]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/shared/user-record.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
basic: spit out chase_symlinks() from fs-util.[ch] → chase-symlinks.[ch]
[thirdparty/systemd.git] / src / shared / user-record.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <sys/mount.h>
4
5 #include "cgroup-util.h"
6 #include "chase-symlinks.h"
7 #include "dns-domain.h"
8 #include "env-util.h"
9 #include "fd-util.h"
10 #include "fileio.h"
11 #include "fs-util.h"
12 #include "hexdecoct.h"
13 #include "hostname-util.h"
14 #include "memory-util.h"
15 #include "path-util.h"
16 #include "pkcs11-util.h"
17 #include "rlimit-util.h"
18 #include "stat-util.h"
19 #include "string-table.h"
20 #include "strv.h"
21 #include "user-record.h"
22 #include "user-util.h"
23
24 #define DEFAULT_RATELIMIT_BURST 30
25 #define DEFAULT_RATELIMIT_INTERVAL_USEC (1*USEC_PER_MINUTE)
26
27 #if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES
28 static int parse_alloc_uid(const char *path, const char *name, const char *t, uid_t *ret_uid) {
29 uid_t uid;
30 int r;
31
32 r = parse_uid(t, &uid);
33 if (r < 0)
34 return log_debug_errno(r, "%s: failed to parse %s %s, ignoring: %m", path, name, t);
35 if (uid == 0)
36 uid = 1;
37
38 *ret_uid = uid;
39 return 0;
40 }
41 #endif
42
43 int read_login_defs(UGIDAllocationRange *ret_defs, const char *path, const char *root) {
44 UGIDAllocationRange defs = {
45 .system_alloc_uid_min = SYSTEM_ALLOC_UID_MIN,
46 .system_uid_max = SYSTEM_UID_MAX,
47 .system_alloc_gid_min = SYSTEM_ALLOC_GID_MIN,
48 .system_gid_max = SYSTEM_GID_MAX,
49 };
50
51 #if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES
52 _cleanup_fclose_ FILE *f = NULL;
53 int r;
54
55 if (!path)
56 path = "/etc/login.defs";
57
58 r = chase_symlinks_and_fopen_unlocked(path, root, CHASE_PREFIX_ROOT, "re", &f, NULL);
59 if (r == -ENOENT)
60 goto assign;
61 if (r < 0)
62 return log_debug_errno(r, "Failed to open %s: %m", path);
63
64 for (;;) {
65 _cleanup_free_ char *line = NULL;
66 char *t;
67
68 r = read_line(f, LINE_MAX, &line);
69 if (r < 0)
70 return log_debug_errno(r, "Failed to read %s: %m", path);
71 if (r == 0)
72 break;
73
74 if ((t = first_word(line, "SYS_UID_MIN")))
75 (void) parse_alloc_uid(path, "SYS_UID_MIN", t, &defs.system_alloc_uid_min);
76 else if ((t = first_word(line, "SYS_UID_MAX")))
77 (void) parse_alloc_uid(path, "SYS_UID_MAX", t, &defs.system_uid_max);
78 else if ((t = first_word(line, "SYS_GID_MIN")))
79 (void) parse_alloc_uid(path, "SYS_GID_MIN", t, &defs.system_alloc_gid_min);
80 else if ((t = first_word(line, "SYS_GID_MAX")))
81 (void) parse_alloc_uid(path, "SYS_GID_MAX", t, &defs.system_gid_max);
82 }
83
84 assign:
85 if (defs.system_alloc_uid_min > defs.system_uid_max) {
86 log_debug("%s: SYS_UID_MIN > SYS_UID_MAX, resetting.", path);
87 defs.system_alloc_uid_min = MIN(defs.system_uid_max - 1, (uid_t) SYSTEM_ALLOC_UID_MIN);
88 /* Look at sys_uid_max to make sure sys_uid_min..sys_uid_max remains a valid range. */
89 }
90 if (defs.system_alloc_gid_min > defs.system_gid_max) {
91 log_debug("%s: SYS_GID_MIN > SYS_GID_MAX, resetting.", path);
92 defs.system_alloc_gid_min = MIN(defs.system_gid_max - 1, (gid_t) SYSTEM_ALLOC_GID_MIN);
93 /* Look at sys_gid_max to make sure sys_gid_min..sys_gid_max remains a valid range. */
94 }
95 #endif
96
97 *ret_defs = defs;
98 return 0;
99 }
100
101 const UGIDAllocationRange *acquire_ugid_allocation_range(void) {
102 #if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES
103 static thread_local UGIDAllocationRange defs = {
104 #else
105 static const UGIDAllocationRange defs = {
106 #endif
107 .system_alloc_uid_min = SYSTEM_ALLOC_UID_MIN,
108 .system_uid_max = SYSTEM_UID_MAX,
109 .system_alloc_gid_min = SYSTEM_ALLOC_GID_MIN,
110 .system_gid_max = SYSTEM_GID_MAX,
111 };
112
113 #if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES
114 /* This function will ignore failure to read the file, so it should only be called from places where
115 * we don't crucially depend on the answer. In other words, it's appropriate for journald, but
116 * probably not for sysusers. */
117
118 static thread_local bool initialized = false;
119
120 if (!initialized) {
121 (void) read_login_defs(&defs, NULL, NULL);
122 initialized = true;
123 }
124 #endif
125
126 return &defs;
127 }
128
129 bool uid_is_system(uid_t uid) {
130 const UGIDAllocationRange *defs;
131 assert_se(defs = acquire_ugid_allocation_range());
132
133 return uid <= defs->system_uid_max;
134 }
135
136 bool gid_is_system(gid_t gid) {
137 const UGIDAllocationRange *defs;
138 assert_se(defs = acquire_ugid_allocation_range());
139
140 return gid <= defs->system_gid_max;
141 }
142
143 UserRecord* user_record_new(void) {
144 UserRecord *h;
145
146 h = new(UserRecord, 1);
147 if (!h)
148 return NULL;
149
150 *h = (UserRecord) {
151 .n_ref = 1,
152 .disposition = _USER_DISPOSITION_INVALID,
153 .last_change_usec = UINT64_MAX,
154 .last_password_change_usec = UINT64_MAX,
155 .umask = MODE_INVALID,
156 .nice_level = INT_MAX,
157 .not_before_usec = UINT64_MAX,
158 .not_after_usec = UINT64_MAX,
159 .locked = -1,
160 .storage = _USER_STORAGE_INVALID,
161 .access_mode = MODE_INVALID,
162 .disk_size = UINT64_MAX,
163 .disk_size_relative = UINT64_MAX,
164 .tasks_max = UINT64_MAX,
165 .memory_high = UINT64_MAX,
166 .memory_max = UINT64_MAX,
167 .cpu_weight = UINT64_MAX,
168 .io_weight = UINT64_MAX,
169 .uid = UID_INVALID,
170 .gid = GID_INVALID,
171 .nodev = true,
172 .nosuid = true,
173 .luks_discard = -1,
174 .luks_offline_discard = -1,
175 .luks_volume_key_size = UINT64_MAX,
176 .luks_pbkdf_time_cost_usec = UINT64_MAX,
177 .luks_pbkdf_memory_cost = UINT64_MAX,
178 .luks_pbkdf_parallel_threads = UINT64_MAX,
179 .disk_usage = UINT64_MAX,
180 .disk_free = UINT64_MAX,
181 .disk_ceiling = UINT64_MAX,
182 .disk_floor = UINT64_MAX,
183 .signed_locally = -1,
184 .good_authentication_counter = UINT64_MAX,
185 .bad_authentication_counter = UINT64_MAX,
186 .last_good_authentication_usec = UINT64_MAX,
187 .last_bad_authentication_usec = UINT64_MAX,
188 .ratelimit_begin_usec = UINT64_MAX,
189 .ratelimit_count = UINT64_MAX,
190 .ratelimit_interval_usec = UINT64_MAX,
191 .ratelimit_burst = UINT64_MAX,
192 .removable = -1,
193 .enforce_password_policy = -1,
194 .auto_login = -1,
195 .stop_delay_usec = UINT64_MAX,
196 .kill_processes = -1,
197 .password_change_min_usec = UINT64_MAX,
198 .password_change_max_usec = UINT64_MAX,
199 .password_change_warn_usec = UINT64_MAX,
200 .password_change_inactive_usec = UINT64_MAX,
201 .password_change_now = -1,
202 .pkcs11_protected_authentication_path_permitted = -1,
203 .fido2_user_presence_permitted = -1,
204 .fido2_user_verification_permitted = -1,
205 };
206
207 return h;
208 }
209
210 static void pkcs11_encrypted_key_done(Pkcs11EncryptedKey *k) {
211 if (!k)
212 return;
213
214 free(k->uri);
215 erase_and_free(k->data);
216 erase_and_free(k->hashed_password);
217 }
218
219 static void fido2_hmac_credential_done(Fido2HmacCredential *c) {
220 if (!c)
221 return;
222
223 free(c->id);
224 }
225
226 static void fido2_hmac_salt_done(Fido2HmacSalt *s) {
227 if (!s)
228 return;
229
230 fido2_hmac_credential_done(&s->credential);
231 erase_and_free(s->salt);
232 erase_and_free(s->hashed_password);
233 }
234
235 static void recovery_key_done(RecoveryKey *k) {
236 if (!k)
237 return;
238
239 free(k->type);
240 erase_and_free(k->hashed_password);
241 }
242
243 static UserRecord* user_record_free(UserRecord *h) {
244 if (!h)
245 return NULL;
246
247 free(h->user_name);
248 free(h->realm);
249 free(h->user_name_and_realm_auto);
250 free(h->real_name);
251 free(h->email_address);
252 erase_and_free(h->password_hint);
253 free(h->location);
254 free(h->icon_name);
255
256 free(h->shell);
257
258 strv_free(h->environment);
259 free(h->time_zone);
260 free(h->preferred_language);
261 rlimit_free_all(h->rlimits);
262
263 free(h->skeleton_directory);
264
265 strv_free_erase(h->hashed_password);
266 strv_free_erase(h->ssh_authorized_keys);
267 strv_free_erase(h->password);
268 strv_free_erase(h->token_pin);
269
270 free(h->cifs_service);
271 free(h->cifs_user_name);
272 free(h->cifs_domain);
273
274 free(h->image_path);
275 free(h->image_path_auto);
276 free(h->home_directory);
277 free(h->home_directory_auto);
278
279 strv_free(h->member_of);
280
281 free(h->file_system_type);
282 free(h->luks_cipher);
283 free(h->luks_cipher_mode);
284 free(h->luks_pbkdf_hash_algorithm);
285 free(h->luks_pbkdf_type);
286
287 free(h->state);
288 free(h->service);
289
290 strv_free(h->pkcs11_token_uri);
291 for (size_t i = 0; i < h->n_pkcs11_encrypted_key; i++)
292 pkcs11_encrypted_key_done(h->pkcs11_encrypted_key + i);
293 free(h->pkcs11_encrypted_key);
294
295 for (size_t i = 0; i < h->n_fido2_hmac_credential; i++)
296 fido2_hmac_credential_done(h->fido2_hmac_credential + i);
297 for (size_t i = 0; i < h->n_fido2_hmac_salt; i++)
298 fido2_hmac_salt_done(h->fido2_hmac_salt + i);
299
300 strv_free(h->recovery_key_type);
301 for (size_t i = 0; i < h->n_recovery_key; i++)
302 recovery_key_done(h->recovery_key + i);
303
304 json_variant_unref(h->json);
305
306 return mfree(h);
307 }
308
309 DEFINE_TRIVIAL_REF_UNREF_FUNC(UserRecord, user_record, user_record_free);
310
311 int json_dispatch_realm(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
312 char **s = userdata;
313 const char *n;
314 int r;
315
316 if (json_variant_is_null(variant)) {
317 *s = mfree(*s);
318 return 0;
319 }
320
321 if (!json_variant_is_string(variant))
322 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
323
324 n = json_variant_string(variant);
325 r = dns_name_is_valid(n);
326 if (r < 0)
327 return json_log(variant, flags, r, "Failed to check if JSON field '%s' is a valid DNS domain.", strna(name));
328 if (r == 0)
329 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid DNS domain.", strna(name));
330
331 r = free_and_strdup(s, n);
332 if (r < 0)
333 return json_log(variant, flags, r, "Failed to allocate string: %m");
334
335 return 0;
336 }
337
338 int json_dispatch_gecos(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
339 char **s = userdata;
340 const char *n;
341
342 if (json_variant_is_null(variant)) {
343 *s = mfree(*s);
344 return 0;
345 }
346
347 if (!json_variant_is_string(variant))
348 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
349
350 n = json_variant_string(variant);
351 if (valid_gecos(n)) {
352 if (free_and_strdup(s, n) < 0)
353 return json_log_oom(variant, flags);
354 } else {
355 _cleanup_free_ char *m = NULL;
356
357 json_log(variant, flags|JSON_DEBUG, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid GECOS compatible string, mangling.", strna(name));
358
359 m = mangle_gecos(n);
360 if (!m)
361 return json_log_oom(variant, flags);
362
363 free_and_replace(*s, m);
364 }
365
366 return 0;
367 }
368
369 static int json_dispatch_nice(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
370 int *nl = userdata;
371 intmax_t m;
372
373 if (json_variant_is_null(variant)) {
374 *nl = INT_MAX;
375 return 0;
376 }
377
378 if (!json_variant_is_integer(variant))
379 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
380
381 m = json_variant_integer(variant);
382 if (m < PRIO_MIN || m >= PRIO_MAX)
383 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not a valid nice level.", strna(name));
384
385 *nl = m;
386 return 0;
387 }
388
389 static int json_dispatch_rlimit_value(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
390 rlim_t *ret = userdata;
391
392 if (json_variant_is_null(variant))
393 *ret = RLIM_INFINITY;
394 else if (json_variant_is_unsigned(variant)) {
395 uintmax_t w;
396
397 w = json_variant_unsigned(variant);
398 if (w == RLIM_INFINITY || (uintmax_t) w != json_variant_unsigned(variant))
399 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "Resource limit value '%s' is out of range.", name);
400
401 *ret = (rlim_t) w;
402 } else
403 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit value '%s' is not an unsigned integer.", name);
404
405 return 0;
406 }
407
408 static int json_dispatch_rlimits(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
409 struct rlimit** limits = userdata;
410 JsonVariant *value;
411 const char *key;
412 int r;
413
414 assert_se(limits);
415
416 if (json_variant_is_null(variant)) {
417 rlimit_free_all(limits);
418 return 0;
419 }
420
421 if (!json_variant_is_object(variant))
422 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an object.", strna(name));
423
424 JSON_VARIANT_OBJECT_FOREACH(key, value, variant) {
425 JsonVariant *jcur, *jmax;
426 struct rlimit rl;
427 const char *p;
428 int l;
429
430 p = startswith(key, "RLIMIT_");
431 if (!p)
432 l = -SYNTHETIC_ERRNO(EINVAL);
433 else
434 l = rlimit_from_string(p);
435 if (l < 0)
436 return json_log(variant, flags, l, "Resource limit '%s' not known.", key);
437
438 if (!json_variant_is_object(value))
439 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' has invalid value.", key);
440
441 if (json_variant_elements(value) != 4)
442 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' value is does not have two fields as expected.", key);
443
444 jcur = json_variant_by_key(value, "cur");
445 if (!jcur)
446 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' lacks 'cur' field.", key);
447 r = json_dispatch_rlimit_value("cur", jcur, flags, &rl.rlim_cur);
448 if (r < 0)
449 return r;
450
451 jmax = json_variant_by_key(value, "max");
452 if (!jmax)
453 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' lacks 'max' field.", key);
454 r = json_dispatch_rlimit_value("max", jmax, flags, &rl.rlim_max);
455 if (r < 0)
456 return r;
457
458 if (limits[l])
459 *(limits[l]) = rl;
460 else {
461 limits[l] = newdup(struct rlimit, &rl, 1);
462 if (!limits[l])
463 return log_oom();
464 }
465 }
466
467 return 0;
468 }
469
470 static int json_dispatch_filename_or_path(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
471 char **s = userdata;
472 const char *n;
473 int r;
474
475 assert(s);
476
477 if (json_variant_is_null(variant)) {
478 *s = mfree(*s);
479 return 0;
480 }
481
482 if (!json_variant_is_string(variant))
483 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
484
485 n = json_variant_string(variant);
486 if (!filename_is_valid(n) && !path_is_normalized(n))
487 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid file name or normalized path.", strna(name));
488
489 r = free_and_strdup(s, n);
490 if (r < 0)
491 return json_log(variant, flags, r, "Failed to allocate string: %m");
492
493 return 0;
494 }
495
496 static int json_dispatch_path(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
497 char **s = userdata;
498 const char *n;
499 int r;
500
501 if (json_variant_is_null(variant)) {
502 *s = mfree(*s);
503 return 0;
504 }
505
506 if (!json_variant_is_string(variant))
507 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
508
509 n = json_variant_string(variant);
510 if (!path_is_normalized(n))
511 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a normalized file system path.", strna(name));
512 if (!path_is_absolute(n))
513 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an absolute file system path.", strna(name));
514
515 r = free_and_strdup(s, n);
516 if (r < 0)
517 return json_log(variant, flags, r, "Failed to allocate string: %m");
518
519 return 0;
520 }
521
522 static int json_dispatch_home_directory(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
523 char **s = userdata;
524 const char *n;
525 int r;
526
527 if (json_variant_is_null(variant)) {
528 *s = mfree(*s);
529 return 0;
530 }
531
532 if (!json_variant_is_string(variant))
533 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
534
535 n = json_variant_string(variant);
536 if (!valid_home(n))
537 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid home directory path.", strna(name));
538
539 r = free_and_strdup(s, n);
540 if (r < 0)
541 return json_log(variant, flags, r, "Failed to allocate string: %m");
542
543 return 0;
544 }
545
546 static int json_dispatch_image_path(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
547 char **s = userdata;
548 const char *n;
549 int r;
550
551 if (json_variant_is_null(variant)) {
552 *s = mfree(*s);
553 return 0;
554 }
555
556 if (!json_variant_is_string(variant))
557 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
558
559 n = json_variant_string(variant);
560 if (empty_or_root(n) || !path_is_valid(n) || !path_is_absolute(n))
561 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid image path.", strna(name));
562
563 r = free_and_strdup(s, n);
564 if (r < 0)
565 return json_log(variant, flags, r, "Failed to allocate string: %m");
566
567 return 0;
568 }
569
570 static int json_dispatch_umask(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
571 mode_t *m = userdata;
572 uintmax_t k;
573
574 if (json_variant_is_null(variant)) {
575 *m = MODE_INVALID;
576 return 0;
577 }
578
579 if (!json_variant_is_unsigned(variant))
580 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a number.", strna(name));
581
582 k = json_variant_unsigned(variant);
583 if (k > 0777)
584 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' outside of valid range 0…0777.", strna(name));
585
586 *m = (mode_t) k;
587 return 0;
588 }
589
590 static int json_dispatch_access_mode(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
591 mode_t *m = userdata;
592 uintmax_t k;
593
594 if (json_variant_is_null(variant)) {
595 *m = MODE_INVALID;
596 return 0;
597 }
598
599 if (!json_variant_is_unsigned(variant))
600 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a number.", strna(name));
601
602 k = json_variant_unsigned(variant);
603 if (k > 07777)
604 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' outside of valid range 0…07777.", strna(name));
605
606 *m = (mode_t) k;
607 return 0;
608 }
609
610 static int json_dispatch_environment(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
611 _cleanup_strv_free_ char **n = NULL;
612 char ***l = userdata;
613 int r;
614
615 if (json_variant_is_null(variant)) {
616 *l = strv_free(*l);
617 return 0;
618 }
619
620 if (!json_variant_is_array(variant))
621 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array.", strna(name));
622
623 for (size_t i = 0; i < json_variant_elements(variant); i++) {
624 JsonVariant *e;
625 const char *a;
626
627 e = json_variant_by_index(variant, i);
628 if (!json_variant_is_string(e))
629 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of strings.", strna(name));
630
631 assert_se(a = json_variant_string(e));
632
633 if (!env_assignment_is_valid(a))
634 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of environment variables.", strna(name));
635
636 r = strv_env_replace_strdup(&n, a);
637 if (r < 0)
638 return json_log_oom(variant, flags);
639 }
640
641 return strv_free_and_replace(*l, n);
642 }
643
644 int json_dispatch_user_disposition(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
645 UserDisposition *disposition = userdata, k;
646
647 if (json_variant_is_null(variant)) {
648 *disposition = _USER_DISPOSITION_INVALID;
649 return 0;
650 }
651
652 if (!json_variant_is_string(variant))
653 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
654
655 k = user_disposition_from_string(json_variant_string(variant));
656 if (k < 0)
657 return json_log(variant, flags, k, "Disposition type '%s' not known.", json_variant_string(variant));
658
659 *disposition = k;
660 return 0;
661 }
662
663 static int json_dispatch_storage(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
664 UserStorage *storage = userdata, k;
665
666 if (json_variant_is_null(variant)) {
667 *storage = _USER_STORAGE_INVALID;
668 return 0;
669 }
670
671 if (!json_variant_is_string(variant))
672 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
673
674 k = user_storage_from_string(json_variant_string(variant));
675 if (k < 0)
676 return json_log(variant, flags, k, "Storage type '%s' not known.", json_variant_string(variant));
677
678 *storage = k;
679 return 0;
680 }
681
682 static int json_dispatch_disk_size(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
683 uint64_t *size = userdata;
684 uintmax_t k;
685
686 if (json_variant_is_null(variant)) {
687 *size = UINT64_MAX;
688 return 0;
689 }
690
691 if (!json_variant_is_unsigned(variant))
692 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an integer.", strna(name));
693
694 k = json_variant_unsigned(variant);
695 if (k < USER_DISK_SIZE_MIN || k > USER_DISK_SIZE_MAX)
696 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not in valid range %" PRIu64 "…%" PRIu64 ".", strna(name), USER_DISK_SIZE_MIN, USER_DISK_SIZE_MAX);
697
698 *size = k;
699 return 0;
700 }
701
702 static int json_dispatch_tasks_or_memory_max(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
703 uint64_t *limit = userdata;
704 uintmax_t k;
705
706 if (json_variant_is_null(variant)) {
707 *limit = UINT64_MAX;
708 return 0;
709 }
710
711 if (!json_variant_is_unsigned(variant))
712 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an integer.", strna(name));
713
714 k = json_variant_unsigned(variant);
715 if (k <= 0 || k >= UINT64_MAX)
716 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not in valid range %" PRIu64 "…%" PRIu64 ".", strna(name), (uint64_t) 1, UINT64_MAX-1);
717
718 *limit = k;
719 return 0;
720 }
721
722 static int json_dispatch_weight(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
723 uint64_t *weight = userdata;
724 uintmax_t k;
725
726 if (json_variant_is_null(variant)) {
727 *weight = UINT64_MAX;
728 return 0;
729 }
730
731 if (!json_variant_is_unsigned(variant))
732 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an integer.", strna(name));
733
734 k = json_variant_unsigned(variant);
735 if (k <= CGROUP_WEIGHT_MIN || k >= CGROUP_WEIGHT_MAX)
736 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not in valid range %" PRIu64 "…%" PRIu64 ".", strna(name), (uint64_t) CGROUP_WEIGHT_MIN, (uint64_t) CGROUP_WEIGHT_MAX);
737
738 *weight = k;
739 return 0;
740 }
741
742 int json_dispatch_user_group_list(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
743 _cleanup_strv_free_ char **l = NULL;
744 char ***list = userdata;
745 JsonVariant *e;
746 int r;
747
748 if (!json_variant_is_array(variant))
749 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of strings.", strna(name));
750
751 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
752
753 if (!json_variant_is_string(e))
754 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string.");
755
756 if (!valid_user_group_name(json_variant_string(e), FLAGS_SET(flags, JSON_RELAX) ? VALID_USER_RELAX : 0))
757 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a valid user/group name: %s", json_variant_string(e));
758
759 r = strv_extend(&l, json_variant_string(e));
760 if (r < 0)
761 return json_log(e, flags, r, "Failed to append array element: %m");
762 }
763
764 r = strv_extend_strv(list, l, true);
765 if (r < 0)
766 return json_log(variant, flags, r, "Failed to merge user/group arrays: %m");
767
768 return 0;
769 }
770
771 static int dispatch_secret(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
772
773 static const JsonDispatch secret_dispatch_table[] = {
774 { "password", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, password), 0 },
775 { "tokenPin", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, token_pin), 0 },
776 { "pkcs11Pin", /* legacy alias */ _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, token_pin), 0 },
777 { "pkcs11ProtectedAuthenticationPathPermitted", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, pkcs11_protected_authentication_path_permitted), 0 },
778 { "fido2UserPresencePermitted", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, fido2_user_presence_permitted), 0 },
779 { "fido2UserVerificationPermitted", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, fido2_user_verification_permitted), 0 },
780 {},
781 };
782
783 return json_dispatch(variant, secret_dispatch_table, NULL, flags, userdata);
784 }
785
786 static int dispatch_pkcs11_uri(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
787 char **s = userdata;
788 const char *n;
789 int r;
790
791 if (json_variant_is_null(variant)) {
792 *s = mfree(*s);
793 return 0;
794 }
795
796 if (!json_variant_is_string(variant))
797 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
798
799 n = json_variant_string(variant);
800 if (!pkcs11_uri_valid(n))
801 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid RFC7512 PKCS#11 URI.", strna(name));
802
803 r = free_and_strdup(s, n);
804 if (r < 0)
805 return json_log(variant, flags, r, "Failed to allocate string: %m");
806
807 return 0;
808 }
809
810 static int dispatch_pkcs11_uri_array(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
811 _cleanup_strv_free_ char **z = NULL;
812 char ***l = userdata;
813 JsonVariant *e;
814 int r;
815
816 if (json_variant_is_null(variant)) {
817 *l = strv_free(*l);
818 return 0;
819 }
820
821 if (json_variant_is_string(variant)) {
822 const char *n;
823
824 n = json_variant_string(variant);
825 if (!pkcs11_uri_valid(n))
826 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid RFC7512 PKCS#11 URI.", strna(name));
827
828 z = strv_new(n);
829 if (!z)
830 return log_oom();
831
832 } else {
833
834 if (!json_variant_is_array(variant))
835 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string or array of strings.", strna(name));
836
837 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
838 const char *n;
839
840 if (!json_variant_is_string(e))
841 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string.");
842
843 n = json_variant_string(e);
844 if (!pkcs11_uri_valid(n))
845 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element in '%s' is not a valid RFC7512 PKCS#11 URI: %s", strna(name), n);
846
847 r = strv_extend(&z, n);
848 if (r < 0)
849 return log_oom();
850 }
851 }
852
853 strv_free_and_replace(*l, z);
854 return 0;
855 }
856
857 static int dispatch_pkcs11_key_data(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
858 Pkcs11EncryptedKey *k = userdata;
859 size_t l;
860 void *b;
861 int r;
862
863 if (json_variant_is_null(variant)) {
864 k->data = erase_and_free(k->data);
865 k->size = 0;
866 return 0;
867 }
868
869 if (!json_variant_is_string(variant))
870 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
871
872 r = unbase64mem(json_variant_string(variant), SIZE_MAX, &b, &l);
873 if (r < 0)
874 return json_log(variant, flags, r, "Failed to decode encrypted PKCS#11 key: %m");
875
876 erase_and_free(k->data);
877 k->data = b;
878 k->size = l;
879
880 return 0;
881 }
882
883 static int dispatch_pkcs11_key(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
884 UserRecord *h = userdata;
885 JsonVariant *e;
886 int r;
887
888 if (!json_variant_is_array(variant))
889 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
890
891 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
892 Pkcs11EncryptedKey *array, *k;
893
894 static const JsonDispatch pkcs11_key_dispatch_table[] = {
895 { "uri", JSON_VARIANT_STRING, dispatch_pkcs11_uri, offsetof(Pkcs11EncryptedKey, uri), JSON_MANDATORY },
896 { "data", JSON_VARIANT_STRING, dispatch_pkcs11_key_data, 0, JSON_MANDATORY },
897 { "hashedPassword", JSON_VARIANT_STRING, json_dispatch_string, offsetof(Pkcs11EncryptedKey, hashed_password), JSON_MANDATORY },
898 {},
899 };
900
901 if (!json_variant_is_object(e))
902 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not an object.");
903
904 array = reallocarray(h->pkcs11_encrypted_key, h->n_pkcs11_encrypted_key + 1, sizeof(Pkcs11EncryptedKey));
905 if (!array)
906 return log_oom();
907
908 h->pkcs11_encrypted_key = array;
909 k = h->pkcs11_encrypted_key + h->n_pkcs11_encrypted_key;
910 *k = (Pkcs11EncryptedKey) {};
911
912 r = json_dispatch(e, pkcs11_key_dispatch_table, NULL, flags, k);
913 if (r < 0) {
914 pkcs11_encrypted_key_done(k);
915 return r;
916 }
917
918 h->n_pkcs11_encrypted_key++;
919 }
920
921 return 0;
922 }
923
924 static int dispatch_fido2_hmac_credential(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
925 Fido2HmacCredential *k = userdata;
926 size_t l;
927 void *b;
928 int r;
929
930 if (json_variant_is_null(variant)) {
931 k->id = mfree(k->id);
932 k->size = 0;
933 return 0;
934 }
935
936 if (!json_variant_is_string(variant))
937 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
938
939 r = unbase64mem(json_variant_string(variant), SIZE_MAX, &b, &l);
940 if (r < 0)
941 return json_log(variant, flags, r, "Failed to decode FIDO2 credential ID: %m");
942
943 free_and_replace(k->id, b);
944 k->size = l;
945
946 return 0;
947 }
948
949 static int dispatch_fido2_hmac_credential_array(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
950 UserRecord *h = userdata;
951 JsonVariant *e;
952 int r;
953
954 if (!json_variant_is_array(variant))
955 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of strings.", strna(name));
956
957 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
958 Fido2HmacCredential *array;
959 size_t l;
960 void *b;
961
962 if (!json_variant_is_string(e))
963 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string.");
964
965 array = reallocarray(h->fido2_hmac_credential, h->n_fido2_hmac_credential + 1, sizeof(Fido2HmacCredential));
966 if (!array)
967 return log_oom();
968
969 r = unbase64mem(json_variant_string(e), SIZE_MAX, &b, &l);
970 if (r < 0)
971 return json_log(variant, flags, r, "Failed to decode FIDO2 credential ID: %m");
972
973 h->fido2_hmac_credential = array;
974
975 h->fido2_hmac_credential[h->n_fido2_hmac_credential++] = (Fido2HmacCredential) {
976 .id = b,
977 .size = l,
978 };
979 }
980
981 return 0;
982 }
983
984 static int dispatch_fido2_hmac_salt_value(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
985 Fido2HmacSalt *k = userdata;
986 size_t l;
987 void *b;
988 int r;
989
990 if (json_variant_is_null(variant)) {
991 k->salt = erase_and_free(k->salt);
992 k->salt_size = 0;
993 return 0;
994 }
995
996 if (!json_variant_is_string(variant))
997 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
998
999 r = unbase64mem(json_variant_string(variant), SIZE_MAX, &b, &l);
1000 if (r < 0)
1001 return json_log(variant, flags, r, "Failed to decode FIDO2 salt: %m");
1002
1003 erase_and_free(k->salt);
1004 k->salt = b;
1005 k->salt_size = l;
1006
1007 return 0;
1008 }
1009
1010 static int dispatch_fido2_hmac_salt(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1011 UserRecord *h = userdata;
1012 JsonVariant *e;
1013 int r;
1014
1015 if (!json_variant_is_array(variant))
1016 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
1017
1018 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
1019 Fido2HmacSalt *array, *k;
1020
1021 static const JsonDispatch fido2_hmac_salt_dispatch_table[] = {
1022 { "credential", JSON_VARIANT_STRING, dispatch_fido2_hmac_credential, offsetof(Fido2HmacSalt, credential), JSON_MANDATORY },
1023 { "salt", JSON_VARIANT_STRING, dispatch_fido2_hmac_salt_value, 0, JSON_MANDATORY },
1024 { "hashedPassword", JSON_VARIANT_STRING, json_dispatch_string, offsetof(Fido2HmacSalt, hashed_password), JSON_MANDATORY },
1025 { "up", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(Fido2HmacSalt, up), 0 },
1026 { "uv", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(Fido2HmacSalt, uv), 0 },
1027 { "clientPin", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(Fido2HmacSalt, client_pin), 0 },
1028 {},
1029 };
1030
1031 if (!json_variant_is_object(e))
1032 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not an object.");
1033
1034 array = reallocarray(h->fido2_hmac_salt, h->n_fido2_hmac_salt + 1, sizeof(Fido2HmacSalt));
1035 if (!array)
1036 return log_oom();
1037
1038 h->fido2_hmac_salt = array;
1039 k = h->fido2_hmac_salt + h->n_fido2_hmac_salt;
1040 *k = (Fido2HmacSalt) {
1041 .uv = -1,
1042 .up = -1,
1043 .client_pin = -1,
1044 };
1045
1046 r = json_dispatch(e, fido2_hmac_salt_dispatch_table, NULL, flags, k);
1047 if (r < 0) {
1048 fido2_hmac_salt_done(k);
1049 return r;
1050 }
1051
1052 h->n_fido2_hmac_salt++;
1053 }
1054
1055 return 0;
1056 }
1057
1058 static int dispatch_recovery_key(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1059 UserRecord *h = userdata;
1060 JsonVariant *e;
1061 int r;
1062
1063 if (!json_variant_is_array(variant))
1064 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
1065
1066 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
1067 RecoveryKey *array, *k;
1068
1069 static const JsonDispatch recovery_key_dispatch_table[] = {
1070 { "type", JSON_VARIANT_STRING, json_dispatch_string, 0, JSON_MANDATORY },
1071 { "hashedPassword", JSON_VARIANT_STRING, json_dispatch_string, offsetof(RecoveryKey, hashed_password), JSON_MANDATORY },
1072 {},
1073 };
1074
1075 if (!json_variant_is_object(e))
1076 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not an object.");
1077
1078 array = reallocarray(h->recovery_key, h->n_recovery_key + 1, sizeof(RecoveryKey));
1079 if (!array)
1080 return log_oom();
1081
1082 h->recovery_key = array;
1083 k = h->recovery_key + h->n_recovery_key;
1084 *k = (RecoveryKey) {};
1085
1086 r = json_dispatch(e, recovery_key_dispatch_table, NULL, flags, k);
1087 if (r < 0) {
1088 recovery_key_done(k);
1089 return r;
1090 }
1091
1092 h->n_recovery_key++;
1093 }
1094
1095 return 0;
1096 }
1097
1098 static int dispatch_privileged(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1099
1100 static const JsonDispatch privileged_dispatch_table[] = {
1101 { "passwordHint", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, password_hint), 0 },
1102 { "hashedPassword", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, hashed_password), JSON_SAFE },
1103 { "sshAuthorizedKeys", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, ssh_authorized_keys), 0 },
1104 { "pkcs11EncryptedKey", JSON_VARIANT_ARRAY, dispatch_pkcs11_key, 0, 0 },
1105 { "fido2HmacSalt", JSON_VARIANT_ARRAY, dispatch_fido2_hmac_salt, 0, 0 },
1106 { "recoveryKey", JSON_VARIANT_ARRAY, dispatch_recovery_key, 0, 0 },
1107 {},
1108 };
1109
1110 return json_dispatch(variant, privileged_dispatch_table, NULL, flags, userdata);
1111 }
1112
1113 static int dispatch_binding(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1114
1115 static const JsonDispatch binding_dispatch_table[] = {
1116 { "imagePath", JSON_VARIANT_STRING, json_dispatch_image_path, offsetof(UserRecord, image_path), 0 },
1117 { "homeDirectory", JSON_VARIANT_STRING, json_dispatch_home_directory, offsetof(UserRecord, home_directory), 0 },
1118 { "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 },
1119 { "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 },
1120 { "fileSystemUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, file_system_uuid), 0 },
1121 { "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 },
1122 { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 },
1123 { "storage", JSON_VARIANT_STRING, json_dispatch_storage, offsetof(UserRecord, storage), 0 },
1124 { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
1125 { "luksCipher", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher), JSON_SAFE },
1126 { "luksCipherMode", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher_mode), JSON_SAFE },
1127 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_volume_key_size), 0 },
1128 {},
1129 };
1130
1131 JsonVariant *m;
1132 sd_id128_t mid;
1133 int r;
1134
1135 if (!variant)
1136 return 0;
1137
1138 if (!json_variant_is_object(variant))
1139 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an object.", strna(name));
1140
1141 r = sd_id128_get_machine(&mid);
1142 if (r < 0)
1143 return json_log(variant, flags, r, "Failed to determine machine ID: %m");
1144
1145 m = json_variant_by_key(variant, SD_ID128_TO_STRING(mid));
1146 if (!m)
1147 return 0;
1148
1149 return json_dispatch(m, binding_dispatch_table, NULL, flags, userdata);
1150 }
1151
1152 int per_machine_id_match(JsonVariant *ids, JsonDispatchFlags flags) {
1153 sd_id128_t mid;
1154 int r;
1155
1156 r = sd_id128_get_machine(&mid);
1157 if (r < 0)
1158 return json_log(ids, flags, r, "Failed to acquire machine ID: %m");
1159
1160 if (json_variant_is_string(ids)) {
1161 sd_id128_t k;
1162
1163 r = sd_id128_from_string(json_variant_string(ids), &k);
1164 if (r < 0) {
1165 json_log(ids, flags, r, "%s is not a valid machine ID, ignoring: %m", json_variant_string(ids));
1166 return 0;
1167 }
1168
1169 return sd_id128_equal(mid, k);
1170 }
1171
1172 if (json_variant_is_array(ids)) {
1173 JsonVariant *e;
1174
1175 JSON_VARIANT_ARRAY_FOREACH(e, ids) {
1176 sd_id128_t k;
1177
1178 if (!json_variant_is_string(e)) {
1179 json_log(e, flags, 0, "Machine ID is not a string, ignoring: %m");
1180 continue;
1181 }
1182
1183 r = sd_id128_from_string(json_variant_string(e), &k);
1184 if (r < 0) {
1185 json_log(e, flags, r, "%s is not a valid machine ID, ignoring: %m", json_variant_string(e));
1186 continue;
1187 }
1188
1189 if (sd_id128_equal(mid, k))
1190 return true;
1191 }
1192
1193 return false;
1194 }
1195
1196 json_log(ids, flags, 0, "Machine ID is not a string or array of strings, ignoring: %m");
1197 return false;
1198 }
1199
1200 int per_machine_hostname_match(JsonVariant *hns, JsonDispatchFlags flags) {
1201 _cleanup_free_ char *hn = NULL;
1202 int r;
1203
1204 r = gethostname_strict(&hn);
1205 if (r == -ENXIO) {
1206 json_log(hns, flags, r, "No hostname set, not matching perMachine hostname record: %m");
1207 return false;
1208 }
1209 if (r < 0)
1210 return json_log(hns, flags, r, "Failed to acquire hostname: %m");
1211
1212 if (json_variant_is_string(hns))
1213 return streq(json_variant_string(hns), hn);
1214
1215 if (json_variant_is_array(hns)) {
1216 JsonVariant *e;
1217
1218 JSON_VARIANT_ARRAY_FOREACH(e, hns) {
1219
1220 if (!json_variant_is_string(e)) {
1221 json_log(e, flags, 0, "Hostname is not a string, ignoring: %m");
1222 continue;
1223 }
1224
1225 if (streq(json_variant_string(hns), hn))
1226 return true;
1227 }
1228
1229 return false;
1230 }
1231
1232 json_log(hns, flags, 0, "Hostname is not a string or array of strings, ignoring: %m");
1233 return false;
1234 }
1235
1236 static int dispatch_per_machine(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1237
1238 static const JsonDispatch per_machine_dispatch_table[] = {
1239 { "matchMachineId", _JSON_VARIANT_TYPE_INVALID, NULL, 0, 0 },
1240 { "matchHostname", _JSON_VARIANT_TYPE_INVALID, NULL, 0, 0 },
1241 { "iconName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, icon_name), JSON_SAFE },
1242 { "location", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, location), 0 },
1243 { "shell", JSON_VARIANT_STRING, json_dispatch_filename_or_path, offsetof(UserRecord, shell), 0 },
1244 { "umask", JSON_VARIANT_UNSIGNED, json_dispatch_umask, offsetof(UserRecord, umask), 0 },
1245 { "environment", JSON_VARIANT_ARRAY, json_dispatch_environment, offsetof(UserRecord, environment), 0 },
1246 { "timeZone", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, time_zone), JSON_SAFE },
1247 { "preferredLanguage", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, preferred_language), JSON_SAFE },
1248 { "niceLevel", _JSON_VARIANT_TYPE_INVALID, json_dispatch_nice, offsetof(UserRecord, nice_level), 0 },
1249 { "resourceLimits", _JSON_VARIANT_TYPE_INVALID, json_dispatch_rlimits, offsetof(UserRecord, rlimits), 0 },
1250 { "locked", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, locked), 0 },
1251 { "notBeforeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_before_usec), 0 },
1252 { "notAfterUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_after_usec), 0 },
1253 { "storage", JSON_VARIANT_STRING, json_dispatch_storage, offsetof(UserRecord, storage), 0 },
1254 { "diskSize", JSON_VARIANT_UNSIGNED, json_dispatch_disk_size, offsetof(UserRecord, disk_size), 0 },
1255 { "diskSizeRelative", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_size_relative), 0 },
1256 { "skeletonDirectory", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, skeleton_directory), 0 },
1257 { "accessMode", JSON_VARIANT_UNSIGNED, json_dispatch_access_mode, offsetof(UserRecord, access_mode), 0 },
1258 { "tasksMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, tasks_max), 0 },
1259 { "memoryHigh", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_high), 0 },
1260 { "memoryMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_max), 0 },
1261 { "cpuWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, cpu_weight), 0 },
1262 { "ioWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, io_weight), 0 },
1263 { "mountNoDevices", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nodev), 0 },
1264 { "mountNoSuid", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nosuid), 0 },
1265 { "mountNoExecute", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, noexec), 0 },
1266 { "cifsDomain", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_domain), JSON_SAFE },
1267 { "cifsUserName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_user_name), JSON_SAFE },
1268 { "cifsService", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_service), JSON_SAFE },
1269 { "imagePath", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, image_path), 0 },
1270 { "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 },
1271 { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 },
1272 { "memberOf", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(UserRecord, member_of), JSON_RELAX},
1273 { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
1274 { "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 },
1275 { "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 },
1276 { "fileSystemUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, file_system_uuid), 0 },
1277 { "luksDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_discard), 0, },
1278 { "luksOfflineDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_offline_discard), 0, },
1279 { "luksCipher", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher), JSON_SAFE },
1280 { "luksCipherMode", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher_mode), JSON_SAFE },
1281 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_volume_key_size), 0 },
1282 { "luksPbkdfHashAlgorithm", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_hash_algorithm), JSON_SAFE },
1283 { "luksPbkdfType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_type), JSON_SAFE },
1284 { "luksPbkdfTimeCostUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_time_cost_usec), 0 },
1285 { "luksPbkdfMemoryCost", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_memory_cost), 0 },
1286 { "luksPbkdfParallelThreads", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_parallel_threads), 0 },
1287 { "rateLimitIntervalUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_interval_usec), 0 },
1288 { "rateLimitBurst", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_burst), 0 },
1289 { "enforcePasswordPolicy", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, enforce_password_policy), 0 },
1290 { "autoLogin", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, auto_login), 0 },
1291 { "stopDelayUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, stop_delay_usec), 0 },
1292 { "killProcesses", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, kill_processes), 0 },
1293 { "passwordChangeMinUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_min_usec), 0 },
1294 { "passwordChangeMaxUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_max_usec), 0 },
1295 { "passwordChangeWarnUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_warn_usec), 0 },
1296 { "passwordChangeInactiveUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_inactive_usec), 0 },
1297 { "passwordChangeNow", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, password_change_now), 0 },
1298 { "pkcs11TokenUri", JSON_VARIANT_ARRAY, dispatch_pkcs11_uri_array, offsetof(UserRecord, pkcs11_token_uri), 0 },
1299 { "fido2HmacCredential", JSON_VARIANT_ARRAY, dispatch_fido2_hmac_credential_array, 0, 0 },
1300 {},
1301 };
1302
1303 JsonVariant *e;
1304 int r;
1305
1306 if (!variant)
1307 return 0;
1308
1309 if (!json_variant_is_array(variant))
1310 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array.", strna(name));
1311
1312 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
1313 bool matching = false;
1314 JsonVariant *m;
1315
1316 if (!json_variant_is_object(e))
1317 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
1318
1319 m = json_variant_by_key(e, "matchMachineId");
1320 if (m) {
1321 r = per_machine_id_match(m, flags);
1322 if (r < 0)
1323 return r;
1324
1325 matching = r > 0;
1326 }
1327
1328 if (!matching) {
1329 m = json_variant_by_key(e, "matchHostname");
1330 if (m) {
1331 r = per_machine_hostname_match(m, flags);
1332 if (r < 0)
1333 return r;
1334
1335 matching = r > 0;
1336 }
1337 }
1338
1339 if (!matching)
1340 continue;
1341
1342 r = json_dispatch(e, per_machine_dispatch_table, NULL, flags, userdata);
1343 if (r < 0)
1344 return r;
1345 }
1346
1347 return 0;
1348 }
1349
1350 static int dispatch_status(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1351
1352 static const JsonDispatch status_dispatch_table[] = {
1353 { "diskUsage", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_usage), 0 },
1354 { "diskFree", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_free), 0 },
1355 { "diskSize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_size), 0 },
1356 { "diskCeiling", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_ceiling), 0 },
1357 { "diskFloor", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_floor), 0 },
1358 { "state", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, state), JSON_SAFE },
1359 { "service", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, service), JSON_SAFE },
1360 { "signedLocally", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, signed_locally), 0 },
1361 { "goodAuthenticationCounter", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, good_authentication_counter), 0 },
1362 { "badAuthenticationCounter", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, bad_authentication_counter), 0 },
1363 { "lastGoodAuthenticationUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_good_authentication_usec), 0 },
1364 { "lastBadAuthenticationUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_bad_authentication_usec), 0 },
1365 { "rateLimitBeginUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_begin_usec), 0 },
1366 { "rateLimitCount", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_count), 0 },
1367 { "removable", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, removable), 0 },
1368 {},
1369 };
1370
1371 JsonVariant *m;
1372 sd_id128_t mid;
1373 int r;
1374
1375 if (!variant)
1376 return 0;
1377
1378 if (!json_variant_is_object(variant))
1379 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an object.", strna(name));
1380
1381 r = sd_id128_get_machine(&mid);
1382 if (r < 0)
1383 return json_log(variant, flags, r, "Failed to determine machine ID: %m");
1384
1385 m = json_variant_by_key(variant, SD_ID128_TO_STRING(mid));
1386 if (!m)
1387 return 0;
1388
1389 return json_dispatch(m, status_dispatch_table, NULL, flags, userdata);
1390 }
1391
1392 int user_record_build_image_path(UserStorage storage, const char *user_name_and_realm, char **ret) {
1393 const char *suffix;
1394 char *z;
1395
1396 assert(storage >= 0);
1397 assert(user_name_and_realm);
1398 assert(ret);
1399
1400 if (storage == USER_LUKS)
1401 suffix = ".home";
1402 else if (IN_SET(storage, USER_DIRECTORY, USER_SUBVOLUME, USER_FSCRYPT))
1403 suffix = ".homedir";
1404 else {
1405 *ret = NULL;
1406 return 0;
1407 }
1408
1409 z = strjoin("/home/", user_name_and_realm, suffix);
1410 if (!z)
1411 return -ENOMEM;
1412
1413 *ret = z;
1414 return 1;
1415 }
1416
1417 static int user_record_augment(UserRecord *h, JsonDispatchFlags json_flags) {
1418 int r;
1419
1420 assert(h);
1421
1422 if (!FLAGS_SET(h->mask, USER_RECORD_REGULAR))
1423 return 0;
1424
1425 assert(h->user_name);
1426
1427 if (!h->user_name_and_realm_auto && h->realm) {
1428 h->user_name_and_realm_auto = strjoin(h->user_name, "@", h->realm);
1429 if (!h->user_name_and_realm_auto)
1430 return json_log_oom(h->json, json_flags);
1431 }
1432
1433 /* Let's add in the following automatisms only for regular users, they don't make sense for any others */
1434 if (user_record_disposition(h) != USER_REGULAR)
1435 return 0;
1436
1437 if (!h->home_directory && !h->home_directory_auto) {
1438 h->home_directory_auto = path_join("/home/", h->user_name);
1439 if (!h->home_directory_auto)
1440 return json_log_oom(h->json, json_flags);
1441 }
1442
1443 if (!h->image_path && !h->image_path_auto) {
1444 r = user_record_build_image_path(user_record_storage(h), user_record_user_name_and_realm(h), &h->image_path_auto);
1445 if (r < 0)
1446 return json_log(h->json, json_flags, r, "Failed to determine default image path: %m");
1447 }
1448
1449 return 0;
1450 }
1451
1452 int user_group_record_mangle(
1453 JsonVariant *v,
1454 UserRecordLoadFlags load_flags,
1455 JsonVariant **ret_variant,
1456 UserRecordMask *ret_mask) {
1457
1458 static const struct {
1459 UserRecordMask mask;
1460 const char *name;
1461 } mask_field[] = {
1462 { USER_RECORD_PRIVILEGED, "privileged" },
1463 { USER_RECORD_SECRET, "secret" },
1464 { USER_RECORD_BINDING, "binding" },
1465 { USER_RECORD_PER_MACHINE, "perMachine" },
1466 { USER_RECORD_STATUS, "status" },
1467 { USER_RECORD_SIGNATURE, "signature" },
1468 };
1469
1470 JsonDispatchFlags json_flags = USER_RECORD_LOAD_FLAGS_TO_JSON_DISPATCH_FLAGS(load_flags);
1471 _cleanup_(json_variant_unrefp) JsonVariant *w = NULL;
1472 JsonVariant *array[ELEMENTSOF(mask_field) * 2];
1473 size_t n_retain = 0;
1474 UserRecordMask m = 0;
1475 int r;
1476
1477 assert((load_flags & _USER_RECORD_MASK_MAX) == 0); /* detect mistakes when accidentally passing
1478 * UserRecordMask bit masks as UserRecordLoadFlags
1479 * value */
1480
1481 assert(v);
1482 assert(ret_variant);
1483 assert(ret_mask);
1484
1485 /* Note that this function is shared with the group record parser, hence we try to be generic in our
1486 * log message wording here, to cover both cases. */
1487
1488 if (!json_variant_is_object(v))
1489 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record is not a JSON object, refusing.");
1490
1491 if (USER_RECORD_ALLOW_MASK(load_flags) == 0) /* allow nothing? */
1492 return json_log(v, json_flags, SYNTHETIC_ERRNO(EINVAL), "Nothing allowed in record, refusing.");
1493
1494 if (USER_RECORD_STRIP_MASK(load_flags) == _USER_RECORD_MASK_MAX) /* strip everything? */
1495 return json_log(v, json_flags, SYNTHETIC_ERRNO(EINVAL), "Stripping everything from record, refusing.");
1496
1497 /* Check if we have the special sections and if they match our flags set */
1498 for (size_t i = 0; i < ELEMENTSOF(mask_field); i++) {
1499 JsonVariant *e, *k;
1500
1501 if (FLAGS_SET(USER_RECORD_STRIP_MASK(load_flags), mask_field[i].mask)) {
1502 if (!w)
1503 w = json_variant_ref(v);
1504
1505 r = json_variant_filter(&w, STRV_MAKE(mask_field[i].name));
1506 if (r < 0)
1507 return json_log(w, json_flags, r, "Failed to remove field from variant: %m");
1508
1509 continue;
1510 }
1511
1512 e = json_variant_by_key_full(v, mask_field[i].name, &k);
1513 if (e) {
1514 if (!FLAGS_SET(USER_RECORD_ALLOW_MASK(load_flags), mask_field[i].mask))
1515 return json_log(e, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record contains '%s' field, which is not allowed.", mask_field[i].name);
1516
1517 if (FLAGS_SET(load_flags, USER_RECORD_STRIP_REGULAR)) {
1518 array[n_retain++] = k;
1519 array[n_retain++] = e;
1520 }
1521
1522 m |= mask_field[i].mask;
1523 } else {
1524 if (FLAGS_SET(USER_RECORD_REQUIRE_MASK(load_flags), mask_field[i].mask))
1525 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record lacks '%s' field, which is required.", mask_field[i].name);
1526 }
1527 }
1528
1529 if (FLAGS_SET(load_flags, USER_RECORD_STRIP_REGULAR)) {
1530 /* If we are supposed to strip regular items, then let's instead just allocate a new object
1531 * with just the stuff we need. */
1532
1533 w = json_variant_unref(w);
1534 r = json_variant_new_object(&w, array, n_retain);
1535 if (r < 0)
1536 return json_log(v, json_flags, r, "Failed to allocate new object: %m");
1537 } else
1538 /* And now check if there's anything else in the record */
1539 for (size_t i = 0; i < json_variant_elements(v); i += 2) {
1540 const char *f;
1541 bool special = false;
1542
1543 assert_se(f = json_variant_string(json_variant_by_index(v, i)));
1544
1545 for (size_t j = 0; j < ELEMENTSOF(mask_field); j++)
1546 if (streq(f, mask_field[j].name)) { /* already covered in the loop above */
1547 special = true;
1548 continue;
1549 }
1550
1551 if (!special) {
1552 if ((load_flags & (USER_RECORD_ALLOW_REGULAR|USER_RECORD_REQUIRE_REGULAR)) == 0)
1553 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record contains '%s' field, which is not allowed.", f);
1554
1555 m |= USER_RECORD_REGULAR;
1556 break;
1557 }
1558 }
1559
1560 if (FLAGS_SET(load_flags, USER_RECORD_REQUIRE_REGULAR) && !FLAGS_SET(m, USER_RECORD_REGULAR))
1561 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record lacks basic identity fields, which are required.");
1562
1563 if (!FLAGS_SET(load_flags, USER_RECORD_EMPTY_OK) && m == 0)
1564 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record is empty.");
1565
1566 if (w)
1567 *ret_variant = TAKE_PTR(w);
1568 else
1569 *ret_variant = json_variant_ref(v);
1570
1571 *ret_mask = m;
1572 return 0;
1573 }
1574
1575 int user_record_load(UserRecord *h, JsonVariant *v, UserRecordLoadFlags load_flags) {
1576
1577 static const JsonDispatch user_dispatch_table[] = {
1578 { "userName", JSON_VARIANT_STRING, json_dispatch_user_group_name, offsetof(UserRecord, user_name), JSON_RELAX},
1579 { "realm", JSON_VARIANT_STRING, json_dispatch_realm, offsetof(UserRecord, realm), 0 },
1580 { "realName", JSON_VARIANT_STRING, json_dispatch_gecos, offsetof(UserRecord, real_name), 0 },
1581 { "emailAddress", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, email_address), JSON_SAFE },
1582 { "iconName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, icon_name), JSON_SAFE },
1583 { "location", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, location), 0 },
1584 { "disposition", JSON_VARIANT_STRING, json_dispatch_user_disposition, offsetof(UserRecord, disposition), 0 },
1585 { "lastChangeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_change_usec), 0 },
1586 { "lastPasswordChangeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_password_change_usec), 0 },
1587 { "shell", JSON_VARIANT_STRING, json_dispatch_filename_or_path, offsetof(UserRecord, shell), 0 },
1588 { "umask", JSON_VARIANT_UNSIGNED, json_dispatch_umask, offsetof(UserRecord, umask), 0 },
1589 { "environment", JSON_VARIANT_ARRAY, json_dispatch_environment, offsetof(UserRecord, environment), 0 },
1590 { "timeZone", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, time_zone), JSON_SAFE },
1591 { "preferredLanguage", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, preferred_language), JSON_SAFE },
1592 { "niceLevel", _JSON_VARIANT_TYPE_INVALID, json_dispatch_nice, offsetof(UserRecord, nice_level), 0 },
1593 { "resourceLimits", _JSON_VARIANT_TYPE_INVALID, json_dispatch_rlimits, offsetof(UserRecord, rlimits), 0 },
1594 { "locked", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, locked), 0 },
1595 { "notBeforeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_before_usec), 0 },
1596 { "notAfterUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_after_usec), 0 },
1597 { "storage", JSON_VARIANT_STRING, json_dispatch_storage, offsetof(UserRecord, storage), 0 },
1598 { "diskSize", JSON_VARIANT_UNSIGNED, json_dispatch_disk_size, offsetof(UserRecord, disk_size), 0 },
1599 { "diskSizeRelative", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_size_relative), 0 },
1600 { "skeletonDirectory", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, skeleton_directory), 0 },
1601 { "accessMode", JSON_VARIANT_UNSIGNED, json_dispatch_access_mode, offsetof(UserRecord, access_mode), 0 },
1602 { "tasksMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, tasks_max), 0 },
1603 { "memoryHigh", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_high), 0 },
1604 { "memoryMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_max), 0 },
1605 { "cpuWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, cpu_weight), 0 },
1606 { "ioWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, io_weight), 0 },
1607 { "mountNoDevices", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nodev), 0 },
1608 { "mountNoSuid", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nosuid), 0 },
1609 { "mountNoExecute", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, noexec), 0 },
1610 { "cifsDomain", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_domain), JSON_SAFE },
1611 { "cifsUserName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_user_name), JSON_SAFE },
1612 { "cifsService", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_service), JSON_SAFE },
1613 { "imagePath", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, image_path), 0 },
1614 { "homeDirectory", JSON_VARIANT_STRING, json_dispatch_home_directory, offsetof(UserRecord, home_directory), 0 },
1615 { "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 },
1616 { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 },
1617 { "memberOf", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(UserRecord, member_of), JSON_RELAX},
1618 { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
1619 { "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 },
1620 { "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 },
1621 { "fileSystemUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, file_system_uuid), 0 },
1622 { "luksDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_discard), 0 },
1623 { "luksOfflineDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_offline_discard), 0 },
1624 { "luksCipher", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher), JSON_SAFE },
1625 { "luksCipherMode", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher_mode), JSON_SAFE },
1626 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_volume_key_size), 0 },
1627 { "luksPbkdfHashAlgorithm", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_hash_algorithm), JSON_SAFE },
1628 { "luksPbkdfType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_type), JSON_SAFE },
1629 { "luksPbkdfTimeCostUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_time_cost_usec), 0 },
1630 { "luksPbkdfMemoryCost", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_memory_cost), 0 },
1631 { "luksPbkdfParallelThreads", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_parallel_threads), 0 },
1632 { "service", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, service), JSON_SAFE },
1633 { "rateLimitIntervalUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_interval_usec), 0 },
1634 { "rateLimitBurst", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_burst), 0 },
1635 { "enforcePasswordPolicy", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, enforce_password_policy), 0 },
1636 { "autoLogin", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, auto_login), 0 },
1637 { "stopDelayUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, stop_delay_usec), 0 },
1638 { "killProcesses", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, kill_processes), 0 },
1639 { "passwordChangeMinUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_min_usec), 0 },
1640 { "passwordChangeMaxUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_max_usec), 0 },
1641 { "passwordChangeWarnUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_warn_usec), 0 },
1642 { "passwordChangeInactiveUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_inactive_usec), 0 },
1643 { "passwordChangeNow", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, password_change_now), 0 },
1644 { "pkcs11TokenUri", JSON_VARIANT_ARRAY, dispatch_pkcs11_uri_array, offsetof(UserRecord, pkcs11_token_uri), 0 },
1645 { "fido2HmacCredential", JSON_VARIANT_ARRAY, dispatch_fido2_hmac_credential_array, 0, 0 },
1646 { "recoveryKeyType", JSON_VARIANT_ARRAY, json_dispatch_strv, offsetof(UserRecord, recovery_key_type), 0 },
1647
1648 { "secret", JSON_VARIANT_OBJECT, dispatch_secret, 0, 0 },
1649 { "privileged", JSON_VARIANT_OBJECT, dispatch_privileged, 0, 0 },
1650
1651 /* Ignore the perMachine, binding, status stuff here, and process it later, so that it overrides whatever is set above */
1652 { "perMachine", JSON_VARIANT_ARRAY, NULL, 0, 0 },
1653 { "binding", JSON_VARIANT_OBJECT, NULL, 0, 0 },
1654 { "status", JSON_VARIANT_OBJECT, NULL, 0, 0 },
1655
1656 /* Ignore 'signature', we check it with explicit accessors instead */
1657 { "signature", JSON_VARIANT_ARRAY, NULL, 0, 0 },
1658 {},
1659 };
1660
1661 JsonDispatchFlags json_flags = USER_RECORD_LOAD_FLAGS_TO_JSON_DISPATCH_FLAGS(load_flags);
1662 int r;
1663
1664 assert(h);
1665 assert(!h->json);
1666
1667 /* Note that this call will leave a half-initialized record around on failure! */
1668
1669 r = user_group_record_mangle(v, load_flags, &h->json, &h->mask);
1670 if (r < 0)
1671 return r;
1672
1673 r = json_dispatch(h->json, user_dispatch_table, NULL, json_flags, h);
1674 if (r < 0)
1675 return r;
1676
1677 /* During the parsing operation above we ignored the 'perMachine', 'binding' and 'status' fields,
1678 * since we want them to override the global options. Let's process them now. */
1679
1680 r = dispatch_per_machine("perMachine", json_variant_by_key(h->json, "perMachine"), json_flags, h);
1681 if (r < 0)
1682 return r;
1683
1684 r = dispatch_binding("binding", json_variant_by_key(h->json, "binding"), json_flags, h);
1685 if (r < 0)
1686 return r;
1687
1688 r = dispatch_status("status", json_variant_by_key(h->json, "status"), json_flags, h);
1689 if (r < 0)
1690 return r;
1691
1692 if (FLAGS_SET(h->mask, USER_RECORD_REGULAR) && !h->user_name)
1693 return json_log(h->json, json_flags, SYNTHETIC_ERRNO(EINVAL), "User name field missing, refusing.");
1694
1695 r = user_record_augment(h, json_flags);
1696 if (r < 0)
1697 return r;
1698
1699 return 0;
1700 }
1701
1702 int user_record_build(UserRecord **ret, ...) {
1703 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1704 _cleanup_(user_record_unrefp) UserRecord *u = NULL;
1705 va_list ap;
1706 int r;
1707
1708 assert(ret);
1709
1710 va_start(ap, ret);
1711 r = json_buildv(&v, ap);
1712 va_end(ap);
1713
1714 if (r < 0)
1715 return r;
1716
1717 u = user_record_new();
1718 if (!u)
1719 return -ENOMEM;
1720
1721 r = user_record_load(u, v, USER_RECORD_LOAD_FULL);
1722 if (r < 0)
1723 return r;
1724
1725 *ret = TAKE_PTR(u);
1726 return 0;
1727 }
1728
1729 const char *user_record_user_name_and_realm(UserRecord *h) {
1730 assert(h);
1731
1732 /* Return the pre-initialized joined string if it is defined */
1733 if (h->user_name_and_realm_auto)
1734 return h->user_name_and_realm_auto;
1735
1736 /* If it's not defined then we cannot have a realm */
1737 assert(!h->realm);
1738 return h->user_name;
1739 }
1740
1741 UserStorage user_record_storage(UserRecord *h) {
1742 assert(h);
1743
1744 if (h->storage >= 0)
1745 return h->storage;
1746
1747 return USER_CLASSIC;
1748 }
1749
1750 const char *user_record_file_system_type(UserRecord *h) {
1751 assert(h);
1752
1753 return h->file_system_type ?: "btrfs";
1754 }
1755
1756 const char *user_record_skeleton_directory(UserRecord *h) {
1757 assert(h);
1758
1759 return h->skeleton_directory ?: "/etc/skel";
1760 }
1761
1762 mode_t user_record_access_mode(UserRecord *h) {
1763 assert(h);
1764
1765 return h->access_mode != MODE_INVALID ? h->access_mode : 0700;
1766 }
1767
1768 const char* user_record_home_directory(UserRecord *h) {
1769 assert(h);
1770
1771 if (h->home_directory)
1772 return h->home_directory;
1773 if (h->home_directory_auto)
1774 return h->home_directory_auto;
1775
1776 /* The root user is special, hence be special about it */
1777 if (streq_ptr(h->user_name, "root"))
1778 return "/root";
1779
1780 return "/";
1781 }
1782
1783 const char *user_record_image_path(UserRecord *h) {
1784 assert(h);
1785
1786 if (h->image_path)
1787 return h->image_path;
1788 if (h->image_path_auto)
1789 return h->image_path_auto;
1790
1791 return IN_SET(user_record_storage(h), USER_CLASSIC, USER_DIRECTORY, USER_SUBVOLUME, USER_FSCRYPT) ? user_record_home_directory(h) : NULL;
1792 }
1793
1794 const char *user_record_cifs_user_name(UserRecord *h) {
1795 assert(h);
1796
1797 return h->cifs_user_name ?: h->user_name;
1798 }
1799
1800 unsigned long user_record_mount_flags(UserRecord *h) {
1801 assert(h);
1802
1803 return (h->nosuid ? MS_NOSUID : 0) |
1804 (h->noexec ? MS_NOEXEC : 0) |
1805 (h->nodev ? MS_NODEV : 0);
1806 }
1807
1808 const char *user_record_shell(UserRecord *h) {
1809 assert(h);
1810
1811 if (h->shell)
1812 return h->shell;
1813
1814 if (streq_ptr(h->user_name, "root"))
1815 return "/bin/sh";
1816
1817 if (user_record_disposition(h) == USER_REGULAR)
1818 return "/bin/bash";
1819
1820 return NOLOGIN;
1821 }
1822
1823 const char *user_record_real_name(UserRecord *h) {
1824 assert(h);
1825
1826 return h->real_name ?: h->user_name;
1827 }
1828
1829 bool user_record_luks_discard(UserRecord *h) {
1830 const char *ip;
1831
1832 assert(h);
1833
1834 if (h->luks_discard >= 0)
1835 return h->luks_discard;
1836
1837 ip = user_record_image_path(h);
1838 if (!ip)
1839 return false;
1840
1841 /* Use discard by default if we are referring to a real block device, but not when operating on a
1842 * loopback device. We want to optimize for SSD and flash storage after all, but we should be careful
1843 * when storing stuff on top of regular file systems in loopback files as doing discard then would
1844 * mean thin provisioning and we should not do that willy-nilly since it means we'll risk EIO later
1845 * on should the disk space to back our file systems not be available. */
1846
1847 return path_startswith(ip, "/dev/");
1848 }
1849
1850 bool user_record_luks_offline_discard(UserRecord *h) {
1851 const char *ip;
1852
1853 assert(h);
1854
1855 if (h->luks_offline_discard >= 0)
1856 return h->luks_offline_discard;
1857
1858 /* Discard while we are logged out should generally be a good idea, except when operating directly on
1859 * physical media, where we should just bind it to the online discard mode. */
1860
1861 ip = user_record_image_path(h);
1862 if (!ip)
1863 return false;
1864
1865 if (path_startswith(ip, "/dev/"))
1866 return user_record_luks_discard(h);
1867
1868 return true;
1869 }
1870
1871 const char *user_record_luks_cipher(UserRecord *h) {
1872 assert(h);
1873
1874 return h->luks_cipher ?: "aes";
1875 }
1876
1877 const char *user_record_luks_cipher_mode(UserRecord *h) {
1878 assert(h);
1879
1880 return h->luks_cipher_mode ?: "xts-plain64";
1881 }
1882
1883 uint64_t user_record_luks_volume_key_size(UserRecord *h) {
1884 assert(h);
1885
1886 /* We return a value here that can be cast without loss into size_t which is what libcrypsetup expects */
1887
1888 if (h->luks_volume_key_size == UINT64_MAX)
1889 return 256 / 8;
1890
1891 return MIN(h->luks_volume_key_size, SIZE_MAX);
1892 }
1893
1894 const char* user_record_luks_pbkdf_type(UserRecord *h) {
1895 assert(h);
1896
1897 return h->luks_pbkdf_type ?: "argon2id";
1898 }
1899
1900 uint64_t user_record_luks_pbkdf_time_cost_usec(UserRecord *h) {
1901 assert(h);
1902
1903 /* Returns a value with ms granularity, since that's what libcryptsetup expects */
1904
1905 if (h->luks_pbkdf_time_cost_usec == UINT64_MAX)
1906 return 500 * USEC_PER_MSEC; /* We default to 500ms, in contrast to libcryptsetup's 2s, which is just awfully slow on every login */
1907
1908 return MIN(DIV_ROUND_UP(h->luks_pbkdf_time_cost_usec, USEC_PER_MSEC), UINT32_MAX) * USEC_PER_MSEC;
1909 }
1910
1911 uint64_t user_record_luks_pbkdf_memory_cost(UserRecord *h) {
1912 assert(h);
1913
1914 /* Returns a value with kb granularity, since that's what libcryptsetup expects */
1915
1916 if (h->luks_pbkdf_memory_cost == UINT64_MAX)
1917 return 64*1024*1024; /* We default to 64M, since this should work on smaller systems too */
1918
1919 return MIN(DIV_ROUND_UP(h->luks_pbkdf_memory_cost, 1024), UINT32_MAX) * 1024;
1920 }
1921
1922 uint64_t user_record_luks_pbkdf_parallel_threads(UserRecord *h) {
1923 assert(h);
1924
1925 if (h->luks_pbkdf_memory_cost == UINT64_MAX)
1926 return 1; /* We default to 1, since this should work on smaller systems too */
1927
1928 return MIN(h->luks_pbkdf_parallel_threads, UINT32_MAX);
1929 }
1930
1931 const char *user_record_luks_pbkdf_hash_algorithm(UserRecord *h) {
1932 assert(h);
1933
1934 return h->luks_pbkdf_hash_algorithm ?: "sha512";
1935 }
1936
1937 gid_t user_record_gid(UserRecord *h) {
1938 assert(h);
1939
1940 if (gid_is_valid(h->gid))
1941 return h->gid;
1942
1943 return (gid_t) h->uid;
1944 }
1945
1946 UserDisposition user_record_disposition(UserRecord *h) {
1947 assert(h);
1948
1949 if (h->disposition >= 0)
1950 return h->disposition;
1951
1952 /* If not declared, derive from UID */
1953
1954 if (!uid_is_valid(h->uid))
1955 return _USER_DISPOSITION_INVALID;
1956
1957 if (h->uid == 0 || h->uid == UID_NOBODY)
1958 return USER_INTRINSIC;
1959
1960 if (uid_is_system(h->uid))
1961 return USER_SYSTEM;
1962
1963 if (uid_is_dynamic(h->uid))
1964 return USER_DYNAMIC;
1965
1966 if (uid_is_container(h->uid))
1967 return USER_CONTAINER;
1968
1969 if (h->uid > INT32_MAX)
1970 return USER_RESERVED;
1971
1972 return USER_REGULAR;
1973 }
1974
1975 int user_record_removable(UserRecord *h) {
1976 UserStorage storage;
1977 assert(h);
1978
1979 if (h->removable >= 0)
1980 return h->removable;
1981
1982 /* Refuse to decide for classic records */
1983 storage = user_record_storage(h);
1984 if (h->storage < 0 || h->storage == USER_CLASSIC)
1985 return -1;
1986
1987 /* For now consider only LUKS home directories with a reference by path as removable */
1988 return storage == USER_LUKS && path_startswith(user_record_image_path(h), "/dev/");
1989 }
1990
1991 uint64_t user_record_ratelimit_interval_usec(UserRecord *h) {
1992 assert(h);
1993
1994 if (h->ratelimit_interval_usec == UINT64_MAX)
1995 return DEFAULT_RATELIMIT_INTERVAL_USEC;
1996
1997 return h->ratelimit_interval_usec;
1998 }
1999
2000 uint64_t user_record_ratelimit_burst(UserRecord *h) {
2001 assert(h);
2002
2003 if (h->ratelimit_burst == UINT64_MAX)
2004 return DEFAULT_RATELIMIT_BURST;
2005
2006 return h->ratelimit_burst;
2007 }
2008
2009 bool user_record_can_authenticate(UserRecord *h) {
2010 assert(h);
2011
2012 /* Returns true if there's some form of property configured that the user can authenticate against */
2013
2014 if (h->n_pkcs11_encrypted_key > 0)
2015 return true;
2016
2017 if (h->n_fido2_hmac_salt > 0)
2018 return true;
2019
2020 return !strv_isempty(h->hashed_password);
2021 }
2022
2023 uint64_t user_record_ratelimit_next_try(UserRecord *h) {
2024 assert(h);
2025
2026 /* Calculates when the it's possible to login next. Returns:
2027 *
2028 * UINT64_MAX → Nothing known
2029 * 0 → Right away
2030 * Any other → Next time in CLOCK_REALTIME in usec (which could be in the past)
2031 */
2032
2033 if (h->ratelimit_begin_usec == UINT64_MAX ||
2034 h->ratelimit_count == UINT64_MAX)
2035 return UINT64_MAX;
2036
2037 if (h->ratelimit_begin_usec > now(CLOCK_REALTIME)) /* If the ratelimit time is in the future, then
2038 * the local clock is probably incorrect. Let's
2039 * not refuse login then. */
2040 return UINT64_MAX;
2041
2042 if (h->ratelimit_count < user_record_ratelimit_burst(h))
2043 return 0;
2044
2045 return usec_add(h->ratelimit_begin_usec, user_record_ratelimit_interval_usec(h));
2046 }
2047
2048 bool user_record_equal(UserRecord *a, UserRecord *b) {
2049 assert(a);
2050 assert(b);
2051
2052 /* We assume that when a record is modified its JSON data is updated at the same time, hence it's
2053 * sufficient to compare the JSON data. */
2054
2055 return json_variant_equal(a->json, b->json);
2056 }
2057
2058 bool user_record_compatible(UserRecord *a, UserRecord *b) {
2059 assert(a);
2060 assert(b);
2061
2062 /* If either lacks the regular section, we can't really decide, let's hence say they are
2063 * incompatible. */
2064 if (!(a->mask & b->mask & USER_RECORD_REGULAR))
2065 return false;
2066
2067 return streq_ptr(a->user_name, b->user_name) &&
2068 streq_ptr(a->realm, b->realm);
2069 }
2070
2071 int user_record_compare_last_change(UserRecord *a, UserRecord *b) {
2072 assert(a);
2073 assert(b);
2074
2075 if (a->last_change_usec == b->last_change_usec)
2076 return 0;
2077
2078 /* Always consider a record with a timestamp newer than one without */
2079 if (a->last_change_usec == UINT64_MAX)
2080 return -1;
2081 if (b->last_change_usec == UINT64_MAX)
2082 return 1;
2083
2084 return CMP(a->last_change_usec, b->last_change_usec);
2085 }
2086
2087 int user_record_clone(UserRecord *h, UserRecordLoadFlags flags, UserRecord **ret) {
2088 _cleanup_(user_record_unrefp) UserRecord *c = NULL;
2089 int r;
2090
2091 assert(h);
2092 assert(ret);
2093
2094 c = user_record_new();
2095 if (!c)
2096 return -ENOMEM;
2097
2098 r = user_record_load(c, h->json, flags);
2099 if (r < 0)
2100 return r;
2101
2102 *ret = TAKE_PTR(c);
2103 return 0;
2104 }
2105
2106 int user_record_masked_equal(UserRecord *a, UserRecord *b, UserRecordMask mask) {
2107 _cleanup_(user_record_unrefp) UserRecord *x = NULL, *y = NULL;
2108 int r;
2109
2110 assert(a);
2111 assert(b);
2112
2113 /* Compares the two records, but ignores anything not listed in the specified mask */
2114
2115 if ((a->mask & ~mask) != 0) {
2116 r = user_record_clone(a, USER_RECORD_ALLOW(mask) | USER_RECORD_STRIP(~mask & _USER_RECORD_MASK_MAX) | USER_RECORD_PERMISSIVE, &x);
2117 if (r < 0)
2118 return r;
2119
2120 a = x;
2121 }
2122
2123 if ((b->mask & ~mask) != 0) {
2124 r = user_record_clone(b, USER_RECORD_ALLOW(mask) | USER_RECORD_STRIP(~mask & _USER_RECORD_MASK_MAX) | USER_RECORD_PERMISSIVE, &y);
2125 if (r < 0)
2126 return r;
2127
2128 b = y;
2129 }
2130
2131 return user_record_equal(a, b);
2132 }
2133
2134 int user_record_test_blocked(UserRecord *h) {
2135 usec_t n;
2136
2137 /* Checks whether access to the specified user shall be allowed at the moment. Returns:
2138 *
2139 * -ESTALE: Record is from the future
2140 * -ENOLCK: Record is blocked
2141 * -EL2HLT: Record is not valid yet
2142 * -EL3HLT: Record is not valid anymore
2143 *
2144 */
2145
2146 assert(h);
2147
2148 if (h->locked > 0)
2149 return -ENOLCK;
2150
2151 n = now(CLOCK_REALTIME);
2152
2153 if (h->not_before_usec != UINT64_MAX && n < h->not_before_usec)
2154 return -EL2HLT;
2155 if (h->not_after_usec != UINT64_MAX && n > h->not_after_usec)
2156 return -EL3HLT;
2157
2158 if (h->last_change_usec != UINT64_MAX &&
2159 h->last_change_usec > n) /* Complain during log-ins when the record is from the future */
2160 return -ESTALE;
2161
2162 return 0;
2163 }
2164
2165 int user_record_test_password_change_required(UserRecord *h) {
2166 bool change_permitted;
2167 usec_t n;
2168
2169 assert(h);
2170
2171 /* Checks whether the user must change the password when logging in
2172
2173 -EKEYREVOKED: Change password now because admin said so
2174 -EOWNERDEAD: Change password now because it expired
2175 -EKEYREJECTED: Password is expired, no changing is allowed
2176 -EKEYEXPIRED: Password is about to expire, warn user
2177 -ENETDOWN: Record has expiration info but no password change timestamp
2178 -EROFS: No password change required nor permitted
2179 -ESTALE: RTC likely incorrect, last password change is in the future
2180 0: No password change required, but permitted
2181 */
2182
2183 /* If a password change request has been set explicitly, it overrides everything */
2184 if (h->password_change_now > 0)
2185 return -EKEYREVOKED;
2186
2187 n = now(CLOCK_REALTIME);
2188
2189 /* Password change in the future? Then our RTC is likely incorrect */
2190 if (h->last_password_change_usec != UINT64_MAX &&
2191 h->last_password_change_usec > n &&
2192 (h->password_change_min_usec != UINT64_MAX ||
2193 h->password_change_max_usec != UINT64_MAX ||
2194 h->password_change_inactive_usec != UINT64_MAX))
2195 return -ESTALE;
2196
2197 /* Then, let's check if password changing is currently allowed at all */
2198 if (h->password_change_min_usec != UINT64_MAX) {
2199
2200 /* Expiry configured but no password change timestamp known? */
2201 if (h->last_password_change_usec == UINT64_MAX)
2202 return -ENETDOWN;
2203
2204 if (h->password_change_min_usec >= UINT64_MAX - h->last_password_change_usec)
2205 change_permitted = false;
2206 else
2207 change_permitted = n >= h->last_password_change_usec + h->password_change_min_usec;
2208
2209 } else
2210 change_permitted = true;
2211
2212 /* Let's check whether the password has expired. */
2213 if (!(h->password_change_max_usec == UINT64_MAX ||
2214 h->password_change_max_usec >= UINT64_MAX - h->last_password_change_usec)) {
2215
2216 uint64_t change_before;
2217
2218 /* Expiry configured but no password change timestamp known? */
2219 if (h->last_password_change_usec == UINT64_MAX)
2220 return -ENETDOWN;
2221
2222 /* Password is in inactive phase? */
2223 if (h->password_change_inactive_usec != UINT64_MAX &&
2224 h->password_change_inactive_usec < UINT64_MAX - h->password_change_max_usec) {
2225 usec_t added;
2226
2227 added = h->password_change_inactive_usec + h->password_change_max_usec;
2228 if (added < UINT64_MAX - h->last_password_change_usec &&
2229 n >= h->last_password_change_usec + added)
2230 return -EKEYREJECTED;
2231 }
2232
2233 /* Password needs to be changed now? */
2234 change_before = h->last_password_change_usec + h->password_change_max_usec;
2235 if (n >= change_before)
2236 return change_permitted ? -EOWNERDEAD : -EKEYREJECTED;
2237
2238 /* Warn user? */
2239 if (h->password_change_warn_usec != UINT64_MAX &&
2240 (change_before < h->password_change_warn_usec ||
2241 n >= change_before - h->password_change_warn_usec))
2242 return change_permitted ? -EKEYEXPIRED : -EROFS;
2243 }
2244
2245 /* No password changing necessary */
2246 return change_permitted ? 0 : -EROFS;
2247 }
2248
2249 static const char* const user_storage_table[_USER_STORAGE_MAX] = {
2250 [USER_CLASSIC] = "classic",
2251 [USER_LUKS] = "luks",
2252 [USER_DIRECTORY] = "directory",
2253 [USER_SUBVOLUME] = "subvolume",
2254 [USER_FSCRYPT] = "fscrypt",
2255 [USER_CIFS] = "cifs",
2256 };
2257
2258 DEFINE_STRING_TABLE_LOOKUP(user_storage, UserStorage);
2259
2260 static const char* const user_disposition_table[_USER_DISPOSITION_MAX] = {
2261 [USER_INTRINSIC] = "intrinsic",
2262 [USER_SYSTEM] = "system",
2263 [USER_DYNAMIC] = "dynamic",
2264 [USER_REGULAR] = "regular",
2265 [USER_CONTAINER] = "container",
2266 [USER_RESERVED] = "reserved",
2267 };
2268
2269 DEFINE_STRING_TABLE_LOOKUP(user_disposition, UserDisposition);
Unnamed repository; edit this file 'description' to name the repository.