]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/shared/user-record.h
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #16690 from poettering/userdb-group-desc
[thirdparty/systemd.git] / src / shared / user-record.h
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 #pragma once
3
4 #include <inttypes.h>
5 #include <sys/types.h>
6
7 #include "sd-id128.h"
8
9 #include "json.h"
10 #include "missing_resource.h"
11 #include "time-util.h"
12
13 /* But some limits on disk sizes: not less than 5M, not more than 5T */
14 #define USER_DISK_SIZE_MIN (UINT64_C(5)*1024*1024)
15 #define USER_DISK_SIZE_MAX (UINT64_C(5)*1024*1024*1024*1024)
16
17 /* The default disk size to use when nothing else is specified, relative to free disk space */
18 #define USER_DISK_SIZE_DEFAULT_PERCENT 85
19
20 typedef enum UserDisposition {
21 USER_INTRINSIC, /* root and nobody */
22 USER_SYSTEM, /* statically allocated users for system services */
23 USER_DYNAMIC, /* dynamically allocated users for system services */
24 USER_REGULAR, /* regular (typically human users) */
25 USER_CONTAINER, /* UID ranges allocated for container uses */
26 USER_RESERVED, /* Range above 2^31 */
27 _USER_DISPOSITION_MAX,
28 _USER_DISPOSITION_INVALID = -1,
29 } UserDisposition;
30
31 typedef enum UserHomeStorage {
32 USER_CLASSIC,
33 USER_LUKS,
34 USER_DIRECTORY, /* A directory, and a .identity file in it, which USER_CLASSIC lacks */
35 USER_SUBVOLUME,
36 USER_FSCRYPT,
37 USER_CIFS,
38 _USER_STORAGE_MAX,
39 _USER_STORAGE_INVALID = -1
40 } UserStorage;
41
42 typedef enum UserRecordMask {
43 /* The various sections an identity record may have, as bit mask */
44 USER_RECORD_REGULAR = 1U << 0,
45 USER_RECORD_SECRET = 1U << 1,
46 USER_RECORD_PRIVILEGED = 1U << 2,
47 USER_RECORD_PER_MACHINE = 1U << 3,
48 USER_RECORD_BINDING = 1U << 4,
49 USER_RECORD_STATUS = 1U << 5,
50 USER_RECORD_SIGNATURE = 1U << 6,
51 _USER_RECORD_MASK_MAX = (1U << 7)-1
52 } UserRecordMask;
53
54 typedef enum UserRecordLoadFlags {
55 /* A set of flags used while loading a user record from JSON data. We leave the lower 6 bits free,
56 * just as a safety precaution so that we can detect borked conversions between UserRecordMask and
57 * UserRecordLoadFlags. */
58
59 /* What to require */
60 USER_RECORD_REQUIRE_REGULAR = USER_RECORD_REGULAR << 7,
61 USER_RECORD_REQUIRE_SECRET = USER_RECORD_SECRET << 7,
62 USER_RECORD_REQUIRE_PRIVILEGED = USER_RECORD_PRIVILEGED << 7,
63 USER_RECORD_REQUIRE_PER_MACHINE = USER_RECORD_PER_MACHINE << 7,
64 USER_RECORD_REQUIRE_BINDING = USER_RECORD_BINDING << 7,
65 USER_RECORD_REQUIRE_STATUS = USER_RECORD_STATUS << 7,
66 USER_RECORD_REQUIRE_SIGNATURE = USER_RECORD_SIGNATURE << 7,
67
68 /* What to allow */
69 USER_RECORD_ALLOW_REGULAR = USER_RECORD_REGULAR << 14,
70 USER_RECORD_ALLOW_SECRET = USER_RECORD_SECRET << 14,
71 USER_RECORD_ALLOW_PRIVILEGED = USER_RECORD_PRIVILEGED << 14,
72 USER_RECORD_ALLOW_PER_MACHINE = USER_RECORD_PER_MACHINE << 14,
73 USER_RECORD_ALLOW_BINDING = USER_RECORD_BINDING << 14,
74 USER_RECORD_ALLOW_STATUS = USER_RECORD_STATUS << 14,
75 USER_RECORD_ALLOW_SIGNATURE = USER_RECORD_SIGNATURE << 14,
76
77 /* What to strip */
78 USER_RECORD_STRIP_REGULAR = USER_RECORD_REGULAR << 21,
79 USER_RECORD_STRIP_SECRET = USER_RECORD_SECRET << 21,
80 USER_RECORD_STRIP_PRIVILEGED = USER_RECORD_PRIVILEGED << 21,
81 USER_RECORD_STRIP_PER_MACHINE = USER_RECORD_PER_MACHINE << 21,
82 USER_RECORD_STRIP_BINDING = USER_RECORD_BINDING << 21,
83 USER_RECORD_STRIP_STATUS = USER_RECORD_STATUS << 21,
84 USER_RECORD_STRIP_SIGNATURE = USER_RECORD_SIGNATURE << 21,
85
86 /* Some special combinations that deserve explicit names */
87 USER_RECORD_LOAD_FULL = USER_RECORD_REQUIRE_REGULAR |
88 USER_RECORD_ALLOW_SECRET |
89 USER_RECORD_ALLOW_PRIVILEGED |
90 USER_RECORD_ALLOW_PER_MACHINE |
91 USER_RECORD_ALLOW_BINDING |
92 USER_RECORD_ALLOW_STATUS |
93 USER_RECORD_ALLOW_SIGNATURE,
94
95 USER_RECORD_LOAD_REFUSE_SECRET = USER_RECORD_REQUIRE_REGULAR |
96 USER_RECORD_ALLOW_PRIVILEGED |
97 USER_RECORD_ALLOW_PER_MACHINE |
98 USER_RECORD_ALLOW_BINDING |
99 USER_RECORD_ALLOW_STATUS |
100 USER_RECORD_ALLOW_SIGNATURE,
101
102 USER_RECORD_LOAD_MASK_SECRET = USER_RECORD_REQUIRE_REGULAR |
103 USER_RECORD_ALLOW_PRIVILEGED |
104 USER_RECORD_ALLOW_PER_MACHINE |
105 USER_RECORD_ALLOW_BINDING |
106 USER_RECORD_ALLOW_STATUS |
107 USER_RECORD_ALLOW_SIGNATURE |
108 USER_RECORD_STRIP_SECRET,
109
110 USER_RECORD_EXTRACT_SECRET = USER_RECORD_REQUIRE_SECRET |
111 USER_RECORD_STRIP_REGULAR |
112 USER_RECORD_STRIP_PRIVILEGED |
113 USER_RECORD_STRIP_PER_MACHINE |
114 USER_RECORD_STRIP_BINDING |
115 USER_RECORD_STRIP_STATUS |
116 USER_RECORD_STRIP_SIGNATURE,
117
118 USER_RECORD_LOAD_SIGNABLE = USER_RECORD_REQUIRE_REGULAR |
119 USER_RECORD_ALLOW_PRIVILEGED |
120 USER_RECORD_ALLOW_PER_MACHINE,
121
122 USER_RECORD_EXTRACT_SIGNABLE = USER_RECORD_LOAD_SIGNABLE |
123 USER_RECORD_STRIP_SECRET |
124 USER_RECORD_STRIP_BINDING |
125 USER_RECORD_STRIP_STATUS |
126 USER_RECORD_STRIP_SIGNATURE,
127
128 USER_RECORD_LOAD_EMBEDDED = USER_RECORD_REQUIRE_REGULAR |
129 USER_RECORD_ALLOW_PRIVILEGED |
130 USER_RECORD_ALLOW_PER_MACHINE |
131 USER_RECORD_ALLOW_SIGNATURE,
132
133 USER_RECORD_EXTRACT_EMBEDDED = USER_RECORD_LOAD_EMBEDDED |
134 USER_RECORD_STRIP_SECRET |
135 USER_RECORD_STRIP_BINDING |
136 USER_RECORD_STRIP_STATUS,
137
138 /* Whether to log about loader errors beyond LOG_DEBUG */
139 USER_RECORD_LOG = 1U << 28,
140
141 /* Whether to ignore errors and load what we can */
142 USER_RECORD_PERMISSIVE = 1U << 29,
143 } UserRecordLoadFlags;
144
145 static inline UserRecordLoadFlags USER_RECORD_REQUIRE(UserRecordMask m) {
146 assert((m & ~_USER_RECORD_MASK_MAX) == 0);
147 return m << 7;
148 }
149
150 static inline UserRecordLoadFlags USER_RECORD_ALLOW(UserRecordMask m) {
151 assert((m & ~_USER_RECORD_MASK_MAX) == 0);
152 return m << 14;
153 }
154
155 static inline UserRecordLoadFlags USER_RECORD_STRIP(UserRecordMask m) {
156 assert((m & ~_USER_RECORD_MASK_MAX) == 0);
157 return m << 21;
158 }
159
160 static inline UserRecordMask USER_RECORD_REQUIRE_MASK(UserRecordLoadFlags f) {
161 return (f >> 7) & _USER_RECORD_MASK_MAX;
162 }
163
164 static inline UserRecordMask USER_RECORD_ALLOW_MASK(UserRecordLoadFlags f) {
165 return ((f >> 14) & _USER_RECORD_MASK_MAX) | USER_RECORD_REQUIRE_MASK(f);
166 }
167
168 static inline UserRecordMask USER_RECORD_STRIP_MASK(UserRecordLoadFlags f) {
169 return (f >> 21) & _USER_RECORD_MASK_MAX;
170 }
171
172 static inline JsonDispatchFlags USER_RECORD_LOAD_FLAGS_TO_JSON_DISPATCH_FLAGS(UserRecordLoadFlags flags) {
173 return (FLAGS_SET(flags, USER_RECORD_LOG) ? JSON_LOG : 0) |
174 (FLAGS_SET(flags, USER_RECORD_PERMISSIVE) ? JSON_PERMISSIVE : 0);
175 }
176
177 typedef struct Pkcs11EncryptedKey {
178 /* The encrypted passphrase, which can be decrypted with the private key indicated below */
179 void *data;
180 size_t size;
181
182 /* Where to find the private key to decrypt the encrypted passphrase above */
183 char *uri;
184
185 /* What to test the decrypted passphrase against to allow access (classic UNIX password hash). Note
186 * that the decrypted passphrase is also used for unlocking LUKS and fscrypt, and if the account is
187 * backed by LUKS or fscrypt the hashed password is only an additional layer of authentication, not
188 * the only. */
189 char *hashed_password;
190 } Pkcs11EncryptedKey;
191
192 typedef struct Fido2HmacCredential {
193 void *id;
194 size_t size;
195 } Fido2HmacCredential;
196
197 typedef struct Fido2HmacSalt {
198 /* The FIDO2 Cridential ID to use */
199 Fido2HmacCredential credential;
200
201 /* The FIDO2 salt value */
202 void *salt;
203 size_t salt_size;
204
205 /* What to test the hashed salt value against, usually UNIX password hash here. */
206 char *hashed_password;
207 } Fido2HmacSalt;
208
209 typedef struct UserRecord {
210 /* The following three fields are not part of the JSON record */
211 unsigned n_ref;
212 UserRecordMask mask;
213 bool incomplete; /* incomplete due to security restrictions. */
214
215 char *user_name;
216 char *realm;
217 char *user_name_and_realm_auto; /* the user_name field concatenated with '@' and the realm, if the latter is defined */
218 char *real_name;
219 char *email_address;
220 char *password_hint;
221 char *icon_name;
222 char *location;
223
224 UserDisposition disposition;
225 uint64_t last_change_usec;
226 uint64_t last_password_change_usec;
227
228 char *shell;
229 mode_t umask;
230 char **environment;
231 char *time_zone;
232 char *preferred_language;
233 int nice_level;
234 struct rlimit *rlimits[_RLIMIT_MAX];
235
236 int locked; /* prohibit activation in general */
237 uint64_t not_before_usec; /* prohibit activation before this unix time */
238 uint64_t not_after_usec; /* prohibit activation after this unix time */
239
240 UserStorage storage;
241 uint64_t disk_size;
242 uint64_t disk_size_relative; /* Disk size, relative to the free bytes of the medium, normalized to UINT32_MAX = 100% */
243 char *skeleton_directory;
244 mode_t access_mode;
245
246 uint64_t tasks_max;
247 uint64_t memory_high;
248 uint64_t memory_max;
249 uint64_t cpu_weight;
250 uint64_t io_weight;
251
252 bool nosuid;
253 bool nodev;
254 bool noexec;
255
256 char **hashed_password;
257 char **ssh_authorized_keys;
258 char **password;
259 char **token_pin;
260
261 char *cifs_domain;
262 char *cifs_user_name;
263 char *cifs_service;
264
265 char *image_path;
266 char *image_path_auto; /* when none is configured explicitly, this is where we place the implicit image */
267 char *home_directory;
268 char *home_directory_auto; /* when none is set explicitly, this is where we place the implicit home directory */
269
270 uid_t uid;
271 gid_t gid;
272
273 char **member_of;
274
275 char *file_system_type;
276 sd_id128_t partition_uuid;
277 sd_id128_t luks_uuid;
278 sd_id128_t file_system_uuid;
279
280 int luks_discard;
281 int luks_offline_discard;
282 char *luks_cipher;
283 char *luks_cipher_mode;
284 uint64_t luks_volume_key_size;
285 char *luks_pbkdf_hash_algorithm;
286 char *luks_pbkdf_type;
287 uint64_t luks_pbkdf_time_cost_usec;
288 uint64_t luks_pbkdf_memory_cost;
289 uint64_t luks_pbkdf_parallel_threads;
290
291 uint64_t disk_usage;
292 uint64_t disk_free;
293 uint64_t disk_ceiling;
294 uint64_t disk_floor;
295
296 char *state;
297 char *service;
298 int signed_locally;
299
300 uint64_t good_authentication_counter;
301 uint64_t bad_authentication_counter;
302 uint64_t last_good_authentication_usec;
303 uint64_t last_bad_authentication_usec;
304
305 uint64_t ratelimit_begin_usec;
306 uint64_t ratelimit_count;
307 uint64_t ratelimit_interval_usec;
308 uint64_t ratelimit_burst;
309
310 int removable;
311 int enforce_password_policy;
312 int auto_login;
313
314 uint64_t stop_delay_usec; /* How long to leave systemd --user around on log-out */
315 int kill_processes; /* Whether to kill user processes forcibly on log-out */
316
317 /* The following exist mostly so that we can cover the full /etc/shadow set of fields */
318 uint64_t password_change_min_usec; /* maps to .sp_min */
319 uint64_t password_change_max_usec; /* maps to .sp_max */
320 uint64_t password_change_warn_usec; /* maps to .sp_warn */
321 uint64_t password_change_inactive_usec; /* maps to .sp_inact */
322 int password_change_now; /* Require a password change immediately on next login (.sp_lstchg = 0) */
323
324 char **pkcs11_token_uri;
325 Pkcs11EncryptedKey *pkcs11_encrypted_key;
326 size_t n_pkcs11_encrypted_key;
327 int pkcs11_protected_authentication_path_permitted;
328
329 Fido2HmacCredential *fido2_hmac_credential;
330 size_t n_fido2_hmac_credential;
331 Fido2HmacSalt *fido2_hmac_salt;
332 size_t n_fido2_hmac_salt;
333 int fido2_user_presence_permitted;
334
335 JsonVariant *json;
336 } UserRecord;
337
338 UserRecord* user_record_new(void);
339 UserRecord* user_record_ref(UserRecord *h);
340 UserRecord* user_record_unref(UserRecord *h);
341
342 DEFINE_TRIVIAL_CLEANUP_FUNC(UserRecord*, user_record_unref);
343
344 int user_record_load(UserRecord *h, JsonVariant *v, UserRecordLoadFlags flags);
345 int user_record_build(UserRecord **ret, ...);
346
347 const char *user_record_user_name_and_realm(UserRecord *h);
348 UserStorage user_record_storage(UserRecord *h);
349 const char *user_record_file_system_type(UserRecord *h);
350 const char *user_record_skeleton_directory(UserRecord *h);
351 mode_t user_record_access_mode(UserRecord *h);
352 const char *user_record_home_directory(UserRecord *h);
353 const char *user_record_image_path(UserRecord *h);
354 unsigned long user_record_mount_flags(UserRecord *h);
355 const char *user_record_cifs_user_name(UserRecord *h);
356 const char *user_record_shell(UserRecord *h);
357 const char *user_record_real_name(UserRecord *h);
358 bool user_record_luks_discard(UserRecord *h);
359 bool user_record_luks_offline_discard(UserRecord *h);
360 const char *user_record_luks_cipher(UserRecord *h);
361 const char *user_record_luks_cipher_mode(UserRecord *h);
362 uint64_t user_record_luks_volume_key_size(UserRecord *h);
363 const char* user_record_luks_pbkdf_type(UserRecord *h);
364 usec_t user_record_luks_pbkdf_time_cost_usec(UserRecord *h);
365 uint64_t user_record_luks_pbkdf_memory_cost(UserRecord *h);
366 uint64_t user_record_luks_pbkdf_parallel_threads(UserRecord *h);
367 const char *user_record_luks_pbkdf_hash_algorithm(UserRecord *h);
368 gid_t user_record_gid(UserRecord *h);
369 UserDisposition user_record_disposition(UserRecord *h);
370 int user_record_removable(UserRecord *h);
371 usec_t user_record_ratelimit_interval_usec(UserRecord *h);
372 uint64_t user_record_ratelimit_burst(UserRecord *h);
373 bool user_record_can_authenticate(UserRecord *h);
374
375 int user_record_build_image_path(UserStorage storage, const char *user_name_and_realm, char **ret);
376
377 bool user_record_equal(UserRecord *a, UserRecord *b);
378 bool user_record_compatible(UserRecord *a, UserRecord *b);
379 int user_record_compare_last_change(UserRecord *a, UserRecord *b);
380
381 usec_t user_record_ratelimit_next_try(UserRecord *h);
382
383 int user_record_clone(UserRecord *h, UserRecordLoadFlags flags, UserRecord **ret);
384 int user_record_masked_equal(UserRecord *a, UserRecord *b, UserRecordMask mask);
385
386 int user_record_test_blocked(UserRecord *h);
387 int user_record_test_password_change_required(UserRecord *h);
388
389 /* The following six are user by group-record.c, that's why we export them here */
390 int json_dispatch_realm(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata);
391 int json_dispatch_gecos(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata);
392 int json_dispatch_user_group_list(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata);
393 int json_dispatch_user_disposition(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata);
394
395 int per_machine_id_match(JsonVariant *ids, JsonDispatchFlags flags);
396 int per_machine_hostname_match(JsonVariant *hns, JsonDispatchFlags flags);
397 int user_group_record_mangle(JsonVariant *v, UserRecordLoadFlags load_flags, JsonVariant **ret_variant, UserRecordMask *ret_mask);
398
399 const char* user_storage_to_string(UserStorage t) _const_;
400 UserStorage user_storage_from_string(const char *s) _pure_;
401
402 const char* user_disposition_to_string(UserDisposition t) _const_;
403 UserDisposition user_disposition_from_string(const char *s) _pure_;
Unnamed repository; edit this file 'description' to name the repository.