]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/shared/user-record.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
varlink,json: introduce new varlink_dispatch() helper
[thirdparty/systemd.git] / src / shared / user-record.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <sys/mount.h>
4
5 #include "cap-list.h"
6 #include "cgroup-util.h"
7 #include "dns-domain.h"
8 #include "env-util.h"
9 #include "fs-util.h"
10 #include "glyph-util.h"
11 #include "hexdecoct.h"
12 #include "hostname-util.h"
13 #include "memory-util.h"
14 #include "path-util.h"
15 #include "pkcs11-util.h"
16 #include "rlimit-util.h"
17 #include "string-table.h"
18 #include "strv.h"
19 #include "uid-alloc-range.h"
20 #include "user-record.h"
21 #include "user-util.h"
22
23 #define DEFAULT_RATELIMIT_BURST 30
24 #define DEFAULT_RATELIMIT_INTERVAL_USEC (1*USEC_PER_MINUTE)
25
26 UserRecord* user_record_new(void) {
27 UserRecord *h;
28
29 h = new(UserRecord, 1);
30 if (!h)
31 return NULL;
32
33 *h = (UserRecord) {
34 .n_ref = 1,
35 .disposition = _USER_DISPOSITION_INVALID,
36 .last_change_usec = UINT64_MAX,
37 .last_password_change_usec = UINT64_MAX,
38 .umask = MODE_INVALID,
39 .nice_level = INT_MAX,
40 .not_before_usec = UINT64_MAX,
41 .not_after_usec = UINT64_MAX,
42 .locked = -1,
43 .storage = _USER_STORAGE_INVALID,
44 .access_mode = MODE_INVALID,
45 .disk_size = UINT64_MAX,
46 .disk_size_relative = UINT64_MAX,
47 .tasks_max = UINT64_MAX,
48 .memory_high = UINT64_MAX,
49 .memory_max = UINT64_MAX,
50 .cpu_weight = UINT64_MAX,
51 .io_weight = UINT64_MAX,
52 .uid = UID_INVALID,
53 .gid = GID_INVALID,
54 .nodev = true,
55 .nosuid = true,
56 .luks_discard = -1,
57 .luks_offline_discard = -1,
58 .luks_volume_key_size = UINT64_MAX,
59 .luks_pbkdf_force_iterations = UINT64_MAX,
60 .luks_pbkdf_time_cost_usec = UINT64_MAX,
61 .luks_pbkdf_memory_cost = UINT64_MAX,
62 .luks_pbkdf_parallel_threads = UINT64_MAX,
63 .luks_sector_size = UINT64_MAX,
64 .disk_usage = UINT64_MAX,
65 .disk_free = UINT64_MAX,
66 .disk_ceiling = UINT64_MAX,
67 .disk_floor = UINT64_MAX,
68 .signed_locally = -1,
69 .good_authentication_counter = UINT64_MAX,
70 .bad_authentication_counter = UINT64_MAX,
71 .last_good_authentication_usec = UINT64_MAX,
72 .last_bad_authentication_usec = UINT64_MAX,
73 .ratelimit_begin_usec = UINT64_MAX,
74 .ratelimit_count = UINT64_MAX,
75 .ratelimit_interval_usec = UINT64_MAX,
76 .ratelimit_burst = UINT64_MAX,
77 .removable = -1,
78 .enforce_password_policy = -1,
79 .auto_login = -1,
80 .stop_delay_usec = UINT64_MAX,
81 .kill_processes = -1,
82 .password_change_min_usec = UINT64_MAX,
83 .password_change_max_usec = UINT64_MAX,
84 .password_change_warn_usec = UINT64_MAX,
85 .password_change_inactive_usec = UINT64_MAX,
86 .password_change_now = -1,
87 .pkcs11_protected_authentication_path_permitted = -1,
88 .fido2_user_presence_permitted = -1,
89 .fido2_user_verification_permitted = -1,
90 .drop_caches = -1,
91 .auto_resize_mode = _AUTO_RESIZE_MODE_INVALID,
92 .rebalance_weight = REBALANCE_WEIGHT_UNSET,
93 };
94
95 return h;
96 }
97
98 static void pkcs11_encrypted_key_done(Pkcs11EncryptedKey *k) {
99 if (!k)
100 return;
101
102 free(k->uri);
103 erase_and_free(k->data);
104 erase_and_free(k->hashed_password);
105 }
106
107 static void fido2_hmac_credential_done(Fido2HmacCredential *c) {
108 if (!c)
109 return;
110
111 free(c->id);
112 }
113
114 static void fido2_hmac_salt_done(Fido2HmacSalt *s) {
115 if (!s)
116 return;
117
118 fido2_hmac_credential_done(&s->credential);
119 erase_and_free(s->salt);
120 erase_and_free(s->hashed_password);
121 }
122
123 static void recovery_key_done(RecoveryKey *k) {
124 if (!k)
125 return;
126
127 free(k->type);
128 erase_and_free(k->hashed_password);
129 }
130
131 static UserRecord* user_record_free(UserRecord *h) {
132 if (!h)
133 return NULL;
134
135 free(h->user_name);
136 free(h->realm);
137 free(h->user_name_and_realm_auto);
138 free(h->real_name);
139 free(h->email_address);
140 erase_and_free(h->password_hint);
141 free(h->location);
142 free(h->icon_name);
143
144 free(h->shell);
145
146 strv_free(h->environment);
147 free(h->time_zone);
148 free(h->preferred_language);
149 rlimit_free_all(h->rlimits);
150
151 free(h->skeleton_directory);
152
153 strv_free_erase(h->hashed_password);
154 strv_free_erase(h->ssh_authorized_keys);
155 strv_free_erase(h->password);
156 strv_free_erase(h->token_pin);
157
158 free(h->cifs_service);
159 free(h->cifs_user_name);
160 free(h->cifs_domain);
161 free(h->cifs_extra_mount_options);
162
163 free(h->image_path);
164 free(h->image_path_auto);
165 free(h->home_directory);
166 free(h->home_directory_auto);
167
168 strv_free(h->member_of);
169 strv_free(h->capability_bounding_set);
170 strv_free(h->capability_ambient_set);
171
172 free(h->file_system_type);
173 free(h->luks_cipher);
174 free(h->luks_cipher_mode);
175 free(h->luks_pbkdf_hash_algorithm);
176 free(h->luks_pbkdf_type);
177 free(h->luks_extra_mount_options);
178
179 free(h->state);
180 free(h->service);
181
182 strv_free(h->pkcs11_token_uri);
183 for (size_t i = 0; i < h->n_pkcs11_encrypted_key; i++)
184 pkcs11_encrypted_key_done(h->pkcs11_encrypted_key + i);
185 free(h->pkcs11_encrypted_key);
186
187 for (size_t i = 0; i < h->n_fido2_hmac_credential; i++)
188 fido2_hmac_credential_done(h->fido2_hmac_credential + i);
189 for (size_t i = 0; i < h->n_fido2_hmac_salt; i++)
190 fido2_hmac_salt_done(h->fido2_hmac_salt + i);
191
192 strv_free(h->recovery_key_type);
193 for (size_t i = 0; i < h->n_recovery_key; i++)
194 recovery_key_done(h->recovery_key + i);
195
196 json_variant_unref(h->json);
197
198 return mfree(h);
199 }
200
201 DEFINE_TRIVIAL_REF_UNREF_FUNC(UserRecord, user_record, user_record_free);
202
203 int json_dispatch_realm(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
204 char **s = userdata;
205 const char *n;
206 int r;
207
208 if (json_variant_is_null(variant)) {
209 *s = mfree(*s);
210 return 0;
211 }
212
213 if (!json_variant_is_string(variant))
214 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
215
216 n = json_variant_string(variant);
217 r = dns_name_is_valid(n);
218 if (r < 0)
219 return json_log(variant, flags, r, "Failed to check if JSON field '%s' is a valid DNS domain.", strna(name));
220 if (r == 0)
221 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid DNS domain.", strna(name));
222
223 r = free_and_strdup(s, n);
224 if (r < 0)
225 return json_log(variant, flags, r, "Failed to allocate string: %m");
226
227 return 0;
228 }
229
230 int json_dispatch_gecos(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
231 char **s = userdata;
232 const char *n;
233
234 if (json_variant_is_null(variant)) {
235 *s = mfree(*s);
236 return 0;
237 }
238
239 if (!json_variant_is_string(variant))
240 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
241
242 n = json_variant_string(variant);
243 if (valid_gecos(n)) {
244 if (free_and_strdup(s, n) < 0)
245 return json_log_oom(variant, flags);
246 } else {
247 _cleanup_free_ char *m = NULL;
248
249 json_log(variant, flags|JSON_DEBUG, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid GECOS compatible string, mangling.", strna(name));
250
251 m = mangle_gecos(n);
252 if (!m)
253 return json_log_oom(variant, flags);
254
255 free_and_replace(*s, m);
256 }
257
258 return 0;
259 }
260
261 static int json_dispatch_nice(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
262 int *nl = userdata;
263 int64_t m;
264
265 if (json_variant_is_null(variant)) {
266 *nl = INT_MAX;
267 return 0;
268 }
269
270 if (!json_variant_is_integer(variant))
271 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
272
273 m = json_variant_integer(variant);
274 if (m < PRIO_MIN || m >= PRIO_MAX)
275 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not a valid nice level.", strna(name));
276
277 *nl = m;
278 return 0;
279 }
280
281 static int json_dispatch_rlimit_value(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
282 rlim_t *ret = userdata;
283
284 if (json_variant_is_null(variant))
285 *ret = RLIM_INFINITY;
286 else if (json_variant_is_unsigned(variant)) {
287 uint64_t w;
288
289 w = json_variant_unsigned(variant);
290 if (w == RLIM_INFINITY || (uint64_t) w != json_variant_unsigned(variant))
291 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "Resource limit value '%s' is out of range.", name);
292
293 *ret = (rlim_t) w;
294 } else
295 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit value '%s' is not an unsigned integer.", name);
296
297 return 0;
298 }
299
300 static int json_dispatch_rlimits(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
301 struct rlimit** limits = userdata;
302 JsonVariant *value;
303 const char *key;
304 int r;
305
306 assert_se(limits);
307
308 if (json_variant_is_null(variant)) {
309 rlimit_free_all(limits);
310 return 0;
311 }
312
313 if (!json_variant_is_object(variant))
314 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an object.", strna(name));
315
316 JSON_VARIANT_OBJECT_FOREACH(key, value, variant) {
317 JsonVariant *jcur, *jmax;
318 struct rlimit rl;
319 const char *p;
320 int l;
321
322 p = startswith(key, "RLIMIT_");
323 if (!p)
324 l = -SYNTHETIC_ERRNO(EINVAL);
325 else
326 l = rlimit_from_string(p);
327 if (l < 0)
328 return json_log(variant, flags, l, "Resource limit '%s' not known.", key);
329
330 if (!json_variant_is_object(value))
331 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' has invalid value.", key);
332
333 if (json_variant_elements(value) != 4)
334 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' value is does not have two fields as expected.", key);
335
336 jcur = json_variant_by_key(value, "cur");
337 if (!jcur)
338 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' lacks 'cur' field.", key);
339 r = json_dispatch_rlimit_value("cur", jcur, flags, &rl.rlim_cur);
340 if (r < 0)
341 return r;
342
343 jmax = json_variant_by_key(value, "max");
344 if (!jmax)
345 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' lacks 'max' field.", key);
346 r = json_dispatch_rlimit_value("max", jmax, flags, &rl.rlim_max);
347 if (r < 0)
348 return r;
349
350 if (limits[l])
351 *(limits[l]) = rl;
352 else {
353 limits[l] = newdup(struct rlimit, &rl, 1);
354 if (!limits[l])
355 return log_oom();
356 }
357 }
358
359 return 0;
360 }
361
362 static int json_dispatch_filename_or_path(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
363 char **s = ASSERT_PTR(userdata);
364 const char *n;
365 int r;
366
367 if (json_variant_is_null(variant)) {
368 *s = mfree(*s);
369 return 0;
370 }
371
372 if (!json_variant_is_string(variant))
373 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
374
375 n = json_variant_string(variant);
376 if (!filename_is_valid(n) && !path_is_normalized(n))
377 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid file name or normalized path.", strna(name));
378
379 r = free_and_strdup(s, n);
380 if (r < 0)
381 return json_log(variant, flags, r, "Failed to allocate string: %m");
382
383 return 0;
384 }
385
386 static int json_dispatch_path(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
387 char **s = userdata;
388 const char *n;
389 int r;
390
391 if (json_variant_is_null(variant)) {
392 *s = mfree(*s);
393 return 0;
394 }
395
396 if (!json_variant_is_string(variant))
397 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
398
399 n = json_variant_string(variant);
400 if (!path_is_normalized(n))
401 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a normalized file system path.", strna(name));
402 if (!path_is_absolute(n))
403 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an absolute file system path.", strna(name));
404
405 r = free_and_strdup(s, n);
406 if (r < 0)
407 return json_log(variant, flags, r, "Failed to allocate string: %m");
408
409 return 0;
410 }
411
412 static int json_dispatch_home_directory(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
413 char **s = userdata;
414 const char *n;
415 int r;
416
417 if (json_variant_is_null(variant)) {
418 *s = mfree(*s);
419 return 0;
420 }
421
422 if (!json_variant_is_string(variant))
423 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
424
425 n = json_variant_string(variant);
426 if (!valid_home(n))
427 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid home directory path.", strna(name));
428
429 r = free_and_strdup(s, n);
430 if (r < 0)
431 return json_log(variant, flags, r, "Failed to allocate string: %m");
432
433 return 0;
434 }
435
436 static int json_dispatch_image_path(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
437 char **s = userdata;
438 const char *n;
439 int r;
440
441 if (json_variant_is_null(variant)) {
442 *s = mfree(*s);
443 return 0;
444 }
445
446 if (!json_variant_is_string(variant))
447 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
448
449 n = json_variant_string(variant);
450 if (empty_or_root(n) || !path_is_valid(n) || !path_is_absolute(n))
451 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid image path.", strna(name));
452
453 r = free_and_strdup(s, n);
454 if (r < 0)
455 return json_log(variant, flags, r, "Failed to allocate string: %m");
456
457 return 0;
458 }
459
460 static int json_dispatch_umask(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
461 mode_t *m = userdata;
462 uint64_t k;
463
464 if (json_variant_is_null(variant)) {
465 *m = MODE_INVALID;
466 return 0;
467 }
468
469 if (!json_variant_is_unsigned(variant))
470 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a number.", strna(name));
471
472 k = json_variant_unsigned(variant);
473 if (k > 0777)
474 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL),
475 "JSON field '%s' outside of valid range 0%s0777.",
476 strna(name), special_glyph(SPECIAL_GLYPH_ELLIPSIS));
477
478 *m = (mode_t) k;
479 return 0;
480 }
481
482 static int json_dispatch_access_mode(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
483 mode_t *m = userdata;
484 uint64_t k;
485
486 if (json_variant_is_null(variant)) {
487 *m = MODE_INVALID;
488 return 0;
489 }
490
491 if (!json_variant_is_unsigned(variant))
492 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a number.", strna(name));
493
494 k = json_variant_unsigned(variant);
495 if (k > 07777)
496 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL),
497 "JSON field '%s' outside of valid range 0%s07777.",
498 strna(name), special_glyph(SPECIAL_GLYPH_ELLIPSIS));
499
500 *m = (mode_t) k;
501 return 0;
502 }
503
504 static int json_dispatch_environment(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
505 _cleanup_strv_free_ char **n = NULL;
506 char ***l = userdata;
507 int r;
508
509 if (json_variant_is_null(variant)) {
510 *l = strv_free(*l);
511 return 0;
512 }
513
514 if (!json_variant_is_array(variant))
515 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array.", strna(name));
516
517 for (size_t i = 0; i < json_variant_elements(variant); i++) {
518 JsonVariant *e;
519 const char *a;
520
521 e = json_variant_by_index(variant, i);
522 if (!json_variant_is_string(e))
523 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of strings.", strna(name));
524
525 assert_se(a = json_variant_string(e));
526
527 if (!env_assignment_is_valid(a))
528 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of environment variables.", strna(name));
529
530 r = strv_env_replace_strdup(&n, a);
531 if (r < 0)
532 return json_log_oom(variant, flags);
533 }
534
535 return strv_free_and_replace(*l, n);
536 }
537
538 int json_dispatch_user_disposition(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
539 UserDisposition *disposition = userdata, k;
540
541 if (json_variant_is_null(variant)) {
542 *disposition = _USER_DISPOSITION_INVALID;
543 return 0;
544 }
545
546 if (!json_variant_is_string(variant))
547 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
548
549 k = user_disposition_from_string(json_variant_string(variant));
550 if (k < 0)
551 return json_log(variant, flags, k, "Disposition type '%s' not known.", json_variant_string(variant));
552
553 *disposition = k;
554 return 0;
555 }
556
557 static int json_dispatch_storage(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
558 UserStorage *storage = userdata, k;
559
560 if (json_variant_is_null(variant)) {
561 *storage = _USER_STORAGE_INVALID;
562 return 0;
563 }
564
565 if (!json_variant_is_string(variant))
566 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
567
568 k = user_storage_from_string(json_variant_string(variant));
569 if (k < 0)
570 return json_log(variant, flags, k, "Storage type '%s' not known.", json_variant_string(variant));
571
572 *storage = k;
573 return 0;
574 }
575
576 static int json_dispatch_tasks_or_memory_max(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
577 uint64_t *limit = userdata, k;
578
579 if (json_variant_is_null(variant)) {
580 *limit = UINT64_MAX;
581 return 0;
582 }
583
584 if (!json_variant_is_unsigned(variant))
585 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an integer.", strna(name));
586
587 k = json_variant_unsigned(variant);
588 if (k <= 0 || k >= UINT64_MAX)
589 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE),
590 "JSON field '%s' is not in valid range %" PRIu64 "%s%" PRIu64 ".",
591 strna(name), (uint64_t) 1, special_glyph(SPECIAL_GLYPH_ELLIPSIS), UINT64_MAX-1);
592
593 *limit = k;
594 return 0;
595 }
596
597 static int json_dispatch_weight(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
598 uint64_t *weight = userdata, k;
599
600 if (json_variant_is_null(variant)) {
601 *weight = UINT64_MAX;
602 return 0;
603 }
604
605 if (!json_variant_is_unsigned(variant))
606 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an integer.", strna(name));
607
608 k = json_variant_unsigned(variant);
609 if (k <= CGROUP_WEIGHT_MIN || k >= CGROUP_WEIGHT_MAX)
610 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE),
611 "JSON field '%s' is not in valid range %" PRIu64 "%s%" PRIu64 ".",
612 strna(name), (uint64_t) CGROUP_WEIGHT_MIN,
613 special_glyph(SPECIAL_GLYPH_ELLIPSIS), (uint64_t) CGROUP_WEIGHT_MAX);
614
615 *weight = k;
616 return 0;
617 }
618
619 int json_dispatch_user_group_list(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
620 _cleanup_strv_free_ char **l = NULL;
621 char ***list = userdata;
622 JsonVariant *e;
623 int r;
624
625 if (!json_variant_is_array(variant))
626 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of strings.", strna(name));
627
628 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
629
630 if (!json_variant_is_string(e))
631 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string.");
632
633 if (!valid_user_group_name(json_variant_string(e), FLAGS_SET(flags, JSON_RELAX) ? VALID_USER_RELAX : 0))
634 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a valid user/group name: %s", json_variant_string(e));
635
636 r = strv_extend(&l, json_variant_string(e));
637 if (r < 0)
638 return json_log(e, flags, r, "Failed to append array element: %m");
639 }
640
641 r = strv_extend_strv(list, l, true);
642 if (r < 0)
643 return json_log(variant, flags, r, "Failed to merge user/group arrays: %m");
644
645 return 0;
646 }
647
648 static int dispatch_secret(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
649
650 static const JsonDispatch secret_dispatch_table[] = {
651 { "password", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, password), 0 },
652 { "tokenPin", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, token_pin), 0 },
653 { "pkcs11Pin", /* legacy alias */ _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, token_pin), 0 },
654 { "pkcs11ProtectedAuthenticationPathPermitted", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, pkcs11_protected_authentication_path_permitted), 0 },
655 { "fido2UserPresencePermitted", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, fido2_user_presence_permitted), 0 },
656 { "fido2UserVerificationPermitted", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, fido2_user_verification_permitted), 0 },
657 {},
658 };
659
660 return json_dispatch(variant, secret_dispatch_table, flags, userdata);
661 }
662
663 static int dispatch_pkcs11_uri(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
664 char **s = userdata;
665 const char *n;
666 int r;
667
668 if (json_variant_is_null(variant)) {
669 *s = mfree(*s);
670 return 0;
671 }
672
673 if (!json_variant_is_string(variant))
674 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
675
676 n = json_variant_string(variant);
677 if (!pkcs11_uri_valid(n))
678 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid RFC7512 PKCS#11 URI.", strna(name));
679
680 r = free_and_strdup(s, n);
681 if (r < 0)
682 return json_log(variant, flags, r, "Failed to allocate string: %m");
683
684 return 0;
685 }
686
687 static int dispatch_pkcs11_uri_array(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
688 _cleanup_strv_free_ char **z = NULL;
689 char ***l = userdata;
690 JsonVariant *e;
691 int r;
692
693 if (json_variant_is_null(variant)) {
694 *l = strv_free(*l);
695 return 0;
696 }
697
698 if (json_variant_is_string(variant)) {
699 const char *n;
700
701 n = json_variant_string(variant);
702 if (!pkcs11_uri_valid(n))
703 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid RFC7512 PKCS#11 URI.", strna(name));
704
705 z = strv_new(n);
706 if (!z)
707 return log_oom();
708
709 } else {
710
711 if (!json_variant_is_array(variant))
712 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string or array of strings.", strna(name));
713
714 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
715 const char *n;
716
717 if (!json_variant_is_string(e))
718 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string.");
719
720 n = json_variant_string(e);
721 if (!pkcs11_uri_valid(n))
722 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element in '%s' is not a valid RFC7512 PKCS#11 URI: %s", strna(name), n);
723
724 r = strv_extend(&z, n);
725 if (r < 0)
726 return log_oom();
727 }
728 }
729
730 strv_free_and_replace(*l, z);
731 return 0;
732 }
733
734 static int dispatch_pkcs11_key_data(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
735 Pkcs11EncryptedKey *k = userdata;
736 size_t l;
737 void *b;
738 int r;
739
740 if (json_variant_is_null(variant)) {
741 k->data = erase_and_free(k->data);
742 k->size = 0;
743 return 0;
744 }
745
746 if (!json_variant_is_string(variant))
747 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
748
749 r = unbase64mem(json_variant_string(variant), SIZE_MAX, &b, &l);
750 if (r < 0)
751 return json_log(variant, flags, r, "Failed to decode encrypted PKCS#11 key: %m");
752
753 erase_and_free(k->data);
754 k->data = b;
755 k->size = l;
756
757 return 0;
758 }
759
760 static int dispatch_pkcs11_key(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
761 UserRecord *h = userdata;
762 JsonVariant *e;
763 int r;
764
765 if (!json_variant_is_array(variant))
766 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
767
768 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
769 Pkcs11EncryptedKey *array, *k;
770
771 static const JsonDispatch pkcs11_key_dispatch_table[] = {
772 { "uri", JSON_VARIANT_STRING, dispatch_pkcs11_uri, offsetof(Pkcs11EncryptedKey, uri), JSON_MANDATORY },
773 { "data", JSON_VARIANT_STRING, dispatch_pkcs11_key_data, 0, JSON_MANDATORY },
774 { "hashedPassword", JSON_VARIANT_STRING, json_dispatch_string, offsetof(Pkcs11EncryptedKey, hashed_password), JSON_MANDATORY },
775 {},
776 };
777
778 if (!json_variant_is_object(e))
779 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not an object.");
780
781 array = reallocarray(h->pkcs11_encrypted_key, h->n_pkcs11_encrypted_key + 1, sizeof(Pkcs11EncryptedKey));
782 if (!array)
783 return log_oom();
784
785 h->pkcs11_encrypted_key = array;
786 k = h->pkcs11_encrypted_key + h->n_pkcs11_encrypted_key;
787 *k = (Pkcs11EncryptedKey) {};
788
789 r = json_dispatch(e, pkcs11_key_dispatch_table, flags, k);
790 if (r < 0) {
791 pkcs11_encrypted_key_done(k);
792 return r;
793 }
794
795 h->n_pkcs11_encrypted_key++;
796 }
797
798 return 0;
799 }
800
801 static int dispatch_fido2_hmac_credential(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
802 Fido2HmacCredential *k = userdata;
803 size_t l;
804 void *b;
805 int r;
806
807 if (json_variant_is_null(variant)) {
808 k->id = mfree(k->id);
809 k->size = 0;
810 return 0;
811 }
812
813 if (!json_variant_is_string(variant))
814 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
815
816 r = unbase64mem(json_variant_string(variant), SIZE_MAX, &b, &l);
817 if (r < 0)
818 return json_log(variant, flags, r, "Failed to decode FIDO2 credential ID: %m");
819
820 free_and_replace(k->id, b);
821 k->size = l;
822
823 return 0;
824 }
825
826 static int dispatch_fido2_hmac_credential_array(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
827 UserRecord *h = userdata;
828 JsonVariant *e;
829 int r;
830
831 if (!json_variant_is_array(variant))
832 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of strings.", strna(name));
833
834 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
835 Fido2HmacCredential *array;
836 size_t l;
837 void *b;
838
839 if (!json_variant_is_string(e))
840 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string.");
841
842 array = reallocarray(h->fido2_hmac_credential, h->n_fido2_hmac_credential + 1, sizeof(Fido2HmacCredential));
843 if (!array)
844 return log_oom();
845
846 r = unbase64mem(json_variant_string(e), SIZE_MAX, &b, &l);
847 if (r < 0)
848 return json_log(variant, flags, r, "Failed to decode FIDO2 credential ID: %m");
849
850 h->fido2_hmac_credential = array;
851
852 h->fido2_hmac_credential[h->n_fido2_hmac_credential++] = (Fido2HmacCredential) {
853 .id = b,
854 .size = l,
855 };
856 }
857
858 return 0;
859 }
860
861 static int dispatch_fido2_hmac_salt_value(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
862 Fido2HmacSalt *k = userdata;
863 size_t l;
864 void *b;
865 int r;
866
867 if (json_variant_is_null(variant)) {
868 k->salt = erase_and_free(k->salt);
869 k->salt_size = 0;
870 return 0;
871 }
872
873 if (!json_variant_is_string(variant))
874 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
875
876 r = unbase64mem(json_variant_string(variant), SIZE_MAX, &b, &l);
877 if (r < 0)
878 return json_log(variant, flags, r, "Failed to decode FIDO2 salt: %m");
879
880 erase_and_free(k->salt);
881 k->salt = b;
882 k->salt_size = l;
883
884 return 0;
885 }
886
887 static int dispatch_fido2_hmac_salt(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
888 UserRecord *h = userdata;
889 JsonVariant *e;
890 int r;
891
892 if (!json_variant_is_array(variant))
893 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
894
895 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
896 Fido2HmacSalt *array, *k;
897
898 static const JsonDispatch fido2_hmac_salt_dispatch_table[] = {
899 { "credential", JSON_VARIANT_STRING, dispatch_fido2_hmac_credential, offsetof(Fido2HmacSalt, credential), JSON_MANDATORY },
900 { "salt", JSON_VARIANT_STRING, dispatch_fido2_hmac_salt_value, 0, JSON_MANDATORY },
901 { "hashedPassword", JSON_VARIANT_STRING, json_dispatch_string, offsetof(Fido2HmacSalt, hashed_password), JSON_MANDATORY },
902 { "up", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(Fido2HmacSalt, up), 0 },
903 { "uv", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(Fido2HmacSalt, uv), 0 },
904 { "clientPin", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(Fido2HmacSalt, client_pin), 0 },
905 {},
906 };
907
908 if (!json_variant_is_object(e))
909 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not an object.");
910
911 array = reallocarray(h->fido2_hmac_salt, h->n_fido2_hmac_salt + 1, sizeof(Fido2HmacSalt));
912 if (!array)
913 return log_oom();
914
915 h->fido2_hmac_salt = array;
916 k = h->fido2_hmac_salt + h->n_fido2_hmac_salt;
917 *k = (Fido2HmacSalt) {
918 .uv = -1,
919 .up = -1,
920 .client_pin = -1,
921 };
922
923 r = json_dispatch(e, fido2_hmac_salt_dispatch_table, flags, k);
924 if (r < 0) {
925 fido2_hmac_salt_done(k);
926 return r;
927 }
928
929 h->n_fido2_hmac_salt++;
930 }
931
932 return 0;
933 }
934
935 static int dispatch_recovery_key(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
936 UserRecord *h = userdata;
937 JsonVariant *e;
938 int r;
939
940 if (!json_variant_is_array(variant))
941 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
942
943 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
944 RecoveryKey *array, *k;
945
946 static const JsonDispatch recovery_key_dispatch_table[] = {
947 { "type", JSON_VARIANT_STRING, json_dispatch_string, 0, JSON_MANDATORY },
948 { "hashedPassword", JSON_VARIANT_STRING, json_dispatch_string, offsetof(RecoveryKey, hashed_password), JSON_MANDATORY },
949 {},
950 };
951
952 if (!json_variant_is_object(e))
953 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not an object.");
954
955 array = reallocarray(h->recovery_key, h->n_recovery_key + 1, sizeof(RecoveryKey));
956 if (!array)
957 return log_oom();
958
959 h->recovery_key = array;
960 k = h->recovery_key + h->n_recovery_key;
961 *k = (RecoveryKey) {};
962
963 r = json_dispatch(e, recovery_key_dispatch_table, flags, k);
964 if (r < 0) {
965 recovery_key_done(k);
966 return r;
967 }
968
969 h->n_recovery_key++;
970 }
971
972 return 0;
973 }
974
975 static int dispatch_auto_resize_mode(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
976 AutoResizeMode *mode = userdata, m;
977
978 assert_se(mode);
979
980 if (json_variant_is_null(variant)) {
981 *mode = _AUTO_RESIZE_MODE_INVALID;
982 return 0;
983 }
984
985 if (json_variant_is_boolean(variant)) {
986 *mode = json_variant_boolean(variant) ? AUTO_RESIZE_SHRINK_AND_GROW : AUTO_RESIZE_OFF;
987 return 0;
988 }
989
990 if (!json_variant_is_string(variant))
991 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string, boolean or null.", strna(name));
992
993 m = auto_resize_mode_from_string(json_variant_string(variant));
994 if (m < 0)
995 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid automatic resize mode.", strna(name));
996
997 *mode = m;
998 return 0;
999 }
1000
1001 static int dispatch_rebalance_weight(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1002 uint64_t *rebalance_weight = userdata;
1003 uintmax_t u;
1004
1005 assert_se(rebalance_weight);
1006
1007 if (json_variant_is_null(variant)) {
1008 *rebalance_weight = REBALANCE_WEIGHT_UNSET;
1009 return 0;
1010 }
1011
1012 if (json_variant_is_boolean(variant)) {
1013 *rebalance_weight = json_variant_boolean(variant) ? REBALANCE_WEIGHT_DEFAULT : REBALANCE_WEIGHT_OFF;
1014 return 0;
1015 }
1016
1017 if (!json_variant_is_unsigned(variant))
1018 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an unsigned integer, boolean or null.", strna(name));
1019
1020 u = json_variant_unsigned(variant);
1021 if (u >= REBALANCE_WEIGHT_MIN && u <= REBALANCE_WEIGHT_MAX)
1022 *rebalance_weight = (uint64_t) u;
1023 else if (u == 0)
1024 *rebalance_weight = REBALANCE_WEIGHT_OFF;
1025 else
1026 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE),
1027 "Rebalance weight is out of valid range %" PRIu64 "%s%" PRIu64 ".",
1028 REBALANCE_WEIGHT_MIN, special_glyph(SPECIAL_GLYPH_ELLIPSIS), REBALANCE_WEIGHT_MAX);
1029
1030 return 0;
1031 }
1032
1033 static int dispatch_privileged(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1034
1035 static const JsonDispatch privileged_dispatch_table[] = {
1036 { "passwordHint", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, password_hint), 0 },
1037 { "hashedPassword", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, hashed_password), JSON_SAFE },
1038 { "sshAuthorizedKeys", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, ssh_authorized_keys), 0 },
1039 { "pkcs11EncryptedKey", JSON_VARIANT_ARRAY, dispatch_pkcs11_key, 0, 0 },
1040 { "fido2HmacSalt", JSON_VARIANT_ARRAY, dispatch_fido2_hmac_salt, 0, 0 },
1041 { "recoveryKey", JSON_VARIANT_ARRAY, dispatch_recovery_key, 0, 0 },
1042 {},
1043 };
1044
1045 return json_dispatch(variant, privileged_dispatch_table, flags, userdata);
1046 }
1047
1048 static int dispatch_binding(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1049
1050 static const JsonDispatch binding_dispatch_table[] = {
1051 { "imagePath", JSON_VARIANT_STRING, json_dispatch_image_path, offsetof(UserRecord, image_path), 0 },
1052 { "homeDirectory", JSON_VARIANT_STRING, json_dispatch_home_directory, offsetof(UserRecord, home_directory), 0 },
1053 { "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 },
1054 { "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 },
1055 { "fileSystemUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, file_system_uuid), 0 },
1056 { "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 },
1057 { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 },
1058 { "storage", JSON_VARIANT_STRING, json_dispatch_storage, offsetof(UserRecord, storage), 0 },
1059 { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
1060 { "luksCipher", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher), JSON_SAFE },
1061 { "luksCipherMode", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher_mode), JSON_SAFE },
1062 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_volume_key_size), 0 },
1063 {},
1064 };
1065
1066 JsonVariant *m;
1067 sd_id128_t mid;
1068 int r;
1069
1070 if (!variant)
1071 return 0;
1072
1073 if (!json_variant_is_object(variant))
1074 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an object.", strna(name));
1075
1076 r = sd_id128_get_machine(&mid);
1077 if (r < 0)
1078 return json_log(variant, flags, r, "Failed to determine machine ID: %m");
1079
1080 m = json_variant_by_key(variant, SD_ID128_TO_STRING(mid));
1081 if (!m)
1082 return 0;
1083
1084 return json_dispatch(m, binding_dispatch_table, flags, userdata);
1085 }
1086
1087 int per_machine_id_match(JsonVariant *ids, JsonDispatchFlags flags) {
1088 sd_id128_t mid;
1089 int r;
1090
1091 r = sd_id128_get_machine(&mid);
1092 if (r < 0)
1093 return json_log(ids, flags, r, "Failed to acquire machine ID: %m");
1094
1095 if (json_variant_is_string(ids)) {
1096 sd_id128_t k;
1097
1098 r = sd_id128_from_string(json_variant_string(ids), &k);
1099 if (r < 0) {
1100 json_log(ids, flags, r, "%s is not a valid machine ID, ignoring: %m", json_variant_string(ids));
1101 return 0;
1102 }
1103
1104 return sd_id128_equal(mid, k);
1105 }
1106
1107 if (json_variant_is_array(ids)) {
1108 JsonVariant *e;
1109
1110 JSON_VARIANT_ARRAY_FOREACH(e, ids) {
1111 sd_id128_t k;
1112
1113 if (!json_variant_is_string(e)) {
1114 json_log(e, flags, 0, "Machine ID is not a string, ignoring: %m");
1115 continue;
1116 }
1117
1118 r = sd_id128_from_string(json_variant_string(e), &k);
1119 if (r < 0) {
1120 json_log(e, flags, r, "%s is not a valid machine ID, ignoring: %m", json_variant_string(e));
1121 continue;
1122 }
1123
1124 if (sd_id128_equal(mid, k))
1125 return true;
1126 }
1127
1128 return false;
1129 }
1130
1131 json_log(ids, flags, 0, "Machine ID is not a string or array of strings, ignoring: %m");
1132 return false;
1133 }
1134
1135 int per_machine_hostname_match(JsonVariant *hns, JsonDispatchFlags flags) {
1136 _cleanup_free_ char *hn = NULL;
1137 int r;
1138
1139 r = gethostname_strict(&hn);
1140 if (r == -ENXIO) {
1141 json_log(hns, flags, r, "No hostname set, not matching perMachine hostname record: %m");
1142 return false;
1143 }
1144 if (r < 0)
1145 return json_log(hns, flags, r, "Failed to acquire hostname: %m");
1146
1147 if (json_variant_is_string(hns))
1148 return streq(json_variant_string(hns), hn);
1149
1150 if (json_variant_is_array(hns)) {
1151 JsonVariant *e;
1152
1153 JSON_VARIANT_ARRAY_FOREACH(e, hns) {
1154
1155 if (!json_variant_is_string(e)) {
1156 json_log(e, flags, 0, "Hostname is not a string, ignoring: %m");
1157 continue;
1158 }
1159
1160 if (streq(json_variant_string(hns), hn))
1161 return true;
1162 }
1163
1164 return false;
1165 }
1166
1167 json_log(hns, flags, 0, "Hostname is not a string or array of strings, ignoring: %m");
1168 return false;
1169 }
1170
1171 static int dispatch_per_machine(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1172
1173 static const JsonDispatch per_machine_dispatch_table[] = {
1174 { "matchMachineId", _JSON_VARIANT_TYPE_INVALID, NULL, 0, 0 },
1175 { "matchHostname", _JSON_VARIANT_TYPE_INVALID, NULL, 0, 0 },
1176 { "iconName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, icon_name), JSON_SAFE },
1177 { "location", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, location), 0 },
1178 { "shell", JSON_VARIANT_STRING, json_dispatch_filename_or_path, offsetof(UserRecord, shell), 0 },
1179 { "umask", JSON_VARIANT_UNSIGNED, json_dispatch_umask, offsetof(UserRecord, umask), 0 },
1180 { "environment", JSON_VARIANT_ARRAY, json_dispatch_environment, offsetof(UserRecord, environment), 0 },
1181 { "timeZone", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, time_zone), JSON_SAFE },
1182 { "preferredLanguage", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, preferred_language), JSON_SAFE },
1183 { "niceLevel", _JSON_VARIANT_TYPE_INVALID, json_dispatch_nice, offsetof(UserRecord, nice_level), 0 },
1184 { "resourceLimits", _JSON_VARIANT_TYPE_INVALID, json_dispatch_rlimits, offsetof(UserRecord, rlimits), 0 },
1185 { "locked", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, locked), 0 },
1186 { "notBeforeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_before_usec), 0 },
1187 { "notAfterUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_after_usec), 0 },
1188 { "storage", JSON_VARIANT_STRING, json_dispatch_storage, offsetof(UserRecord, storage), 0 },
1189 { "diskSize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_size), 0 },
1190 { "diskSizeRelative", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_size_relative), 0 },
1191 { "skeletonDirectory", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, skeleton_directory), 0 },
1192 { "accessMode", JSON_VARIANT_UNSIGNED, json_dispatch_access_mode, offsetof(UserRecord, access_mode), 0 },
1193 { "tasksMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, tasks_max), 0 },
1194 { "memoryHigh", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_high), 0 },
1195 { "memoryMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_max), 0 },
1196 { "cpuWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, cpu_weight), 0 },
1197 { "ioWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, io_weight), 0 },
1198 { "mountNoDevices", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nodev), 0 },
1199 { "mountNoSuid", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nosuid), 0 },
1200 { "mountNoExecute", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, noexec), 0 },
1201 { "cifsDomain", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_domain), JSON_SAFE },
1202 { "cifsUserName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_user_name), JSON_SAFE },
1203 { "cifsService", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_service), JSON_SAFE },
1204 { "cifsExtraMountOptions", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_extra_mount_options), 0 },
1205 { "imagePath", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, image_path), 0 },
1206 { "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 },
1207 { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 },
1208 { "memberOf", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(UserRecord, member_of), JSON_RELAX},
1209 { "capabilityBoundingSet", JSON_VARIANT_ARRAY, json_dispatch_strv, offsetof(UserRecord, capability_bounding_set), JSON_SAFE },
1210 { "capabilityAmbientSet", JSON_VARIANT_ARRAY, json_dispatch_strv, offsetof(UserRecord, capability_ambient_set), JSON_SAFE },
1211 { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
1212 { "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 },
1213 { "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 },
1214 { "fileSystemUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, file_system_uuid), 0 },
1215 { "luksDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_discard), 0, },
1216 { "luksOfflineDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_offline_discard), 0, },
1217 { "luksCipher", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher), JSON_SAFE },
1218 { "luksCipherMode", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher_mode), JSON_SAFE },
1219 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_volume_key_size), 0 },
1220 { "luksPbkdfHashAlgorithm", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_hash_algorithm), JSON_SAFE },
1221 { "luksPbkdfType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_type), JSON_SAFE },
1222 { "luksPbkdfForceIterations", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_force_iterations), 0 },
1223 { "luksPbkdfTimeCostUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_time_cost_usec), 0 },
1224 { "luksPbkdfMemoryCost", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_memory_cost), 0 },
1225 { "luksPbkdfParallelThreads", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_parallel_threads), 0 },
1226 { "luksSectorSize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_sector_size), 0 },
1227 { "luksExtraMountOptions", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_extra_mount_options), 0 },
1228 { "dropCaches", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, drop_caches), 0 },
1229 { "autoResizeMode", _JSON_VARIANT_TYPE_INVALID, dispatch_auto_resize_mode, offsetof(UserRecord, auto_resize_mode), 0 },
1230 { "rebalanceWeight", _JSON_VARIANT_TYPE_INVALID, dispatch_rebalance_weight, offsetof(UserRecord, rebalance_weight), 0 },
1231 { "rateLimitIntervalUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_interval_usec), 0 },
1232 { "rateLimitBurst", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_burst), 0 },
1233 { "enforcePasswordPolicy", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, enforce_password_policy), 0 },
1234 { "autoLogin", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, auto_login), 0 },
1235 { "stopDelayUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, stop_delay_usec), 0 },
1236 { "killProcesses", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, kill_processes), 0 },
1237 { "passwordChangeMinUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_min_usec), 0 },
1238 { "passwordChangeMaxUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_max_usec), 0 },
1239 { "passwordChangeWarnUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_warn_usec), 0 },
1240 { "passwordChangeInactiveUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_inactive_usec), 0 },
1241 { "passwordChangeNow", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, password_change_now), 0 },
1242 { "pkcs11TokenUri", JSON_VARIANT_ARRAY, dispatch_pkcs11_uri_array, offsetof(UserRecord, pkcs11_token_uri), 0 },
1243 { "fido2HmacCredential", JSON_VARIANT_ARRAY, dispatch_fido2_hmac_credential_array, 0, 0 },
1244 {},
1245 };
1246
1247 JsonVariant *e;
1248 int r;
1249
1250 if (!variant)
1251 return 0;
1252
1253 if (!json_variant_is_array(variant))
1254 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array.", strna(name));
1255
1256 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
1257 bool matching = false;
1258 JsonVariant *m;
1259
1260 if (!json_variant_is_object(e))
1261 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
1262
1263 m = json_variant_by_key(e, "matchMachineId");
1264 if (m) {
1265 r = per_machine_id_match(m, flags);
1266 if (r < 0)
1267 return r;
1268
1269 matching = r > 0;
1270 }
1271
1272 if (!matching) {
1273 m = json_variant_by_key(e, "matchHostname");
1274 if (m) {
1275 r = per_machine_hostname_match(m, flags);
1276 if (r < 0)
1277 return r;
1278
1279 matching = r > 0;
1280 }
1281 }
1282
1283 if (!matching)
1284 continue;
1285
1286 r = json_dispatch(e, per_machine_dispatch_table, flags, userdata);
1287 if (r < 0)
1288 return r;
1289 }
1290
1291 return 0;
1292 }
1293
1294 static int dispatch_status(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1295
1296 static const JsonDispatch status_dispatch_table[] = {
1297 { "diskUsage", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_usage), 0 },
1298 { "diskFree", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_free), 0 },
1299 { "diskSize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_size), 0 },
1300 { "diskCeiling", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_ceiling), 0 },
1301 { "diskFloor", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_floor), 0 },
1302 { "state", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, state), JSON_SAFE },
1303 { "service", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, service), JSON_SAFE },
1304 { "signedLocally", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, signed_locally), 0 },
1305 { "goodAuthenticationCounter", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, good_authentication_counter), 0 },
1306 { "badAuthenticationCounter", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, bad_authentication_counter), 0 },
1307 { "lastGoodAuthenticationUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_good_authentication_usec), 0 },
1308 { "lastBadAuthenticationUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_bad_authentication_usec), 0 },
1309 { "rateLimitBeginUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_begin_usec), 0 },
1310 { "rateLimitCount", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_count), 0 },
1311 { "removable", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, removable), 0 },
1312 { "accessMode", JSON_VARIANT_UNSIGNED, json_dispatch_access_mode, offsetof(UserRecord, access_mode), 0 },
1313 { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
1314 {},
1315 };
1316
1317 JsonVariant *m;
1318 sd_id128_t mid;
1319 int r;
1320
1321 if (!variant)
1322 return 0;
1323
1324 if (!json_variant_is_object(variant))
1325 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an object.", strna(name));
1326
1327 r = sd_id128_get_machine(&mid);
1328 if (r < 0)
1329 return json_log(variant, flags, r, "Failed to determine machine ID: %m");
1330
1331 m = json_variant_by_key(variant, SD_ID128_TO_STRING(mid));
1332 if (!m)
1333 return 0;
1334
1335 return json_dispatch(m, status_dispatch_table, flags, userdata);
1336 }
1337
1338 int user_record_build_image_path(UserStorage storage, const char *user_name_and_realm, char **ret) {
1339 const char *suffix;
1340 char *z;
1341
1342 assert(storage >= 0);
1343 assert(user_name_and_realm);
1344 assert(ret);
1345
1346 if (storage == USER_LUKS)
1347 suffix = ".home";
1348 else if (IN_SET(storage, USER_DIRECTORY, USER_SUBVOLUME, USER_FSCRYPT))
1349 suffix = ".homedir";
1350 else {
1351 *ret = NULL;
1352 return 0;
1353 }
1354
1355 z = strjoin(get_home_root(), "/", user_name_and_realm, suffix);
1356 if (!z)
1357 return -ENOMEM;
1358
1359 *ret = path_simplify(z);
1360 return 1;
1361 }
1362
1363 static int user_record_augment(UserRecord *h, JsonDispatchFlags json_flags) {
1364 int r;
1365
1366 assert(h);
1367
1368 if (!FLAGS_SET(h->mask, USER_RECORD_REGULAR))
1369 return 0;
1370
1371 assert(h->user_name);
1372
1373 if (!h->user_name_and_realm_auto && h->realm) {
1374 h->user_name_and_realm_auto = strjoin(h->user_name, "@", h->realm);
1375 if (!h->user_name_and_realm_auto)
1376 return json_log_oom(h->json, json_flags);
1377 }
1378
1379 /* Let's add in the following automatisms only for regular users, they don't make sense for any others */
1380 if (user_record_disposition(h) != USER_REGULAR)
1381 return 0;
1382
1383 if (!h->home_directory && !h->home_directory_auto) {
1384 h->home_directory_auto = path_join(get_home_root(), h->user_name);
1385 if (!h->home_directory_auto)
1386 return json_log_oom(h->json, json_flags);
1387 }
1388
1389 if (!h->image_path && !h->image_path_auto) {
1390 r = user_record_build_image_path(user_record_storage(h), user_record_user_name_and_realm(h), &h->image_path_auto);
1391 if (r < 0)
1392 return json_log(h->json, json_flags, r, "Failed to determine default image path: %m");
1393 }
1394
1395 return 0;
1396 }
1397
1398 int user_group_record_mangle(
1399 JsonVariant *v,
1400 UserRecordLoadFlags load_flags,
1401 JsonVariant **ret_variant,
1402 UserRecordMask *ret_mask) {
1403
1404 static const struct {
1405 UserRecordMask mask;
1406 const char *name;
1407 } mask_field[] = {
1408 { USER_RECORD_PRIVILEGED, "privileged" },
1409 { USER_RECORD_SECRET, "secret" },
1410 { USER_RECORD_BINDING, "binding" },
1411 { USER_RECORD_PER_MACHINE, "perMachine" },
1412 { USER_RECORD_STATUS, "status" },
1413 { USER_RECORD_SIGNATURE, "signature" },
1414 };
1415
1416 JsonDispatchFlags json_flags = USER_RECORD_LOAD_FLAGS_TO_JSON_DISPATCH_FLAGS(load_flags);
1417 _cleanup_(json_variant_unrefp) JsonVariant *w = NULL;
1418 JsonVariant *array[ELEMENTSOF(mask_field) * 2];
1419 size_t n_retain = 0;
1420 UserRecordMask m = 0;
1421 int r;
1422
1423 assert((load_flags & _USER_RECORD_MASK_MAX) == 0); /* detect mistakes when accidentally passing
1424 * UserRecordMask bit masks as UserRecordLoadFlags
1425 * value */
1426
1427 assert(v);
1428 assert(ret_variant);
1429 assert(ret_mask);
1430
1431 /* Note that this function is shared with the group record parser, hence we try to be generic in our
1432 * log message wording here, to cover both cases. */
1433
1434 if (!json_variant_is_object(v))
1435 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record is not a JSON object, refusing.");
1436
1437 if (USER_RECORD_ALLOW_MASK(load_flags) == 0) /* allow nothing? */
1438 return json_log(v, json_flags, SYNTHETIC_ERRNO(EINVAL), "Nothing allowed in record, refusing.");
1439
1440 if (USER_RECORD_STRIP_MASK(load_flags) == _USER_RECORD_MASK_MAX) /* strip everything? */
1441 return json_log(v, json_flags, SYNTHETIC_ERRNO(EINVAL), "Stripping everything from record, refusing.");
1442
1443 /* Check if we have the special sections and if they match our flags set */
1444 for (size_t i = 0; i < ELEMENTSOF(mask_field); i++) {
1445 JsonVariant *e, *k;
1446
1447 if (FLAGS_SET(USER_RECORD_STRIP_MASK(load_flags), mask_field[i].mask)) {
1448 if (!w)
1449 w = json_variant_ref(v);
1450
1451 r = json_variant_filter(&w, STRV_MAKE(mask_field[i].name));
1452 if (r < 0)
1453 return json_log(w, json_flags, r, "Failed to remove field from variant: %m");
1454
1455 continue;
1456 }
1457
1458 e = json_variant_by_key_full(v, mask_field[i].name, &k);
1459 if (e) {
1460 if (!FLAGS_SET(USER_RECORD_ALLOW_MASK(load_flags), mask_field[i].mask))
1461 return json_log(e, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record contains '%s' field, which is not allowed.", mask_field[i].name);
1462
1463 if (FLAGS_SET(load_flags, USER_RECORD_STRIP_REGULAR)) {
1464 array[n_retain++] = k;
1465 array[n_retain++] = e;
1466 }
1467
1468 m |= mask_field[i].mask;
1469 } else {
1470 if (FLAGS_SET(USER_RECORD_REQUIRE_MASK(load_flags), mask_field[i].mask))
1471 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record lacks '%s' field, which is required.", mask_field[i].name);
1472 }
1473 }
1474
1475 if (FLAGS_SET(load_flags, USER_RECORD_STRIP_REGULAR)) {
1476 /* If we are supposed to strip regular items, then let's instead just allocate a new object
1477 * with just the stuff we need. */
1478
1479 w = json_variant_unref(w);
1480 r = json_variant_new_object(&w, array, n_retain);
1481 if (r < 0)
1482 return json_log(v, json_flags, r, "Failed to allocate new object: %m");
1483 } else
1484 /* And now check if there's anything else in the record */
1485 for (size_t i = 0; i < json_variant_elements(v); i += 2) {
1486 const char *f;
1487 bool special = false;
1488
1489 assert_se(f = json_variant_string(json_variant_by_index(v, i)));
1490
1491 for (size_t j = 0; j < ELEMENTSOF(mask_field); j++)
1492 if (streq(f, mask_field[j].name)) { /* already covered in the loop above */
1493 special = true;
1494 continue;
1495 }
1496
1497 if (!special) {
1498 if ((load_flags & (USER_RECORD_ALLOW_REGULAR|USER_RECORD_REQUIRE_REGULAR)) == 0)
1499 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record contains '%s' field, which is not allowed.", f);
1500
1501 m |= USER_RECORD_REGULAR;
1502 break;
1503 }
1504 }
1505
1506 if (FLAGS_SET(load_flags, USER_RECORD_REQUIRE_REGULAR) && !FLAGS_SET(m, USER_RECORD_REGULAR))
1507 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record lacks basic identity fields, which are required.");
1508
1509 if (!FLAGS_SET(load_flags, USER_RECORD_EMPTY_OK) && m == 0)
1510 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record is empty.");
1511
1512 if (w)
1513 *ret_variant = TAKE_PTR(w);
1514 else
1515 *ret_variant = json_variant_ref(v);
1516
1517 *ret_mask = m;
1518 return 0;
1519 }
1520
1521 int user_record_load(UserRecord *h, JsonVariant *v, UserRecordLoadFlags load_flags) {
1522
1523 static const JsonDispatch user_dispatch_table[] = {
1524 { "userName", JSON_VARIANT_STRING, json_dispatch_user_group_name, offsetof(UserRecord, user_name), JSON_RELAX},
1525 { "realm", JSON_VARIANT_STRING, json_dispatch_realm, offsetof(UserRecord, realm), 0 },
1526 { "realName", JSON_VARIANT_STRING, json_dispatch_gecos, offsetof(UserRecord, real_name), 0 },
1527 { "emailAddress", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, email_address), JSON_SAFE },
1528 { "iconName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, icon_name), JSON_SAFE },
1529 { "location", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, location), 0 },
1530 { "disposition", JSON_VARIANT_STRING, json_dispatch_user_disposition, offsetof(UserRecord, disposition), 0 },
1531 { "lastChangeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_change_usec), 0 },
1532 { "lastPasswordChangeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_password_change_usec), 0 },
1533 { "shell", JSON_VARIANT_STRING, json_dispatch_filename_or_path, offsetof(UserRecord, shell), 0 },
1534 { "umask", JSON_VARIANT_UNSIGNED, json_dispatch_umask, offsetof(UserRecord, umask), 0 },
1535 { "environment", JSON_VARIANT_ARRAY, json_dispatch_environment, offsetof(UserRecord, environment), 0 },
1536 { "timeZone", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, time_zone), JSON_SAFE },
1537 { "preferredLanguage", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, preferred_language), JSON_SAFE },
1538 { "niceLevel", _JSON_VARIANT_TYPE_INVALID, json_dispatch_nice, offsetof(UserRecord, nice_level), 0 },
1539 { "resourceLimits", _JSON_VARIANT_TYPE_INVALID, json_dispatch_rlimits, offsetof(UserRecord, rlimits), 0 },
1540 { "locked", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, locked), 0 },
1541 { "notBeforeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_before_usec), 0 },
1542 { "notAfterUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_after_usec), 0 },
1543 { "storage", JSON_VARIANT_STRING, json_dispatch_storage, offsetof(UserRecord, storage), 0 },
1544 { "diskSize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_size), 0 },
1545 { "diskSizeRelative", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_size_relative), 0 },
1546 { "skeletonDirectory", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, skeleton_directory), 0 },
1547 { "accessMode", JSON_VARIANT_UNSIGNED, json_dispatch_access_mode, offsetof(UserRecord, access_mode), 0 },
1548 { "tasksMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, tasks_max), 0 },
1549 { "memoryHigh", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_high), 0 },
1550 { "memoryMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_max), 0 },
1551 { "cpuWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, cpu_weight), 0 },
1552 { "ioWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, io_weight), 0 },
1553 { "mountNoDevices", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nodev), 0 },
1554 { "mountNoSuid", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nosuid), 0 },
1555 { "mountNoExecute", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, noexec), 0 },
1556 { "cifsDomain", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_domain), JSON_SAFE },
1557 { "cifsUserName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_user_name), JSON_SAFE },
1558 { "cifsService", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_service), JSON_SAFE },
1559 { "cifsExtraMountOptions", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_extra_mount_options), 0 },
1560 { "imagePath", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, image_path), 0 },
1561 { "homeDirectory", JSON_VARIANT_STRING, json_dispatch_home_directory, offsetof(UserRecord, home_directory), 0 },
1562 { "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 },
1563 { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 },
1564 { "memberOf", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(UserRecord, member_of), JSON_RELAX},
1565 { "capabilityBoundingSet", JSON_VARIANT_ARRAY, json_dispatch_strv, offsetof(UserRecord, capability_bounding_set), JSON_SAFE },
1566 { "capabilityAmbientSet", JSON_VARIANT_ARRAY, json_dispatch_strv, offsetof(UserRecord, capability_ambient_set), JSON_SAFE },
1567 { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
1568 { "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 },
1569 { "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 },
1570 { "fileSystemUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, file_system_uuid), 0 },
1571 { "luksDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_discard), 0 },
1572 { "luksOfflineDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_offline_discard), 0 },
1573 { "luksCipher", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher), JSON_SAFE },
1574 { "luksCipherMode", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher_mode), JSON_SAFE },
1575 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_volume_key_size), 0 },
1576 { "luksPbkdfHashAlgorithm", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_hash_algorithm), JSON_SAFE },
1577 { "luksPbkdfType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_type), JSON_SAFE },
1578 { "luksPbkdfForceIterations", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_force_iterations), 0 },
1579 { "luksPbkdfTimeCostUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_time_cost_usec), 0 },
1580 { "luksPbkdfMemoryCost", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_memory_cost), 0 },
1581 { "luksPbkdfParallelThreads", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_parallel_threads), 0 },
1582 { "luksSectorSize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_sector_size), 0 },
1583 { "luksExtraMountOptions", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_extra_mount_options), 0 },
1584 { "dropCaches", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, drop_caches), 0 },
1585 { "autoResizeMode", _JSON_VARIANT_TYPE_INVALID, dispatch_auto_resize_mode, offsetof(UserRecord, auto_resize_mode), 0 },
1586 { "rebalanceWeight", _JSON_VARIANT_TYPE_INVALID, dispatch_rebalance_weight, offsetof(UserRecord, rebalance_weight), 0 },
1587 { "service", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, service), JSON_SAFE },
1588 { "rateLimitIntervalUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_interval_usec), 0 },
1589 { "rateLimitBurst", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_burst), 0 },
1590 { "enforcePasswordPolicy", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, enforce_password_policy), 0 },
1591 { "autoLogin", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, auto_login), 0 },
1592 { "stopDelayUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, stop_delay_usec), 0 },
1593 { "killProcesses", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, kill_processes), 0 },
1594 { "passwordChangeMinUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_min_usec), 0 },
1595 { "passwordChangeMaxUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_max_usec), 0 },
1596 { "passwordChangeWarnUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_warn_usec), 0 },
1597 { "passwordChangeInactiveUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_inactive_usec), 0 },
1598 { "passwordChangeNow", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, password_change_now), 0 },
1599 { "pkcs11TokenUri", JSON_VARIANT_ARRAY, dispatch_pkcs11_uri_array, offsetof(UserRecord, pkcs11_token_uri), 0 },
1600 { "fido2HmacCredential", JSON_VARIANT_ARRAY, dispatch_fido2_hmac_credential_array, 0, 0 },
1601 { "recoveryKeyType", JSON_VARIANT_ARRAY, json_dispatch_strv, offsetof(UserRecord, recovery_key_type), 0 },
1602
1603 { "secret", JSON_VARIANT_OBJECT, dispatch_secret, 0, 0 },
1604 { "privileged", JSON_VARIANT_OBJECT, dispatch_privileged, 0, 0 },
1605
1606 /* Ignore the perMachine, binding, status stuff here, and process it later, so that it overrides whatever is set above */
1607 { "perMachine", JSON_VARIANT_ARRAY, NULL, 0, 0 },
1608 { "binding", JSON_VARIANT_OBJECT, NULL, 0, 0 },
1609 { "status", JSON_VARIANT_OBJECT, NULL, 0, 0 },
1610
1611 /* Ignore 'signature', we check it with explicit accessors instead */
1612 { "signature", JSON_VARIANT_ARRAY, NULL, 0, 0 },
1613 {},
1614 };
1615
1616 JsonDispatchFlags json_flags = USER_RECORD_LOAD_FLAGS_TO_JSON_DISPATCH_FLAGS(load_flags);
1617 int r;
1618
1619 assert(h);
1620 assert(!h->json);
1621
1622 /* Note that this call will leave a half-initialized record around on failure! */
1623
1624 r = user_group_record_mangle(v, load_flags, &h->json, &h->mask);
1625 if (r < 0)
1626 return r;
1627
1628 r = json_dispatch(h->json, user_dispatch_table, json_flags, h);
1629 if (r < 0)
1630 return r;
1631
1632 /* During the parsing operation above we ignored the 'perMachine', 'binding' and 'status' fields,
1633 * since we want them to override the global options. Let's process them now. */
1634
1635 r = dispatch_per_machine("perMachine", json_variant_by_key(h->json, "perMachine"), json_flags, h);
1636 if (r < 0)
1637 return r;
1638
1639 r = dispatch_binding("binding", json_variant_by_key(h->json, "binding"), json_flags, h);
1640 if (r < 0)
1641 return r;
1642
1643 r = dispatch_status("status", json_variant_by_key(h->json, "status"), json_flags, h);
1644 if (r < 0)
1645 return r;
1646
1647 if (FLAGS_SET(h->mask, USER_RECORD_REGULAR) && !h->user_name)
1648 return json_log(h->json, json_flags, SYNTHETIC_ERRNO(EINVAL), "User name field missing, refusing.");
1649
1650 r = user_record_augment(h, json_flags);
1651 if (r < 0)
1652 return r;
1653
1654 return 0;
1655 }
1656
1657 int user_record_build(UserRecord **ret, ...) {
1658 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1659 _cleanup_(user_record_unrefp) UserRecord *u = NULL;
1660 va_list ap;
1661 int r;
1662
1663 assert(ret);
1664
1665 va_start(ap, ret);
1666 r = json_buildv(&v, ap);
1667 va_end(ap);
1668
1669 if (r < 0)
1670 return r;
1671
1672 u = user_record_new();
1673 if (!u)
1674 return -ENOMEM;
1675
1676 r = user_record_load(u, v, USER_RECORD_LOAD_FULL);
1677 if (r < 0)
1678 return r;
1679
1680 *ret = TAKE_PTR(u);
1681 return 0;
1682 }
1683
1684 const char *user_record_user_name_and_realm(UserRecord *h) {
1685 assert(h);
1686
1687 /* Return the pre-initialized joined string if it is defined */
1688 if (h->user_name_and_realm_auto)
1689 return h->user_name_and_realm_auto;
1690
1691 /* If it's not defined then we cannot have a realm */
1692 assert(!h->realm);
1693 return h->user_name;
1694 }
1695
1696 UserStorage user_record_storage(UserRecord *h) {
1697 assert(h);
1698
1699 if (h->storage >= 0)
1700 return h->storage;
1701
1702 return USER_CLASSIC;
1703 }
1704
1705 const char *user_record_file_system_type(UserRecord *h) {
1706 assert(h);
1707
1708 return h->file_system_type ?: "btrfs";
1709 }
1710
1711 const char *user_record_skeleton_directory(UserRecord *h) {
1712 assert(h);
1713
1714 return h->skeleton_directory ?: "/etc/skel";
1715 }
1716
1717 mode_t user_record_access_mode(UserRecord *h) {
1718 assert(h);
1719
1720 return h->access_mode != MODE_INVALID ? h->access_mode : 0700;
1721 }
1722
1723 const char* user_record_home_directory(UserRecord *h) {
1724 assert(h);
1725
1726 if (h->home_directory)
1727 return h->home_directory;
1728 if (h->home_directory_auto)
1729 return h->home_directory_auto;
1730
1731 /* The root user is special, hence be special about it */
1732 if (streq_ptr(h->user_name, "root"))
1733 return "/root";
1734
1735 return "/";
1736 }
1737
1738 const char *user_record_image_path(UserRecord *h) {
1739 assert(h);
1740
1741 if (h->image_path)
1742 return h->image_path;
1743 if (h->image_path_auto)
1744 return h->image_path_auto;
1745
1746 return IN_SET(user_record_storage(h), USER_CLASSIC, USER_DIRECTORY, USER_SUBVOLUME, USER_FSCRYPT) ? user_record_home_directory(h) : NULL;
1747 }
1748
1749 const char *user_record_cifs_user_name(UserRecord *h) {
1750 assert(h);
1751
1752 return h->cifs_user_name ?: h->user_name;
1753 }
1754
1755 unsigned long user_record_mount_flags(UserRecord *h) {
1756 assert(h);
1757
1758 return (h->nosuid ? MS_NOSUID : 0) |
1759 (h->noexec ? MS_NOEXEC : 0) |
1760 (h->nodev ? MS_NODEV : 0);
1761 }
1762
1763 const char *user_record_shell(UserRecord *h) {
1764 assert(h);
1765
1766 if (h->shell)
1767 return h->shell;
1768
1769 if (streq_ptr(h->user_name, "root"))
1770 return "/bin/sh";
1771
1772 if (user_record_disposition(h) == USER_REGULAR)
1773 return DEFAULT_USER_SHELL;
1774
1775 return NOLOGIN;
1776 }
1777
1778 const char *user_record_real_name(UserRecord *h) {
1779 assert(h);
1780
1781 return h->real_name ?: h->user_name;
1782 }
1783
1784 bool user_record_luks_discard(UserRecord *h) {
1785 const char *ip;
1786
1787 assert(h);
1788
1789 if (h->luks_discard >= 0)
1790 return h->luks_discard;
1791
1792 ip = user_record_image_path(h);
1793 if (!ip)
1794 return false;
1795
1796 /* Use discard by default if we are referring to a real block device, but not when operating on a
1797 * loopback device. We want to optimize for SSD and flash storage after all, but we should be careful
1798 * when storing stuff on top of regular file systems in loopback files as doing discard then would
1799 * mean thin provisioning and we should not do that willy-nilly since it means we'll risk EIO later
1800 * on should the disk space to back our file systems not be available. */
1801
1802 return path_startswith(ip, "/dev/");
1803 }
1804
1805 bool user_record_luks_offline_discard(UserRecord *h) {
1806 const char *ip;
1807
1808 assert(h);
1809
1810 if (h->luks_offline_discard >= 0)
1811 return h->luks_offline_discard;
1812
1813 /* Discard while we are logged out should generally be a good idea, except when operating directly on
1814 * physical media, where we should just bind it to the online discard mode. */
1815
1816 ip = user_record_image_path(h);
1817 if (!ip)
1818 return false;
1819
1820 if (path_startswith(ip, "/dev/"))
1821 return user_record_luks_discard(h);
1822
1823 return true;
1824 }
1825
1826 const char *user_record_luks_cipher(UserRecord *h) {
1827 assert(h);
1828
1829 return h->luks_cipher ?: "aes";
1830 }
1831
1832 const char *user_record_luks_cipher_mode(UserRecord *h) {
1833 assert(h);
1834
1835 return h->luks_cipher_mode ?: "xts-plain64";
1836 }
1837
1838 uint64_t user_record_luks_volume_key_size(UserRecord *h) {
1839 assert(h);
1840
1841 /* We return a value here that can be cast without loss into size_t which is what libcrypsetup expects */
1842
1843 if (h->luks_volume_key_size == UINT64_MAX)
1844 return 256 / 8;
1845
1846 return MIN(h->luks_volume_key_size, SIZE_MAX);
1847 }
1848
1849 const char* user_record_luks_pbkdf_type(UserRecord *h) {
1850 assert(h);
1851
1852 return h->luks_pbkdf_type ?: "argon2id";
1853 }
1854
1855 uint64_t user_record_luks_pbkdf_force_iterations(UserRecord *h) {
1856 assert(h);
1857
1858 /* propagate default "benchmark" mode as itself */
1859 if (h->luks_pbkdf_force_iterations == UINT64_MAX)
1860 return UINT64_MAX;
1861
1862 /* clamp everything else to actually accepted number of iterations of libcryptsetup */
1863 return CLAMP(h->luks_pbkdf_force_iterations, 1U, UINT32_MAX);
1864 }
1865
1866 uint64_t user_record_luks_pbkdf_time_cost_usec(UserRecord *h) {
1867 assert(h);
1868
1869 /* Returns a value with ms granularity, since that's what libcryptsetup expects */
1870
1871 if (h->luks_pbkdf_time_cost_usec == UINT64_MAX)
1872 return 500 * USEC_PER_MSEC; /* We default to 500ms, in contrast to libcryptsetup's 2s, which is just awfully slow on every login */
1873
1874 return MIN(DIV_ROUND_UP(h->luks_pbkdf_time_cost_usec, USEC_PER_MSEC), UINT32_MAX) * USEC_PER_MSEC;
1875 }
1876
1877 uint64_t user_record_luks_pbkdf_memory_cost(UserRecord *h) {
1878 assert(h);
1879
1880 /* Returns a value with kb granularity, since that's what libcryptsetup expects */
1881 if (h->luks_pbkdf_memory_cost == UINT64_MAX)
1882 return streq(user_record_luks_pbkdf_type(h), "pbkdf2") ? 0 : /* doesn't apply for simple pbkdf2 */
1883 64*1024*1024; /* We default to 64M, since this should work on smaller systems too */
1884
1885 return MIN(DIV_ROUND_UP(h->luks_pbkdf_memory_cost, 1024), UINT32_MAX) * 1024;
1886 }
1887
1888 uint64_t user_record_luks_pbkdf_parallel_threads(UserRecord *h) {
1889 assert(h);
1890
1891 if (h->luks_pbkdf_parallel_threads == UINT64_MAX)
1892 return streq(user_record_luks_pbkdf_type(h), "pbkdf2") ? 0 : /* doesn't apply for simple pbkdf2 */
1893 1; /* We default to 1, since this should work on smaller systems too */
1894
1895 return MIN(h->luks_pbkdf_parallel_threads, UINT32_MAX);
1896 }
1897
1898 uint64_t user_record_luks_sector_size(UserRecord *h) {
1899 assert(h);
1900
1901 if (h->luks_sector_size == UINT64_MAX)
1902 return 512;
1903
1904 /* Allow up to 4K due to dm-crypt support and 4K alignment by the homed LUKS backend */
1905 return CLAMP(UINT64_C(1) << (63 - __builtin_clzl(h->luks_sector_size)), 512U, 4096U);
1906 }
1907
1908 const char *user_record_luks_pbkdf_hash_algorithm(UserRecord *h) {
1909 assert(h);
1910
1911 return h->luks_pbkdf_hash_algorithm ?: "sha512";
1912 }
1913
1914 gid_t user_record_gid(UserRecord *h) {
1915 assert(h);
1916
1917 if (gid_is_valid(h->gid))
1918 return h->gid;
1919
1920 return (gid_t) h->uid;
1921 }
1922
1923 UserDisposition user_record_disposition(UserRecord *h) {
1924 assert(h);
1925
1926 if (h->disposition >= 0)
1927 return h->disposition;
1928
1929 /* If not declared, derive from UID */
1930
1931 if (!uid_is_valid(h->uid))
1932 return _USER_DISPOSITION_INVALID;
1933
1934 if (h->uid == 0 || h->uid == UID_NOBODY)
1935 return USER_INTRINSIC;
1936
1937 if (uid_is_system(h->uid))
1938 return USER_SYSTEM;
1939
1940 if (uid_is_dynamic(h->uid))
1941 return USER_DYNAMIC;
1942
1943 if (uid_is_container(h->uid))
1944 return USER_CONTAINER;
1945
1946 if (h->uid > INT32_MAX)
1947 return USER_RESERVED;
1948
1949 return USER_REGULAR;
1950 }
1951
1952 int user_record_removable(UserRecord *h) {
1953 UserStorage storage;
1954 assert(h);
1955
1956 if (h->removable >= 0)
1957 return h->removable;
1958
1959 /* Refuse to decide for classic records */
1960 storage = user_record_storage(h);
1961 if (h->storage < 0 || h->storage == USER_CLASSIC)
1962 return -1;
1963
1964 /* For now consider only LUKS home directories with a reference by path as removable */
1965 return storage == USER_LUKS && path_startswith(user_record_image_path(h), "/dev/");
1966 }
1967
1968 uint64_t user_record_ratelimit_interval_usec(UserRecord *h) {
1969 assert(h);
1970
1971 if (h->ratelimit_interval_usec == UINT64_MAX)
1972 return DEFAULT_RATELIMIT_INTERVAL_USEC;
1973
1974 return h->ratelimit_interval_usec;
1975 }
1976
1977 uint64_t user_record_ratelimit_burst(UserRecord *h) {
1978 assert(h);
1979
1980 if (h->ratelimit_burst == UINT64_MAX)
1981 return DEFAULT_RATELIMIT_BURST;
1982
1983 return h->ratelimit_burst;
1984 }
1985
1986 bool user_record_can_authenticate(UserRecord *h) {
1987 assert(h);
1988
1989 /* Returns true if there's some form of property configured that the user can authenticate against */
1990
1991 if (h->n_pkcs11_encrypted_key > 0)
1992 return true;
1993
1994 if (h->n_fido2_hmac_salt > 0)
1995 return true;
1996
1997 return !strv_isempty(h->hashed_password);
1998 }
1999
2000 bool user_record_drop_caches(UserRecord *h) {
2001 assert(h);
2002
2003 if (h->drop_caches >= 0)
2004 return h->drop_caches;
2005
2006 /* By default drop caches on fscrypt, not otherwise. */
2007 return user_record_storage(h) == USER_FSCRYPT;
2008 }
2009
2010 AutoResizeMode user_record_auto_resize_mode(UserRecord *h) {
2011 assert(h);
2012
2013 if (h->auto_resize_mode >= 0)
2014 return h->auto_resize_mode;
2015
2016 return user_record_storage(h) == USER_LUKS ? AUTO_RESIZE_SHRINK_AND_GROW : AUTO_RESIZE_OFF;
2017 }
2018
2019 uint64_t user_record_rebalance_weight(UserRecord *h) {
2020 assert(h);
2021
2022 if (h->rebalance_weight == REBALANCE_WEIGHT_UNSET)
2023 return REBALANCE_WEIGHT_DEFAULT;
2024
2025 return h->rebalance_weight;
2026 }
2027
2028 static uint64_t parse_caps_strv(char **l) {
2029 uint64_t c = 0;
2030 int r;
2031
2032 STRV_FOREACH(i, l) {
2033 r = capability_from_name(*i);
2034 if (r < 0)
2035 log_debug_errno(r, "Don't know capability '%s', ignoring: %m", *i);
2036 else
2037 c |= UINT64_C(1) << r;
2038 }
2039
2040 return c;
2041 }
2042
2043 uint64_t user_record_capability_bounding_set(UserRecord *h) {
2044 assert(h);
2045
2046 /* Returns UINT64_MAX if no bounding set is configured (!) */
2047
2048 if (!h->capability_bounding_set)
2049 return UINT64_MAX;
2050
2051 return parse_caps_strv(h->capability_bounding_set);
2052 }
2053
2054 uint64_t user_record_capability_ambient_set(UserRecord *h) {
2055 assert(h);
2056
2057 /* Returns UINT64_MAX if no ambient set is configured (!) */
2058
2059 if (!h->capability_ambient_set)
2060 return UINT64_MAX;
2061
2062 return parse_caps_strv(h->capability_ambient_set) & user_record_capability_bounding_set(h);
2063 }
2064
2065 uint64_t user_record_ratelimit_next_try(UserRecord *h) {
2066 assert(h);
2067
2068 /* Calculates when the it's possible to login next. Returns:
2069 *
2070 * UINT64_MAX → Nothing known
2071 * 0 → Right away
2072 * Any other → Next time in CLOCK_REALTIME in usec (which could be in the past)
2073 */
2074
2075 if (h->ratelimit_begin_usec == UINT64_MAX ||
2076 h->ratelimit_count == UINT64_MAX)
2077 return UINT64_MAX;
2078
2079 if (h->ratelimit_begin_usec > now(CLOCK_REALTIME)) /* If the ratelimit time is in the future, then
2080 * the local clock is probably incorrect. Let's
2081 * not refuse login then. */
2082 return UINT64_MAX;
2083
2084 if (h->ratelimit_count < user_record_ratelimit_burst(h))
2085 return 0;
2086
2087 return usec_add(h->ratelimit_begin_usec, user_record_ratelimit_interval_usec(h));
2088 }
2089
2090 bool user_record_equal(UserRecord *a, UserRecord *b) {
2091 assert(a);
2092 assert(b);
2093
2094 /* We assume that when a record is modified its JSON data is updated at the same time, hence it's
2095 * sufficient to compare the JSON data. */
2096
2097 return json_variant_equal(a->json, b->json);
2098 }
2099
2100 bool user_record_compatible(UserRecord *a, UserRecord *b) {
2101 assert(a);
2102 assert(b);
2103
2104 /* If either lacks the regular section, we can't really decide, let's hence say they are
2105 * incompatible. */
2106 if (!(a->mask & b->mask & USER_RECORD_REGULAR))
2107 return false;
2108
2109 return streq_ptr(a->user_name, b->user_name) &&
2110 streq_ptr(a->realm, b->realm);
2111 }
2112
2113 int user_record_compare_last_change(UserRecord *a, UserRecord *b) {
2114 assert(a);
2115 assert(b);
2116
2117 if (a->last_change_usec == b->last_change_usec)
2118 return 0;
2119
2120 /* Always consider a record with a timestamp newer than one without */
2121 if (a->last_change_usec == UINT64_MAX)
2122 return -1;
2123 if (b->last_change_usec == UINT64_MAX)
2124 return 1;
2125
2126 return CMP(a->last_change_usec, b->last_change_usec);
2127 }
2128
2129 int user_record_clone(UserRecord *h, UserRecordLoadFlags flags, UserRecord **ret) {
2130 _cleanup_(user_record_unrefp) UserRecord *c = NULL;
2131 int r;
2132
2133 assert(h);
2134 assert(ret);
2135
2136 c = user_record_new();
2137 if (!c)
2138 return -ENOMEM;
2139
2140 r = user_record_load(c, h->json, flags);
2141 if (r < 0)
2142 return r;
2143
2144 *ret = TAKE_PTR(c);
2145 return 0;
2146 }
2147
2148 int user_record_masked_equal(UserRecord *a, UserRecord *b, UserRecordMask mask) {
2149 _cleanup_(user_record_unrefp) UserRecord *x = NULL, *y = NULL;
2150 int r;
2151
2152 assert(a);
2153 assert(b);
2154
2155 /* Compares the two records, but ignores anything not listed in the specified mask */
2156
2157 if ((a->mask & ~mask) != 0) {
2158 r = user_record_clone(a, USER_RECORD_ALLOW(mask) | USER_RECORD_STRIP(~mask & _USER_RECORD_MASK_MAX) | USER_RECORD_PERMISSIVE, &x);
2159 if (r < 0)
2160 return r;
2161
2162 a = x;
2163 }
2164
2165 if ((b->mask & ~mask) != 0) {
2166 r = user_record_clone(b, USER_RECORD_ALLOW(mask) | USER_RECORD_STRIP(~mask & _USER_RECORD_MASK_MAX) | USER_RECORD_PERMISSIVE, &y);
2167 if (r < 0)
2168 return r;
2169
2170 b = y;
2171 }
2172
2173 return user_record_equal(a, b);
2174 }
2175
2176 int user_record_test_blocked(UserRecord *h) {
2177 usec_t n;
2178
2179 /* Checks whether access to the specified user shall be allowed at the moment. Returns:
2180 *
2181 * -ESTALE: Record is from the future
2182 * -ENOLCK: Record is blocked
2183 * -EL2HLT: Record is not valid yet
2184 * -EL3HLT: Record is not valid anymore
2185 *
2186 */
2187
2188 assert(h);
2189
2190 if (h->locked > 0)
2191 return -ENOLCK;
2192
2193 n = now(CLOCK_REALTIME);
2194
2195 if (h->not_before_usec != UINT64_MAX && n < h->not_before_usec)
2196 return -EL2HLT;
2197 if (h->not_after_usec != UINT64_MAX && n > h->not_after_usec)
2198 return -EL3HLT;
2199
2200 if (h->last_change_usec != UINT64_MAX &&
2201 h->last_change_usec > n) /* Complain during log-ins when the record is from the future */
2202 return -ESTALE;
2203
2204 return 0;
2205 }
2206
2207 int user_record_test_password_change_required(UserRecord *h) {
2208 bool change_permitted;
2209 usec_t n;
2210
2211 assert(h);
2212
2213 /* Checks whether the user must change the password when logging in
2214
2215 -EKEYREVOKED: Change password now because admin said so
2216 -EOWNERDEAD: Change password now because it expired
2217 -EKEYREJECTED: Password is expired, no changing is allowed
2218 -EKEYEXPIRED: Password is about to expire, warn user
2219 -ENETDOWN: Record has expiration info but no password change timestamp
2220 -EROFS: No password change required nor permitted
2221 -ESTALE: RTC likely incorrect, last password change is in the future
2222 0: No password change required, but permitted
2223 */
2224
2225 /* If a password change request has been set explicitly, it overrides everything */
2226 if (h->password_change_now > 0)
2227 return -EKEYREVOKED;
2228
2229 n = now(CLOCK_REALTIME);
2230
2231 /* Password change in the future? Then our RTC is likely incorrect */
2232 if (h->last_password_change_usec != UINT64_MAX &&
2233 h->last_password_change_usec > n &&
2234 (h->password_change_min_usec != UINT64_MAX ||
2235 h->password_change_max_usec != UINT64_MAX ||
2236 h->password_change_inactive_usec != UINT64_MAX))
2237 return -ESTALE;
2238
2239 /* Then, let's check if password changing is currently allowed at all */
2240 if (h->password_change_min_usec != UINT64_MAX) {
2241
2242 /* Expiry configured but no password change timestamp known? */
2243 if (h->last_password_change_usec == UINT64_MAX)
2244 return -ENETDOWN;
2245
2246 if (h->password_change_min_usec >= UINT64_MAX - h->last_password_change_usec)
2247 change_permitted = false;
2248 else
2249 change_permitted = n >= h->last_password_change_usec + h->password_change_min_usec;
2250
2251 } else
2252 change_permitted = true;
2253
2254 /* Let's check whether the password has expired. */
2255 if (!(h->password_change_max_usec == UINT64_MAX ||
2256 h->password_change_max_usec >= UINT64_MAX - h->last_password_change_usec)) {
2257
2258 uint64_t change_before;
2259
2260 /* Expiry configured but no password change timestamp known? */
2261 if (h->last_password_change_usec == UINT64_MAX)
2262 return -ENETDOWN;
2263
2264 /* Password is in inactive phase? */
2265 if (h->password_change_inactive_usec != UINT64_MAX &&
2266 h->password_change_inactive_usec < UINT64_MAX - h->password_change_max_usec) {
2267 usec_t added;
2268
2269 added = h->password_change_inactive_usec + h->password_change_max_usec;
2270 if (added < UINT64_MAX - h->last_password_change_usec &&
2271 n >= h->last_password_change_usec + added)
2272 return -EKEYREJECTED;
2273 }
2274
2275 /* Password needs to be changed now? */
2276 change_before = h->last_password_change_usec + h->password_change_max_usec;
2277 if (n >= change_before)
2278 return change_permitted ? -EOWNERDEAD : -EKEYREJECTED;
2279
2280 /* Warn user? */
2281 if (h->password_change_warn_usec != UINT64_MAX &&
2282 (change_before < h->password_change_warn_usec ||
2283 n >= change_before - h->password_change_warn_usec))
2284 return change_permitted ? -EKEYEXPIRED : -EROFS;
2285 }
2286
2287 /* No password changing necessary */
2288 return change_permitted ? 0 : -EROFS;
2289 }
2290
2291 static const char* const user_storage_table[_USER_STORAGE_MAX] = {
2292 [USER_CLASSIC] = "classic",
2293 [USER_LUKS] = "luks",
2294 [USER_DIRECTORY] = "directory",
2295 [USER_SUBVOLUME] = "subvolume",
2296 [USER_FSCRYPT] = "fscrypt",
2297 [USER_CIFS] = "cifs",
2298 };
2299
2300 DEFINE_STRING_TABLE_LOOKUP(user_storage, UserStorage);
2301
2302 static const char* const user_disposition_table[_USER_DISPOSITION_MAX] = {
2303 [USER_INTRINSIC] = "intrinsic",
2304 [USER_SYSTEM] = "system",
2305 [USER_DYNAMIC] = "dynamic",
2306 [USER_REGULAR] = "regular",
2307 [USER_CONTAINER] = "container",
2308 [USER_RESERVED] = "reserved",
2309 };
2310
2311 DEFINE_STRING_TABLE_LOOKUP(user_disposition, UserDisposition);
2312
2313 static const char* const auto_resize_mode_table[_AUTO_RESIZE_MODE_MAX] = {
2314 [AUTO_RESIZE_OFF] = "off",
2315 [AUTO_RESIZE_GROW] = "grow",
2316 [AUTO_RESIZE_SHRINK_AND_GROW] = "shrink-and-grow",
2317 };
2318
2319 DEFINE_STRING_TABLE_LOOKUP(auto_resize_mode, AutoResizeMode);
Unnamed repository; edit this file 'description' to name the repository.