1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 #include "format-util.h"
5 #include "process-util.h"
6 #include "rlimit-util.h"
8 #include "terminal-util.h"
9 #include "user-record-show.h"
10 #include "user-util.h"
13 const char *user_record_state_color(const char *state
) {
14 if (STR_IN_SET(state
, "unfixated", "absent"))
16 else if (streq(state
, "active"))
17 return ansi_highlight_green();
18 else if (STR_IN_SET(state
, "locked", "dirty"))
19 return ansi_highlight_yellow();
24 void user_record_show(UserRecord
*hr
, bool show_full_group_info
) {
25 const char *hd
, *ip
, *shell
;
31 printf(" User name: %s\n",
32 user_record_user_name_and_realm(hr
));
37 color
= user_record_state_color(hr
->state
);
39 printf(" State: %s%s%s\n",
40 strempty(color
), hr
->state
, color
? ansi_normal() : "");
43 printf(" Disposition: %s\n", user_disposition_to_string(user_record_disposition(hr
)));
45 if (hr
->last_change_usec
!= USEC_INFINITY
) {
46 printf(" Last Change: %s\n", FORMAT_TIMESTAMP(hr
->last_change_usec
));
48 if (hr
->last_change_usec
> now(CLOCK_REALTIME
))
49 printf(" %sModification time lies in the future, system clock wrong?%s\n",
50 ansi_highlight_yellow(), ansi_normal());
53 if (hr
->last_password_change_usec
!= USEC_INFINITY
&&
54 hr
->last_password_change_usec
!= hr
->last_change_usec
)
55 printf(" Last Passw.: %s\n", FORMAT_TIMESTAMP(hr
->last_password_change_usec
));
57 r
= user_record_test_blocked(hr
);
61 printf(" Login OK: %sno%s (record is locked)\n", ansi_highlight_red(), ansi_normal());
65 printf(" Login OK: %sno%s (record not valid yet))\n", ansi_highlight_red(), ansi_normal());
69 printf(" Login OK: %sno%s (record not valid anymore))\n", ansi_highlight_red(), ansi_normal());
76 if (r
< 0 && r
!= -ESTALE
) {
78 printf(" Login OK: %sno%s (%m)\n", ansi_highlight_red(), ansi_normal());
82 if (is_nologin_shell(user_record_shell(hr
))) {
83 printf(" Login OK: %sno%s (nologin shell)\n", ansi_highlight_red(), ansi_normal());
87 y
= user_record_ratelimit_next_try(hr
);
88 if (y
!= USEC_INFINITY
&& y
> now(CLOCK_REALTIME
)) {
89 printf(" Login OK: %sno%s (ratelimit)\n", ansi_highlight_red(), ansi_normal());
93 printf(" Login OK: %syes%s\n", ansi_highlight_green(), ansi_normal());
97 r
= user_record_test_password_change_required(hr
);
101 printf(" Password OK: %schange now%s\n", ansi_highlight_yellow(), ansi_normal());
105 printf(" Password OK: %sexpired%s (change now!)\n", ansi_highlight_yellow(), ansi_normal());
109 printf(" Password OK: %sexpired%s (for good)\n", ansi_highlight_red(), ansi_normal());
113 printf(" Password OK: %sexpires soon%s\n", ansi_highlight_yellow(), ansi_normal());
117 printf(" Password OK: %sno timestamp%s\n", ansi_highlight_red(), ansi_normal());
121 printf(" Password OK: %schange not permitted%s\n", ansi_highlight_yellow(), ansi_normal());
125 printf(" Password OK: %slast password change in future%s\n", ansi_highlight_yellow(), ansi_normal());
131 printf(" Password OK: %sno%s (%m)\n", ansi_highlight_yellow(), ansi_normal());
135 if (strv_isempty(hr
->hashed_password
)) {
136 if (hr
->incomplete
) /* Record might be incomplete, due to privs */
138 printf(" Password OK: %sno%s (none set)\n", ansi_highlight(), ansi_normal());
141 if (strv_contains(hr
->hashed_password
, "")) {
142 printf(" Password OK: %sno%s (empty set)\n", ansi_highlight_red(), ansi_normal());
145 bool has_valid_passwords
= false;
146 STRV_FOREACH(p
, hr
->hashed_password
)
147 if (!hashed_password_is_locked_or_invalid(*p
)) {
148 has_valid_passwords
= true;
151 if (has_valid_passwords
)
152 printf(" Password OK: %syes%s\n", ansi_highlight_green(), ansi_normal());
154 printf(" Password OK: %sno%s (locked)\n", ansi_highlight(), ansi_normal());
156 if (uid_is_valid(hr
->uid
))
157 printf(" UID: " UID_FMT
"\n", hr
->uid
);
158 if (gid_is_valid(hr
->gid
)) {
159 if (show_full_group_info
) {
160 _cleanup_(group_record_unrefp
) GroupRecord
*gr
= NULL
;
162 r
= groupdb_by_gid(hr
->gid
, 0, &gr
);
165 printf(" GID: " GID_FMT
" (unresolvable: %m)\n", hr
->gid
);
167 printf(" GID: " GID_FMT
" (%s)\n", hr
->gid
, gr
->group_name
);
169 printf(" GID: " GID_FMT
"\n", hr
->gid
);
170 } else if (uid_is_valid(hr
->uid
)) /* Show UID as GID if not separately configured */
171 printf(" GID: " GID_FMT
"\n", (gid_t
) hr
->uid
);
173 if (show_full_group_info
) {
174 _cleanup_(userdb_iterator_freep
) UserDBIterator
*iterator
= NULL
;
176 r
= membershipdb_by_user(hr
->user_name
, 0, &iterator
);
179 printf(" Aux. Groups: (can't acquire: %m)\n");
181 const char *prefix
= " Aux. Groups:";
184 _cleanup_free_
char *group
= NULL
;
186 r
= membershipdb_iterator_get(iterator
, NULL
, &group
);
191 printf("%s (can't iterate: %m)\n", prefix
);
195 printf("%s %s\n", prefix
, group
);
201 if (hr
->real_name
&& !streq(hr
->real_name
, hr
->user_name
))
202 printf(" Real Name: %s\n", hr
->real_name
);
204 hd
= user_record_home_directory(hr
);
206 printf(" Directory: %s\n", hd
);
208 storage
= user_record_storage(hr
);
209 if (storage
>= 0) /* Let's be political, and clarify which storage we like, and which we don't. About CIFS we don't complain. */
210 printf(" Storage: %s%s\n", user_storage_to_string(storage
),
211 storage
== USER_LUKS
? " (strong encryption)" :
212 storage
== USER_FSCRYPT
? " (weak encryption)" :
213 IN_SET(storage
, USER_DIRECTORY
, USER_SUBVOLUME
) ? " (no encryption)" : "");
215 ip
= user_record_image_path(hr
);
216 if (ip
&& !streq_ptr(ip
, hd
))
217 printf(" Image Path: %s\n", ip
);
219 b
= user_record_removable(hr
);
221 printf(" Removable: %s\n", yes_no(b
));
223 shell
= user_record_shell(hr
);
225 printf(" Shell: %s\n", shell
);
227 if (hr
->email_address
)
228 printf(" Email: %s\n", hr
->email_address
);
230 printf(" Location: %s\n", hr
->location
);
231 if (hr
->password_hint
)
232 printf(" Passw. Hint: %s\n", hr
->password_hint
);
234 printf(" Icon Name: %s\n", hr
->icon_name
);
237 printf(" Time Zone: %s\n", hr
->time_zone
);
239 if (hr
->preferred_language
)
240 printf(" Language: %s\n", hr
->preferred_language
);
242 if (!strv_isempty(hr
->environment
))
243 STRV_FOREACH(i
, hr
->environment
) {
244 printf(i
== hr
->environment
?
245 " Environment: %s\n" :
250 printf(" Locked: %s\n", yes_no(hr
->locked
));
252 if (hr
->not_before_usec
!= UINT64_MAX
)
253 printf(" Not Before: %s\n", FORMAT_TIMESTAMP(hr
->not_before_usec
));
255 if (hr
->not_after_usec
!= UINT64_MAX
)
256 printf(" Not After: %s\n", FORMAT_TIMESTAMP(hr
->not_after_usec
));
258 if (hr
->umask
!= MODE_INVALID
)
259 printf(" UMask: 0%03o\n", hr
->umask
);
261 if (nice_is_valid(hr
->nice_level
))
262 printf(" Nice: %i\n", hr
->nice_level
);
264 for (int j
= 0; j
< _RLIMIT_MAX
; j
++) {
266 printf(" Limit: RLIMIT_%s=%" PRIu64
":%" PRIu64
"\n",
267 rlimit_to_string(j
), (uint64_t) hr
->rlimits
[j
]->rlim_cur
, (uint64_t) hr
->rlimits
[j
]->rlim_max
);
270 if (hr
->tasks_max
!= UINT64_MAX
)
271 printf(" Tasks Max: %" PRIu64
"\n", hr
->tasks_max
);
273 if (hr
->memory_high
!= UINT64_MAX
)
274 printf(" Memory High: %s\n", FORMAT_BYTES(hr
->memory_high
));
276 if (hr
->memory_max
!= UINT64_MAX
)
277 printf(" Memory Max: %s\n", FORMAT_BYTES(hr
->memory_max
));
279 if (hr
->cpu_weight
== CGROUP_WEIGHT_IDLE
)
280 printf(" CPU Weight: %s\n", "idle");
281 else if (hr
->cpu_weight
!= UINT64_MAX
)
282 printf(" CPU Weight: %" PRIu64
"\n", hr
->cpu_weight
);
284 if (hr
->io_weight
!= UINT64_MAX
)
285 printf(" IO Weight: %" PRIu64
"\n", hr
->io_weight
);
287 if (hr
->access_mode
!= MODE_INVALID
)
288 printf(" Access Mode: 0%03o\n", user_record_access_mode(hr
));
290 if (storage
== USER_LUKS
) {
291 printf("LUKS Discard: online=%s offline=%s\n", yes_no(user_record_luks_discard(hr
)), yes_no(user_record_luks_offline_discard(hr
)));
293 if (!sd_id128_is_null(hr
->luks_uuid
))
294 printf(" LUKS UUID: " SD_ID128_UUID_FORMAT_STR
"\n", SD_ID128_FORMAT_VAL(hr
->luks_uuid
));
295 if (!sd_id128_is_null(hr
->partition_uuid
))
296 printf(" Part UUID: " SD_ID128_UUID_FORMAT_STR
"\n", SD_ID128_FORMAT_VAL(hr
->partition_uuid
));
297 if (!sd_id128_is_null(hr
->file_system_uuid
))
298 printf(" FS UUID: " SD_ID128_UUID_FORMAT_STR
"\n", SD_ID128_FORMAT_VAL(hr
->file_system_uuid
));
300 if (hr
->file_system_type
)
301 printf(" File System: %s\n", user_record_file_system_type(hr
));
303 if (hr
->luks_extra_mount_options
)
304 printf("LUKS MntOpts: %s\n", hr
->luks_extra_mount_options
);
307 printf(" LUKS Cipher: %s\n", hr
->luks_cipher
);
308 if (hr
->luks_cipher_mode
)
309 printf(" Cipher Mode: %s\n", hr
->luks_cipher_mode
);
310 if (hr
->luks_volume_key_size
!= UINT64_MAX
)
311 printf(" Volume Key: %" PRIu64
"bit\n", hr
->luks_volume_key_size
* 8);
313 if (hr
->luks_pbkdf_type
)
314 printf(" PBKDF Type: %s\n", hr
->luks_pbkdf_type
);
315 if (hr
->luks_pbkdf_hash_algorithm
)
316 printf(" PBKDF Hash: %s\n", hr
->luks_pbkdf_hash_algorithm
);
317 if (hr
->luks_pbkdf_force_iterations
!= UINT64_MAX
)
318 printf(" PBKDF Iters: %" PRIu64
"\n", hr
->luks_pbkdf_force_iterations
);
319 if (hr
->luks_pbkdf_time_cost_usec
!= UINT64_MAX
)
320 printf(" PBKDF Time: %s\n", FORMAT_TIMESPAN(hr
->luks_pbkdf_time_cost_usec
, 0));
321 if (hr
->luks_pbkdf_memory_cost
!= UINT64_MAX
)
322 printf(" PBKDF Bytes: %s\n", FORMAT_BYTES(hr
->luks_pbkdf_memory_cost
));
324 if (hr
->luks_pbkdf_parallel_threads
!= UINT64_MAX
)
325 printf("PBKDF Thread: %" PRIu64
"\n", hr
->luks_pbkdf_parallel_threads
);
326 if (hr
->luks_sector_size
!= UINT64_MAX
)
327 printf(" Sector Size: %" PRIu64
"\n", hr
->luks_sector_size
);
329 } else if (storage
== USER_CIFS
) {
331 if (hr
->cifs_service
)
332 printf("CIFS Service: %s\n", hr
->cifs_service
);
334 if (hr
->cifs_extra_mount_options
)
335 printf("CIFS MntOpts: %s\n", hr
->cifs_extra_mount_options
);
338 if (hr
->cifs_user_name
)
339 printf(" CIFS User: %s\n", user_record_cifs_user_name(hr
));
341 printf(" CIFS Domain: %s\n", hr
->cifs_domain
);
343 if (storage
!= USER_CLASSIC
)
344 printf(" Mount Flags: %s %s %s\n",
345 hr
->nosuid
? "nosuid" : "suid",
346 hr
->nodev
? "nodev" : "dev",
347 hr
->noexec
? "noexec" : "exec");
349 if (hr
->skeleton_directory
)
350 printf(" Skel. Dir.: %s\n", user_record_skeleton_directory(hr
));
352 if (hr
->disk_size
!= UINT64_MAX
)
353 printf(" Disk Size: %s\n", FORMAT_BYTES(hr
->disk_size
));
355 if (hr
->disk_usage
!= UINT64_MAX
) {
356 if (hr
->disk_size
!= UINT64_MAX
) {
359 permille
= (unsigned) DIV_ROUND_UP(hr
->disk_usage
* 1000U, hr
->disk_size
); /* Round up! */
360 printf(" Disk Usage: %s (= %u.%01u%%)\n",
361 FORMAT_BYTES(hr
->disk_usage
),
362 permille
/ 10, permille
% 10);
364 printf(" Disk Usage: %s\n", FORMAT_BYTES(hr
->disk_usage
));
367 if (hr
->disk_free
!= UINT64_MAX
) {
368 if (hr
->disk_size
!= UINT64_MAX
) {
369 const char *color_on
, *color_off
;
372 permille
= (unsigned) ((hr
->disk_free
* 1000U) / hr
->disk_size
); /* Round down! */
374 /* Color the output red or yellow if we are below 10% resp. 25% free. Because 10% and
375 * 25% can be a lot of space still, let's additionally make some absolute
376 * restrictions: 1G and 2G */
377 if (permille
<= 100U &&
378 hr
->disk_free
< 1024U*1024U*1024U /* 1G */) {
379 color_on
= ansi_highlight_red();
380 color_off
= ansi_normal();
381 } else if (permille
<= 250U &&
382 hr
->disk_free
< 2U*1024U*1024U*1024U /* 2G */) {
383 color_on
= ansi_highlight_yellow();
384 color_off
= ansi_normal();
386 color_on
= color_off
= "";
388 printf(" Disk Free: %s%s (= %u.%01u%%)%s\n",
390 FORMAT_BYTES(hr
->disk_free
),
391 permille
/ 10, permille
% 10,
394 printf(" Disk Free: %s\n", FORMAT_BYTES(hr
->disk_free
));
397 if (hr
->disk_floor
!= UINT64_MAX
)
398 printf(" Disk Floor: %s\n", FORMAT_BYTES(hr
->disk_floor
));
400 if (hr
->disk_ceiling
!= UINT64_MAX
)
401 printf("Disk Ceiling: %s\n", FORMAT_BYTES(hr
->disk_ceiling
));
403 if (hr
->good_authentication_counter
!= UINT64_MAX
)
404 printf(" Good Auth.: %" PRIu64
"\n", hr
->good_authentication_counter
);
406 if (hr
->last_good_authentication_usec
!= UINT64_MAX
)
407 printf(" Last Good: %s\n", FORMAT_TIMESTAMP(hr
->last_good_authentication_usec
));
409 if (hr
->bad_authentication_counter
!= UINT64_MAX
)
410 printf(" Bad Auth.: %" PRIu64
"\n", hr
->bad_authentication_counter
);
412 if (hr
->last_bad_authentication_usec
!= UINT64_MAX
)
413 printf(" Last Bad: %s\n", FORMAT_TIMESTAMP(hr
->last_bad_authentication_usec
));
415 t
= user_record_ratelimit_next_try(hr
);
416 if (t
!= USEC_INFINITY
) {
417 usec_t n
= now(CLOCK_REALTIME
);
420 printf(" Next Try: anytime\n");
422 printf(" Next Try: %sin %s%s\n",
423 ansi_highlight_red(),
424 FORMAT_TIMESPAN(t
- n
, USEC_PER_SEC
),
428 if (storage
!= USER_CLASSIC
)
429 printf(" Auth. Limit: %" PRIu64
" attempts per %s\n", user_record_ratelimit_burst(hr
),
430 FORMAT_TIMESPAN(user_record_ratelimit_interval_usec(hr
), 0));
432 if (hr
->enforce_password_policy
>= 0)
433 printf(" Passwd Pol.: %s\n", yes_no(hr
->enforce_password_policy
));
435 if (hr
->password_change_min_usec
!= UINT64_MAX
||
436 hr
->password_change_max_usec
!= UINT64_MAX
||
437 hr
->password_change_warn_usec
!= UINT64_MAX
||
438 hr
->password_change_inactive_usec
!= UINT64_MAX
) {
440 printf(" Passwd Chg.:");
442 if (hr
->password_change_min_usec
!= UINT64_MAX
) {
443 printf(" min %s", FORMAT_TIMESPAN(hr
->password_change_min_usec
, 0));
445 if (hr
->password_change_max_usec
!= UINT64_MAX
)
449 if (hr
->password_change_max_usec
!= UINT64_MAX
)
450 printf(" max %s", FORMAT_TIMESPAN(hr
->password_change_max_usec
, 0));
452 if (hr
->password_change_warn_usec
!= UINT64_MAX
)
453 printf("/warn %s", FORMAT_TIMESPAN(hr
->password_change_warn_usec
, 0));
455 if (hr
->password_change_inactive_usec
!= UINT64_MAX
)
456 printf("/inactive %s", FORMAT_TIMESPAN(hr
->password_change_inactive_usec
, 0));
461 if (hr
->password_change_now
>= 0)
462 printf("Pas. Ch. Now: %s\n", yes_no(hr
->password_change_now
));
464 if (hr
->drop_caches
>= 0 || user_record_drop_caches(hr
))
465 printf(" Drop Caches: %s\n", yes_no(user_record_drop_caches(hr
)));
467 if (hr
->auto_resize_mode
>= 0)
468 printf(" Auto Resize: %s\n", auto_resize_mode_to_string(user_record_auto_resize_mode(hr
)));
470 if (hr
->rebalance_weight
!= REBALANCE_WEIGHT_UNSET
) {
473 rb
= user_record_rebalance_weight(hr
);
474 if (rb
== REBALANCE_WEIGHT_OFF
)
475 printf(" Rebalance: off\n");
477 printf(" Rebalance: weight %" PRIu64
"\n", rb
);
480 if (!strv_isempty(hr
->ssh_authorized_keys
))
481 printf("SSH Pub. Key: %zu\n", strv_length(hr
->ssh_authorized_keys
));
483 if (!strv_isempty(hr
->pkcs11_token_uri
))
484 STRV_FOREACH(i
, hr
->pkcs11_token_uri
)
485 printf(i
== hr
->pkcs11_token_uri
?
486 "PKCS11 Token: %s\n" :
489 if (hr
->n_fido2_hmac_credential
> 0)
490 printf(" FIDO2 Token: %zu\n", hr
->n_fido2_hmac_credential
);
492 if (!strv_isempty(hr
->recovery_key_type
))
493 printf("Recovery Key: %zu\n", strv_length(hr
->recovery_key_type
));
495 k
= strv_length(hr
->hashed_password
);
497 printf(" Passwords: %snone%s\n",
498 user_record_disposition(hr
) == USER_REGULAR
? ansi_highlight_yellow() : ansi_normal(), ansi_normal());
500 printf(" Passwords: %zu\n", k
);
502 if (hr
->signed_locally
>= 0)
503 printf(" Local Sig.: %s\n", yes_no(hr
->signed_locally
));
505 if (hr
->stop_delay_usec
!= UINT64_MAX
)
506 printf(" Stop Delay: %s\n", FORMAT_TIMESPAN(hr
->stop_delay_usec
, 0));
508 if (hr
->auto_login
>= 0)
509 printf("Autom. Login: %s\n", yes_no(hr
->auto_login
));
511 if (hr
->kill_processes
>= 0)
512 printf(" Kill Proc.: %s\n", yes_no(hr
->kill_processes
));
515 printf(" Service: %s\n", hr
->service
);
518 void group_record_show(GroupRecord
*gr
, bool show_full_user_info
) {
521 printf(" Group name: %s\n",
522 group_record_group_name_and_realm(gr
));
524 printf(" Disposition: %s\n", user_disposition_to_string(group_record_disposition(gr
)));
526 if (gr
->last_change_usec
!= USEC_INFINITY
)
527 printf(" Last Change: %s\n", FORMAT_TIMESTAMP(gr
->last_change_usec
));
529 if (gid_is_valid(gr
->gid
))
530 printf(" GID: " GID_FMT
"\n", gr
->gid
);
532 if (show_full_user_info
) {
533 _cleanup_(userdb_iterator_freep
) UserDBIterator
*iterator
= NULL
;
535 r
= membershipdb_by_group(gr
->group_name
, 0, &iterator
);
538 printf(" Members: (can't acquire: %m)");
540 const char *prefix
= " Members:";
543 _cleanup_free_
char *user
= NULL
;
545 r
= membershipdb_iterator_get(iterator
, &user
, NULL
);
550 printf("%s (can't iterate: %m\n", prefix
);
554 printf("%s %s\n", prefix
, user
);
559 const char *prefix
= " Members:";
561 STRV_FOREACH(i
, gr
->members
) {
562 printf("%s %s\n", prefix
, *i
);
567 if (!strv_isempty(gr
->administrators
)) {
568 const char *prefix
= " Admins:";
570 STRV_FOREACH(i
, gr
->administrators
) {
571 printf("%s %s\n", prefix
, *i
);
576 if (gr
->description
&& !streq(gr
->description
, gr
->group_name
))
577 printf(" Description: %s\n", gr
->description
);
579 if (!strv_isempty(gr
->hashed_password
))
580 printf(" Passwords: %zu\n", strv_length(gr
->hashed_password
));
583 printf(" Service: %s\n", gr
->service
);