1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
4 #include <linux/memfd.h>
11 #include "blockdev-util.h"
12 #include "btrfs-util.h"
13 #include "build-path.h"
14 #include "bus-common-errors.h"
15 #include "bus-locator.h"
16 #include "data-fd-util.h"
18 #include "errno-list.h"
19 #include "errno-util.h"
22 #include "filesystems.h"
24 #include "glyph-util.h"
25 #include "home-util.h"
26 #include "homed-home-bus.h"
27 #include "homed-home.h"
28 #include "memfd-util.h"
29 #include "missing_magic.h"
30 #include "missing_mman.h"
31 #include "missing_syscall.h"
33 #include "path-util.h"
34 #include "process-util.h"
35 #include "quota-util.h"
36 #include "resize-fs.h"
39 #include "signal-util.h"
40 #include "stat-util.h"
41 #include "string-table.h"
43 #include "uid-classification.h"
44 #include "user-record-password-quality.h"
45 #include "user-record-sign.h"
46 #include "user-record-util.h"
47 #include "user-record.h"
48 #include "user-util.h"
50 /* Retry to deactivate home directories again and again every 15s until it works */
51 #define RETRY_DEACTIVATE_USEC (15U * USEC_PER_SEC)
53 #define HOME_USERS_MAX 500
54 #define PENDING_OPERATIONS_MAX 100
56 assert_cc(HOME_UID_MIN
<= HOME_UID_MAX
);
57 assert_cc(HOME_USERS_MAX
<= (HOME_UID_MAX
- HOME_UID_MIN
+ 1));
59 static int home_start_work(
67 DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(operation_hash_ops
, void, trivial_hash_func
, trivial_compare_func
, Operation
, operation_unref
);
69 static int suitable_home_record(UserRecord
*hr
) {
77 /* We are a bit more restrictive with what we accept as homed-managed user than what we accept in
78 * home records in general. Let's enforce the stricter rule here. */
79 if (!suitable_user_name(hr
->user_name
))
81 if (!uid_is_valid(hr
->uid
))
84 /* Insist we are outside of the dynamic and system range */
85 if (uid_is_system(hr
->uid
) || gid_is_system(user_record_gid(hr
)) ||
86 uid_is_dynamic(hr
->uid
) || gid_is_dynamic(user_record_gid(hr
)))
87 return -EADDRNOTAVAIL
;
89 /* Insist that GID and UID match */
90 if (user_record_gid(hr
) != (gid_t
) hr
->uid
)
93 /* Similar for the realm */
95 r
= suitable_realm(hr
->realm
);
105 int home_new(Manager
*m
, UserRecord
*hr
, const char *sysfs
, Home
**ret
) {
106 _cleanup_(home_freep
) Home
*home
= NULL
;
107 _cleanup_free_
char *nm
= NULL
, *ns
= NULL
, *blob
= NULL
;
113 r
= suitable_home_record(hr
);
117 if (hashmap_contains(m
->homes_by_name
, hr
->user_name
))
120 if (hashmap_contains(m
->homes_by_uid
, UID_TO_PTR(hr
->uid
)))
123 if (sysfs
&& hashmap_contains(m
->homes_by_sysfs
, sysfs
))
126 if (hashmap_size(m
->homes_by_name
) >= HOME_USERS_MAX
)
129 nm
= strdup(hr
->user_name
);
145 .user_name
= TAKE_PTR(nm
),
147 .state
= _HOME_STATE_INVALID
,
148 .worker_stdout_fd
= -EBADF
,
149 .sysfs
= TAKE_PTR(ns
),
150 .signed_locally
= -1,
152 .luks_lock_fd
= -EBADF
,
155 r
= hashmap_put(m
->homes_by_name
, home
->user_name
, home
);
159 r
= hashmap_put(m
->homes_by_uid
, UID_TO_PTR(home
->uid
), home
);
164 r
= hashmap_put(m
->homes_by_sysfs
, home
->sysfs
, home
);
169 r
= user_record_clone(hr
, USER_RECORD_LOAD_MASK_SECRET
|USER_RECORD_PERMISSIVE
, &home
->record
);
173 blob
= path_join(home_system_blob_dir(), hr
->user_name
);
176 r
= mkdir_safe(blob
, 0755, 0, 0, MKDIR_IGNORE_EXISTING
);
178 log_warning_errno(r
, "Failed to create blob dir for user '%s': %m", home
->user_name
);
180 (void) bus_manager_emit_auto_login_changed(m
);
181 (void) bus_home_emit_change(home
);
182 (void) manager_schedule_rebalance(m
, /* immediately= */ false);
185 *ret
= TAKE_PTR(home
);
192 Home
*home_free(Home
*h
) {
198 (void) bus_home_emit_remove(h
);
199 (void) bus_manager_emit_auto_login_changed(h
->manager
);
202 (void) hashmap_remove_value(h
->manager
->homes_by_name
, h
->user_name
, h
);
204 if (uid_is_valid(h
->uid
))
205 (void) hashmap_remove_value(h
->manager
->homes_by_uid
, UID_TO_PTR(h
->uid
), h
);
208 (void) hashmap_remove_value(h
->manager
->homes_by_sysfs
, h
->sysfs
, h
);
210 if (h
->worker_pid
> 0)
211 (void) hashmap_remove_value(h
->manager
->homes_by_worker_pid
, PID_TO_PTR(h
->worker_pid
), h
);
213 if (h
->manager
->gc_focus
== h
)
214 h
->manager
->gc_focus
= NULL
;
216 (void) manager_schedule_rebalance(h
->manager
, /* immediately= */ false);
219 user_record_unref(h
->record
);
220 user_record_unref(h
->secret
);
222 h
->worker_event_source
= sd_event_source_disable_unref(h
->worker_event_source
);
223 safe_close(h
->worker_stdout_fd
);
227 h
->ref_event_source_please_suspend
= sd_event_source_disable_unref(h
->ref_event_source_please_suspend
);
228 h
->ref_event_source_dont_suspend
= sd_event_source_disable_unref(h
->ref_event_source_dont_suspend
);
229 h
->inhibit_suspend_event_source
= sd_event_source_disable_unref(h
->inhibit_suspend_event_source
);
231 h
->pending_operations
= ordered_set_free(h
->pending_operations
);
232 h
->pending_event_source
= sd_event_source_disable_unref(h
->pending_event_source
);
233 h
->deferred_change_event_source
= sd_event_source_disable_unref(h
->deferred_change_event_source
);
235 h
->current_operation
= operation_unref(h
->current_operation
);
237 safe_close(h
->pin_fd
);
238 safe_close(h
->luks_lock_fd
);
240 h
->retry_deactivate_event_source
= sd_event_source_disable_unref(h
->retry_deactivate_event_source
);
245 int home_set_record(Home
*h
, UserRecord
*hr
) {
246 _cleanup_(user_record_unrefp
) UserRecord
*new_hr
= NULL
;
251 assert(h
->user_name
);
255 if (user_record_equal(h
->record
, hr
))
258 r
= suitable_home_record(hr
);
262 if (!user_record_compatible(h
->record
, hr
))
265 if (!FLAGS_SET(hr
->mask
, USER_RECORD_REGULAR
) ||
266 FLAGS_SET(hr
->mask
, USER_RECORD_SECRET
))
269 if (FLAGS_SET(h
->record
->mask
, USER_RECORD_STATUS
)) {
270 _cleanup_(json_variant_unrefp
) JsonVariant
*v
= NULL
;
272 /* Hmm, the existing record has status fields? If so, copy them over */
274 v
= json_variant_ref(hr
->json
);
275 r
= json_variant_set_field(&v
, "status", json_variant_by_key(h
->record
->json
, "status"));
279 new_hr
= user_record_new();
283 r
= user_record_load(new_hr
, v
, USER_RECORD_LOAD_REFUSE_SECRET
|USER_RECORD_PERMISSIVE
);
290 other
= hashmap_get(h
->manager
->homes_by_uid
, UID_TO_PTR(hr
->uid
));
291 if (other
&& other
!= h
)
294 if (h
->uid
!= hr
->uid
) {
295 r
= hashmap_remove_and_replace(h
->manager
->homes_by_uid
, UID_TO_PTR(h
->uid
), UID_TO_PTR(hr
->uid
), h
);
300 user_record_unref(h
->record
);
301 h
->record
= user_record_ref(hr
);
302 h
->uid
= h
->record
->uid
;
304 /* The updated record might have a different autologin setting, trigger a PropertiesChanged event for it */
305 (void) bus_manager_emit_auto_login_changed(h
->manager
);
306 (void) bus_home_emit_change(h
);
311 int home_save_record(Home
*h
) {
312 _cleanup_(json_variant_unrefp
) JsonVariant
*v
= NULL
;
313 _cleanup_free_
char *text
= NULL
;
319 v
= json_variant_ref(h
->record
->json
);
320 r
= json_variant_normalize(&v
);
322 log_warning_errno(r
, "User record could not be normalized.");
324 r
= json_variant_format(v
, JSON_FORMAT_PRETTY
|JSON_FORMAT_NEWLINE
, &text
);
328 (void) mkdir("/var/lib/systemd/", 0755);
329 (void) mkdir(home_record_dir(), 0700);
331 fn
= strjoina(home_record_dir(), "/", h
->user_name
, ".identity");
333 r
= write_string_file(fn
, text
, WRITE_STRING_FILE_ATOMIC
|WRITE_STRING_FILE_CREATE
|WRITE_STRING_FILE_MODE_0600
|WRITE_STRING_FILE_SYNC
);
340 int home_unlink_record(Home
*h
) {
341 _cleanup_free_
char *blob
= NULL
;
347 fn
= strjoina(home_record_dir(), "/", h
->user_name
, ".identity");
348 if (unlink(fn
) < 0 && errno
!= ENOENT
)
351 fn
= strjoina("/run/systemd/home/", h
->user_name
, ".ref");
352 if (unlink(fn
) < 0 && errno
!= ENOENT
)
355 blob
= path_join(home_system_blob_dir(), h
->user_name
);
358 r
= rm_rf(blob
, REMOVE_ROOT
|REMOVE_PHYSICAL
|REMOVE_MISSING_OK
);
365 static void home_unpin(Home
*h
) {
371 h
->pin_fd
= safe_close(h
->pin_fd
);
372 log_debug("Successfully closed pin fd on home for %s.", h
->user_name
);
375 static void home_pin(Home
*h
) {
380 if (h
->pin_fd
>= 0) /* Already pinned? */
383 path
= user_record_home_directory(h
->record
);
385 log_warning("No home directory path to pin for %s, ignoring.", h
->user_name
);
389 h
->pin_fd
= open(path
, O_RDONLY
|O_DIRECTORY
|O_CLOEXEC
);
391 log_warning_errno(errno
, "Couldn't open home directory '%s' for pinning, ignoring: %m", path
);
395 log_debug("Successfully pinned home directory '%s'.", path
);
398 static void home_update_pin_fd(Home
*h
, HomeState state
) {
402 state
= home_get_state(h
);
404 return HOME_STATE_SHALL_PIN(state
) ? home_pin(h
) : home_unpin(h
);
407 static void home_maybe_close_luks_lock_fd(Home
*h
, HomeState state
) {
410 if (h
->luks_lock_fd
< 0)
414 state
= home_get_state(h
);
416 /* Keep the lock as long as the home dir is active or has some operation going */
417 if (HOME_STATE_IS_EXECUTING_OPERATION(state
) || HOME_STATE_IS_ACTIVE(state
) || state
== HOME_LOCKED
)
420 h
->luks_lock_fd
= safe_close(h
->luks_lock_fd
);
421 log_debug("Successfully closed LUKS backing file lock for %s.", h
->user_name
);
424 static void home_maybe_stop_retry_deactivate(Home
*h
, HomeState state
) {
427 /* Free the deactivation retry event source if we won't need it anymore. Specifically, we'll free the
428 * event source whenever the home directory is already deactivated (and we thus where successful) or
429 * if we start executing an operation that indicates that the home directory is going to be used or
430 * operated on again. Also, if the home is referenced again stop the timer. */
432 if (HOME_STATE_MAY_RETRY_DEACTIVATE(state
) && !home_is_referenced(h
))
435 h
->retry_deactivate_event_source
= sd_event_source_disable_unref(h
->retry_deactivate_event_source
);
438 static int home_deactivate_internal(Home
*h
, bool force
, sd_bus_error
*error
);
439 static void home_start_retry_deactivate(Home
*h
);
441 static int home_on_retry_deactivate(sd_event_source
*s
, uint64_t usec
, void *userdata
) {
442 Home
*h
= ASSERT_PTR(userdata
);
447 /* 15s after the last attempt to deactivate the home directory passed. Let's try it one more time. */
449 h
->retry_deactivate_event_source
= sd_event_source_disable_unref(h
->retry_deactivate_event_source
);
451 state
= home_get_state(h
);
452 if (!HOME_STATE_MAY_RETRY_DEACTIVATE(state
))
455 if (IN_SET(state
, HOME_ACTIVE
, HOME_LINGERING
)) {
456 log_info("Again trying to deactivate home directory.");
458 /* If we are not executing any operation, let's start deactivating now. Note that this will
459 * restart our timer again, we are gonna be called again if this doesn't work. */
460 (void) home_deactivate_internal(h
, /* force= */ false, NULL
);
462 /* if we are executing an operation (specifically, area already running a deactivation
463 * operation), then simply reque the timer, so that we retry again. */
464 home_start_retry_deactivate(h
);
469 static void home_start_retry_deactivate(Home
*h
) {
475 /* Already allocated? */
476 if (h
->retry_deactivate_event_source
)
479 /* If the home directory is being used now don't start the timer */
480 if (home_is_referenced(h
))
483 r
= sd_event_add_time_relative(
485 &h
->retry_deactivate_event_source
,
487 RETRY_DEACTIVATE_USEC
,
489 home_on_retry_deactivate
,
492 return (void) log_warning_errno(r
, "Failed to install retry-deactivate event source, ignoring: %m");
494 (void) sd_event_source_set_description(h
->retry_deactivate_event_source
, "retry-deactivate");
497 static void home_set_state(Home
*h
, HomeState state
) {
498 HomeState old_state
, new_state
;
502 old_state
= home_get_state(h
);
504 new_state
= home_get_state(h
); /* Query the new state, since the 'state' variable might be set to -1,
505 * in which case we synthesize an high-level state on demand */
507 log_info("%s: changing state %s %s %s", h
->user_name
,
508 home_state_to_string(old_state
),
509 special_glyph(SPECIAL_GLYPH_ARROW_RIGHT
),
510 home_state_to_string(new_state
));
512 home_update_pin_fd(h
, new_state
);
513 home_maybe_close_luks_lock_fd(h
, new_state
);
514 home_maybe_stop_retry_deactivate(h
, new_state
);
516 if (HOME_STATE_IS_EXECUTING_OPERATION(old_state
) && !HOME_STATE_IS_EXECUTING_OPERATION(new_state
)) {
517 /* If we just finished executing some operation, process the queue of pending operations. And
518 * enqueue it for GC too. */
520 home_schedule_operation(h
, NULL
, NULL
);
521 manager_reschedule_rebalance(h
->manager
);
522 manager_enqueue_gc(h
->manager
, h
);
526 static int home_parse_worker_stdout(int _fd
, UserRecord
**ret
) {
527 _cleanup_(json_variant_unrefp
) JsonVariant
*v
= NULL
;
528 _cleanup_close_
int fd
= _fd
; /* take possession, even on failure */
529 _cleanup_(user_record_unrefp
) UserRecord
*hr
= NULL
;
530 _cleanup_fclose_
FILE *f
= NULL
;
531 unsigned line
, column
;
535 if (fstat(fd
, &st
) < 0)
536 return log_error_errno(errno
, "Failed to stat stdout fd: %m");
538 assert(S_ISREG(st
.st_mode
));
540 if (st
.st_size
== 0) { /* empty record */
545 if (lseek(fd
, SEEK_SET
, 0) < 0)
546 return log_error_errno(errno
, "Failed to seek to beginning of memfd: %m");
548 f
= take_fdopen(&fd
, "r");
550 return log_error_errno(errno
, "Failed to reopen memfd: %m");
553 _cleanup_free_
char *text
= NULL
;
555 r
= read_full_stream(f
, &text
, NULL
);
557 return log_error_errno(r
, "Failed to read from client: %m");
559 log_debug("Got from worker: %s", text
);
563 r
= json_parse_file(f
, "stdout", JSON_PARSE_SENSITIVE
, &v
, &line
, &column
);
565 return log_error_errno(r
, "Failed to parse identity at %u:%u: %m", line
, column
);
567 hr
= user_record_new();
571 r
= user_record_load(hr
, v
, USER_RECORD_LOAD_REFUSE_SECRET
|USER_RECORD_PERMISSIVE
);
573 return log_error_errno(r
, "Failed to load home record identity: %m");
579 static int home_verify_user_record(Home
*h
, UserRecord
*hr
, bool *ret_signed_locally
, sd_bus_error
*ret_error
) {
584 assert(ret_signed_locally
);
586 is_signed
= manager_verify_user_record(h
->manager
, hr
);
589 case USER_RECORD_SIGNED_EXCLUSIVE
:
590 log_info("Home %s is signed exclusively by our key, accepting.", hr
->user_name
);
591 *ret_signed_locally
= true;
594 case USER_RECORD_SIGNED
:
595 log_info("Home %s is signed by our key (and others), accepting.", hr
->user_name
);
596 *ret_signed_locally
= false;
599 case USER_RECORD_FOREIGN
:
600 log_info("Home %s is signed by foreign key we like, accepting.", hr
->user_name
);
601 *ret_signed_locally
= false;
604 case USER_RECORD_UNSIGNED
:
605 sd_bus_error_setf(ret_error
, BUS_ERROR_BAD_SIGNATURE
, "User record %s is not signed at all, refusing.", hr
->user_name
);
606 return log_error_errno(SYNTHETIC_ERRNO(EPERM
), "Home %s contains user record that is not signed at all, refusing.", hr
->user_name
);
609 sd_bus_error_setf(ret_error
, BUS_ERROR_BAD_SIGNATURE
, "User record %s is not signed by any known key, refusing.", hr
->user_name
);
610 return log_error_errno(is_signed
, "Home %s contains user record that is not signed by any known key, refusing.", hr
->user_name
);
613 assert(is_signed
< 0);
614 return log_error_errno(is_signed
, "Failed to verify signature on user record for %s, refusing fixation: %m", hr
->user_name
);
618 static int convert_worker_errno(Home
*h
, int e
, sd_bus_error
*error
) {
619 /* Converts the error numbers the worker process returned into somewhat sensible dbus errors */
624 return sd_bus_error_set(error
, BUS_ERROR_BAD_HOME_SIZE
, "File systems of this type cannot be shrunk");
626 return sd_bus_error_set(error
, BUS_ERROR_BAD_HOME_SIZE
, "File systems of this type can only be shrunk offline");
628 return sd_bus_error_set(error
, BUS_ERROR_BAD_HOME_SIZE
, "File system size too small");
630 return sd_bus_error_set(error
, SD_BUS_ERROR_NOT_SUPPORTED
, "System does not support selected storage backend");
631 case -EPROTONOSUPPORT
:
632 return sd_bus_error_set(error
, SD_BUS_ERROR_NOT_SUPPORTED
, "System does not support selected file system");
634 return sd_bus_error_set(error
, SD_BUS_ERROR_NOT_SUPPORTED
, "Operation not supported on storage backend");
635 case -ESOCKTNOSUPPORT
:
636 return sd_bus_error_set(error
, SD_BUS_ERROR_NOT_SUPPORTED
, "Operation not supported on file system");
638 return sd_bus_error_setf(error
, BUS_ERROR_BAD_PASSWORD
, "Password for home %s is incorrect or not sufficient for authentication.", h
->user_name
);
640 return sd_bus_error_setf(error
, BUS_ERROR_BAD_PASSWORD_AND_NO_TOKEN
, "Password for home %s is incorrect or not sufficient, and configured security token not found either.", h
->user_name
);
642 return sd_bus_error_setf(error
, BUS_ERROR_BAD_RECOVERY_KEY
, "Recovery key for home %s is incorrect or not sufficient for authentication.", h
->user_name
);
644 return sd_bus_error_set(error
, BUS_ERROR_TOKEN_PIN_NEEDED
, "PIN for security token required.");
646 return sd_bus_error_set(error
, BUS_ERROR_TOKEN_PROTECTED_AUTHENTICATION_PATH_NEEDED
, "Security token requires protected authentication path.");
648 return sd_bus_error_set(error
, BUS_ERROR_TOKEN_USER_PRESENCE_NEEDED
, "Security token requires presence confirmation.");
650 return sd_bus_error_set(error
, BUS_ERROR_TOKEN_USER_VERIFICATION_NEEDED
, "Security token requires user verification.");
652 return sd_bus_error_set(error
, BUS_ERROR_TOKEN_ACTION_TIMEOUT
, "Token action timeout. (User was supposed to verify presence or similar, by interacting with the token, and didn't do that in time.)");
654 return sd_bus_error_set(error
, BUS_ERROR_TOKEN_PIN_LOCKED
, "PIN of security token locked.");
656 return sd_bus_error_set(error
, BUS_ERROR_TOKEN_BAD_PIN
, "Bad PIN of security token.");
658 return sd_bus_error_set(error
, BUS_ERROR_TOKEN_BAD_PIN_FEW_TRIES_LEFT
, "Bad PIN of security token, and only a few tries left.");
660 return sd_bus_error_set(error
, BUS_ERROR_TOKEN_BAD_PIN_ONE_TRY_LEFT
, "Bad PIN of security token, and only one try left.");
662 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "Home %s is currently being used, or an operation on home %s is currently being executed.", h
->user_name
, h
->user_name
);
664 return sd_bus_error_setf(error
, BUS_ERROR_HOME_NOT_ACTIVE
, "Home %s is currently not active", h
->user_name
);
666 return sd_bus_error_setf(error
, BUS_ERROR_NO_DISK_SPACE
, "Not enough disk space for home %s", h
->user_name
);
668 return sd_bus_error_setf(error
, BUS_ERROR_HOME_CANT_AUTHENTICATE
, "Home %s has no password or other authentication mechanism defined.", h
->user_name
);
670 return sd_bus_error_setf(error
, BUS_ERROR_HOME_IN_USE
, "Home %s is currently being used elsewhere.", h
->user_name
);
676 static void home_count_bad_authentication(Home
*h
, int error
, bool save
) {
682 -ENOKEY
, /* Password incorrect */
683 -EBADSLT
, /* Password incorrect and no token */
684 -EREMOTEIO
)) /* Recovery key incorrect */
687 r
= user_record_bad_authentication(h
->record
);
689 log_warning_errno(r
, "Failed to increase bad authentication counter, ignoring: %m");
694 r
= home_save_record(h
);
696 log_warning_errno(r
, "Failed to write home record to disk, ignoring: %m");
700 static void home_fixate_finish(Home
*h
, int ret
, UserRecord
*hr
) {
701 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
702 _cleanup_(user_record_unrefp
) UserRecord
*secret
= NULL
;
707 assert(IN_SET(h
->state
, HOME_FIXATING
, HOME_FIXATING_FOR_ACTIVATION
, HOME_FIXATING_FOR_ACQUIRE
));
709 secret
= TAKE_PTR(h
->secret
); /* Take possession */
712 (void) home_count_bad_authentication(h
, ret
, /* save= */ false);
714 (void) convert_worker_errno(h
, ret
, &error
);
715 r
= log_error_errno(ret
, "Fixation failed: %m");
719 r
= log_error_errno(SYNTHETIC_ERRNO(EIO
), "Did not receive user record from worker process, fixation failed.");
723 r
= home_verify_user_record(h
, hr
, &signed_locally
, &error
);
727 r
= home_set_record(h
, hr
);
729 log_error_errno(r
, "Failed to update home record: %m");
733 h
->signed_locally
= signed_locally
;
735 /* When we finished fixating (and don't follow-up with activation), let's count this as good authentication */
736 if (h
->state
== HOME_FIXATING
) {
737 r
= user_record_good_authentication(h
->record
);
739 log_warning_errno(r
, "Failed to increase good authentication counter, ignoring: %m");
742 r
= home_save_record(h
);
744 log_warning_errno(r
, "Failed to write home record to disk, ignoring: %m");
746 if (IN_SET(h
->state
, HOME_FIXATING_FOR_ACTIVATION
, HOME_FIXATING_FOR_ACQUIRE
)) {
748 r
= home_start_work(h
, "activate", h
->record
, secret
, NULL
, 0);
750 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, NULL
);
751 home_set_state(h
, _HOME_STATE_INVALID
);
753 home_set_state(h
, h
->state
== HOME_FIXATING_FOR_ACTIVATION
? HOME_ACTIVATING
: HOME_ACTIVATING_FOR_ACQUIRE
);
758 log_debug("Fixation of %s completed.", h
->user_name
);
760 h
->current_operation
= operation_result_unref(h
->current_operation
, 0, NULL
);
762 /* Reset the state to "invalid", which makes home_get_state() test if the image exists and returns
763 * HOME_ABSENT vs. HOME_INACTIVE as necessary. */
764 home_set_state(h
, _HOME_STATE_INVALID
);
765 (void) manager_schedule_rebalance(h
->manager
, /* immediately= */ false);
769 /* If fixation fails, we stay in unfixated state! */
770 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
771 home_set_state(h
, HOME_UNFIXATED
);
774 static bool error_is_bad_password(int ret
) {
775 /* Tests for the various cases of bad passwords. We generally don't want to log so loudly about
776 * these, since everyone types in a bad password now and then. Moreover we usually try to start out
777 * with an empty set of passwords, so the first authentication will frequently fail, if not token is
781 -ENOKEY
, /* Bad password, or insufficient */
782 -EBADSLT
, /* Bad password, and no token */
783 -EREMOTEIO
, /* Bad recovery key */
784 -ENOANO
, /* PIN for security token needed */
785 -ERFKILL
, /* "Protected Authentication Path" for token needed */
786 -EMEDIUMTYPE
, /* Presence confirmation on token needed */
787 -ENOCSI
, /* User verification on token needed */
788 -ENOSTR
, /* Token action timeout */
789 -EOWNERDEAD
, /* PIN locked of security token */
790 -ENOLCK
, /* Bad PIN of security token */
791 -ETOOMANYREFS
, /* Bad PIN and few tries left */
792 -EUCLEAN
); /* Bad PIN and one try left */
795 static void home_activate_finish(Home
*h
, int ret
, UserRecord
*hr
) {
796 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
800 assert(IN_SET(h
->state
, HOME_ACTIVATING
, HOME_ACTIVATING_FOR_ACQUIRE
));
803 (void) home_count_bad_authentication(h
, ret
, /* save= */ true);
805 (void) convert_worker_errno(h
, ret
, &error
);
806 r
= log_full_errno(error_is_bad_password(ret
) ? LOG_NOTICE
: LOG_ERR
,
807 ret
, "Activation failed: %s", bus_error_message(&error
, ret
));
814 r
= home_verify_user_record(h
, hr
, &signed_locally
, &error
);
818 r
= home_set_record(h
, hr
);
820 log_error_errno(r
, "Failed to update home record, ignoring: %m");
824 h
->signed_locally
= signed_locally
;
826 r
= user_record_good_authentication(h
->record
);
828 log_warning_errno(r
, "Failed to increase good authentication counter, ignoring: %m");
830 r
= home_save_record(h
);
832 log_warning_errno(r
, "Failed to write home record to disk, ignoring: %m");
835 log_debug("Activation of %s completed.", h
->user_name
);
839 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
840 home_set_state(h
, _HOME_STATE_INVALID
);
843 (void) manager_schedule_rebalance(h
->manager
, /* immediately= */ true);
846 static void home_deactivate_finish(Home
*h
, int ret
, UserRecord
*hr
) {
847 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
851 assert(h
->state
== HOME_DEACTIVATING
);
852 assert(!hr
); /* We don't expect a record on this operation */
855 (void) convert_worker_errno(h
, ret
, &error
);
856 r
= log_error_errno(ret
, "Deactivation of %s failed: %m", h
->user_name
);
860 log_debug("Deactivation of %s completed.", h
->user_name
);
864 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
865 home_set_state(h
, _HOME_STATE_INVALID
);
868 (void) manager_schedule_rebalance(h
->manager
, /* immediately= */ true);
871 static void home_remove_finish(Home
*h
, int ret
, UserRecord
*hr
) {
872 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
877 assert(h
->state
== HOME_REMOVING
);
878 assert(!hr
); /* We don't expect a record on this operation */
882 if (ret
< 0 && ret
!= -EALREADY
) {
883 (void) convert_worker_errno(h
, ret
, &error
);
884 r
= log_error_errno(ret
, "Removing %s failed: %m", h
->user_name
);
888 /* For a couple of storage types we can't delete the actual data storage when called (such as LUKS on
889 * partitions like USB sticks, or so). Sometimes these storage locations are among those we normally
890 * automatically discover in /home or in udev. When such a home is deleted let's hence issue a rescan
891 * after completion, so that "unfixated" entries are rediscovered. */
892 if (!IN_SET(user_record_test_image_path(h
->record
), USER_TEST_UNDEFINED
, USER_TEST_ABSENT
))
893 manager_enqueue_rescan(m
);
895 /* The image is now removed from disk. Now also remove our stored record */
896 r
= home_unlink_record(h
);
898 log_error_errno(r
, "Removing record file failed: %m");
902 log_debug("Removal of %s completed.", h
->user_name
);
903 h
->current_operation
= operation_result_unref(h
->current_operation
, 0, NULL
);
905 /* Unload this record from memory too now. */
908 (void) manager_schedule_rebalance(m
, /* immediately= */ true);
912 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
913 home_set_state(h
, _HOME_STATE_INVALID
);
916 static void home_create_finish(Home
*h
, int ret
, UserRecord
*hr
) {
920 assert(h
->state
== HOME_CREATING
);
923 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
925 (void) convert_worker_errno(h
, ret
, &error
);
926 log_error_errno(ret
, "Operation on %s failed: %m", h
->user_name
);
927 h
->current_operation
= operation_result_unref(h
->current_operation
, ret
, &error
);
929 if (h
->unregister_on_failure
) {
930 (void) home_unlink_record(h
);
935 home_set_state(h
, _HOME_STATE_INVALID
);
940 r
= home_set_record(h
, hr
);
942 log_warning_errno(r
, "Failed to update home record, ignoring: %m");
945 r
= home_save_record(h
);
947 log_warning_errno(r
, "Failed to save record to disk, ignoring: %m");
949 log_debug("Creation of %s completed.", h
->user_name
);
951 h
->current_operation
= operation_result_unref(h
->current_operation
, 0, NULL
);
952 home_set_state(h
, _HOME_STATE_INVALID
);
954 (void) manager_schedule_rebalance(h
->manager
, /* immediately= */ true);
957 static void home_change_finish(Home
*h
, int ret
, UserRecord
*hr
) {
958 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
964 (void) home_count_bad_authentication(h
, ret
, /* save= */ true);
966 (void) convert_worker_errno(h
, ret
, &error
);
967 r
= log_full_errno(error_is_bad_password(ret
) ? LOG_NOTICE
: LOG_ERR
,
968 ret
, "Change operation failed: %s", bus_error_message(&error
, ret
));
973 r
= home_set_record(h
, hr
);
975 log_warning_errno(r
, "Failed to update home record, ignoring: %m");
977 r
= user_record_good_authentication(h
->record
);
979 log_warning_errno(r
, "Failed to increase good authentication counter, ignoring: %m");
981 r
= home_save_record(h
);
983 log_warning_errno(r
, "Failed to write home record to disk, ignoring: %m");
987 log_debug("Change operation of %s completed.", h
->user_name
);
988 (void) manager_schedule_rebalance(h
->manager
, /* immediately= */ false);
992 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
993 home_set_state(h
, _HOME_STATE_INVALID
);
996 static void home_locking_finish(Home
*h
, int ret
, UserRecord
*hr
) {
997 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1001 assert(h
->state
== HOME_LOCKING
);
1004 (void) convert_worker_errno(h
, ret
, &error
);
1005 r
= log_error_errno(ret
, "Locking operation failed: %m");
1009 log_debug("Locking operation of %s completed.", h
->user_name
);
1010 h
->current_operation
= operation_result_unref(h
->current_operation
, 0, NULL
);
1011 home_set_state(h
, HOME_LOCKED
);
1015 /* If a specific home doesn't know the concept of locking, then that's totally OK, don't propagate
1016 * the error if we are executing a LockAllHomes() operation. */
1018 if (h
->current_operation
->type
== OPERATION_LOCK_ALL
&& r
== -ENOTTY
)
1019 h
->current_operation
= operation_result_unref(h
->current_operation
, 0, NULL
);
1021 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
1023 home_set_state(h
, _HOME_STATE_INVALID
);
1026 static void home_unlocking_finish(Home
*h
, int ret
, UserRecord
*hr
) {
1027 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1031 assert(IN_SET(h
->state
, HOME_UNLOCKING
, HOME_UNLOCKING_FOR_ACQUIRE
));
1034 (void) home_count_bad_authentication(h
, ret
, /* save= */ true);
1036 (void) convert_worker_errno(h
, ret
, &error
);
1037 r
= log_full_errno(error_is_bad_password(ret
) ? LOG_NOTICE
: LOG_ERR
,
1038 ret
, "Unlocking operation failed: %s", bus_error_message(&error
, ret
));
1040 /* Revert to locked state */
1041 home_set_state(h
, HOME_LOCKED
);
1042 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
1046 r
= user_record_good_authentication(h
->record
);
1048 log_warning_errno(r
, "Failed to increase good authentication counter, ignoring: %m");
1050 r
= home_save_record(h
);
1052 log_warning_errno(r
, "Failed to write home record to disk, ignoring: %m");
1055 log_debug("Unlocking operation of %s completed.", h
->user_name
);
1057 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
1058 home_set_state(h
, _HOME_STATE_INVALID
);
1062 static void home_authenticating_finish(Home
*h
, int ret
, UserRecord
*hr
) {
1063 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1067 assert(IN_SET(h
->state
, HOME_AUTHENTICATING
, HOME_AUTHENTICATING_WHILE_ACTIVE
, HOME_AUTHENTICATING_FOR_ACQUIRE
));
1070 (void) home_count_bad_authentication(h
, ret
, /* save= */ true);
1072 (void) convert_worker_errno(h
, ret
, &error
);
1073 r
= log_full_errno(error_is_bad_password(ret
) ? LOG_NOTICE
: LOG_ERR
,
1074 ret
, "Authentication failed: %s", bus_error_message(&error
, ret
));
1079 r
= home_set_record(h
, hr
);
1081 log_warning_errno(r
, "Failed to update home record, ignoring: %m");
1083 r
= user_record_good_authentication(h
->record
);
1085 log_warning_errno(r
, "Failed to increase good authentication counter, ignoring: %m");
1087 r
= home_save_record(h
);
1089 log_warning_errno(r
, "Failed to write home record to disk, ignoring: %m");
1093 log_debug("Authentication of %s completed.", h
->user_name
);
1097 h
->current_operation
= operation_result_unref(h
->current_operation
, r
, &error
);
1098 home_set_state(h
, _HOME_STATE_INVALID
);
1101 static int home_on_worker_process(sd_event_source
*s
, const siginfo_t
*si
, void *userdata
) {
1102 _cleanup_(user_record_unrefp
) UserRecord
*hr
= NULL
;
1103 Home
*h
= ASSERT_PTR(userdata
);
1109 assert(h
->worker_pid
== si
->si_pid
);
1110 assert(h
->worker_event_source
);
1111 assert(h
->worker_stdout_fd
>= 0);
1113 (void) hashmap_remove_value(h
->manager
->homes_by_worker_pid
, PID_TO_PTR(h
->worker_pid
), h
);
1116 h
->worker_event_source
= sd_event_source_disable_unref(h
->worker_event_source
);
1118 if (si
->si_code
!= CLD_EXITED
) {
1119 assert(IN_SET(si
->si_code
, CLD_KILLED
, CLD_DUMPED
));
1120 ret
= log_debug_errno(SYNTHETIC_ERRNO(EPROTO
), "Worker process died abnormally with signal %s.", signal_to_string(si
->si_status
));
1121 } else if (si
->si_status
!= EXIT_SUCCESS
) {
1122 /* If we received an error code via sd_notify(), use it */
1123 if (h
->worker_error_code
!= 0)
1124 ret
= log_debug_errno(h
->worker_error_code
, "Worker reported error code %s.", errno_to_name(h
->worker_error_code
));
1126 ret
= log_debug_errno(SYNTHETIC_ERRNO(EPROTO
), "Worker exited with exit code %i.", si
->si_status
);
1128 ret
= home_parse_worker_stdout(TAKE_FD(h
->worker_stdout_fd
), &hr
);
1130 h
->worker_stdout_fd
= safe_close(h
->worker_stdout_fd
);
1135 case HOME_FIXATING_FOR_ACTIVATION
:
1136 case HOME_FIXATING_FOR_ACQUIRE
:
1137 home_fixate_finish(h
, ret
, hr
);
1140 case HOME_ACTIVATING
:
1141 case HOME_ACTIVATING_FOR_ACQUIRE
:
1142 home_activate_finish(h
, ret
, hr
);
1145 case HOME_DEACTIVATING
:
1146 home_deactivate_finish(h
, ret
, hr
);
1150 home_locking_finish(h
, ret
, hr
);
1153 case HOME_UNLOCKING
:
1154 case HOME_UNLOCKING_FOR_ACQUIRE
:
1155 home_unlocking_finish(h
, ret
, hr
);
1159 home_create_finish(h
, ret
, hr
);
1163 home_remove_finish(h
, ret
, hr
);
1167 case HOME_UPDATING_WHILE_ACTIVE
:
1169 case HOME_RESIZING_WHILE_ACTIVE
:
1171 case HOME_PASSWD_WHILE_ACTIVE
:
1172 home_change_finish(h
, ret
, hr
);
1175 case HOME_AUTHENTICATING
:
1176 case HOME_AUTHENTICATING_WHILE_ACTIVE
:
1177 case HOME_AUTHENTICATING_FOR_ACQUIRE
:
1178 home_authenticating_finish(h
, ret
, hr
);
1182 assert_not_reached();
1188 static int home_start_work(
1195 _cleanup_(json_variant_unrefp
) JsonVariant
*v
= NULL
, *fdmap
= NULL
;
1196 _cleanup_(erase_and_freep
) char *formatted
= NULL
;
1197 _cleanup_close_
int stdin_fd
= -EBADF
, stdout_fd
= -EBADF
;
1198 _cleanup_free_
int *blob_fds
= NULL
;
1206 if (h
->worker_pid
!= 0)
1209 assert(h
->worker_stdout_fd
< 0);
1210 assert(!h
->worker_event_source
);
1212 v
= json_variant_ref(hr
->json
);
1215 JsonVariant
*sub
= NULL
;
1217 sub
= json_variant_by_key(secret
->json
, "secret");
1221 r
= json_variant_set_field(&v
, "secret", sub
);
1227 const char *blob_filename
= NULL
;
1231 blob_fds
= new(int, hashmap_size(blobs
));
1235 /* homework needs to be able to tell the difference between blobs being null
1236 * (the fdmap field is completely missing) and it being empty (the field is an
1238 r
= json_variant_new_object(&fdmap
, NULL
, 0);
1242 HASHMAP_FOREACH_KEY(fd_ptr
, blob_filename
, blobs
) {
1243 blob_fds
[i
] = PTR_TO_FD(fd_ptr
);
1245 r
= json_variant_set_field_integer(&fdmap
, blob_filename
, i
);
1252 r
= json_variant_set_field(&v
, HOMEWORK_BLOB_FDMAP_FIELD
, fdmap
);
1257 r
= json_variant_format(v
, 0, &formatted
);
1261 stdin_fd
= acquire_data_fd(formatted
, strlen(formatted
), 0);
1265 log_debug("Sending to worker: %s", formatted
);
1267 stdout_fd
= memfd_create_wrapper("homework-stdout", MFD_CLOEXEC
| MFD_NOEXEC_SEAL
);
1271 r
= safe_fork_full("(sd-homework)",
1272 (int[]) { stdin_fd
, stdout_fd
, STDERR_FILENO
},
1273 blob_fds
, hashmap_size(blobs
),
1274 FORK_RESET_SIGNALS
|FORK_CLOSE_ALL_FDS
|FORK_CLOEXEC_OFF
|FORK_PACK_FDS
|FORK_DEATHSIG_SIGTERM
|
1275 FORK_REARRANGE_STDIO
|FORK_LOG
|FORK_REOPEN_LOG
, &pid
);
1279 _cleanup_free_
char *joined
= NULL
;
1280 const char *suffix
, *unix_path
;
1284 suffix
= getenv("SYSTEMD_HOME_DEBUG_SUFFIX");
1286 joined
= strjoin("/run/systemd/home/notify.", suffix
);
1291 unix_path
= "/run/systemd/home/notify";
1293 if (setenv("NOTIFY_SOCKET", unix_path
, 1) < 0) {
1294 log_error_errno(errno
, "Failed to set $NOTIFY_SOCKET: %m");
1295 _exit(EXIT_FAILURE
);
1298 /* If we haven't locked the device yet, ask for a lock to be taken and be passed back to us via sd_notify(). */
1299 if (setenv("SYSTEMD_LUKS_LOCK", one_zero(h
->luks_lock_fd
< 0), 1) < 0) {
1300 log_error_errno(errno
, "Failed to set $SYSTEMD_LUKS_LOCK: %m");
1301 _exit(EXIT_FAILURE
);
1304 if (h
->manager
->default_storage
>= 0)
1305 if (setenv("SYSTEMD_HOME_DEFAULT_STORAGE", user_storage_to_string(h
->manager
->default_storage
), 1) < 0) {
1306 log_error_errno(errno
, "Failed to set $SYSTEMD_HOME_DEFAULT_STORAGE: %m");
1307 _exit(EXIT_FAILURE
);
1310 if (h
->manager
->default_file_system_type
)
1311 if (setenv("SYSTEMD_HOME_DEFAULT_FILE_SYSTEM_TYPE", h
->manager
->default_file_system_type
, 1) < 0) {
1312 log_error_errno(errno
, "Failed to set $SYSTEMD_HOME_DEFAULT_FILE_SYSTEM_TYPE: %m");
1313 _exit(EXIT_FAILURE
);
1316 r
= setenv_systemd_exec_pid(true);
1318 log_warning_errno(r
, "Failed to update $SYSTEMD_EXEC_PID, ignoring: %m");
1320 r
= setenv_systemd_log_level();
1322 log_warning_errno(r
, "Failed to update $SYSTEMD_LOG_LEVEL, ignoring: %m");
1324 r
= invoke_callout_binary(SYSTEMD_HOMEWORK_PATH
, STRV_MAKE(SYSTEMD_HOMEWORK_PATH
, verb
));
1325 log_error_errno(r
, "Failed to invoke %s: %m", SYSTEMD_HOMEWORK_PATH
);
1326 _exit(EXIT_FAILURE
);
1329 r
= sd_event_add_child(h
->manager
->event
, &h
->worker_event_source
, pid
, WEXITED
, home_on_worker_process
, h
);
1333 (void) sd_event_source_set_description(h
->worker_event_source
, "worker");
1335 r
= hashmap_put(h
->manager
->homes_by_worker_pid
, PID_TO_PTR(pid
), h
);
1337 h
->worker_event_source
= sd_event_source_disable_unref(h
->worker_event_source
);
1341 h
->worker_stdout_fd
= TAKE_FD(stdout_fd
);
1342 h
->worker_pid
= pid
;
1343 h
->worker_error_code
= 0;
1348 static int home_ratelimit(Home
*h
, sd_bus_error
*error
) {
1353 ret
= user_record_ratelimit(h
->record
);
1357 if (h
->state
!= HOME_UNFIXATED
) {
1358 r
= home_save_record(h
);
1360 log_warning_errno(r
, "Failed to save updated record, ignoring: %m");
1366 n
= now(CLOCK_REALTIME
);
1367 t
= user_record_ratelimit_next_try(h
->record
);
1369 if (t
!= USEC_INFINITY
&& t
> n
)
1370 return sd_bus_error_setf(error
, BUS_ERROR_AUTHENTICATION_LIMIT_HIT
,
1371 "Too many login attempts, please try again in %s!",
1372 FORMAT_TIMESPAN(t
- n
, USEC_PER_SEC
));
1374 return sd_bus_error_set(error
, BUS_ERROR_AUTHENTICATION_LIMIT_HIT
, "Too many login attempts, please try again later.");
1380 static int home_fixate_internal(
1383 HomeState for_state
,
1384 sd_bus_error
*error
) {
1390 assert(IN_SET(for_state
, HOME_FIXATING
, HOME_FIXATING_FOR_ACTIVATION
, HOME_FIXATING_FOR_ACQUIRE
));
1392 r
= home_start_work(h
, "inspect", h
->record
, secret
, NULL
, 0);
1396 if (IN_SET(for_state
, HOME_FIXATING_FOR_ACTIVATION
, HOME_FIXATING_FOR_ACQUIRE
)) {
1397 /* Remember the secret data, since we need it for the activation again, later on. */
1398 user_record_unref(h
->secret
);
1399 h
->secret
= user_record_ref(secret
);
1402 home_set_state(h
, for_state
);
1406 int home_fixate(Home
*h
, UserRecord
*secret
, sd_bus_error
*error
) {
1412 switch (home_get_state(h
)) {
1414 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ABSENT
, "Home %s is currently missing or not plugged in.", h
->user_name
);
1418 case HOME_LINGERING
:
1420 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ALREADY_FIXATED
, "Home %s is already fixated.", h
->user_name
);
1421 case HOME_UNFIXATED
:
1424 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1427 r
= home_ratelimit(h
, error
);
1431 return home_fixate_internal(h
, secret
, HOME_FIXATING
, error
);
1434 static int home_activate_internal(Home
*h
, UserRecord
*secret
, HomeState for_state
, sd_bus_error
*error
) {
1439 assert(IN_SET(for_state
, HOME_ACTIVATING
, HOME_ACTIVATING_FOR_ACQUIRE
));
1441 r
= home_start_work(h
, "activate", h
->record
, secret
, NULL
, 0);
1445 home_set_state(h
, for_state
);
1449 int home_activate(Home
*h
, bool if_referenced
, UserRecord
*secret
, sd_bus_error
*error
) {
1455 if (if_referenced
&& !home_is_referenced(h
))
1456 return sd_bus_error_setf(error
, BUS_ERROR_HOME_NOT_REFERENCED
, "Home %s is currently not referenced.", h
->user_name
);
1458 switch (home_get_state(h
)) {
1459 case HOME_UNFIXATED
:
1460 return home_fixate_internal(h
, secret
, HOME_FIXATING_FOR_ACTIVATION
, error
);
1462 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ABSENT
, "Home %s is currently missing or not plugged in.", h
->user_name
);
1464 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ALREADY_ACTIVE
, "Home %s is already active.", h
->user_name
);
1465 case HOME_LINGERING
:
1466 /* If we are lingering, i.e. active but are supposed to be deactivated, then cancel this
1467 * timer if the user explicitly asks us to be active */
1468 h
->retry_deactivate_event_source
= sd_event_source_disable_unref(h
->retry_deactivate_event_source
);
1471 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
1476 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1479 r
= home_ratelimit(h
, error
);
1483 return home_activate_internal(h
, secret
, HOME_ACTIVATING
, error
);
1486 static int home_authenticate_internal(Home
*h
, UserRecord
*secret
, HomeState for_state
, sd_bus_error
*error
) {
1491 assert(IN_SET(for_state
, HOME_AUTHENTICATING
, HOME_AUTHENTICATING_WHILE_ACTIVE
, HOME_AUTHENTICATING_FOR_ACQUIRE
));
1493 r
= home_start_work(h
, "inspect", h
->record
, secret
, NULL
, 0);
1497 home_set_state(h
, for_state
);
1501 int home_authenticate(Home
*h
, UserRecord
*secret
, sd_bus_error
*error
) {
1508 state
= home_get_state(h
);
1511 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ABSENT
, "Home %s is currently missing or not plugged in.", h
->user_name
);
1513 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
1514 case HOME_UNFIXATED
:
1518 case HOME_LINGERING
:
1521 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1524 r
= home_ratelimit(h
, error
);
1528 return home_authenticate_internal(h
, secret
, HOME_STATE_IS_ACTIVE(state
) ? HOME_AUTHENTICATING_WHILE_ACTIVE
: HOME_AUTHENTICATING
, error
);
1531 static int home_deactivate_internal(Home
*h
, bool force
, sd_bus_error
*error
) {
1536 home_unpin(h
); /* unpin so that we can deactivate */
1538 r
= home_start_work(h
, force
? "deactivate-force" : "deactivate", h
->record
, NULL
, NULL
, 0);
1540 /* Operation failed before it even started, reacquire pin fd, if state still dictates so */
1541 home_update_pin_fd(h
, _HOME_STATE_INVALID
);
1543 home_set_state(h
, HOME_DEACTIVATING
);
1547 /* Let's start a timer to retry deactivation in 15. We'll stop the timer once we manage to deactivate
1548 * the home directory again, or we start any other operation. */
1549 home_start_retry_deactivate(h
);
1554 int home_deactivate(Home
*h
, bool force
, sd_bus_error
*error
) {
1557 switch (home_get_state(h
)) {
1558 case HOME_UNFIXATED
:
1562 return sd_bus_error_setf(error
, BUS_ERROR_HOME_NOT_ACTIVE
, "Home %s not active.", h
->user_name
);
1564 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
1566 case HOME_LINGERING
:
1569 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1572 return home_deactivate_internal(h
, force
, error
);
1575 int home_create(Home
*h
, UserRecord
*secret
, Hashmap
*blobs
, uint64_t flags
, sd_bus_error
*error
) {
1581 switch (home_get_state(h
)) {
1582 case HOME_INACTIVE
: {
1585 if (h
->record
->storage
< 0)
1586 break; /* if no storage is defined we don't know what precisely to look for, hence
1587 * HOME_INACTIVE is OK in that case too. */
1589 t
= user_record_test_image_path(h
->record
);
1590 if (IN_SET(t
, USER_TEST_MAYBE
, USER_TEST_UNDEFINED
))
1591 break; /* And if the image path test isn't conclusive, let's also go on */
1593 if (IN_SET(t
, -EBADF
, -ENOTDIR
))
1594 return sd_bus_error_setf(error
, BUS_ERROR_HOME_EXISTS
, "Selected home image of user %s already exists or has wrong inode type.", h
->user_name
);
1596 return sd_bus_error_setf(error
, BUS_ERROR_HOME_EXISTS
, "Selected home image of user %s already exists.", h
->user_name
);
1598 case HOME_UNFIXATED
:
1600 return sd_bus_error_setf(error
, BUS_ERROR_HOME_EXISTS
, "Home of user %s already exists.", h
->user_name
);
1604 case HOME_LINGERING
:
1607 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "Home %s is currently being used, or an operation on home %s is currently being executed.", h
->user_name
, h
->user_name
);
1610 if (h
->record
->enforce_password_policy
== false)
1611 log_debug("Password quality check turned off for account, skipping.");
1613 r
= user_record_check_password_quality(h
->record
, secret
, error
);
1618 r
= home_start_work(h
, "create", h
->record
, secret
, blobs
, flags
);
1622 home_set_state(h
, HOME_CREATING
);
1626 int home_remove(Home
*h
, sd_bus_error
*error
) {
1632 state
= home_get_state(h
);
1634 case HOME_ABSENT
: /* If the home directory is absent, then this is just like unregistering */
1635 return home_unregister(h
, error
);
1637 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
1638 case HOME_UNFIXATED
:
1643 case HOME_LINGERING
:
1645 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "Home %s is currently being used, or an operation on home %s is currently being executed.", h
->user_name
, h
->user_name
);
1648 r
= home_start_work(h
, "remove", h
->record
, NULL
, NULL
, 0);
1652 home_set_state(h
, HOME_REMOVING
);
1656 static int user_record_extend_with_binding(UserRecord
*hr
, UserRecord
*with_binding
, UserRecordLoadFlags flags
, UserRecord
**ret
) {
1657 _cleanup_(json_variant_unrefp
) JsonVariant
*v
= NULL
;
1658 _cleanup_(user_record_unrefp
) UserRecord
*nr
= NULL
;
1659 JsonVariant
*binding
;
1663 assert(with_binding
);
1666 assert_se(v
= json_variant_ref(hr
->json
));
1668 binding
= json_variant_by_key(with_binding
->json
, "binding");
1670 r
= json_variant_set_field(&v
, "binding", binding
);
1675 nr
= user_record_new();
1679 r
= user_record_load(nr
, v
, flags
);
1683 *ret
= TAKE_PTR(nr
);
1687 static int home_update_internal(
1694 sd_bus_error
*error
) {
1696 _cleanup_(user_record_unrefp
) UserRecord
*new_hr
= NULL
, *saved_secret
= NULL
, *signed_hr
= NULL
;
1703 if (!user_record_compatible(hr
, h
->record
))
1704 return sd_bus_error_set(error
, BUS_ERROR_HOME_RECORD_MISMATCH
, "Updated user record is not compatible with existing one.");
1705 c
= user_record_compare_last_change(hr
, h
->record
); /* refuse downgrades */
1707 return sd_bus_error_set(error
, BUS_ERROR_HOME_RECORD_DOWNGRADE
, "Refusing to update to older home record.");
1709 if (!secret
&& FLAGS_SET(hr
->mask
, USER_RECORD_SECRET
)) {
1710 r
= user_record_clone(hr
, USER_RECORD_EXTRACT_SECRET
|USER_RECORD_PERMISSIVE
, &saved_secret
);
1714 secret
= saved_secret
;
1718 const char *failed
= NULL
;
1719 r
= user_record_ensure_blob_manifest(hr
, blobs
, &failed
);
1721 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "Provided blob files do not correspond to blob manifest.");
1723 return sd_bus_error_set_errnof(error
, r
, "Failed to generate hash for blob %s: %m", strnull(failed
));
1726 r
= manager_verify_user_record(h
->manager
, hr
);
1729 case USER_RECORD_UNSIGNED
:
1730 if (h
->signed_locally
<= 0) /* If the existing record is not owned by us, don't accept an
1731 * unsigned new record. i.e. only implicitly sign new records
1732 * that where previously signed by us too. */
1733 return sd_bus_error_setf(error
, BUS_ERROR_HOME_RECORD_SIGNED
, "Home %s is signed and cannot be modified locally.", h
->user_name
);
1735 /* The updated record is not signed, then do so now */
1736 r
= manager_sign_user_record(h
->manager
, hr
, &signed_hr
, error
);
1743 case USER_RECORD_SIGNED_EXCLUSIVE
:
1744 case USER_RECORD_SIGNED
:
1745 case USER_RECORD_FOREIGN
:
1746 /* Has already been signed. Great! */
1754 r
= user_record_extend_with_binding(hr
, h
->record
, USER_RECORD_LOAD_MASK_SECRET
|USER_RECORD_PERMISSIVE
, &new_hr
);
1759 /* different payload but same lastChangeUSec field? That's not cool! */
1761 r
= user_record_masked_equal(new_hr
, h
->record
, USER_RECORD_REGULAR
|USER_RECORD_PRIVILEGED
|USER_RECORD_PER_MACHINE
);
1765 return sd_bus_error_set(error
, BUS_ERROR_HOME_RECORD_MISMATCH
, "Home record different but timestamp remained the same, refusing.");
1768 r
= home_start_work(h
, verb
, new_hr
, secret
, blobs
, flags
);
1775 int home_update(Home
*h
, UserRecord
*hr
, Hashmap
*blobs
, uint64_t flags
, sd_bus_error
*error
) {
1782 state
= home_get_state(h
);
1784 case HOME_UNFIXATED
:
1785 return sd_bus_error_setf(error
, BUS_ERROR_HOME_UNFIXATED
, "Home %s has not been fixated yet.", h
->user_name
);
1787 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ABSENT
, "Home %s is currently missing or not plugged in.", h
->user_name
);
1789 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
1793 case HOME_LINGERING
:
1796 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1799 r
= home_ratelimit(h
, error
);
1803 r
= home_update_internal(h
, "update", hr
, NULL
, blobs
, flags
, error
);
1807 home_set_state(h
, HOME_STATE_IS_ACTIVE(state
) ? HOME_UPDATING_WHILE_ACTIVE
: HOME_UPDATING
);
1811 int home_resize(Home
*h
,
1815 sd_bus_error
*error
) {
1817 _cleanup_(user_record_unrefp
) UserRecord
*c
= NULL
;
1823 state
= home_get_state(h
);
1825 case HOME_UNFIXATED
:
1826 return sd_bus_error_setf(error
, BUS_ERROR_HOME_UNFIXATED
, "Home %s has not been fixated yet.", h
->user_name
);
1828 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ABSENT
, "Home %s is currently missing or not plugged in.", h
->user_name
);
1830 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
1834 case HOME_LINGERING
:
1837 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1840 r
= home_ratelimit(h
, error
);
1844 /* If the user didn't specify any size explicitly and rebalancing is on, then the disk size is
1845 * determined by automatic rebalancing and hence not user configured but determined by us and thus
1846 * applied anyway. */
1847 if (disk_size
== UINT64_MAX
&& h
->record
->rebalance_weight
!= REBALANCE_WEIGHT_OFF
)
1848 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "Disk size is being determined by automatic disk space rebalancing.");
1850 if (disk_size
== UINT64_MAX
|| disk_size
== h
->record
->disk_size
) {
1851 if (h
->record
->disk_size
== UINT64_MAX
)
1852 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "No disk size to resize to specified.");
1854 c
= user_record_ref(h
->record
); /* Shortcut if size is unspecified or matches the record */
1856 _cleanup_(user_record_unrefp
) UserRecord
*signed_c
= NULL
;
1858 if (h
->signed_locally
<= 0) /* Don't allow changing of records not signed only by us */
1859 return sd_bus_error_setf(error
, BUS_ERROR_HOME_RECORD_SIGNED
, "Home %s is signed and cannot be modified locally.", h
->user_name
);
1861 r
= user_record_clone(h
->record
, USER_RECORD_LOAD_REFUSE_SECRET
|USER_RECORD_PERMISSIVE
, &c
);
1865 r
= user_record_set_disk_size(c
, disk_size
);
1867 return sd_bus_error_setf(error
, BUS_ERROR_BAD_HOME_SIZE
, "Requested size for home %s out of acceptable range.", h
->user_name
);
1871 /* If user picked an explicit size, then turn off rebalancing, so that we don't undo what user chose */
1872 r
= user_record_set_rebalance_weight(c
, REBALANCE_WEIGHT_OFF
);
1876 r
= user_record_update_last_changed(c
, false);
1878 return sd_bus_error_setf(error
, BUS_ERROR_HOME_RECORD_MISMATCH
, "Record last change time of %s is newer than current time, cannot update.", h
->user_name
);
1882 r
= manager_sign_user_record(h
->manager
, c
, &signed_c
, error
);
1886 user_record_unref(c
);
1887 c
= TAKE_PTR(signed_c
);
1890 r
= home_update_internal(h
, automatic
? "resize-auto" : "resize", c
, secret
, NULL
, 0, error
);
1894 home_set_state(h
, HOME_STATE_IS_ACTIVE(state
) ? HOME_RESIZING_WHILE_ACTIVE
: HOME_RESIZING
);
1898 static int home_may_change_password(
1900 sd_bus_error
*error
) {
1906 r
= user_record_test_password_change_required(h
->record
);
1907 if (IN_SET(r
, -EKEYREVOKED
, -EOWNERDEAD
, -EKEYEXPIRED
, -ESTALE
))
1908 return 0; /* expired in some form, but changing is allowed */
1909 if (IN_SET(r
, -EKEYREJECTED
, -EROFS
))
1910 return sd_bus_error_setf(error
, SD_BUS_ERROR_ACCESS_DENIED
, "Expiration settings of account %s do not allow changing of password.", h
->user_name
);
1912 return log_error_errno(r
, "Failed to test password expiry: %m");
1914 return 0; /* not expired */
1917 int home_passwd(Home
*h
,
1918 UserRecord
*new_secret
,
1919 UserRecord
*old_secret
,
1920 sd_bus_error
*error
) {
1922 _cleanup_(user_record_unrefp
) UserRecord
*c
= NULL
, *merged_secret
= NULL
, *signed_c
= NULL
;
1930 if (h
->signed_locally
<= 0) /* Don't allow changing of records not signed only by us */
1931 return sd_bus_error_setf(error
, BUS_ERROR_HOME_RECORD_SIGNED
, "Home %s is signed and cannot be modified locally.", h
->user_name
);
1933 state
= home_get_state(h
);
1935 case HOME_UNFIXATED
:
1936 return sd_bus_error_setf(error
, BUS_ERROR_HOME_UNFIXATED
, "Home %s has not been fixated yet.", h
->user_name
);
1938 return sd_bus_error_setf(error
, BUS_ERROR_HOME_ABSENT
, "Home %s is currently missing or not plugged in.", h
->user_name
);
1940 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
1944 case HOME_LINGERING
:
1947 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
1950 r
= home_ratelimit(h
, error
);
1954 r
= home_may_change_password(h
, error
);
1958 r
= user_record_clone(h
->record
, USER_RECORD_LOAD_REFUSE_SECRET
|USER_RECORD_PERMISSIVE
, &c
);
1962 merged_secret
= user_record_new();
1966 r
= user_record_merge_secret(merged_secret
, old_secret
);
1970 r
= user_record_merge_secret(merged_secret
, new_secret
);
1974 if (!strv_isempty(new_secret
->password
)) {
1975 /* Update the password only if one is specified, otherwise let's just reuse the old password
1976 * data. This is useful as a way to propagate updated user records into the LUKS backends
1979 r
= user_record_make_hashed_password(c
, new_secret
->password
, /* extend = */ false);
1983 r
= user_record_set_password_change_now(c
, -1 /* remove */);
1988 r
= user_record_update_last_changed(c
, true);
1990 return sd_bus_error_setf(error
, BUS_ERROR_HOME_RECORD_MISMATCH
, "Record last change time of %s is newer than current time, cannot update.", h
->user_name
);
1994 r
= manager_sign_user_record(h
->manager
, c
, &signed_c
, error
);
1998 if (c
->enforce_password_policy
== false)
1999 log_debug("Password quality check turned off for account, skipping.");
2001 r
= user_record_check_password_quality(c
, merged_secret
, error
);
2006 r
= home_update_internal(h
, "passwd", signed_c
, merged_secret
, NULL
, 0, error
);
2010 home_set_state(h
, HOME_STATE_IS_ACTIVE(state
) ? HOME_PASSWD_WHILE_ACTIVE
: HOME_PASSWD
);
2014 int home_unregister(Home
*h
, sd_bus_error
*error
) {
2019 switch (home_get_state(h
)) {
2020 case HOME_UNFIXATED
:
2021 return sd_bus_error_setf(error
, BUS_ERROR_HOME_UNFIXATED
, "Home %s is not registered.", h
->user_name
);
2023 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
2029 case HOME_LINGERING
:
2031 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "Home %s is currently being used, or an operation on home %s is currently being executed.", h
->user_name
, h
->user_name
);
2034 r
= home_unlink_record(h
);
2038 /* And destroy the whole entry. The caller needs to be prepared for that. */
2043 int home_lock(Home
*h
, sd_bus_error
*error
) {
2048 switch (home_get_state(h
)) {
2049 case HOME_UNFIXATED
:
2053 return sd_bus_error_setf(error
, BUS_ERROR_HOME_NOT_ACTIVE
, "Home %s is not active.", h
->user_name
);
2055 return sd_bus_error_setf(error
, BUS_ERROR_HOME_LOCKED
, "Home %s is already locked.", h
->user_name
);
2057 case HOME_LINGERING
:
2060 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
2063 r
= home_start_work(h
, "lock", h
->record
, NULL
, NULL
, 0);
2067 home_set_state(h
, HOME_LOCKING
);
2071 static int home_unlock_internal(Home
*h
, UserRecord
*secret
, HomeState for_state
, sd_bus_error
*error
) {
2076 assert(IN_SET(for_state
, HOME_UNLOCKING
, HOME_UNLOCKING_FOR_ACQUIRE
));
2078 r
= home_start_work(h
, "unlock", h
->record
, secret
, NULL
, 0);
2082 home_set_state(h
, for_state
);
2086 int home_unlock(Home
*h
, UserRecord
*secret
, sd_bus_error
*error
) {
2092 r
= home_ratelimit(h
, error
);
2096 switch (home_get_state(h
)) {
2097 case HOME_UNFIXATED
:
2101 case HOME_LINGERING
:
2103 return sd_bus_error_setf(error
, BUS_ERROR_HOME_NOT_LOCKED
, "Home %s is not locked.", h
->user_name
);
2107 return sd_bus_error_setf(error
, BUS_ERROR_HOME_BUSY
, "An operation on home %s is currently being executed.", h
->user_name
);
2110 return home_unlock_internal(h
, secret
, HOME_UNLOCKING
, error
);
2113 HomeState
home_get_state(Home
*h
) {
2117 /* When the state field is initialized, it counts. */
2121 /* Otherwise, let's see if the home directory is mounted. If so, we assume for sure the home
2122 * directory is active */
2123 if (user_record_test_home_directory(h
->record
) == USER_TEST_MOUNTED
)
2124 return h
->retry_deactivate_event_source
? HOME_LINGERING
: HOME_ACTIVE
;
2126 /* And if we see the image being gone, we report this as absent */
2127 r
= user_record_test_image_path(h
->record
);
2128 if (r
== USER_TEST_ABSENT
)
2130 if (r
== USER_TEST_DIRTY
)
2133 /* And for all other cases we return "inactive". */
2134 return HOME_INACTIVE
;
2137 void home_process_notify(Home
*h
, char **l
, int fd
) {
2138 _cleanup_close_
int taken_fd
= TAKE_FD(fd
);
2145 e
= strv_env_get(l
, "SYSTEMD_LUKS_LOCK_FD");
2147 r
= parse_boolean(e
);
2149 return (void) log_debug_errno(r
, "Failed to parse SYSTEMD_LUKS_LOCK_FD value: %m");
2152 return (void) log_debug("Got notify message with SYSTEMD_LUKS_LOCK_FD=1 but no fd passed, ignoring: %m");
2154 close_and_replace(h
->luks_lock_fd
, taken_fd
);
2156 log_debug("Successfully acquired LUKS lock fd from worker.");
2158 /* Immediately check if we actually want to keep it */
2159 home_maybe_close_luks_lock_fd(h
, _HOME_STATE_INVALID
);
2162 return (void) log_debug("Got notify message with SYSTEMD_LUKS_LOCK_FD=0 but fd passed, ignoring: %m");
2164 h
->luks_lock_fd
= safe_close(h
->luks_lock_fd
);
2170 e
= strv_env_get(l
, "ERRNO");
2172 return (void) log_debug("Got notify message lacking both ERRNO= and SYSTEMD_LUKS_LOCK_FD= field, ignoring.");
2174 r
= safe_atoi(e
, &error
);
2176 return (void) log_debug_errno(r
, "Failed to parse received error number, ignoring: %s", e
);
2178 return (void) log_debug("Error number is out of range: %i", error
);
2180 h
->worker_error_code
= error
;
2183 int home_killall(Home
*h
) {
2184 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2185 _cleanup_free_
char *unit
= NULL
;
2190 if (!uid_is_valid(h
->uid
))
2193 assert(h
->uid
> 0); /* We never should be UID 0 */
2195 /* Let's kill everything matching the specified UID */
2196 r
= safe_fork("(sd-killer)",
2197 FORK_RESET_SIGNALS
|FORK_CLOSE_ALL_FDS
|FORK_DEATHSIG_SIGKILL
|FORK_WAIT
|FORK_LOG
|FORK_REOPEN_LOG
,
2204 r
= fully_set_uid_gid(h
->uid
, user_record_gid(h
->record
), /* supplementary_gids= */ NULL
, /* n_supplementary_gids= */ 0);
2206 log_error_errno(r
, "Failed to change UID/GID to " UID_FMT
"/" GID_FMT
": %m", h
->uid
, user_record_gid(h
->record
));
2207 _exit(EXIT_FAILURE
);
2210 if (kill(-1, SIGKILL
) < 0) {
2211 log_error_errno(errno
, "Failed to kill all processes of UID " UID_FMT
": %m", h
->uid
);
2212 _exit(EXIT_FAILURE
);
2215 _exit(EXIT_SUCCESS
);
2218 /* Let's also kill everything in the user's slice */
2219 if (asprintf(&unit
, "user-" UID_FMT
".slice", h
->uid
) < 0)
2222 r
= bus_call_method(h
->manager
->bus
, bus_systemd_mgr
, "KillUnit", &error
, NULL
, "ssi", unit
, "all", SIGKILL
);
2224 log_full_errno(sd_bus_error_has_name(&error
, BUS_ERROR_NO_SUCH_UNIT
) ? LOG_DEBUG
: LOG_WARNING
,
2225 r
, "Failed to kill login processes of user, ignoring: %s", bus_error_message(&error
, r
));
2230 static int home_get_disk_status_luks(
2233 uint64_t *ret_disk_size
,
2234 uint64_t *ret_disk_usage
,
2235 uint64_t *ret_disk_free
,
2236 uint64_t *ret_disk_ceiling
,
2237 uint64_t *ret_disk_floor
,
2238 statfs_f_type_t
*ret_fstype
,
2239 mode_t
*ret_access_mode
) {
2241 uint64_t disk_size
= UINT64_MAX
, disk_usage
= UINT64_MAX
, disk_free
= UINT64_MAX
,
2242 disk_ceiling
= UINT64_MAX
, disk_floor
= UINT64_MAX
,
2243 stat_used
= UINT64_MAX
, fs_size
= UINT64_MAX
, header_size
= 0;
2244 mode_t access_mode
= MODE_INVALID
;
2245 statfs_f_type_t fstype
= 0;
2253 if (state
!= HOME_ABSENT
) {
2256 ip
= user_record_image_path(h
->record
);
2258 if (stat(ip
, &st
) < 0)
2259 log_debug_errno(errno
, "Failed to stat() %s, ignoring: %m", ip
);
2260 else if (S_ISREG(st
.st_mode
)) {
2261 _cleanup_free_
char *parent
= NULL
;
2263 disk_size
= st
.st_size
;
2264 stat_used
= st
.st_blocks
* 512;
2266 r
= path_extract_directory(ip
, &parent
);
2268 return log_error_errno(r
, "Failed to extract parent directory from image path '%s': %m", ip
);
2270 if (statfs(parent
, &sfs
) < 0)
2271 log_debug_errno(errno
, "Failed to statfs() %s, ignoring: %m", parent
);
2273 disk_ceiling
= stat_used
+ sfs
.f_bsize
* sfs
.f_bavail
;
2275 } else if (S_ISBLK(st
.st_mode
)) {
2276 _cleanup_free_
char *szbuf
= NULL
;
2277 char p
[SYS_BLOCK_PATH_MAX("/size")];
2279 /* Let's read the size off sysfs, so that we don't have to open the device */
2280 xsprintf_sys_block_path(p
, "/size", st
.st_rdev
);
2281 r
= read_one_line_file(p
, &szbuf
);
2283 log_debug_errno(r
, "Failed to read %s, ignoring: %m", p
);
2287 r
= safe_atou64(szbuf
, &sz
);
2289 log_debug_errno(r
, "Failed to parse %s, ignoring: %s", p
, szbuf
);
2291 disk_size
= sz
* 512;
2294 log_debug("Image path is not a block device or regular file, not able to acquire size.");
2298 if (!HOME_STATE_IS_ACTIVE(state
))
2301 hd
= user_record_home_directory(h
->record
);
2305 if (stat(hd
, &st
) < 0) {
2306 log_debug_errno(errno
, "Failed to stat() %s, ignoring: %m", hd
);
2310 r
= stat_verify_directory(&st
);
2312 log_debug_errno(r
, "Home directory %s is not a directory, ignoring: %m", hd
);
2316 access_mode
= st
.st_mode
& 07777;
2318 if (statfs(hd
, &sfs
) < 0) {
2319 log_debug_errno(errno
, "Failed to statfs() %s, ignoring: %m", hd
);
2323 fstype
= sfs
.f_type
;
2325 disk_free
= sfs
.f_bsize
* sfs
.f_bavail
;
2326 fs_size
= sfs
.f_bsize
* sfs
.f_blocks
;
2327 if (disk_size
!= UINT64_MAX
&& disk_size
> fs_size
)
2328 header_size
= disk_size
- fs_size
;
2330 /* We take a perspective from the user here (as opposed to from the host): the used disk space is the
2331 * difference from the limit and what's free. This makes a difference if sparse mode is not used: in
2332 * that case the image is pre-allocated and thus appears all used from the host PoV but is not used
2333 * up at all yet from the user's PoV.
2335 * That said, we use the stat() reported loopback file size as upper boundary: our footprint can
2336 * never be larger than what we take up on the lowest layers. */
2338 if (disk_size
!= UINT64_MAX
&& disk_size
> disk_free
) {
2339 disk_usage
= disk_size
- disk_free
;
2341 if (stat_used
!= UINT64_MAX
&& disk_usage
> stat_used
)
2342 disk_usage
= stat_used
;
2344 disk_usage
= stat_used
;
2346 /* If we have the magic, determine floor preferably by magic */
2347 disk_floor
= minimal_size_by_fs_magic(sfs
.f_type
) + header_size
;
2350 /* If we don't know the magic, go by file system name */
2351 if (disk_floor
== UINT64_MAX
)
2352 disk_floor
= minimal_size_by_fs_name(user_record_file_system_type(h
->record
));
2355 *ret_disk_size
= disk_size
;
2357 *ret_disk_usage
= disk_usage
;
2359 *ret_disk_free
= disk_free
;
2360 if (ret_disk_ceiling
)
2361 *ret_disk_ceiling
= disk_ceiling
;
2363 *ret_disk_floor
= disk_floor
;
2365 *ret_fstype
= fstype
;
2366 if (ret_access_mode
)
2367 *ret_access_mode
= access_mode
;
2372 static int home_get_disk_status_directory(
2375 uint64_t *ret_disk_size
,
2376 uint64_t *ret_disk_usage
,
2377 uint64_t *ret_disk_free
,
2378 uint64_t *ret_disk_ceiling
,
2379 uint64_t *ret_disk_floor
,
2380 statfs_f_type_t
*ret_fstype
,
2381 mode_t
*ret_access_mode
) {
2383 uint64_t disk_size
= UINT64_MAX
, disk_usage
= UINT64_MAX
, disk_free
= UINT64_MAX
,
2384 disk_ceiling
= UINT64_MAX
, disk_floor
= UINT64_MAX
;
2385 mode_t access_mode
= MODE_INVALID
;
2386 statfs_f_type_t fstype
= 0;
2389 const char *path
= NULL
;
2394 if (HOME_STATE_IS_ACTIVE(state
))
2395 path
= user_record_home_directory(h
->record
);
2398 if (state
== HOME_ABSENT
)
2401 path
= user_record_image_path(h
->record
);
2407 if (statfs(path
, &sfs
) < 0)
2408 log_debug_errno(errno
, "Failed to statfs() %s, ignoring: %m", path
);
2410 disk_free
= sfs
.f_bsize
* sfs
.f_bavail
;
2411 disk_size
= sfs
.f_bsize
* sfs
.f_blocks
;
2413 /* We don't initialize disk_usage from statfs() data here, since the device is likely not used
2414 * by us alone, and disk_usage should only reflect our own use. */
2416 fstype
= sfs
.f_type
;
2419 if (IN_SET(h
->record
->storage
, USER_CLASSIC
, USER_DIRECTORY
, USER_SUBVOLUME
)) {
2421 r
= btrfs_is_subvol(path
);
2423 log_debug_errno(r
, "Failed to determine whether %s is a btrfs subvolume: %m", path
);
2427 r
= btrfs_subvol_get_subtree_quota(path
, 0, &qi
);
2429 log_debug_errno(r
, "Failed to query btrfs subtree quota, ignoring: %m");
2431 disk_usage
= qi
.referenced
;
2433 if (disk_free
!= UINT64_MAX
) {
2434 disk_ceiling
= qi
.referenced
+ disk_free
;
2436 if (disk_size
!= UINT64_MAX
&& disk_ceiling
> disk_size
)
2437 disk_ceiling
= disk_size
;
2440 if (qi
.referenced_max
!= UINT64_MAX
) {
2441 if (disk_size
!= UINT64_MAX
)
2442 disk_size
= MIN(qi
.referenced_max
, disk_size
);
2444 disk_size
= qi
.referenced_max
;
2447 if (disk_size
!= UINT64_MAX
) {
2448 if (disk_size
> disk_usage
)
2449 disk_free
= disk_size
- disk_usage
;
2459 if (IN_SET(h
->record
->storage
, USER_CLASSIC
, USER_DIRECTORY
, USER_FSCRYPT
)) {
2460 r
= quotactl_path(QCMD_FIXED(Q_GETQUOTA
, USRQUOTA
), path
, h
->uid
, &req
);
2462 if (ERRNO_IS_NOT_SUPPORTED(r
)) {
2463 log_debug_errno(r
, "No UID quota support on %s.", path
);
2468 log_debug_errno(r
, "Failed to query disk quota for UID " UID_FMT
": %m", h
->uid
);
2472 disk_usage
= 0; /* No record of this user? then nothing was used */
2474 if (FLAGS_SET(req
.dqb_valid
, QIF_SPACE
) && disk_free
!= UINT64_MAX
) {
2475 disk_ceiling
= req
.dqb_curspace
+ disk_free
;
2477 if (disk_size
!= UINT64_MAX
&& disk_ceiling
> disk_size
)
2478 disk_ceiling
= disk_size
;
2481 if (FLAGS_SET(req
.dqb_valid
, QIF_BLIMITS
)) {
2484 /* Take the minimum of the quota and the available disk space here */
2485 q
= req
.dqb_bhardlimit
* QIF_DQBLKSIZE
;
2486 if (disk_size
!= UINT64_MAX
)
2487 disk_size
= MIN(disk_size
, q
);
2491 if (FLAGS_SET(req
.dqb_valid
, QIF_SPACE
)) {
2492 disk_usage
= req
.dqb_curspace
;
2494 if (disk_size
!= UINT64_MAX
) {
2495 if (disk_size
> disk_usage
)
2496 disk_free
= disk_size
- disk_usage
;
2506 *ret_disk_size
= disk_size
;
2508 *ret_disk_usage
= disk_usage
;
2510 *ret_disk_free
= disk_free
;
2511 if (ret_disk_ceiling
)
2512 *ret_disk_ceiling
= disk_ceiling
;
2514 *ret_disk_floor
= disk_floor
;
2516 *ret_fstype
= fstype
;
2517 if (ret_access_mode
)
2518 *ret_access_mode
= access_mode
;
2523 static int home_get_disk_status_internal(
2526 uint64_t *ret_disk_size
,
2527 uint64_t *ret_disk_usage
,
2528 uint64_t *ret_disk_free
,
2529 uint64_t *ret_disk_ceiling
,
2530 uint64_t *ret_disk_floor
,
2531 statfs_f_type_t
*ret_fstype
,
2532 mode_t
*ret_access_mode
) {
2537 switch (h
->record
->storage
) {
2540 return home_get_disk_status_luks(h
, state
, ret_disk_size
, ret_disk_usage
, ret_disk_free
, ret_disk_ceiling
, ret_disk_floor
, ret_fstype
, ret_access_mode
);
2543 case USER_DIRECTORY
:
2544 case USER_SUBVOLUME
:
2547 return home_get_disk_status_directory(h
, state
, ret_disk_size
, ret_disk_usage
, ret_disk_free
, ret_disk_ceiling
, ret_disk_floor
, ret_fstype
, ret_access_mode
);
2553 *ret_disk_size
= UINT64_MAX
;
2555 *ret_disk_usage
= UINT64_MAX
;
2557 *ret_disk_free
= UINT64_MAX
;
2558 if (ret_disk_ceiling
)
2559 *ret_disk_ceiling
= UINT64_MAX
;
2561 *ret_disk_floor
= UINT64_MAX
;
2564 if (ret_access_mode
)
2565 *ret_access_mode
= MODE_INVALID
;
2571 int home_get_disk_status(
2573 uint64_t *ret_disk_size
,
2574 uint64_t *ret_disk_usage
,
2575 uint64_t *ret_disk_free
,
2576 uint64_t *ret_disk_ceiling
,
2577 uint64_t *ret_disk_floor
,
2578 statfs_f_type_t
*ret_fstype
,
2579 mode_t
*ret_access_mode
) {
2583 return home_get_disk_status_internal(
2595 int home_augment_status(
2597 UserRecordLoadFlags flags
,
2600 uint64_t disk_size
= UINT64_MAX
, disk_usage
= UINT64_MAX
, disk_free
= UINT64_MAX
, disk_ceiling
= UINT64_MAX
, disk_floor
= UINT64_MAX
;
2601 _cleanup_(json_variant_unrefp
) JsonVariant
*j
= NULL
, *v
= NULL
, *m
= NULL
, *status
= NULL
;
2602 _cleanup_(user_record_unrefp
) UserRecord
*ur
= NULL
;
2603 statfs_f_type_t magic
;
2613 /* We are supposed to add this, this can't be on hence. */
2614 assert(!FLAGS_SET(flags
, USER_RECORD_STRIP_STATUS
));
2616 r
= sd_id128_get_machine(&id
);
2620 state
= home_get_state(h
);
2622 r
= home_get_disk_status_internal(
2634 fstype
= fs_type_to_string(magic
);
2636 if (disk_floor
== UINT64_MAX
|| (disk_usage
!= UINT64_MAX
&& disk_floor
< disk_usage
))
2637 disk_floor
= disk_usage
;
2638 if (disk_floor
== UINT64_MAX
|| disk_floor
< USER_DISK_SIZE_MIN
)
2639 disk_floor
= USER_DISK_SIZE_MIN
;
2640 if (disk_ceiling
== UINT64_MAX
|| disk_ceiling
> USER_DISK_SIZE_MAX
)
2641 disk_ceiling
= USER_DISK_SIZE_MAX
;
2643 r
= json_build(&status
,
2645 JSON_BUILD_PAIR("state", JSON_BUILD_STRING(home_state_to_string(state
))),
2646 JSON_BUILD_PAIR("service", JSON_BUILD_CONST_STRING("io.systemd.Home")),
2647 JSON_BUILD_PAIR("useFallback", JSON_BUILD_BOOLEAN(!HOME_STATE_IS_ACTIVE(state
))),
2648 JSON_BUILD_PAIR("fallbackShell", JSON_BUILD_CONST_STRING(BINDIR
"/systemd-home-fallback-shell")),
2649 JSON_BUILD_PAIR("fallbackHomeDirectory", JSON_BUILD_CONST_STRING("/")),
2650 JSON_BUILD_PAIR_CONDITION(disk_size
!= UINT64_MAX
, "diskSize", JSON_BUILD_UNSIGNED(disk_size
)),
2651 JSON_BUILD_PAIR_CONDITION(disk_usage
!= UINT64_MAX
, "diskUsage", JSON_BUILD_UNSIGNED(disk_usage
)),
2652 JSON_BUILD_PAIR_CONDITION(disk_free
!= UINT64_MAX
, "diskFree", JSON_BUILD_UNSIGNED(disk_free
)),
2653 JSON_BUILD_PAIR_CONDITION(disk_ceiling
!= UINT64_MAX
, "diskCeiling", JSON_BUILD_UNSIGNED(disk_ceiling
)),
2654 JSON_BUILD_PAIR_CONDITION(disk_floor
!= UINT64_MAX
, "diskFloor", JSON_BUILD_UNSIGNED(disk_floor
)),
2655 JSON_BUILD_PAIR_CONDITION(h
->signed_locally
>= 0, "signedLocally", JSON_BUILD_BOOLEAN(h
->signed_locally
)),
2656 JSON_BUILD_PAIR_CONDITION(fstype
, "fileSystemType", JSON_BUILD_STRING(fstype
)),
2657 JSON_BUILD_PAIR_CONDITION(access_mode
!= MODE_INVALID
, "accessMode", JSON_BUILD_UNSIGNED(access_mode
))
2662 j
= json_variant_ref(h
->record
->json
);
2663 v
= json_variant_ref(json_variant_by_key(j
, "status"));
2664 m
= json_variant_ref(json_variant_by_key(v
, SD_ID128_TO_STRING(id
)));
2666 r
= json_variant_filter(&m
, STRV_MAKE("diskSize", "diskUsage", "diskFree", "diskCeiling", "diskFloor", "signedLocally"));
2670 r
= json_variant_merge_object(&m
, status
);
2674 r
= json_variant_set_field(&v
, SD_ID128_TO_STRING(id
), m
);
2678 r
= json_variant_set_field(&j
, "status", v
);
2682 ur
= user_record_new();
2686 r
= user_record_load(ur
, j
, flags
);
2691 FLAGS_SET(h
->record
->mask
, USER_RECORD_PRIVILEGED
) &&
2692 !FLAGS_SET(ur
->mask
, USER_RECORD_PRIVILEGED
);
2694 *ret
= TAKE_PTR(ur
);
2698 static int on_home_ref_eof(sd_event_source
*s
, int fd
, uint32_t revents
, void *userdata
) {
2699 _cleanup_(operation_unrefp
) Operation
*o
= NULL
;
2700 Home
*h
= ASSERT_PTR(userdata
);
2704 if (h
->ref_event_source_please_suspend
== s
)
2705 h
->ref_event_source_please_suspend
= sd_event_source_disable_unref(h
->ref_event_source_please_suspend
);
2707 if (h
->ref_event_source_dont_suspend
== s
)
2708 h
->ref_event_source_dont_suspend
= sd_event_source_disable_unref(h
->ref_event_source_dont_suspend
);
2710 if (h
->inhibit_suspend_event_source
== s
)
2711 h
->inhibit_suspend_event_source
= sd_event_source_disable_unref(h
->inhibit_suspend_event_source
);
2713 if (home_is_referenced(h
))
2716 log_info("Got notification that all sessions of user %s ended, deactivating automatically.", h
->user_name
);
2718 o
= operation_new(OPERATION_PIPE_EOF
, NULL
);
2724 home_schedule_operation(h
, o
, NULL
);
2728 int home_create_fifo(Home
*h
, HomeFifoType type
) {
2729 static const struct {
2731 const char *description
;
2732 size_t event_source
;
2733 } table
[_HOME_FIFO_TYPE_MAX
] = {
2734 [HOME_FIFO_PLEASE_SUSPEND
] = {
2735 .suffix
= ".please-suspend",
2736 .description
= "acquire-ref",
2737 .event_source
= offsetof(Home
, ref_event_source_please_suspend
),
2739 [HOME_FIFO_DONT_SUSPEND
] = {
2740 .suffix
= ".dont-suspend",
2741 .description
= "acquire-ref-dont-suspend",
2742 .event_source
= offsetof(Home
, ref_event_source_dont_suspend
),
2744 [HOME_FIFO_INHIBIT_SUSPEND
] = {
2745 .suffix
= ".inhibit-suspend",
2746 .description
= "inhibit-suspend",
2747 .event_source
= offsetof(Home
, inhibit_suspend_event_source
),
2751 _cleanup_close_
int ret_fd
= -EBADF
;
2752 sd_event_source
**evt
;
2757 assert(type
>= 0 && type
< _HOME_FIFO_TYPE_MAX
);
2759 evt
= (sd_event_source
**) ((uint8_t*) h
+ table
[type
].event_source
);
2761 fn
= strjoina("/run/systemd/home/", h
->user_name
, table
[type
].suffix
);
2764 _cleanup_close_
int ref_fd
= -EBADF
;
2766 (void) mkdir("/run/systemd/home/", 0755);
2767 if (mkfifo(fn
, 0600) < 0 && errno
!= EEXIST
)
2768 return log_error_errno(errno
, "Failed to create FIFO %s: %m", fn
);
2770 ref_fd
= open(fn
, O_RDONLY
|O_CLOEXEC
|O_NONBLOCK
);
2772 return log_error_errno(errno
, "Failed to open FIFO %s for reading: %m", fn
);
2774 r
= sd_event_add_io(h
->manager
->event
, evt
, ref_fd
, 0, on_home_ref_eof
, h
);
2776 return log_error_errno(r
, "Failed to allocate reference FIFO event source: %m");
2778 (void) sd_event_source_set_description(*evt
, table
[type
].description
);
2780 r
= sd_event_source_set_priority(*evt
, SD_EVENT_PRIORITY_IDLE
-1);
2784 r
= sd_event_source_set_io_fd_own(*evt
, true);
2786 return log_error_errno(r
, "Failed to pass ownership of FIFO event fd to event source: %m");
2790 ret_fd
= open(fn
, O_WRONLY
|O_CLOEXEC
|O_NONBLOCK
);
2792 return log_error_errno(errno
, "Failed to open FIFO %s for writing: %m", fn
);
2794 return TAKE_FD(ret_fd
);
2797 static int home_dispatch_acquire(Home
*h
, Operation
*o
) {
2798 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2799 int (*call
)(Home
*h
, UserRecord
*secret
, HomeState for_state
, sd_bus_error
*error
) = NULL
;
2800 HomeState for_state
;
2805 assert(o
->type
== OPERATION_ACQUIRE
);
2807 switch (home_get_state(h
)) {
2809 case HOME_UNFIXATED
:
2810 for_state
= HOME_FIXATING_FOR_ACQUIRE
;
2811 call
= home_fixate_internal
;
2815 r
= sd_bus_error_setf(&error
, BUS_ERROR_HOME_ABSENT
,
2816 "Home %s is currently missing or not plugged in.", h
->user_name
);
2821 for_state
= HOME_ACTIVATING_FOR_ACQUIRE
;
2822 call
= home_activate_internal
;
2826 case HOME_LINGERING
:
2827 for_state
= HOME_AUTHENTICATING_FOR_ACQUIRE
;
2828 call
= home_authenticate_internal
;
2832 for_state
= HOME_UNLOCKING_FOR_ACQUIRE
;
2833 call
= home_unlock_internal
;
2837 /* All other cases means we are currently executing an operation, which means the job remains
2842 assert(!h
->current_operation
);
2844 r
= home_ratelimit(h
, &error
);
2846 r
= call(h
, o
->secret
, for_state
, &error
);
2849 if (r
!= 0) /* failure or completed */
2850 operation_result(o
, r
, &error
);
2852 h
->current_operation
= operation_ref(o
);
2857 bool home_is_referenced(Home
*h
) {
2860 return h
->ref_event_source_dont_suspend
|| h
->ref_event_source_please_suspend
;
2863 bool home_shall_suspend(Home
*h
) {
2866 /* We lock the home area on suspend if... */
2867 return h
->ref_event_source_please_suspend
&& /* at least one client supports suspend, and... */
2868 !h
->ref_event_source_dont_suspend
&& /* no clients lack support for suspend, and... */
2869 !h
->inhibit_suspend_event_source
; /* no client is temporarily inhibiting suspend */
2872 static int home_dispatch_release(Home
*h
, Operation
*o
) {
2873 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2878 assert(o
->type
== OPERATION_RELEASE
);
2880 if (home_is_referenced(h
))
2881 /* If there's now a reference again, then let's abort the release attempt */
2882 r
= sd_bus_error_setf(&error
, BUS_ERROR_HOME_BUSY
, "Home %s is currently referenced.", h
->user_name
);
2884 switch (home_get_state(h
)) {
2886 case HOME_UNFIXATED
:
2894 r
= sd_bus_error_setf(&error
, BUS_ERROR_HOME_LOCKED
, "Home %s is currently locked.", h
->user_name
);
2898 case HOME_LINGERING
:
2899 r
= home_deactivate_internal(h
, false, &error
);
2903 /* All other cases means we are currently executing an operation, which means the job remains
2909 assert(!h
->current_operation
);
2911 if (r
!= 0) /* failure or completed */
2912 operation_result(o
, r
, &error
);
2914 h
->current_operation
= operation_ref(o
);
2919 static int home_dispatch_lock_all(Home
*h
, Operation
*o
) {
2920 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2925 assert(o
->type
== OPERATION_LOCK_ALL
);
2927 switch (home_get_state(h
)) {
2929 case HOME_UNFIXATED
:
2933 log_info("Home %s is not active, no locking necessary.", h
->user_name
);
2938 log_info("Home %s is already locked.", h
->user_name
);
2943 case HOME_LINGERING
:
2944 log_info("Locking home %s.", h
->user_name
);
2945 r
= home_lock(h
, &error
);
2949 /* All other cases means we are currently executing an operation, which means the job remains
2954 assert(!h
->current_operation
);
2956 if (r
!= 0) /* failure or completed */
2957 operation_result(o
, r
, &error
);
2959 h
->current_operation
= operation_ref(o
);
2964 static int home_dispatch_deactivate_all(Home
*h
, Operation
*o
) {
2965 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2970 assert(o
->type
== OPERATION_DEACTIVATE_ALL
);
2972 switch (home_get_state(h
)) {
2974 case HOME_UNFIXATED
:
2978 log_info("Home %s is already deactivated.", h
->user_name
);
2983 log_info("Home %s is currently locked, not deactivating.", h
->user_name
);
2988 case HOME_LINGERING
:
2989 log_info("Deactivating home %s.", h
->user_name
);
2990 r
= home_deactivate_internal(h
, false, &error
);
2994 /* All other cases means we are currently executing an operation, which means the job remains
2999 assert(!h
->current_operation
);
3001 if (r
!= 0) /* failure or completed */
3002 operation_result(o
, r
, &error
);
3004 h
->current_operation
= operation_ref(o
);
3009 static int home_dispatch_pipe_eof(Home
*h
, Operation
*o
) {
3010 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
3015 assert(o
->type
== OPERATION_PIPE_EOF
);
3017 if (home_is_referenced(h
))
3018 return 1; /* Hmm, there's a reference again, let's cancel this */
3020 switch (home_get_state(h
)) {
3022 case HOME_UNFIXATED
:
3026 log_info("Home %s already deactivated, no automatic deactivation needed.", h
->user_name
);
3029 case HOME_DEACTIVATING
:
3030 log_info("Home %s is already being deactivated, automatic deactivated unnecessary.", h
->user_name
);
3034 case HOME_LINGERING
:
3035 r
= home_deactivate_internal(h
, false, &error
);
3037 log_warning_errno(r
, "Failed to deactivate %s, ignoring: %s", h
->user_name
, bus_error_message(&error
, r
));
3042 /* If the device is locked or any operation is being executed, let's leave this pending */
3046 /* Note that we don't call operation_fail() or operation_success() here, because this kind of
3047 * operation has no message associated with it, and thus there's no need to propagate success. */
3049 assert(!o
->message
);
3053 static int home_dispatch_deactivate_force(Home
*h
, Operation
*o
) {
3054 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
3059 assert(o
->type
== OPERATION_DEACTIVATE_FORCE
);
3061 switch (home_get_state(h
)) {
3063 case HOME_UNFIXATED
:
3067 log_debug("Home %s already deactivated, no forced deactivation due to unplug needed.", h
->user_name
);
3070 case HOME_DEACTIVATING
:
3071 log_debug("Home %s is already being deactivated, forced deactivation due to unplug unnecessary.", h
->user_name
);
3076 case HOME_LINGERING
:
3077 r
= home_deactivate_internal(h
, true, &error
);
3079 log_warning_errno(r
, "Failed to forcibly deactivate %s, ignoring: %s", h
->user_name
, bus_error_message(&error
, r
));
3083 /* If any operation is being executed, let's leave this pending */
3087 /* Note that we don't call operation_fail() or operation_success() here, because this kind of
3088 * operation has no message associated with it, and thus there's no need to propagate success. */
3090 assert(!o
->message
);
3094 static int on_pending(sd_event_source
*s
, void *userdata
) {
3095 Home
*h
= ASSERT_PTR(userdata
);
3101 o
= ordered_set_first(h
->pending_operations
);
3103 static int (* const operation_table
[_OPERATION_MAX
])(Home
*h
, Operation
*o
) = {
3104 [OPERATION_ACQUIRE
] = home_dispatch_acquire
,
3105 [OPERATION_RELEASE
] = home_dispatch_release
,
3106 [OPERATION_LOCK_ALL
] = home_dispatch_lock_all
,
3107 [OPERATION_DEACTIVATE_ALL
] = home_dispatch_deactivate_all
,
3108 [OPERATION_PIPE_EOF
] = home_dispatch_pipe_eof
,
3109 [OPERATION_DEACTIVATE_FORCE
] = home_dispatch_deactivate_force
,
3112 assert(operation_table
[o
->type
]);
3113 r
= operation_table
[o
->type
](h
, o
);
3115 /* The operation completed, let's remove it from the pending list, and exit while
3116 * leaving the event source enabled as it is. */
3117 assert_se(ordered_set_remove(h
->pending_operations
, o
) == o
);
3123 /* Nothing to do anymore, let's turn off this event source */
3124 r
= sd_event_source_set_enabled(s
, SD_EVENT_OFF
);
3126 return log_error_errno(r
, "Failed to disable event source: %m");
3128 /* No operations pending anymore, maybe this is a good time to trigger a rebalancing */
3129 manager_reschedule_rebalance(h
->manager
);
3133 int home_schedule_operation(Home
*h
, Operation
*o
, sd_bus_error
*error
) {
3139 if (ordered_set_size(h
->pending_operations
) >= PENDING_OPERATIONS_MAX
)
3140 return sd_bus_error_set(error
, BUS_ERROR_TOO_MANY_OPERATIONS
, "Too many client operations requested");
3142 r
= ordered_set_ensure_put(&h
->pending_operations
, &operation_hash_ops
, o
);
3149 if (!h
->pending_event_source
) {
3150 r
= sd_event_add_defer(h
->manager
->event
, &h
->pending_event_source
, on_pending
, h
);
3152 return log_error_errno(r
, "Failed to allocate pending defer event source: %m");
3154 (void) sd_event_source_set_description(h
->pending_event_source
, "pending");
3156 r
= sd_event_source_set_priority(h
->pending_event_source
, SD_EVENT_PRIORITY_IDLE
);
3161 r
= sd_event_source_set_enabled(h
->pending_event_source
, SD_EVENT_ON
);
3163 return log_error_errno(r
, "Failed to trigger pending event source: %m");
3168 static int home_get_image_path_seat(Home
*h
, char **ret
) {
3169 _cleanup_(sd_device_unrefp
) sd_device
*d
= NULL
;
3170 _cleanup_free_
char *c
= NULL
;
3171 const char *ip
, *seat
;
3177 if (user_record_storage(h
->record
) != USER_LUKS
)
3180 ip
= user_record_image_path(h
->record
);
3184 if (!path_startswith(ip
, "/dev/"))
3187 if (stat(ip
, &st
) < 0)
3190 if (!S_ISBLK(st
.st_mode
))
3193 r
= sd_device_new_from_stat_rdev(&d
, &st
);
3197 r
= sd_device_get_property_value(d
, "ID_SEAT", &seat
);
3198 if (r
== -ENOENT
) /* no property means seat0 */
3211 int home_auto_login(Home
*h
, char ***ret_seats
) {
3212 _cleanup_free_
char *seat
= NULL
, *seat2
= NULL
;
3217 (void) home_get_image_path_seat(h
, &seat
);
3219 if (h
->record
->auto_login
> 0 && !streq_ptr(seat
, "seat0")) {
3220 /* For now, when the auto-login boolean is set for a user, let's make it mean
3221 * "seat0". Eventually we can extend the concept and allow configuration of any kind of seat,
3222 * but let's keep simple initially, most likely the feature is interesting on single-user
3223 * systems anyway, only.
3225 * We filter out users marked for auto-login in we know for sure their home directory is
3228 if (user_record_test_image_path(h
->record
) != USER_TEST_ABSENT
) {
3229 seat2
= strdup("seat0");
3235 if (seat
|| seat2
) {
3236 _cleanup_strv_free_
char **list
= NULL
;
3239 list
= new(char*, 3);
3244 list
[i
++] = TAKE_PTR(seat
);
3246 list
[i
++] = TAKE_PTR(seat2
);
3249 *ret_seats
= TAKE_PTR(list
);
3257 int home_set_current_message(Home
*h
, sd_bus_message
*m
) {
3263 if (h
->current_operation
)
3266 h
->current_operation
= operation_new(OPERATION_IMMEDIATE
, m
);
3267 if (!h
->current_operation
)
3273 int home_wait_for_worker(Home
*h
) {
3278 if (h
->worker_pid
<= 0)
3281 log_info("Worker process for home %s is still running while exiting. Waiting for it to finish.", h
->user_name
);
3283 r
= wait_for_terminate_with_timeout(h
->worker_pid
, 30 * USEC_PER_SEC
);
3284 if (r
== -ETIMEDOUT
)
3285 log_warning_errno(r
, "Waiting for worker process for home %s timed out. Ignoring.", h
->user_name
);
3287 log_warning_errno(r
, "Failed to wait for worker process for home %s. Ignoring.", h
->user_name
);
3289 (void) hashmap_remove_value(h
->manager
->homes_by_worker_pid
, PID_TO_PTR(h
->worker_pid
), h
);
3294 bool home_shall_rebalance(Home
*h
) {
3299 /* Determines if the home directory is a candidate for rebalancing */
3301 if (!user_record_shall_rebalance(h
->record
))
3304 state
= home_get_state(h
);
3305 if (!HOME_STATE_SHALL_REBALANCE(state
))
3311 bool home_is_busy(Home
*h
) {
3314 if (h
->current_operation
)
3317 if (!ordered_set_isempty(h
->pending_operations
))
3320 return HOME_STATE_IS_EXECUTING_OPERATION(home_get_state(h
));
3323 static const char* const home_state_table
[_HOME_STATE_MAX
] = {
3324 [HOME_UNFIXATED
] = "unfixated",
3325 [HOME_ABSENT
] = "absent",
3326 [HOME_INACTIVE
] = "inactive",
3327 [HOME_DIRTY
] = "dirty",
3328 [HOME_FIXATING
] = "fixating",
3329 [HOME_FIXATING_FOR_ACTIVATION
] = "fixating-for-activation",
3330 [HOME_FIXATING_FOR_ACQUIRE
] = "fixating-for-acquire",
3331 [HOME_ACTIVATING
] = "activating",
3332 [HOME_ACTIVATING_FOR_ACQUIRE
] = "activating-for-acquire",
3333 [HOME_DEACTIVATING
] = "deactivating",
3334 [HOME_ACTIVE
] = "active",
3335 [HOME_LINGERING
] = "lingering",
3336 [HOME_LOCKING
] = "locking",
3337 [HOME_LOCKED
] = "locked",
3338 [HOME_UNLOCKING
] = "unlocking",
3339 [HOME_UNLOCKING_FOR_ACQUIRE
] = "unlocking-for-acquire",
3340 [HOME_CREATING
] = "creating",
3341 [HOME_REMOVING
] = "removing",
3342 [HOME_UPDATING
] = "updating",
3343 [HOME_UPDATING_WHILE_ACTIVE
] = "updating-while-active",
3344 [HOME_RESIZING
] = "resizing",
3345 [HOME_RESIZING_WHILE_ACTIVE
] = "resizing-while-active",
3346 [HOME_PASSWD
] = "passwd",
3347 [HOME_PASSWD_WHILE_ACTIVE
] = "passwd-while-active",
3348 [HOME_AUTHENTICATING
] = "authenticating",
3349 [HOME_AUTHENTICATING_WHILE_ACTIVE
] = "authenticating-while-active",
3350 [HOME_AUTHENTICATING_FOR_ACQUIRE
] = "authenticating-for-acquire",
3353 DEFINE_STRING_TABLE_LOOKUP(home_state
, HomeState
);