projects / thirdparty / systemd.git / blame
| Commit | Line | Data |
|---|---|---|
| db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
| 70a5db58 LP |
2 | #pragma once |
| 3 | ||
| 4 | #include <linux/fs.h> | |
| 5 | #include <sys/vfs.h> | |
| 6 | ||
| 7 | #include "sd-id128.h" | |
| 8 | ||
| 9 | #include "loop-util.h" | |
| 3361d1ca | 10 | #include "strv.h" |
| 70a5db58 LP |
11 | #include "user-record.h" |
| 12 | #include "user-record-util.h" | |
| 13 | ||
| 14 | typedef struct HomeSetup { | |
| 15 | char *dm_name; | |
| 16 | char *dm_node; | |
| 17 | ||
| 18 | LoopDevice *loop; | |
| 19 | struct crypt_device *crypt_device; | |
| 20 | int root_fd; | |
| 28a7f106 | 21 | int image_fd; |
| 70a5db58 LP |
22 | sd_id128_t found_partition_uuid; |
| 23 | sd_id128_t found_luks_uuid; | |
| 24 | sd_id128_t found_fs_uuid; | |
| 25 | ||
| 26 | uint8_t fscrypt_key_descriptor[FS_KEY_DESCRIPTOR_SIZE]; | |
| 27 | ||
| 28 | void *volume_key; | |
| 29 | size_t volume_key_size; | |
| 30 | ||
| baa41cee LP |
31 | bool undo_dm:1; |
| 32 | bool undo_mount:1; /* Whether to unmount /run/systemd/user-home-mount */ | |
| 33 | bool do_offline_fitrim:1; | |
| 34 | bool do_offline_fallocate:1; | |
| 35 | bool do_mark_clean:1; | |
| 36 | bool do_drop_caches:1; | |
| 70a5db58 LP |
37 | |
| 38 | uint64_t partition_offset; | |
| 39 | uint64_t partition_size; | |
| 40 | } HomeSetup; | |
| 41 | ||
| 7b78db28 | 42 | typedef struct PasswordCache { |
| 3361d1ca LP |
43 | /* Decoding passwords from security tokens is expensive and typically requires user interaction, |
| 44 | * hence cache any we already figured out. */ | |
| 7b78db28 LP |
45 | char **pkcs11_passwords; |
| 46 | char **fido2_passwords; | |
| 47 | } PasswordCache; | |
| 48 | ||
| 49 | void password_cache_free(PasswordCache *cache); | |
| 50 | ||
| 3361d1ca LP |
51 | static inline bool password_cache_contains(const PasswordCache *cache, const char *p) { |
| 52 | if (!cache) | |
| 53 | return false; | |
| 54 | ||
| 55 | return strv_contains(cache->pkcs11_passwords, p) || strv_contains(cache->fido2_passwords, p); | |
| 56 | } | |
| 57 | ||
| 70a5db58 LP |
58 | #define HOME_SETUP_INIT \ |
| 59 | { \ | |
| 60 | .root_fd = -1, \ | |
| 28a7f106 | 61 | .image_fd = -1, \ |
| 70a5db58 LP |
62 | .partition_offset = UINT64_MAX, \ |
| 63 | .partition_size = UINT64_MAX, \ | |
| 64 | } | |
| 65 | ||
| e1df968b LP |
66 | /* Various flags for the operation of setting up a home directory */ |
| 67 | typedef enum HomeSetupFlags { | |
| 68 | HOME_SETUP_ALREADY_ACTIVATED = 1 << 0, /* Open an already activated home, rather than activate it afresh */ | |
| 69 | } HomeSetupFlags; | |
| 70 | ||
| 66aa51f8 | 71 | int home_setup_done(HomeSetup *setup); |
| 70a5db58 | 72 | |
| 55166094 LP |
73 | int home_setup_undo_mount(HomeSetup *setup, int level); |
| 74 | ||
| e1df968b | 75 | int home_setup(UserRecord *h, HomeSetupFlags flags, PasswordCache *cache, HomeSetup *setup, UserRecord **ret_header_home); |
| 70a5db58 | 76 | |
| 7b78db28 | 77 | int home_refresh(UserRecord *h, HomeSetup *setup, UserRecord *header_home, PasswordCache *cache, struct statfs *ret_statfs, UserRecord **ret_new_home); |
| 70a5db58 | 78 | |
| cf5115f6 | 79 | int home_maybe_shift_uid(UserRecord *h, HomeSetup *setup); |
| 70a5db58 LP |
80 | int home_populate(UserRecord *h, int dir_fd); |
| 81 | ||
| 7b78db28 | 82 | int home_load_embedded_identity(UserRecord *h, int root_fd, UserRecord *header_home, UserReconcileMode mode, PasswordCache *cache, UserRecord **ret_embedded_home, UserRecord **ret_new_home); |
| 70a5db58 LP |
83 | int home_store_embedded_identity(UserRecord *h, int root_fd, uid_t uid, UserRecord *old_home); |
| 84 | int home_extend_embedded_identity(UserRecord *h, UserRecord *used, HomeSetup *setup); | |
| 85 | ||
| 7b78db28 | 86 | int user_record_authenticate(UserRecord *h, UserRecord *secret, PasswordCache *cache, bool strict_verify); |
| 70a5db58 LP |
87 | |
| 88 | int home_sync_and_statfs(int root_fd, struct statfs *ret); | |
| 498abadb LP |
89 | |
| 90 | #define HOME_RUNTIME_WORK_DIR "/run/systemd/user-home-mount" |