[thirdparty/systemd.git] / src / home / user-record-util.h

/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once

#include "forward.h"

/* We intentionally use snake_case instead of the usual camelCase here to further
 * reduce the chance of collision with a field any legitimate user record may ever
 * want to set. */
#define HOMEWORK_BLOB_FDMAP_FIELD "__systemd_homework_internal_blob_fdmap"

int user_record_synthesize(UserRecord *h, const char *user_name, const char *realm, const char *image_path, UserStorage storage, uid_t uid, gid_t gid);
int group_record_synthesize(GroupRecord *g, UserRecord *u);

typedef enum UserReconcileMode {
        USER_RECONCILE_ANY,
        USER_RECONCILE_REQUIRE_NEWER,          /* host version must be newer than embedded version */
        USER_RECONCILE_REQUIRE_NEWER_OR_EQUAL, /* similar, but may also be equal */
        _USER_RECONCILE_MODE_MAX,
        _USER_RECONCILE_MODE_INVALID = -EINVAL,
} UserReconcileMode;

enum { /* return values */
        USER_RECONCILE_HOST_WON,
        USER_RECONCILE_EMBEDDED_WON,
        USER_RECONCILE_IDENTICAL,
};

int user_record_reconcile(UserRecord *host, UserRecord *embedded, UserReconcileMode mode, UserRecord **ret);
int user_record_add_binding(UserRecord *h, UserStorage storage, const char *image_path, sd_id128_t partition_uuid, sd_id128_t luks_uuid, sd_id128_t fs_uuid, const char *luks_cipher, const char *luks_cipher_mode, uint64_t luks_volume_key_size, const char *file_system_type, const char *home_directory, uid_t uid, gid_t gid);

/* Results of the two test functions below. */
enum {
        USER_TEST_UNDEFINED, /* Returned by user_record_test_image_path() if the storage type knows no image paths */
        USER_TEST_ABSENT,
        USER_TEST_EXISTS,
        USER_TEST_DIRTY,     /* Only applies to user_record_test_image_path(), when the image exists but is marked dirty */
        USER_TEST_MOUNTED,   /* Only applies to user_record_test_home_directory(), when the home directory exists. */
        USER_TEST_MAYBE,     /* Only applies to LUKS devices: block device exists, but we don't know if it's the right one */
};

int user_record_test_home_directory(UserRecord *h);
int user_record_test_home_directory_and_warn(UserRecord *h);
int user_record_test_image_path(UserRecord *h);
int user_record_test_image_path_and_warn(UserRecord *h);

int user_record_test_password(UserRecord *h, UserRecord *secret);
int user_record_test_recovery_key(UserRecord *h, UserRecord *secret);

int user_record_update_last_changed(UserRecord *h, bool with_password);
int user_record_set_disk_size(UserRecord *h, uint64_t disk_size);
int user_record_set_password(UserRecord *h, char **password, bool prepend);
int user_record_make_hashed_password(UserRecord *h, char **password, bool extend);
int user_record_set_token_pin(UserRecord *h, char **pin, bool prepend);
int user_record_set_pkcs11_protected_authentication_path_permitted(UserRecord *h, int b);
int user_record_set_fido2_user_presence_permitted(UserRecord *h, int b);
int user_record_set_fido2_user_verification_permitted(UserRecord *h, int b);
int user_record_set_password_change_now(UserRecord *h, int b);
int user_record_merge_secret(UserRecord *h, UserRecord *secret);
int user_record_good_authentication(UserRecord *h);
int user_record_bad_authentication(UserRecord *h);
int user_record_ratelimit(UserRecord *h);

int user_record_is_supported(UserRecord *hr, sd_bus_error *error);

bool user_record_shall_rebalance(UserRecord *h);
int user_record_set_rebalance_weight(UserRecord *h, uint64_t weight);

int user_record_ensure_blob_manifest(UserRecord *h, Hashmap *blobs, const char **ret_failed);
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
70a5db58 LP	2	#pragma once
70a5db58 LP	3
572c1fe6	4	#include "forward.h"
70a5db58	5
a4d72746 AV	6	/* We intentionally use snake_case instead of the usual camelCase here to further
	7	* reduce the chance of collision with a field any legitimate user record may ever
	8	* want to set. */
	9	#define HOMEWORK_BLOB_FDMAP_FIELD "__systemd_homework_internal_blob_fdmap"
	10
70a5db58 LP	11	int user_record_synthesize(UserRecord h, const char user_name, const char realm, const char image_path, UserStorage storage, uid_t uid, gid_t gid);
	12	int group_record_synthesize(GroupRecord g, UserRecord u);
	13
	14	typedef enum UserReconcileMode {
	15	USER_RECONCILE_ANY,
	16	USER_RECONCILE_REQUIRE_NEWER, /* host version must be newer than embedded version */
	17	USER_RECONCILE_REQUIRE_NEWER_OR_EQUAL, /* similar, but may also be equal */
	18	_USER_RECONCILE_MODE_MAX,
2d93c20e	19	_USER_RECONCILE_MODE_INVALID = -EINVAL,
70a5db58 LP	20	} UserReconcileMode;
	21
	22	enum { /* return values */
	23	USER_RECONCILE_HOST_WON,
	24	USER_RECONCILE_EMBEDDED_WON,
	25	USER_RECONCILE_IDENTICAL,
	26	};
	27
	28	int user_record_reconcile(UserRecord host, UserRecord embedded, UserReconcileMode mode, UserRecord **ret);
	29	int user_record_add_binding(UserRecord h, UserStorage storage, const char image_path, sd_id128_t partition_uuid, sd_id128_t luks_uuid, sd_id128_t fs_uuid, const char luks_cipher, const char luks_cipher_mode, uint64_t luks_volume_key_size, const char file_system_type, const char home_directory, uid_t uid, gid_t gid);
	30
	31	/* Results of the two test functions below. */
	32	enum {
	33	USER_TEST_UNDEFINED, /* Returned by user_record_test_image_path() if the storage type knows no image paths */
	34	USER_TEST_ABSENT,
	35	USER_TEST_EXISTS,
9be99f81	36	USER_TEST_DIRTY, /* Only applies to user_record_test_image_path(), when the image exists but is marked dirty */
70a5db58 LP	37	USER_TEST_MOUNTED, /* Only applies to user_record_test_home_directory(), when the home directory exists. */
	38	USER_TEST_MAYBE, /* Only applies to LUKS devices: block device exists, but we don't know if it's the right one */
	39	};
	40
	41	int user_record_test_home_directory(UserRecord *h);
	42	int user_record_test_home_directory_and_warn(UserRecord *h);
	43	int user_record_test_image_path(UserRecord *h);
	44	int user_record_test_image_path_and_warn(UserRecord *h);
	45
87d7893c	46	int user_record_test_password(UserRecord h, UserRecord secret);
aecbc87d	47	int user_record_test_recovery_key(UserRecord h, UserRecord secret);
70a5db58 LP	48
	49	int user_record_update_last_changed(UserRecord *h, bool with_password);
	50	int user_record_set_disk_size(UserRecord *h, uint64_t disk_size);
	51	int user_record_set_password(UserRecord h, char *password, bool prepend);
	52	int user_record_make_hashed_password(UserRecord h, char *password, bool extend);
c0bde0d2	53	int user_record_set_token_pin(UserRecord h, char *pin, bool prepend);
70a5db58	54	int user_record_set_pkcs11_protected_authentication_path_permitted(UserRecord *h, int b);
7b78db28	55	int user_record_set_fido2_user_presence_permitted(UserRecord *h, int b);
17e7561a	56	int user_record_set_fido2_user_verification_permitted(UserRecord *h, int b);
70a5db58 LP	57	int user_record_set_password_change_now(UserRecord *h, int b);
	58	int user_record_merge_secret(UserRecord h, UserRecord secret);
	59	int user_record_good_authentication(UserRecord *h);
	60	int user_record_bad_authentication(UserRecord *h);
	61	int user_record_ratelimit(UserRecord *h);
	62
	63	int user_record_is_supported(UserRecord hr, sd_bus_error error);
d357b80d LP	64
	65	bool user_record_shall_rebalance(UserRecord *h);
	66	int user_record_set_rebalance_weight(UserRecord *h, uint64_t weight);
a4d72746 AV	67
a4d72746 AV	68	int user_record_ensure_blob_manifest(UserRecord h, Hashmap blobs, const char **ret_failed);