]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/home/homed-home.c
projects / thirdparty / systemd.git / blob
? search:


db88d60c094249176110bd215b7a660e9f62c04d
[thirdparty/systemd.git] / src / home / homed-home.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #if HAVE_LINUX_MEMFD_H
4 #include <linux/memfd.h>
5 #endif
6
7 #include <sys/mman.h>
8 #include <sys/quota.h>
9 #include <sys/vfs.h>
10
11 #include "blockdev-util.h"
12 #include "btrfs-util.h"
13 #include "bus-common-errors.h"
14 #include "env-util.h"
15 #include "errno-list.h"
16 #include "errno-util.h"
17 #include "fd-util.h"
18 #include "fileio.h"
19 #include "home-util.h"
20 #include "homed-home-bus.h"
21 #include "homed-home.h"
22 #include "missing_syscall.h"
23 #include "mkdir.h"
24 #include "path-util.h"
25 #include "process-util.h"
26 #include "pwquality-util.h"
27 #include "quota-util.h"
28 #include "resize-fs.h"
29 #include "set.h"
30 #include "signal-util.h"
31 #include "stat-util.h"
32 #include "string-table.h"
33 #include "strv.h"
34 #include "user-record-sign.h"
35 #include "user-record-util.h"
36 #include "user-record-pwquality.h"
37 #include "user-record.h"
38 #include "user-util.h"
39
40 #define HOME_USERS_MAX 500
41 #define PENDING_OPERATIONS_MAX 100
42
43 assert_cc(HOME_UID_MIN <= HOME_UID_MAX);
44 assert_cc(HOME_USERS_MAX <= (HOME_UID_MAX - HOME_UID_MIN + 1));
45
46 static int home_start_work(Home *h, const char *verb, UserRecord *hr, UserRecord *secret);
47
48 DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(operation_hash_ops, void, trivial_hash_func, trivial_compare_func, Operation, operation_unref);
49
50 static int suitable_home_record(UserRecord *hr) {
51 int r;
52
53 assert(hr);
54
55 if (!hr->user_name)
56 return -EUNATCH;
57
58 /* We are a bit more restrictive with what we accept as homed-managed user than what we accept in
59 * home records in general. Let's enforce the stricter rule here. */
60 if (!suitable_user_name(hr->user_name))
61 return -EINVAL;
62 if (!uid_is_valid(hr->uid))
63 return -EINVAL;
64
65 /* Insist we are outside of the dynamic and system range */
66 if (uid_is_system(hr->uid) || gid_is_system(user_record_gid(hr)) ||
67 uid_is_dynamic(hr->uid) || gid_is_dynamic(user_record_gid(hr)))
68 return -EADDRNOTAVAIL;
69
70 /* Insist that GID and UID match */
71 if (user_record_gid(hr) != (gid_t) hr->uid)
72 return -EBADSLT;
73
74 /* Similar for the realm */
75 if (hr->realm) {
76 r = suitable_realm(hr->realm);
77 if (r < 0)
78 return r;
79 if (r == 0)
80 return -EINVAL;
81 }
82
83 return 0;
84 }
85
86 int home_new(Manager *m, UserRecord *hr, const char *sysfs, Home **ret) {
87 _cleanup_(home_freep) Home *home = NULL;
88 _cleanup_free_ char *nm = NULL, *ns = NULL;
89 int r;
90
91 assert(m);
92 assert(hr);
93
94 r = suitable_home_record(hr);
95 if (r < 0)
96 return r;
97
98 if (hashmap_contains(m->homes_by_name, hr->user_name))
99 return -EBUSY;
100
101 if (hashmap_contains(m->homes_by_uid, UID_TO_PTR(hr->uid)))
102 return -EBUSY;
103
104 if (sysfs && hashmap_contains(m->homes_by_sysfs, sysfs))
105 return -EBUSY;
106
107 if (hashmap_size(m->homes_by_name) >= HOME_USERS_MAX)
108 return -EUSERS;
109
110 nm = strdup(hr->user_name);
111 if (!nm)
112 return -ENOMEM;
113
114 if (sysfs) {
115 ns = strdup(sysfs);
116 if (!ns)
117 return -ENOMEM;
118 }
119
120 home = new(Home, 1);
121 if (!home)
122 return -ENOMEM;
123
124 *home = (Home) {
125 .manager = m,
126 .user_name = TAKE_PTR(nm),
127 .uid = hr->uid,
128 .state = _HOME_STATE_INVALID,
129 .worker_stdout_fd = -1,
130 .sysfs = TAKE_PTR(ns),
131 .signed_locally = -1,
132 };
133
134 r = hashmap_put(m->homes_by_name, home->user_name, home);
135 if (r < 0)
136 return r;
137
138 r = hashmap_put(m->homes_by_uid, UID_TO_PTR(home->uid), home);
139 if (r < 0)
140 return r;
141
142 if (home->sysfs) {
143 r = hashmap_put(m->homes_by_sysfs, home->sysfs, home);
144 if (r < 0)
145 return r;
146 }
147
148 r = user_record_clone(hr, USER_RECORD_LOAD_MASK_SECRET, &home->record);
149 if (r < 0)
150 return r;
151
152 (void) bus_manager_emit_auto_login_changed(m);
153 (void) bus_home_emit_change(home);
154
155 if (ret)
156 *ret = TAKE_PTR(home);
157 else
158 TAKE_PTR(home);
159
160 return 0;
161 }
162
163 Home *home_free(Home *h) {
164
165 if (!h)
166 return NULL;
167
168 if (h->manager) {
169 (void) bus_home_emit_remove(h);
170 (void) bus_manager_emit_auto_login_changed(h->manager);
171
172 if (h->user_name)
173 (void) hashmap_remove_value(h->manager->homes_by_name, h->user_name, h);
174
175 if (uid_is_valid(h->uid))
176 (void) hashmap_remove_value(h->manager->homes_by_uid, UID_TO_PTR(h->uid), h);
177
178 if (h->sysfs)
179 (void) hashmap_remove_value(h->manager->homes_by_sysfs, h->sysfs, h);
180
181 if (h->worker_pid > 0)
182 (void) hashmap_remove_value(h->manager->homes_by_worker_pid, PID_TO_PTR(h->worker_pid), h);
183
184 if (h->manager->gc_focus == h)
185 h->manager->gc_focus = NULL;
186 }
187
188 user_record_unref(h->record);
189 user_record_unref(h->secret);
190
191 h->worker_event_source = sd_event_source_unref(h->worker_event_source);
192 safe_close(h->worker_stdout_fd);
193 free(h->user_name);
194 free(h->sysfs);
195
196 h->ref_event_source_please_suspend = sd_event_source_unref(h->ref_event_source_please_suspend);
197 h->ref_event_source_dont_suspend = sd_event_source_unref(h->ref_event_source_dont_suspend);
198
199 h->pending_operations = ordered_set_free(h->pending_operations);
200 h->pending_event_source = sd_event_source_unref(h->pending_event_source);
201 h->deferred_change_event_source = sd_event_source_unref(h->deferred_change_event_source);
202
203 h->current_operation = operation_unref(h->current_operation);
204
205 return mfree(h);
206 }
207
208 int home_set_record(Home *h, UserRecord *hr) {
209 _cleanup_(user_record_unrefp) UserRecord *new_hr = NULL;
210 Home *other;
211 int r;
212
213 assert(h);
214 assert(h->user_name);
215 assert(h->record);
216 assert(hr);
217
218 if (user_record_equal(h->record, hr))
219 return 0;
220
221 r = suitable_home_record(hr);
222 if (r < 0)
223 return r;
224
225 if (!user_record_compatible(h->record, hr))
226 return -EREMCHG;
227
228 if (!FLAGS_SET(hr->mask, USER_RECORD_REGULAR) ||
229 FLAGS_SET(hr->mask, USER_RECORD_SECRET))
230 return -EINVAL;
231
232 if (FLAGS_SET(h->record->mask, USER_RECORD_STATUS)) {
233 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
234
235 /* Hmm, the existing record has status fields? If so, copy them over */
236
237 v = json_variant_ref(hr->json);
238 r = json_variant_set_field(&v, "status", json_variant_by_key(h->record->json, "status"));
239 if (r < 0)
240 return r;
241
242 new_hr = user_record_new();
243 if (!new_hr)
244 return -ENOMEM;
245
246 r = user_record_load(new_hr, v, USER_RECORD_LOAD_REFUSE_SECRET);
247 if (r < 0)
248 return r;
249
250 hr = new_hr;
251 }
252
253 other = hashmap_get(h->manager->homes_by_uid, UID_TO_PTR(hr->uid));
254 if (other && other != h)
255 return -EBUSY;
256
257 if (h->uid != hr->uid) {
258 r = hashmap_remove_and_replace(h->manager->homes_by_uid, UID_TO_PTR(h->uid), UID_TO_PTR(hr->uid), h);
259 if (r < 0)
260 return r;
261 }
262
263 user_record_unref(h->record);
264 h->record = user_record_ref(hr);
265 h->uid = h->record->uid;
266
267 /* The updated record might have a different autologin setting, trigger a PropertiesChanged event for it */
268 (void) bus_manager_emit_auto_login_changed(h->manager);
269 (void) bus_home_emit_change(h);
270
271 return 0;
272 }
273
274 int home_save_record(Home *h) {
275 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
276 _cleanup_free_ char *text = NULL;
277 const char *fn;
278 int r;
279
280 assert(h);
281
282 v = json_variant_ref(h->record->json);
283 r = json_variant_normalize(&v);
284 if (r < 0)
285 log_warning_errno(r, "User record could not be normalized.");
286
287 r = json_variant_format(v, JSON_FORMAT_PRETTY|JSON_FORMAT_NEWLINE, &text);
288 if (r < 0)
289 return r;
290
291 (void) mkdir("/var/lib/systemd/", 0755);
292 (void) mkdir("/var/lib/systemd/home/", 0700);
293
294 fn = strjoina("/var/lib/systemd/home/", h->user_name, ".identity");
295
296 r = write_string_file(fn, text, WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_MODE_0600|WRITE_STRING_FILE_SYNC);
297 if (r < 0)
298 return r;
299
300 return 0;
301 }
302
303 int home_unlink_record(Home *h) {
304 const char *fn;
305
306 assert(h);
307
308 fn = strjoina("/var/lib/systemd/home/", h->user_name, ".identity");
309 if (unlink(fn) < 0 && errno != ENOENT)
310 return -errno;
311
312 fn = strjoina("/run/systemd/home/", h->user_name, ".ref");
313 if (unlink(fn) < 0 && errno != ENOENT)
314 return -errno;
315
316 return 0;
317 }
318
319 static void home_set_state(Home *h, HomeState state) {
320 HomeState old_state, new_state;
321
322 assert(h);
323
324 old_state = home_get_state(h);
325 h->state = state;
326 new_state = home_get_state(h); /* Query the new state, since the 'state' variable might be set to -1,
327 * in which case we synthesize an high-level state on demand */
328
329 log_info("%s: changing state %s → %s", h->user_name,
330 home_state_to_string(old_state),
331 home_state_to_string(new_state));
332
333 if (HOME_STATE_IS_EXECUTING_OPERATION(old_state) && !HOME_STATE_IS_EXECUTING_OPERATION(new_state)) {
334 /* If we just finished executing some operation, process the queue of pending operations. And
335 * enqueue it for GC too. */
336
337 home_schedule_operation(h, NULL, NULL);
338 manager_enqueue_gc(h->manager, h);
339 }
340 }
341
342 static int home_parse_worker_stdout(int _fd, UserRecord **ret) {
343 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
344 _cleanup_close_ int fd = _fd; /* take possession, even on failure */
345 _cleanup_(user_record_unrefp) UserRecord *hr = NULL;
346 _cleanup_fclose_ FILE *f = NULL;
347 unsigned line, column;
348 struct stat st;
349 int r;
350
351 if (fstat(fd, &st) < 0)
352 return log_error_errno(errno, "Failed to stat stdout fd: %m");
353
354 assert(S_ISREG(st.st_mode));
355
356 if (st.st_size == 0) { /* empty record */
357 *ret = NULL;
358 return 0;
359 }
360
361 if (lseek(fd, SEEK_SET, 0) == (off_t) -1)
362 return log_error_errno(errno, "Failed to seek to beginning of memfd: %m");
363
364 f = take_fdopen(&fd, "r");
365 if (!f)
366 return log_error_errno(errno, "Failed to reopen memfd: %m");
367
368 if (DEBUG_LOGGING) {
369 _cleanup_free_ char *text = NULL;
370
371 r = read_full_stream(f, &text, NULL);
372 if (r < 0)
373 return log_error_errno(r, "Failed to read from client: %m");
374
375 log_debug("Got from worker: %s", text);
376 rewind(f);
377 }
378
379 r = json_parse_file(f, "stdout", JSON_PARSE_SENSITIVE, &v, &line, &column);
380 if (r < 0)
381 return log_error_errno(r, "Failed to parse identity at %u:%u: %m", line, column);
382
383 hr = user_record_new();
384 if (!hr)
385 return log_oom();
386
387 r = user_record_load(hr, v, USER_RECORD_LOAD_REFUSE_SECRET);
388 if (r < 0)
389 return log_error_errno(r, "Failed to load home record identity: %m");
390
391 *ret = TAKE_PTR(hr);
392 return 1;
393 }
394
395 static int home_verify_user_record(Home *h, UserRecord *hr, bool *ret_signed_locally, sd_bus_error *ret_error) {
396 int is_signed;
397
398 assert(h);
399 assert(hr);
400 assert(ret_signed_locally);
401
402 is_signed = manager_verify_user_record(h->manager, hr);
403 switch (is_signed) {
404
405 case USER_RECORD_SIGNED_EXCLUSIVE:
406 log_info("Home %s is signed exclusively by our key, accepting.", hr->user_name);
407 *ret_signed_locally = true;
408 return 0;
409
410 case USER_RECORD_SIGNED:
411 log_info("Home %s is signed by our key (and others), accepting.", hr->user_name);
412 *ret_signed_locally = false;
413 return 0;
414
415 case USER_RECORD_FOREIGN:
416 log_info("Home %s is signed by foreign key we like, accepting.", hr->user_name);
417 *ret_signed_locally = false;
418 return 0;
419
420 case USER_RECORD_UNSIGNED:
421 sd_bus_error_setf(ret_error, BUS_ERROR_BAD_SIGNATURE, "User record %s is not signed at all, refusing.", hr->user_name);
422 return log_error_errno(SYNTHETIC_ERRNO(EPERM), "Home %s contains user record that is not signed at all, refusing.", hr->user_name);
423
424 case -ENOKEY:
425 sd_bus_error_setf(ret_error, BUS_ERROR_BAD_SIGNATURE, "User record %s is not signed by any known key, refusing.", hr->user_name);
426 return log_error_errno(is_signed, "Home %s contains user record that is not signed by any known key, refusing.", hr->user_name);
427
428 default:
429 assert(is_signed < 0);
430 return log_error_errno(is_signed, "Failed to verify signature on user record for %s, refusing fixation: %m", hr->user_name);
431 }
432 }
433
434 static int convert_worker_errno(Home *h, int e, sd_bus_error *error) {
435 /* Converts the error numbers the worker process returned into somewhat sensible dbus errors */
436
437 switch (e) {
438
439 case -EMSGSIZE:
440 return sd_bus_error_setf(error, BUS_ERROR_BAD_HOME_SIZE, "File systems of this type cannot be shrunk");
441 case -ETXTBSY:
442 return sd_bus_error_setf(error, BUS_ERROR_BAD_HOME_SIZE, "File systems of this type can only be shrunk offline");
443 case -ERANGE:
444 return sd_bus_error_setf(error, BUS_ERROR_BAD_HOME_SIZE, "File system size too small");
445 case -ENOLINK:
446 return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "System does not support selected storage backend");
447 case -EPROTONOSUPPORT:
448 return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "System does not support selected file system");
449 case -ENOTTY:
450 return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Operation not supported on storage backend");
451 case -ESOCKTNOSUPPORT:
452 return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Operation not supported on file system");
453 case -ENOKEY:
454 return sd_bus_error_setf(error, BUS_ERROR_BAD_PASSWORD, "Password for home %s is incorrect or not sufficient for authentication.", h->user_name);
455 case -EBADSLT:
456 return sd_bus_error_setf(error, BUS_ERROR_BAD_PASSWORD_AND_NO_TOKEN, "Password for home %s is incorrect or not sufficient, and configured security token not found either.", h->user_name);
457 case -EREMOTEIO:
458 return sd_bus_error_setf(error, BUS_ERROR_BAD_RECOVERY_KEY, "Recovery key for home %s is incorrect or not sufficient for authentication.", h->user_name);
459 case -ENOANO:
460 return sd_bus_error_setf(error, BUS_ERROR_TOKEN_PIN_NEEDED, "PIN for security token required.");
461 case -ERFKILL:
462 return sd_bus_error_setf(error, BUS_ERROR_TOKEN_PROTECTED_AUTHENTICATION_PATH_NEEDED, "Security token requires protected authentication path.");
463 case -EMEDIUMTYPE:
464 return sd_bus_error_setf(error, BUS_ERROR_TOKEN_USER_PRESENCE_NEEDED, "Security token requires user presence.");
465 case -ENOSTR:
466 return sd_bus_error_setf(error, BUS_ERROR_TOKEN_ACTION_TIMEOUT, "Token action timeout. (User was supposed to verify presence or similar, by interacting with the token, and didn't do that in time.)");
467 case -EOWNERDEAD:
468 return sd_bus_error_setf(error, BUS_ERROR_TOKEN_PIN_LOCKED, "PIN of security token locked.");
469 case -ENOLCK:
470 return sd_bus_error_setf(error, BUS_ERROR_TOKEN_BAD_PIN, "Bad PIN of security token.");
471 case -ETOOMANYREFS:
472 return sd_bus_error_setf(error, BUS_ERROR_TOKEN_BAD_PIN_FEW_TRIES_LEFT, "Bad PIN of security token, and only a few tries left.");
473 case -EUCLEAN:
474 return sd_bus_error_setf(error, BUS_ERROR_TOKEN_BAD_PIN_ONE_TRY_LEFT, "Bad PIN of security token, and only one try left.");
475 case -EBUSY:
476 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
477 case -ENOEXEC:
478 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s is currently not active", h->user_name);
479 case -ENOSPC:
480 return sd_bus_error_setf(error, BUS_ERROR_NO_DISK_SPACE, "Not enough disk space for home %s", h->user_name);
481 case -EKEYREVOKED:
482 return sd_bus_error_setf(error, BUS_ERROR_HOME_CANT_AUTHENTICATE, "Home %s has no password or other authentication mechanism defined.", h->user_name);
483 }
484
485 return 0;
486 }
487
488 static void home_count_bad_authentication(Home *h, bool save) {
489 int r;
490
491 assert(h);
492
493 r = user_record_bad_authentication(h->record);
494 if (r < 0) {
495 log_warning_errno(r, "Failed to increase bad authentication counter, ignoring: %m");
496 return;
497 }
498
499 if (save) {
500 r = home_save_record(h);
501 if (r < 0)
502 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
503 }
504 }
505
506 static void home_fixate_finish(Home *h, int ret, UserRecord *hr) {
507 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
508 _cleanup_(user_record_unrefp) UserRecord *secret = NULL;
509 bool signed_locally;
510 int r;
511
512 assert(h);
513 assert(IN_SET(h->state, HOME_FIXATING, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE));
514
515 secret = TAKE_PTR(h->secret); /* Take possession */
516
517 if (ret < 0) {
518 if (ret == -ENOKEY)
519 (void) home_count_bad_authentication(h, false);
520
521 (void) convert_worker_errno(h, ret, &error);
522 r = log_error_errno(ret, "Fixation failed: %m");
523 goto fail;
524 }
525 if (!hr) {
526 r = log_error_errno(SYNTHETIC_ERRNO(EIO), "Did not receive user record from worker process, fixation failed.");
527 goto fail;
528 }
529
530 r = home_verify_user_record(h, hr, &signed_locally, &error);
531 if (r < 0)
532 goto fail;
533
534 r = home_set_record(h, hr);
535 if (r < 0) {
536 log_error_errno(r, "Failed to update home record: %m");
537 goto fail;
538 }
539
540 h->signed_locally = signed_locally;
541
542 /* When we finished fixating (and don't follow-up with activation), let's count this as good authentication */
543 if (h->state == HOME_FIXATING) {
544 r = user_record_good_authentication(h->record);
545 if (r < 0)
546 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
547 }
548
549 r = home_save_record(h);
550 if (r < 0)
551 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
552
553 if (IN_SET(h->state, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE)) {
554
555 r = home_start_work(h, "activate", h->record, secret);
556 if (r < 0) {
557 h->current_operation = operation_result_unref(h->current_operation, r, NULL);
558 home_set_state(h, _HOME_STATE_INVALID);
559 } else
560 home_set_state(h, h->state == HOME_FIXATING_FOR_ACTIVATION ? HOME_ACTIVATING : HOME_ACTIVATING_FOR_ACQUIRE);
561
562 return;
563 }
564
565 log_debug("Fixation of %s completed.", h->user_name);
566
567 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
568
569 /* Reset the state to "invalid", which makes home_get_state() test if the image exists and returns
570 * HOME_ABSENT vs. HOME_INACTIVE as necessary. */
571 home_set_state(h, _HOME_STATE_INVALID);
572 return;
573
574 fail:
575 /* If fixation fails, we stay in unfixated state! */
576 h->current_operation = operation_result_unref(h->current_operation, r, &error);
577 home_set_state(h, HOME_UNFIXATED);
578 }
579
580 static void home_activate_finish(Home *h, int ret, UserRecord *hr) {
581 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
582 int r;
583
584 assert(h);
585 assert(IN_SET(h->state, HOME_ACTIVATING, HOME_ACTIVATING_FOR_ACQUIRE));
586
587 if (ret < 0) {
588 if (ret == -ENOKEY)
589 home_count_bad_authentication(h, true);
590
591 (void) convert_worker_errno(h, ret, &error);
592 r = log_error_errno(ret, "Activation failed: %m");
593 goto finish;
594 }
595
596 if (hr) {
597 bool signed_locally;
598
599 r = home_verify_user_record(h, hr, &signed_locally, &error);
600 if (r < 0)
601 goto finish;
602
603 r = home_set_record(h, hr);
604 if (r < 0) {
605 log_error_errno(r, "Failed to update home record, ignoring: %m");
606 goto finish;
607 }
608
609 h->signed_locally = signed_locally;
610
611 r = user_record_good_authentication(h->record);
612 if (r < 0)
613 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
614
615 r = home_save_record(h);
616 if (r < 0)
617 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
618 }
619
620 log_debug("Activation of %s completed.", h->user_name);
621 r = 0;
622
623 finish:
624 h->current_operation = operation_result_unref(h->current_operation, r, &error);
625 home_set_state(h, _HOME_STATE_INVALID);
626 }
627
628 static void home_deactivate_finish(Home *h, int ret, UserRecord *hr) {
629 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
630 int r;
631
632 assert(h);
633 assert(h->state == HOME_DEACTIVATING);
634 assert(!hr); /* We don't expect a record on this operation */
635
636 if (ret < 0) {
637 (void) convert_worker_errno(h, ret, &error);
638 r = log_error_errno(ret, "Deactivation of %s failed: %m", h->user_name);
639 goto finish;
640 }
641
642 log_debug("Deactivation of %s completed.", h->user_name);
643 r = 0;
644
645 finish:
646 h->current_operation = operation_result_unref(h->current_operation, r, &error);
647 home_set_state(h, _HOME_STATE_INVALID);
648 }
649
650 static void home_remove_finish(Home *h, int ret, UserRecord *hr) {
651 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
652 Manager *m;
653 int r;
654
655 assert(h);
656 assert(h->state == HOME_REMOVING);
657 assert(!hr); /* We don't expect a record on this operation */
658
659 m = h->manager;
660
661 if (ret < 0 && ret != -EALREADY) {
662 (void) convert_worker_errno(h, ret, &error);
663 r = log_error_errno(ret, "Removing %s failed: %m", h->user_name);
664 goto fail;
665 }
666
667 /* For a couple of storage types we can't delete the actual data storage when called (such as LUKS on
668 * partitions like USB sticks, or so). Sometimes these storage locations are among those we normally
669 * automatically discover in /home or in udev. When such a home is deleted let's hence issue a rescan
670 * after completion, so that "unfixated" entries are rediscovered. */
671 if (!IN_SET(user_record_test_image_path(h->record), USER_TEST_UNDEFINED, USER_TEST_ABSENT))
672 manager_enqueue_rescan(m);
673
674 /* The image is now removed from disk. Now also remove our stored record */
675 r = home_unlink_record(h);
676 if (r < 0) {
677 log_error_errno(r, "Removing record file failed: %m");
678 goto fail;
679 }
680
681 log_debug("Removal of %s completed.", h->user_name);
682 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
683
684 /* Unload this record from memory too now. */
685 h = home_free(h);
686 return;
687
688 fail:
689 h->current_operation = operation_result_unref(h->current_operation, r, &error);
690 home_set_state(h, _HOME_STATE_INVALID);
691 }
692
693 static void home_create_finish(Home *h, int ret, UserRecord *hr) {
694 int r;
695
696 assert(h);
697 assert(h->state == HOME_CREATING);
698
699 if (ret < 0) {
700 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
701
702 (void) convert_worker_errno(h, ret, &error);
703 log_error_errno(ret, "Operation on %s failed: %m", h->user_name);
704 h->current_operation = operation_result_unref(h->current_operation, ret, &error);
705
706 if (h->unregister_on_failure) {
707 (void) home_unlink_record(h);
708 h = home_free(h);
709 return;
710 }
711
712 home_set_state(h, _HOME_STATE_INVALID);
713 return;
714 }
715
716 if (hr) {
717 r = home_set_record(h, hr);
718 if (r < 0)
719 log_warning_errno(r, "Failed to update home record, ignoring: %m");
720 }
721
722 r = home_save_record(h);
723 if (r < 0)
724 log_warning_errno(r, "Failed to save record to disk, ignoring: %m");
725
726 log_debug("Creation of %s completed.", h->user_name);
727
728 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
729 home_set_state(h, _HOME_STATE_INVALID);
730 }
731
732 static void home_change_finish(Home *h, int ret, UserRecord *hr) {
733 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
734 int r;
735
736 assert(h);
737
738 if (ret < 0) {
739 if (ret == -ENOKEY)
740 (void) home_count_bad_authentication(h, true);
741
742 (void) convert_worker_errno(h, ret, &error);
743 r = log_error_errno(ret, "Change operation failed: %m");
744 goto finish;
745 }
746
747 if (hr) {
748 r = home_set_record(h, hr);
749 if (r < 0)
750 log_warning_errno(r, "Failed to update home record, ignoring: %m");
751 else {
752 r = user_record_good_authentication(h->record);
753 if (r < 0)
754 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
755
756 r = home_save_record(h);
757 if (r < 0)
758 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
759 }
760 }
761
762 log_debug("Change operation of %s completed.", h->user_name);
763 r = 0;
764
765 finish:
766 h->current_operation = operation_result_unref(h->current_operation, r, &error);
767 home_set_state(h, _HOME_STATE_INVALID);
768 }
769
770 static void home_locking_finish(Home *h, int ret, UserRecord *hr) {
771 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
772 int r;
773
774 assert(h);
775 assert(h->state == HOME_LOCKING);
776
777 if (ret < 0) {
778 (void) convert_worker_errno(h, ret, &error);
779 r = log_error_errno(ret, "Locking operation failed: %m");
780 goto finish;
781 }
782
783 log_debug("Locking operation of %s completed.", h->user_name);
784 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
785 home_set_state(h, HOME_LOCKED);
786 return;
787
788 finish:
789 /* If a specific home doesn't know the concept of locking, then that's totally OK, don't propagate
790 * the error if we are executing a LockAllHomes() operation. */
791
792 if (h->current_operation->type == OPERATION_LOCK_ALL && r == -ENOTTY)
793 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
794 else
795 h->current_operation = operation_result_unref(h->current_operation, r, &error);
796
797 home_set_state(h, _HOME_STATE_INVALID);
798 }
799
800 static void home_unlocking_finish(Home *h, int ret, UserRecord *hr) {
801 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
802 int r;
803
804 assert(h);
805 assert(IN_SET(h->state, HOME_UNLOCKING, HOME_UNLOCKING_FOR_ACQUIRE));
806
807 if (ret < 0) {
808 if (ret == -ENOKEY)
809 (void) home_count_bad_authentication(h, true);
810
811 (void) convert_worker_errno(h, ret, &error);
812 r = log_error_errno(ret, "Unlocking operation failed: %m");
813
814 /* Revert to locked state */
815 home_set_state(h, HOME_LOCKED);
816 h->current_operation = operation_result_unref(h->current_operation, r, &error);
817 return;
818 }
819
820 r = user_record_good_authentication(h->record);
821 if (r < 0)
822 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
823 else {
824 r = home_save_record(h);
825 if (r < 0)
826 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
827 }
828
829 log_debug("Unlocking operation of %s completed.", h->user_name);
830
831 h->current_operation = operation_result_unref(h->current_operation, r, &error);
832 home_set_state(h, _HOME_STATE_INVALID);
833 return;
834 }
835
836 static void home_authenticating_finish(Home *h, int ret, UserRecord *hr) {
837 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
838 int r;
839
840 assert(h);
841 assert(IN_SET(h->state, HOME_AUTHENTICATING, HOME_AUTHENTICATING_WHILE_ACTIVE, HOME_AUTHENTICATING_FOR_ACQUIRE));
842
843 if (ret < 0) {
844 if (ret == -ENOKEY)
845 (void) home_count_bad_authentication(h, true);
846
847 (void) convert_worker_errno(h, ret, &error);
848 r = log_error_errno(ret, "Authentication failed: %m");
849 goto finish;
850 }
851
852 if (hr) {
853 r = home_set_record(h, hr);
854 if (r < 0)
855 log_warning_errno(r, "Failed to update home record, ignoring: %m");
856 else {
857 r = user_record_good_authentication(h->record);
858 if (r < 0)
859 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
860
861 r = home_save_record(h);
862 if (r < 0)
863 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
864 }
865 }
866
867 log_debug("Authentication of %s completed.", h->user_name);
868 r = 0;
869
870 finish:
871 h->current_operation = operation_result_unref(h->current_operation, r, &error);
872 home_set_state(h, _HOME_STATE_INVALID);
873 }
874
875 static int home_on_worker_process(sd_event_source *s, const siginfo_t *si, void *userdata) {
876 _cleanup_(user_record_unrefp) UserRecord *hr = NULL;
877 Home *h = userdata;
878 int ret;
879
880 assert(s);
881 assert(si);
882 assert(h);
883
884 assert(h->worker_pid == si->si_pid);
885 assert(h->worker_event_source);
886 assert(h->worker_stdout_fd >= 0);
887
888 (void) hashmap_remove_value(h->manager->homes_by_worker_pid, PID_TO_PTR(h->worker_pid), h);
889
890 h->worker_pid = 0;
891 h->worker_event_source = sd_event_source_unref(h->worker_event_source);
892
893 if (si->si_code != CLD_EXITED) {
894 assert(IN_SET(si->si_code, CLD_KILLED, CLD_DUMPED));
895 ret = log_debug_errno(SYNTHETIC_ERRNO(EPROTO), "Worker process died abnormally with signal %s.", signal_to_string(si->si_status));
896 } else if (si->si_status != EXIT_SUCCESS) {
897 /* If we received an error code via sd_notify(), use it */
898 if (h->worker_error_code != 0)
899 ret = log_debug_errno(h->worker_error_code, "Worker reported error code %s.", errno_to_name(h->worker_error_code));
900 else
901 ret = log_debug_errno(SYNTHETIC_ERRNO(EPROTO), "Worker exited with exit code %i.", si->si_status);
902 } else
903 ret = home_parse_worker_stdout(TAKE_FD(h->worker_stdout_fd), &hr);
904
905 h->worker_stdout_fd = safe_close(h->worker_stdout_fd);
906
907 switch (h->state) {
908
909 case HOME_FIXATING:
910 case HOME_FIXATING_FOR_ACTIVATION:
911 case HOME_FIXATING_FOR_ACQUIRE:
912 home_fixate_finish(h, ret, hr);
913 break;
914
915 case HOME_ACTIVATING:
916 case HOME_ACTIVATING_FOR_ACQUIRE:
917 home_activate_finish(h, ret, hr);
918 break;
919
920 case HOME_DEACTIVATING:
921 home_deactivate_finish(h, ret, hr);
922 break;
923
924 case HOME_LOCKING:
925 home_locking_finish(h, ret, hr);
926 break;
927
928 case HOME_UNLOCKING:
929 case HOME_UNLOCKING_FOR_ACQUIRE:
930 home_unlocking_finish(h, ret, hr);
931 break;
932
933 case HOME_CREATING:
934 home_create_finish(h, ret, hr);
935 break;
936
937 case HOME_REMOVING:
938 home_remove_finish(h, ret, hr);
939 break;
940
941 case HOME_UPDATING:
942 case HOME_UPDATING_WHILE_ACTIVE:
943 case HOME_RESIZING:
944 case HOME_RESIZING_WHILE_ACTIVE:
945 case HOME_PASSWD:
946 case HOME_PASSWD_WHILE_ACTIVE:
947 home_change_finish(h, ret, hr);
948 break;
949
950 case HOME_AUTHENTICATING:
951 case HOME_AUTHENTICATING_WHILE_ACTIVE:
952 case HOME_AUTHENTICATING_FOR_ACQUIRE:
953 home_authenticating_finish(h, ret, hr);
954 break;
955
956 default:
957 assert_not_reached("Unexpected state after worker exited");
958 }
959
960 return 0;
961 }
962
963 static int home_start_work(Home *h, const char *verb, UserRecord *hr, UserRecord *secret) {
964 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
965 _cleanup_(erase_and_freep) char *formatted = NULL;
966 _cleanup_close_ int stdin_fd = -1, stdout_fd = -1;
967 pid_t pid = 0;
968 int r;
969
970 assert(h);
971 assert(verb);
972 assert(hr);
973
974 if (h->worker_pid != 0)
975 return -EBUSY;
976
977 assert(h->worker_stdout_fd < 0);
978 assert(!h->worker_event_source);
979
980 v = json_variant_ref(hr->json);
981
982 if (secret) {
983 JsonVariant *sub = NULL;
984
985 sub = json_variant_by_key(secret->json, "secret");
986 if (!sub)
987 return -ENOKEY;
988
989 r = json_variant_set_field(&v, "secret", sub);
990 if (r < 0)
991 return r;
992 }
993
994 r = json_variant_format(v, 0, &formatted);
995 if (r < 0)
996 return r;
997
998 stdin_fd = acquire_data_fd(formatted, strlen(formatted), 0);
999 if (stdin_fd < 0)
1000 return stdin_fd;
1001
1002 log_debug("Sending to worker: %s", formatted);
1003
1004 stdout_fd = memfd_create("homework-stdout", MFD_CLOEXEC);
1005 if (stdout_fd < 0)
1006 return -errno;
1007
1008 r = safe_fork_full("(sd-homework)",
1009 (int[]) { stdin_fd, stdout_fd }, 2,
1010 FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_LOG, &pid);
1011 if (r < 0)
1012 return r;
1013 if (r == 0) {
1014 const char *homework;
1015
1016 /* Child */
1017
1018 if (setenv("NOTIFY_SOCKET", "/run/systemd/home/notify", 1) < 0) {
1019 log_error_errno(errno, "Failed to set $NOTIFY_SOCKET: %m");
1020 _exit(EXIT_FAILURE);
1021 }
1022
1023 if (h->manager->default_storage >= 0)
1024 if (setenv("SYSTEMD_HOME_DEFAULT_STORAGE", user_storage_to_string(h->manager->default_storage), 1) < 0) {
1025 log_error_errno(errno, "Failed to set $SYSTEMD_HOME_DEFAULT_STORAGE: %m");
1026 _exit(EXIT_FAILURE);
1027 }
1028
1029 if (h->manager->default_file_system_type)
1030 if (setenv("SYSTEMD_HOME_DEFAULT_FILE_SYSTEM_TYPE", h->manager->default_file_system_type, 1) < 0) {
1031 log_error_errno(errno, "Failed to set $SYSTEMD_HOME_DEFAULT_FILE_SYSTEM_TYPE: %m");
1032 _exit(EXIT_FAILURE);
1033 }
1034
1035 r = rearrange_stdio(stdin_fd, stdout_fd, STDERR_FILENO);
1036 if (r < 0) {
1037 log_error_errno(r, "Failed to rearrange stdin/stdout/stderr: %m");
1038 _exit(EXIT_FAILURE);
1039 }
1040
1041 stdin_fd = stdout_fd = -1; /* have been invalidated by rearrange_stdio() */
1042
1043 /* Allow overriding the homework path via an environment variable, to make debugging
1044 * easier. */
1045 homework = getenv("SYSTEMD_HOMEWORK_PATH") ?: SYSTEMD_HOMEWORK_PATH;
1046
1047 execl(homework, homework, verb, NULL);
1048 log_error_errno(errno, "Failed to invoke %s: %m", homework);
1049 _exit(EXIT_FAILURE);
1050 }
1051
1052 r = sd_event_add_child(h->manager->event, &h->worker_event_source, pid, WEXITED, home_on_worker_process, h);
1053 if (r < 0)
1054 return r;
1055
1056 (void) sd_event_source_set_description(h->worker_event_source, "worker");
1057
1058 r = hashmap_put(h->manager->homes_by_worker_pid, PID_TO_PTR(pid), h);
1059 if (r < 0) {
1060 h->worker_event_source = sd_event_source_unref(h->worker_event_source);
1061 return r;
1062 }
1063
1064 h->worker_stdout_fd = TAKE_FD(stdout_fd);
1065 h->worker_pid = pid;
1066 h->worker_error_code = 0;
1067
1068 return 0;
1069 }
1070
1071 static int home_ratelimit(Home *h, sd_bus_error *error) {
1072 int r, ret;
1073
1074 assert(h);
1075
1076 ret = user_record_ratelimit(h->record);
1077 if (ret < 0)
1078 return ret;
1079
1080 if (h->state != HOME_UNFIXATED) {
1081 r = home_save_record(h);
1082 if (r < 0)
1083 log_warning_errno(r, "Failed to save updated record, ignoring: %m");
1084 }
1085
1086 if (ret == 0) {
1087 char buf[FORMAT_TIMESPAN_MAX];
1088 usec_t t, n;
1089
1090 n = now(CLOCK_REALTIME);
1091 t = user_record_ratelimit_next_try(h->record);
1092
1093 if (t != USEC_INFINITY && t > n)
1094 return sd_bus_error_setf(error, BUS_ERROR_AUTHENTICATION_LIMIT_HIT, "Too many login attempts, please try again in %s!",
1095 format_timespan(buf, sizeof(buf), t - n, USEC_PER_SEC));
1096
1097 return sd_bus_error_setf(error, BUS_ERROR_AUTHENTICATION_LIMIT_HIT, "Too many login attempts, please try again later.");
1098 }
1099
1100 return 0;
1101 }
1102
1103 static int home_fixate_internal(
1104 Home *h,
1105 UserRecord *secret,
1106 HomeState for_state,
1107 sd_bus_error *error) {
1108
1109 int r;
1110
1111 assert(h);
1112 assert(IN_SET(for_state, HOME_FIXATING, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE));
1113
1114 r = home_start_work(h, "inspect", h->record, secret);
1115 if (r < 0)
1116 return r;
1117
1118 if (IN_SET(for_state, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE)) {
1119 /* Remember the secret data, since we need it for the activation again, later on. */
1120 user_record_unref(h->secret);
1121 h->secret = user_record_ref(secret);
1122 }
1123
1124 home_set_state(h, for_state);
1125 return 0;
1126 }
1127
1128 int home_fixate(Home *h, UserRecord *secret, sd_bus_error *error) {
1129 int r;
1130
1131 assert(h);
1132
1133 switch (home_get_state(h)) {
1134 case HOME_ABSENT:
1135 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1136 case HOME_INACTIVE:
1137 case HOME_DIRTY:
1138 case HOME_ACTIVE:
1139 case HOME_LOCKED:
1140 return sd_bus_error_setf(error, BUS_ERROR_HOME_ALREADY_FIXATED, "Home %s is already fixated.", h->user_name);
1141 case HOME_UNFIXATED:
1142 break;
1143 default:
1144 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1145 }
1146
1147 r = home_ratelimit(h, error);
1148 if (r < 0)
1149 return r;
1150
1151 return home_fixate_internal(h, secret, HOME_FIXATING, error);
1152 }
1153
1154 static int home_activate_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1155 int r;
1156
1157 assert(h);
1158 assert(IN_SET(for_state, HOME_ACTIVATING, HOME_ACTIVATING_FOR_ACQUIRE));
1159
1160 r = home_start_work(h, "activate", h->record, secret);
1161 if (r < 0)
1162 return r;
1163
1164 home_set_state(h, for_state);
1165 return 0;
1166 }
1167
1168 int home_activate(Home *h, UserRecord *secret, sd_bus_error *error) {
1169 int r;
1170
1171 assert(h);
1172
1173 switch (home_get_state(h)) {
1174 case HOME_UNFIXATED:
1175 return home_fixate_internal(h, secret, HOME_FIXATING_FOR_ACTIVATION, error);
1176 case HOME_ABSENT:
1177 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1178 case HOME_ACTIVE:
1179 return sd_bus_error_setf(error, BUS_ERROR_HOME_ALREADY_ACTIVE, "Home %s is already active.", h->user_name);
1180 case HOME_LOCKED:
1181 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1182 case HOME_INACTIVE:
1183 case HOME_DIRTY:
1184 break;
1185 default:
1186 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1187 }
1188
1189 r = home_ratelimit(h, error);
1190 if (r < 0)
1191 return r;
1192
1193 return home_activate_internal(h, secret, HOME_ACTIVATING, error);
1194 }
1195
1196 static int home_authenticate_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1197 int r;
1198
1199 assert(h);
1200 assert(IN_SET(for_state, HOME_AUTHENTICATING, HOME_AUTHENTICATING_WHILE_ACTIVE, HOME_AUTHENTICATING_FOR_ACQUIRE));
1201
1202 r = home_start_work(h, "inspect", h->record, secret);
1203 if (r < 0)
1204 return r;
1205
1206 home_set_state(h, for_state);
1207 return 0;
1208 }
1209
1210 int home_authenticate(Home *h, UserRecord *secret, sd_bus_error *error) {
1211 HomeState state;
1212 int r;
1213
1214 assert(h);
1215
1216 state = home_get_state(h);
1217 switch (state) {
1218 case HOME_ABSENT:
1219 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1220 case HOME_LOCKED:
1221 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1222 case HOME_UNFIXATED:
1223 case HOME_INACTIVE:
1224 case HOME_DIRTY:
1225 case HOME_ACTIVE:
1226 break;
1227 default:
1228 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1229 }
1230
1231 r = home_ratelimit(h, error);
1232 if (r < 0)
1233 return r;
1234
1235 return home_authenticate_internal(h, secret, state == HOME_ACTIVE ? HOME_AUTHENTICATING_WHILE_ACTIVE : HOME_AUTHENTICATING, error);
1236 }
1237
1238 static int home_deactivate_internal(Home *h, bool force, sd_bus_error *error) {
1239 int r;
1240
1241 assert(h);
1242
1243 r = home_start_work(h, force ? "deactivate-force" : "deactivate", h->record, NULL);
1244 if (r < 0)
1245 return r;
1246
1247 home_set_state(h, HOME_DEACTIVATING);
1248 return 0;
1249 }
1250
1251 int home_deactivate(Home *h, bool force, sd_bus_error *error) {
1252 assert(h);
1253
1254 switch (home_get_state(h)) {
1255 case HOME_UNFIXATED:
1256 case HOME_ABSENT:
1257 case HOME_INACTIVE:
1258 case HOME_DIRTY:
1259 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s not active.", h->user_name);
1260 case HOME_LOCKED:
1261 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1262 case HOME_ACTIVE:
1263 break;
1264 default:
1265 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1266 }
1267
1268 return home_deactivate_internal(h, force, error);
1269 }
1270
1271 int home_create(Home *h, UserRecord *secret, sd_bus_error *error) {
1272 int r;
1273
1274 assert(h);
1275
1276 switch (home_get_state(h)) {
1277 case HOME_INACTIVE:
1278 if (h->record->storage < 0)
1279 break; /* if no storage is defined we don't know what precisely to look for, hence
1280 * HOME_INACTIVE is OK in that case too. */
1281
1282 if (IN_SET(user_record_test_image_path(h->record), USER_TEST_MAYBE, USER_TEST_UNDEFINED))
1283 break; /* And if the image path test isn't conclusive, let's also go on */
1284
1285 _fallthrough_;
1286 case HOME_UNFIXATED:
1287 case HOME_DIRTY:
1288 return sd_bus_error_setf(error, BUS_ERROR_HOME_EXISTS, "Home of user %s already exists.", h->user_name);
1289 case HOME_ABSENT:
1290 break;
1291 case HOME_ACTIVE:
1292 case HOME_LOCKED:
1293 default:
1294 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1295 }
1296
1297 if (h->record->enforce_password_policy == false)
1298 log_debug("Password quality check turned off for account, skipping.");
1299 else {
1300 r = user_record_quality_check_password(h->record, secret, error);
1301 if (r < 0)
1302 return r;
1303 }
1304
1305 r = home_start_work(h, "create", h->record, secret);
1306 if (r < 0)
1307 return r;
1308
1309 home_set_state(h, HOME_CREATING);
1310 return 0;
1311 }
1312
1313 int home_remove(Home *h, sd_bus_error *error) {
1314 HomeState state;
1315 int r;
1316
1317 assert(h);
1318
1319 state = home_get_state(h);
1320 switch (state) {
1321 case HOME_ABSENT: /* If the home directory is absent, then this is just like unregistering */
1322 return home_unregister(h, error);
1323 case HOME_LOCKED:
1324 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1325 case HOME_UNFIXATED:
1326 case HOME_INACTIVE:
1327 case HOME_DIRTY:
1328 break;
1329 case HOME_ACTIVE:
1330 default:
1331 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1332 }
1333
1334 r = home_start_work(h, "remove", h->record, NULL);
1335 if (r < 0)
1336 return r;
1337
1338 home_set_state(h, HOME_REMOVING);
1339 return 0;
1340 }
1341
1342 static int user_record_extend_with_binding(UserRecord *hr, UserRecord *with_binding, UserRecordLoadFlags flags, UserRecord **ret) {
1343 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1344 _cleanup_(user_record_unrefp) UserRecord *nr = NULL;
1345 JsonVariant *binding;
1346 int r;
1347
1348 assert(hr);
1349 assert(with_binding);
1350 assert(ret);
1351
1352 assert_se(v = json_variant_ref(hr->json));
1353
1354 binding = json_variant_by_key(with_binding->json, "binding");
1355 if (binding) {
1356 r = json_variant_set_field(&v, "binding", binding);
1357 if (r < 0)
1358 return r;
1359 }
1360
1361 nr = user_record_new();
1362 if (!nr)
1363 return -ENOMEM;
1364
1365 r = user_record_load(nr, v, flags);
1366 if (r < 0)
1367 return r;
1368
1369 *ret = TAKE_PTR(nr);
1370 return 0;
1371 }
1372
1373 static int home_update_internal(
1374 Home *h,
1375 const char *verb,
1376 UserRecord *hr,
1377 UserRecord *secret,
1378 sd_bus_error *error) {
1379
1380 _cleanup_(user_record_unrefp) UserRecord *new_hr = NULL, *saved_secret = NULL, *signed_hr = NULL;
1381 int r, c;
1382
1383 assert(h);
1384 assert(verb);
1385 assert(hr);
1386
1387 if (!user_record_compatible(hr, h->record))
1388 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Updated user record is not compatible with existing one.");
1389 c = user_record_compare_last_change(hr, h->record); /* refuse downgrades */
1390 if (c < 0)
1391 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_DOWNGRADE, "Refusing to update to older home record.");
1392
1393 if (!secret && FLAGS_SET(hr->mask, USER_RECORD_SECRET)) {
1394 r = user_record_clone(hr, USER_RECORD_EXTRACT_SECRET, &saved_secret);
1395 if (r < 0)
1396 return r;
1397
1398 secret = saved_secret;
1399 }
1400
1401 r = manager_verify_user_record(h->manager, hr);
1402 switch (r) {
1403
1404 case USER_RECORD_UNSIGNED:
1405 if (h->signed_locally <= 0) /* If the existing record is not owned by us, don't accept an
1406 * unsigned new record. i.e. only implicitly sign new records
1407 * that where previously signed by us too. */
1408 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1409
1410 /* The updated record is not signed, then do so now */
1411 r = manager_sign_user_record(h->manager, hr, &signed_hr, error);
1412 if (r < 0)
1413 return r;
1414
1415 hr = signed_hr;
1416 break;
1417
1418 case USER_RECORD_SIGNED_EXCLUSIVE:
1419 case USER_RECORD_SIGNED:
1420 case USER_RECORD_FOREIGN:
1421 /* Has already been signed. Great! */
1422 break;
1423
1424 case -ENOKEY:
1425 default:
1426 return r;
1427 }
1428
1429 r = user_record_extend_with_binding(hr, h->record, USER_RECORD_LOAD_MASK_SECRET, &new_hr);
1430 if (r < 0)
1431 return r;
1432
1433 if (c == 0) {
1434 /* different payload but same lastChangeUSec field? That's not cool! */
1435
1436 r = user_record_masked_equal(new_hr, h->record, USER_RECORD_REGULAR|USER_RECORD_PRIVILEGED|USER_RECORD_PER_MACHINE);
1437 if (r < 0)
1438 return r;
1439 if (r == 0)
1440 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Home record different but timestamp remained the same, refusing.");
1441 }
1442
1443 r = home_start_work(h, verb, new_hr, secret);
1444 if (r < 0)
1445 return r;
1446
1447 return 0;
1448 }
1449
1450 int home_update(Home *h, UserRecord *hr, sd_bus_error *error) {
1451 HomeState state;
1452 int r;
1453
1454 assert(h);
1455 assert(hr);
1456
1457 state = home_get_state(h);
1458 switch (state) {
1459 case HOME_UNFIXATED:
1460 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1461 case HOME_ABSENT:
1462 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1463 case HOME_LOCKED:
1464 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1465 case HOME_INACTIVE:
1466 case HOME_DIRTY:
1467 case HOME_ACTIVE:
1468 break;
1469 default:
1470 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1471 }
1472
1473 r = home_ratelimit(h, error);
1474 if (r < 0)
1475 return r;
1476
1477 r = home_update_internal(h, "update", hr, NULL, error);
1478 if (r < 0)
1479 return r;
1480
1481 home_set_state(h, state == HOME_ACTIVE ? HOME_UPDATING_WHILE_ACTIVE : HOME_UPDATING);
1482 return 0;
1483 }
1484
1485 int home_resize(Home *h, uint64_t disk_size, UserRecord *secret, sd_bus_error *error) {
1486 _cleanup_(user_record_unrefp) UserRecord *c = NULL;
1487 HomeState state;
1488 int r;
1489
1490 assert(h);
1491
1492 state = home_get_state(h);
1493 switch (state) {
1494 case HOME_UNFIXATED:
1495 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1496 case HOME_ABSENT:
1497 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1498 case HOME_LOCKED:
1499 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1500 case HOME_INACTIVE:
1501 case HOME_DIRTY:
1502 case HOME_ACTIVE:
1503 break;
1504 default:
1505 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1506 }
1507
1508 r = home_ratelimit(h, error);
1509 if (r < 0)
1510 return r;
1511
1512 if (disk_size == UINT64_MAX || disk_size == h->record->disk_size) {
1513 if (h->record->disk_size == UINT64_MAX)
1514 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "No disk size to resize to specified.");
1515
1516 c = user_record_ref(h->record); /* Shortcut if size is unspecified or matches the record */
1517 } else {
1518 _cleanup_(user_record_unrefp) UserRecord *signed_c = NULL;
1519
1520 if (h->signed_locally <= 0) /* Don't allow changing of records not signed only by us */
1521 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1522
1523 r = user_record_clone(h->record, USER_RECORD_LOAD_REFUSE_SECRET, &c);
1524 if (r < 0)
1525 return r;
1526
1527 r = user_record_set_disk_size(c, disk_size);
1528 if (r == -ERANGE)
1529 return sd_bus_error_setf(error, BUS_ERROR_BAD_HOME_SIZE, "Requested size for home %s out of acceptable range.", h->user_name);
1530 if (r < 0)
1531 return r;
1532
1533 r = user_record_update_last_changed(c, false);
1534 if (r == -ECHRNG)
1535 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Record last change time of %s is newer than current time, cannot update.", h->user_name);
1536 if (r < 0)
1537 return r;
1538
1539 r = manager_sign_user_record(h->manager, c, &signed_c, error);
1540 if (r < 0)
1541 return r;
1542
1543 user_record_unref(c);
1544 c = TAKE_PTR(signed_c);
1545 }
1546
1547 r = home_update_internal(h, "resize", c, secret, error);
1548 if (r < 0)
1549 return r;
1550
1551 home_set_state(h, state == HOME_ACTIVE ? HOME_RESIZING_WHILE_ACTIVE : HOME_RESIZING);
1552 return 0;
1553 }
1554
1555 static int home_may_change_password(
1556 Home *h,
1557 sd_bus_error *error) {
1558
1559 int r;
1560
1561 assert(h);
1562
1563 r = user_record_test_password_change_required(h->record);
1564 if (IN_SET(r, -EKEYREVOKED, -EOWNERDEAD, -EKEYEXPIRED))
1565 return 0; /* expired in some form, but changing is allowed */
1566 if (IN_SET(r, -EKEYREJECTED, -EROFS))
1567 return sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Expiration settings of account %s do not allow changing of password.", h->user_name);
1568 if (r < 0)
1569 return log_error_errno(r, "Failed to test password expiry: %m");
1570
1571 return 0; /* not expired */
1572 }
1573
1574 int home_passwd(Home *h,
1575 UserRecord *new_secret,
1576 UserRecord *old_secret,
1577 sd_bus_error *error) {
1578
1579 _cleanup_(user_record_unrefp) UserRecord *c = NULL, *merged_secret = NULL, *signed_c = NULL;
1580 HomeState state;
1581 int r;
1582
1583 assert(h);
1584
1585 if (h->signed_locally <= 0) /* Don't allow changing of records not signed only by us */
1586 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1587
1588 state = home_get_state(h);
1589 switch (state) {
1590 case HOME_UNFIXATED:
1591 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1592 case HOME_ABSENT:
1593 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1594 case HOME_LOCKED:
1595 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1596 case HOME_INACTIVE:
1597 case HOME_DIRTY:
1598 case HOME_ACTIVE:
1599 break;
1600 default:
1601 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1602 }
1603
1604 r = home_ratelimit(h, error);
1605 if (r < 0)
1606 return r;
1607
1608 r = home_may_change_password(h, error);
1609 if (r < 0)
1610 return r;
1611
1612 r = user_record_clone(h->record, USER_RECORD_LOAD_REFUSE_SECRET, &c);
1613 if (r < 0)
1614 return r;
1615
1616 merged_secret = user_record_new();
1617 if (!merged_secret)
1618 return -ENOMEM;
1619
1620 r = user_record_merge_secret(merged_secret, old_secret);
1621 if (r < 0)
1622 return r;
1623
1624 r = user_record_merge_secret(merged_secret, new_secret);
1625 if (r < 0)
1626 return r;
1627
1628 if (!strv_isempty(new_secret->password)) {
1629 /* Update the password only if one is specified, otherwise let's just reuse the old password
1630 * data. This is useful as a way to propagate updated user records into the LUKS backends
1631 * properly. */
1632
1633 r = user_record_make_hashed_password(c, new_secret->password, /* extend = */ false);
1634 if (r < 0)
1635 return r;
1636
1637 r = user_record_set_password_change_now(c, -1 /* remove */);
1638 if (r < 0)
1639 return r;
1640 }
1641
1642 r = user_record_update_last_changed(c, true);
1643 if (r == -ECHRNG)
1644 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Record last change time of %s is newer than current time, cannot update.", h->user_name);
1645 if (r < 0)
1646 return r;
1647
1648 r = manager_sign_user_record(h->manager, c, &signed_c, error);
1649 if (r < 0)
1650 return r;
1651
1652 if (c->enforce_password_policy == false)
1653 log_debug("Password quality check turned off for account, skipping.");
1654 else {
1655 r = user_record_quality_check_password(c, merged_secret, error);
1656 if (r < 0)
1657 return r;
1658 }
1659
1660 r = home_update_internal(h, "passwd", signed_c, merged_secret, error);
1661 if (r < 0)
1662 return r;
1663
1664 home_set_state(h, state == HOME_ACTIVE ? HOME_PASSWD_WHILE_ACTIVE : HOME_PASSWD);
1665 return 0;
1666 }
1667
1668 int home_unregister(Home *h, sd_bus_error *error) {
1669 int r;
1670
1671 assert(h);
1672
1673 switch (home_get_state(h)) {
1674 case HOME_UNFIXATED:
1675 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s is not registered.", h->user_name);
1676 case HOME_LOCKED:
1677 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1678 case HOME_ABSENT:
1679 case HOME_INACTIVE:
1680 case HOME_DIRTY:
1681 break;
1682 case HOME_ACTIVE:
1683 default:
1684 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1685 }
1686
1687 r = home_unlink_record(h);
1688 if (r < 0)
1689 return r;
1690
1691 /* And destroy the whole entry. The caller needs to be prepared for that. */
1692 h = home_free(h);
1693 return 1;
1694 }
1695
1696 int home_lock(Home *h, sd_bus_error *error) {
1697 int r;
1698
1699 assert(h);
1700
1701 switch (home_get_state(h)) {
1702 case HOME_UNFIXATED:
1703 case HOME_ABSENT:
1704 case HOME_INACTIVE:
1705 case HOME_DIRTY:
1706 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s is not active.", h->user_name);
1707 case HOME_LOCKED:
1708 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is already locked.", h->user_name);
1709 case HOME_ACTIVE:
1710 break;
1711 default:
1712 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1713 }
1714
1715 r = home_start_work(h, "lock", h->record, NULL);
1716 if (r < 0)
1717 return r;
1718
1719 home_set_state(h, HOME_LOCKING);
1720 return 0;
1721 }
1722
1723 static int home_unlock_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1724 int r;
1725
1726 assert(h);
1727 assert(IN_SET(for_state, HOME_UNLOCKING, HOME_UNLOCKING_FOR_ACQUIRE));
1728
1729 r = home_start_work(h, "unlock", h->record, secret);
1730 if (r < 0)
1731 return r;
1732
1733 home_set_state(h, for_state);
1734 return 0;
1735 }
1736
1737 int home_unlock(Home *h, UserRecord *secret, sd_bus_error *error) {
1738 int r;
1739 assert(h);
1740
1741 r = home_ratelimit(h, error);
1742 if (r < 0)
1743 return r;
1744
1745 switch (home_get_state(h)) {
1746 case HOME_UNFIXATED:
1747 case HOME_ABSENT:
1748 case HOME_INACTIVE:
1749 case HOME_ACTIVE:
1750 case HOME_DIRTY:
1751 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_LOCKED, "Home %s is not locked.", h->user_name);
1752 case HOME_LOCKED:
1753 break;
1754 default:
1755 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1756 }
1757
1758 return home_unlock_internal(h, secret, HOME_UNLOCKING, error);
1759 }
1760
1761 HomeState home_get_state(Home *h) {
1762 int r;
1763 assert(h);
1764
1765 /* When the state field is initialized, it counts. */
1766 if (h->state >= 0)
1767 return h->state;
1768
1769 /* Otherwise, let's see if the home directory is mounted. If so, we assume for sure the home
1770 * directory is active */
1771 if (user_record_test_home_directory(h->record) == USER_TEST_MOUNTED)
1772 return HOME_ACTIVE;
1773
1774 /* And if we see the image being gone, we report this as absent */
1775 r = user_record_test_image_path(h->record);
1776 if (r == USER_TEST_ABSENT)
1777 return HOME_ABSENT;
1778 if (r == USER_TEST_DIRTY)
1779 return HOME_DIRTY;
1780
1781 /* And for all other cases we return "inactive". */
1782 return HOME_INACTIVE;
1783 }
1784
1785 void home_process_notify(Home *h, char **l) {
1786 const char *e;
1787 int error;
1788 int r;
1789
1790 assert(h);
1791
1792 e = strv_env_get(l, "ERRNO");
1793 if (!e) {
1794 log_debug("Got notify message lacking ERRNO= field, ignoring.");
1795 return;
1796 }
1797
1798 r = safe_atoi(e, &error);
1799 if (r < 0) {
1800 log_debug_errno(r, "Failed to parse received error number, ignoring: %s", e);
1801 return;
1802 }
1803 if (error <= 0) {
1804 log_debug("Error number is out of range: %i", error);
1805 return;
1806 }
1807
1808 h->worker_error_code = error;
1809 }
1810
1811 int home_killall(Home *h) {
1812 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1813 _cleanup_free_ char *unit = NULL;
1814 int r;
1815
1816 assert(h);
1817
1818 if (!uid_is_valid(h->uid))
1819 return 0;
1820
1821 assert(h->uid > 0); /* We never should be UID 0 */
1822
1823 /* Let's kill everything matching the specified UID */
1824 r = safe_fork("(sd-killer)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_WAIT|FORK_LOG, NULL);
1825 if (r < 0)
1826 return r;
1827 if (r == 0) {
1828 gid_t gid;
1829
1830 /* Child */
1831
1832 gid = user_record_gid(h->record);
1833 if (setresgid(gid, gid, gid) < 0) {
1834 log_error_errno(errno, "Failed to change GID to " GID_FMT ": %m", gid);
1835 _exit(EXIT_FAILURE);
1836 }
1837
1838 if (setgroups(0, NULL) < 0) {
1839 log_error_errno(errno, "Failed to reset auxiliary groups list: %m");
1840 _exit(EXIT_FAILURE);
1841 }
1842
1843 if (setresuid(h->uid, h->uid, h->uid) < 0) {
1844 log_error_errno(errno, "Failed to change UID to " UID_FMT ": %m", h->uid);
1845 _exit(EXIT_FAILURE);
1846 }
1847
1848 if (kill(-1, SIGKILL) < 0) {
1849 log_error_errno(errno, "Failed to kill all processes of UID " UID_FMT ": %m", h->uid);
1850 _exit(EXIT_FAILURE);
1851 }
1852
1853 _exit(EXIT_SUCCESS);
1854 }
1855
1856 /* Let's also kill everything in the user's slice */
1857 if (asprintf(&unit, "user-" UID_FMT ".slice", h->uid) < 0)
1858 return log_oom();
1859
1860 r = sd_bus_call_method(
1861 h->manager->bus,
1862 "org.freedesktop.systemd1",
1863 "/org/freedesktop/systemd1",
1864 "org.freedesktop.systemd1.Manager",
1865 "KillUnit",
1866 &error,
1867 NULL,
1868 "ssi", unit, "all", SIGKILL);
1869 if (r < 0)
1870 log_full_errno(sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_UNIT) ? LOG_DEBUG : LOG_WARNING,
1871 r, "Failed to kill login processes of user, ignoring: %s", bus_error_message(&error, r));
1872
1873 return 1;
1874 }
1875
1876 static int home_get_disk_status_luks(
1877 Home *h,
1878 HomeState state,
1879 uint64_t *ret_disk_size,
1880 uint64_t *ret_disk_usage,
1881 uint64_t *ret_disk_free,
1882 uint64_t *ret_disk_ceiling,
1883 uint64_t *ret_disk_floor) {
1884
1885 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX,
1886 disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX,
1887 stat_used = UINT64_MAX, fs_size = UINT64_MAX, header_size = 0;
1888
1889 struct statfs sfs;
1890 const char *hd;
1891 int r;
1892
1893 assert(h);
1894 assert(ret_disk_size);
1895 assert(ret_disk_usage);
1896 assert(ret_disk_free);
1897 assert(ret_disk_ceiling);
1898
1899 if (state != HOME_ABSENT) {
1900 const char *ip;
1901
1902 ip = user_record_image_path(h->record);
1903 if (ip) {
1904 struct stat st;
1905
1906 if (stat(ip, &st) < 0)
1907 log_debug_errno(errno, "Failed to stat() %s, ignoring: %m", ip);
1908 else if (S_ISREG(st.st_mode)) {
1909 _cleanup_free_ char *parent = NULL;
1910
1911 disk_size = st.st_size;
1912 stat_used = st.st_blocks * 512;
1913
1914 parent = dirname_malloc(ip);
1915 if (!parent)
1916 return log_oom();
1917
1918 if (statfs(parent, &sfs) < 0)
1919 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", parent);
1920 else
1921 disk_ceiling = stat_used + sfs.f_bsize * sfs.f_bavail;
1922
1923 } else if (S_ISBLK(st.st_mode)) {
1924 _cleanup_free_ char *szbuf = NULL;
1925 char p[SYS_BLOCK_PATH_MAX("/size")];
1926
1927 /* Let's read the size off sysfs, so that we don't have to open the device */
1928 xsprintf_sys_block_path(p, "/size", st.st_rdev);
1929 r = read_one_line_file(p, &szbuf);
1930 if (r < 0)
1931 log_debug_errno(r, "Failed to read %s, ignoring: %m", p);
1932 else {
1933 uint64_t sz;
1934
1935 r = safe_atou64(szbuf, &sz);
1936 if (r < 0)
1937 log_debug_errno(r, "Failed to parse %s, ignoring: %s", p, szbuf);
1938 else
1939 disk_size = sz * 512;
1940 }
1941 } else
1942 log_debug("Image path is not a block device or regular file, not able to acquire size.");
1943 }
1944 }
1945
1946 if (!HOME_STATE_IS_ACTIVE(state))
1947 goto finish;
1948
1949 hd = user_record_home_directory(h->record);
1950 if (!hd)
1951 goto finish;
1952
1953 if (statfs(hd, &sfs) < 0) {
1954 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", hd);
1955 goto finish;
1956 }
1957
1958 disk_free = sfs.f_bsize * sfs.f_bavail;
1959 fs_size = sfs.f_bsize * sfs.f_blocks;
1960 if (disk_size != UINT64_MAX && disk_size > fs_size)
1961 header_size = disk_size - fs_size;
1962
1963 /* We take a perspective from the user here (as opposed to from the host): the used disk space is the
1964 * difference from the limit and what's free. This makes a difference if sparse mode is not used: in
1965 * that case the image is pre-allocated and thus appears all used from the host PoV but is not used
1966 * up at all yet from the user's PoV.
1967 *
1968 * That said, we use use the stat() reported loopback file size as upper boundary: our footprint can
1969 * never be larger than what we take up on the lowest layers. */
1970
1971 if (disk_size != UINT64_MAX && disk_size > disk_free) {
1972 disk_usage = disk_size - disk_free;
1973
1974 if (stat_used != UINT64_MAX && disk_usage > stat_used)
1975 disk_usage = stat_used;
1976 } else
1977 disk_usage = stat_used;
1978
1979 /* If we have the magic, determine floor preferably by magic */
1980 disk_floor = minimal_size_by_fs_magic(sfs.f_type) + header_size;
1981
1982 finish:
1983 /* If we don't know the magic, go by file system name */
1984 if (disk_floor == UINT64_MAX)
1985 disk_floor = minimal_size_by_fs_name(user_record_file_system_type(h->record));
1986
1987 *ret_disk_size = disk_size;
1988 *ret_disk_usage = disk_usage;
1989 *ret_disk_free = disk_free;
1990 *ret_disk_ceiling = disk_ceiling;
1991 *ret_disk_floor = disk_floor;
1992
1993 return 0;
1994 }
1995
1996 static int home_get_disk_status_directory(
1997 Home *h,
1998 HomeState state,
1999 uint64_t *ret_disk_size,
2000 uint64_t *ret_disk_usage,
2001 uint64_t *ret_disk_free,
2002 uint64_t *ret_disk_ceiling,
2003 uint64_t *ret_disk_floor) {
2004
2005 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX,
2006 disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX;
2007 struct statfs sfs;
2008 struct dqblk req;
2009 const char *path = NULL;
2010 int r;
2011
2012 assert(ret_disk_size);
2013 assert(ret_disk_usage);
2014 assert(ret_disk_free);
2015 assert(ret_disk_ceiling);
2016 assert(ret_disk_floor);
2017
2018 if (HOME_STATE_IS_ACTIVE(state))
2019 path = user_record_home_directory(h->record);
2020
2021 if (!path) {
2022 if (state == HOME_ABSENT)
2023 goto finish;
2024
2025 path = user_record_image_path(h->record);
2026 }
2027
2028 if (!path)
2029 goto finish;
2030
2031 if (statfs(path, &sfs) < 0)
2032 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", path);
2033 else {
2034 disk_free = sfs.f_bsize * sfs.f_bavail;
2035 disk_size = sfs.f_bsize * sfs.f_blocks;
2036
2037 /* We don't initialize disk_usage from statfs() data here, since the device is likely not used
2038 * by us alone, and disk_usage should only reflect our own use. */
2039 }
2040
2041 if (IN_SET(h->record->storage, USER_CLASSIC, USER_DIRECTORY, USER_SUBVOLUME)) {
2042
2043 r = btrfs_is_subvol(path);
2044 if (r < 0)
2045 log_debug_errno(r, "Failed to determine whether %s is a btrfs subvolume: %m", path);
2046 else if (r > 0) {
2047 BtrfsQuotaInfo qi;
2048
2049 r = btrfs_subvol_get_subtree_quota(path, 0, &qi);
2050 if (r < 0)
2051 log_debug_errno(r, "Failed to query btrfs subtree quota, ignoring: %m");
2052 else {
2053 disk_usage = qi.referenced;
2054
2055 if (disk_free != UINT64_MAX) {
2056 disk_ceiling = qi.referenced + disk_free;
2057
2058 if (disk_size != UINT64_MAX && disk_ceiling > disk_size)
2059 disk_ceiling = disk_size;
2060 }
2061
2062 if (qi.referenced_max != UINT64_MAX) {
2063 if (disk_size != UINT64_MAX)
2064 disk_size = MIN(qi.referenced_max, disk_size);
2065 else
2066 disk_size = qi.referenced_max;
2067 }
2068
2069 if (disk_size != UINT64_MAX) {
2070 if (disk_size > disk_usage)
2071 disk_free = disk_size - disk_usage;
2072 else
2073 disk_free = 0;
2074 }
2075 }
2076
2077 goto finish;
2078 }
2079 }
2080
2081 if (IN_SET(h->record->storage, USER_CLASSIC, USER_DIRECTORY, USER_FSCRYPT)) {
2082 r = quotactl_path(QCMD_FIXED(Q_GETQUOTA, USRQUOTA), path, h->uid, &req);
2083 if (r < 0) {
2084 if (ERRNO_IS_NOT_SUPPORTED(r)) {
2085 log_debug_errno(r, "No UID quota support on %s.", path);
2086 goto finish;
2087 }
2088
2089 if (r != -ESRCH) {
2090 log_debug_errno(r, "Failed to query disk quota for UID " UID_FMT ": %m", h->uid);
2091 goto finish;
2092 }
2093
2094 disk_usage = 0; /* No record of this user? then nothing was used */
2095 } else {
2096 if (FLAGS_SET(req.dqb_valid, QIF_SPACE) && disk_free != UINT64_MAX) {
2097 disk_ceiling = req.dqb_curspace + disk_free;
2098
2099 if (disk_size != UINT64_MAX && disk_ceiling > disk_size)
2100 disk_ceiling = disk_size;
2101 }
2102
2103 if (FLAGS_SET(req.dqb_valid, QIF_BLIMITS)) {
2104 uint64_t q;
2105
2106 /* Take the minimum of the quota and the available disk space here */
2107 q = req.dqb_bhardlimit * QIF_DQBLKSIZE;
2108 if (disk_size != UINT64_MAX)
2109 disk_size = MIN(disk_size, q);
2110 else
2111 disk_size = q;
2112 }
2113 if (FLAGS_SET(req.dqb_valid, QIF_SPACE)) {
2114 disk_usage = req.dqb_curspace;
2115
2116 if (disk_size != UINT64_MAX) {
2117 if (disk_size > disk_usage)
2118 disk_free = disk_size - disk_usage;
2119 else
2120 disk_free = 0;
2121 }
2122 }
2123 }
2124 }
2125
2126 finish:
2127 *ret_disk_size = disk_size;
2128 *ret_disk_usage = disk_usage;
2129 *ret_disk_free = disk_free;
2130 *ret_disk_ceiling = disk_ceiling;
2131 *ret_disk_floor = disk_floor;
2132
2133 return 0;
2134 }
2135
2136 int home_augment_status(
2137 Home *h,
2138 UserRecordLoadFlags flags,
2139 UserRecord **ret) {
2140
2141 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX, disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX;
2142 _cleanup_(json_variant_unrefp) JsonVariant *j = NULL, *v = NULL, *m = NULL, *status = NULL;
2143 _cleanup_(user_record_unrefp) UserRecord *ur = NULL;
2144 char ids[SD_ID128_STRING_MAX];
2145 HomeState state;
2146 sd_id128_t id;
2147 int r;
2148
2149 assert(h);
2150 assert(ret);
2151
2152 /* We are supposed to add this, this can't be on hence. */
2153 assert(!FLAGS_SET(flags, USER_RECORD_STRIP_STATUS));
2154
2155 r = sd_id128_get_machine(&id);
2156 if (r < 0)
2157 return r;
2158
2159 state = home_get_state(h);
2160
2161 switch (h->record->storage) {
2162
2163 case USER_LUKS:
2164 r = home_get_disk_status_luks(h, state, &disk_size, &disk_usage, &disk_free, &disk_ceiling, &disk_floor);
2165 if (r < 0)
2166 return r;
2167
2168 break;
2169
2170 case USER_CLASSIC:
2171 case USER_DIRECTORY:
2172 case USER_SUBVOLUME:
2173 case USER_FSCRYPT:
2174 case USER_CIFS:
2175 r = home_get_disk_status_directory(h, state, &disk_size, &disk_usage, &disk_free, &disk_ceiling, &disk_floor);
2176 if (r < 0)
2177 return r;
2178
2179 break;
2180
2181 default:
2182 ; /* unset */
2183 }
2184
2185 if (disk_floor == UINT64_MAX || (disk_usage != UINT64_MAX && disk_floor < disk_usage))
2186 disk_floor = disk_usage;
2187 if (disk_floor == UINT64_MAX || disk_floor < USER_DISK_SIZE_MIN)
2188 disk_floor = USER_DISK_SIZE_MIN;
2189 if (disk_ceiling == UINT64_MAX || disk_ceiling > USER_DISK_SIZE_MAX)
2190 disk_ceiling = USER_DISK_SIZE_MAX;
2191
2192 r = json_build(&status,
2193 JSON_BUILD_OBJECT(
2194 JSON_BUILD_PAIR("state", JSON_BUILD_STRING(home_state_to_string(state))),
2195 JSON_BUILD_PAIR("service", JSON_BUILD_STRING("io.systemd.Home")),
2196 JSON_BUILD_PAIR_CONDITION(disk_size != UINT64_MAX, "diskSize", JSON_BUILD_UNSIGNED(disk_size)),
2197 JSON_BUILD_PAIR_CONDITION(disk_usage != UINT64_MAX, "diskUsage", JSON_BUILD_UNSIGNED(disk_usage)),
2198 JSON_BUILD_PAIR_CONDITION(disk_free != UINT64_MAX, "diskFree", JSON_BUILD_UNSIGNED(disk_free)),
2199 JSON_BUILD_PAIR_CONDITION(disk_ceiling != UINT64_MAX, "diskCeiling", JSON_BUILD_UNSIGNED(disk_ceiling)),
2200 JSON_BUILD_PAIR_CONDITION(disk_floor != UINT64_MAX, "diskFloor", JSON_BUILD_UNSIGNED(disk_floor)),
2201 JSON_BUILD_PAIR_CONDITION(h->signed_locally >= 0, "signedLocally", JSON_BUILD_BOOLEAN(h->signed_locally))
2202 ));
2203 if (r < 0)
2204 return r;
2205
2206 j = json_variant_ref(h->record->json);
2207 v = json_variant_ref(json_variant_by_key(j, "status"));
2208 m = json_variant_ref(json_variant_by_key(v, sd_id128_to_string(id, ids)));
2209
2210 r = json_variant_filter(&m, STRV_MAKE("diskSize", "diskUsage", "diskFree", "diskCeiling", "diskFloor", "signedLocally"));
2211 if (r < 0)
2212 return r;
2213
2214 r = json_variant_merge(&m, status);
2215 if (r < 0)
2216 return r;
2217
2218 r = json_variant_set_field(&v, ids, m);
2219 if (r < 0)
2220 return r;
2221
2222 r = json_variant_set_field(&j, "status", v);
2223 if (r < 0)
2224 return r;
2225
2226 ur = user_record_new();
2227 if (!ur)
2228 return -ENOMEM;
2229
2230 r = user_record_load(ur, j, flags);
2231 if (r < 0)
2232 return r;
2233
2234 ur->incomplete =
2235 FLAGS_SET(h->record->mask, USER_RECORD_PRIVILEGED) &&
2236 !FLAGS_SET(ur->mask, USER_RECORD_PRIVILEGED);
2237
2238 *ret = TAKE_PTR(ur);
2239 return 0;
2240 }
2241
2242 static int on_home_ref_eof(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
2243 _cleanup_(operation_unrefp) Operation *o = NULL;
2244 Home *h = userdata;
2245
2246 assert(s);
2247 assert(h);
2248
2249 if (h->ref_event_source_please_suspend == s)
2250 h->ref_event_source_please_suspend = sd_event_source_disable_unref(h->ref_event_source_please_suspend);
2251
2252 if (h->ref_event_source_dont_suspend == s)
2253 h->ref_event_source_dont_suspend = sd_event_source_disable_unref(h->ref_event_source_dont_suspend);
2254
2255 if (h->ref_event_source_dont_suspend || h->ref_event_source_please_suspend)
2256 return 0;
2257
2258 log_info("Got notification that all sessions of user %s ended, deactivating automatically.", h->user_name);
2259
2260 o = operation_new(OPERATION_PIPE_EOF, NULL);
2261 if (!o) {
2262 log_oom();
2263 return 0;
2264 }
2265
2266 home_schedule_operation(h, o, NULL);
2267 return 0;
2268 }
2269
2270 int home_create_fifo(Home *h, bool please_suspend) {
2271 _cleanup_close_ int ret_fd = -1;
2272 sd_event_source **ss;
2273 const char *fn, *suffix;
2274 int r;
2275
2276 assert(h);
2277
2278 if (please_suspend) {
2279 suffix = ".please-suspend";
2280 ss = &h->ref_event_source_please_suspend;
2281 } else {
2282 suffix = ".dont-suspend";
2283 ss = &h->ref_event_source_dont_suspend;
2284 }
2285
2286 fn = strjoina("/run/systemd/home/", h->user_name, suffix);
2287
2288 if (!*ss) {
2289 _cleanup_close_ int ref_fd = -1;
2290
2291 (void) mkdir("/run/systemd/home/", 0755);
2292 if (mkfifo(fn, 0600) < 0 && errno != EEXIST)
2293 return log_error_errno(errno, "Failed to create FIFO %s: %m", fn);
2294
2295 ref_fd = open(fn, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
2296 if (ref_fd < 0)
2297 return log_error_errno(errno, "Failed to open FIFO %s for reading: %m", fn);
2298
2299 r = sd_event_add_io(h->manager->event, ss, ref_fd, 0, on_home_ref_eof, h);
2300 if (r < 0)
2301 return log_error_errno(r, "Failed to allocate reference FIFO event source: %m");
2302
2303 (void) sd_event_source_set_description(*ss, "acquire-ref");
2304
2305 r = sd_event_source_set_priority(*ss, SD_EVENT_PRIORITY_IDLE-1);
2306 if (r < 0)
2307 return r;
2308
2309 r = sd_event_source_set_io_fd_own(*ss, true);
2310 if (r < 0)
2311 return log_error_errno(r, "Failed to pass ownership of FIFO event fd to event source: %m");
2312
2313 TAKE_FD(ref_fd);
2314 }
2315
2316 ret_fd = open(fn, O_WRONLY|O_CLOEXEC|O_NONBLOCK);
2317 if (ret_fd < 0)
2318 return log_error_errno(errno, "Failed to open FIFO %s for writing: %m", fn);
2319
2320 return TAKE_FD(ret_fd);
2321 }
2322
2323 static int home_dispatch_acquire(Home *h, Operation *o) {
2324 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2325 int (*call)(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) = NULL;
2326 HomeState for_state;
2327 int r;
2328
2329 assert(h);
2330 assert(o);
2331 assert(o->type == OPERATION_ACQUIRE);
2332
2333 switch (home_get_state(h)) {
2334
2335 case HOME_UNFIXATED:
2336 for_state = HOME_FIXATING_FOR_ACQUIRE;
2337 call = home_fixate_internal;
2338 break;
2339
2340 case HOME_ABSENT:
2341 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
2342 break;
2343
2344 case HOME_INACTIVE:
2345 case HOME_DIRTY:
2346 for_state = HOME_ACTIVATING_FOR_ACQUIRE;
2347 call = home_activate_internal;
2348 break;
2349
2350 case HOME_ACTIVE:
2351 for_state = HOME_AUTHENTICATING_FOR_ACQUIRE;
2352 call = home_authenticate_internal;
2353 break;
2354
2355 case HOME_LOCKED:
2356 for_state = HOME_UNLOCKING_FOR_ACQUIRE;
2357 call = home_unlock_internal;
2358 break;
2359
2360 default:
2361 /* All other cases means we are currently executing an operation, which means the job remains
2362 * pending. */
2363 return 0;
2364 }
2365
2366 assert(!h->current_operation);
2367
2368 if (call) {
2369 r = home_ratelimit(h, &error);
2370 if (r >= 0)
2371 r = call(h, o->secret, for_state, &error);
2372 }
2373
2374 if (r != 0) /* failure or completed */
2375 operation_result(o, r, &error);
2376 else /* ongoing */
2377 h->current_operation = operation_ref(o);
2378
2379 return 1;
2380 }
2381
2382 static int home_dispatch_release(Home *h, Operation *o) {
2383 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2384 int r;
2385
2386 assert(h);
2387 assert(o);
2388 assert(o->type == OPERATION_RELEASE);
2389
2390 if (h->ref_event_source_dont_suspend || h->ref_event_source_please_suspend)
2391 /* If there's now a reference again, then let's abort the release attempt */
2392 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_BUSY, "Home %s is currently referenced.", h->user_name);
2393 else {
2394 switch (home_get_state(h)) {
2395
2396 case HOME_UNFIXATED:
2397 case HOME_ABSENT:
2398 case HOME_INACTIVE:
2399 case HOME_DIRTY:
2400 r = 1; /* done */
2401 break;
2402
2403 case HOME_LOCKED:
2404 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
2405 break;
2406
2407 case HOME_ACTIVE:
2408 r = home_deactivate_internal(h, false, &error);
2409 break;
2410
2411 default:
2412 /* All other cases means we are currently executing an operation, which means the job remains
2413 * pending. */
2414 return 0;
2415 }
2416 }
2417
2418 assert(!h->current_operation);
2419
2420 if (r != 0) /* failure or completed */
2421 operation_result(o, r, &error);
2422 else /* ongoing */
2423 h->current_operation = operation_ref(o);
2424
2425 return 1;
2426 }
2427
2428 static int home_dispatch_lock_all(Home *h, Operation *o) {
2429 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2430 int r;
2431
2432 assert(h);
2433 assert(o);
2434 assert(o->type == OPERATION_LOCK_ALL);
2435
2436 switch (home_get_state(h)) {
2437
2438 case HOME_UNFIXATED:
2439 case HOME_ABSENT:
2440 case HOME_INACTIVE:
2441 case HOME_DIRTY:
2442 log_info("Home %s is not active, no locking necessary.", h->user_name);
2443 r = 1; /* done */
2444 break;
2445
2446 case HOME_LOCKED:
2447 log_info("Home %s is already locked.", h->user_name);
2448 r = 1; /* done */
2449 break;
2450
2451 case HOME_ACTIVE:
2452 log_info("Locking home %s.", h->user_name);
2453 r = home_lock(h, &error);
2454 break;
2455
2456 default:
2457 /* All other cases means we are currently executing an operation, which means the job remains
2458 * pending. */
2459 return 0;
2460 }
2461
2462 assert(!h->current_operation);
2463
2464 if (r != 0) /* failure or completed */
2465 operation_result(o, r, &error);
2466 else /* ongoing */
2467 h->current_operation = operation_ref(o);
2468
2469 return 1;
2470 }
2471
2472 static int home_dispatch_pipe_eof(Home *h, Operation *o) {
2473 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2474 int r;
2475
2476 assert(h);
2477 assert(o);
2478 assert(o->type == OPERATION_PIPE_EOF);
2479
2480 if (h->ref_event_source_please_suspend || h->ref_event_source_dont_suspend)
2481 return 1; /* Hmm, there's a reference again, let's cancel this */
2482
2483 switch (home_get_state(h)) {
2484
2485 case HOME_UNFIXATED:
2486 case HOME_ABSENT:
2487 case HOME_INACTIVE:
2488 case HOME_DIRTY:
2489 log_info("Home %s already deactivated, no automatic deactivation needed.", h->user_name);
2490 break;
2491
2492 case HOME_DEACTIVATING:
2493 log_info("Home %s is already being deactivated, automatic deactivated unnecessary.", h->user_name);
2494 break;
2495
2496 case HOME_ACTIVE:
2497 r = home_deactivate_internal(h, false, &error);
2498 if (r < 0)
2499 log_warning_errno(r, "Failed to deactivate %s, ignoring: %s", h->user_name, bus_error_message(&error, r));
2500 break;
2501
2502 case HOME_LOCKED:
2503 default:
2504 /* If the device is locked or any operation is being executed, let's leave this pending */
2505 return 0;
2506 }
2507
2508 /* Note that we don't call operation_fail() or operation_success() here, because this kind of
2509 * operation has no message associated with it, and thus there's no need to propagate success. */
2510
2511 assert(!o->message);
2512 return 1;
2513 }
2514
2515 static int home_dispatch_deactivate_force(Home *h, Operation *o) {
2516 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2517 int r;
2518
2519 assert(h);
2520 assert(o);
2521 assert(o->type == OPERATION_DEACTIVATE_FORCE);
2522
2523 switch (home_get_state(h)) {
2524
2525 case HOME_UNFIXATED:
2526 case HOME_ABSENT:
2527 case HOME_INACTIVE:
2528 case HOME_DIRTY:
2529 log_debug("Home %s already deactivated, no forced deactivation due to unplug needed.", h->user_name);
2530 break;
2531
2532 case HOME_DEACTIVATING:
2533 log_debug("Home %s is already being deactivated, forced deactivation due to unplug unnecessary.", h->user_name);
2534 break;
2535
2536 case HOME_ACTIVE:
2537 case HOME_LOCKED:
2538 r = home_deactivate_internal(h, true, &error);
2539 if (r < 0)
2540 log_warning_errno(r, "Failed to forcibly deactivate %s, ignoring: %s", h->user_name, bus_error_message(&error, r));
2541 break;
2542
2543 default:
2544 /* If any operation is being executed, let's leave this pending */
2545 return 0;
2546 }
2547
2548 /* Note that we don't call operation_fail() or operation_success() here, because this kind of
2549 * operation has no message associated with it, and thus there's no need to propagate success. */
2550
2551 assert(!o->message);
2552 return 1;
2553 }
2554
2555 static int on_pending(sd_event_source *s, void *userdata) {
2556 Home *h = userdata;
2557 Operation *o;
2558 int r;
2559
2560 assert(s);
2561 assert(h);
2562
2563 o = ordered_set_first(h->pending_operations);
2564 if (o) {
2565 static int (* const operation_table[_OPERATION_MAX])(Home *h, Operation *o) = {
2566 [OPERATION_ACQUIRE] = home_dispatch_acquire,
2567 [OPERATION_RELEASE] = home_dispatch_release,
2568 [OPERATION_LOCK_ALL] = home_dispatch_lock_all,
2569 [OPERATION_PIPE_EOF] = home_dispatch_pipe_eof,
2570 [OPERATION_DEACTIVATE_FORCE] = home_dispatch_deactivate_force,
2571 };
2572
2573 assert(operation_table[o->type]);
2574 r = operation_table[o->type](h, o);
2575 if (r != 0) {
2576 /* The operation completed, let's remove it from the pending list, and exit while
2577 * leaving the event source enabled as it is. */
2578 assert_se(ordered_set_remove(h->pending_operations, o) == o);
2579 operation_unref(o);
2580 return 0;
2581 }
2582 }
2583
2584 /* Nothing to do anymore, let's turn off this event source */
2585 r = sd_event_source_set_enabled(s, SD_EVENT_OFF);
2586 if (r < 0)
2587 return log_error_errno(r, "Failed to disable event source: %m");
2588
2589 return 0;
2590 }
2591
2592 int home_schedule_operation(Home *h, Operation *o, sd_bus_error *error) {
2593 int r;
2594
2595 assert(h);
2596
2597 if (o) {
2598 if (ordered_set_size(h->pending_operations) >= PENDING_OPERATIONS_MAX)
2599 return sd_bus_error_setf(error, BUS_ERROR_TOO_MANY_OPERATIONS, "Too many client operations requested");
2600
2601 r = ordered_set_ensure_allocated(&h->pending_operations, &operation_hash_ops);
2602 if (r < 0)
2603 return r;
2604
2605 r = ordered_set_put(h->pending_operations, o);
2606 if (r < 0)
2607 return r;
2608
2609 operation_ref(o);
2610 }
2611
2612 if (!h->pending_event_source) {
2613 r = sd_event_add_defer(h->manager->event, &h->pending_event_source, on_pending, h);
2614 if (r < 0)
2615 return log_error_errno(r, "Failed to allocate pending defer event source: %m");
2616
2617 (void) sd_event_source_set_description(h->pending_event_source, "pending");
2618
2619 r = sd_event_source_set_priority(h->pending_event_source, SD_EVENT_PRIORITY_IDLE);
2620 if (r < 0)
2621 return r;
2622 }
2623
2624 r = sd_event_source_set_enabled(h->pending_event_source, SD_EVENT_ON);
2625 if (r < 0)
2626 return log_error_errno(r, "Failed to trigger pending event source: %m");
2627
2628 return 0;
2629 }
2630
2631 static int home_get_image_path_seat(Home *h, char **ret) {
2632 _cleanup_(sd_device_unrefp) sd_device *d = NULL;
2633 _cleanup_free_ char *c = NULL;
2634 const char *ip, *seat;
2635 struct stat st;
2636 int r;
2637
2638 assert(h);
2639
2640 if (user_record_storage(h->record) != USER_LUKS)
2641 return -ENXIO;
2642
2643 ip = user_record_image_path(h->record);
2644 if (!ip)
2645 return -ENXIO;
2646
2647 if (!path_startswith(ip, "/dev/"))
2648 return -ENXIO;
2649
2650 if (stat(ip, &st) < 0)
2651 return -errno;
2652
2653 if (!S_ISBLK(st.st_mode))
2654 return -ENOTBLK;
2655
2656 r = sd_device_new_from_devnum(&d, 'b', st.st_rdev);
2657 if (r < 0)
2658 return r;
2659
2660 r = sd_device_get_property_value(d, "ID_SEAT", &seat);
2661 if (r == -ENOENT) /* no property means seat0 */
2662 seat = "seat0";
2663 else if (r < 0)
2664 return r;
2665
2666 c = strdup(seat);
2667 if (!c)
2668 return -ENOMEM;
2669
2670 *ret = TAKE_PTR(c);
2671 return 0;
2672 }
2673
2674 int home_auto_login(Home *h, char ***ret_seats) {
2675 _cleanup_free_ char *seat = NULL, *seat2 = NULL;
2676
2677 assert(h);
2678 assert(ret_seats);
2679
2680 (void) home_get_image_path_seat(h, &seat);
2681
2682 if (h->record->auto_login > 0 && !streq_ptr(seat, "seat0")) {
2683 /* For now, when the auto-login boolean is set for a user, let's make it mean
2684 * "seat0". Eventually we can extend the concept and allow configuration of any kind of seat,
2685 * but let's keep simple initially, most likely the feature is interesting on single-user
2686 * systems anyway, only.
2687 *
2688 * We filter out users marked for auto-login in we know for sure their home directory is
2689 * absent. */
2690
2691 if (user_record_test_image_path(h->record) != USER_TEST_ABSENT) {
2692 seat2 = strdup("seat0");
2693 if (!seat2)
2694 return -ENOMEM;
2695 }
2696 }
2697
2698 if (seat || seat2) {
2699 _cleanup_strv_free_ char **list = NULL;
2700 size_t i = 0;
2701
2702 list = new(char*, 3);
2703 if (!list)
2704 return -ENOMEM;
2705
2706 if (seat)
2707 list[i++] = TAKE_PTR(seat);
2708 if (seat2)
2709 list[i++] = TAKE_PTR(seat2);
2710
2711 list[i] = NULL;
2712 *ret_seats = TAKE_PTR(list);
2713 return 1;
2714 }
2715
2716 *ret_seats = NULL;
2717 return 0;
2718 }
2719
2720 int home_set_current_message(Home *h, sd_bus_message *m) {
2721 assert(h);
2722
2723 if (!m)
2724 return 0;
2725
2726 if (h->current_operation)
2727 return -EBUSY;
2728
2729 h->current_operation = operation_new(OPERATION_IMMEDIATE, m);
2730 if (!h->current_operation)
2731 return -ENOMEM;
2732
2733 return 1;
2734 }
2735
2736 static const char* const home_state_table[_HOME_STATE_MAX] = {
2737 [HOME_UNFIXATED] = "unfixated",
2738 [HOME_ABSENT] = "absent",
2739 [HOME_INACTIVE] = "inactive",
2740 [HOME_DIRTY] = "dirty",
2741 [HOME_FIXATING] = "fixating",
2742 [HOME_FIXATING_FOR_ACTIVATION] = "fixating-for-activation",
2743 [HOME_FIXATING_FOR_ACQUIRE] = "fixating-for-acquire",
2744 [HOME_ACTIVATING] = "activating",
2745 [HOME_ACTIVATING_FOR_ACQUIRE] = "activating-for-acquire",
2746 [HOME_DEACTIVATING] = "deactivating",
2747 [HOME_ACTIVE] = "active",
2748 [HOME_LOCKING] = "locking",
2749 [HOME_LOCKED] = "locked",
2750 [HOME_UNLOCKING] = "unlocking",
2751 [HOME_UNLOCKING_FOR_ACQUIRE] = "unlocking-for-acquire",
2752 [HOME_CREATING] = "creating",
2753 [HOME_REMOVING] = "removing",
2754 [HOME_UPDATING] = "updating",
2755 [HOME_UPDATING_WHILE_ACTIVE] = "updating-while-active",
2756 [HOME_RESIZING] = "resizing",
2757 [HOME_RESIZING_WHILE_ACTIVE] = "resizing-while-active",
2758 [HOME_PASSWD] = "passwd",
2759 [HOME_PASSWD_WHILE_ACTIVE] = "passwd-while-active",
2760 [HOME_AUTHENTICATING] = "authenticating",
2761 [HOME_AUTHENTICATING_WHILE_ACTIVE] = "authenticating-while-active",
2762 [HOME_AUTHENTICATING_FOR_ACQUIRE] = "authenticating-for-acquire",
2763 };
2764
2765 DEFINE_STRING_TABLE_LOOKUP(home_state, HomeState);
Unnamed repository; edit this file 'description' to name the repository.