]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/shared/user-record.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #16690 from poettering/userdb-group-desc
[thirdparty/systemd.git] / src / shared / user-record.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #include <sys/mount.h>
4
5 #include "cgroup-util.h"
6 #include "dns-domain.h"
7 #include "env-util.h"
8 #include "fs-util.h"
9 #include "hexdecoct.h"
10 #include "hostname-util.h"
11 #include "memory-util.h"
12 #include "path-util.h"
13 #include "pkcs11-util.h"
14 #include "rlimit-util.h"
15 #include "stat-util.h"
16 #include "string-table.h"
17 #include "strv.h"
18 #include "user-record.h"
19 #include "user-util.h"
20
21 #define DEFAULT_RATELIMIT_BURST 30
22 #define DEFAULT_RATELIMIT_INTERVAL_USEC (1*USEC_PER_MINUTE)
23
24 UserRecord* user_record_new(void) {
25 UserRecord *h;
26
27 h = new(UserRecord, 1);
28 if (!h)
29 return NULL;
30
31 *h = (UserRecord) {
32 .n_ref = 1,
33 .disposition = _USER_DISPOSITION_INVALID,
34 .last_change_usec = UINT64_MAX,
35 .last_password_change_usec = UINT64_MAX,
36 .umask = MODE_INVALID,
37 .nice_level = INT_MAX,
38 .not_before_usec = UINT64_MAX,
39 .not_after_usec = UINT64_MAX,
40 .locked = -1,
41 .storage = _USER_STORAGE_INVALID,
42 .access_mode = MODE_INVALID,
43 .disk_size = UINT64_MAX,
44 .disk_size_relative = UINT64_MAX,
45 .tasks_max = UINT64_MAX,
46 .memory_high = UINT64_MAX,
47 .memory_max = UINT64_MAX,
48 .cpu_weight = UINT64_MAX,
49 .io_weight = UINT64_MAX,
50 .uid = UID_INVALID,
51 .gid = GID_INVALID,
52 .nodev = true,
53 .nosuid = true,
54 .luks_discard = -1,
55 .luks_offline_discard = -1,
56 .luks_volume_key_size = UINT64_MAX,
57 .luks_pbkdf_time_cost_usec = UINT64_MAX,
58 .luks_pbkdf_memory_cost = UINT64_MAX,
59 .luks_pbkdf_parallel_threads = UINT64_MAX,
60 .disk_usage = UINT64_MAX,
61 .disk_free = UINT64_MAX,
62 .disk_ceiling = UINT64_MAX,
63 .disk_floor = UINT64_MAX,
64 .signed_locally = -1,
65 .good_authentication_counter = UINT64_MAX,
66 .bad_authentication_counter = UINT64_MAX,
67 .last_good_authentication_usec = UINT64_MAX,
68 .last_bad_authentication_usec = UINT64_MAX,
69 .ratelimit_begin_usec = UINT64_MAX,
70 .ratelimit_count = UINT64_MAX,
71 .ratelimit_interval_usec = UINT64_MAX,
72 .ratelimit_burst = UINT64_MAX,
73 .removable = -1,
74 .enforce_password_policy = -1,
75 .auto_login = -1,
76 .stop_delay_usec = UINT64_MAX,
77 .kill_processes = -1,
78 .password_change_min_usec = UINT64_MAX,
79 .password_change_max_usec = UINT64_MAX,
80 .password_change_warn_usec = UINT64_MAX,
81 .password_change_inactive_usec = UINT64_MAX,
82 .password_change_now = -1,
83 .pkcs11_protected_authentication_path_permitted = -1,
84 .fido2_user_presence_permitted = -1,
85 };
86
87 return h;
88 }
89
90 static void pkcs11_encrypted_key_done(Pkcs11EncryptedKey *k) {
91 if (!k)
92 return;
93
94 free(k->uri);
95 erase_and_free(k->data);
96 erase_and_free(k->hashed_password);
97 }
98
99 static void fido2_hmac_credential_done(Fido2HmacCredential *c) {
100 if (!c)
101 return;
102
103 free(c->id);
104 }
105
106 static void fido2_hmac_salt_done(Fido2HmacSalt *s) {
107 if (!s)
108 return;
109
110 fido2_hmac_credential_done(&s->credential);
111 erase_and_free(s->salt);
112 erase_and_free(s->hashed_password);
113 }
114
115 static UserRecord* user_record_free(UserRecord *h) {
116 if (!h)
117 return NULL;
118
119 free(h->user_name);
120 free(h->realm);
121 free(h->user_name_and_realm_auto);
122 free(h->real_name);
123 free(h->email_address);
124 erase_and_free(h->password_hint);
125 free(h->location);
126 free(h->icon_name);
127
128 free(h->shell);
129
130 strv_free(h->environment);
131 free(h->time_zone);
132 free(h->preferred_language);
133 rlimit_free_all(h->rlimits);
134
135 free(h->skeleton_directory);
136
137 strv_free_erase(h->hashed_password);
138 strv_free_erase(h->ssh_authorized_keys);
139 strv_free_erase(h->password);
140 strv_free_erase(h->token_pin);
141
142 free(h->cifs_service);
143 free(h->cifs_user_name);
144 free(h->cifs_domain);
145
146 free(h->image_path);
147 free(h->image_path_auto);
148 free(h->home_directory);
149 free(h->home_directory_auto);
150
151 strv_free(h->member_of);
152
153 free(h->file_system_type);
154 free(h->luks_cipher);
155 free(h->luks_cipher_mode);
156 free(h->luks_pbkdf_hash_algorithm);
157 free(h->luks_pbkdf_type);
158
159 free(h->state);
160 free(h->service);
161
162 strv_free(h->pkcs11_token_uri);
163 for (size_t i = 0; i < h->n_pkcs11_encrypted_key; i++)
164 pkcs11_encrypted_key_done(h->pkcs11_encrypted_key + i);
165 free(h->pkcs11_encrypted_key);
166
167 for (size_t i = 0; i < h->n_fido2_hmac_credential; i++)
168 fido2_hmac_credential_done(h->fido2_hmac_credential + i);
169 for (size_t i = 0; i < h->n_fido2_hmac_salt; i++)
170 fido2_hmac_salt_done(h->fido2_hmac_salt + i);
171
172 json_variant_unref(h->json);
173
174 return mfree(h);
175 }
176
177 DEFINE_TRIVIAL_REF_UNREF_FUNC(UserRecord, user_record, user_record_free);
178
179 int json_dispatch_realm(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
180 char **s = userdata;
181 const char *n;
182 int r;
183
184 if (json_variant_is_null(variant)) {
185 *s = mfree(*s);
186 return 0;
187 }
188
189 if (!json_variant_is_string(variant))
190 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
191
192 n = json_variant_string(variant);
193 r = dns_name_is_valid(n);
194 if (r < 0)
195 return json_log(variant, flags, r, "Failed to check if JSON field '%s' is a valid DNS domain.", strna(name));
196 if (r == 0)
197 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid DNS domain.", strna(name));
198
199 r = free_and_strdup(s, n);
200 if (r < 0)
201 return json_log(variant, flags, r, "Failed to allocate string: %m");
202
203 return 0;
204 }
205
206 int json_dispatch_gecos(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
207 char **s = userdata;
208 const char *n;
209
210 if (json_variant_is_null(variant)) {
211 *s = mfree(*s);
212 return 0;
213 }
214
215 if (!json_variant_is_string(variant))
216 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
217
218 n = json_variant_string(variant);
219 if (valid_gecos(n)) {
220 if (free_and_strdup(s, n) < 0)
221 return json_log_oom(variant, flags);
222 } else {
223 _cleanup_free_ char *m = NULL;
224
225 json_log(variant, flags|JSON_DEBUG, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid GECOS compatible string, mangling.", strna(name));
226
227 m = mangle_gecos(n);
228 if (!m)
229 return json_log_oom(variant, flags);
230
231 free_and_replace(*s, m);
232 }
233
234 return 0;
235 }
236
237 static int json_dispatch_nice(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
238 int *nl = userdata;
239 intmax_t m;
240
241 if (json_variant_is_null(variant)) {
242 *nl = INT_MAX;
243 return 0;
244 }
245
246 if (!json_variant_is_integer(variant))
247 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
248
249 m = json_variant_integer(variant);
250 if (m < PRIO_MIN || m >= PRIO_MAX)
251 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not a valid nice level.", strna(name));
252
253 *nl = m;
254 return 0;
255 }
256
257 static int json_dispatch_rlimit_value(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
258 rlim_t *ret = userdata;
259
260 if (json_variant_is_null(variant))
261 *ret = RLIM_INFINITY;
262 else if (json_variant_is_unsigned(variant)) {
263 uintmax_t w;
264
265 w = json_variant_unsigned(variant);
266 if (w == RLIM_INFINITY || (uintmax_t) w != json_variant_unsigned(variant))
267 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "Resource limit value '%s' is out of range.", name);
268
269 *ret = (rlim_t) w;
270 } else
271 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit value '%s' is not an unsigned integer.", name);
272
273 return 0;
274 }
275
276 static int json_dispatch_rlimits(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
277 struct rlimit** limits = userdata;
278 JsonVariant *value;
279 const char *key;
280 int r;
281
282 assert_se(limits);
283
284 if (json_variant_is_null(variant)) {
285 rlimit_free_all(limits);
286 return 0;
287 }
288
289 if (!json_variant_is_object(variant))
290 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an object.", strna(name));
291
292 JSON_VARIANT_OBJECT_FOREACH(key, value, variant) {
293 JsonVariant *jcur, *jmax;
294 struct rlimit rl;
295 const char *p;
296 int l;
297
298 p = startswith(key, "RLIMIT_");
299 if (!p)
300 l = -1;
301 else
302 l = rlimit_from_string(p);
303 if (l < 0)
304 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' not known.", key);
305
306 if (!json_variant_is_object(value))
307 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' has invalid value.", key);
308
309 if (json_variant_elements(value) != 4)
310 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' value is does not have two fields as expected.", key);
311
312 jcur = json_variant_by_key(value, "cur");
313 if (!jcur)
314 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' lacks 'cur' field.", key);
315 r = json_dispatch_rlimit_value("cur", jcur, flags, &rl.rlim_cur);
316 if (r < 0)
317 return r;
318
319 jmax = json_variant_by_key(value, "max");
320 if (!jmax)
321 return json_log(value, flags, SYNTHETIC_ERRNO(EINVAL), "Resource limit '%s' lacks 'max' field.", key);
322 r = json_dispatch_rlimit_value("max", jmax, flags, &rl.rlim_max);
323 if (r < 0)
324 return r;
325
326 if (limits[l])
327 *(limits[l]) = rl;
328 else {
329 limits[l] = newdup(struct rlimit, &rl, 1);
330 if (!limits[l])
331 return log_oom();
332 }
333 }
334
335 return 0;
336 }
337
338 static int json_dispatch_filename_or_path(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
339 char **s = userdata;
340 const char *n;
341 int r;
342
343 assert(s);
344
345 if (json_variant_is_null(variant)) {
346 *s = mfree(*s);
347 return 0;
348 }
349
350 if (!json_variant_is_string(variant))
351 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
352
353 n = json_variant_string(variant);
354 if (!filename_is_valid(n) && !path_is_normalized(n))
355 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid file name or normalized path.", strna(name));
356
357 r = free_and_strdup(s, n);
358 if (r < 0)
359 return json_log(variant, flags, r, "Failed to allocate string: %m");
360
361 return 0;
362 }
363
364 static int json_dispatch_path(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
365 char **s = userdata;
366 const char *n;
367 int r;
368
369 if (json_variant_is_null(variant)) {
370 *s = mfree(*s);
371 return 0;
372 }
373
374 if (!json_variant_is_string(variant))
375 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
376
377 n = json_variant_string(variant);
378 if (!path_is_normalized(n))
379 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a normalized file system path.", strna(name));
380 if (!path_is_absolute(n))
381 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an absolute file system path.", strna(name));
382
383 r = free_and_strdup(s, n);
384 if (r < 0)
385 return json_log(variant, flags, r, "Failed to allocate string: %m");
386
387 return 0;
388 }
389
390 static int json_dispatch_home_directory(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
391 char **s = userdata;
392 const char *n;
393 int r;
394
395 if (json_variant_is_null(variant)) {
396 *s = mfree(*s);
397 return 0;
398 }
399
400 if (!json_variant_is_string(variant))
401 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
402
403 n = json_variant_string(variant);
404 if (!valid_home(n))
405 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid home directory path.", strna(name));
406
407 r = free_and_strdup(s, n);
408 if (r < 0)
409 return json_log(variant, flags, r, "Failed to allocate string: %m");
410
411 return 0;
412 }
413
414 static int json_dispatch_image_path(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
415 char **s = userdata;
416 const char *n;
417 int r;
418
419 if (json_variant_is_null(variant)) {
420 *s = mfree(*s);
421 return 0;
422 }
423
424 if (!json_variant_is_string(variant))
425 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
426
427 n = json_variant_string(variant);
428 if (empty_or_root(n) || !path_is_valid(n) || !path_is_absolute(n))
429 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid image path.", strna(name));
430
431 r = free_and_strdup(s, n);
432 if (r < 0)
433 return json_log(variant, flags, r, "Failed to allocate string: %m");
434
435 return 0;
436 }
437
438 static int json_dispatch_umask(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
439 mode_t *m = userdata;
440 uintmax_t k;
441
442 if (json_variant_is_null(variant)) {
443 *m = (mode_t) -1;
444 return 0;
445 }
446
447 if (!json_variant_is_unsigned(variant))
448 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a number.", strna(name));
449
450 k = json_variant_unsigned(variant);
451 if (k > 0777)
452 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' outside of valid range 0…0777.", strna(name));
453
454 *m = (mode_t) k;
455 return 0;
456 }
457
458 static int json_dispatch_access_mode(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
459 mode_t *m = userdata;
460 uintmax_t k;
461
462 if (json_variant_is_null(variant)) {
463 *m = (mode_t) -1;
464 return 0;
465 }
466
467 if (!json_variant_is_unsigned(variant))
468 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a number.", strna(name));
469
470 k = json_variant_unsigned(variant);
471 if (k > 07777)
472 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' outside of valid range 0…07777.", strna(name));
473
474 *m = (mode_t) k;
475 return 0;
476 }
477
478 static int json_dispatch_environment(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
479 _cleanup_strv_free_ char **n = NULL;
480 char ***l = userdata;
481 size_t i;
482 int r;
483
484 if (json_variant_is_null(variant)) {
485 *l = strv_free(*l);
486 return 0;
487 }
488
489 if (!json_variant_is_array(variant))
490 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array.", strna(name));
491
492 for (i = 0; i < json_variant_elements(variant); i++) {
493 _cleanup_free_ char *c = NULL;
494 JsonVariant *e;
495 const char *a;
496
497 e = json_variant_by_index(variant, i);
498 if (!json_variant_is_string(e))
499 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of strings.", strna(name));
500
501 assert_se(a = json_variant_string(e));
502
503 if (!env_assignment_is_valid(a))
504 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of environment variables.", strna(name));
505
506 c = strdup(a);
507 if (!c)
508 return json_log_oom(variant, flags);
509
510 r = strv_env_replace(&n, c);
511 if (r < 0)
512 return json_log_oom(variant, flags);
513
514 c = NULL;
515 }
516
517 strv_free_and_replace(*l, n);
518 return 0;
519 }
520
521 int json_dispatch_user_disposition(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
522 UserDisposition *disposition = userdata, k;
523
524 if (json_variant_is_null(variant)) {
525 *disposition = _USER_DISPOSITION_INVALID;
526 return 0;
527 }
528
529 if (!json_variant_is_string(variant))
530 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
531
532 k = user_disposition_from_string(json_variant_string(variant));
533 if (k < 0)
534 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Disposition type '%s' not known.", json_variant_string(variant));
535
536 *disposition = k;
537 return 0;
538 }
539
540 static int json_dispatch_storage(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
541 UserStorage *storage = userdata, k;
542
543 if (json_variant_is_null(variant)) {
544 *storage = _USER_STORAGE_INVALID;
545 return 0;
546 }
547
548 if (!json_variant_is_string(variant))
549 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
550
551 k = user_storage_from_string(json_variant_string(variant));
552 if (k < 0)
553 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Storage type '%s' not known.", json_variant_string(variant));
554
555 *storage = k;
556 return 0;
557 }
558
559 static int json_dispatch_disk_size(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
560 uint64_t *size = userdata;
561 uintmax_t k;
562
563 if (json_variant_is_null(variant)) {
564 *size = UINT64_MAX;
565 return 0;
566 }
567
568 if (!json_variant_is_unsigned(variant))
569 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an integer.", strna(name));
570
571 k = json_variant_unsigned(variant);
572 if (k < USER_DISK_SIZE_MIN || k > USER_DISK_SIZE_MAX)
573 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not in valid range %" PRIu64 "…%" PRIu64 ".", strna(name), USER_DISK_SIZE_MIN, USER_DISK_SIZE_MAX);
574
575 *size = k;
576 return 0;
577 }
578
579 static int json_dispatch_tasks_or_memory_max(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
580 uint64_t *limit = userdata;
581 uintmax_t k;
582
583 if (json_variant_is_null(variant)) {
584 *limit = UINT64_MAX;
585 return 0;
586 }
587
588 if (!json_variant_is_unsigned(variant))
589 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a integer.", strna(name));
590
591 k = json_variant_unsigned(variant);
592 if (k <= 0 || k >= UINT64_MAX)
593 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not in valid range %" PRIu64 "…%" PRIu64 ".", strna(name), (uint64_t) 1, UINT64_MAX-1);
594
595 *limit = k;
596 return 0;
597 }
598
599 static int json_dispatch_weight(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
600 uint64_t *weight = userdata;
601 uintmax_t k;
602
603 if (json_variant_is_null(variant)) {
604 *weight = UINT64_MAX;
605 return 0;
606 }
607
608 if (!json_variant_is_unsigned(variant))
609 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a integer.", strna(name));
610
611 k = json_variant_unsigned(variant);
612 if (k <= CGROUP_WEIGHT_MIN || k >= CGROUP_WEIGHT_MAX)
613 return json_log(variant, flags, SYNTHETIC_ERRNO(ERANGE), "JSON field '%s' is not in valid range %" PRIu64 "…%" PRIu64 ".", strna(name), (uint64_t) CGROUP_WEIGHT_MIN, (uint64_t) CGROUP_WEIGHT_MAX);
614
615 *weight = k;
616 return 0;
617 }
618
619 int json_dispatch_user_group_list(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
620 _cleanup_strv_free_ char **l = NULL;
621 char ***list = userdata;
622 JsonVariant *e;
623 int r;
624
625 if (!json_variant_is_array(variant))
626 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of strings.", strna(name));
627
628 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
629
630 if (!json_variant_is_string(e))
631 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string.");
632
633 if (!valid_user_group_name(json_variant_string(e), FLAGS_SET(flags, JSON_RELAX) ? VALID_USER_RELAX : 0))
634 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a valid user/group name: %s", json_variant_string(e));
635
636 r = strv_extend(&l, json_variant_string(e));
637 if (r < 0)
638 return json_log(e, flags, r, "Failed to append array element: %m");
639 }
640
641 r = strv_extend_strv(list, l, true);
642 if (r < 0)
643 return json_log(variant, flags, r, "Failed to merge user/group arrays: %m");
644
645 return 0;
646 }
647
648 static int dispatch_secret(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
649
650 static const JsonDispatch secret_dispatch_table[] = {
651 { "password", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, password), 0 },
652 { "tokenPin", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, token_pin), 0 },
653 { "pkcs11Pin", /* legacy alias */ _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, token_pin), 0 },
654 { "pkcs11ProtectedAuthenticationPathPermitted", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, pkcs11_protected_authentication_path_permitted), 0 },
655 { "fido2UserPresencePermitted", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, fido2_user_presence_permitted), 0 },
656 {},
657 };
658
659 return json_dispatch(variant, secret_dispatch_table, NULL, flags, userdata);
660 }
661
662 static int dispatch_pkcs11_uri(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
663 char **s = userdata;
664 const char *n;
665 int r;
666
667 if (json_variant_is_null(variant)) {
668 *s = mfree(*s);
669 return 0;
670 }
671
672 if (!json_variant_is_string(variant))
673 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
674
675 n = json_variant_string(variant);
676 if (!pkcs11_uri_valid(n))
677 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid RFC7512 PKCS#11 URI.", strna(name));
678
679 r = free_and_strdup(s, n);
680 if (r < 0)
681 return json_log(variant, flags, r, "Failed to allocate string: %m");
682
683 return 0;
684 }
685
686 static int dispatch_pkcs11_uri_array(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
687 _cleanup_strv_free_ char **z = NULL;
688 char ***l = userdata;
689 JsonVariant *e;
690 int r;
691
692 if (json_variant_is_null(variant)) {
693 *l = strv_free(*l);
694 return 0;
695 }
696
697 if (json_variant_is_string(variant)) {
698 const char *n;
699
700 n = json_variant_string(variant);
701 if (!pkcs11_uri_valid(n))
702 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid RFC7512 PKCS#11 URI.", strna(name));
703
704 z = strv_new(n);
705 if (!z)
706 return log_oom();
707
708 } else {
709
710 if (!json_variant_is_array(variant))
711 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string or array of strings.", strna(name));
712
713 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
714 const char *n;
715
716 if (!json_variant_is_string(e))
717 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string.");
718
719 n = json_variant_string(e);
720 if (!pkcs11_uri_valid(n))
721 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element in '%s' is not a valid RFC7512 PKCS#11 URI: %s", strna(name), n);
722
723 r = strv_extend(&z, n);
724 if (r < 0)
725 return log_oom();
726 }
727 }
728
729 strv_free_and_replace(*l, z);
730 return 0;
731 }
732
733 static int dispatch_pkcs11_key_data(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
734 Pkcs11EncryptedKey *k = userdata;
735 size_t l;
736 void *b;
737 int r;
738
739 if (json_variant_is_null(variant)) {
740 k->data = erase_and_free(k->data);
741 k->size = 0;
742 return 0;
743 }
744
745 if (!json_variant_is_string(variant))
746 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
747
748 r = unbase64mem(json_variant_string(variant), (size_t) -1, &b, &l);
749 if (r < 0)
750 return json_log(variant, flags, r, "Failed to decode encrypted PKCS#11 key: %m");
751
752 erase_and_free(k->data);
753 k->data = b;
754 k->size = l;
755
756 return 0;
757 }
758
759 static int dispatch_pkcs11_key(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
760 UserRecord *h = userdata;
761 JsonVariant *e;
762 int r;
763
764 if (!json_variant_is_array(variant))
765 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
766
767 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
768 Pkcs11EncryptedKey *array, *k;
769
770 static const JsonDispatch pkcs11_key_dispatch_table[] = {
771 { "uri", JSON_VARIANT_STRING, dispatch_pkcs11_uri, offsetof(Pkcs11EncryptedKey, uri), JSON_MANDATORY },
772 { "data", JSON_VARIANT_STRING, dispatch_pkcs11_key_data, 0, JSON_MANDATORY },
773 { "hashedPassword", JSON_VARIANT_STRING, json_dispatch_string, offsetof(Pkcs11EncryptedKey, hashed_password), JSON_MANDATORY },
774 {},
775 };
776
777 if (!json_variant_is_object(e))
778 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not an object.");
779
780 array = reallocarray(h->pkcs11_encrypted_key, h->n_pkcs11_encrypted_key + 1, sizeof(Pkcs11EncryptedKey));
781 if (!array)
782 return log_oom();
783
784 h->pkcs11_encrypted_key = array;
785 k = h->pkcs11_encrypted_key + h->n_pkcs11_encrypted_key;
786 *k = (Pkcs11EncryptedKey) {};
787
788 r = json_dispatch(e, pkcs11_key_dispatch_table, NULL, flags, k);
789 if (r < 0) {
790 pkcs11_encrypted_key_done(k);
791 return r;
792 }
793
794 h->n_pkcs11_encrypted_key++;
795 }
796
797 return 0;
798 }
799
800 static int dispatch_fido2_hmac_credential(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
801 Fido2HmacCredential *k = userdata;
802 size_t l;
803 void *b;
804 int r;
805
806 if (json_variant_is_null(variant)) {
807 k->id = mfree(k->id);
808 k->size = 0;
809 return 0;
810 }
811
812 if (!json_variant_is_string(variant))
813 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
814
815 r = unbase64mem(json_variant_string(variant), (size_t) -1, &b, &l);
816 if (r < 0)
817 return json_log(variant, flags, r, "Failed to decode FIDO2 credential ID: %m");
818
819 free_and_replace(k->id, b);
820 k->size = l;
821
822 return 0;
823 }
824
825 static int dispatch_fido2_hmac_credential_array(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
826 UserRecord *h = userdata;
827 JsonVariant *e;
828 int r;
829
830 if (!json_variant_is_array(variant))
831 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of strings.", strna(name));
832
833 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
834 Fido2HmacCredential *array;
835 size_t l;
836 void *b;
837
838 if (!json_variant_is_string(e))
839 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string.");
840
841 array = reallocarray(h->fido2_hmac_credential, h->n_fido2_hmac_credential + 1, sizeof(Fido2HmacCredential));
842 if (!array)
843 return log_oom();
844
845 r = unbase64mem(json_variant_string(e), (size_t) -1, &b, &l);
846 if (r < 0)
847 return json_log(variant, flags, r, "Failed to decode FIDO2 credential ID: %m");
848
849 h->fido2_hmac_credential = array;
850
851 h->fido2_hmac_credential[h->n_fido2_hmac_credential++] = (Fido2HmacCredential) {
852 .id = b,
853 .size = l,
854 };
855 }
856
857 return 0;
858 }
859
860 static int dispatch_fido2_hmac_salt_value(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
861 Fido2HmacSalt *k = userdata;
862 size_t l;
863 void *b;
864 int r;
865
866 if (json_variant_is_null(variant)) {
867 k->salt = erase_and_free(k->salt);
868 k->salt_size = 0;
869 return 0;
870 }
871
872 if (!json_variant_is_string(variant))
873 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
874
875 r = unbase64mem(json_variant_string(variant), (size_t) -1, &b, &l);
876 if (r < 0)
877 return json_log(variant, flags, r, "Failed to decode FIDO2 salt: %m");
878
879 erase_and_free(k->salt);
880 k->salt = b;
881 k->salt_size = l;
882
883 return 0;
884 }
885
886 static int dispatch_fido2_hmac_salt(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
887 UserRecord *h = userdata;
888 JsonVariant *e;
889 int r;
890
891 if (!json_variant_is_array(variant))
892 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
893
894 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
895 Fido2HmacSalt *array, *k;
896
897 static const JsonDispatch fido2_hmac_salt_dispatch_table[] = {
898 { "credential", JSON_VARIANT_STRING, dispatch_fido2_hmac_credential, offsetof(Fido2HmacSalt, credential), JSON_MANDATORY },
899 { "salt", JSON_VARIANT_STRING, dispatch_fido2_hmac_salt_value, 0, JSON_MANDATORY },
900 { "hashedPassword", JSON_VARIANT_STRING, json_dispatch_string, offsetof(Fido2HmacSalt, hashed_password), JSON_MANDATORY },
901 {},
902 };
903
904 if (!json_variant_is_object(e))
905 return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not an object.");
906
907 array = reallocarray(h->fido2_hmac_salt, h->n_fido2_hmac_salt + 1, sizeof(Fido2HmacSalt));
908 if (!array)
909 return log_oom();
910
911 h->fido2_hmac_salt = array;
912 k = h->fido2_hmac_salt + h->n_fido2_hmac_salt;
913 *k = (Fido2HmacSalt) {};
914
915 r = json_dispatch(e, fido2_hmac_salt_dispatch_table, NULL, flags, k);
916 if (r < 0) {
917 fido2_hmac_salt_done(k);
918 return r;
919 }
920
921 h->n_fido2_hmac_salt++;
922 }
923
924 return 0;
925 }
926
927 static int dispatch_privileged(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
928
929 static const JsonDispatch privileged_dispatch_table[] = {
930 { "passwordHint", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, password_hint), 0 },
931 { "hashedPassword", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, hashed_password), JSON_SAFE },
932 { "sshAuthorizedKeys", _JSON_VARIANT_TYPE_INVALID, json_dispatch_strv, offsetof(UserRecord, ssh_authorized_keys), 0 },
933 { "pkcs11EncryptedKey", JSON_VARIANT_ARRAY, dispatch_pkcs11_key, 0, 0 },
934 { "fido2HmacSalt", JSON_VARIANT_ARRAY, dispatch_fido2_hmac_salt, 0, 0 },
935 {},
936 };
937
938 return json_dispatch(variant, privileged_dispatch_table, NULL, flags, userdata);
939 }
940
941 static int dispatch_binding(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
942
943 static const JsonDispatch binding_dispatch_table[] = {
944 { "imagePath", JSON_VARIANT_STRING, json_dispatch_image_path, offsetof(UserRecord, image_path), 0 },
945 { "homeDirectory", JSON_VARIANT_STRING, json_dispatch_home_directory, offsetof(UserRecord, home_directory), 0 },
946 { "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 },
947 { "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 },
948 { "fileSystemUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, file_system_uuid), 0 },
949 { "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 },
950 { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 },
951 { "storage", JSON_VARIANT_STRING, json_dispatch_storage, offsetof(UserRecord, storage), 0 },
952 { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
953 { "luksCipher", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher), JSON_SAFE },
954 { "luksCipherMode", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher_mode), JSON_SAFE },
955 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_volume_key_size), 0 },
956 {},
957 };
958
959 char smid[SD_ID128_STRING_MAX];
960 JsonVariant *m;
961 sd_id128_t mid;
962 int r;
963
964 if (!variant)
965 return 0;
966
967 if (!json_variant_is_object(variant))
968 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an object.", strna(name));
969
970 r = sd_id128_get_machine(&mid);
971 if (r < 0)
972 return json_log(variant, flags, r, "Failed to determine machine ID: %m");
973
974 m = json_variant_by_key(variant, sd_id128_to_string(mid, smid));
975 if (!m)
976 return 0;
977
978 return json_dispatch(m, binding_dispatch_table, NULL, flags, userdata);
979 }
980
981 int per_machine_id_match(JsonVariant *ids, JsonDispatchFlags flags) {
982 sd_id128_t mid;
983 int r;
984
985 r = sd_id128_get_machine(&mid);
986 if (r < 0)
987 return json_log(ids, flags, r, "Failed to acquire machine ID: %m");
988
989 if (json_variant_is_string(ids)) {
990 sd_id128_t k;
991
992 r = sd_id128_from_string(json_variant_string(ids), &k);
993 if (r < 0) {
994 json_log(ids, flags, r, "%s is not a valid machine ID, ignoring: %m", json_variant_string(ids));
995 return 0;
996 }
997
998 return sd_id128_equal(mid, k);
999 }
1000
1001 if (json_variant_is_array(ids)) {
1002 JsonVariant *e;
1003
1004 JSON_VARIANT_ARRAY_FOREACH(e, ids) {
1005 sd_id128_t k;
1006
1007 if (!json_variant_is_string(e)) {
1008 json_log(e, flags, 0, "Machine ID is not a string, ignoring: %m");
1009 continue;
1010 }
1011
1012 r = sd_id128_from_string(json_variant_string(e), &k);
1013 if (r < 0) {
1014 json_log(e, flags, r, "%s is not a valid machine ID, ignoring: %m", json_variant_string(e));
1015 continue;
1016 }
1017
1018 if (sd_id128_equal(mid, k))
1019 return true;
1020 }
1021
1022 return false;
1023 }
1024
1025 json_log(ids, flags, 0, "Machine ID is not a string or array of strings, ignoring: %m");
1026 return false;
1027 }
1028
1029 int per_machine_hostname_match(JsonVariant *hns, JsonDispatchFlags flags) {
1030 _cleanup_free_ char *hn = NULL;
1031 int r;
1032
1033 r = gethostname_strict(&hn);
1034 if (r == -ENXIO) {
1035 json_log(hns, flags, r, "No hostname set, not matching perMachine hostname record: %m");
1036 return false;
1037 }
1038 if (r < 0)
1039 return json_log(hns, flags, r, "Failed to acquire hostname: %m");
1040
1041 if (json_variant_is_string(hns))
1042 return streq(json_variant_string(hns), hn);
1043
1044 if (json_variant_is_array(hns)) {
1045 JsonVariant *e;
1046
1047 JSON_VARIANT_ARRAY_FOREACH(e, hns) {
1048
1049 if (!json_variant_is_string(e)) {
1050 json_log(e, flags, 0, "Hostname is not a string, ignoring: %m");
1051 continue;
1052 }
1053
1054 if (streq(json_variant_string(hns), hn))
1055 return true;
1056 }
1057
1058 return false;
1059 }
1060
1061 json_log(hns, flags, 0, "Hostname is not a string or array of strings, ignoring: %m");
1062 return false;
1063 }
1064
1065 static int dispatch_per_machine(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1066
1067 static const JsonDispatch per_machine_dispatch_table[] = {
1068 { "matchMachineId", _JSON_VARIANT_TYPE_INVALID, NULL, 0, 0 },
1069 { "matchHostname", _JSON_VARIANT_TYPE_INVALID, NULL, 0, 0 },
1070 { "iconName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, icon_name), JSON_SAFE },
1071 { "location", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, location), 0 },
1072 { "shell", JSON_VARIANT_STRING, json_dispatch_filename_or_path, offsetof(UserRecord, shell), 0 },
1073 { "umask", JSON_VARIANT_UNSIGNED, json_dispatch_umask, offsetof(UserRecord, umask), 0 },
1074 { "environment", JSON_VARIANT_ARRAY, json_dispatch_environment, offsetof(UserRecord, environment), 0 },
1075 { "timeZone", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, time_zone), JSON_SAFE },
1076 { "preferredLanguage", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, preferred_language), JSON_SAFE },
1077 { "niceLevel", _JSON_VARIANT_TYPE_INVALID, json_dispatch_nice, offsetof(UserRecord, nice_level), 0 },
1078 { "resourceLimits", _JSON_VARIANT_TYPE_INVALID, json_dispatch_rlimits, offsetof(UserRecord, rlimits), 0 },
1079 { "locked", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, locked), 0 },
1080 { "notBeforeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_before_usec), 0 },
1081 { "notAfterUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_after_usec), 0 },
1082 { "storage", JSON_VARIANT_STRING, json_dispatch_storage, offsetof(UserRecord, storage), 0 },
1083 { "diskSize", JSON_VARIANT_UNSIGNED, json_dispatch_disk_size, offsetof(UserRecord, disk_size), 0 },
1084 { "diskSizeRelative", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_size_relative), 0 },
1085 { "skeletonDirectory", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, skeleton_directory), 0 },
1086 { "accessMode", JSON_VARIANT_UNSIGNED, json_dispatch_access_mode, offsetof(UserRecord, access_mode), 0 },
1087 { "tasksMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, tasks_max), 0 },
1088 { "memoryHigh", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_high), 0 },
1089 { "memoryMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_max), 0 },
1090 { "cpuWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, cpu_weight), 0 },
1091 { "ioWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, io_weight), 0 },
1092 { "mountNoDevices", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nodev), 0 },
1093 { "mountNoSuid", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nosuid), 0 },
1094 { "mountNoExecute", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, noexec), 0 },
1095 { "cifsDomain", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_domain), JSON_SAFE },
1096 { "cifsUserName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_user_name), JSON_SAFE },
1097 { "cifsService", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_service), JSON_SAFE },
1098 { "imagePath", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, image_path), 0 },
1099 { "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 },
1100 { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 },
1101 { "memberOf", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(UserRecord, member_of), JSON_RELAX},
1102 { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
1103 { "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 },
1104 { "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 },
1105 { "fileSystemUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, file_system_uuid), 0 },
1106 { "luksDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_discard), 0, },
1107 { "luksOfflineDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_offline_discard), 0, },
1108 { "luksCipher", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher), JSON_SAFE },
1109 { "luksCipherMode", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher_mode), JSON_SAFE },
1110 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_volume_key_size), 0 },
1111 { "luksPbkdfHashAlgorithm", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_hash_algorithm), JSON_SAFE },
1112 { "luksPbkdfType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_type), JSON_SAFE },
1113 { "luksPbkdfTimeCostUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_time_cost_usec), 0 },
1114 { "luksPbkdfMemoryCost", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_memory_cost), 0 },
1115 { "luksPbkdfParallelThreads", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_parallel_threads), 0 },
1116 { "rateLimitIntervalUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_interval_usec), 0 },
1117 { "rateLimitBurst", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_burst), 0 },
1118 { "enforcePasswordPolicy", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, enforce_password_policy), 0 },
1119 { "autoLogin", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, auto_login), 0 },
1120 { "stopDelayUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, stop_delay_usec), 0 },
1121 { "killProcesses", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, kill_processes), 0 },
1122 { "passwordChangeMinUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_min_usec), 0 },
1123 { "passwordChangeMaxUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_max_usec), 0 },
1124 { "passwordChangeWarnUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_warn_usec), 0 },
1125 { "passwordChangeInactiveUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_inactive_usec), 0 },
1126 { "passwordChangeNow", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, password_change_now), 0 },
1127 { "pkcs11TokenUri", JSON_VARIANT_ARRAY, dispatch_pkcs11_uri_array, offsetof(UserRecord, pkcs11_token_uri), 0 },
1128 { "fido2HmacCredential", JSON_VARIANT_ARRAY, dispatch_fido2_hmac_credential_array, 0, 0 },
1129 {},
1130 };
1131
1132 JsonVariant *e;
1133 int r;
1134
1135 if (!variant)
1136 return 0;
1137
1138 if (!json_variant_is_array(variant))
1139 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array.", strna(name));
1140
1141 JSON_VARIANT_ARRAY_FOREACH(e, variant) {
1142 bool matching = false;
1143 JsonVariant *m;
1144
1145 if (!json_variant_is_object(e))
1146 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array of objects.", strna(name));
1147
1148 m = json_variant_by_key(e, "matchMachineId");
1149 if (m) {
1150 r = per_machine_id_match(m, flags);
1151 if (r < 0)
1152 return r;
1153
1154 matching = r > 0;
1155 }
1156
1157 if (!matching) {
1158 m = json_variant_by_key(e, "matchHostname");
1159 if (m) {
1160 r = per_machine_hostname_match(m, flags);
1161 if (r < 0)
1162 return r;
1163
1164 matching = r > 0;
1165 }
1166 }
1167
1168 if (!matching)
1169 continue;
1170
1171 r = json_dispatch(e, per_machine_dispatch_table, NULL, flags, userdata);
1172 if (r < 0)
1173 return r;
1174 }
1175
1176 return 0;
1177 }
1178
1179 static int dispatch_status(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
1180
1181 static const JsonDispatch status_dispatch_table[] = {
1182 { "diskUsage", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_usage), 0 },
1183 { "diskFree", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_free), 0 },
1184 { "diskSize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_size), 0 },
1185 { "diskCeiling", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_ceiling), 0 },
1186 { "diskFloor", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_floor), 0 },
1187 { "state", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, state), JSON_SAFE },
1188 { "service", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, service), JSON_SAFE },
1189 { "signedLocally", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, signed_locally), 0 },
1190 { "goodAuthenticationCounter", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, good_authentication_counter), 0 },
1191 { "badAuthenticationCounter", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, bad_authentication_counter), 0 },
1192 { "lastGoodAuthenticationUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_good_authentication_usec), 0 },
1193 { "lastBadAuthenticationUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_bad_authentication_usec), 0 },
1194 { "rateLimitBeginUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_begin_usec), 0 },
1195 { "rateLimitCount", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_count), 0 },
1196 { "removable", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, removable), 0 },
1197 {},
1198 };
1199
1200 char smid[SD_ID128_STRING_MAX];
1201 JsonVariant *m;
1202 sd_id128_t mid;
1203 int r;
1204
1205 if (!variant)
1206 return 0;
1207
1208 if (!json_variant_is_object(variant))
1209 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an object.", strna(name));
1210
1211 r = sd_id128_get_machine(&mid);
1212 if (r < 0)
1213 return json_log(variant, flags, r, "Failed to determine machine ID: %m");
1214
1215 m = json_variant_by_key(variant, sd_id128_to_string(mid, smid));
1216 if (!m)
1217 return 0;
1218
1219 return json_dispatch(m, status_dispatch_table, NULL, flags, userdata);
1220 }
1221
1222 int user_record_build_image_path(UserStorage storage, const char *user_name_and_realm, char **ret) {
1223 const char *suffix;
1224 char *z;
1225
1226 assert(storage >= 0);
1227 assert(user_name_and_realm);
1228 assert(ret);
1229
1230 if (storage == USER_LUKS)
1231 suffix = ".home";
1232 else if (IN_SET(storage, USER_DIRECTORY, USER_SUBVOLUME, USER_FSCRYPT))
1233 suffix = ".homedir";
1234 else {
1235 *ret = NULL;
1236 return 0;
1237 }
1238
1239 z = strjoin("/home/", user_name_and_realm, suffix);
1240 if (!z)
1241 return -ENOMEM;
1242
1243 *ret = z;
1244 return 1;
1245 }
1246
1247 static int user_record_augment(UserRecord *h, JsonDispatchFlags json_flags) {
1248 int r;
1249
1250 assert(h);
1251
1252 if (!FLAGS_SET(h->mask, USER_RECORD_REGULAR))
1253 return 0;
1254
1255 assert(h->user_name);
1256
1257 if (!h->user_name_and_realm_auto && h->realm) {
1258 h->user_name_and_realm_auto = strjoin(h->user_name, "@", h->realm);
1259 if (!h->user_name_and_realm_auto)
1260 return json_log_oom(h->json, json_flags);
1261 }
1262
1263 /* Let's add in the following automatisms only for regular users, they don't make sense for any others */
1264 if (user_record_disposition(h) != USER_REGULAR)
1265 return 0;
1266
1267 if (!h->home_directory && !h->home_directory_auto) {
1268 h->home_directory_auto = path_join("/home/", h->user_name);
1269 if (!h->home_directory_auto)
1270 return json_log_oom(h->json, json_flags);
1271 }
1272
1273 if (!h->image_path && !h->image_path_auto) {
1274 r = user_record_build_image_path(user_record_storage(h), user_record_user_name_and_realm(h), &h->image_path_auto);
1275 if (r < 0)
1276 return json_log(h->json, json_flags, r, "Failed to determine default image path: %m");
1277 }
1278
1279 return 0;
1280 }
1281
1282 int user_group_record_mangle(
1283 JsonVariant *v,
1284 UserRecordLoadFlags load_flags,
1285 JsonVariant **ret_variant,
1286 UserRecordMask *ret_mask) {
1287
1288 static const struct {
1289 UserRecordMask mask;
1290 const char *name;
1291 } mask_field[] = {
1292 { USER_RECORD_PRIVILEGED, "privileged" },
1293 { USER_RECORD_SECRET, "secret" },
1294 { USER_RECORD_BINDING, "binding" },
1295 { USER_RECORD_PER_MACHINE, "perMachine" },
1296 { USER_RECORD_STATUS, "status" },
1297 { USER_RECORD_SIGNATURE, "signature" },
1298 };
1299
1300 JsonDispatchFlags json_flags = USER_RECORD_LOAD_FLAGS_TO_JSON_DISPATCH_FLAGS(load_flags);
1301 _cleanup_(json_variant_unrefp) JsonVariant *w = NULL;
1302 JsonVariant *array[ELEMENTSOF(mask_field) * 2];
1303 size_t n_retain = 0, i;
1304 UserRecordMask m = 0;
1305 int r;
1306
1307 assert((load_flags & _USER_RECORD_MASK_MAX) == 0); /* detect mistakes when accidentally passing
1308 * UserRecordMask bit masks as UserRecordLoadFlags
1309 * value */
1310
1311 assert(v);
1312 assert(ret_variant);
1313 assert(ret_mask);
1314
1315 /* Note that this function is shared with the group record parser, hence we try to be generic in our
1316 * log message wording here, to cover both cases. */
1317
1318 if (!json_variant_is_object(v))
1319 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record is not a JSON object, refusing.");
1320
1321 if (USER_RECORD_ALLOW_MASK(load_flags) == 0) /* allow nothing? */
1322 return json_log(v, json_flags, SYNTHETIC_ERRNO(EINVAL), "Nothing allowed in record, refusing.");
1323
1324 if (USER_RECORD_STRIP_MASK(load_flags) == _USER_RECORD_MASK_MAX) /* strip everything? */
1325 return json_log(v, json_flags, SYNTHETIC_ERRNO(EINVAL), "Stripping everything from record, refusing.");
1326
1327 /* Check if we have the special sections and if they match our flags set */
1328 for (i = 0; i < ELEMENTSOF(mask_field); i++) {
1329 JsonVariant *e, *k;
1330
1331 if (FLAGS_SET(USER_RECORD_STRIP_MASK(load_flags), mask_field[i].mask)) {
1332 if (!w)
1333 w = json_variant_ref(v);
1334
1335 r = json_variant_filter(&w, STRV_MAKE(mask_field[i].name));
1336 if (r < 0)
1337 return json_log(w, json_flags, r, "Failed to remove field from variant: %m");
1338
1339 continue;
1340 }
1341
1342 e = json_variant_by_key_full(v, mask_field[i].name, &k);
1343 if (e) {
1344 if (!FLAGS_SET(USER_RECORD_ALLOW_MASK(load_flags), mask_field[i].mask))
1345 return json_log(e, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record contains '%s' field, which is not allowed.", mask_field[i].name);
1346
1347 if (FLAGS_SET(load_flags, USER_RECORD_STRIP_REGULAR)) {
1348 array[n_retain++] = k;
1349 array[n_retain++] = e;
1350 }
1351
1352 m |= mask_field[i].mask;
1353 } else {
1354 if (FLAGS_SET(USER_RECORD_REQUIRE_MASK(load_flags), mask_field[i].mask))
1355 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record lacks '%s' field, which is required.", mask_field[i].name);
1356 }
1357 }
1358
1359 if (FLAGS_SET(load_flags, USER_RECORD_STRIP_REGULAR)) {
1360 /* If we are supposed to strip regular items, then let's instead just allocate a new object
1361 * with just the stuff we need. */
1362
1363 w = json_variant_unref(w);
1364 r = json_variant_new_object(&w, array, n_retain);
1365 if (r < 0)
1366 return json_log(v, json_flags, r, "Failed to allocate new object: %m");
1367 } else {
1368 /* And now check if there's anything else in the record */
1369 for (i = 0; i < json_variant_elements(v); i += 2) {
1370 const char *f;
1371 bool special = false;
1372 size_t j;
1373
1374 assert_se(f = json_variant_string(json_variant_by_index(v, i)));
1375
1376 for (j = 0; j < ELEMENTSOF(mask_field); j++)
1377 if (streq(f, mask_field[j].name)) { /* already covered in the loop above */
1378 special = true;
1379 continue;
1380 }
1381
1382 if (!special) {
1383 if ((load_flags & (USER_RECORD_ALLOW_REGULAR|USER_RECORD_REQUIRE_REGULAR)) == 0)
1384 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record contains '%s' field, which is not allowed.", f);
1385
1386 m |= USER_RECORD_REGULAR;
1387 break;
1388 }
1389 }
1390 }
1391
1392 if (FLAGS_SET(load_flags, USER_RECORD_REQUIRE_REGULAR) && !FLAGS_SET(m, USER_RECORD_REGULAR))
1393 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record lacks basic identity fields, which are required.");
1394
1395 if (m == 0)
1396 return json_log(v, json_flags, SYNTHETIC_ERRNO(EBADMSG), "Record is empty.");
1397
1398 if (w)
1399 *ret_variant = TAKE_PTR(w);
1400 else
1401 *ret_variant = json_variant_ref(v);
1402
1403 *ret_mask = m;
1404 return 0;
1405 }
1406
1407 int user_record_load(UserRecord *h, JsonVariant *v, UserRecordLoadFlags load_flags) {
1408
1409 static const JsonDispatch user_dispatch_table[] = {
1410 { "userName", JSON_VARIANT_STRING, json_dispatch_user_group_name, offsetof(UserRecord, user_name), JSON_RELAX},
1411 { "realm", JSON_VARIANT_STRING, json_dispatch_realm, offsetof(UserRecord, realm), 0 },
1412 { "realName", JSON_VARIANT_STRING, json_dispatch_gecos, offsetof(UserRecord, real_name), 0 },
1413 { "emailAddress", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, email_address), JSON_SAFE },
1414 { "iconName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, icon_name), JSON_SAFE },
1415 { "location", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, location), 0 },
1416 { "disposition", JSON_VARIANT_STRING, json_dispatch_user_disposition, offsetof(UserRecord, disposition), 0 },
1417 { "lastChangeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_change_usec), 0 },
1418 { "lastPasswordChangeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, last_password_change_usec), 0 },
1419 { "shell", JSON_VARIANT_STRING, json_dispatch_filename_or_path, offsetof(UserRecord, shell), 0 },
1420 { "umask", JSON_VARIANT_UNSIGNED, json_dispatch_umask, offsetof(UserRecord, umask), 0 },
1421 { "environment", JSON_VARIANT_ARRAY, json_dispatch_environment, offsetof(UserRecord, environment), 0 },
1422 { "timeZone", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, time_zone), JSON_SAFE },
1423 { "preferredLanguage", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, preferred_language), JSON_SAFE },
1424 { "niceLevel", _JSON_VARIANT_TYPE_INVALID, json_dispatch_nice, offsetof(UserRecord, nice_level), 0 },
1425 { "resourceLimits", _JSON_VARIANT_TYPE_INVALID, json_dispatch_rlimits, offsetof(UserRecord, rlimits), 0 },
1426 { "locked", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, locked), 0 },
1427 { "notBeforeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_before_usec), 0 },
1428 { "notAfterUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, not_after_usec), 0 },
1429 { "storage", JSON_VARIANT_STRING, json_dispatch_storage, offsetof(UserRecord, storage), 0 },
1430 { "diskSize", JSON_VARIANT_UNSIGNED, json_dispatch_disk_size, offsetof(UserRecord, disk_size), 0 },
1431 { "diskSizeRelative", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, disk_size_relative), 0 },
1432 { "skeletonDirectory", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, skeleton_directory), 0 },
1433 { "accessMode", JSON_VARIANT_UNSIGNED, json_dispatch_access_mode, offsetof(UserRecord, access_mode), 0 },
1434 { "tasksMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, tasks_max), 0 },
1435 { "memoryHigh", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_high), 0 },
1436 { "memoryMax", JSON_VARIANT_UNSIGNED, json_dispatch_tasks_or_memory_max, offsetof(UserRecord, memory_max), 0 },
1437 { "cpuWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, cpu_weight), 0 },
1438 { "ioWeight", JSON_VARIANT_UNSIGNED, json_dispatch_weight, offsetof(UserRecord, io_weight), 0 },
1439 { "mountNoDevices", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nodev), 0 },
1440 { "mountNoSuid", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, nosuid), 0 },
1441 { "mountNoExecute", JSON_VARIANT_BOOLEAN, json_dispatch_boolean, offsetof(UserRecord, noexec), 0 },
1442 { "cifsDomain", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_domain), JSON_SAFE },
1443 { "cifsUserName", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_user_name), JSON_SAFE },
1444 { "cifsService", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, cifs_service), JSON_SAFE },
1445 { "imagePath", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, image_path), 0 },
1446 { "homeDirectory", JSON_VARIANT_STRING, json_dispatch_home_directory, offsetof(UserRecord, home_directory), 0 },
1447 { "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 },
1448 { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 },
1449 { "memberOf", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(UserRecord, member_of), JSON_RELAX},
1450 { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
1451 { "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 },
1452 { "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 },
1453 { "fileSystemUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, file_system_uuid), 0 },
1454 { "luksDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_discard), 0 },
1455 { "luksOfflineDiscard", _JSON_VARIANT_TYPE_INVALID, json_dispatch_tristate, offsetof(UserRecord, luks_offline_discard), 0 },
1456 { "luksCipher", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher), JSON_SAFE },
1457 { "luksCipherMode", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_cipher_mode), JSON_SAFE },
1458 { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_volume_key_size), 0 },
1459 { "luksPbkdfHashAlgorithm", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_hash_algorithm), JSON_SAFE },
1460 { "luksPbkdfType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_type), JSON_SAFE },
1461 { "luksPbkdfTimeCostUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_time_cost_usec), 0 },
1462 { "luksPbkdfMemoryCost", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_memory_cost), 0 },
1463 { "luksPbkdfParallelThreads", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_parallel_threads), 0 },
1464 { "service", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, service), JSON_SAFE },
1465 { "rateLimitIntervalUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_interval_usec), 0 },
1466 { "rateLimitBurst", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, ratelimit_burst), 0 },
1467 { "enforcePasswordPolicy", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, enforce_password_policy), 0 },
1468 { "autoLogin", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, auto_login), 0 },
1469 { "stopDelayUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, stop_delay_usec), 0 },
1470 { "killProcesses", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, kill_processes), 0 },
1471 { "passwordChangeMinUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_min_usec), 0 },
1472 { "passwordChangeMaxUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_max_usec), 0 },
1473 { "passwordChangeWarnUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_warn_usec), 0 },
1474 { "passwordChangeInactiveUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, password_change_inactive_usec), 0 },
1475 { "passwordChangeNow", JSON_VARIANT_BOOLEAN, json_dispatch_tristate, offsetof(UserRecord, password_change_now), 0 },
1476 { "pkcs11TokenUri", JSON_VARIANT_ARRAY, dispatch_pkcs11_uri_array, offsetof(UserRecord, pkcs11_token_uri), 0 },
1477 { "fido2HmacCredential", JSON_VARIANT_ARRAY, dispatch_fido2_hmac_credential_array, 0, 0 },
1478
1479 { "secret", JSON_VARIANT_OBJECT, dispatch_secret, 0, 0 },
1480 { "privileged", JSON_VARIANT_OBJECT, dispatch_privileged, 0, 0 },
1481
1482 /* Ignore the perMachine, binding, status stuff here, and process it later, so that it overrides whatever is set above */
1483 { "perMachine", JSON_VARIANT_ARRAY, NULL, 0, 0 },
1484 { "binding", JSON_VARIANT_OBJECT, NULL, 0, 0 },
1485 { "status", JSON_VARIANT_OBJECT, NULL, 0, 0 },
1486
1487 /* Ignore 'signature', we check it with explicit accessors instead */
1488 { "signature", JSON_VARIANT_ARRAY, NULL, 0, 0 },
1489 {},
1490 };
1491
1492 JsonDispatchFlags json_flags = USER_RECORD_LOAD_FLAGS_TO_JSON_DISPATCH_FLAGS(load_flags);
1493 int r;
1494
1495 assert(h);
1496 assert(!h->json);
1497
1498 /* Note that this call will leave a half-initialized record around on failure! */
1499
1500 r = user_group_record_mangle(v, load_flags, &h->json, &h->mask);
1501 if (r < 0)
1502 return r;
1503
1504 r = json_dispatch(h->json, user_dispatch_table, NULL, json_flags, h);
1505 if (r < 0)
1506 return r;
1507
1508 /* During the parsing operation above we ignored the 'perMachine', 'binding' and 'status' fields,
1509 * since we want them to override the global options. Let's process them now. */
1510
1511 r = dispatch_per_machine("perMachine", json_variant_by_key(h->json, "perMachine"), json_flags, h);
1512 if (r < 0)
1513 return r;
1514
1515 r = dispatch_binding("binding", json_variant_by_key(h->json, "binding"), json_flags, h);
1516 if (r < 0)
1517 return r;
1518
1519 r = dispatch_status("status", json_variant_by_key(h->json, "status"), json_flags, h);
1520 if (r < 0)
1521 return r;
1522
1523 if (FLAGS_SET(h->mask, USER_RECORD_REGULAR) && !h->user_name)
1524 return json_log(h->json, json_flags, SYNTHETIC_ERRNO(EINVAL), "User name field missing, refusing.");
1525
1526 r = user_record_augment(h, json_flags);
1527 if (r < 0)
1528 return r;
1529
1530 return 0;
1531 }
1532
1533 int user_record_build(UserRecord **ret, ...) {
1534 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1535 _cleanup_(user_record_unrefp) UserRecord *u = NULL;
1536 va_list ap;
1537 int r;
1538
1539 assert(ret);
1540
1541 va_start(ap, ret);
1542 r = json_buildv(&v, ap);
1543 va_end(ap);
1544
1545 if (r < 0)
1546 return r;
1547
1548 u = user_record_new();
1549 if (!u)
1550 return -ENOMEM;
1551
1552 r = user_record_load(u, v, USER_RECORD_LOAD_FULL);
1553 if (r < 0)
1554 return r;
1555
1556 *ret = TAKE_PTR(u);
1557 return 0;
1558 }
1559
1560 const char *user_record_user_name_and_realm(UserRecord *h) {
1561 assert(h);
1562
1563 /* Return the pre-initialized joined string if it is defined */
1564 if (h->user_name_and_realm_auto)
1565 return h->user_name_and_realm_auto;
1566
1567 /* If it's not defined then we cannot have a realm */
1568 assert(!h->realm);
1569 return h->user_name;
1570 }
1571
1572 UserStorage user_record_storage(UserRecord *h) {
1573 assert(h);
1574
1575 if (h->storage >= 0)
1576 return h->storage;
1577
1578 return USER_CLASSIC;
1579 }
1580
1581 const char *user_record_file_system_type(UserRecord *h) {
1582 assert(h);
1583
1584 return h->file_system_type ?: "ext4";
1585 }
1586
1587 const char *user_record_skeleton_directory(UserRecord *h) {
1588 assert(h);
1589
1590 return h->skeleton_directory ?: "/etc/skel";
1591 }
1592
1593 mode_t user_record_access_mode(UserRecord *h) {
1594 assert(h);
1595
1596 return h->access_mode != (mode_t) -1 ? h->access_mode : 0700;
1597 }
1598
1599 const char* user_record_home_directory(UserRecord *h) {
1600 assert(h);
1601
1602 if (h->home_directory)
1603 return h->home_directory;
1604 if (h->home_directory_auto)
1605 return h->home_directory_auto;
1606
1607 /* The root user is special, hence be special about it */
1608 if (streq_ptr(h->user_name, "root"))
1609 return "/root";
1610
1611 return "/";
1612 }
1613
1614 const char *user_record_image_path(UserRecord *h) {
1615 assert(h);
1616
1617 if (h->image_path)
1618 return h->image_path;
1619 if (h->image_path_auto)
1620 return h->image_path_auto;
1621
1622 return IN_SET(user_record_storage(h), USER_CLASSIC, USER_DIRECTORY, USER_SUBVOLUME, USER_FSCRYPT) ? user_record_home_directory(h) : NULL;
1623 }
1624
1625 const char *user_record_cifs_user_name(UserRecord *h) {
1626 assert(h);
1627
1628 return h->cifs_user_name ?: h->user_name;
1629 }
1630
1631 unsigned long user_record_mount_flags(UserRecord *h) {
1632 assert(h);
1633
1634 return (h->nosuid ? MS_NOSUID : 0) |
1635 (h->noexec ? MS_NOEXEC : 0) |
1636 (h->nodev ? MS_NODEV : 0);
1637 }
1638
1639 const char *user_record_shell(UserRecord *h) {
1640 assert(h);
1641
1642 if (h->shell)
1643 return h->shell;
1644
1645 if (streq_ptr(h->user_name, "root"))
1646 return "/bin/sh";
1647
1648 if (user_record_disposition(h) == USER_REGULAR)
1649 return "/bin/bash";
1650
1651 return NOLOGIN;
1652 }
1653
1654 const char *user_record_real_name(UserRecord *h) {
1655 assert(h);
1656
1657 return h->real_name ?: h->user_name;
1658 }
1659
1660 bool user_record_luks_discard(UserRecord *h) {
1661 const char *ip;
1662
1663 assert(h);
1664
1665 if (h->luks_discard >= 0)
1666 return h->luks_discard;
1667
1668 ip = user_record_image_path(h);
1669 if (!ip)
1670 return false;
1671
1672 /* Use discard by default if we are referring to a real block device, but not when operating on a
1673 * loopback device. We want to optimize for SSD and flash storage after all, but we should be careful
1674 * when storing stuff on top of regular file systems in loopback files as doing discard then would
1675 * mean thin provisioning and we should not do that willy-nilly since it means we'll risk EIO later
1676 * on should the disk space to back our file systems not be available. */
1677
1678 return path_startswith(ip, "/dev/");
1679 }
1680
1681 bool user_record_luks_offline_discard(UserRecord *h) {
1682 const char *ip;
1683
1684 assert(h);
1685
1686 if (h->luks_offline_discard >= 0)
1687 return h->luks_offline_discard;
1688
1689 /* Discard while we are logged out should generally be a good idea, except when operating directly on
1690 * physical media, where we should just bind it to the online discard mode. */
1691
1692 ip = user_record_image_path(h);
1693 if (!ip)
1694 return false;
1695
1696 if (path_startswith(ip, "/dev/"))
1697 return user_record_luks_discard(h);
1698
1699 return true;
1700 }
1701
1702 const char *user_record_luks_cipher(UserRecord *h) {
1703 assert(h);
1704
1705 return h->luks_cipher ?: "aes";
1706 }
1707
1708 const char *user_record_luks_cipher_mode(UserRecord *h) {
1709 assert(h);
1710
1711 return h->luks_cipher_mode ?: "xts-plain64";
1712 }
1713
1714 uint64_t user_record_luks_volume_key_size(UserRecord *h) {
1715 assert(h);
1716
1717 /* We return a value here that can be cast without loss into size_t which is what libcrypsetup expects */
1718
1719 if (h->luks_volume_key_size == UINT64_MAX)
1720 return 256 / 8;
1721
1722 return MIN(h->luks_volume_key_size, SIZE_MAX);
1723 }
1724
1725 const char* user_record_luks_pbkdf_type(UserRecord *h) {
1726 assert(h);
1727
1728 return h->luks_pbkdf_type ?: "argon2i";
1729 }
1730
1731 uint64_t user_record_luks_pbkdf_time_cost_usec(UserRecord *h) {
1732 assert(h);
1733
1734 /* Returns a value with ms granularity, since that's what libcryptsetup expects */
1735
1736 if (h->luks_pbkdf_time_cost_usec == UINT64_MAX)
1737 return 500 * USEC_PER_MSEC; /* We default to 500ms, in contrast to libcryptsetup's 2s, which is just awfully slow on every login */
1738
1739 return MIN(DIV_ROUND_UP(h->luks_pbkdf_time_cost_usec, USEC_PER_MSEC), UINT32_MAX) * USEC_PER_MSEC;
1740 }
1741
1742 uint64_t user_record_luks_pbkdf_memory_cost(UserRecord *h) {
1743 assert(h);
1744
1745 /* Returns a value with kb granularity, since that's what libcryptsetup expects */
1746
1747 if (h->luks_pbkdf_memory_cost == UINT64_MAX)
1748 return 64*1024*1024; /* We default to 64M, since this should work on smaller systems too */
1749
1750 return MIN(DIV_ROUND_UP(h->luks_pbkdf_memory_cost, 1024), UINT32_MAX) * 1024;
1751 }
1752
1753 uint64_t user_record_luks_pbkdf_parallel_threads(UserRecord *h) {
1754 assert(h);
1755
1756 if (h->luks_pbkdf_memory_cost == UINT64_MAX)
1757 return 1; /* We default to 1, since this should work on smaller systems too */
1758
1759 return MIN(h->luks_pbkdf_parallel_threads, UINT32_MAX);
1760 }
1761
1762 const char *user_record_luks_pbkdf_hash_algorithm(UserRecord *h) {
1763 assert(h);
1764
1765 return h->luks_pbkdf_hash_algorithm ?: "sha512";
1766 }
1767
1768 gid_t user_record_gid(UserRecord *h) {
1769 assert(h);
1770
1771 if (gid_is_valid(h->gid))
1772 return h->gid;
1773
1774 return (gid_t) h->uid;
1775 }
1776
1777 UserDisposition user_record_disposition(UserRecord *h) {
1778 assert(h);
1779
1780 if (h->disposition >= 0)
1781 return h->disposition;
1782
1783 /* If not declared, derive from UID */
1784
1785 if (!uid_is_valid(h->uid))
1786 return _USER_DISPOSITION_INVALID;
1787
1788 if (h->uid == 0 || h->uid == UID_NOBODY)
1789 return USER_INTRINSIC;
1790
1791 if (uid_is_system(h->uid))
1792 return USER_SYSTEM;
1793
1794 if (uid_is_dynamic(h->uid))
1795 return USER_DYNAMIC;
1796
1797 if (uid_is_container(h->uid))
1798 return USER_CONTAINER;
1799
1800 if (h->uid > INT32_MAX)
1801 return USER_RESERVED;
1802
1803 return USER_REGULAR;
1804 }
1805
1806 int user_record_removable(UserRecord *h) {
1807 UserStorage storage;
1808 assert(h);
1809
1810 if (h->removable >= 0)
1811 return h->removable;
1812
1813 /* Refuse to decide for classic records */
1814 storage = user_record_storage(h);
1815 if (h->storage < 0 || h->storage == USER_CLASSIC)
1816 return -1;
1817
1818 /* For now consider only LUKS home directories with a reference by path as removable */
1819 return storage == USER_LUKS && path_startswith(user_record_image_path(h), "/dev/");
1820 }
1821
1822 uint64_t user_record_ratelimit_interval_usec(UserRecord *h) {
1823 assert(h);
1824
1825 if (h->ratelimit_interval_usec == UINT64_MAX)
1826 return DEFAULT_RATELIMIT_INTERVAL_USEC;
1827
1828 return h->ratelimit_interval_usec;
1829 }
1830
1831 uint64_t user_record_ratelimit_burst(UserRecord *h) {
1832 assert(h);
1833
1834 if (h->ratelimit_burst == UINT64_MAX)
1835 return DEFAULT_RATELIMIT_BURST;
1836
1837 return h->ratelimit_burst;
1838 }
1839
1840 bool user_record_can_authenticate(UserRecord *h) {
1841 assert(h);
1842
1843 /* Returns true if there's some form of property configured that the user can authenticate against */
1844
1845 if (h->n_pkcs11_encrypted_key > 0)
1846 return true;
1847
1848 if (h->n_fido2_hmac_salt > 0)
1849 return true;
1850
1851 return !strv_isempty(h->hashed_password);
1852 }
1853
1854 uint64_t user_record_ratelimit_next_try(UserRecord *h) {
1855 assert(h);
1856
1857 /* Calculates when the it's possible to login next. Returns:
1858 *
1859 * UINT64_MAX → Nothing known
1860 * 0 → Right away
1861 * Any other → Next time in CLOCK_REALTIME in usec (which could be in the past)
1862 */
1863
1864 if (h->ratelimit_begin_usec == UINT64_MAX ||
1865 h->ratelimit_count == UINT64_MAX)
1866 return UINT64_MAX;
1867
1868 if (h->ratelimit_count < user_record_ratelimit_burst(h))
1869 return 0;
1870
1871 return usec_add(h->ratelimit_begin_usec, user_record_ratelimit_interval_usec(h));
1872 }
1873
1874 bool user_record_equal(UserRecord *a, UserRecord *b) {
1875 assert(a);
1876 assert(b);
1877
1878 /* We assume that when a record is modified its JSON data is updated at the same time, hence it's
1879 * sufficient to compare the JSON data. */
1880
1881 return json_variant_equal(a->json, b->json);
1882 }
1883
1884 bool user_record_compatible(UserRecord *a, UserRecord *b) {
1885 assert(a);
1886 assert(b);
1887
1888 /* If either lacks a the regular section, we can't really decide, let's hence say they are
1889 * incompatible. */
1890 if (!(a->mask & b->mask & USER_RECORD_REGULAR))
1891 return false;
1892
1893 return streq_ptr(a->user_name, b->user_name) &&
1894 streq_ptr(a->realm, b->realm);
1895 }
1896
1897 int user_record_compare_last_change(UserRecord *a, UserRecord *b) {
1898 assert(a);
1899 assert(b);
1900
1901 if (a->last_change_usec == b->last_change_usec)
1902 return 0;
1903
1904 /* Always consider a record with a timestamp newer than one without */
1905 if (a->last_change_usec == UINT64_MAX)
1906 return -1;
1907 if (b->last_change_usec == UINT64_MAX)
1908 return 1;
1909
1910 return CMP(a->last_change_usec, b->last_change_usec);
1911 }
1912
1913 int user_record_clone(UserRecord *h, UserRecordLoadFlags flags, UserRecord **ret) {
1914 _cleanup_(user_record_unrefp) UserRecord *c = NULL;
1915 int r;
1916
1917 assert(h);
1918 assert(ret);
1919
1920 c = user_record_new();
1921 if (!c)
1922 return -ENOMEM;
1923
1924 r = user_record_load(c, h->json, flags);
1925 if (r < 0)
1926 return r;
1927
1928 *ret = TAKE_PTR(c);
1929 return 0;
1930 }
1931
1932 int user_record_masked_equal(UserRecord *a, UserRecord *b, UserRecordMask mask) {
1933 _cleanup_(user_record_unrefp) UserRecord *x = NULL, *y = NULL;
1934 int r;
1935
1936 assert(a);
1937 assert(b);
1938
1939 /* Compares the two records, but ignores anything not listed in the specified mask */
1940
1941 if ((a->mask & ~mask) != 0) {
1942 r = user_record_clone(a, USER_RECORD_ALLOW(mask) | USER_RECORD_STRIP(~mask & _USER_RECORD_MASK_MAX), &x);
1943 if (r < 0)
1944 return r;
1945
1946 a = x;
1947 }
1948
1949 if ((b->mask & ~mask) != 0) {
1950 r = user_record_clone(b, USER_RECORD_ALLOW(mask) | USER_RECORD_STRIP(~mask & _USER_RECORD_MASK_MAX), &y);
1951 if (r < 0)
1952 return r;
1953
1954 b = y;
1955 }
1956
1957 return user_record_equal(a, b);
1958 }
1959
1960 int user_record_test_blocked(UserRecord *h) {
1961 usec_t n;
1962
1963 /* Checks whether access to the specified user shall be allowed at the moment. Returns:
1964 *
1965 * -ESTALE: Record is from the future
1966 * -ENOLCK: Record is blocked
1967 * -EL2HLT: Record is not valid yet
1968 * -EL3HLT: Record is not valid anymore
1969 *
1970 */
1971
1972 assert(h);
1973
1974 n = now(CLOCK_REALTIME);
1975 if (h->last_change_usec != UINT64_MAX &&
1976 h->last_change_usec > n) /* Don't allow log ins when the record is from the future */
1977 return -ESTALE;
1978
1979 if (h->locked > 0)
1980 return -ENOLCK;
1981
1982 if (h->not_before_usec != UINT64_MAX && n < h->not_before_usec)
1983 return -EL2HLT;
1984 if (h->not_after_usec != UINT64_MAX && n > h->not_after_usec)
1985 return -EL3HLT;
1986
1987 return 0;
1988 }
1989
1990 int user_record_test_password_change_required(UserRecord *h) {
1991 bool change_permitted;
1992 usec_t n;
1993
1994 assert(h);
1995
1996 /* Checks whether the user must change the password when logging in
1997
1998 -EKEYREVOKED: Change password now because admin said so
1999 -EOWNERDEAD: Change password now because it expired
2000 -EKEYREJECTED: Password is expired, no changing is allowed
2001 -EKEYEXPIRED: Password is about to expire, warn user
2002 -ENETDOWN: Record has expiration info but no password change timestamp
2003 -EROFS: No password change required nor permitted
2004 0: No password change required, but permitted
2005 */
2006
2007 /* If a password change request has been set explicitly, it overrides everything */
2008 if (h->password_change_now > 0)
2009 return -EKEYREVOKED;
2010
2011 n = now(CLOCK_REALTIME);
2012
2013 /* Then, let's check if password changing is currently allowed at all */
2014 if (h->password_change_min_usec != UINT64_MAX) {
2015
2016 /* Expiry configured but no password change timestamp known? */
2017 if (h->last_password_change_usec == UINT64_MAX)
2018 return -ENETDOWN;
2019
2020 if (h->password_change_min_usec >= UINT64_MAX - h->last_password_change_usec)
2021 change_permitted = false;
2022 else
2023 change_permitted = n >= h->last_password_change_usec + h->password_change_min_usec;
2024
2025 } else
2026 change_permitted = true;
2027
2028 /* Let's check whether the password has expired. */
2029 if (!(h->password_change_max_usec == UINT64_MAX ||
2030 h->password_change_max_usec >= UINT64_MAX - h->last_password_change_usec)) {
2031
2032 uint64_t change_before;
2033
2034 /* Expiry configured but no password change timestamp known? */
2035 if (h->last_password_change_usec == UINT64_MAX)
2036 return -ENETDOWN;
2037
2038 /* Password is in inactive phase? */
2039 if (h->password_change_inactive_usec != UINT64_MAX &&
2040 h->password_change_inactive_usec < UINT64_MAX - h->password_change_max_usec) {
2041 usec_t added;
2042
2043 added = h->password_change_inactive_usec + h->password_change_max_usec;
2044 if (added < UINT64_MAX - h->last_password_change_usec &&
2045 n >= h->last_password_change_usec + added)
2046 return -EKEYREJECTED;
2047 }
2048
2049 /* Password needs to be changed now? */
2050 change_before = h->last_password_change_usec + h->password_change_max_usec;
2051 if (n >= change_before)
2052 return change_permitted ? -EOWNERDEAD : -EKEYREJECTED;
2053
2054 /* Warn user? */
2055 if (h->password_change_warn_usec != UINT64_MAX &&
2056 (change_before < h->password_change_warn_usec ||
2057 n >= change_before - h->password_change_warn_usec))
2058 return change_permitted ? -EKEYEXPIRED : -EROFS;
2059 }
2060
2061 /* No password changing necessary */
2062 return change_permitted ? 0 : -EROFS;
2063 }
2064
2065 static const char* const user_storage_table[_USER_STORAGE_MAX] = {
2066 [USER_CLASSIC] = "classic",
2067 [USER_LUKS] = "luks",
2068 [USER_DIRECTORY] = "directory",
2069 [USER_SUBVOLUME] = "subvolume",
2070 [USER_FSCRYPT] = "fscrypt",
2071 [USER_CIFS] = "cifs",
2072 };
2073
2074 DEFINE_STRING_TABLE_LOOKUP(user_storage, UserStorage);
2075
2076 static const char* const user_disposition_table[_USER_DISPOSITION_MAX] = {
2077 [USER_INTRINSIC] = "intrinsic",
2078 [USER_SYSTEM] = "system",
2079 [USER_DYNAMIC] = "dynamic",
2080 [USER_REGULAR] = "regular",
2081 [USER_CONTAINER] = "container",
2082 [USER_RESERVED] = "reserved",
2083 };
2084
2085 DEFINE_STRING_TABLE_LOOKUP(user_disposition, UserDisposition);
Unnamed repository; edit this file 'description' to name the repository.