1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
10 #include "missing_resource.h"
11 #include "time-util.h"
13 typedef enum UserDisposition
{
14 USER_INTRINSIC
, /* root and nobody */
15 USER_SYSTEM
, /* statically allocated users for system services */
16 USER_DYNAMIC
, /* dynamically allocated users for system services */
17 USER_REGULAR
, /* regular (typically human users) */
18 USER_CONTAINER
, /* UID ranges allocated for container uses */
19 USER_RESERVED
, /* Range above 2^31 */
20 _USER_DISPOSITION_MAX
,
21 _USER_DISPOSITION_INVALID
= -EINVAL
,
24 typedef enum UserHomeStorage
{
27 USER_DIRECTORY
, /* A directory, and a .identity file in it, which USER_CLASSIC lacks */
32 _USER_STORAGE_INVALID
= -EINVAL
,
35 typedef enum UserRecordMask
{
36 /* The various sections an identity record may have, as bit mask */
37 USER_RECORD_REGULAR
= 1U << 0,
38 USER_RECORD_SECRET
= 1U << 1,
39 USER_RECORD_PRIVILEGED
= 1U << 2,
40 USER_RECORD_PER_MACHINE
= 1U << 3,
41 USER_RECORD_BINDING
= 1U << 4,
42 USER_RECORD_STATUS
= 1U << 5,
43 USER_RECORD_SIGNATURE
= 1U << 6,
44 _USER_RECORD_MASK_MAX
= (1U << 7)-1
47 typedef enum UserRecordLoadFlags
{
48 /* A set of flags used while loading a user record from JSON data. We leave the lower 6 bits free,
49 * just as a safety precaution so that we can detect borked conversions between UserRecordMask and
50 * UserRecordLoadFlags. */
53 USER_RECORD_REQUIRE_REGULAR
= USER_RECORD_REGULAR
<< 7,
54 USER_RECORD_REQUIRE_SECRET
= USER_RECORD_SECRET
<< 7,
55 USER_RECORD_REQUIRE_PRIVILEGED
= USER_RECORD_PRIVILEGED
<< 7,
56 USER_RECORD_REQUIRE_PER_MACHINE
= USER_RECORD_PER_MACHINE
<< 7,
57 USER_RECORD_REQUIRE_BINDING
= USER_RECORD_BINDING
<< 7,
58 USER_RECORD_REQUIRE_STATUS
= USER_RECORD_STATUS
<< 7,
59 USER_RECORD_REQUIRE_SIGNATURE
= USER_RECORD_SIGNATURE
<< 7,
62 USER_RECORD_ALLOW_REGULAR
= USER_RECORD_REGULAR
<< 14,
63 USER_RECORD_ALLOW_SECRET
= USER_RECORD_SECRET
<< 14,
64 USER_RECORD_ALLOW_PRIVILEGED
= USER_RECORD_PRIVILEGED
<< 14,
65 USER_RECORD_ALLOW_PER_MACHINE
= USER_RECORD_PER_MACHINE
<< 14,
66 USER_RECORD_ALLOW_BINDING
= USER_RECORD_BINDING
<< 14,
67 USER_RECORD_ALLOW_STATUS
= USER_RECORD_STATUS
<< 14,
68 USER_RECORD_ALLOW_SIGNATURE
= USER_RECORD_SIGNATURE
<< 14,
71 USER_RECORD_STRIP_REGULAR
= USER_RECORD_REGULAR
<< 21,
72 USER_RECORD_STRIP_SECRET
= USER_RECORD_SECRET
<< 21,
73 USER_RECORD_STRIP_PRIVILEGED
= USER_RECORD_PRIVILEGED
<< 21,
74 USER_RECORD_STRIP_PER_MACHINE
= USER_RECORD_PER_MACHINE
<< 21,
75 USER_RECORD_STRIP_BINDING
= USER_RECORD_BINDING
<< 21,
76 USER_RECORD_STRIP_STATUS
= USER_RECORD_STATUS
<< 21,
77 USER_RECORD_STRIP_SIGNATURE
= USER_RECORD_SIGNATURE
<< 21,
79 /* Some special combinations that deserve explicit names */
80 USER_RECORD_LOAD_FULL
= USER_RECORD_REQUIRE_REGULAR
|
81 USER_RECORD_ALLOW_SECRET
|
82 USER_RECORD_ALLOW_PRIVILEGED
|
83 USER_RECORD_ALLOW_PER_MACHINE
|
84 USER_RECORD_ALLOW_BINDING
|
85 USER_RECORD_ALLOW_STATUS
|
86 USER_RECORD_ALLOW_SIGNATURE
,
88 USER_RECORD_LOAD_REFUSE_SECRET
= USER_RECORD_REQUIRE_REGULAR
|
89 USER_RECORD_ALLOW_PRIVILEGED
|
90 USER_RECORD_ALLOW_PER_MACHINE
|
91 USER_RECORD_ALLOW_BINDING
|
92 USER_RECORD_ALLOW_STATUS
|
93 USER_RECORD_ALLOW_SIGNATURE
,
95 USER_RECORD_LOAD_MASK_SECRET
= USER_RECORD_REQUIRE_REGULAR
|
96 USER_RECORD_ALLOW_PRIVILEGED
|
97 USER_RECORD_ALLOW_PER_MACHINE
|
98 USER_RECORD_ALLOW_BINDING
|
99 USER_RECORD_ALLOW_STATUS
|
100 USER_RECORD_ALLOW_SIGNATURE
|
101 USER_RECORD_STRIP_SECRET
,
103 USER_RECORD_EXTRACT_SECRET
= USER_RECORD_REQUIRE_SECRET
|
104 USER_RECORD_STRIP_REGULAR
|
105 USER_RECORD_STRIP_PRIVILEGED
|
106 USER_RECORD_STRIP_PER_MACHINE
|
107 USER_RECORD_STRIP_BINDING
|
108 USER_RECORD_STRIP_STATUS
|
109 USER_RECORD_STRIP_SIGNATURE
,
111 USER_RECORD_LOAD_SIGNABLE
= USER_RECORD_REQUIRE_REGULAR
|
112 USER_RECORD_ALLOW_PRIVILEGED
|
113 USER_RECORD_ALLOW_PER_MACHINE
,
115 USER_RECORD_EXTRACT_SIGNABLE
= USER_RECORD_LOAD_SIGNABLE
|
116 USER_RECORD_STRIP_SECRET
|
117 USER_RECORD_STRIP_BINDING
|
118 USER_RECORD_STRIP_STATUS
|
119 USER_RECORD_STRIP_SIGNATURE
,
121 USER_RECORD_LOAD_EMBEDDED
= USER_RECORD_REQUIRE_REGULAR
|
122 USER_RECORD_ALLOW_PRIVILEGED
|
123 USER_RECORD_ALLOW_PER_MACHINE
|
124 USER_RECORD_ALLOW_SIGNATURE
,
126 USER_RECORD_EXTRACT_EMBEDDED
= USER_RECORD_LOAD_EMBEDDED
|
127 USER_RECORD_STRIP_SECRET
|
128 USER_RECORD_STRIP_BINDING
|
129 USER_RECORD_STRIP_STATUS
,
131 /* Whether to log about loader errors beyond LOG_DEBUG */
132 USER_RECORD_LOG
= 1U << 28,
134 /* Whether to ignore errors and load what we can */
135 USER_RECORD_PERMISSIVE
= 1U << 29,
137 /* Whether an empty record is OK */
138 USER_RECORD_EMPTY_OK
= 1U << 30,
139 } UserRecordLoadFlags
;
141 static inline UserRecordLoadFlags
USER_RECORD_REQUIRE(UserRecordMask m
) {
142 assert((m
& ~_USER_RECORD_MASK_MAX
) == 0);
146 static inline UserRecordLoadFlags
USER_RECORD_ALLOW(UserRecordMask m
) {
147 assert((m
& ~_USER_RECORD_MASK_MAX
) == 0);
151 static inline UserRecordLoadFlags
USER_RECORD_STRIP(UserRecordMask m
) {
152 assert((m
& ~_USER_RECORD_MASK_MAX
) == 0);
156 static inline UserRecordMask
USER_RECORD_REQUIRE_MASK(UserRecordLoadFlags f
) {
157 return (f
>> 7) & _USER_RECORD_MASK_MAX
;
160 static inline UserRecordMask
USER_RECORD_ALLOW_MASK(UserRecordLoadFlags f
) {
161 return ((f
>> 14) & _USER_RECORD_MASK_MAX
) | USER_RECORD_REQUIRE_MASK(f
);
164 static inline UserRecordMask
USER_RECORD_STRIP_MASK(UserRecordLoadFlags f
) {
165 return (f
>> 21) & _USER_RECORD_MASK_MAX
;
168 static inline JsonDispatchFlags
USER_RECORD_LOAD_FLAGS_TO_JSON_DISPATCH_FLAGS(UserRecordLoadFlags flags
) {
169 return (FLAGS_SET(flags
, USER_RECORD_LOG
) ? JSON_LOG
: 0) |
170 (FLAGS_SET(flags
, USER_RECORD_PERMISSIVE
) ? JSON_PERMISSIVE
: 0);
173 typedef struct Pkcs11EncryptedKey
{
174 /* The encrypted passphrase, which can be decrypted with the private key indicated below */
178 /* Where to find the private key to decrypt the encrypted passphrase above */
181 /* What to test the decrypted passphrase against to allow access (classic UNIX password hash). Note
182 * that the decrypted passphrase is also used for unlocking LUKS and fscrypt, and if the account is
183 * backed by LUKS or fscrypt the hashed password is only an additional layer of authentication, not
185 char *hashed_password
;
186 } Pkcs11EncryptedKey
;
188 typedef struct Fido2HmacCredential
{
191 } Fido2HmacCredential
;
193 typedef struct Fido2HmacSalt
{
194 /* The FIDO2 Cridential ID to use */
195 Fido2HmacCredential credential
;
197 /* The FIDO2 salt value */
201 /* What to test the hashed salt value against, usually UNIX password hash here. */
202 char *hashed_password
;
204 /* Whether the 'up', 'uv', 'clientPin' features are enabled. */
205 int uv
, up
, client_pin
;
208 typedef struct RecoveryKey
{
209 /* The type of recovery key, must be "modhex64" right now */
212 /* A UNIX password hash of the normalized form of modhex64 */
213 char *hashed_password
;
216 typedef enum AutoResizeMode
{
217 AUTO_RESIZE_OFF
, /* no automatic grow/shrink */
218 AUTO_RESIZE_GROW
, /* grow at login */
219 AUTO_RESIZE_SHRINK_AND_GROW
, /* shrink at logout + grow at login */
220 _AUTO_RESIZE_MODE_MAX
,
221 _AUTO_RESIZE_MODE_INVALID
= -EINVAL
,
224 #define REBALANCE_WEIGHT_OFF UINT64_C(0)
225 #define REBALANCE_WEIGHT_DEFAULT UINT64_C(100)
226 #define REBALANCE_WEIGHT_BACKING UINT64_C(20)
227 #define REBALANCE_WEIGHT_MIN UINT64_C(1)
228 #define REBALANCE_WEIGHT_MAX UINT64_C(10000)
229 #define REBALANCE_WEIGHT_UNSET UINT64_MAX
231 typedef struct UserRecord
{
232 /* The following three fields are not part of the JSON record */
235 bool incomplete
; /* incomplete due to security restrictions. */
239 char *user_name_and_realm_auto
; /* the user_name field concatenated with '@' and the realm, if the latter is defined */
246 UserDisposition disposition
;
247 uint64_t last_change_usec
;
248 uint64_t last_password_change_usec
;
254 char *preferred_language
;
256 struct rlimit
*rlimits
[_RLIMIT_MAX
];
258 int locked
; /* prohibit activation in general */
259 uint64_t not_before_usec
; /* prohibit activation before this unix time */
260 uint64_t not_after_usec
; /* prohibit activation after this unix time */
264 uint64_t disk_size_relative
; /* Disk size, relative to the free bytes of the medium, normalized to UINT32_MAX = 100% */
265 char *skeleton_directory
;
267 AutoResizeMode auto_resize_mode
;
268 uint64_t rebalance_weight
;
271 uint64_t memory_high
;
280 char **hashed_password
;
281 char **ssh_authorized_keys
;
286 char *cifs_user_name
;
288 char *cifs_extra_mount_options
;
291 char *image_path_auto
; /* when none is configured explicitly, this is where we place the implicit image */
292 char *home_directory
;
293 char *home_directory_auto
; /* when none is set explicitly, this is where we place the implicit home directory */
300 char *file_system_type
;
301 sd_id128_t partition_uuid
;
302 sd_id128_t luks_uuid
;
303 sd_id128_t file_system_uuid
;
306 int luks_offline_discard
;
308 char *luks_cipher_mode
;
309 uint64_t luks_volume_key_size
;
310 char *luks_pbkdf_hash_algorithm
;
311 char *luks_pbkdf_type
;
312 uint64_t luks_pbkdf_force_iterations
;
313 uint64_t luks_pbkdf_time_cost_usec
;
314 uint64_t luks_pbkdf_memory_cost
;
315 uint64_t luks_pbkdf_parallel_threads
;
316 uint64_t luks_sector_size
;
317 char *luks_extra_mount_options
;
321 uint64_t disk_ceiling
;
328 uint64_t good_authentication_counter
;
329 uint64_t bad_authentication_counter
;
330 uint64_t last_good_authentication_usec
;
331 uint64_t last_bad_authentication_usec
;
333 uint64_t ratelimit_begin_usec
;
334 uint64_t ratelimit_count
;
335 uint64_t ratelimit_interval_usec
;
336 uint64_t ratelimit_burst
;
339 int enforce_password_policy
;
343 uint64_t stop_delay_usec
; /* How long to leave systemd --user around on log-out */
344 int kill_processes
; /* Whether to kill user processes forcibly on log-out */
346 /* The following exist mostly so that we can cover the full /etc/shadow set of fields */
347 uint64_t password_change_min_usec
; /* maps to .sp_min */
348 uint64_t password_change_max_usec
; /* maps to .sp_max */
349 uint64_t password_change_warn_usec
; /* maps to .sp_warn */
350 uint64_t password_change_inactive_usec
; /* maps to .sp_inact */
351 int password_change_now
; /* Require a password change immediately on next login (.sp_lstchg = 0) */
353 char **pkcs11_token_uri
;
354 Pkcs11EncryptedKey
*pkcs11_encrypted_key
;
355 size_t n_pkcs11_encrypted_key
;
356 int pkcs11_protected_authentication_path_permitted
;
358 Fido2HmacCredential
*fido2_hmac_credential
;
359 size_t n_fido2_hmac_credential
;
360 Fido2HmacSalt
*fido2_hmac_salt
;
361 size_t n_fido2_hmac_salt
;
362 int fido2_user_presence_permitted
;
363 int fido2_user_verification_permitted
;
365 char **recovery_key_type
;
366 RecoveryKey
*recovery_key
;
367 size_t n_recovery_key
;
372 UserRecord
* user_record_new(void);
373 UserRecord
* user_record_ref(UserRecord
*h
);
374 UserRecord
* user_record_unref(UserRecord
*h
);
376 DEFINE_TRIVIAL_CLEANUP_FUNC(UserRecord
*, user_record_unref
);
378 int user_record_load(UserRecord
*h
, JsonVariant
*v
, UserRecordLoadFlags flags
);
379 int user_record_build(UserRecord
**ret
, ...);
381 const char *user_record_user_name_and_realm(UserRecord
*h
);
382 UserStorage
user_record_storage(UserRecord
*h
);
383 const char *user_record_file_system_type(UserRecord
*h
);
384 const char *user_record_skeleton_directory(UserRecord
*h
);
385 mode_t
user_record_access_mode(UserRecord
*h
);
386 const char *user_record_home_directory(UserRecord
*h
);
387 const char *user_record_image_path(UserRecord
*h
);
388 unsigned long user_record_mount_flags(UserRecord
*h
);
389 const char *user_record_cifs_user_name(UserRecord
*h
);
390 const char *user_record_shell(UserRecord
*h
);
391 const char *user_record_real_name(UserRecord
*h
);
392 bool user_record_luks_discard(UserRecord
*h
);
393 bool user_record_luks_offline_discard(UserRecord
*h
);
394 const char *user_record_luks_cipher(UserRecord
*h
);
395 const char *user_record_luks_cipher_mode(UserRecord
*h
);
396 uint64_t user_record_luks_volume_key_size(UserRecord
*h
);
397 const char* user_record_luks_pbkdf_type(UserRecord
*h
);
398 uint64_t user_record_luks_pbkdf_force_iterations(UserRecord
*h
);
399 usec_t
user_record_luks_pbkdf_time_cost_usec(UserRecord
*h
);
400 uint64_t user_record_luks_pbkdf_memory_cost(UserRecord
*h
);
401 uint64_t user_record_luks_pbkdf_parallel_threads(UserRecord
*h
);
402 uint64_t user_record_luks_sector_size(UserRecord
*h
);
403 const char *user_record_luks_pbkdf_hash_algorithm(UserRecord
*h
);
404 gid_t
user_record_gid(UserRecord
*h
);
405 UserDisposition
user_record_disposition(UserRecord
*h
);
406 int user_record_removable(UserRecord
*h
);
407 usec_t
user_record_ratelimit_interval_usec(UserRecord
*h
);
408 uint64_t user_record_ratelimit_burst(UserRecord
*h
);
409 bool user_record_can_authenticate(UserRecord
*h
);
410 bool user_record_drop_caches(UserRecord
*h
);
411 AutoResizeMode
user_record_auto_resize_mode(UserRecord
*h
);
412 uint64_t user_record_rebalance_weight(UserRecord
*h
);
414 int user_record_build_image_path(UserStorage storage
, const char *user_name_and_realm
, char **ret
);
416 bool user_record_equal(UserRecord
*a
, UserRecord
*b
);
417 bool user_record_compatible(UserRecord
*a
, UserRecord
*b
);
418 int user_record_compare_last_change(UserRecord
*a
, UserRecord
*b
);
420 usec_t
user_record_ratelimit_next_try(UserRecord
*h
);
422 int user_record_clone(UserRecord
*h
, UserRecordLoadFlags flags
, UserRecord
**ret
);
423 int user_record_masked_equal(UserRecord
*a
, UserRecord
*b
, UserRecordMask mask
);
425 int user_record_test_blocked(UserRecord
*h
);
426 int user_record_test_password_change_required(UserRecord
*h
);
428 /* The following six are user by group-record.c, that's why we export them here */
429 int json_dispatch_realm(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
);
430 int json_dispatch_gecos(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
);
431 int json_dispatch_user_group_list(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
);
432 int json_dispatch_user_disposition(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
);
434 int per_machine_id_match(JsonVariant
*ids
, JsonDispatchFlags flags
);
435 int per_machine_hostname_match(JsonVariant
*hns
, JsonDispatchFlags flags
);
436 int user_group_record_mangle(JsonVariant
*v
, UserRecordLoadFlags load_flags
, JsonVariant
**ret_variant
, UserRecordMask
*ret_mask
);
438 const char* user_storage_to_string(UserStorage t
) _const_
;
439 UserStorage
user_storage_from_string(const char *s
) _pure_
;
441 const char* user_disposition_to_string(UserDisposition t
) _const_
;
442 UserDisposition
user_disposition_from_string(const char *s
) _pure_
;
444 const char* auto_resize_mode_to_string(AutoResizeMode m
) _const_
;
445 AutoResizeMode
auto_resize_mode_from_string(const char *s
) _pure_
;