1 /* SPDX-License-Identifier: LGPL-2.1+ */
10 #include "missing_resource.h"
11 #include "time-util.h"
13 /* But some limits on disk sizes: not less than 5M, not more than 5T */
14 #define USER_DISK_SIZE_MIN (UINT64_C(5)*1024*1024)
15 #define USER_DISK_SIZE_MAX (UINT64_C(5)*1024*1024*1024*1024)
17 /* The default disk size to use when nothing else is specified, relative to free disk space */
18 #define USER_DISK_SIZE_DEFAULT_PERCENT 85
20 typedef enum UserDisposition
{
21 USER_INTRINSIC
, /* root and nobody */
22 USER_SYSTEM
, /* statically allocated users for system services */
23 USER_DYNAMIC
, /* dynamically allocated users for system services */
24 USER_REGULAR
, /* regular (typically human users) */
25 USER_CONTAINER
, /* UID ranges allocated for container uses */
26 USER_RESERVED
, /* Range above 2^31 */
27 _USER_DISPOSITION_MAX
,
28 _USER_DISPOSITION_INVALID
= -1,
31 typedef enum UserHomeStorage
{
34 USER_DIRECTORY
, /* A directory, and a .identity file in it, which USER_CLASSIC lacks */
39 _USER_STORAGE_INVALID
= -1
42 typedef enum UserRecordMask
{
43 /* The various sections an identity record may have, as bit mask */
44 USER_RECORD_REGULAR
= 1U << 0,
45 USER_RECORD_SECRET
= 1U << 1,
46 USER_RECORD_PRIVILEGED
= 1U << 2,
47 USER_RECORD_PER_MACHINE
= 1U << 3,
48 USER_RECORD_BINDING
= 1U << 4,
49 USER_RECORD_STATUS
= 1U << 5,
50 USER_RECORD_SIGNATURE
= 1U << 6,
51 _USER_RECORD_MASK_MAX
= (1U << 7)-1
54 typedef enum UserRecordLoadFlags
{
55 /* A set of flags used while loading a user record from JSON data. We leave the lower 6 bits free,
56 * just as a safety precaution so that we can detect borked conversions between UserRecordMask and
57 * UserRecordLoadFlags. */
60 USER_RECORD_REQUIRE_REGULAR
= USER_RECORD_REGULAR
<< 7,
61 USER_RECORD_REQUIRE_SECRET
= USER_RECORD_SECRET
<< 7,
62 USER_RECORD_REQUIRE_PRIVILEGED
= USER_RECORD_PRIVILEGED
<< 7,
63 USER_RECORD_REQUIRE_PER_MACHINE
= USER_RECORD_PER_MACHINE
<< 7,
64 USER_RECORD_REQUIRE_BINDING
= USER_RECORD_BINDING
<< 7,
65 USER_RECORD_REQUIRE_STATUS
= USER_RECORD_STATUS
<< 7,
66 USER_RECORD_REQUIRE_SIGNATURE
= USER_RECORD_SIGNATURE
<< 7,
69 USER_RECORD_ALLOW_REGULAR
= USER_RECORD_REGULAR
<< 14,
70 USER_RECORD_ALLOW_SECRET
= USER_RECORD_SECRET
<< 14,
71 USER_RECORD_ALLOW_PRIVILEGED
= USER_RECORD_PRIVILEGED
<< 14,
72 USER_RECORD_ALLOW_PER_MACHINE
= USER_RECORD_PER_MACHINE
<< 14,
73 USER_RECORD_ALLOW_BINDING
= USER_RECORD_BINDING
<< 14,
74 USER_RECORD_ALLOW_STATUS
= USER_RECORD_STATUS
<< 14,
75 USER_RECORD_ALLOW_SIGNATURE
= USER_RECORD_SIGNATURE
<< 14,
78 USER_RECORD_STRIP_REGULAR
= USER_RECORD_REGULAR
<< 21,
79 USER_RECORD_STRIP_SECRET
= USER_RECORD_SECRET
<< 21,
80 USER_RECORD_STRIP_PRIVILEGED
= USER_RECORD_PRIVILEGED
<< 21,
81 USER_RECORD_STRIP_PER_MACHINE
= USER_RECORD_PER_MACHINE
<< 21,
82 USER_RECORD_STRIP_BINDING
= USER_RECORD_BINDING
<< 21,
83 USER_RECORD_STRIP_STATUS
= USER_RECORD_STATUS
<< 21,
84 USER_RECORD_STRIP_SIGNATURE
= USER_RECORD_SIGNATURE
<< 21,
86 /* Some special combinations that deserve explicit names */
87 USER_RECORD_LOAD_FULL
= USER_RECORD_REQUIRE_REGULAR
|
88 USER_RECORD_ALLOW_SECRET
|
89 USER_RECORD_ALLOW_PRIVILEGED
|
90 USER_RECORD_ALLOW_PER_MACHINE
|
91 USER_RECORD_ALLOW_BINDING
|
92 USER_RECORD_ALLOW_STATUS
|
93 USER_RECORD_ALLOW_SIGNATURE
,
95 USER_RECORD_LOAD_REFUSE_SECRET
= USER_RECORD_REQUIRE_REGULAR
|
96 USER_RECORD_ALLOW_PRIVILEGED
|
97 USER_RECORD_ALLOW_PER_MACHINE
|
98 USER_RECORD_ALLOW_BINDING
|
99 USER_RECORD_ALLOW_STATUS
|
100 USER_RECORD_ALLOW_SIGNATURE
,
102 USER_RECORD_LOAD_MASK_SECRET
= USER_RECORD_REQUIRE_REGULAR
|
103 USER_RECORD_ALLOW_PRIVILEGED
|
104 USER_RECORD_ALLOW_PER_MACHINE
|
105 USER_RECORD_ALLOW_BINDING
|
106 USER_RECORD_ALLOW_STATUS
|
107 USER_RECORD_ALLOW_SIGNATURE
|
108 USER_RECORD_STRIP_SECRET
,
110 USER_RECORD_EXTRACT_SECRET
= USER_RECORD_REQUIRE_SECRET
|
111 USER_RECORD_STRIP_REGULAR
|
112 USER_RECORD_STRIP_PRIVILEGED
|
113 USER_RECORD_STRIP_PER_MACHINE
|
114 USER_RECORD_STRIP_BINDING
|
115 USER_RECORD_STRIP_STATUS
|
116 USER_RECORD_STRIP_SIGNATURE
,
118 USER_RECORD_LOAD_SIGNABLE
= USER_RECORD_REQUIRE_REGULAR
|
119 USER_RECORD_ALLOW_PRIVILEGED
|
120 USER_RECORD_ALLOW_PER_MACHINE
,
122 USER_RECORD_EXTRACT_SIGNABLE
= USER_RECORD_LOAD_SIGNABLE
|
123 USER_RECORD_STRIP_SECRET
|
124 USER_RECORD_STRIP_BINDING
|
125 USER_RECORD_STRIP_STATUS
|
126 USER_RECORD_STRIP_SIGNATURE
,
128 USER_RECORD_LOAD_EMBEDDED
= USER_RECORD_REQUIRE_REGULAR
|
129 USER_RECORD_ALLOW_PRIVILEGED
|
130 USER_RECORD_ALLOW_PER_MACHINE
|
131 USER_RECORD_ALLOW_SIGNATURE
,
133 USER_RECORD_EXTRACT_EMBEDDED
= USER_RECORD_LOAD_EMBEDDED
|
134 USER_RECORD_STRIP_SECRET
|
135 USER_RECORD_STRIP_BINDING
|
136 USER_RECORD_STRIP_STATUS
,
138 /* Whether to log about loader errors beyond LOG_DEBUG */
139 USER_RECORD_LOG
= 1U << 28,
141 /* Whether to ignore errors and load what we can */
142 USER_RECORD_PERMISSIVE
= 1U << 29,
143 } UserRecordLoadFlags
;
145 static inline UserRecordLoadFlags
USER_RECORD_REQUIRE(UserRecordMask m
) {
146 assert((m
& ~_USER_RECORD_MASK_MAX
) == 0);
150 static inline UserRecordLoadFlags
USER_RECORD_ALLOW(UserRecordMask m
) {
151 assert((m
& ~_USER_RECORD_MASK_MAX
) == 0);
155 static inline UserRecordLoadFlags
USER_RECORD_STRIP(UserRecordMask m
) {
156 assert((m
& ~_USER_RECORD_MASK_MAX
) == 0);
160 static inline UserRecordMask
USER_RECORD_REQUIRE_MASK(UserRecordLoadFlags f
) {
161 return (f
>> 7) & _USER_RECORD_MASK_MAX
;
164 static inline UserRecordMask
USER_RECORD_ALLOW_MASK(UserRecordLoadFlags f
) {
165 return ((f
>> 14) & _USER_RECORD_MASK_MAX
) | USER_RECORD_REQUIRE_MASK(f
);
168 static inline UserRecordMask
USER_RECORD_STRIP_MASK(UserRecordLoadFlags f
) {
169 return (f
>> 21) & _USER_RECORD_MASK_MAX
;
172 static inline JsonDispatchFlags
USER_RECORD_LOAD_FLAGS_TO_JSON_DISPATCH_FLAGS(UserRecordLoadFlags flags
) {
173 return (FLAGS_SET(flags
, USER_RECORD_LOG
) ? JSON_LOG
: 0) |
174 (FLAGS_SET(flags
, USER_RECORD_PERMISSIVE
) ? JSON_PERMISSIVE
: 0);
177 typedef struct Pkcs11EncryptedKey
{
178 /* The encrypted passphrase, which can be decrypted with the private key indicated below */
182 /* Where to find the private key to decrypt the encrypted passphrase above */
185 /* What to test the decrypted passphrase against to allow access (classic UNIX password hash). Note
186 * that the decrypted passphrase is also used for unlocking LUKS and fscrypt, and if the account is
187 * backed by LUKS or fscrypt the hashed password is only an additional layer of authentication, not
189 char *hashed_password
;
190 } Pkcs11EncryptedKey
;
192 typedef struct Fido2HmacCredential
{
195 } Fido2HmacCredential
;
197 typedef struct Fido2HmacSalt
{
198 /* The FIDO2 Cridential ID to use */
199 Fido2HmacCredential credential
;
201 /* The FIDO2 salt value */
205 /* What to test the hashed salt value against, usually UNIX password hash here. */
206 char *hashed_password
;
209 typedef struct UserRecord
{
210 /* The following three fields are not part of the JSON record */
213 bool incomplete
; /* incomplete due to security restrictions. */
217 char *user_name_and_realm_auto
; /* the user_name field concatenated with '@' and the realm, if the latter is defined */
224 UserDisposition disposition
;
225 uint64_t last_change_usec
;
226 uint64_t last_password_change_usec
;
232 char *preferred_language
;
234 struct rlimit
*rlimits
[_RLIMIT_MAX
];
236 int locked
; /* prohibit activation in general */
237 uint64_t not_before_usec
; /* prohibit activation before this unix time */
238 uint64_t not_after_usec
; /* prohibit activation after this unix time */
242 uint64_t disk_size_relative
; /* Disk size, relative to the free bytes of the medium, normalized to UINT32_MAX = 100% */
243 char *skeleton_directory
;
247 uint64_t memory_high
;
256 char **hashed_password
;
257 char **ssh_authorized_keys
;
262 char *cifs_user_name
;
266 char *image_path_auto
; /* when none is configured explicitly, this is where we place the implicit image */
267 char *home_directory
;
268 char *home_directory_auto
; /* when none is set explicitly, this is where we place the implicit home directory */
275 char *file_system_type
;
276 sd_id128_t partition_uuid
;
277 sd_id128_t luks_uuid
;
278 sd_id128_t file_system_uuid
;
281 int luks_offline_discard
;
283 char *luks_cipher_mode
;
284 uint64_t luks_volume_key_size
;
285 char *luks_pbkdf_hash_algorithm
;
286 char *luks_pbkdf_type
;
287 uint64_t luks_pbkdf_time_cost_usec
;
288 uint64_t luks_pbkdf_memory_cost
;
289 uint64_t luks_pbkdf_parallel_threads
;
293 uint64_t disk_ceiling
;
300 uint64_t good_authentication_counter
;
301 uint64_t bad_authentication_counter
;
302 uint64_t last_good_authentication_usec
;
303 uint64_t last_bad_authentication_usec
;
305 uint64_t ratelimit_begin_usec
;
306 uint64_t ratelimit_count
;
307 uint64_t ratelimit_interval_usec
;
308 uint64_t ratelimit_burst
;
311 int enforce_password_policy
;
314 uint64_t stop_delay_usec
; /* How long to leave systemd --user around on log-out */
315 int kill_processes
; /* Whether to kill user processes forcibly on log-out */
317 /* The following exist mostly so that we can cover the full /etc/shadow set of fields */
318 uint64_t password_change_min_usec
; /* maps to .sp_min */
319 uint64_t password_change_max_usec
; /* maps to .sp_max */
320 uint64_t password_change_warn_usec
; /* maps to .sp_warn */
321 uint64_t password_change_inactive_usec
; /* maps to .sp_inact */
322 int password_change_now
; /* Require a password change immediately on next login (.sp_lstchg = 0) */
324 char **pkcs11_token_uri
;
325 Pkcs11EncryptedKey
*pkcs11_encrypted_key
;
326 size_t n_pkcs11_encrypted_key
;
327 int pkcs11_protected_authentication_path_permitted
;
329 Fido2HmacCredential
*fido2_hmac_credential
;
330 size_t n_fido2_hmac_credential
;
331 Fido2HmacSalt
*fido2_hmac_salt
;
332 size_t n_fido2_hmac_salt
;
333 int fido2_user_presence_permitted
;
338 UserRecord
* user_record_new(void);
339 UserRecord
* user_record_ref(UserRecord
*h
);
340 UserRecord
* user_record_unref(UserRecord
*h
);
342 DEFINE_TRIVIAL_CLEANUP_FUNC(UserRecord
*, user_record_unref
);
344 int user_record_load(UserRecord
*h
, JsonVariant
*v
, UserRecordLoadFlags flags
);
345 int user_record_build(UserRecord
**ret
, ...);
347 const char *user_record_user_name_and_realm(UserRecord
*h
);
348 UserStorage
user_record_storage(UserRecord
*h
);
349 const char *user_record_file_system_type(UserRecord
*h
);
350 const char *user_record_skeleton_directory(UserRecord
*h
);
351 mode_t
user_record_access_mode(UserRecord
*h
);
352 const char *user_record_home_directory(UserRecord
*h
);
353 const char *user_record_image_path(UserRecord
*h
);
354 unsigned long user_record_mount_flags(UserRecord
*h
);
355 const char *user_record_cifs_user_name(UserRecord
*h
);
356 const char *user_record_shell(UserRecord
*h
);
357 const char *user_record_real_name(UserRecord
*h
);
358 bool user_record_luks_discard(UserRecord
*h
);
359 bool user_record_luks_offline_discard(UserRecord
*h
);
360 const char *user_record_luks_cipher(UserRecord
*h
);
361 const char *user_record_luks_cipher_mode(UserRecord
*h
);
362 uint64_t user_record_luks_volume_key_size(UserRecord
*h
);
363 const char* user_record_luks_pbkdf_type(UserRecord
*h
);
364 usec_t
user_record_luks_pbkdf_time_cost_usec(UserRecord
*h
);
365 uint64_t user_record_luks_pbkdf_memory_cost(UserRecord
*h
);
366 uint64_t user_record_luks_pbkdf_parallel_threads(UserRecord
*h
);
367 const char *user_record_luks_pbkdf_hash_algorithm(UserRecord
*h
);
368 gid_t
user_record_gid(UserRecord
*h
);
369 UserDisposition
user_record_disposition(UserRecord
*h
);
370 int user_record_removable(UserRecord
*h
);
371 usec_t
user_record_ratelimit_interval_usec(UserRecord
*h
);
372 uint64_t user_record_ratelimit_burst(UserRecord
*h
);
373 bool user_record_can_authenticate(UserRecord
*h
);
375 int user_record_build_image_path(UserStorage storage
, const char *user_name_and_realm
, char **ret
);
377 bool user_record_equal(UserRecord
*a
, UserRecord
*b
);
378 bool user_record_compatible(UserRecord
*a
, UserRecord
*b
);
379 int user_record_compare_last_change(UserRecord
*a
, UserRecord
*b
);
381 usec_t
user_record_ratelimit_next_try(UserRecord
*h
);
383 int user_record_clone(UserRecord
*h
, UserRecordLoadFlags flags
, UserRecord
**ret
);
384 int user_record_masked_equal(UserRecord
*a
, UserRecord
*b
, UserRecordMask mask
);
386 int user_record_test_blocked(UserRecord
*h
);
387 int user_record_test_password_change_required(UserRecord
*h
);
389 /* The following six are user by group-record.c, that's why we export them here */
390 int json_dispatch_realm(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
);
391 int json_dispatch_gecos(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
);
392 int json_dispatch_user_group_list(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
);
393 int json_dispatch_user_disposition(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
);
395 int per_machine_id_match(JsonVariant
*ids
, JsonDispatchFlags flags
);
396 int per_machine_hostname_match(JsonVariant
*hns
, JsonDispatchFlags flags
);
397 int user_group_record_mangle(JsonVariant
*v
, UserRecordLoadFlags load_flags
, JsonVariant
**ret_variant
, UserRecordMask
*ret_mask
);
399 const char* user_storage_to_string(UserStorage t
) _const_
;
400 UserStorage
user_storage_from_string(const char *s
) _pure_
;
402 const char* user_disposition_to_string(UserDisposition t
) _const_
;
403 UserDisposition
user_disposition_from_string(const char *s
) _pure_
;