1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2 #pragma once
3
4 #include <inttypes.h>
5 #include <sys/types.h>
6
7 #include "sd-id128.h"
8
9 #include "json.h"
10 #include "missing_resource.h"
11 #include "time-util.h"
12
13 typedef enum UserDisposition {
14 USER_INTRINSIC, /* root and nobody */
15 USER_SYSTEM, /* statically allocated users for system services */
16 USER_DYNAMIC, /* dynamically allocated users for system services */
17 USER_REGULAR, /* regular (typically human users) */
18 USER_CONTAINER, /* UID ranges allocated for container uses */
19 USER_RESERVED, /* Range above 2^31 */
20 _USER_DISPOSITION_MAX,
21 _USER_DISPOSITION_INVALID = -EINVAL,
22 } UserDisposition;
23
24 typedef enum UserHomeStorage {
25 USER_CLASSIC,
26 USER_LUKS,
27 USER_DIRECTORY, /* A directory, and a .identity file in it, which USER_CLASSIC lacks */
28 USER_SUBVOLUME,
29 USER_FSCRYPT,
30 USER_CIFS,
31 _USER_STORAGE_MAX,
32 _USER_STORAGE_INVALID = -EINVAL,
33 } UserStorage;
34
35 typedef enum UserRecordMask {
36 /* The various sections an identity record may have, as bit mask */
37 USER_RECORD_REGULAR = 1U << 0,
38 USER_RECORD_SECRET = 1U << 1,
39 USER_RECORD_PRIVILEGED = 1U << 2,
40 USER_RECORD_PER_MACHINE = 1U << 3,
41 USER_RECORD_BINDING = 1U << 4,
42 USER_RECORD_STATUS = 1U << 5,
43 USER_RECORD_SIGNATURE = 1U << 6,
44 _USER_RECORD_MASK_MAX = (1U << 7)-1
45 } UserRecordMask;
46
47 typedef enum UserRecordLoadFlags {
48 /* A set of flags used while loading a user record from JSON data. We leave the lower 6 bits free,
49 * just as a safety precaution so that we can detect borked conversions between UserRecordMask and
50 * UserRecordLoadFlags. */
51
52 /* What to require */
53 USER_RECORD_REQUIRE_REGULAR = USER_RECORD_REGULAR << 7,
54 USER_RECORD_REQUIRE_SECRET = USER_RECORD_SECRET << 7,
55 USER_RECORD_REQUIRE_PRIVILEGED = USER_RECORD_PRIVILEGED << 7,
56 USER_RECORD_REQUIRE_PER_MACHINE = USER_RECORD_PER_MACHINE << 7,
57 USER_RECORD_REQUIRE_BINDING = USER_RECORD_BINDING << 7,
58 USER_RECORD_REQUIRE_STATUS = USER_RECORD_STATUS << 7,
59 USER_RECORD_REQUIRE_SIGNATURE = USER_RECORD_SIGNATURE << 7,
60
61 /* What to allow */
62 USER_RECORD_ALLOW_REGULAR = USER_RECORD_REGULAR << 14,
63 USER_RECORD_ALLOW_SECRET = USER_RECORD_SECRET << 14,
64 USER_RECORD_ALLOW_PRIVILEGED = USER_RECORD_PRIVILEGED << 14,
65 USER_RECORD_ALLOW_PER_MACHINE = USER_RECORD_PER_MACHINE << 14,
66 USER_RECORD_ALLOW_BINDING = USER_RECORD_BINDING << 14,
67 USER_RECORD_ALLOW_STATUS = USER_RECORD_STATUS << 14,
68 USER_RECORD_ALLOW_SIGNATURE = USER_RECORD_SIGNATURE << 14,
69
70 /* What to strip */
71 USER_RECORD_STRIP_REGULAR = USER_RECORD_REGULAR << 21,
72 USER_RECORD_STRIP_SECRET = USER_RECORD_SECRET << 21,
73 USER_RECORD_STRIP_PRIVILEGED = USER_RECORD_PRIVILEGED << 21,
74 USER_RECORD_STRIP_PER_MACHINE = USER_RECORD_PER_MACHINE << 21,
75 USER_RECORD_STRIP_BINDING = USER_RECORD_BINDING << 21,
76 USER_RECORD_STRIP_STATUS = USER_RECORD_STATUS << 21,
77 USER_RECORD_STRIP_SIGNATURE = USER_RECORD_SIGNATURE << 21,
78
79 /* Some special combinations that deserve explicit names */
80 USER_RECORD_LOAD_FULL = USER_RECORD_REQUIRE_REGULAR |
81 USER_RECORD_ALLOW_SECRET |
82 USER_RECORD_ALLOW_PRIVILEGED |
83 USER_RECORD_ALLOW_PER_MACHINE |
84 USER_RECORD_ALLOW_BINDING |
85 USER_RECORD_ALLOW_STATUS |
86 USER_RECORD_ALLOW_SIGNATURE,
87
88 USER_RECORD_LOAD_REFUSE_SECRET = USER_RECORD_REQUIRE_REGULAR |
89 USER_RECORD_ALLOW_PRIVILEGED |
90 USER_RECORD_ALLOW_PER_MACHINE |
91 USER_RECORD_ALLOW_BINDING |
92 USER_RECORD_ALLOW_STATUS |
93 USER_RECORD_ALLOW_SIGNATURE,
94
95 USER_RECORD_LOAD_MASK_SECRET = USER_RECORD_REQUIRE_REGULAR |
96 USER_RECORD_ALLOW_PRIVILEGED |
97 USER_RECORD_ALLOW_PER_MACHINE |
98 USER_RECORD_ALLOW_BINDING |
99 USER_RECORD_ALLOW_STATUS |
100 USER_RECORD_ALLOW_SIGNATURE |
101 USER_RECORD_STRIP_SECRET,
102
103 USER_RECORD_EXTRACT_SECRET = USER_RECORD_REQUIRE_SECRET |
104 USER_RECORD_STRIP_REGULAR |
105 USER_RECORD_STRIP_PRIVILEGED |
106 USER_RECORD_STRIP_PER_MACHINE |
107 USER_RECORD_STRIP_BINDING |
108 USER_RECORD_STRIP_STATUS |
109 USER_RECORD_STRIP_SIGNATURE,
110
111 USER_RECORD_LOAD_SIGNABLE = USER_RECORD_REQUIRE_REGULAR |
112 USER_RECORD_ALLOW_PRIVILEGED |
113 USER_RECORD_ALLOW_PER_MACHINE,
114
115 USER_RECORD_EXTRACT_SIGNABLE = USER_RECORD_LOAD_SIGNABLE |
116 USER_RECORD_STRIP_SECRET |
117 USER_RECORD_STRIP_BINDING |
118 USER_RECORD_STRIP_STATUS |
119 USER_RECORD_STRIP_SIGNATURE,
120
121 USER_RECORD_LOAD_EMBEDDED = USER_RECORD_REQUIRE_REGULAR |
122 USER_RECORD_ALLOW_PRIVILEGED |
123 USER_RECORD_ALLOW_PER_MACHINE |
124 USER_RECORD_ALLOW_SIGNATURE,
125
126 USER_RECORD_EXTRACT_EMBEDDED = USER_RECORD_LOAD_EMBEDDED |
127 USER_RECORD_STRIP_SECRET |
128 USER_RECORD_STRIP_BINDING |
129 USER_RECORD_STRIP_STATUS,
130
131 /* Whether to log about loader errors beyond LOG_DEBUG */
132 USER_RECORD_LOG = 1U << 28,
133
134 /* Whether to ignore errors and load what we can */
135 USER_RECORD_PERMISSIVE = 1U << 29,
136
137 /* Whether an empty record is OK */
138 USER_RECORD_EMPTY_OK = 1U << 30,
139 } UserRecordLoadFlags;
140
USER_RECORD_REQUIRE(UserRecordMask m)141 static inline UserRecordLoadFlags USER_RECORD_REQUIRE(UserRecordMask m) {
142 assert((m & ~_USER_RECORD_MASK_MAX) == 0);
143 return m << 7;
144 }
145
USER_RECORD_ALLOW(UserRecordMask m)146 static inline UserRecordLoadFlags USER_RECORD_ALLOW(UserRecordMask m) {
147 assert((m & ~_USER_RECORD_MASK_MAX) == 0);
148 return m << 14;
149 }
150
USER_RECORD_STRIP(UserRecordMask m)151 static inline UserRecordLoadFlags USER_RECORD_STRIP(UserRecordMask m) {
152 assert((m & ~_USER_RECORD_MASK_MAX) == 0);
153 return m << 21;
154 }
155
USER_RECORD_REQUIRE_MASK(UserRecordLoadFlags f)156 static inline UserRecordMask USER_RECORD_REQUIRE_MASK(UserRecordLoadFlags f) {
157 return (f >> 7) & _USER_RECORD_MASK_MAX;
158 }
159
USER_RECORD_ALLOW_MASK(UserRecordLoadFlags f)160 static inline UserRecordMask USER_RECORD_ALLOW_MASK(UserRecordLoadFlags f) {
161 return ((f >> 14) & _USER_RECORD_MASK_MAX) | USER_RECORD_REQUIRE_MASK(f);
162 }
163
USER_RECORD_STRIP_MASK(UserRecordLoadFlags f)164 static inline UserRecordMask USER_RECORD_STRIP_MASK(UserRecordLoadFlags f) {
165 return (f >> 21) & _USER_RECORD_MASK_MAX;
166 }
167
USER_RECORD_LOAD_FLAGS_TO_JSON_DISPATCH_FLAGS(UserRecordLoadFlags flags)168 static inline JsonDispatchFlags USER_RECORD_LOAD_FLAGS_TO_JSON_DISPATCH_FLAGS(UserRecordLoadFlags flags) {
169 return (FLAGS_SET(flags, USER_RECORD_LOG) ? JSON_LOG : 0) |
170 (FLAGS_SET(flags, USER_RECORD_PERMISSIVE) ? JSON_PERMISSIVE : 0);
171 }
172
173 typedef struct Pkcs11EncryptedKey {
174 /* The encrypted passphrase, which can be decrypted with the private key indicated below */
175 void *data;
176 size_t size;
177
178 /* Where to find the private key to decrypt the encrypted passphrase above */
179 char *uri;
180
181 /* What to test the decrypted passphrase against to allow access (classic UNIX password hash). Note
182 * that the decrypted passphrase is also used for unlocking LUKS and fscrypt, and if the account is
183 * backed by LUKS or fscrypt the hashed password is only an additional layer of authentication, not
184 * the only. */
185 char *hashed_password;
186 } Pkcs11EncryptedKey;
187
188 typedef struct Fido2HmacCredential {
189 void *id;
190 size_t size;
191 } Fido2HmacCredential;
192
193 typedef struct Fido2HmacSalt {
194 /* The FIDO2 Cridential ID to use */
195 Fido2HmacCredential credential;
196
197 /* The FIDO2 salt value */
198 void *salt;
199 size_t salt_size;
200
201 /* What to test the hashed salt value against, usually UNIX password hash here. */
202 char *hashed_password;
203
204 /* Whether the 'up', 'uv', 'clientPin' features are enabled. */
205 int uv, up, client_pin;
206 } Fido2HmacSalt;
207
208 typedef struct RecoveryKey {
209 /* The type of recovery key, must be "modhex64" right now */
210 char *type;
211
212 /* A UNIX password hash of the normalized form of modhex64 */
213 char *hashed_password;
214 } RecoveryKey;
215
216 typedef enum AutoResizeMode {
217 AUTO_RESIZE_OFF, /* no automatic grow/shrink */
218 AUTO_RESIZE_GROW, /* grow at login */
219 AUTO_RESIZE_SHRINK_AND_GROW, /* shrink at logout + grow at login */
220 _AUTO_RESIZE_MODE_MAX,
221 _AUTO_RESIZE_MODE_INVALID = -EINVAL,
222 } AutoResizeMode;
223
224 #define REBALANCE_WEIGHT_OFF UINT64_C(0)
225 #define REBALANCE_WEIGHT_DEFAULT UINT64_C(100)
226 #define REBALANCE_WEIGHT_BACKING UINT64_C(20)
227 #define REBALANCE_WEIGHT_MIN UINT64_C(1)
228 #define REBALANCE_WEIGHT_MAX UINT64_C(10000)
229 #define REBALANCE_WEIGHT_UNSET UINT64_MAX
230
231 typedef struct UserRecord {
232 /* The following three fields are not part of the JSON record */
233 unsigned n_ref;
234 UserRecordMask mask;
235 bool incomplete; /* incomplete due to security restrictions. */
236
237 char *user_name;
238 char *realm;
239 char *user_name_and_realm_auto; /* the user_name field concatenated with '@' and the realm, if the latter is defined */
240 char *real_name;
241 char *email_address;
242 char *password_hint;
243 char *icon_name;
244 char *location;
245
246 UserDisposition disposition;
247 uint64_t last_change_usec;
248 uint64_t last_password_change_usec;
249
250 char *shell;
251 mode_t umask;
252 char **environment;
253 char *time_zone;
254 char *preferred_language;
255 int nice_level;
256 struct rlimit *rlimits[_RLIMIT_MAX];
257
258 int locked; /* prohibit activation in general */
259 uint64_t not_before_usec; /* prohibit activation before this unix time */
260 uint64_t not_after_usec; /* prohibit activation after this unix time */
261
262 UserStorage storage;
263 uint64_t disk_size;
264 uint64_t disk_size_relative; /* Disk size, relative to the free bytes of the medium, normalized to UINT32_MAX = 100% */
265 char *skeleton_directory;
266 mode_t access_mode;
267 AutoResizeMode auto_resize_mode;
268 uint64_t rebalance_weight;
269
270 uint64_t tasks_max;
271 uint64_t memory_high;
272 uint64_t memory_max;
273 uint64_t cpu_weight;
274 uint64_t io_weight;
275
276 bool nosuid;
277 bool nodev;
278 bool noexec;
279
280 char **hashed_password;
281 char **ssh_authorized_keys;
282 char **password;
283 char **token_pin;
284
285 char *cifs_domain;
286 char *cifs_user_name;
287 char *cifs_service;
288 char *cifs_extra_mount_options;
289
290 char *image_path;
291 char *image_path_auto; /* when none is configured explicitly, this is where we place the implicit image */
292 char *home_directory;
293 char *home_directory_auto; /* when none is set explicitly, this is where we place the implicit home directory */
294
295 uid_t uid;
296 gid_t gid;
297
298 char **member_of;
299
300 char *file_system_type;
301 sd_id128_t partition_uuid;
302 sd_id128_t luks_uuid;
303 sd_id128_t file_system_uuid;
304
305 int luks_discard;
306 int luks_offline_discard;
307 char *luks_cipher;
308 char *luks_cipher_mode;
309 uint64_t luks_volume_key_size;
310 char *luks_pbkdf_hash_algorithm;
311 char *luks_pbkdf_type;
312 uint64_t luks_pbkdf_time_cost_usec;
313 uint64_t luks_pbkdf_memory_cost;
314 uint64_t luks_pbkdf_parallel_threads;
315 char *luks_extra_mount_options;
316
317 uint64_t disk_usage;
318 uint64_t disk_free;
319 uint64_t disk_ceiling;
320 uint64_t disk_floor;
321
322 char *state;
323 char *service;
324 int signed_locally;
325
326 uint64_t good_authentication_counter;
327 uint64_t bad_authentication_counter;
328 uint64_t last_good_authentication_usec;
329 uint64_t last_bad_authentication_usec;
330
331 uint64_t ratelimit_begin_usec;
332 uint64_t ratelimit_count;
333 uint64_t ratelimit_interval_usec;
334 uint64_t ratelimit_burst;
335
336 int removable;
337 int enforce_password_policy;
338 int auto_login;
339 int drop_caches;
340
341 uint64_t stop_delay_usec; /* How long to leave systemd --user around on log-out */
342 int kill_processes; /* Whether to kill user processes forcibly on log-out */
343
344 /* The following exist mostly so that we can cover the full /etc/shadow set of fields */
345 uint64_t password_change_min_usec; /* maps to .sp_min */
346 uint64_t password_change_max_usec; /* maps to .sp_max */
347 uint64_t password_change_warn_usec; /* maps to .sp_warn */
348 uint64_t password_change_inactive_usec; /* maps to .sp_inact */
349 int password_change_now; /* Require a password change immediately on next login (.sp_lstchg = 0) */
350
351 char **pkcs11_token_uri;
352 Pkcs11EncryptedKey *pkcs11_encrypted_key;
353 size_t n_pkcs11_encrypted_key;
354 int pkcs11_protected_authentication_path_permitted;
355
356 Fido2HmacCredential *fido2_hmac_credential;
357 size_t n_fido2_hmac_credential;
358 Fido2HmacSalt *fido2_hmac_salt;
359 size_t n_fido2_hmac_salt;
360 int fido2_user_presence_permitted;
361 int fido2_user_verification_permitted;
362
363 char **recovery_key_type;
364 RecoveryKey *recovery_key;
365 size_t n_recovery_key;
366
367 JsonVariant *json;
368 } UserRecord;
369
370 UserRecord* user_record_new(void);
371 UserRecord* user_record_ref(UserRecord *h);
372 UserRecord* user_record_unref(UserRecord *h);
373
374 DEFINE_TRIVIAL_CLEANUP_FUNC(UserRecord*, user_record_unref);
375
376 int user_record_load(UserRecord *h, JsonVariant *v, UserRecordLoadFlags flags);
377 int user_record_build(UserRecord **ret, ...);
378
379 const char *user_record_user_name_and_realm(UserRecord *h);
380 UserStorage user_record_storage(UserRecord *h);
381 const char *user_record_file_system_type(UserRecord *h);
382 const char *user_record_skeleton_directory(UserRecord *h);
383 mode_t user_record_access_mode(UserRecord *h);
384 const char *user_record_home_directory(UserRecord *h);
385 const char *user_record_image_path(UserRecord *h);
386 unsigned long user_record_mount_flags(UserRecord *h);
387 const char *user_record_cifs_user_name(UserRecord *h);
388 const char *user_record_shell(UserRecord *h);
389 const char *user_record_real_name(UserRecord *h);
390 bool user_record_luks_discard(UserRecord *h);
391 bool user_record_luks_offline_discard(UserRecord *h);
392 const char *user_record_luks_cipher(UserRecord *h);
393 const char *user_record_luks_cipher_mode(UserRecord *h);
394 uint64_t user_record_luks_volume_key_size(UserRecord *h);
395 const char* user_record_luks_pbkdf_type(UserRecord *h);
396 usec_t user_record_luks_pbkdf_time_cost_usec(UserRecord *h);
397 uint64_t user_record_luks_pbkdf_memory_cost(UserRecord *h);
398 uint64_t user_record_luks_pbkdf_parallel_threads(UserRecord *h);
399 const char *user_record_luks_pbkdf_hash_algorithm(UserRecord *h);
400 gid_t user_record_gid(UserRecord *h);
401 UserDisposition user_record_disposition(UserRecord *h);
402 int user_record_removable(UserRecord *h);
403 usec_t user_record_ratelimit_interval_usec(UserRecord *h);
404 uint64_t user_record_ratelimit_burst(UserRecord *h);
405 bool user_record_can_authenticate(UserRecord *h);
406 bool user_record_drop_caches(UserRecord *h);
407 AutoResizeMode user_record_auto_resize_mode(UserRecord *h);
408 uint64_t user_record_rebalance_weight(UserRecord *h);
409
410 int user_record_build_image_path(UserStorage storage, const char *user_name_and_realm, char **ret);
411
412 bool user_record_equal(UserRecord *a, UserRecord *b);
413 bool user_record_compatible(UserRecord *a, UserRecord *b);
414 int user_record_compare_last_change(UserRecord *a, UserRecord *b);
415
416 usec_t user_record_ratelimit_next_try(UserRecord *h);
417
418 int user_record_clone(UserRecord *h, UserRecordLoadFlags flags, UserRecord **ret);
419 int user_record_masked_equal(UserRecord *a, UserRecord *b, UserRecordMask mask);
420
421 int user_record_test_blocked(UserRecord *h);
422 int user_record_test_password_change_required(UserRecord *h);
423
424 /* The following six are user by group-record.c, that's why we export them here */
425 int json_dispatch_realm(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata);
426 int json_dispatch_gecos(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata);
427 int json_dispatch_user_group_list(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata);
428 int json_dispatch_user_disposition(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata);
429
430 int per_machine_id_match(JsonVariant *ids, JsonDispatchFlags flags);
431 int per_machine_hostname_match(JsonVariant *hns, JsonDispatchFlags flags);
432 int user_group_record_mangle(JsonVariant *v, UserRecordLoadFlags load_flags, JsonVariant **ret_variant, UserRecordMask *ret_mask);
433
434 const char* user_storage_to_string(UserStorage t) _const_;
435 UserStorage user_storage_from_string(const char *s) _pure_;
436
437 const char* user_disposition_to_string(UserDisposition t) _const_;
438 UserDisposition user_disposition_from_string(const char *s) _pure_;
439
440 const char* auto_resize_mode_to_string(AutoResizeMode m) _const_;
441 AutoResizeMode auto_resize_mode_from_string(const char *s) _pure_;
442