h
->state
== HOME_LOCKING
);
778 (void) convert_worker_errno(h
, ret
, &error
);
779 r
= log_error_errno(ret
, "Locking operation failed: %m");
783 log_debug("Locking operation of %s completed.", h
->user_name
);
784 h
->current_operation
= operation_result_unref(h
->current_operation
, 0, NULL
);
785 home_set_state(h
, HOME_LOCKED
);
789 /* If a specific home doesn't know the concept of locking, then that's totally OK, don't propagate
790 * the error if we are executing a LockAllHomes() operation. */
792 if (h
->current_operation
->type
== OPERATION_LOCK_ALL
&& r
== -ENOTTY
)
793 h
->current_operation
= operation_result_unref(h
->current_operation
, 0, NULL
);
795 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
797 home_set_state(h
, _HOME_STATE_INVALID
);
800 static void home_unlocking_finish(Home
*h
, int ret
, UserRecord
*hr
) {
801 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
805 assert(IN_SET(h
->state
, HOME_UNLOCKING
, HOME_UNLOCKING_FOR_ACQUIRE
));
809 (void) home_count_bad_authentication(h
, true);
811 (void) convert_worker_errno(h
, ret
, &error
);
812 r
= log_error_errno(ret
, "Unlocking operation failed: %m");
814 /* Revert to locked state */
815 home_set_state(h
, HOME_LOCKED
);
816 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
820 r
= user_record_good_authentication(h
->record
);
822 log_warning_errno(r
, "Failed to increase good authentication counter, ignoring: %m");
824 r
= home_save_record(h
);
826 log_warning_errno(r
, "Failed to write home record to disk, ignoring: %m");
829 log_debug("Unlocking operation of %s completed.", h
->user_name
);
831 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
832 home_set_state(h
, _HOME_STATE_INVALID
);
836 static void home_authenticating_finish(Home
*h
, int ret
, UserRecord
*hr
) {
837 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
841 assert(IN_SET(h
->state
, HOME_AUTHENTICATING
, HOME_AUTHENTICATING_WHILE_ACTIVE
, HOME_AUTHENTICATING_FOR_ACQUIRE
));
845 (void) home_count_bad_authentication(h
, true);
847 (void) convert_worker_errno(h
, ret
, &error
);
848 r
= log_error_errno(ret
, "Authentication failed: %m");
853 r
= home_set_record(h
, hr
);
855 log_warning_errno(r
, "Failed to update home record, ignoring: %m");
857 r
= user_record_good_authentication(h
->record
);
859 log_warning_errno(r
, "Failed to increase good authentication counter, ignoring: %m");
861 r
= home_save_record(h
);
863 log_warning_errno(r
, "Failed to write home record to disk, ignoring: %m");
867 log_debug("Authentication of %s completed.", h
->user_name
);
871 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
872 home_set_state(h
, _HOME_STATE_INVALID
);
875 static int home_on_worker_process(sd_event_source
*s
, const siginfo_t
*si
, void *userdata
) {
876 _cleanup_(user_record_unrefp
) UserRecord
*hr
= NULL
;
884 assert(h
->worker_pid
== si
->si_pid
);
885 assert(h
->worker_event_source
);
886 assert(h
->worker_stdout_fd
>= 0);
888 (void) hashmap_remove_value(h
->manager
->homes_by_worker_pid
, PID_TO_PTR(h
->worker_pid
), h
);
891 h
->worker_event_source
= sd_event_source_unref(h
->worker_event_source
);
893 if (si
->si_code
!= CLD_EXITED
) {
894 assert(IN_SET(si
->si_code
, CLD_KILLED
, CLD_DUMPED
));
895 ret
= log_debug_errno(SYNTHETIC_ERRNO(EPROTO
), "Worker process died abnormally with signal %s.", signal_to_string(si
->si_status
));
896 } else if (si
->si_status
!= EXIT_SUCCESS
) {
897 /* If we received an error code via sd_notify(), use it */
898 if (h
->worker_error_code
!= 0)
899 ret
= log_debug_errno(h
->worker_error_code
, "Worker reported error code %s.", errno_to_name(h
->worker_error_code
));
901 ret
= log_debug_errno(SYNTHETIC_ERRNO(EPROTO
), "Worker exited with exit code %i.", si
->si_status
);
903 ret
= home_parse_worker_stdout(TAKE_FD(h
->worker_stdout_fd
), &hr
);
905 h
->worker_stdout_fd
= safe_close(h
->worker_stdout_fd
);
910 case HOME_FIXATING_FOR_ACTIVATION
:
911 case HOME_FIXATING_FOR_ACQUIRE
:
912 home_fixate_finish(h
, ret
, hr
);
915 case HOME_ACTIVATING
:
916 case HOME_ACTIVATING_FOR_ACQUIRE
:
917 home_activate_finish(h
, ret
, hr
);
920 case HOME_DEACTIVATING
:
921 home_deactivate_finish(h
, ret
, hr
);
925 home_locking_finish(h
, ret
, hr
);
929 case HOME_UNLOCKING_FOR_ACQUIRE
:
930 home_unlocking_finish(h
, ret
, hr
);
934 home_create_finish(h
, ret
, hr
);
938 home_remove_finish(h
, ret
, hr
);
942 case HOME_UPDATING_WHILE_ACTIVE
:
944 case HOME_RESIZING_WHILE_ACTIVE
:
946 case HOME_PASSWD_WHILE_ACTIVE
:
947 home_change_finish(h
, ret
, hr
);
950 case HOME_AUTHENTICATING
:
951 case HOME_AUTHENTICATING_WHILE_ACTIVE
:
952 case HOME_AUTHENTICATING_FOR_ACQUIRE
:
953 home_authenticating_finish(h
, ret
, hr
);
957 assert_not_reached("Unexpected state after worker exited");
963 static int home_start_work(Home
*h
, const char *verb
, UserRecord
*hr
, UserRecord
*secret
) {
964 _cleanup_(json_variant_unrefp
) JsonVariant
*v
= NULL
;
965 _cleanup_(erase_and_freep
) char *formatted
= NULL
;
966 _cleanup_close_
int stdin_fd
= -1, stdout_fd
= -1;
974 if (h
->worker_pid
!= 0)
977 assert(h
->worker_stdout_fd
< 0);
978 assert(!h
->worker_event_source
);
980 v
= json_variant_ref(hr
->json
);
983 JsonVariant
*sub
= NULL
;
985 sub
= json_variant_by_key(secret
->json
, "secret");
989 r
= json_variant_set_field(&v
, "secret", sub
);
994 r
= json_variant_format(v
, 0, &formatted
);
998 stdin_fd
= acquire_data_fd(formatted
, strlen(formatted
), 0);
1002 log_debug("Sending to worker: %s", formatted
);
1004 stdout_fd
= memfd_create("homework-stdout", MFD_CLOEXEC
);
1008 r
= safe_fork_full("(sd-homework)",
1009 (int[]) { stdin_fd
, stdout_fd
}, 2,
1010 FORK_RESET_SIGNALS
|FORK_CLOSE_ALL_FDS
|FORK_DEATHSIG
|FORK_LOG
, &pid
);
1014 const char *homework
;
1018 if (setenv("NOTIFY_SOCKET", "/run/systemd/home/notify", 1) < 0) {
1019 log_error_errno(errno
, "Failed to set $NOTIFY_SOCKET: %m");
1020 _exit(EXIT_FAILURE
);
1023 if (h
->manager
->default_storage
>= 0)
1024 if (setenv("SYSTEMD_HOME_DEFAULT_STORAGE", user_storage_to_string(h
->manager
->default_storage
), 1) < 0) {
1025 log_error_errno(errno
, "Failed to set $SYSTEMD_HOME_DEFAULT_STORAGE: %m");
1026 _exit(EXIT_FAILURE
);
1029 if (h
->manager
->default_file_system_type
)
1030 if (setenv("SYSTEMD_HOME_DEFAULT_FILE_SYSTEM_TYPE", h
->manager
->default_file_system_type
, 1) < 0) {
1031 log_error_errno(errno
, "Failed to set $SYSTEMD_HOME_DEFAULT_FILE_SYSTEM_TYPE: %m");
1032 _exit(EXIT_FAILURE
);
1035 r
= rearrange_stdio(stdin_fd
, stdout_fd
, STDERR_FILENO
);
1037 log_error_errno(r
, "Failed to rearrange stdin/stdout/stderr: %m");
1038 _exit(EXIT_FAILURE
);
1041 stdin_fd
= stdout_fd
= -1; /* have been invalidated by rearrange_stdio() */
1043 /* Allow overriding the homework path via an environment variable, to make debugging
1045 homework
= getenv("SYSTEMD_HOMEWORK_PATH") ?: SYSTEMD_HOMEWORK_PATH
;
1047 execl(homework
, homework
, verb
, NULL
);
1048 log_error_errno(errno
, "Failed to invoke %s: %m", homework
);
1049 _exit(EXIT_FAILURE
);
1052 r
= sd_event_add_child(h
->manager
->event
, &h
->worker_event_source
, pid
, WEXITED
, home_on_worker_process
, h
);
1056 (void) sd_event_source_set_description(h
->worker_event_source
, "worker");
1058 r
= hashmap_put(h
->manager
->homes_by_worker_pid
, PID_TO_PTR(pid
), h
);
1060 h
->worker_event_source
= sd_event_source_unref(h
->worker_event_source
);
1064 h
->worker_stdout_fd
= TAKE_FD(stdout_fd
);
1065 h
->worker_pid
= pid
;
1066 h
->worker_error_code
= 0;
1071 static int home_ratelimit(Home
*h
, sd_bus_error
*error
) {
1076 ret
= user_record_ratelimit(h
->record
);
1080 if (h
->state
!= HOME_UNFIXATED
) {
1081 r
= home_save_record(h
);
1083 log_warning_errno(r
, "Failed to save updated record, ignoring: %m");
1087 char buf
[FORMAT_TIMESPAN_MAX
];
1090 n
= now(CLOCK_REALTIME
);
1091 t
= user_record_ratelimit_next_try(h
->record
);
1093 if (t
!= USEC_INFINITY
&& t
> n
)
1094 return sd_bus_error_setf(error
, BUS_ERROR_AUTHENTICATION_LIMIT_HIT
, "Too many login attempts, please try again in %s!",
1095 format_timespan(buf
, sizeof(buf
), t
- n
, USEC_PER_SEC
));
1097 return sd_bus_error_setf(error
, BUS_ERROR_AUTHENTICATION_LIMIT_HIT
, "Too many login attempts, please try again later.");
1103 static int home_fixate_internal(
1106 HomeState for_state
,
1107 sd_bus_error
*error
) {
1112 assert(IN_SET(for_state
, HOME_FIXATING
, HOME_FIXATING_FOR_ACTIVATION
, HOME_FIXATING_FOR_ACQUIRE
));
1114 r
= home_start_work(h
, "inspect", h
->record
, secret
);
1118 if (IN_SET(for_state
, HOME_FIXATING_FOR_ACTIVATION
, HOME_FIXATING_FOR_ACQUIRE
)) {
1119 /* Remember the secret data, since we need it for the activation again, later on. */
1120 user_record_unref(h
->secret
);
1121 h
->secret
= user_record_ref(secret
);
1124 home_set_state(h
, for_state
);
1128 int home_fixate(Home
*h
, UserRecord
*secret
, sd_bus_error
*error
) {
1133 switch (home_get_state(h
)) {
1135 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ABSENT
, "Home %s is currently missing or not plugged in.", h
->user_name
);
1140 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ALREADY_FIXATED
, "Home %s is already fixated.", h
->user_name
);
1141 case HOME_UNFIXATED
:
1144 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1147 r
= home_ratelimit(h
, error
);
1151 return home_fixate_internal(h
, secret
, HOME_FIXATING
, error
);
1154 static int home_activate_internal(Home
*h
, UserRecord
*secret
, HomeState for_state
, sd_bus_error
*error
) {
1158 assert(IN_SET(for_state
, HOME_ACTIVATING
, HOME_ACTIVATING_FOR_ACQUIRE
));
1160 r
= home_start_work(h
, "activate", h
->record
, secret
);
1164 home_set_state(h
, for_state
);
1168 int home_activate(Home
*h
, UserRecord
*secret
, sd_bus_error
*error
) {
1173 switch (home_get_state(h
)) {
1174 case HOME_UNFIXATED
:
1175 return home_fixate_internal(h
, secret
, HOME_FIXATING_FOR_ACTIVATION
, error
);
1177 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ABSENT
, "Home %s is currently missing or not plugged in.", h
->user_name
);
1179 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ALREADY_ACTIVE
, "Home %s is already active.", h
->user_name
);
1181 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
1186 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1189 r
= home_ratelimit(h
, error
);
1193 return home_activate_internal(h
, secret
, HOME_ACTIVATING
, error
);
1196 static int home_authenticate_internal(Home
*h
, UserRecord
*secret
, HomeState for_state
, sd_bus_error
*error
) {
1200 assert(IN_SET(for_state
, HOME_AUTHENTICATING
, HOME_AUTHENTICATING_WHILE_ACTIVE
, HOME_AUTHENTICATING_FOR_ACQUIRE
));
1202 r
= home_start_work(h
, "inspect", h
->record
, secret
);
1206 home_set_state(h
, for_state
);
1210 int home_authenticate(Home
*h
, UserRecord
*secret
, sd_bus_error
*error
) {
1216 state
= home_get_state(h
);
1219 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ABSENT
, "Home %s is currently missing or not plugged in.", h
->user_name
);
1221 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
1222 case HOME_UNFIXATED
:
1228 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1231 r
= home_ratelimit(h
, error
);
1235 return home_authenticate_internal(h
, secret
, state
== HOME_ACTIVE
? HOME_AUTHENTICATING_WHILE_ACTIVE
: HOME_AUTHENTICATING
, error
);
1238 static int home_deactivate_internal(Home
*h
, bool force
, sd_bus_error
*error
) {
1243 r
= home_start_work(h
, force
? "deactivate-force" : "deactivate", h
->record
, NULL
);
1247 home_set_state(h
, HOME_DEACTIVATING
);
1251 int home_deactivate(Home
*h
, bool force
, sd_bus_error
*error
) {
1254 switch (home_get_state(h
)) {
1255 case HOME_UNFIXATED
:
1259 return sd_bus_error_setf(error
, BUS_ERROR_HOME_NOT_ACTIVE
, "Home %s not active.", h
->user_name
);
1261 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
1265 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1268 return home_deactivate_internal(h
, force
, error
);
1271 int home_create(Home
*h
, UserRecord
*secret
, sd_bus_error
*error
) {
1276 switch (home_get_state(h
)) {
1278 if (h
->record
->storage
< 0)
1279 break; /* if no storage is defined we don't know what precisely to look for, hence
1280 * HOME_INACTIVE is OK in that case too. */
1282 if (IN_SET(user_record_test_image_path(h
->record
), USER_TEST_MAYBE
, USER_TEST_UNDEFINED
))
1283 break; /* And if the image path test isn't conclusive, let's also go on */
1286 case HOME_UNFIXATED
:
1288 return sd_bus_error_setf(error
, BUS_ERROR_HOME_EXISTS
, "Home of user %s already exists.", h
->user_name
);
1294 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "Home %s is currently being used, or an operation on home %s is currently being executed.", h
->user_name
, h
->user_name
);
1297 if (h
->record
->enforce_password_policy
== false)
1298 log_debug("Password quality check turned off for account, skipping.");
1300 r
= user_record_quality_check_password(h
->record
, secret
, error
);
1305 r
= home_start_work(h
, "create", h
->record
, secret
);
1309 home_set_state(h
, HOME_CREATING
);
1313 int home_remove(Home
*h
, sd_bus_error
*error
) {
1319 state
= home_get_state(h
);
1321 case HOME_ABSENT
: /* If the home directory is absent, then this is just like unregistering */
1322 return home_unregister(h
, error
);
1324 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
1325 case HOME_UNFIXATED
:
1331 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "Home %s is currently being used, or an operation on home %s is currently being executed.", h
->user_name
, h
->user_name
);
1334 r
= home_start_work(h
, "remove", h
->record
, NULL
);
1338 home_set_state(h
, HOME_REMOVING
);
1342 static int user_record_extend_with_binding(UserRecord
*hr
, UserRecord
*with_binding
, UserRecordLoadFlags flags
, UserRecord
**ret
) {
1343 _cleanup_(json_variant_unrefp
) JsonVariant
*v
= NULL
;
1344 _cleanup_(user_record_unrefp
) UserRecord
*nr
= NULL
;
1345 JsonVariant
*binding
;
1349 assert(with_binding
);
1352 assert_se(v
= json_variant_ref(hr
->json
));
1354 binding
= json_variant_by_key(with_binding
->json
, "binding");
1356 r
= json_variant_set_field(&v
, "binding", binding
);
1361 nr
= user_record_new();
1365 r
= user_record_load(nr
, v
, flags
);
1369 *ret
= TAKE_PTR(nr
);
1373 static int home_update_internal(
1378 sd_bus_error
*error
) {
1380 _cleanup_(user_record_unrefp
) UserRecord
*new_hr
= NULL
, *saved_secret
= NULL
, *signed_hr
= NULL
;
1387 if (!user_record_compatible(hr
, h
->record
))
1388 return sd_bus_error_setf(error
, BUS_ERROR_HOME_RECORD_MISMATCH
, "Updated user record is not compatible with existing one.");
1389 c
= user_record_compare_last_change(hr
, h
->record
); /* refuse downgrades */
1391 return sd_bus_error_setf(error
, BUS_ERROR_HOME_RECORD_DOWNGRADE
, "Refusing to update to older home record.");
1393 if (!secret
&& FLAGS_SET(hr
->mask
, USER_RECORD_SECRET
)) {
1394 r
= user_record_clone(hr
, USER_RECORD_EXTRACT_SECRET
, &saved_secret
);
1398 secret
= saved_secret
;
1401 r
= manager_verify_user_record(h
->manager
, hr
);
1404 case USER_RECORD_UNSIGNED
:
1405 if (h
->signed_locally
<= 0) /* If the existing record is not owned by us, don't accept an
1406 * unsigned new record. i.e. only implicitly sign new records
1407 * that where previously signed by us too. */
1408 return sd_bus_error_setf(error
, BUS_ERROR_HOME_RECORD_SIGNED
, "Home %s is signed and cannot be modified locally.", h
->user_name
);
1410 /* The updated record is not signed, then do so now */
1411 r
= manager_sign_user_record(h
->manager
, hr
, &signed_hr
, error
);
1418 case USER_RECORD_SIGNED_EXCLUSIVE
:
1419 case USER_RECORD_SIGNED
:
1420 case USER_RECORD_FOREIGN
:
1421 /* Has already been signed. Great! */
1429 r
= user_record_extend_with_binding(hr
, h
->record
, USER_RECORD_LOAD_MASK_SECRET
, &new_hr
);
1434 /* different payload but same lastChangeUSec field? That's not cool! */
1436 r
= user_record_masked_equal(new_hr
, h
->record
, USER_RECORD_REGULAR
|USER_RECORD_PRIVILEGED
|USER_RECORD_PER_MACHINE
);
1440 return sd_bus_error_setf(error
, BUS_ERROR_HOME_RECORD_MISMATCH
, "Home record different but timestamp remained the same, refusing.");
1443 r
= home_start_work(h
, verb
, new_hr
, secret
);
1450 int home_update(Home
*h
, UserRecord
*hr
, sd_bus_error
*error
) {
1457 state
= home_get_state(h
);
1459 case HOME_UNFIXATED
:
1460 return sd_bus_error_setf(error
, BUS_ERROR_HOME_UNFIXATED
, "Home %s has not been fixated yet.", h
->user_name
);
1462 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ABSENT
, "Home %s is currently missing or not plugged in.", h
->user_name
);
1464 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
1470 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1473 r
= home_ratelimit(h
, error
);
1477 r
= home_update_internal(h
, "update", hr
, NULL
, error
);
1481 home_set_state(h
, state
== HOME_ACTIVE
? HOME_UPDATING_WHILE_ACTIVE
: HOME_UPDATING
);
1485 int home_resize(Home
*h
, uint64_t disk_size
, UserRecord
*secret
, sd_bus_error
*error
) {
1486 _cleanup_(user_record_unrefp
) UserRecord
*c
= NULL
;
1492 state
= home_get_state(h
);
1494 case HOME_UNFIXATED
:
1495 return sd_bus_error_setf(error
, BUS_ERROR_HOME_UNFIXATED
, "Home %s has not been fixated yet.", h
->user_name
);
1497 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ABSENT
, "Home %s is currently missing or not plugged in.", h
->user_name
);
1499 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
1505 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1508 r
= home_ratelimit(h
, error
);
1512 if (disk_size
== UINT64_MAX
|| disk_size
== h
->record
->disk_size
) {
1513 if (h
->record
->disk_size
== UINT64_MAX
)
1514 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "No disk size to resize to specified.");
1516 c
= user_record_ref(h
->record
); /* Shortcut if size is unspecified or matches the record */
1518 _cleanup_(user_record_unrefp
) UserRecord
*signed_c
= NULL
;
1520 if (h
->signed_locally
<= 0) /* Don't allow changing of records not signed only by us */
1521 return sd_bus_error_setf(error
, BUS_ERROR_HOME_RECORD_SIGNED
, "Home %s is signed and cannot be modified locally.", h
->user_name
);
1523 r
= user_record_clone(h
->record
, USER_RECORD_LOAD_REFUSE_SECRET
, &c
);
1527 r
= user_record_set_disk_size(c
, disk_size
);
1529 return sd_bus_error_setf(error
, BUS_ERROR_BAD_HOME_SIZE
, "Requested size for home %s out of acceptable range.", h
->user_name
);
1533 r
= user_record_update_last_changed(c
, false);
1535 return sd_bus_error_setf(error
, BUS_ERROR_HOME_RECORD_MISMATCH
, "Record last change time of %s is newer than current time, cannot update.", h
->user_name
);
1539 r
= manager_sign_user_record(h
->manager
, c
, &signed_c
, error
);
1543 user_record_unref(c
);
1544 c
= TAKE_PTR(signed_c
);
1547 r
= home_update_internal(h
, "resize", c
, secret
, error
);
1551 home_set_state(h
, state
== HOME_ACTIVE
? HOME_RESIZING_WHILE_ACTIVE
: HOME_RESIZING
);
1555 static int home_may_change_password(
1557 sd_bus_error
*error
) {
1563 r
= user_record_test_password_change_required(h
->record
);
1564 if (IN_SET(r
, -EKEYREVOKED
, -EOWNERDEAD
, -EKEYEXPIRED
))
1565 return 0; /* expired in some form, but changing is allowed */
1566 if (IN_SET(r
, -EKEYREJECTED
, -EROFS
))
1567 return sd_bus_error_setf(error
, SD_BUS_ERROR_ACCESS_DENIED
, "Expiration settings of account %s do not allow changing of password.", h
->user_name
);
1569 return log_error_errno(r
, "Failed to test password expiry: %m");
1571 return 0; /* not expired */
1574 int home_passwd(Home
*h
,
1575 UserRecord
*new_secret
,
1576 UserRecord
*old_secret
,
1577 sd_bus_error
*error
) {
1579 _cleanup_(user_record_unrefp
) UserRecord
*c
= NULL
, *merged_secret
= NULL
, *signed_c
= NULL
;
1585 if (h
->signed_locally
<= 0) /* Don't allow changing of records not signed only by us */
1586 return sd_bus_error_setf(error
, BUS_ERROR_HOME_RECORD_SIGNED
, "Home %s is signed and cannot be modified locally.", h
->user_name
);
1588 state
= home_get_state(h
);
1590 case HOME_UNFIXATED
:
1591 return sd_bus_error_setf(error
, BUS_ERROR_HOME_UNFIXATED
, "Home %s has not been fixated yet.", h
->user_name
);
1593 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ABSENT
, "Home %s is currently missing or not plugged in.", h
->user_name
);
1595 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
1601 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1604 r
= home_ratelimit(h
, error
);
1608 r
= home_may_change_password(h
, error
);
1612 r
= user_record_clone(h
->record
, USER_RECORD_LOAD_REFUSE_SECRET
, &c
);
1616 merged_secret
= user_record_new();
1620 r
= user_record_merge_secret(merged_secret
, old_secret
);
1624 r
= user_record_merge_secret(merged_secret
, new_secret
);
1628 if (!strv_isempty(new_secret
->password
)) {
1629 /* Update the password only if one is specified, otherwise let's just reuse the old password
1630 * data. This is useful as a way to propagate updated user records into the LUKS backends
1633 r
= user_record_make_hashed_password(c
, new_secret
->password
, /* extend = */ false);
1637 r
= user_record_set_password_change_now(c
, -1 /* remove */);
1642 r
= user_record_update_last_changed(c
, true);
1644 return sd_bus_error_setf(error
, BUS_ERROR_HOME_RECORD_MISMATCH
, "Record last change time of %s is newer than current time, cannot update.", h
->user_name
);
1648 r
= manager_sign_user_record(h
->manager
, c
, &signed_c
, error
);
1652 if (c
->enforce_password_policy
== false)
1653 log_debug("Password quality check turned off for account, skipping.");
1655 r
= user_record_quality_check_password(c
, merged_secret
, error
);
1660 r
= home_update_internal(h
, "passwd", signed_c
, merged_secret
, error
);
1664 home_set_state(h
, state
== HOME_ACTIVE
? HOME_PASSWD_WHILE_ACTIVE
: HOME_PASSWD
);
1668 int home_unregister(Home
*h
, sd_bus_error
*error
) {
1673 switch (home_get_state(h
)) {
1674 case HOME_UNFIXATED
:
1675 return sd_bus_error_setf(error
, BUS_ERROR_HOME_UNFIXATED
, "Home %s is not registered.", h
->user_name
);
1677 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
1684 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "Home %s is currently being used, or an operation on home %s is currently being executed.", h
->user_name
, h
->user_name
);
1687 r
= home_unlink_record(h
);
1691 /* And destroy the whole entry. The caller needs to be prepared for that. */
1696 int home_lock(Home
*h
, sd_bus_error
*error
) {
1701 switch (home_get_state(h
)) {
1702 case HOME_UNFIXATED
:
1706 return sd_bus_error_setf(error
, BUS_ERROR_HOME_NOT_ACTIVE
, "Home %s is not active.", h
->user_name
);
1708 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is already locked.", h
->user_name
);
1712 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1715 r
= home_start_work(h
, "lock", h
->record
, NULL
);
1719 home_set_state(h
, HOME_LOCKING
);
1723 static int home_unlock_internal(Home
*h
, UserRecord
*secret
, HomeState for_state
, sd_bus_error
*error
) {
1727 assert(IN_SET(for_state
, HOME_UNLOCKING
, HOME_UNLOCKING_FOR_ACQUIRE
));
1729 r
= home_start_work(h
, "unlock", h
->record
, secret
);
1733 home_set_state(h
, for_state
);
1737 int home_unlock(Home
*h
, UserRecord
*secret
, sd_bus_error
*error
) {
1741 r
= home_ratelimit(h
, error
);
1745 switch (home_get_state(h
)) {
1746 case HOME_UNFIXATED
:
1751 return sd_bus_error_setf(error
, BUS_ERROR_HOME_NOT_LOCKED
, "Home %s is not locked.", h
->user_name
);
1755 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1758 return home_unlock_internal(h
, secret
, HOME_UNLOCKING
, error
);
1761 HomeState
home_get_state(Home
*h
) {
1765 /* When the state field is initialized, it counts. */
1769 /* Otherwise, let's see if the home directory is mounted. If so, we assume for sure the home
1770 * directory is active */
1771 if (user_record_test_home_directory(h
->record
) == USER_TEST_MOUNTED
)
1774 /* And if we see the image being gone, we report this as absent */
1775 r
= user_record_test_image_path(h
->record
);
1776 if (r
== USER_TEST_ABSENT
)
1778 if (r
== USER_TEST_DIRTY
)
1781 /* And for all other cases we return "inactive". */
1782 return HOME_INACTIVE
;
1785 void home_process_notify(Home
*h
, char **l
) {
1792 e
= strv_env_get(l
, "ERRNO");
1794 log_debug("Got notify message lacking ERRNO= field, ignoring.");
1798 r
= safe_atoi(e
, &error
);
1800 log_debug_errno(r
, "Failed to parse received error number, ignoring: %s", e
);
1804 log_debug("Error number is out of range: %i", error
);
1808 h
->worker_error_code
= error
;
1811 int home_killall(Home
*h
) {
1812 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1813 _cleanup_free_
char *unit
= NULL
;
1818 if (!uid_is_valid(h
->uid
))
1821 assert(h
->uid
> 0); /* We never should be UID 0 */
1823 /* Let's kill everything matching the specified UID */
1824 r
= safe_fork("(sd-killer)", FORK_RESET_SIGNALS
|FORK_CLOSE_ALL_FDS
|FORK_DEATHSIG
|FORK_WAIT
|FORK_LOG
, NULL
);
1832 gid
= user_record_gid(h
->record
);
1833 if (setresgid(gid
, gid
, gid
) < 0) {
1834 log_error_errno(errno
, "Failed to change GID to " GID_FMT
": %m", gid
);
1835 _exit(EXIT_FAILURE
);
1838 if (setgroups(0, NULL
) < 0) {
1839 log_error_errno(errno
, "Failed to reset auxiliary groups list: %m");
1840 _exit(EXIT_FAILURE
);
1843 if (setresuid(h
->uid
, h
->uid
, h
->uid
) < 0) {
1844 log_error_errno(errno
, "Failed to change UID to " UID_FMT
": %m", h
->uid
);
1845 _exit(EXIT_FAILURE
);
1848 if (kill(-1, SIGKILL
) < 0) {
1849 log_error_errno(errno
, "Failed to kill all processes of UID " UID_FMT
": %m", h
->uid
);
1850 _exit(EXIT_FAILURE
);
1853 _exit(EXIT_SUCCESS
);
1856 /* Let's also kill everything in the user's slice */
1857 if (asprintf(&unit
, "user-" UID_FMT
".slice", h
->uid
) < 0)
1860 r
= sd_bus_call_method(
1862 "org.freedesktop.systemd1",
1863 "/org/freedesktop/systemd1",
1864 "org.freedesktop.systemd1.Manager",
1868 "ssi", unit
, "all", SIGKILL
);
1870 log_full_errno(sd_bus_error_has_name(&error
, BUS_ERROR_NO_SUCH_UNIT
) ? LOG_DEBUG
: LOG_WARNING
,
1871 r
, "Failed to kill login processes of user, ignoring: %s", bus_error_message(&error
, r
));
1876 static int home_get_disk_status_luks(
1879 uint64_t *ret_disk_size
,
1880 uint64_t *ret_disk_usage
,
1881 uint64_t *ret_disk_free
,
1882 uint64_t *ret_disk_ceiling
,
1883 uint64_t *ret_disk_floor
) {
1885 uint64_t disk_size
= UINT64_MAX
, disk_usage
= UINT64_MAX
, disk_free
= UINT64_MAX
,
1886 disk_ceiling
= UINT64_MAX
, disk_floor
= UINT64_MAX
,
1887 stat_used
= UINT64_MAX
, fs_size
= UINT64_MAX
, header_size
= 0;
1894 assert(ret_disk_size
);
1895 assert(ret_disk_usage
);
1896 assert(ret_disk_free
);
1897 assert(ret_disk_ceiling
);
1899 if (state
!= HOME_ABSENT
) {
1902 ip
= user_record_image_path(h
->record
);
1906 if (stat(ip
, &st
) < 0)
1907 log_debug_errno(errno
, "Failed to stat() %s, ignoring: %m", ip
);
1908 else if (S_ISREG(st
.st_mode
)) {
1909 _cleanup_free_
char *parent
= NULL
;
1911 disk_size
= st
.st_size
;
1912 stat_used
= st
.st_blocks
* 512;
1914 parent
= dirname_malloc(ip
);
1918 if (statfs(parent
, &sfs
) < 0)
1919 log_debug_errno(errno
, "Failed to statfs() %s, ignoring: %m", parent
);
1921 disk_ceiling
= stat_used
+ sfs
.f_bsize
* sfs
.f_bavail
;
1923 } else if (S_ISBLK(st
.st_mode
)) {
1924 _cleanup_free_
char *szbuf
= NULL
;
1925 char p
[SYS_BLOCK_PATH_MAX("/size")];
1927 /* Let's read the size off sysfs, so that we don't have to open the device */
1928 xsprintf_sys_block_path(p
, "/size", st
.st_rdev
);
1929 r
= read_one_line_file(p
, &szbuf
);
1931 log_debug_errno(r
, "Failed to read %s, ignoring: %m", p
);
1935 r
= safe_atou64(szbuf
, &sz
);
1937 log_debug_errno(r
, "Failed to parse %s, ignoring: %s", p
, szbuf
);
1939 disk_size
= sz
* 512;
1942 log_debug("Image path is not a block device or regular file, not able to acquire size.");
1946 if (!HOME_STATE_IS_ACTIVE(state
))
1949 hd
= user_record_home_directory(h
->record
);
1953 if (statfs(hd
, &sfs
) < 0) {
1954 log_debug_errno(errno
, "Failed to statfs() %s, ignoring: %m", hd
);
1958 disk_free
= sfs
.f_bsize
* sfs
.f_bavail
;
1959 fs_size
= sfs
.f_bsize
* sfs
.f_blocks
;
1960 if (disk_size
!= UINT64_MAX
&& disk_size
> fs_size
)
1961 header_size
= disk_size
- fs_size
;
1963 /* We take a perspective from the user here (as opposed to from the host): the used disk space is the
1964 * difference from the limit and what's free. This makes a difference if sparse mode is not used: in
1965 * that case the image is pre-allocated and thus appears all used from the host PoV but is not used
1966 * up at all yet from the user's PoV.
1968 * That said, we use use the stat() reported loopback file size as upper boundary: our footprint can
1969 * never be larger than what we take up on the lowest layers. */
1971 if (disk_size
!= UINT64_MAX
&& disk_size
> disk_free
) {
1972 disk_usage
= disk_size
- disk_free
;
1974 if (stat_used
!= UINT64_MAX
&& disk_usage
> stat_used
)
1975 disk_usage
= stat_used
;
1977 disk_usage
= stat_used
;
1979 /* If we have the magic, determine floor preferably by magic */
1980 disk_floor
= minimal_size_by_fs_magic(sfs
.f_type
) + header_size
;
1983 /* If we don't know the magic, go by file system name */
1984 if (disk_floor
== UINT64_MAX
)
1985 disk_floor
= minimal_size_by_fs_name(user_record_file_system_type(h
->record
));
1987 *ret_disk_size
= disk_size
;
1988 *ret_disk_usage
= disk_usage
;
1989 *ret_disk_free
= disk_free
;
1990 *ret_disk_ceiling
= disk_ceiling
;
1991 *ret_disk_floor
= disk_floor
;
1996 static int home_get_disk_status_directory(
1999 uint64_t *ret_disk_size
,
2000 uint64_t *ret_disk_usage
,
2001 uint64_t *ret_disk_free
,
2002 uint64_t *ret_disk_ceiling
,
2003 uint64_t *ret_disk_floor
) {
2005 uint64_t disk_size
= UINT64_MAX
, disk_usage
= UINT64_MAX
, disk_free
= UINT64_MAX
,
2006 disk_ceiling
= UINT64_MAX
, disk_floor
= UINT64_MAX
;
2009 const char *path
= NULL
;
2012 assert(ret_disk_size
);
2013 assert(ret_disk_usage
);
2014 assert(ret_disk_free
);
2015 assert(ret_disk_ceiling
);
2016 assert(ret_disk_floor
);
2018 if (HOME_STATE_IS_ACTIVE(state
))
2019 path
= user_record_home_directory(h
->record
);
2022 if (state
== HOME_ABSENT
)
2025 path
= user_record_image_path(h
->record
);
2031 if (statfs(path
, &sfs
) < 0)
2032 log_debug_errno(errno
, "Failed to statfs() %s, ignoring: %m", path
);
2034 disk_free
= sfs
.f_bsize
* sfs
.f_bavail
;
2035 disk_size
= sfs
.f_bsize
* sfs
.f_blocks
;
2037 /* We don't initialize disk_usage from statfs() data here, since the device is likely not used
2038 * by us alone, and disk_usage should only reflect our own use. */
2041 if (IN_SET(h
->record
->storage
, USER_CLASSIC
, USER_DIRECTORY
, USER_SUBVOLUME
)) {
2043 r
= btrfs_is_subvol(path
);
2045 log_debug_errno(r
, "Failed to determine whether %s is a btrfs subvolume: %m", path
);
2049 r
= btrfs_subvol_get_subtree_quota(path
, 0, &qi
);
2051 log_debug_errno(r
, "Failed to query btrfs subtree quota, ignoring: %m");
2053 disk_usage
= qi
.referenced
;
2055 if (disk_free
!= UINT64_MAX
) {
2056 disk_ceiling
= qi
.referenced
+ disk_free
;
2058 if (disk_size
!= UINT64_MAX
&& disk_ceiling
> disk_size
)
2059 disk_ceiling
= disk_size
;
2062 if (qi
.referenced_max
!= UINT64_MAX
) {
2063 if (disk_size
!= UINT64_MAX
)
2064 disk_size
= MIN(qi
.referenced_max
, disk_size
);
2066 disk_size
= qi
.referenced_max
;
2069 if (disk_size
!= UINT64_MAX
) {
2070 if (disk_size
> disk_usage
)
2071 disk_free
= disk_size
- disk_usage
;
2081 if (IN_SET(h
->record
->storage
, USER_CLASSIC
, USER_DIRECTORY
, USER_FSCRYPT
)) {
2082 r
= quotactl_path(QCMD_FIXED(Q_GETQUOTA
, USRQUOTA
), path
, h
->uid
, &req
);
2084 if (ERRNO_IS_NOT_SUPPORTED(r
)) {
2085 log_debug_errno(r
, "No UID quota support on %s.", path
);
2090 log_debug_errno(r
, "Failed to query disk quota for UID " UID_FMT
": %m", h
->uid
);
2094 disk_usage
= 0; /* No record of this user? then nothing was used */
2096 if (FLAGS_SET(req
.dqb_valid
, QIF_SPACE
) && disk_free
!= UINT64_MAX
) {
2097 disk_ceiling
= req
.dqb_curspace
+ disk_free
;
2099 if (disk_size
!= UINT64_MAX
&& disk_ceiling
> disk_size
)
2100 disk_ceiling
= disk_size
;
2103 if (FLAGS_SET(req
.dqb_valid
, QIF_BLIMITS
)) {
2106 /* Take the minimum of the quota and the available disk space here */
2107 q
= req
.dqb_bhardlimit
* QIF_DQBLKSIZE
;
2108 if (disk_size
!= UINT64_MAX
)
2109 disk_size
= MIN(disk_size
, q
);
2113 if (FLAGS_SET(req
.dqb_valid
, QIF_SPACE
)) {
2114 disk_usage
= req
.dqb_curspace
;
2116 if (disk_size
!= UINT64_MAX
) {
2117 if (disk_size
> disk_usage
)
2118 disk_free
= disk_size
- disk_usage
;
2127 *ret_disk_size
= disk_size
;
2128 *ret_disk_usage
= disk_usage
;
2129 *ret_disk_free
= disk_free
;
2130 *ret_disk_ceiling
= disk_ceiling
;
2131 *ret_disk_floor
= disk_floor
;
2136 int home_augment_status(
2138 UserRecordLoadFlags flags
,
2141 uint64_t disk_size
= UINT64_MAX
, disk_usage
= UINT64_MAX
, disk_free
= UINT64_MAX
, disk_ceiling
= UINT64_MAX
, disk_floor
= UINT64_MAX
;
2142 _cleanup_(json_variant_unrefp
) JsonVariant
*j
= NULL
, *v
= NULL
, *m
= NULL
, *status
= NULL
;
2143 _cleanup_(user_record_unrefp
) UserRecord
*ur
= NULL
;
2144 char ids
[SD_ID128_STRING_MAX
];
2152 /* We are supposed to add this, this can't be on hence. */
2153 assert(!FLAGS_SET(flags
, USER_RECORD_STRIP_STATUS
));
2155 r
= sd_id128_get_machine(&id
);
2159 state
= home_get_state(h
);
2161 switch (h
->record
->storage
) {
2164 r
= home_get_disk_status_luks(h
, state
, &disk_size
, &disk_usage
, &disk_free
, &disk_ceiling
, &disk_floor
);
2171 case USER_DIRECTORY
:
2172 case USER_SUBVOLUME
:
2175 r
= home_get_disk_status_directory(h
, state
, &disk_size
, &disk_usage
, &disk_free
, &disk_ceiling
, &disk_floor
);
2185 if (disk_floor
== UINT64_MAX
|| (disk_usage
!= UINT64_MAX
&& disk_floor
< disk_usage
))
2186 disk_floor
= disk_usage
;
2187 if (disk_floor
== UINT64_MAX
|| disk_floor
< USER_DISK_SIZE_MIN
)
2188 disk_floor
= USER_DISK_SIZE_MIN
;
2189 if (disk_ceiling
== UINT64_MAX
|| disk_ceiling
> USER_DISK_SIZE_MAX
)
2190 disk_ceiling
= USER_DISK_SIZE_MAX
;
2192 r
= json_build(&status
,
2194 JSON_BUILD_PAIR("state", JSON_BUILD_STRING(home_state_to_string(state
))),
2195 JSON_BUILD_PAIR("service", JSON_BUILD_STRING("io.systemd.Home")),
2196 JSON_BUILD_PAIR_CONDITION(disk_size
!= UINT64_MAX
, "diskSize", JSON_BUILD_UNSIGNED(disk_size
)),
2197 JSON_BUILD_PAIR_CONDITION(disk_usage
!= UINT64_MAX
, "diskUsage", JSON_BUILD_UNSIGNED(disk_usage
)),
2198 JSON_BUILD_PAIR_CONDITION(disk_free
!= UINT64_MAX
, "diskFree", JSON_BUILD_UNSIGNED(disk_free
)),
2199 JSON_BUILD_PAIR_CONDITION(disk_ceiling
!= UINT64_MAX
, "diskCeiling", JSON_BUILD_UNSIGNED(disk_ceiling
)),
2200 JSON_BUILD_PAIR_CONDITION(disk_floor
!= UINT64_MAX
, "diskFloor", JSON_BUILD_UNSIGNED(disk_floor
)),
2201 JSON_BUILD_PAIR_CONDITION(h
->signed_locally
>= 0, "signedLocally", JSON_BUILD_BOOLEAN(h
->signed_locally
))
2206 j
= json_variant_ref(h
->record
->json
);
2207 v
= json_variant_ref(json_variant_by_key(j
, "status"));
2208 m
= json_variant_ref(json_variant_by_key(v
, sd_id128_to_string(id
, ids
)));
2210 r
= json_variant_filter(&m
, STRV_MAKE("diskSize", "diskUsage", "diskFree", "diskCeiling", "diskFloor", "signedLocally"));
2214 r
= json_variant_merge(&m
, status
);
2218 r
= json_variant_set_field(&v
, ids
, m
);
2222 r
= json_variant_set_field(&j
, "status", v
);
2226 ur
= user_record_new();
2230 r
= user_record_load(ur
, j
, flags
);
2235 FLAGS_SET(h
->record
->mask
, USER_RECORD_PRIVILEGED
) &&
2236 !FLAGS_SET(ur
->mask
, USER_RECORD_PRIVILEGED
);
2238 *ret
= TAKE_PTR(ur
);
2242 static int on_home_ref_eof(sd_event_source
*s
, int fd
, uint32_t revents
, void *userdata
) {
2243 _cleanup_(operation_unrefp
) Operation
*o
= NULL
;
2249 if (h
->ref_event_source_please_suspend
== s
)
2250 h
->ref_event_source_please_suspend
= sd_event_source_disable_unref(h
->ref_event_source_please_suspend
);
2252 if (h
->ref_event_source_dont_suspend
== s
)
2253 h
->ref_event_source_dont_suspend
= sd_event_source_disable_unref(h
->ref_event_source_dont_suspend
);
2255 if (h
->ref_event_source_dont_suspend
|| h
->ref_event_source_please_suspend
)
2258 log_info("Got notification that all sessions of user %s ended, deactivating automatically.", h
->user_name
);
2260 o
= operation_new(OPERATION_PIPE_EOF
, NULL
);
2266 home_schedule_operation(h
, o
, NULL
);
2270 int home_create_fifo(Home
*h
, bool please_suspend
) {
2271 _cleanup_close_
int ret_fd
= -1;
2272 sd_event_source
**ss
;
2273 const char *fn
, *suffix
;
2278 if (please_suspend
) {
2279 suffix
= ".please-suspend";
2280 ss
= &h
->ref_event_source_please_suspend
;
2282 suffix
= ".dont-suspend";
2283 ss
= &h
->ref_event_source_dont_suspend
;
2286 fn
= strjoina("/run/systemd/home/", h
->user_name
, suffix
);
2289 _cleanup_close_
int ref_fd
= -1;
2291 (void) mkdir("/run/systemd/home/", 0755);
2292 if (mkfifo(fn
, 0600) < 0 && errno
!= EEXIST
)
2293 return log_error_errno(errno
, "Failed to create FIFO %s: %m", fn
);
2295 ref_fd
= open(fn
, O_RDONLY
|O_CLOEXEC
|O_NONBLOCK
);
2297 return log_error_errno(errno
, "Failed to open FIFO %s for reading: %m", fn
);
2299 r
= sd_event_add_io(h
->manager
->event
, ss
, ref_fd
, 0, on_home_ref_eof
, h
);
2301 return log_error_errno(r
, "Failed to allocate reference FIFO event source: %m");
2303 (void) sd_event_source_set_description(*ss
, "acquire-ref");
2305 r
= sd_event_source_set_priority(*ss
, SD_EVENT_PRIORITY_IDLE
-1);
2309 r
= sd_event_source_set_io_fd_own(*ss
, true);
2311 return log_error_errno(r
, "Failed to pass ownership of FIFO event fd to event source: %m");
2316 ret_fd
= open(fn
, O_WRONLY
|O_CLOEXEC
|O_NONBLOCK
);
2318 return log_error_errno(errno
, "Failed to open FIFO %s for writing: %m", fn
);
2320 return TAKE_FD(ret_fd
);
2323 static int home_dispatch_acquire(Home
*h
, Operation
*o
) {
2324 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2325 int (*call
)(Home
*h
, UserRecord
*secret
, HomeState for_state
, sd_bus_error
*error
) = NULL
;
2326 HomeState for_state
;
2331 assert(o
->type
== OPERATION_ACQUIRE
);
2333 switch (home_get_state(h
)) {
2335 case HOME_UNFIXATED
:
2336 for_state
= HOME_FIXATING_FOR_ACQUIRE
;
2337 call
= home_fixate_internal
;
2341 r
= sd_bus_error_setf(&error
, BUS_ERROR_HOME_ABSENT
, "Home %s is currently missing or not plugged in.", h
->user_name
);
2346 for_state
= HOME_ACTIVATING_FOR_ACQUIRE
;
2347 call
= home_activate_internal
;
2351 for_state
= HOME_AUTHENTICATING_FOR_ACQUIRE
;
2352 call
= home_authenticate_internal
;
2356 for_state
= HOME_UNLOCKING_FOR_ACQUIRE
;
2357 call
= home_unlock_internal
;
2361 /* All other cases means we are currently executing an operation, which means the job remains
2366 assert(!h
->current_operation
);
2369 r
= home_ratelimit(h
, &error
);
2371 r
= call(h
, o
->secret
, for_state
, &error
);
2374 if (r
!= 0) /* failure or completed */
2375 operation_result(o
, r
, &error
);
2377 h
->current_operation
= operation_ref(o
);
2382 static int home_dispatch_release(Home
*h
, Operation
*o
) {
2383 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2388 assert(o
->type
== OPERATION_RELEASE
);
2390 if (h
->ref_event_source_dont_suspend
|| h
->ref_event_source_please_suspend
)
2391 /* If there's now a reference again, then let's abort the release attempt */
2392 r
= sd_bus_error_setf(&error
, BUS_ERROR_HOME_BUSY
, "Home %s is currently referenced.", h
->user_name
);
2394 switch (home_get_state(h
)) {
2396 case HOME_UNFIXATED
:
2404 r
= sd_bus_error_setf(&error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
2408 r
= home_deactivate_internal(h
, false, &error
);
2412 /* All other cases means we are currently executing an operation, which means the job remains
2418 assert(!h
->current_operation
);
2420 if (r
!= 0) /* failure or completed */
2421 operation_result(o
, r
, &error
);
2423 h
->current_operation
= operation_ref(o
);
2428 static int home_dispatch_lock_all(Home
*h
, Operation
*o
) {
2429 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2434 assert(o
->type
== OPERATION_LOCK_ALL
);
2436 switch (home_get_state(h
)) {
2438 case HOME_UNFIXATED
:
2442 log_info("Home %s is not active, no locking necessary.", h
->user_name
);
2447 log_info("Home %s is already locked.", h
->user_name
);
2452 log_info("Locking home %s.", h
->user_name
);
2453 r
= home_lock(h
, &error
);
2457 /* All other cases means we are currently executing an operation, which means the job remains
2462 assert(!h
->current_operation
);
2464 if (r
!= 0) /* failure or completed */
2465 operation_result(o
, r
, &error
);
2467 h
->current_operation
= operation_ref(o
);
2472 static int home_dispatch_pipe_eof(Home
*h
, Operation
*o
) {
2473 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2478 assert(o
->type
== OPERATION_PIPE_EOF
);
2480 if (h
->ref_event_source_please_suspend
|| h
->ref_event_source_dont_suspend
)
2481 return 1; /* Hmm, there's a reference again, let's cancel this */
2483 switch (home_get_state(h
)) {
2485 case HOME_UNFIXATED
:
2489 log_info("Home %s already deactivated, no automatic deactivation needed.", h
->user_name
);
2492 case HOME_DEACTIVATING
:
2493 log_info("Home %s is already being deactivated, automatic deactivated unnecessary.", h
->user_name
);
2497 r
= home_deactivate_internal(h
, false, &error
);
2499 log_warning_errno(r
, "Failed to deactivate %s, ignoring: %s", h
->user_name
, bus_error_message(&error
, r
));
2504 /* If the device is locked or any operation is being executed, let's leave this pending */
2508 /* Note that we don't call operation_fail() or operation_success() here, because this kind of
2509 * operation has no message associated with it, and thus there's no need to propagate success. */
2511 assert(!o
->message
);
2515 static int home_dispatch_deactivate_force(Home
*h
, Operation
*o
) {
2516 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2521 assert(o
->type
== OPERATION_DEACTIVATE_FORCE
);
2523 switch (home_get_state(h
)) {
2525 case HOME_UNFIXATED
:
2529 log_debug("Home %s already deactivated, no forced deactivation due to unplug needed.", h
->user_name
);
2532 case HOME_DEACTIVATING
:
2533 log_debug("Home %s is already being deactivated, forced deactivation due to unplug unnecessary.", h
->user_name
);
2538 r
= home_deactivate_internal(h
, true, &error
);
2540 log_warning_errno(r
, "Failed to forcibly deactivate %s, ignoring: %s", h
->user_name
, bus_error_message(&error
, r
));
2544 /* If any operation is being executed, let's leave this pending */
2548 /* Note that we don't call operation_fail() or operation_success() here, because this kind of
2549 * operation has no message associated with it, and thus there's no need to propagate success. */
2551 assert(!o
->message
);
2555 static int on_pending(sd_event_source
*s
, void *userdata
) {
2563 o
= ordered_set_first(h
->pending_operations
);
2565 static int (* const operation_table
[_OPERATION_MAX
])(Home
*h
, Operation
*o
) = {
2566 [OPERATION_ACQUIRE
] = home_dispatch_acquire
,
2567 [OPERATION_RELEASE
] = home_dispatch_release
,
2568 [OPERATION_LOCK_ALL
] = home_dispatch_lock_all
,
2569 [OPERATION_PIPE_EOF
] = home_dispatch_pipe_eof
,
2570 [OPERATION_DEACTIVATE_FORCE
] = home_dispatch_deactivate_force
,
2573 assert(operation_table
[o
->type
]);
2574 r
= operation_table
[o
->type
](h
, o
);
2576 /* The operation completed, let's remove it from the pending list, and exit while
2577 * leaving the event source enabled as it is. */
2578 assert_se(ordered_set_remove(h
->pending_operations
, o
) == o
);
2584 /* Nothing to do anymore, let's turn off this event source */
2585 r
= sd_event_source_set_enabled(s
, SD_EVENT_OFF
);
2587 return log_error_errno(r
, "Failed to disable event source: %m");
2592 int home_schedule_operation(Home
*h
, Operation
*o
, sd_bus_error
*error
) {
2598 if (ordered_set_size(h
->pending_operations
) >= PENDING_OPERATIONS_MAX
)
2599 return sd_bus_error_setf(error
, BUS_ERROR_TOO_MANY_OPERATIONS
, "Too many client operations requested");
2601 r
= ordered_set_ensure_allocated(&h
->pending_operations
, &operation_hash_ops
);
2605 r
= ordered_set_put(h
->pending_operations
, o
);
2612 if (!h
->pending_event_source
) {
2613 r
= sd_event_add_defer(h
->manager
->event
, &h
->pending_event_source
, on_pending
, h
);
2615 return log_error_errno(r
, "Failed to allocate pending defer event source: %m");
2617 (void) sd_event_source_set_description(h
->pending_event_source
, "pending");
2619 r
= sd_event_source_set_priority(h
->pending_event_source
, SD_EVENT_PRIORITY_IDLE
);
2624 r
= sd_event_source_set_enabled(h
->pending_event_source
, SD_EVENT_ON
);
2626 return log_error_errno(r
, "Failed to trigger pending event source: %m");
2631 static int home_get_image_path_seat(Home
*h
, char **ret
) {
2632 _cleanup_(sd_device_unrefp
) sd_device
*d
= NULL
;
2633 _cleanup_free_
char *c
= NULL
;
2634 const char *ip
, *seat
;
2640 if (user_record_storage(h
->record
) != USER_LUKS
)
2643 ip
= user_record_image_path(h
->record
);
2647 if (!path_startswith(ip
, "/dev/"))
2650 if (stat(ip
, &st
) < 0)
2653 if (!S_ISBLK(st
.st_mode
))
2656 r
= sd_device_new_from_devnum(&d
, 'b', st
.st_rdev
);
2660 r
= sd_device_get_property_value(d
, "ID_SEAT", &seat
);
2661 if (r
== -ENOENT
) /* no property means seat0 */
2674 int home_auto_login(Home
*h
, char ***ret_seats
) {
2675 _cleanup_free_
char *seat
= NULL
, *seat2
= NULL
;
2680 (void) home_get_image_path_seat(h
, &seat
);
2682 if (h
->record
->auto_login
> 0 && !streq_ptr(seat
, "seat0")) {
2683 /* For now, when the auto-login boolean is set for a user, let's make it mean
2684 * "seat0". Eventually we can extend the concept and allow configuration of any kind of seat,
2685 * but let's keep simple initially, most likely the feature is interesting on single-user
2686 * systems anyway, only.
2688 * We filter out users marked for auto-login in we know for sure their home directory is
2691 if (user_record_test_image_path(h
->record
) != USER_TEST_ABSENT
) {
2692 seat2
= strdup("seat0");
2698 if (seat
|| seat2
) {
2699 _cleanup_strv_free_
char **list
= NULL
;
2702 list
= new(char*, 3);
2707 list
[i
++] = TAKE_PTR(seat
);
2709 list
[i
++] = TAKE_PTR(seat2
);
2712 *ret_seats
= TAKE_PTR(list
);
2720 int home_set_current_message(Home
*h
, sd_bus_message
*m
) {
2726 if (h
->current_operation
)
2729 h
->current_operation
= operation_new(OPERATION_IMMEDIATE
, m
);
2730 if (!h
->current_operation
)
2736 static const char* const home_state_table
[_HOME_STATE_MAX
] = {
2737 [HOME_UNFIXATED
] = "unfixated",
2738 [HOME_ABSENT
] = "absent",
2739 [HOME_INACTIVE
] = "inactive",
2740 [HOME_DIRTY
] = "dirty",
2741 [HOME_FIXATING
] = "fixating",
2742 [HOME_FIXATING_FOR_ACTIVATION
] = "fixating-for-activation",
2743 [HOME_FIXATING_FOR_ACQUIRE
] = "fixating-for-acquire",
2744 [HOME_ACTIVATING
] = "activating",
2745 [HOME_ACTIVATING_FOR_ACQUIRE
] = "activating-for-acquire",
2746 [HOME_DEACTIVATING
] = "deactivating",
2747 [HOME_ACTIVE
] = "active",
2748 [HOME_LOCKING
] = "locking",
2749 [HOME_LOCKED
] = "locked",
2750 [HOME_UNLOCKING
] = "unlocking",
2751 [HOME_UNLOCKING_FOR_ACQUIRE
] = "unlocking-for-acquire",
2752 [HOME_CREATING
] = "creating",
2753 [HOME_REMOVING
] = "removing",
2754 [HOME_UPDATING
] = "updating",
2755 [HOME_UPDATING_WHILE_ACTIVE
] = "updating-while-active",
2756 [HOME_RESIZING
] = "resizing",
2757 [HOME_RESIZING_WHILE_ACTIVE
] = "resizing-while-active",
2758 [HOME_PASSWD
] = "passwd",
2759 [HOME_PASSWD_WHILE_ACTIVE
] = "passwd-while-active",
2760 [HOME_AUTHENTICATING
] = "authenticating",
2761 [HOME_AUTHENTICATING_WHILE_ACTIVE
] = "authenticating-while-active",
2762 [HOME_AUTHENTICATING_FOR_ACQUIRE
] = "authenticating-for-acquire",
2765 DEFINE_STRING_TABLE_LOOKUP(home_state
, HomeState
);