1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #if HAVE_LINUX_MEMFD_H
4 #include <linux/memfd.h>
5 #endif
6
7 #include <sys/mman.h>
8 #include <sys/quota.h>
9 #include <sys/vfs.h>
10
11 #include "blockdev-util.h"
12 #include "btrfs-util.h"
13 #include "bus-common-errors.h"
14 #include "data-fd-util.h"
15 #include "env-util.h"
16 #include "errno-list.h"
17 #include "errno-util.h"
18 #include "fd-util.h"
19 #include "fileio.h"
20 #include "filesystems.h"
21 #include "fs-util.h"
22 #include "home-util.h"
23 #include "homed-home-bus.h"
24 #include "homed-home.h"
25 #include "missing_magic.h"
26 #include "missing_syscall.h"
27 #include "mkdir.h"
28 #include "path-util.h"
29 #include "process-util.h"
30 #include "pwquality-util.h"
31 #include "quota-util.h"
32 #include "resize-fs.h"
33 #include "set.h"
34 #include "signal-util.h"
35 #include "stat-util.h"
36 #include "string-table.h"
37 #include "strv.h"
38 #include "uid-alloc-range.h"
39 #include "user-record-pwquality.h"
40 #include "user-record-sign.h"
41 #include "user-record-util.h"
42 #include "user-record.h"
43 #include "user-util.h"
44
45 /* Retry to deactivate home directories again and again every 15s until it works */
46 #define RETRY_DEACTIVATE_USEC (15U * USEC_PER_SEC)
47
48 #define HOME_USERS_MAX 500
49 #define PENDING_OPERATIONS_MAX 100
50
51 assert_cc(HOME_UID_MIN <= HOME_UID_MAX);
52 assert_cc(HOME_USERS_MAX <= (HOME_UID_MAX - HOME_UID_MIN + 1));
53
54 static int home_start_work(Home *h, const char *verb, UserRecord *hr, UserRecord *secret);
55
56 DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(operation_hash_ops, void, trivial_hash_func, trivial_compare_func, Operation, operation_unref);
57
suitable_home_record(UserRecord * hr)58 static int suitable_home_record(UserRecord *hr) {
59 int r;
60
61 assert(hr);
62
63 if (!hr->user_name)
64 return -EUNATCH;
65
66 /* We are a bit more restrictive with what we accept as homed-managed user than what we accept in
67 * home records in general. Let's enforce the stricter rule here. */
68 if (!suitable_user_name(hr->user_name))
69 return -EINVAL;
70 if (!uid_is_valid(hr->uid))
71 return -EINVAL;
72
73 /* Insist we are outside of the dynamic and system range */
74 if (uid_is_system(hr->uid) || gid_is_system(user_record_gid(hr)) ||
75 uid_is_dynamic(hr->uid) || gid_is_dynamic(user_record_gid(hr)))
76 return -EADDRNOTAVAIL;
77
78 /* Insist that GID and UID match */
79 if (user_record_gid(hr) != (gid_t) hr->uid)
80 return -EBADSLT;
81
82 /* Similar for the realm */
83 if (hr->realm) {
84 r = suitable_realm(hr->realm);
85 if (r < 0)
86 return r;
87 if (r == 0)
88 return -EINVAL;
89 }
90
91 return 0;
92 }
93
home_new(Manager * m,UserRecord * hr,const char * sysfs,Home ** ret)94 int home_new(Manager *m, UserRecord *hr, const char *sysfs, Home **ret) {
95 _cleanup_(home_freep) Home *home = NULL;
96 _cleanup_free_ char *nm = NULL, *ns = NULL;
97 int r;
98
99 assert(m);
100 assert(hr);
101
102 r = suitable_home_record(hr);
103 if (r < 0)
104 return r;
105
106 if (hashmap_contains(m->homes_by_name, hr->user_name))
107 return -EBUSY;
108
109 if (hashmap_contains(m->homes_by_uid, UID_TO_PTR(hr->uid)))
110 return -EBUSY;
111
112 if (sysfs && hashmap_contains(m->homes_by_sysfs, sysfs))
113 return -EBUSY;
114
115 if (hashmap_size(m->homes_by_name) >= HOME_USERS_MAX)
116 return -EUSERS;
117
118 nm = strdup(hr->user_name);
119 if (!nm)
120 return -ENOMEM;
121
122 if (sysfs) {
123 ns = strdup(sysfs);
124 if (!ns)
125 return -ENOMEM;
126 }
127
128 home = new(Home, 1);
129 if (!home)
130 return -ENOMEM;
131
132 *home = (Home) {
133 .manager = m,
134 .user_name = TAKE_PTR(nm),
135 .uid = hr->uid,
136 .state = _HOME_STATE_INVALID,
137 .worker_stdout_fd = -1,
138 .sysfs = TAKE_PTR(ns),
139 .signed_locally = -1,
140 .pin_fd = -1,
141 .luks_lock_fd = -1,
142 };
143
144 r = hashmap_put(m->homes_by_name, home->user_name, home);
145 if (r < 0)
146 return r;
147
148 r = hashmap_put(m->homes_by_uid, UID_TO_PTR(home->uid), home);
149 if (r < 0)
150 return r;
151
152 if (home->sysfs) {
153 r = hashmap_put(m->homes_by_sysfs, home->sysfs, home);
154 if (r < 0)
155 return r;
156 }
157
158 r = user_record_clone(hr, USER_RECORD_LOAD_MASK_SECRET|USER_RECORD_PERMISSIVE, &home->record);
159 if (r < 0)
160 return r;
161
162 (void) bus_manager_emit_auto_login_changed(m);
163 (void) bus_home_emit_change(home);
164 (void) manager_schedule_rebalance(m, /* immediately= */ false);
165
166 if (ret)
167 *ret = TAKE_PTR(home);
168 else
169 TAKE_PTR(home);
170
171 return 0;
172 }
173
home_free(Home * h)174 Home *home_free(Home *h) {
175
176 if (!h)
177 return NULL;
178
179 if (h->manager) {
180 (void) bus_home_emit_remove(h);
181 (void) bus_manager_emit_auto_login_changed(h->manager);
182
183 if (h->user_name)
184 (void) hashmap_remove_value(h->manager->homes_by_name, h->user_name, h);
185
186 if (uid_is_valid(h->uid))
187 (void) hashmap_remove_value(h->manager->homes_by_uid, UID_TO_PTR(h->uid), h);
188
189 if (h->sysfs)
190 (void) hashmap_remove_value(h->manager->homes_by_sysfs, h->sysfs, h);
191
192 if (h->worker_pid > 0)
193 (void) hashmap_remove_value(h->manager->homes_by_worker_pid, PID_TO_PTR(h->worker_pid), h);
194
195 if (h->manager->gc_focus == h)
196 h->manager->gc_focus = NULL;
197
198 (void) manager_schedule_rebalance(h->manager, /* immediately= */ false);
199 }
200
201 user_record_unref(h->record);
202 user_record_unref(h->secret);
203
204 h->worker_event_source = sd_event_source_disable_unref(h->worker_event_source);
205 safe_close(h->worker_stdout_fd);
206 free(h->user_name);
207 free(h->sysfs);
208
209 h->ref_event_source_please_suspend = sd_event_source_disable_unref(h->ref_event_source_please_suspend);
210 h->ref_event_source_dont_suspend = sd_event_source_disable_unref(h->ref_event_source_dont_suspend);
211
212 h->pending_operations = ordered_set_free(h->pending_operations);
213 h->pending_event_source = sd_event_source_disable_unref(h->pending_event_source);
214 h->deferred_change_event_source = sd_event_source_disable_unref(h->deferred_change_event_source);
215
216 h->current_operation = operation_unref(h->current_operation);
217
218 safe_close(h->pin_fd);
219 safe_close(h->luks_lock_fd);
220
221 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
222
223 return mfree(h);
224 }
225
home_set_record(Home * h,UserRecord * hr)226 int home_set_record(Home *h, UserRecord *hr) {
227 _cleanup_(user_record_unrefp) UserRecord *new_hr = NULL;
228 Home *other;
229 int r;
230
231 assert(h);
232 assert(h->user_name);
233 assert(h->record);
234 assert(hr);
235
236 if (user_record_equal(h->record, hr))
237 return 0;
238
239 r = suitable_home_record(hr);
240 if (r < 0)
241 return r;
242
243 if (!user_record_compatible(h->record, hr))
244 return -EREMCHG;
245
246 if (!FLAGS_SET(hr->mask, USER_RECORD_REGULAR) ||
247 FLAGS_SET(hr->mask, USER_RECORD_SECRET))
248 return -EINVAL;
249
250 if (FLAGS_SET(h->record->mask, USER_RECORD_STATUS)) {
251 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
252
253 /* Hmm, the existing record has status fields? If so, copy them over */
254
255 v = json_variant_ref(hr->json);
256 r = json_variant_set_field(&v, "status", json_variant_by_key(h->record->json, "status"));
257 if (r < 0)
258 return r;
259
260 new_hr = user_record_new();
261 if (!new_hr)
262 return -ENOMEM;
263
264 r = user_record_load(new_hr, v, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE);
265 if (r < 0)
266 return r;
267
268 hr = new_hr;
269 }
270
271 other = hashmap_get(h->manager->homes_by_uid, UID_TO_PTR(hr->uid));
272 if (other && other != h)
273 return -EBUSY;
274
275 if (h->uid != hr->uid) {
276 r = hashmap_remove_and_replace(h->manager->homes_by_uid, UID_TO_PTR(h->uid), UID_TO_PTR(hr->uid), h);
277 if (r < 0)
278 return r;
279 }
280
281 user_record_unref(h->record);
282 h->record = user_record_ref(hr);
283 h->uid = h->record->uid;
284
285 /* The updated record might have a different autologin setting, trigger a PropertiesChanged event for it */
286 (void) bus_manager_emit_auto_login_changed(h->manager);
287 (void) bus_home_emit_change(h);
288
289 return 0;
290 }
291
home_save_record(Home * h)292 int home_save_record(Home *h) {
293 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
294 _cleanup_free_ char *text = NULL;
295 const char *fn;
296 int r;
297
298 assert(h);
299
300 v = json_variant_ref(h->record->json);
301 r = json_variant_normalize(&v);
302 if (r < 0)
303 log_warning_errno(r, "User record could not be normalized.");
304
305 r = json_variant_format(v, JSON_FORMAT_PRETTY|JSON_FORMAT_NEWLINE, &text);
306 if (r < 0)
307 return r;
308
309 (void) mkdir("/var/lib/systemd/", 0755);
310 (void) mkdir(home_record_dir(), 0700);
311
312 fn = strjoina(home_record_dir(), "/", h->user_name, ".identity");
313
314 r = write_string_file(fn, text, WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_MODE_0600|WRITE_STRING_FILE_SYNC);
315 if (r < 0)
316 return r;
317
318 return 0;
319 }
320
home_unlink_record(Home * h)321 int home_unlink_record(Home *h) {
322 const char *fn;
323
324 assert(h);
325
326 fn = strjoina(home_record_dir(), "/", h->user_name, ".identity");
327 if (unlink(fn) < 0 && errno != ENOENT)
328 return -errno;
329
330 fn = strjoina("/run/systemd/home/", h->user_name, ".ref");
331 if (unlink(fn) < 0 && errno != ENOENT)
332 return -errno;
333
334 return 0;
335 }
336
home_unpin(Home * h)337 static void home_unpin(Home *h) {
338 assert(h);
339
340 if (h->pin_fd < 0)
341 return;
342
343 h->pin_fd = safe_close(h->pin_fd);
344 log_debug("Successfully closed pin fd on home for %s.", h->user_name);
345 }
346
home_pin(Home * h)347 static void home_pin(Home *h) {
348 const char *path;
349
350 assert(h);
351
352 if (h->pin_fd >= 0) /* Already pinned? */
353 return;
354
355 path = user_record_home_directory(h->record);
356 if (!path) {
357 log_warning("No home directory path to pin for %s, ignoring.", h->user_name);
358 return;
359 }
360
361 h->pin_fd = open(path, O_RDONLY|O_DIRECTORY|O_CLOEXEC);
362 if (h->pin_fd < 0) {
363 log_warning_errno(errno, "Couldn't open home directory '%s' for pinning, ignoring: %m", path);
364 return;
365 }
366
367 log_debug("Successfully pinned home directory '%s'.", path);
368 }
369
home_update_pin_fd(Home * h,HomeState state)370 static void home_update_pin_fd(Home *h, HomeState state) {
371 assert(h);
372
373 if (state < 0)
374 state = home_get_state(h);
375
376 return HOME_STATE_SHALL_PIN(state) ? home_pin(h) : home_unpin(h);
377 }
378
home_maybe_close_luks_lock_fd(Home * h,HomeState state)379 static void home_maybe_close_luks_lock_fd(Home *h, HomeState state) {
380 assert(h);
381
382 if (h->luks_lock_fd < 0)
383 return;
384
385 if (state < 0)
386 state = home_get_state(h);
387
388 /* Keep the lock as long as the home dir is active or has some operation going */
389 if (HOME_STATE_IS_EXECUTING_OPERATION(state) || HOME_STATE_IS_ACTIVE(state) || state == HOME_LOCKED)
390 return;
391
392 h->luks_lock_fd = safe_close(h->luks_lock_fd);
393 log_debug("Successfully closed LUKS backing file lock for %s.", h->user_name);
394 }
395
home_maybe_stop_retry_deactivate(Home * h,HomeState state)396 static void home_maybe_stop_retry_deactivate(Home *h, HomeState state) {
397 assert(h);
398
399 /* Free the deactivation retry event source if we won't need it anymore. Specifically, we'll free the
400 * event source whenever the home directory is already deactivated (and we thus where successful) or
401 * if we start executing an operation that indicates that the home directory is going to be used or
402 * operated on again. Also, if the home is referenced again stop the timer */
403
404 if (HOME_STATE_MAY_RETRY_DEACTIVATE(state) &&
405 !h->ref_event_source_dont_suspend &&
406 !h->ref_event_source_please_suspend)
407 return;
408
409 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
410 }
411
412 static int home_deactivate_internal(Home *h, bool force, sd_bus_error *error);
413 static void home_start_retry_deactivate(Home *h);
414
home_on_retry_deactivate(sd_event_source * s,uint64_t usec,void * userdata)415 static int home_on_retry_deactivate(sd_event_source *s, uint64_t usec, void *userdata) {
416 Home *h = userdata;
417 HomeState state;
418
419 assert(s);
420 assert(h);
421
422 /* 15s after the last attempt to deactivate the home directory passed. Let's try it one more time. */
423
424 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
425
426 state = home_get_state(h);
427 if (!HOME_STATE_MAY_RETRY_DEACTIVATE(state))
428 return 0;
429
430 if (IN_SET(state, HOME_ACTIVE, HOME_LINGERING)) {
431 log_info("Again trying to deactivate home directory.");
432
433 /* If we are not executing any operation, let's start deactivating now. Note that this will
434 * restart our timer again, we are gonna be called again if this doesn't work. */
435 (void) home_deactivate_internal(h, /* force= */ false, NULL);
436 } else
437 /* if we are executing an operation (specifically, area already running a deactivation
438 * operation), then simply reque the timer, so that we retry again. */
439 home_start_retry_deactivate(h);
440
441 return 0;
442 }
443
home_start_retry_deactivate(Home * h)444 static void home_start_retry_deactivate(Home *h) {
445 int r;
446
447 assert(h);
448 assert(h->manager);
449
450 /* Already allocated? */
451 if (h->retry_deactivate_event_source)
452 return;
453
454 /* If the home directory is being used now don't start the timer */
455 if (h->ref_event_source_dont_suspend || h->ref_event_source_please_suspend)
456 return;
457
458 r = sd_event_add_time_relative(
459 h->manager->event,
460 &h->retry_deactivate_event_source,
461 CLOCK_MONOTONIC,
462 RETRY_DEACTIVATE_USEC,
463 1*USEC_PER_MINUTE,
464 home_on_retry_deactivate,
465 h);
466 if (r < 0)
467 return (void) log_warning_errno(r, "Failed to install retry-deactivate event source, ignoring: %m");
468
469 (void) sd_event_source_set_description(h->retry_deactivate_event_source, "retry-deactivate");
470 }
471
home_set_state(Home * h,HomeState state)472 static void home_set_state(Home *h, HomeState state) {
473 HomeState old_state, new_state;
474
475 assert(h);
476
477 old_state = home_get_state(h);
478 h->state = state;
479 new_state = home_get_state(h); /* Query the new state, since the 'state' variable might be set to -1,
480 * in which case we synthesize an high-level state on demand */
481
482 log_info("%s: changing state %s → %s", h->user_name,
483 home_state_to_string(old_state),
484 home_state_to_string(new_state));
485
486 home_update_pin_fd(h, new_state);
487 home_maybe_close_luks_lock_fd(h, new_state);
488 home_maybe_stop_retry_deactivate(h, new_state);
489
490 if (HOME_STATE_IS_EXECUTING_OPERATION(old_state) && !HOME_STATE_IS_EXECUTING_OPERATION(new_state)) {
491 /* If we just finished executing some operation, process the queue of pending operations. And
492 * enqueue it for GC too. */
493
494 home_schedule_operation(h, NULL, NULL);
495 manager_reschedule_rebalance(h->manager);
496 manager_enqueue_gc(h->manager, h);
497 }
498 }
499
home_parse_worker_stdout(int _fd,UserRecord ** ret)500 static int home_parse_worker_stdout(int _fd, UserRecord **ret) {
501 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
502 _cleanup_close_ int fd = _fd; /* take possession, even on failure */
503 _cleanup_(user_record_unrefp) UserRecord *hr = NULL;
504 _cleanup_fclose_ FILE *f = NULL;
505 unsigned line, column;
506 struct stat st;
507 int r;
508
509 if (fstat(fd, &st) < 0)
510 return log_error_errno(errno, "Failed to stat stdout fd: %m");
511
512 assert(S_ISREG(st.st_mode));
513
514 if (st.st_size == 0) { /* empty record */
515 *ret = NULL;
516 return 0;
517 }
518
519 if (lseek(fd, SEEK_SET, 0) == (off_t) -1)
520 return log_error_errno(errno, "Failed to seek to beginning of memfd: %m");
521
522 f = take_fdopen(&fd, "r");
523 if (!f)
524 return log_error_errno(errno, "Failed to reopen memfd: %m");
525
526 if (DEBUG_LOGGING) {
527 _cleanup_free_ char *text = NULL;
528
529 r = read_full_stream(f, &text, NULL);
530 if (r < 0)
531 return log_error_errno(r, "Failed to read from client: %m");
532
533 log_debug("Got from worker: %s", text);
534 rewind(f);
535 }
536
537 r = json_parse_file(f, "stdout", JSON_PARSE_SENSITIVE, &v, &line, &column);
538 if (r < 0)
539 return log_error_errno(r, "Failed to parse identity at %u:%u: %m", line, column);
540
541 hr = user_record_new();
542 if (!hr)
543 return log_oom();
544
545 r = user_record_load(hr, v, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE);
546 if (r < 0)
547 return log_error_errno(r, "Failed to load home record identity: %m");
548
549 *ret = TAKE_PTR(hr);
550 return 1;
551 }
552
home_verify_user_record(Home * h,UserRecord * hr,bool * ret_signed_locally,sd_bus_error * ret_error)553 static int home_verify_user_record(Home *h, UserRecord *hr, bool *ret_signed_locally, sd_bus_error *ret_error) {
554 int is_signed;
555
556 assert(h);
557 assert(hr);
558 assert(ret_signed_locally);
559
560 is_signed = manager_verify_user_record(h->manager, hr);
561 switch (is_signed) {
562
563 case USER_RECORD_SIGNED_EXCLUSIVE:
564 log_info("Home %s is signed exclusively by our key, accepting.", hr->user_name);
565 *ret_signed_locally = true;
566 return 0;
567
568 case USER_RECORD_SIGNED:
569 log_info("Home %s is signed by our key (and others), accepting.", hr->user_name);
570 *ret_signed_locally = false;
571 return 0;
572
573 case USER_RECORD_FOREIGN:
574 log_info("Home %s is signed by foreign key we like, accepting.", hr->user_name);
575 *ret_signed_locally = false;
576 return 0;
577
578 case USER_RECORD_UNSIGNED:
579 sd_bus_error_setf(ret_error, BUS_ERROR_BAD_SIGNATURE, "User record %s is not signed at all, refusing.", hr->user_name);
580 return log_error_errno(SYNTHETIC_ERRNO(EPERM), "Home %s contains user record that is not signed at all, refusing.", hr->user_name);
581
582 case -ENOKEY:
583 sd_bus_error_setf(ret_error, BUS_ERROR_BAD_SIGNATURE, "User record %s is not signed by any known key, refusing.", hr->user_name);
584 return log_error_errno(is_signed, "Home %s contains user record that is not signed by any known key, refusing.", hr->user_name);
585
586 default:
587 assert(is_signed < 0);
588 return log_error_errno(is_signed, "Failed to verify signature on user record for %s, refusing fixation: %m", hr->user_name);
589 }
590 }
591
convert_worker_errno(Home * h,int e,sd_bus_error * error)592 static int convert_worker_errno(Home *h, int e, sd_bus_error *error) {
593 /* Converts the error numbers the worker process returned into somewhat sensible dbus errors */
594
595 switch (e) {
596
597 case -EMSGSIZE:
598 return sd_bus_error_set(error, BUS_ERROR_BAD_HOME_SIZE, "File systems of this type cannot be shrunk");
599 case -ETXTBSY:
600 return sd_bus_error_set(error, BUS_ERROR_BAD_HOME_SIZE, "File systems of this type can only be shrunk offline");
601 case -ERANGE:
602 return sd_bus_error_set(error, BUS_ERROR_BAD_HOME_SIZE, "File system size too small");
603 case -ENOLINK:
604 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "System does not support selected storage backend");
605 case -EPROTONOSUPPORT:
606 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "System does not support selected file system");
607 case -ENOTTY:
608 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "Operation not supported on storage backend");
609 case -ESOCKTNOSUPPORT:
610 return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "Operation not supported on file system");
611 case -ENOKEY:
612 return sd_bus_error_setf(error, BUS_ERROR_BAD_PASSWORD, "Password for home %s is incorrect or not sufficient for authentication.", h->user_name);
613 case -EBADSLT:
614 return sd_bus_error_setf(error, BUS_ERROR_BAD_PASSWORD_AND_NO_TOKEN, "Password for home %s is incorrect or not sufficient, and configured security token not found either.", h->user_name);
615 case -EREMOTEIO:
616 return sd_bus_error_setf(error, BUS_ERROR_BAD_RECOVERY_KEY, "Recovery key for home %s is incorrect or not sufficient for authentication.", h->user_name);
617 case -ENOANO:
618 return sd_bus_error_set(error, BUS_ERROR_TOKEN_PIN_NEEDED, "PIN for security token required.");
619 case -ERFKILL:
620 return sd_bus_error_set(error, BUS_ERROR_TOKEN_PROTECTED_AUTHENTICATION_PATH_NEEDED, "Security token requires protected authentication path.");
621 case -EMEDIUMTYPE:
622 return sd_bus_error_set(error, BUS_ERROR_TOKEN_USER_PRESENCE_NEEDED, "Security token requires presence confirmation.");
623 case -ENOCSI:
624 return sd_bus_error_set(error, BUS_ERROR_TOKEN_USER_VERIFICATION_NEEDED, "Security token requires user verification.");
625 case -ENOSTR:
626 return sd_bus_error_set(error, BUS_ERROR_TOKEN_ACTION_TIMEOUT, "Token action timeout. (User was supposed to verify presence or similar, by interacting with the token, and didn't do that in time.)");
627 case -EOWNERDEAD:
628 return sd_bus_error_set(error, BUS_ERROR_TOKEN_PIN_LOCKED, "PIN of security token locked.");
629 case -ENOLCK:
630 return sd_bus_error_set(error, BUS_ERROR_TOKEN_BAD_PIN, "Bad PIN of security token.");
631 case -ETOOMANYREFS:
632 return sd_bus_error_set(error, BUS_ERROR_TOKEN_BAD_PIN_FEW_TRIES_LEFT, "Bad PIN of security token, and only a few tries left.");
633 case -EUCLEAN:
634 return sd_bus_error_set(error, BUS_ERROR_TOKEN_BAD_PIN_ONE_TRY_LEFT, "Bad PIN of security token, and only one try left.");
635 case -EBUSY:
636 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
637 case -ENOEXEC:
638 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s is currently not active", h->user_name);
639 case -ENOSPC:
640 return sd_bus_error_setf(error, BUS_ERROR_NO_DISK_SPACE, "Not enough disk space for home %s", h->user_name);
641 case -EKEYREVOKED:
642 return sd_bus_error_setf(error, BUS_ERROR_HOME_CANT_AUTHENTICATE, "Home %s has no password or other authentication mechanism defined.", h->user_name);
643 case -EADDRINUSE:
644 return sd_bus_error_setf(error, BUS_ERROR_HOME_IN_USE, "Home %s is currently being used elsewhere.", h->user_name);
645 }
646
647 return 0;
648 }
649
home_count_bad_authentication(Home * h,bool save)650 static void home_count_bad_authentication(Home *h, bool save) {
651 int r;
652
653 assert(h);
654
655 r = user_record_bad_authentication(h->record);
656 if (r < 0) {
657 log_warning_errno(r, "Failed to increase bad authentication counter, ignoring: %m");
658 return;
659 }
660
661 if (save) {
662 r = home_save_record(h);
663 if (r < 0)
664 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
665 }
666 }
667
home_fixate_finish(Home * h,int ret,UserRecord * hr)668 static void home_fixate_finish(Home *h, int ret, UserRecord *hr) {
669 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
670 _cleanup_(user_record_unrefp) UserRecord *secret = NULL;
671 bool signed_locally;
672 int r;
673
674 assert(h);
675 assert(IN_SET(h->state, HOME_FIXATING, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE));
676
677 secret = TAKE_PTR(h->secret); /* Take possession */
678
679 if (ret < 0) {
680 if (ret == -ENOKEY)
681 (void) home_count_bad_authentication(h, false);
682
683 (void) convert_worker_errno(h, ret, &error);
684 r = log_error_errno(ret, "Fixation failed: %m");
685 goto fail;
686 }
687 if (!hr) {
688 r = log_error_errno(SYNTHETIC_ERRNO(EIO), "Did not receive user record from worker process, fixation failed.");
689 goto fail;
690 }
691
692 r = home_verify_user_record(h, hr, &signed_locally, &error);
693 if (r < 0)
694 goto fail;
695
696 r = home_set_record(h, hr);
697 if (r < 0) {
698 log_error_errno(r, "Failed to update home record: %m");
699 goto fail;
700 }
701
702 h->signed_locally = signed_locally;
703
704 /* When we finished fixating (and don't follow-up with activation), let's count this as good authentication */
705 if (h->state == HOME_FIXATING) {
706 r = user_record_good_authentication(h->record);
707 if (r < 0)
708 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
709 }
710
711 r = home_save_record(h);
712 if (r < 0)
713 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
714
715 if (IN_SET(h->state, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE)) {
716
717 r = home_start_work(h, "activate", h->record, secret);
718 if (r < 0) {
719 h->current_operation = operation_result_unref(h->current_operation, r, NULL);
720 home_set_state(h, _HOME_STATE_INVALID);
721 } else
722 home_set_state(h, h->state == HOME_FIXATING_FOR_ACTIVATION ? HOME_ACTIVATING : HOME_ACTIVATING_FOR_ACQUIRE);
723
724 return;
725 }
726
727 log_debug("Fixation of %s completed.", h->user_name);
728
729 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
730
731 /* Reset the state to "invalid", which makes home_get_state() test if the image exists and returns
732 * HOME_ABSENT vs. HOME_INACTIVE as necessary. */
733 home_set_state(h, _HOME_STATE_INVALID);
734 (void) manager_schedule_rebalance(h->manager, /* immediately= */ false);
735 return;
736
737 fail:
738 /* If fixation fails, we stay in unfixated state! */
739 h->current_operation = operation_result_unref(h->current_operation, r, &error);
740 home_set_state(h, HOME_UNFIXATED);
741 }
742
home_activate_finish(Home * h,int ret,UserRecord * hr)743 static void home_activate_finish(Home *h, int ret, UserRecord *hr) {
744 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
745 int r;
746
747 assert(h);
748 assert(IN_SET(h->state, HOME_ACTIVATING, HOME_ACTIVATING_FOR_ACQUIRE));
749
750 if (ret < 0) {
751 if (ret == -ENOKEY)
752 home_count_bad_authentication(h, true);
753
754 (void) convert_worker_errno(h, ret, &error);
755 r = log_error_errno(ret, "Activation failed: %m");
756 goto finish;
757 }
758
759 if (hr) {
760 bool signed_locally;
761
762 r = home_verify_user_record(h, hr, &signed_locally, &error);
763 if (r < 0)
764 goto finish;
765
766 r = home_set_record(h, hr);
767 if (r < 0) {
768 log_error_errno(r, "Failed to update home record, ignoring: %m");
769 goto finish;
770 }
771
772 h->signed_locally = signed_locally;
773
774 r = user_record_good_authentication(h->record);
775 if (r < 0)
776 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
777
778 r = home_save_record(h);
779 if (r < 0)
780 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
781 }
782
783 log_debug("Activation of %s completed.", h->user_name);
784 r = 0;
785
786 finish:
787 h->current_operation = operation_result_unref(h->current_operation, r, &error);
788 home_set_state(h, _HOME_STATE_INVALID);
789
790 if (r >= 0)
791 (void) manager_schedule_rebalance(h->manager, /* immediately= */ true);
792 }
793
home_deactivate_finish(Home * h,int ret,UserRecord * hr)794 static void home_deactivate_finish(Home *h, int ret, UserRecord *hr) {
795 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
796 int r;
797
798 assert(h);
799 assert(h->state == HOME_DEACTIVATING);
800 assert(!hr); /* We don't expect a record on this operation */
801
802 if (ret < 0) {
803 (void) convert_worker_errno(h, ret, &error);
804 r = log_error_errno(ret, "Deactivation of %s failed: %m", h->user_name);
805 goto finish;
806 }
807
808 log_debug("Deactivation of %s completed.", h->user_name);
809 r = 0;
810
811 finish:
812 h->current_operation = operation_result_unref(h->current_operation, r, &error);
813 home_set_state(h, _HOME_STATE_INVALID);
814
815 if (r >= 0)
816 (void) manager_schedule_rebalance(h->manager, /* immediately= */ true);
817 }
818
home_remove_finish(Home * h,int ret,UserRecord * hr)819 static void home_remove_finish(Home *h, int ret, UserRecord *hr) {
820 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
821 Manager *m;
822 int r;
823
824 assert(h);
825 assert(h->state == HOME_REMOVING);
826 assert(!hr); /* We don't expect a record on this operation */
827
828 m = h->manager;
829
830 if (ret < 0 && ret != -EALREADY) {
831 (void) convert_worker_errno(h, ret, &error);
832 r = log_error_errno(ret, "Removing %s failed: %m", h->user_name);
833 goto fail;
834 }
835
836 /* For a couple of storage types we can't delete the actual data storage when called (such as LUKS on
837 * partitions like USB sticks, or so). Sometimes these storage locations are among those we normally
838 * automatically discover in /home or in udev. When such a home is deleted let's hence issue a rescan
839 * after completion, so that "unfixated" entries are rediscovered. */
840 if (!IN_SET(user_record_test_image_path(h->record), USER_TEST_UNDEFINED, USER_TEST_ABSENT))
841 manager_enqueue_rescan(m);
842
843 /* The image is now removed from disk. Now also remove our stored record */
844 r = home_unlink_record(h);
845 if (r < 0) {
846 log_error_errno(r, "Removing record file failed: %m");
847 goto fail;
848 }
849
850 log_debug("Removal of %s completed.", h->user_name);
851 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
852
853 /* Unload this record from memory too now. */
854 h = home_free(h);
855
856 (void) manager_schedule_rebalance(m, /* immediately= */ true);
857 return;
858
859 fail:
860 h->current_operation = operation_result_unref(h->current_operation, r, &error);
861 home_set_state(h, _HOME_STATE_INVALID);
862 }
863
home_create_finish(Home * h,int ret,UserRecord * hr)864 static void home_create_finish(Home *h, int ret, UserRecord *hr) {
865 int r;
866
867 assert(h);
868 assert(h->state == HOME_CREATING);
869
870 if (ret < 0) {
871 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
872
873 (void) convert_worker_errno(h, ret, &error);
874 log_error_errno(ret, "Operation on %s failed: %m", h->user_name);
875 h->current_operation = operation_result_unref(h->current_operation, ret, &error);
876
877 if (h->unregister_on_failure) {
878 (void) home_unlink_record(h);
879 h = home_free(h);
880 return;
881 }
882
883 home_set_state(h, _HOME_STATE_INVALID);
884 return;
885 }
886
887 if (hr) {
888 r = home_set_record(h, hr);
889 if (r < 0)
890 log_warning_errno(r, "Failed to update home record, ignoring: %m");
891 }
892
893 r = home_save_record(h);
894 if (r < 0)
895 log_warning_errno(r, "Failed to save record to disk, ignoring: %m");
896
897 log_debug("Creation of %s completed.", h->user_name);
898
899 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
900 home_set_state(h, _HOME_STATE_INVALID);
901
902 (void) manager_schedule_rebalance(h->manager, /* immediately= */ true);
903 }
904
home_change_finish(Home * h,int ret,UserRecord * hr)905 static void home_change_finish(Home *h, int ret, UserRecord *hr) {
906 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
907 int r;
908
909 assert(h);
910
911 if (ret < 0) {
912 if (ret == -ENOKEY)
913 (void) home_count_bad_authentication(h, true);
914
915 (void) convert_worker_errno(h, ret, &error);
916 r = log_error_errno(ret, "Change operation failed: %m");
917 goto finish;
918 }
919
920 if (hr) {
921 r = home_set_record(h, hr);
922 if (r < 0)
923 log_warning_errno(r, "Failed to update home record, ignoring: %m");
924 else {
925 r = user_record_good_authentication(h->record);
926 if (r < 0)
927 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
928
929 r = home_save_record(h);
930 if (r < 0)
931 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
932 }
933 }
934
935 log_debug("Change operation of %s completed.", h->user_name);
936 (void) manager_schedule_rebalance(h->manager, /* immediately= */ false);
937 r = 0;
938
939 finish:
940 h->current_operation = operation_result_unref(h->current_operation, r, &error);
941 home_set_state(h, _HOME_STATE_INVALID);
942 }
943
home_locking_finish(Home * h,int ret,UserRecord * hr)944 static void home_locking_finish(Home *h, int ret, UserRecord *hr) {
945 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
946 int r;
947
948 assert(h);
949 assert(h->state == HOME_LOCKING);
950
951 if (ret < 0) {
952 (void) convert_worker_errno(h, ret, &error);
953 r = log_error_errno(ret, "Locking operation failed: %m");
954 goto finish;
955 }
956
957 log_debug("Locking operation of %s completed.", h->user_name);
958 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
959 home_set_state(h, HOME_LOCKED);
960 return;
961
962 finish:
963 /* If a specific home doesn't know the concept of locking, then that's totally OK, don't propagate
964 * the error if we are executing a LockAllHomes() operation. */
965
966 if (h->current_operation->type == OPERATION_LOCK_ALL && r == -ENOTTY)
967 h->current_operation = operation_result_unref(h->current_operation, 0, NULL);
968 else
969 h->current_operation = operation_result_unref(h->current_operation, r, &error);
970
971 home_set_state(h, _HOME_STATE_INVALID);
972 }
973
home_unlocking_finish(Home * h,int ret,UserRecord * hr)974 static void home_unlocking_finish(Home *h, int ret, UserRecord *hr) {
975 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
976 int r;
977
978 assert(h);
979 assert(IN_SET(h->state, HOME_UNLOCKING, HOME_UNLOCKING_FOR_ACQUIRE));
980
981 if (ret < 0) {
982 if (ret == -ENOKEY)
983 (void) home_count_bad_authentication(h, true);
984
985 (void) convert_worker_errno(h, ret, &error);
986 r = log_error_errno(ret, "Unlocking operation failed: %m");
987
988 /* Revert to locked state */
989 home_set_state(h, HOME_LOCKED);
990 h->current_operation = operation_result_unref(h->current_operation, r, &error);
991 return;
992 }
993
994 r = user_record_good_authentication(h->record);
995 if (r < 0)
996 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
997 else {
998 r = home_save_record(h);
999 if (r < 0)
1000 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
1001 }
1002
1003 log_debug("Unlocking operation of %s completed.", h->user_name);
1004
1005 h->current_operation = operation_result_unref(h->current_operation, r, &error);
1006 home_set_state(h, _HOME_STATE_INVALID);
1007 return;
1008 }
1009
home_authenticating_finish(Home * h,int ret,UserRecord * hr)1010 static void home_authenticating_finish(Home *h, int ret, UserRecord *hr) {
1011 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1012 int r;
1013
1014 assert(h);
1015 assert(IN_SET(h->state, HOME_AUTHENTICATING, HOME_AUTHENTICATING_WHILE_ACTIVE, HOME_AUTHENTICATING_FOR_ACQUIRE));
1016
1017 if (ret < 0) {
1018 if (ret == -ENOKEY)
1019 (void) home_count_bad_authentication(h, true);
1020
1021 (void) convert_worker_errno(h, ret, &error);
1022 r = log_error_errno(ret, "Authentication failed: %m");
1023 goto finish;
1024 }
1025
1026 if (hr) {
1027 r = home_set_record(h, hr);
1028 if (r < 0)
1029 log_warning_errno(r, "Failed to update home record, ignoring: %m");
1030 else {
1031 r = user_record_good_authentication(h->record);
1032 if (r < 0)
1033 log_warning_errno(r, "Failed to increase good authentication counter, ignoring: %m");
1034
1035 r = home_save_record(h);
1036 if (r < 0)
1037 log_warning_errno(r, "Failed to write home record to disk, ignoring: %m");
1038 }
1039 }
1040
1041 log_debug("Authentication of %s completed.", h->user_name);
1042 r = 0;
1043
1044 finish:
1045 h->current_operation = operation_result_unref(h->current_operation, r, &error);
1046 home_set_state(h, _HOME_STATE_INVALID);
1047 }
1048
home_on_worker_process(sd_event_source * s,const siginfo_t * si,void * userdata)1049 static int home_on_worker_process(sd_event_source *s, const siginfo_t *si, void *userdata) {
1050 _cleanup_(user_record_unrefp) UserRecord *hr = NULL;
1051 Home *h = userdata;
1052 int ret;
1053
1054 assert(s);
1055 assert(si);
1056 assert(h);
1057
1058 assert(h->worker_pid == si->si_pid);
1059 assert(h->worker_event_source);
1060 assert(h->worker_stdout_fd >= 0);
1061
1062 (void) hashmap_remove_value(h->manager->homes_by_worker_pid, PID_TO_PTR(h->worker_pid), h);
1063
1064 h->worker_pid = 0;
1065 h->worker_event_source = sd_event_source_disable_unref(h->worker_event_source);
1066
1067 if (si->si_code != CLD_EXITED) {
1068 assert(IN_SET(si->si_code, CLD_KILLED, CLD_DUMPED));
1069 ret = log_debug_errno(SYNTHETIC_ERRNO(EPROTO), "Worker process died abnormally with signal %s.", signal_to_string(si->si_status));
1070 } else if (si->si_status != EXIT_SUCCESS) {
1071 /* If we received an error code via sd_notify(), use it */
1072 if (h->worker_error_code != 0)
1073 ret = log_debug_errno(h->worker_error_code, "Worker reported error code %s.", errno_to_name(h->worker_error_code));
1074 else
1075 ret = log_debug_errno(SYNTHETIC_ERRNO(EPROTO), "Worker exited with exit code %i.", si->si_status);
1076 } else
1077 ret = home_parse_worker_stdout(TAKE_FD(h->worker_stdout_fd), &hr);
1078
1079 h->worker_stdout_fd = safe_close(h->worker_stdout_fd);
1080
1081 switch (h->state) {
1082
1083 case HOME_FIXATING:
1084 case HOME_FIXATING_FOR_ACTIVATION:
1085 case HOME_FIXATING_FOR_ACQUIRE:
1086 home_fixate_finish(h, ret, hr);
1087 break;
1088
1089 case HOME_ACTIVATING:
1090 case HOME_ACTIVATING_FOR_ACQUIRE:
1091 home_activate_finish(h, ret, hr);
1092 break;
1093
1094 case HOME_DEACTIVATING:
1095 home_deactivate_finish(h, ret, hr);
1096 break;
1097
1098 case HOME_LOCKING:
1099 home_locking_finish(h, ret, hr);
1100 break;
1101
1102 case HOME_UNLOCKING:
1103 case HOME_UNLOCKING_FOR_ACQUIRE:
1104 home_unlocking_finish(h, ret, hr);
1105 break;
1106
1107 case HOME_CREATING:
1108 home_create_finish(h, ret, hr);
1109 break;
1110
1111 case HOME_REMOVING:
1112 home_remove_finish(h, ret, hr);
1113 break;
1114
1115 case HOME_UPDATING:
1116 case HOME_UPDATING_WHILE_ACTIVE:
1117 case HOME_RESIZING:
1118 case HOME_RESIZING_WHILE_ACTIVE:
1119 case HOME_PASSWD:
1120 case HOME_PASSWD_WHILE_ACTIVE:
1121 home_change_finish(h, ret, hr);
1122 break;
1123
1124 case HOME_AUTHENTICATING:
1125 case HOME_AUTHENTICATING_WHILE_ACTIVE:
1126 case HOME_AUTHENTICATING_FOR_ACQUIRE:
1127 home_authenticating_finish(h, ret, hr);
1128 break;
1129
1130 default:
1131 assert_not_reached();
1132 }
1133
1134 return 0;
1135 }
1136
home_start_work(Home * h,const char * verb,UserRecord * hr,UserRecord * secret)1137 static int home_start_work(Home *h, const char *verb, UserRecord *hr, UserRecord *secret) {
1138 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1139 _cleanup_(erase_and_freep) char *formatted = NULL;
1140 _cleanup_close_ int stdin_fd = -1, stdout_fd = -1;
1141 pid_t pid = 0;
1142 int r;
1143
1144 assert(h);
1145 assert(verb);
1146 assert(hr);
1147
1148 if (h->worker_pid != 0)
1149 return -EBUSY;
1150
1151 assert(h->worker_stdout_fd < 0);
1152 assert(!h->worker_event_source);
1153
1154 v = json_variant_ref(hr->json);
1155
1156 if (secret) {
1157 JsonVariant *sub = NULL;
1158
1159 sub = json_variant_by_key(secret->json, "secret");
1160 if (!sub)
1161 return -ENOKEY;
1162
1163 r = json_variant_set_field(&v, "secret", sub);
1164 if (r < 0)
1165 return r;
1166 }
1167
1168 r = json_variant_format(v, 0, &formatted);
1169 if (r < 0)
1170 return r;
1171
1172 stdin_fd = acquire_data_fd(formatted, strlen(formatted), 0);
1173 if (stdin_fd < 0)
1174 return stdin_fd;
1175
1176 log_debug("Sending to worker: %s", formatted);
1177
1178 stdout_fd = memfd_create("homework-stdout", MFD_CLOEXEC);
1179 if (stdout_fd < 0)
1180 return -errno;
1181
1182 r = safe_fork_full("(sd-homework)",
1183 (int[]) { stdin_fd, stdout_fd }, 2,
1184 FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_LOG|FORK_REOPEN_LOG, &pid);
1185 if (r < 0)
1186 return r;
1187 if (r == 0) {
1188 _cleanup_free_ char *joined = NULL;
1189 const char *homework, *suffix, *unix_path;
1190
1191 /* Child */
1192
1193 suffix = getenv("SYSTEMD_HOME_DEBUG_SUFFIX");
1194 if (suffix) {
1195 joined = strjoin("/run/systemd/home/notify.", suffix);
1196 if (!joined)
1197 return log_oom();
1198 unix_path = joined;
1199 } else
1200 unix_path = "/run/systemd/home/notify";
1201
1202 if (setenv("NOTIFY_SOCKET", unix_path, 1) < 0) {
1203 log_error_errno(errno, "Failed to set $NOTIFY_SOCKET: %m");
1204 _exit(EXIT_FAILURE);
1205 }
1206
1207 /* If we haven't locked the device yet, ask for a lock to be taken and be passed back to us via sd_notify(). */
1208 if (setenv("SYSTEMD_LUKS_LOCK", one_zero(h->luks_lock_fd < 0), 1) < 0) {
1209 log_error_errno(errno, "Failed to set $SYSTEMD_LUKS_LOCK: %m");
1210 _exit(EXIT_FAILURE);
1211 }
1212
1213 if (h->manager->default_storage >= 0)
1214 if (setenv("SYSTEMD_HOME_DEFAULT_STORAGE", user_storage_to_string(h->manager->default_storage), 1) < 0) {
1215 log_error_errno(errno, "Failed to set $SYSTEMD_HOME_DEFAULT_STORAGE: %m");
1216 _exit(EXIT_FAILURE);
1217 }
1218
1219 if (h->manager->default_file_system_type)
1220 if (setenv("SYSTEMD_HOME_DEFAULT_FILE_SYSTEM_TYPE", h->manager->default_file_system_type, 1) < 0) {
1221 log_error_errno(errno, "Failed to set $SYSTEMD_HOME_DEFAULT_FILE_SYSTEM_TYPE: %m");
1222 _exit(EXIT_FAILURE);
1223 }
1224
1225 r = setenv_systemd_exec_pid(true);
1226 if (r < 0)
1227 log_warning_errno(r, "Failed to update $SYSTEMD_EXEC_PID, ignoring: %m");
1228
1229 r = rearrange_stdio(TAKE_FD(stdin_fd), TAKE_FD(stdout_fd), STDERR_FILENO); /* fds are invalidated by rearrange_stdio() even on failure */
1230 if (r < 0) {
1231 log_error_errno(r, "Failed to rearrange stdin/stdout/stderr: %m");
1232 _exit(EXIT_FAILURE);
1233 }
1234
1235
1236 /* Allow overriding the homework path via an environment variable, to make debugging
1237 * easier. */
1238 homework = getenv("SYSTEMD_HOMEWORK_PATH") ?: SYSTEMD_HOMEWORK_PATH;
1239
1240 execl(homework, homework, verb, NULL);
1241 log_error_errno(errno, "Failed to invoke %s: %m", homework);
1242 _exit(EXIT_FAILURE);
1243 }
1244
1245 r = sd_event_add_child(h->manager->event, &h->worker_event_source, pid, WEXITED, home_on_worker_process, h);
1246 if (r < 0)
1247 return r;
1248
1249 (void) sd_event_source_set_description(h->worker_event_source, "worker");
1250
1251 r = hashmap_put(h->manager->homes_by_worker_pid, PID_TO_PTR(pid), h);
1252 if (r < 0) {
1253 h->worker_event_source = sd_event_source_disable_unref(h->worker_event_source);
1254 return r;
1255 }
1256
1257 h->worker_stdout_fd = TAKE_FD(stdout_fd);
1258 h->worker_pid = pid;
1259 h->worker_error_code = 0;
1260
1261 return 0;
1262 }
1263
home_ratelimit(Home * h,sd_bus_error * error)1264 static int home_ratelimit(Home *h, sd_bus_error *error) {
1265 int r, ret;
1266
1267 assert(h);
1268
1269 ret = user_record_ratelimit(h->record);
1270 if (ret < 0)
1271 return ret;
1272
1273 if (h->state != HOME_UNFIXATED) {
1274 r = home_save_record(h);
1275 if (r < 0)
1276 log_warning_errno(r, "Failed to save updated record, ignoring: %m");
1277 }
1278
1279 if (ret == 0) {
1280 usec_t t, n;
1281
1282 n = now(CLOCK_REALTIME);
1283 t = user_record_ratelimit_next_try(h->record);
1284
1285 if (t != USEC_INFINITY && t > n)
1286 return sd_bus_error_setf(error, BUS_ERROR_AUTHENTICATION_LIMIT_HIT,
1287 "Too many login attempts, please try again in %s!",
1288 FORMAT_TIMESPAN(t - n, USEC_PER_SEC));
1289
1290 return sd_bus_error_set(error, BUS_ERROR_AUTHENTICATION_LIMIT_HIT, "Too many login attempts, please try again later.");
1291 }
1292
1293 return 0;
1294 }
1295
home_fixate_internal(Home * h,UserRecord * secret,HomeState for_state,sd_bus_error * error)1296 static int home_fixate_internal(
1297 Home *h,
1298 UserRecord *secret,
1299 HomeState for_state,
1300 sd_bus_error *error) {
1301
1302 int r;
1303
1304 assert(h);
1305 assert(IN_SET(for_state, HOME_FIXATING, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE));
1306
1307 r = home_start_work(h, "inspect", h->record, secret);
1308 if (r < 0)
1309 return r;
1310
1311 if (IN_SET(for_state, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE)) {
1312 /* Remember the secret data, since we need it for the activation again, later on. */
1313 user_record_unref(h->secret);
1314 h->secret = user_record_ref(secret);
1315 }
1316
1317 home_set_state(h, for_state);
1318 return 0;
1319 }
1320
home_fixate(Home * h,UserRecord * secret,sd_bus_error * error)1321 int home_fixate(Home *h, UserRecord *secret, sd_bus_error *error) {
1322 int r;
1323
1324 assert(h);
1325
1326 switch (home_get_state(h)) {
1327 case HOME_ABSENT:
1328 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1329 case HOME_INACTIVE:
1330 case HOME_DIRTY:
1331 case HOME_ACTIVE:
1332 case HOME_LINGERING:
1333 case HOME_LOCKED:
1334 return sd_bus_error_setf(error, BUS_ERROR_HOME_ALREADY_FIXATED, "Home %s is already fixated.", h->user_name);
1335 case HOME_UNFIXATED:
1336 break;
1337 default:
1338 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1339 }
1340
1341 r = home_ratelimit(h, error);
1342 if (r < 0)
1343 return r;
1344
1345 return home_fixate_internal(h, secret, HOME_FIXATING, error);
1346 }
1347
home_activate_internal(Home * h,UserRecord * secret,HomeState for_state,sd_bus_error * error)1348 static int home_activate_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1349 int r;
1350
1351 assert(h);
1352 assert(IN_SET(for_state, HOME_ACTIVATING, HOME_ACTIVATING_FOR_ACQUIRE));
1353
1354 r = home_start_work(h, "activate", h->record, secret);
1355 if (r < 0)
1356 return r;
1357
1358 home_set_state(h, for_state);
1359 return 0;
1360 }
1361
home_activate(Home * h,UserRecord * secret,sd_bus_error * error)1362 int home_activate(Home *h, UserRecord *secret, sd_bus_error *error) {
1363 int r;
1364
1365 assert(h);
1366
1367 switch (home_get_state(h)) {
1368 case HOME_UNFIXATED:
1369 return home_fixate_internal(h, secret, HOME_FIXATING_FOR_ACTIVATION, error);
1370 case HOME_ABSENT:
1371 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1372 case HOME_ACTIVE:
1373 return sd_bus_error_setf(error, BUS_ERROR_HOME_ALREADY_ACTIVE, "Home %s is already active.", h->user_name);
1374 case HOME_LINGERING:
1375 /* If we are lingering, i.e. active but are supposed to be deactivated, then cancel this
1376 * timer if the user explicitly asks us to be active */
1377 h->retry_deactivate_event_source = sd_event_source_disable_unref(h->retry_deactivate_event_source);
1378 return 0;
1379 case HOME_LOCKED:
1380 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1381 case HOME_INACTIVE:
1382 case HOME_DIRTY:
1383 break;
1384 default:
1385 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1386 }
1387
1388 r = home_ratelimit(h, error);
1389 if (r < 0)
1390 return r;
1391
1392 return home_activate_internal(h, secret, HOME_ACTIVATING, error);
1393 }
1394
home_authenticate_internal(Home * h,UserRecord * secret,HomeState for_state,sd_bus_error * error)1395 static int home_authenticate_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1396 int r;
1397
1398 assert(h);
1399 assert(IN_SET(for_state, HOME_AUTHENTICATING, HOME_AUTHENTICATING_WHILE_ACTIVE, HOME_AUTHENTICATING_FOR_ACQUIRE));
1400
1401 r = home_start_work(h, "inspect", h->record, secret);
1402 if (r < 0)
1403 return r;
1404
1405 home_set_state(h, for_state);
1406 return 0;
1407 }
1408
home_authenticate(Home * h,UserRecord * secret,sd_bus_error * error)1409 int home_authenticate(Home *h, UserRecord *secret, sd_bus_error *error) {
1410 HomeState state;
1411 int r;
1412
1413 assert(h);
1414
1415 state = home_get_state(h);
1416 switch (state) {
1417 case HOME_ABSENT:
1418 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1419 case HOME_LOCKED:
1420 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1421 case HOME_UNFIXATED:
1422 case HOME_INACTIVE:
1423 case HOME_DIRTY:
1424 case HOME_ACTIVE:
1425 case HOME_LINGERING:
1426 break;
1427 default:
1428 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1429 }
1430
1431 r = home_ratelimit(h, error);
1432 if (r < 0)
1433 return r;
1434
1435 return home_authenticate_internal(h, secret, HOME_STATE_IS_ACTIVE(state) ? HOME_AUTHENTICATING_WHILE_ACTIVE : HOME_AUTHENTICATING, error);
1436 }
1437
home_deactivate_internal(Home * h,bool force,sd_bus_error * error)1438 static int home_deactivate_internal(Home *h, bool force, sd_bus_error *error) {
1439 int r;
1440
1441 assert(h);
1442
1443 home_unpin(h); /* unpin so that we can deactivate */
1444
1445 r = home_start_work(h, force ? "deactivate-force" : "deactivate", h->record, NULL);
1446 if (r < 0)
1447 /* Operation failed before it even started, reacquire pin fd, if state still dictates so */
1448 home_update_pin_fd(h, _HOME_STATE_INVALID);
1449 else {
1450 home_set_state(h, HOME_DEACTIVATING);
1451 r = 0;
1452 }
1453
1454 /* Let's start a timer to retry deactivation in 15. We'll stop the timer once we manage to deactivate
1455 * the home directory again, or we start any other operation. */
1456 home_start_retry_deactivate(h);
1457
1458 return r;
1459 }
1460
home_deactivate(Home * h,bool force,sd_bus_error * error)1461 int home_deactivate(Home *h, bool force, sd_bus_error *error) {
1462 assert(h);
1463
1464 switch (home_get_state(h)) {
1465 case HOME_UNFIXATED:
1466 case HOME_ABSENT:
1467 case HOME_INACTIVE:
1468 case HOME_DIRTY:
1469 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s not active.", h->user_name);
1470 case HOME_LOCKED:
1471 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1472 case HOME_ACTIVE:
1473 case HOME_LINGERING:
1474 break;
1475 default:
1476 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1477 }
1478
1479 return home_deactivate_internal(h, force, error);
1480 }
1481
home_create(Home * h,UserRecord * secret,sd_bus_error * error)1482 int home_create(Home *h, UserRecord *secret, sd_bus_error *error) {
1483 int r;
1484
1485 assert(h);
1486
1487 switch (home_get_state(h)) {
1488 case HOME_INACTIVE: {
1489 int t;
1490
1491 if (h->record->storage < 0)
1492 break; /* if no storage is defined we don't know what precisely to look for, hence
1493 * HOME_INACTIVE is OK in that case too. */
1494
1495 t = user_record_test_image_path(h->record);
1496 if (IN_SET(t, USER_TEST_MAYBE, USER_TEST_UNDEFINED))
1497 break; /* And if the image path test isn't conclusive, let's also go on */
1498
1499 if (IN_SET(t, -EBADFD, -ENOTDIR))
1500 return sd_bus_error_setf(error, BUS_ERROR_HOME_EXISTS, "Selected home image of user %s already exists or has wrong inode type.", h->user_name);
1501
1502 return sd_bus_error_setf(error, BUS_ERROR_HOME_EXISTS, "Selected home image of user %s already exists.", h->user_name);
1503 }
1504 case HOME_UNFIXATED:
1505 case HOME_DIRTY:
1506 return sd_bus_error_setf(error, BUS_ERROR_HOME_EXISTS, "Home of user %s already exists.", h->user_name);
1507 case HOME_ABSENT:
1508 break;
1509 case HOME_ACTIVE:
1510 case HOME_LINGERING:
1511 case HOME_LOCKED:
1512 default:
1513 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1514 }
1515
1516 if (h->record->enforce_password_policy == false)
1517 log_debug("Password quality check turned off for account, skipping.");
1518 else {
1519 r = user_record_quality_check_password(h->record, secret, error);
1520 if (r < 0)
1521 return r;
1522 }
1523
1524 r = home_start_work(h, "create", h->record, secret);
1525 if (r < 0)
1526 return r;
1527
1528 home_set_state(h, HOME_CREATING);
1529 return 0;
1530 }
1531
home_remove(Home * h,sd_bus_error * error)1532 int home_remove(Home *h, sd_bus_error *error) {
1533 HomeState state;
1534 int r;
1535
1536 assert(h);
1537
1538 state = home_get_state(h);
1539 switch (state) {
1540 case HOME_ABSENT: /* If the home directory is absent, then this is just like unregistering */
1541 return home_unregister(h, error);
1542 case HOME_LOCKED:
1543 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1544 case HOME_UNFIXATED:
1545 case HOME_INACTIVE:
1546 case HOME_DIRTY:
1547 break;
1548 case HOME_ACTIVE:
1549 case HOME_LINGERING:
1550 default:
1551 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1552 }
1553
1554 r = home_start_work(h, "remove", h->record, NULL);
1555 if (r < 0)
1556 return r;
1557
1558 home_set_state(h, HOME_REMOVING);
1559 return 0;
1560 }
1561
user_record_extend_with_binding(UserRecord * hr,UserRecord * with_binding,UserRecordLoadFlags flags,UserRecord ** ret)1562 static int user_record_extend_with_binding(UserRecord *hr, UserRecord *with_binding, UserRecordLoadFlags flags, UserRecord **ret) {
1563 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1564 _cleanup_(user_record_unrefp) UserRecord *nr = NULL;
1565 JsonVariant *binding;
1566 int r;
1567
1568 assert(hr);
1569 assert(with_binding);
1570 assert(ret);
1571
1572 assert_se(v = json_variant_ref(hr->json));
1573
1574 binding = json_variant_by_key(with_binding->json, "binding");
1575 if (binding) {
1576 r = json_variant_set_field(&v, "binding", binding);
1577 if (r < 0)
1578 return r;
1579 }
1580
1581 nr = user_record_new();
1582 if (!nr)
1583 return -ENOMEM;
1584
1585 r = user_record_load(nr, v, flags);
1586 if (r < 0)
1587 return r;
1588
1589 *ret = TAKE_PTR(nr);
1590 return 0;
1591 }
1592
home_update_internal(Home * h,const char * verb,UserRecord * hr,UserRecord * secret,sd_bus_error * error)1593 static int home_update_internal(
1594 Home *h,
1595 const char *verb,
1596 UserRecord *hr,
1597 UserRecord *secret,
1598 sd_bus_error *error) {
1599
1600 _cleanup_(user_record_unrefp) UserRecord *new_hr = NULL, *saved_secret = NULL, *signed_hr = NULL;
1601 int r, c;
1602
1603 assert(h);
1604 assert(verb);
1605 assert(hr);
1606
1607 if (!user_record_compatible(hr, h->record))
1608 return sd_bus_error_set(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Updated user record is not compatible with existing one.");
1609 c = user_record_compare_last_change(hr, h->record); /* refuse downgrades */
1610 if (c < 0)
1611 return sd_bus_error_set(error, BUS_ERROR_HOME_RECORD_DOWNGRADE, "Refusing to update to older home record.");
1612
1613 if (!secret && FLAGS_SET(hr->mask, USER_RECORD_SECRET)) {
1614 r = user_record_clone(hr, USER_RECORD_EXTRACT_SECRET|USER_RECORD_PERMISSIVE, &saved_secret);
1615 if (r < 0)
1616 return r;
1617
1618 secret = saved_secret;
1619 }
1620
1621 r = manager_verify_user_record(h->manager, hr);
1622 switch (r) {
1623
1624 case USER_RECORD_UNSIGNED:
1625 if (h->signed_locally <= 0) /* If the existing record is not owned by us, don't accept an
1626 * unsigned new record. i.e. only implicitly sign new records
1627 * that where previously signed by us too. */
1628 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1629
1630 /* The updated record is not signed, then do so now */
1631 r = manager_sign_user_record(h->manager, hr, &signed_hr, error);
1632 if (r < 0)
1633 return r;
1634
1635 hr = signed_hr;
1636 break;
1637
1638 case USER_RECORD_SIGNED_EXCLUSIVE:
1639 case USER_RECORD_SIGNED:
1640 case USER_RECORD_FOREIGN:
1641 /* Has already been signed. Great! */
1642 break;
1643
1644 case -ENOKEY:
1645 default:
1646 return r;
1647 }
1648
1649 r = user_record_extend_with_binding(hr, h->record, USER_RECORD_LOAD_MASK_SECRET|USER_RECORD_PERMISSIVE, &new_hr);
1650 if (r < 0)
1651 return r;
1652
1653 if (c == 0) {
1654 /* different payload but same lastChangeUSec field? That's not cool! */
1655
1656 r = user_record_masked_equal(new_hr, h->record, USER_RECORD_REGULAR|USER_RECORD_PRIVILEGED|USER_RECORD_PER_MACHINE);
1657 if (r < 0)
1658 return r;
1659 if (r == 0)
1660 return sd_bus_error_set(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Home record different but timestamp remained the same, refusing.");
1661 }
1662
1663 r = home_start_work(h, verb, new_hr, secret);
1664 if (r < 0)
1665 return r;
1666
1667 return 0;
1668 }
1669
home_update(Home * h,UserRecord * hr,sd_bus_error * error)1670 int home_update(Home *h, UserRecord *hr, sd_bus_error *error) {
1671 HomeState state;
1672 int r;
1673
1674 assert(h);
1675 assert(hr);
1676
1677 state = home_get_state(h);
1678 switch (state) {
1679 case HOME_UNFIXATED:
1680 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1681 case HOME_ABSENT:
1682 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1683 case HOME_LOCKED:
1684 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1685 case HOME_INACTIVE:
1686 case HOME_DIRTY:
1687 case HOME_ACTIVE:
1688 case HOME_LINGERING:
1689 break;
1690 default:
1691 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1692 }
1693
1694 r = home_ratelimit(h, error);
1695 if (r < 0)
1696 return r;
1697
1698 r = home_update_internal(h, "update", hr, NULL, error);
1699 if (r < 0)
1700 return r;
1701
1702 home_set_state(h, HOME_STATE_IS_ACTIVE(state) ? HOME_UPDATING_WHILE_ACTIVE : HOME_UPDATING);
1703 return 0;
1704 }
1705
home_resize(Home * h,uint64_t disk_size,UserRecord * secret,bool automatic,sd_bus_error * error)1706 int home_resize(Home *h,
1707 uint64_t disk_size,
1708 UserRecord *secret,
1709 bool automatic,
1710 sd_bus_error *error) {
1711
1712 _cleanup_(user_record_unrefp) UserRecord *c = NULL;
1713 HomeState state;
1714 int r;
1715
1716 assert(h);
1717
1718 state = home_get_state(h);
1719 switch (state) {
1720 case HOME_UNFIXATED:
1721 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1722 case HOME_ABSENT:
1723 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1724 case HOME_LOCKED:
1725 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1726 case HOME_INACTIVE:
1727 case HOME_DIRTY:
1728 case HOME_ACTIVE:
1729 case HOME_LINGERING:
1730 break;
1731 default:
1732 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1733 }
1734
1735 r = home_ratelimit(h, error);
1736 if (r < 0)
1737 return r;
1738
1739 /* If the user didn't specify any size explicitly and rebalancing is on, then the disk size is
1740 * determined by automatic rebalancing and hence not user configured but determined by us and thus
1741 * applied anyway. */
1742 if (disk_size == UINT64_MAX && h->record->rebalance_weight != REBALANCE_WEIGHT_OFF)
1743 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Disk size is being determined by automatic disk space rebalancing.");
1744
1745 if (disk_size == UINT64_MAX || disk_size == h->record->disk_size) {
1746 if (h->record->disk_size == UINT64_MAX)
1747 return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "No disk size to resize to specified.");
1748
1749 c = user_record_ref(h->record); /* Shortcut if size is unspecified or matches the record */
1750 } else {
1751 _cleanup_(user_record_unrefp) UserRecord *signed_c = NULL;
1752
1753 if (h->signed_locally <= 0) /* Don't allow changing of records not signed only by us */
1754 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1755
1756 r = user_record_clone(h->record, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE, &c);
1757 if (r < 0)
1758 return r;
1759
1760 r = user_record_set_disk_size(c, disk_size);
1761 if (r == -ERANGE)
1762 return sd_bus_error_setf(error, BUS_ERROR_BAD_HOME_SIZE, "Requested size for home %s out of acceptable range.", h->user_name);
1763 if (r < 0)
1764 return r;
1765
1766 /* If user picked an explicit size, then turn off rebalancing, so that we don't undo what user chose */
1767 r = user_record_set_rebalance_weight(c, REBALANCE_WEIGHT_OFF);
1768 if (r < 0)
1769 return r;
1770
1771 r = user_record_update_last_changed(c, false);
1772 if (r == -ECHRNG)
1773 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Record last change time of %s is newer than current time, cannot update.", h->user_name);
1774 if (r < 0)
1775 return r;
1776
1777 r = manager_sign_user_record(h->manager, c, &signed_c, error);
1778 if (r < 0)
1779 return r;
1780
1781 user_record_unref(c);
1782 c = TAKE_PTR(signed_c);
1783 }
1784
1785 r = home_update_internal(h, automatic ? "resize-auto" : "resize", c, secret, error);
1786 if (r < 0)
1787 return r;
1788
1789 home_set_state(h, HOME_STATE_IS_ACTIVE(state) ? HOME_RESIZING_WHILE_ACTIVE : HOME_RESIZING);
1790 return 0;
1791 }
1792
home_may_change_password(Home * h,sd_bus_error * error)1793 static int home_may_change_password(
1794 Home *h,
1795 sd_bus_error *error) {
1796
1797 int r;
1798
1799 assert(h);
1800
1801 r = user_record_test_password_change_required(h->record);
1802 if (IN_SET(r, -EKEYREVOKED, -EOWNERDEAD, -EKEYEXPIRED, -ESTALE))
1803 return 0; /* expired in some form, but changing is allowed */
1804 if (IN_SET(r, -EKEYREJECTED, -EROFS))
1805 return sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Expiration settings of account %s do not allow changing of password.", h->user_name);
1806 if (r < 0)
1807 return log_error_errno(r, "Failed to test password expiry: %m");
1808
1809 return 0; /* not expired */
1810 }
1811
home_passwd(Home * h,UserRecord * new_secret,UserRecord * old_secret,sd_bus_error * error)1812 int home_passwd(Home *h,
1813 UserRecord *new_secret,
1814 UserRecord *old_secret,
1815 sd_bus_error *error) {
1816
1817 _cleanup_(user_record_unrefp) UserRecord *c = NULL, *merged_secret = NULL, *signed_c = NULL;
1818 HomeState state;
1819 int r;
1820
1821 assert(h);
1822
1823 if (h->signed_locally <= 0) /* Don't allow changing of records not signed only by us */
1824 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_SIGNED, "Home %s is signed and cannot be modified locally.", h->user_name);
1825
1826 state = home_get_state(h);
1827 switch (state) {
1828 case HOME_UNFIXATED:
1829 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s has not been fixated yet.", h->user_name);
1830 case HOME_ABSENT:
1831 return sd_bus_error_setf(error, BUS_ERROR_HOME_ABSENT, "Home %s is currently missing or not plugged in.", h->user_name);
1832 case HOME_LOCKED:
1833 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1834 case HOME_INACTIVE:
1835 case HOME_DIRTY:
1836 case HOME_ACTIVE:
1837 case HOME_LINGERING:
1838 break;
1839 default:
1840 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1841 }
1842
1843 r = home_ratelimit(h, error);
1844 if (r < 0)
1845 return r;
1846
1847 r = home_may_change_password(h, error);
1848 if (r < 0)
1849 return r;
1850
1851 r = user_record_clone(h->record, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_PERMISSIVE, &c);
1852 if (r < 0)
1853 return r;
1854
1855 merged_secret = user_record_new();
1856 if (!merged_secret)
1857 return -ENOMEM;
1858
1859 r = user_record_merge_secret(merged_secret, old_secret);
1860 if (r < 0)
1861 return r;
1862
1863 r = user_record_merge_secret(merged_secret, new_secret);
1864 if (r < 0)
1865 return r;
1866
1867 if (!strv_isempty(new_secret->password)) {
1868 /* Update the password only if one is specified, otherwise let's just reuse the old password
1869 * data. This is useful as a way to propagate updated user records into the LUKS backends
1870 * properly. */
1871
1872 r = user_record_make_hashed_password(c, new_secret->password, /* extend = */ false);
1873 if (r < 0)
1874 return r;
1875
1876 r = user_record_set_password_change_now(c, -1 /* remove */);
1877 if (r < 0)
1878 return r;
1879 }
1880
1881 r = user_record_update_last_changed(c, true);
1882 if (r == -ECHRNG)
1883 return sd_bus_error_setf(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Record last change time of %s is newer than current time, cannot update.", h->user_name);
1884 if (r < 0)
1885 return r;
1886
1887 r = manager_sign_user_record(h->manager, c, &signed_c, error);
1888 if (r < 0)
1889 return r;
1890
1891 if (c->enforce_password_policy == false)
1892 log_debug("Password quality check turned off for account, skipping.");
1893 else {
1894 r = user_record_quality_check_password(c, merged_secret, error);
1895 if (r < 0)
1896 return r;
1897 }
1898
1899 r = home_update_internal(h, "passwd", signed_c, merged_secret, error);
1900 if (r < 0)
1901 return r;
1902
1903 home_set_state(h, HOME_STATE_IS_ACTIVE(state) ? HOME_PASSWD_WHILE_ACTIVE : HOME_PASSWD);
1904 return 0;
1905 }
1906
home_unregister(Home * h,sd_bus_error * error)1907 int home_unregister(Home *h, sd_bus_error *error) {
1908 int r;
1909
1910 assert(h);
1911
1912 switch (home_get_state(h)) {
1913 case HOME_UNFIXATED:
1914 return sd_bus_error_setf(error, BUS_ERROR_HOME_UNFIXATED, "Home %s is not registered.", h->user_name);
1915 case HOME_LOCKED:
1916 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
1917 case HOME_ABSENT:
1918 case HOME_INACTIVE:
1919 case HOME_DIRTY:
1920 break;
1921 case HOME_ACTIVE:
1922 case HOME_LINGERING:
1923 default:
1924 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
1925 }
1926
1927 r = home_unlink_record(h);
1928 if (r < 0)
1929 return r;
1930
1931 /* And destroy the whole entry. The caller needs to be prepared for that. */
1932 h = home_free(h);
1933 return 1;
1934 }
1935
home_lock(Home * h,sd_bus_error * error)1936 int home_lock(Home *h, sd_bus_error *error) {
1937 int r;
1938
1939 assert(h);
1940
1941 switch (home_get_state(h)) {
1942 case HOME_UNFIXATED:
1943 case HOME_ABSENT:
1944 case HOME_INACTIVE:
1945 case HOME_DIRTY:
1946 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s is not active.", h->user_name);
1947 case HOME_LOCKED:
1948 return sd_bus_error_setf(error, BUS_ERROR_HOME_LOCKED, "Home %s is already locked.", h->user_name);
1949 case HOME_ACTIVE:
1950 case HOME_LINGERING:
1951 break;
1952 default:
1953 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1954 }
1955
1956 r = home_start_work(h, "lock", h->record, NULL);
1957 if (r < 0)
1958 return r;
1959
1960 home_set_state(h, HOME_LOCKING);
1961 return 0;
1962 }
1963
home_unlock_internal(Home * h,UserRecord * secret,HomeState for_state,sd_bus_error * error)1964 static int home_unlock_internal(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) {
1965 int r;
1966
1967 assert(h);
1968 assert(IN_SET(for_state, HOME_UNLOCKING, HOME_UNLOCKING_FOR_ACQUIRE));
1969
1970 r = home_start_work(h, "unlock", h->record, secret);
1971 if (r < 0)
1972 return r;
1973
1974 home_set_state(h, for_state);
1975 return 0;
1976 }
1977
home_unlock(Home * h,UserRecord * secret,sd_bus_error * error)1978 int home_unlock(Home *h, UserRecord *secret, sd_bus_error *error) {
1979 int r;
1980 assert(h);
1981
1982 r = home_ratelimit(h, error);
1983 if (r < 0)
1984 return r;
1985
1986 switch (home_get_state(h)) {
1987 case HOME_UNFIXATED:
1988 case HOME_ABSENT:
1989 case HOME_INACTIVE:
1990 case HOME_ACTIVE:
1991 case HOME_LINGERING:
1992 case HOME_DIRTY:
1993 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_LOCKED, "Home %s is not locked.", h->user_name);
1994 case HOME_LOCKED:
1995 break;
1996 default:
1997 return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
1998 }
1999
2000 return home_unlock_internal(h, secret, HOME_UNLOCKING, error);
2001 }
2002
home_get_state(Home * h)2003 HomeState home_get_state(Home *h) {
2004 int r;
2005 assert(h);
2006
2007 /* When the state field is initialized, it counts. */
2008 if (h->state >= 0)
2009 return h->state;
2010
2011 /* Otherwise, let's see if the home directory is mounted. If so, we assume for sure the home
2012 * directory is active */
2013 if (user_record_test_home_directory(h->record) == USER_TEST_MOUNTED)
2014 return h->retry_deactivate_event_source ? HOME_LINGERING : HOME_ACTIVE;
2015
2016 /* And if we see the image being gone, we report this as absent */
2017 r = user_record_test_image_path(h->record);
2018 if (r == USER_TEST_ABSENT)
2019 return HOME_ABSENT;
2020 if (r == USER_TEST_DIRTY)
2021 return HOME_DIRTY;
2022
2023 /* And for all other cases we return "inactive". */
2024 return HOME_INACTIVE;
2025 }
2026
home_process_notify(Home * h,char ** l,int fd)2027 void home_process_notify(Home *h, char **l, int fd) {
2028 _cleanup_close_ int taken_fd = TAKE_FD(fd);
2029 const char *e;
2030 int error;
2031 int r;
2032
2033 assert(h);
2034
2035 e = strv_env_get(l, "SYSTEMD_LUKS_LOCK_FD");
2036 if (e) {
2037 r = parse_boolean(e);
2038 if (r < 0)
2039 return (void) log_debug_errno(r, "Failed to parse SYSTEMD_LUKS_LOCK_FD value: %m");
2040 if (r > 0) {
2041 if (taken_fd < 0)
2042 return (void) log_debug("Got notify message with SYSTEMD_LUKS_LOCK_FD=1 but no fd passed, ignoring: %m");
2043
2044 safe_close(h->luks_lock_fd);
2045 h->luks_lock_fd = TAKE_FD(taken_fd);
2046
2047 log_debug("Successfully acquired LUKS lock fd from worker.");
2048
2049 /* Immediately check if we actually want to keep it */
2050 home_maybe_close_luks_lock_fd(h, _HOME_STATE_INVALID);
2051 } else {
2052 if (taken_fd >= 0)
2053 return (void) log_debug("Got notify message with SYSTEMD_LUKS_LOCK_FD=0 but fd passed, ignoring: %m");
2054
2055 h->luks_lock_fd = safe_close(h->luks_lock_fd);
2056 }
2057
2058 return;
2059 }
2060
2061 e = strv_env_get(l, "ERRNO");
2062 if (!e)
2063 return (void) log_debug("Got notify message lacking both ERRNO= and SYSTEMD_LUKS_LOCK_FD= field, ignoring.");
2064
2065 r = safe_atoi(e, &error);
2066 if (r < 0)
2067 return (void) log_debug_errno(r, "Failed to parse received error number, ignoring: %s", e);
2068 if (error <= 0)
2069 return (void) log_debug("Error number is out of range: %i", error);
2070
2071 h->worker_error_code = error;
2072 }
2073
home_killall(Home * h)2074 int home_killall(Home *h) {
2075 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2076 _cleanup_free_ char *unit = NULL;
2077 int r;
2078
2079 assert(h);
2080
2081 if (!uid_is_valid(h->uid))
2082 return 0;
2083
2084 assert(h->uid > 0); /* We never should be UID 0 */
2085
2086 /* Let's kill everything matching the specified UID */
2087 r = safe_fork("(sd-killer)",
2088 FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_WAIT|FORK_LOG|FORK_REOPEN_LOG,
2089 NULL);
2090 if (r < 0)
2091 return r;
2092 if (r == 0) {
2093 gid_t gid;
2094
2095 /* Child */
2096
2097 gid = user_record_gid(h->record);
2098 if (setresgid(gid, gid, gid) < 0) {
2099 log_error_errno(errno, "Failed to change GID to " GID_FMT ": %m", gid);
2100 _exit(EXIT_FAILURE);
2101 }
2102
2103 if (setgroups(0, NULL) < 0) {
2104 log_error_errno(errno, "Failed to reset auxiliary groups list: %m");
2105 _exit(EXIT_FAILURE);
2106 }
2107
2108 if (setresuid(h->uid, h->uid, h->uid) < 0) {
2109 log_error_errno(errno, "Failed to change UID to " UID_FMT ": %m", h->uid);
2110 _exit(EXIT_FAILURE);
2111 }
2112
2113 if (kill(-1, SIGKILL) < 0) {
2114 log_error_errno(errno, "Failed to kill all processes of UID " UID_FMT ": %m", h->uid);
2115 _exit(EXIT_FAILURE);
2116 }
2117
2118 _exit(EXIT_SUCCESS);
2119 }
2120
2121 /* Let's also kill everything in the user's slice */
2122 if (asprintf(&unit, "user-" UID_FMT ".slice", h->uid) < 0)
2123 return log_oom();
2124
2125 r = sd_bus_call_method(
2126 h->manager->bus,
2127 "org.freedesktop.systemd1",
2128 "/org/freedesktop/systemd1",
2129 "org.freedesktop.systemd1.Manager",
2130 "KillUnit",
2131 &error,
2132 NULL,
2133 "ssi", unit, "all", SIGKILL);
2134 if (r < 0)
2135 log_full_errno(sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_UNIT) ? LOG_DEBUG : LOG_WARNING,
2136 r, "Failed to kill login processes of user, ignoring: %s", bus_error_message(&error, r));
2137
2138 return 1;
2139 }
2140
home_get_disk_status_luks(Home * h,HomeState state,uint64_t * ret_disk_size,uint64_t * ret_disk_usage,uint64_t * ret_disk_free,uint64_t * ret_disk_ceiling,uint64_t * ret_disk_floor,statfs_f_type_t * ret_fstype,mode_t * ret_access_mode)2141 static int home_get_disk_status_luks(
2142 Home *h,
2143 HomeState state,
2144 uint64_t *ret_disk_size,
2145 uint64_t *ret_disk_usage,
2146 uint64_t *ret_disk_free,
2147 uint64_t *ret_disk_ceiling,
2148 uint64_t *ret_disk_floor,
2149 statfs_f_type_t *ret_fstype,
2150 mode_t *ret_access_mode) {
2151
2152 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX,
2153 disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX,
2154 stat_used = UINT64_MAX, fs_size = UINT64_MAX, header_size = 0;
2155 mode_t access_mode = MODE_INVALID;
2156 statfs_f_type_t fstype = 0;
2157 struct statfs sfs;
2158 struct stat st;
2159 const char *hd;
2160 int r;
2161
2162 assert(h);
2163
2164 if (state != HOME_ABSENT) {
2165 const char *ip;
2166
2167 ip = user_record_image_path(h->record);
2168 if (ip) {
2169 if (stat(ip, &st) < 0)
2170 log_debug_errno(errno, "Failed to stat() %s, ignoring: %m", ip);
2171 else if (S_ISREG(st.st_mode)) {
2172 _cleanup_free_ char *parent = NULL;
2173
2174 disk_size = st.st_size;
2175 stat_used = st.st_blocks * 512;
2176
2177 parent = dirname_malloc(ip);
2178 if (!parent)
2179 return log_oom();
2180
2181 if (statfs(parent, &sfs) < 0)
2182 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", parent);
2183 else
2184 disk_ceiling = stat_used + sfs.f_bsize * sfs.f_bavail;
2185
2186 } else if (S_ISBLK(st.st_mode)) {
2187 _cleanup_free_ char *szbuf = NULL;
2188 char p[SYS_BLOCK_PATH_MAX("/size")];
2189
2190 /* Let's read the size off sysfs, so that we don't have to open the device */
2191 xsprintf_sys_block_path(p, "/size", st.st_rdev);
2192 r = read_one_line_file(p, &szbuf);
2193 if (r < 0)
2194 log_debug_errno(r, "Failed to read %s, ignoring: %m", p);
2195 else {
2196 uint64_t sz;
2197
2198 r = safe_atou64(szbuf, &sz);
2199 if (r < 0)
2200 log_debug_errno(r, "Failed to parse %s, ignoring: %s", p, szbuf);
2201 else
2202 disk_size = sz * 512;
2203 }
2204 } else
2205 log_debug("Image path is not a block device or regular file, not able to acquire size.");
2206 }
2207 }
2208
2209 if (!HOME_STATE_IS_ACTIVE(state))
2210 goto finish;
2211
2212 hd = user_record_home_directory(h->record);
2213 if (!hd)
2214 goto finish;
2215
2216 if (stat(hd, &st) < 0) {
2217 log_debug_errno(errno, "Failed to stat() %s, ignoring: %m", hd);
2218 goto finish;
2219 }
2220
2221 r = stat_verify_directory(&st);
2222 if (r < 0) {
2223 log_debug_errno(r, "Home directory %s is not a directory, ignoring: %m", hd);
2224 goto finish;
2225 }
2226
2227 access_mode = st.st_mode & 07777;
2228
2229 if (statfs(hd, &sfs) < 0) {
2230 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", hd);
2231 goto finish;
2232 }
2233
2234 fstype = sfs.f_type;
2235
2236 disk_free = sfs.f_bsize * sfs.f_bavail;
2237 fs_size = sfs.f_bsize * sfs.f_blocks;
2238 if (disk_size != UINT64_MAX && disk_size > fs_size)
2239 header_size = disk_size - fs_size;
2240
2241 /* We take a perspective from the user here (as opposed to from the host): the used disk space is the
2242 * difference from the limit and what's free. This makes a difference if sparse mode is not used: in
2243 * that case the image is pre-allocated and thus appears all used from the host PoV but is not used
2244 * up at all yet from the user's PoV.
2245 *
2246 * That said, we use use the stat() reported loopback file size as upper boundary: our footprint can
2247 * never be larger than what we take up on the lowest layers. */
2248
2249 if (disk_size != UINT64_MAX && disk_size > disk_free) {
2250 disk_usage = disk_size - disk_free;
2251
2252 if (stat_used != UINT64_MAX && disk_usage > stat_used)
2253 disk_usage = stat_used;
2254 } else
2255 disk_usage = stat_used;
2256
2257 /* If we have the magic, determine floor preferably by magic */
2258 disk_floor = minimal_size_by_fs_magic(sfs.f_type) + header_size;
2259
2260 finish:
2261 /* If we don't know the magic, go by file system name */
2262 if (disk_floor == UINT64_MAX)
2263 disk_floor = minimal_size_by_fs_name(user_record_file_system_type(h->record));
2264
2265 if (ret_disk_size)
2266 *ret_disk_size = disk_size;
2267 if (ret_disk_usage)
2268 *ret_disk_usage = disk_usage;
2269 if (ret_disk_free)
2270 *ret_disk_free = disk_free;
2271 if (ret_disk_ceiling)
2272 *ret_disk_ceiling = disk_ceiling;
2273 if (ret_disk_floor)
2274 *ret_disk_floor = disk_floor;
2275 if (ret_fstype)
2276 *ret_fstype = fstype;
2277 if (ret_access_mode)
2278 *ret_access_mode = access_mode;
2279
2280 return 0;
2281 }
2282
home_get_disk_status_directory(Home * h,HomeState state,uint64_t * ret_disk_size,uint64_t * ret_disk_usage,uint64_t * ret_disk_free,uint64_t * ret_disk_ceiling,uint64_t * ret_disk_floor,statfs_f_type_t * ret_fstype,mode_t * ret_access_mode)2283 static int home_get_disk_status_directory(
2284 Home *h,
2285 HomeState state,
2286 uint64_t *ret_disk_size,
2287 uint64_t *ret_disk_usage,
2288 uint64_t *ret_disk_free,
2289 uint64_t *ret_disk_ceiling,
2290 uint64_t *ret_disk_floor,
2291 statfs_f_type_t *ret_fstype,
2292 mode_t *ret_access_mode) {
2293
2294 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX,
2295 disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX;
2296 mode_t access_mode = MODE_INVALID;
2297 statfs_f_type_t fstype = 0;
2298 struct statfs sfs;
2299 struct dqblk req;
2300 const char *path = NULL;
2301 int r;
2302
2303 assert(h);
2304
2305 if (HOME_STATE_IS_ACTIVE(state))
2306 path = user_record_home_directory(h->record);
2307
2308 if (!path) {
2309 if (state == HOME_ABSENT)
2310 goto finish;
2311
2312 path = user_record_image_path(h->record);
2313 }
2314
2315 if (!path)
2316 goto finish;
2317
2318 if (statfs(path, &sfs) < 0)
2319 log_debug_errno(errno, "Failed to statfs() %s, ignoring: %m", path);
2320 else {
2321 disk_free = sfs.f_bsize * sfs.f_bavail;
2322 disk_size = sfs.f_bsize * sfs.f_blocks;
2323
2324 /* We don't initialize disk_usage from statfs() data here, since the device is likely not used
2325 * by us alone, and disk_usage should only reflect our own use. */
2326
2327 fstype = sfs.f_type;
2328 }
2329
2330 if (IN_SET(h->record->storage, USER_CLASSIC, USER_DIRECTORY, USER_SUBVOLUME)) {
2331
2332 r = btrfs_is_subvol(path);
2333 if (r < 0)
2334 log_debug_errno(r, "Failed to determine whether %s is a btrfs subvolume: %m", path);
2335 else if (r > 0) {
2336 BtrfsQuotaInfo qi;
2337
2338 r = btrfs_subvol_get_subtree_quota(path, 0, &qi);
2339 if (r < 0)
2340 log_debug_errno(r, "Failed to query btrfs subtree quota, ignoring: %m");
2341 else {
2342 disk_usage = qi.referenced;
2343
2344 if (disk_free != UINT64_MAX) {
2345 disk_ceiling = qi.referenced + disk_free;
2346
2347 if (disk_size != UINT64_MAX && disk_ceiling > disk_size)
2348 disk_ceiling = disk_size;
2349 }
2350
2351 if (qi.referenced_max != UINT64_MAX) {
2352 if (disk_size != UINT64_MAX)
2353 disk_size = MIN(qi.referenced_max, disk_size);
2354 else
2355 disk_size = qi.referenced_max;
2356 }
2357
2358 if (disk_size != UINT64_MAX) {
2359 if (disk_size > disk_usage)
2360 disk_free = disk_size - disk_usage;
2361 else
2362 disk_free = 0;
2363 }
2364 }
2365
2366 goto finish;
2367 }
2368 }
2369
2370 if (IN_SET(h->record->storage, USER_CLASSIC, USER_DIRECTORY, USER_FSCRYPT)) {
2371 r = quotactl_path(QCMD_FIXED(Q_GETQUOTA, USRQUOTA), path, h->uid, &req);
2372 if (r < 0) {
2373 if (ERRNO_IS_NOT_SUPPORTED(r)) {
2374 log_debug_errno(r, "No UID quota support on %s.", path);
2375 goto finish;
2376 }
2377
2378 if (r != -ESRCH) {
2379 log_debug_errno(r, "Failed to query disk quota for UID " UID_FMT ": %m", h->uid);
2380 goto finish;
2381 }
2382
2383 disk_usage = 0; /* No record of this user? then nothing was used */
2384 } else {
2385 if (FLAGS_SET(req.dqb_valid, QIF_SPACE) && disk_free != UINT64_MAX) {
2386 disk_ceiling = req.dqb_curspace + disk_free;
2387
2388 if (disk_size != UINT64_MAX && disk_ceiling > disk_size)
2389 disk_ceiling = disk_size;
2390 }
2391
2392 if (FLAGS_SET(req.dqb_valid, QIF_BLIMITS)) {
2393 uint64_t q;
2394
2395 /* Take the minimum of the quota and the available disk space here */
2396 q = req.dqb_bhardlimit * QIF_DQBLKSIZE;
2397 if (disk_size != UINT64_MAX)
2398 disk_size = MIN(disk_size, q);
2399 else
2400 disk_size = q;
2401 }
2402 if (FLAGS_SET(req.dqb_valid, QIF_SPACE)) {
2403 disk_usage = req.dqb_curspace;
2404
2405 if (disk_size != UINT64_MAX) {
2406 if (disk_size > disk_usage)
2407 disk_free = disk_size - disk_usage;
2408 else
2409 disk_free = 0;
2410 }
2411 }
2412 }
2413 }
2414
2415 finish:
2416 if (ret_disk_size)
2417 *ret_disk_size = disk_size;
2418 if (ret_disk_usage)
2419 *ret_disk_usage = disk_usage;
2420 if (ret_disk_free)
2421 *ret_disk_free = disk_free;
2422 if (ret_disk_ceiling)
2423 *ret_disk_ceiling = disk_ceiling;
2424 if (ret_disk_floor)
2425 *ret_disk_floor = disk_floor;
2426 if (ret_fstype)
2427 *ret_fstype = fstype;
2428 if (ret_access_mode)
2429 *ret_access_mode = access_mode;
2430
2431 return 0;
2432 }
2433
home_get_disk_status_internal(Home * h,HomeState state,uint64_t * ret_disk_size,uint64_t * ret_disk_usage,uint64_t * ret_disk_free,uint64_t * ret_disk_ceiling,uint64_t * ret_disk_floor,statfs_f_type_t * ret_fstype,mode_t * ret_access_mode)2434 static int home_get_disk_status_internal(
2435 Home *h,
2436 HomeState state,
2437 uint64_t *ret_disk_size,
2438 uint64_t *ret_disk_usage,
2439 uint64_t *ret_disk_free,
2440 uint64_t *ret_disk_ceiling,
2441 uint64_t *ret_disk_floor,
2442 statfs_f_type_t *ret_fstype,
2443 mode_t *ret_access_mode) {
2444
2445 assert(h);
2446 assert(h->record);
2447
2448 switch (h->record->storage) {
2449
2450 case USER_LUKS:
2451 return home_get_disk_status_luks(h, state, ret_disk_size, ret_disk_usage, ret_disk_free, ret_disk_ceiling, ret_disk_floor, ret_fstype, ret_access_mode);
2452
2453 case USER_CLASSIC:
2454 case USER_DIRECTORY:
2455 case USER_SUBVOLUME:
2456 case USER_FSCRYPT:
2457 case USER_CIFS:
2458 return home_get_disk_status_directory(h, state, ret_disk_size, ret_disk_usage, ret_disk_free, ret_disk_ceiling, ret_disk_floor, ret_fstype, ret_access_mode);
2459
2460 default:
2461 /* don't know */
2462
2463 if (ret_disk_size)
2464 *ret_disk_size = UINT64_MAX;
2465 if (ret_disk_usage)
2466 *ret_disk_usage = UINT64_MAX;
2467 if (ret_disk_free)
2468 *ret_disk_free = UINT64_MAX;
2469 if (ret_disk_ceiling)
2470 *ret_disk_ceiling = UINT64_MAX;
2471 if (ret_disk_floor)
2472 *ret_disk_floor = UINT64_MAX;
2473 if (ret_fstype)
2474 *ret_fstype = 0;
2475 if (ret_access_mode)
2476 *ret_access_mode = MODE_INVALID;
2477
2478 return 0;
2479 }
2480 }
2481
home_get_disk_status(Home * h,uint64_t * ret_disk_size,uint64_t * ret_disk_usage,uint64_t * ret_disk_free,uint64_t * ret_disk_ceiling,uint64_t * ret_disk_floor,statfs_f_type_t * ret_fstype,mode_t * ret_access_mode)2482 int home_get_disk_status(
2483 Home *h,
2484 uint64_t *ret_disk_size,
2485 uint64_t *ret_disk_usage,
2486 uint64_t *ret_disk_free,
2487 uint64_t *ret_disk_ceiling,
2488 uint64_t *ret_disk_floor,
2489 statfs_f_type_t *ret_fstype,
2490 mode_t *ret_access_mode) {
2491
2492 assert(h);
2493
2494 return home_get_disk_status_internal(
2495 h,
2496 home_get_state(h),
2497 ret_disk_size,
2498 ret_disk_usage,
2499 ret_disk_free,
2500 ret_disk_ceiling,
2501 ret_disk_floor,
2502 ret_fstype,
2503 ret_access_mode);
2504 }
2505
home_augment_status(Home * h,UserRecordLoadFlags flags,UserRecord ** ret)2506 int home_augment_status(
2507 Home *h,
2508 UserRecordLoadFlags flags,
2509 UserRecord **ret) {
2510
2511 uint64_t disk_size = UINT64_MAX, disk_usage = UINT64_MAX, disk_free = UINT64_MAX, disk_ceiling = UINT64_MAX, disk_floor = UINT64_MAX;
2512 _cleanup_(json_variant_unrefp) JsonVariant *j = NULL, *v = NULL, *m = NULL, *status = NULL;
2513 _cleanup_(user_record_unrefp) UserRecord *ur = NULL;
2514 statfs_f_type_t magic;
2515 const char *fstype;
2516 mode_t access_mode;
2517 HomeState state;
2518 sd_id128_t id;
2519 int r;
2520
2521 assert(h);
2522 assert(ret);
2523
2524 /* We are supposed to add this, this can't be on hence. */
2525 assert(!FLAGS_SET(flags, USER_RECORD_STRIP_STATUS));
2526
2527 r = sd_id128_get_machine(&id);
2528 if (r < 0)
2529 return r;
2530
2531 state = home_get_state(h);
2532
2533 r = home_get_disk_status_internal(
2534 h, state,
2535 &disk_size,
2536 &disk_usage,
2537 &disk_free,
2538 &disk_ceiling,
2539 &disk_floor,
2540 &magic,
2541 &access_mode);
2542 if (r < 0)
2543 return r;
2544
2545 fstype = fs_type_to_string(magic);
2546
2547 if (disk_floor == UINT64_MAX || (disk_usage != UINT64_MAX && disk_floor < disk_usage))
2548 disk_floor = disk_usage;
2549 if (disk_floor == UINT64_MAX || disk_floor < USER_DISK_SIZE_MIN)
2550 disk_floor = USER_DISK_SIZE_MIN;
2551 if (disk_ceiling == UINT64_MAX || disk_ceiling > USER_DISK_SIZE_MAX)
2552 disk_ceiling = USER_DISK_SIZE_MAX;
2553
2554 r = json_build(&status,
2555 JSON_BUILD_OBJECT(
2556 JSON_BUILD_PAIR("state", JSON_BUILD_STRING(home_state_to_string(state))),
2557 JSON_BUILD_PAIR("service", JSON_BUILD_CONST_STRING("io.systemd.Home")),
2558 JSON_BUILD_PAIR_CONDITION(disk_size != UINT64_MAX, "diskSize", JSON_BUILD_UNSIGNED(disk_size)),
2559 JSON_BUILD_PAIR_CONDITION(disk_usage != UINT64_MAX, "diskUsage", JSON_BUILD_UNSIGNED(disk_usage)),
2560 JSON_BUILD_PAIR_CONDITION(disk_free != UINT64_MAX, "diskFree", JSON_BUILD_UNSIGNED(disk_free)),
2561 JSON_BUILD_PAIR_CONDITION(disk_ceiling != UINT64_MAX, "diskCeiling", JSON_BUILD_UNSIGNED(disk_ceiling)),
2562 JSON_BUILD_PAIR_CONDITION(disk_floor != UINT64_MAX, "diskFloor", JSON_BUILD_UNSIGNED(disk_floor)),
2563 JSON_BUILD_PAIR_CONDITION(h->signed_locally >= 0, "signedLocally", JSON_BUILD_BOOLEAN(h->signed_locally)),
2564 JSON_BUILD_PAIR_CONDITION(fstype, "fileSystemType", JSON_BUILD_STRING(fstype)),
2565 JSON_BUILD_PAIR_CONDITION(access_mode != MODE_INVALID, "accessMode", JSON_BUILD_UNSIGNED(access_mode))
2566 ));
2567 if (r < 0)
2568 return r;
2569
2570 j = json_variant_ref(h->record->json);
2571 v = json_variant_ref(json_variant_by_key(j, "status"));
2572 m = json_variant_ref(json_variant_by_key(v, SD_ID128_TO_STRING(id)));
2573
2574 r = json_variant_filter(&m, STRV_MAKE("diskSize", "diskUsage", "diskFree", "diskCeiling", "diskFloor", "signedLocally"));
2575 if (r < 0)
2576 return r;
2577
2578 r = json_variant_merge(&m, status);
2579 if (r < 0)
2580 return r;
2581
2582 r = json_variant_set_field(&v, SD_ID128_TO_STRING(id), m);
2583 if (r < 0)
2584 return r;
2585
2586 r = json_variant_set_field(&j, "status", v);
2587 if (r < 0)
2588 return r;
2589
2590 ur = user_record_new();
2591 if (!ur)
2592 return -ENOMEM;
2593
2594 r = user_record_load(ur, j, flags);
2595 if (r < 0)
2596 return r;
2597
2598 ur->incomplete =
2599 FLAGS_SET(h->record->mask, USER_RECORD_PRIVILEGED) &&
2600 !FLAGS_SET(ur->mask, USER_RECORD_PRIVILEGED);
2601
2602 *ret = TAKE_PTR(ur);
2603 return 0;
2604 }
2605
on_home_ref_eof(sd_event_source * s,int fd,uint32_t revents,void * userdata)2606 static int on_home_ref_eof(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
2607 _cleanup_(operation_unrefp) Operation *o = NULL;
2608 Home *h = userdata;
2609
2610 assert(s);
2611 assert(h);
2612
2613 if (h->ref_event_source_please_suspend == s)
2614 h->ref_event_source_please_suspend = sd_event_source_disable_unref(h->ref_event_source_please_suspend);
2615
2616 if (h->ref_event_source_dont_suspend == s)
2617 h->ref_event_source_dont_suspend = sd_event_source_disable_unref(h->ref_event_source_dont_suspend);
2618
2619 if (h->ref_event_source_dont_suspend || h->ref_event_source_please_suspend)
2620 return 0;
2621
2622 log_info("Got notification that all sessions of user %s ended, deactivating automatically.", h->user_name);
2623
2624 o = operation_new(OPERATION_PIPE_EOF, NULL);
2625 if (!o) {
2626 log_oom();
2627 return 0;
2628 }
2629
2630 home_schedule_operation(h, o, NULL);
2631 return 0;
2632 }
2633
home_create_fifo(Home * h,bool please_suspend)2634 int home_create_fifo(Home *h, bool please_suspend) {
2635 _cleanup_close_ int ret_fd = -1;
2636 sd_event_source **ss;
2637 const char *fn, *suffix;
2638 int r;
2639
2640 assert(h);
2641
2642 if (please_suspend) {
2643 suffix = ".please-suspend";
2644 ss = &h->ref_event_source_please_suspend;
2645 } else {
2646 suffix = ".dont-suspend";
2647 ss = &h->ref_event_source_dont_suspend;
2648 }
2649
2650 fn = strjoina("/run/systemd/home/", h->user_name, suffix);
2651
2652 if (!*ss) {
2653 _cleanup_close_ int ref_fd = -1;
2654
2655 (void) mkdir("/run/systemd/home/", 0755);
2656 if (mkfifo(fn, 0600) < 0 && errno != EEXIST)
2657 return log_error_errno(errno, "Failed to create FIFO %s: %m", fn);
2658
2659 ref_fd = open(fn, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
2660 if (ref_fd < 0)
2661 return log_error_errno(errno, "Failed to open FIFO %s for reading: %m", fn);
2662
2663 r = sd_event_add_io(h->manager->event, ss, ref_fd, 0, on_home_ref_eof, h);
2664 if (r < 0)
2665 return log_error_errno(r, "Failed to allocate reference FIFO event source: %m");
2666
2667 (void) sd_event_source_set_description(*ss, "acquire-ref");
2668
2669 r = sd_event_source_set_priority(*ss, SD_EVENT_PRIORITY_IDLE-1);
2670 if (r < 0)
2671 return r;
2672
2673 r = sd_event_source_set_io_fd_own(*ss, true);
2674 if (r < 0)
2675 return log_error_errno(r, "Failed to pass ownership of FIFO event fd to event source: %m");
2676
2677 TAKE_FD(ref_fd);
2678 }
2679
2680 ret_fd = open(fn, O_WRONLY|O_CLOEXEC|O_NONBLOCK);
2681 if (ret_fd < 0)
2682 return log_error_errno(errno, "Failed to open FIFO %s for writing: %m", fn);
2683
2684 return TAKE_FD(ret_fd);
2685 }
2686
home_dispatch_acquire(Home * h,Operation * o)2687 static int home_dispatch_acquire(Home *h, Operation *o) {
2688 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2689 int (*call)(Home *h, UserRecord *secret, HomeState for_state, sd_bus_error *error) = NULL;
2690 HomeState for_state;
2691 int r;
2692
2693 assert(h);
2694 assert(o);
2695 assert(o->type == OPERATION_ACQUIRE);
2696
2697 assert(!h->current_operation);
2698
2699 switch (home_get_state(h)) {
2700
2701 case HOME_UNFIXATED:
2702 for_state = HOME_FIXATING_FOR_ACQUIRE;
2703 call = home_fixate_internal;
2704 break;
2705
2706 case HOME_ABSENT:
2707 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_ABSENT,
2708 "Home %s is currently missing or not plugged in.", h->user_name);
2709 goto check;
2710
2711 case HOME_INACTIVE:
2712 case HOME_DIRTY:
2713 for_state = HOME_ACTIVATING_FOR_ACQUIRE;
2714 call = home_activate_internal;
2715 break;
2716
2717 case HOME_ACTIVE:
2718 case HOME_LINGERING:
2719 for_state = HOME_AUTHENTICATING_FOR_ACQUIRE;
2720 call = home_authenticate_internal;
2721 break;
2722
2723 case HOME_LOCKED:
2724 for_state = HOME_UNLOCKING_FOR_ACQUIRE;
2725 call = home_unlock_internal;
2726 break;
2727
2728 default:
2729 /* All other cases means we are currently executing an operation, which means the job remains
2730 * pending. */
2731 return 0;
2732 }
2733
2734 r = home_ratelimit(h, &error);
2735 if (r >= 0)
2736 r = call(h, o->secret, for_state, &error);
2737
2738 check:
2739 if (r != 0) /* failure or completed */
2740 operation_result(o, r, &error);
2741 else /* ongoing */
2742 h->current_operation = operation_ref(o);
2743
2744 return 1;
2745 }
2746
home_dispatch_release(Home * h,Operation * o)2747 static int home_dispatch_release(Home *h, Operation *o) {
2748 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2749 int r;
2750
2751 assert(h);
2752 assert(o);
2753 assert(o->type == OPERATION_RELEASE);
2754
2755 if (h->ref_event_source_dont_suspend || h->ref_event_source_please_suspend)
2756 /* If there's now a reference again, then let's abort the release attempt */
2757 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_BUSY, "Home %s is currently referenced.", h->user_name);
2758 else {
2759 switch (home_get_state(h)) {
2760
2761 case HOME_UNFIXATED:
2762 case HOME_ABSENT:
2763 case HOME_INACTIVE:
2764 case HOME_DIRTY:
2765 r = 1; /* done */
2766 break;
2767
2768 case HOME_LOCKED:
2769 r = sd_bus_error_setf(&error, BUS_ERROR_HOME_LOCKED, "Home %s is currently locked.", h->user_name);
2770 break;
2771
2772 case HOME_ACTIVE:
2773 case HOME_LINGERING:
2774 r = home_deactivate_internal(h, false, &error);
2775 break;
2776
2777 default:
2778 /* All other cases means we are currently executing an operation, which means the job remains
2779 * pending. */
2780 return 0;
2781 }
2782 }
2783
2784 assert(!h->current_operation);
2785
2786 if (r != 0) /* failure or completed */
2787 operation_result(o, r, &error);
2788 else /* ongoing */
2789 h->current_operation = operation_ref(o);
2790
2791 return 1;
2792 }
2793
home_dispatch_lock_all(Home * h,Operation * o)2794 static int home_dispatch_lock_all(Home *h, Operation *o) {
2795 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2796 int r;
2797
2798 assert(h);
2799 assert(o);
2800 assert(o->type == OPERATION_LOCK_ALL);
2801
2802 switch (home_get_state(h)) {
2803
2804 case HOME_UNFIXATED:
2805 case HOME_ABSENT:
2806 case HOME_INACTIVE:
2807 case HOME_DIRTY:
2808 log_info("Home %s is not active, no locking necessary.", h->user_name);
2809 r = 1; /* done */
2810 break;
2811
2812 case HOME_LOCKED:
2813 log_info("Home %s is already locked.", h->user_name);
2814 r = 1; /* done */
2815 break;
2816
2817 case HOME_ACTIVE:
2818 case HOME_LINGERING:
2819 log_info("Locking home %s.", h->user_name);
2820 r = home_lock(h, &error);
2821 break;
2822
2823 default:
2824 /* All other cases means we are currently executing an operation, which means the job remains
2825 * pending. */
2826 return 0;
2827 }
2828
2829 assert(!h->current_operation);
2830
2831 if (r != 0) /* failure or completed */
2832 operation_result(o, r, &error);
2833 else /* ongoing */
2834 h->current_operation = operation_ref(o);
2835
2836 return 1;
2837 }
2838
home_dispatch_deactivate_all(Home * h,Operation * o)2839 static int home_dispatch_deactivate_all(Home *h, Operation *o) {
2840 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2841 int r;
2842
2843 assert(h);
2844 assert(o);
2845 assert(o->type == OPERATION_DEACTIVATE_ALL);
2846
2847 switch (home_get_state(h)) {
2848
2849 case HOME_UNFIXATED:
2850 case HOME_ABSENT:
2851 case HOME_INACTIVE:
2852 case HOME_DIRTY:
2853 log_info("Home %s is already deactivated.", h->user_name);
2854 r = 1; /* done */
2855 break;
2856
2857 case HOME_LOCKED:
2858 log_info("Home %s is currently locked, not deactivating.", h->user_name);
2859 r = 1; /* done */
2860 break;
2861
2862 case HOME_ACTIVE:
2863 case HOME_LINGERING:
2864 log_info("Deactivating home %s.", h->user_name);
2865 r = home_deactivate_internal(h, false, &error);
2866 break;
2867
2868 default:
2869 /* All other cases means we are currently executing an operation, which means the job remains
2870 * pending. */
2871 return 0;
2872 }
2873
2874 assert(!h->current_operation);
2875
2876 if (r != 0) /* failure or completed */
2877 operation_result(o, r, &error);
2878 else /* ongoing */
2879 h->current_operation = operation_ref(o);
2880
2881 return 1;
2882 }
2883
home_dispatch_pipe_eof(Home * h,Operation * o)2884 static int home_dispatch_pipe_eof(Home *h, Operation *o) {
2885 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2886 int r;
2887
2888 assert(h);
2889 assert(o);
2890 assert(o->type == OPERATION_PIPE_EOF);
2891
2892 if (h->ref_event_source_please_suspend || h->ref_event_source_dont_suspend)
2893 return 1; /* Hmm, there's a reference again, let's cancel this */
2894
2895 switch (home_get_state(h)) {
2896
2897 case HOME_UNFIXATED:
2898 case HOME_ABSENT:
2899 case HOME_INACTIVE:
2900 case HOME_DIRTY:
2901 log_info("Home %s already deactivated, no automatic deactivation needed.", h->user_name);
2902 break;
2903
2904 case HOME_DEACTIVATING:
2905 log_info("Home %s is already being deactivated, automatic deactivated unnecessary.", h->user_name);
2906 break;
2907
2908 case HOME_ACTIVE:
2909 case HOME_LINGERING:
2910 r = home_deactivate_internal(h, false, &error);
2911 if (r < 0)
2912 log_warning_errno(r, "Failed to deactivate %s, ignoring: %s", h->user_name, bus_error_message(&error, r));
2913 break;
2914
2915 case HOME_LOCKED:
2916 default:
2917 /* If the device is locked or any operation is being executed, let's leave this pending */
2918 return 0;
2919 }
2920
2921 /* Note that we don't call operation_fail() or operation_success() here, because this kind of
2922 * operation has no message associated with it, and thus there's no need to propagate success. */
2923
2924 assert(!o->message);
2925 return 1;
2926 }
2927
home_dispatch_deactivate_force(Home * h,Operation * o)2928 static int home_dispatch_deactivate_force(Home *h, Operation *o) {
2929 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2930 int r;
2931
2932 assert(h);
2933 assert(o);
2934 assert(o->type == OPERATION_DEACTIVATE_FORCE);
2935
2936 switch (home_get_state(h)) {
2937
2938 case HOME_UNFIXATED:
2939 case HOME_ABSENT:
2940 case HOME_INACTIVE:
2941 case HOME_DIRTY:
2942 log_debug("Home %s already deactivated, no forced deactivation due to unplug needed.", h->user_name);
2943 break;
2944
2945 case HOME_DEACTIVATING:
2946 log_debug("Home %s is already being deactivated, forced deactivation due to unplug unnecessary.", h->user_name);
2947 break;
2948
2949 case HOME_ACTIVE:
2950 case HOME_LOCKED:
2951 case HOME_LINGERING:
2952 r = home_deactivate_internal(h, true, &error);
2953 if (r < 0)
2954 log_warning_errno(r, "Failed to forcibly deactivate %s, ignoring: %s", h->user_name, bus_error_message(&error, r));
2955 break;
2956
2957 default:
2958 /* If any operation is being executed, let's leave this pending */
2959 return 0;
2960 }
2961
2962 /* Note that we don't call operation_fail() or operation_success() here, because this kind of
2963 * operation has no message associated with it, and thus there's no need to propagate success. */
2964
2965 assert(!o->message);
2966 return 1;
2967 }
2968
on_pending(sd_event_source * s,void * userdata)2969 static int on_pending(sd_event_source *s, void *userdata) {
2970 Home *h = userdata;
2971 Operation *o;
2972 int r;
2973
2974 assert(s);
2975 assert(h);
2976
2977 o = ordered_set_first(h->pending_operations);
2978 if (o) {
2979 static int (* const operation_table[_OPERATION_MAX])(Home *h, Operation *o) = {
2980 [OPERATION_ACQUIRE] = home_dispatch_acquire,
2981 [OPERATION_RELEASE] = home_dispatch_release,
2982 [OPERATION_LOCK_ALL] = home_dispatch_lock_all,
2983 [OPERATION_DEACTIVATE_ALL] = home_dispatch_deactivate_all,
2984 [OPERATION_PIPE_EOF] = home_dispatch_pipe_eof,
2985 [OPERATION_DEACTIVATE_FORCE] = home_dispatch_deactivate_force,
2986 };
2987
2988 assert(operation_table[o->type]);
2989 r = operation_table[o->type](h, o);
2990 if (r != 0) {
2991 /* The operation completed, let's remove it from the pending list, and exit while
2992 * leaving the event source enabled as it is. */
2993 assert_se(ordered_set_remove(h->pending_operations, o) == o);
2994 operation_unref(o);
2995 return 0;
2996 }
2997 }
2998
2999 /* Nothing to do anymore, let's turn off this event source */
3000 r = sd_event_source_set_enabled(s, SD_EVENT_OFF);
3001 if (r < 0)
3002 return log_error_errno(r, "Failed to disable event source: %m");
3003
3004 /* No operations pending anymore, maybe this is a good time to trigger a rebalancing */
3005 manager_reschedule_rebalance(h->manager);
3006 return 0;
3007 }
3008
home_schedule_operation(Home * h,Operation * o,sd_bus_error * error)3009 int home_schedule_operation(Home *h, Operation *o, sd_bus_error *error) {
3010 int r;
3011
3012 assert(h);
3013
3014 if (o) {
3015 if (ordered_set_size(h->pending_operations) >= PENDING_OPERATIONS_MAX)
3016 return sd_bus_error_set(error, BUS_ERROR_TOO_MANY_OPERATIONS, "Too many client operations requested");
3017
3018 r = ordered_set_ensure_put(&h->pending_operations, &operation_hash_ops, o);
3019 if (r < 0)
3020 return r;
3021
3022 operation_ref(o);
3023 }
3024
3025 if (!h->pending_event_source) {
3026 r = sd_event_add_defer(h->manager->event, &h->pending_event_source, on_pending, h);
3027 if (r < 0)
3028 return log_error_errno(r, "Failed to allocate pending defer event source: %m");
3029
3030 (void) sd_event_source_set_description(h->pending_event_source, "pending");
3031
3032 r = sd_event_source_set_priority(h->pending_event_source, SD_EVENT_PRIORITY_IDLE);
3033 if (r < 0)
3034 return r;
3035 }
3036
3037 r = sd_event_source_set_enabled(h->pending_event_source, SD_EVENT_ON);
3038 if (r < 0)
3039 return log_error_errno(r, "Failed to trigger pending event source: %m");
3040
3041 return 0;
3042 }
3043
home_get_image_path_seat(Home * h,char ** ret)3044 static int home_get_image_path_seat(Home *h, char **ret) {
3045 _cleanup_(sd_device_unrefp) sd_device *d = NULL;
3046 _cleanup_free_ char *c = NULL;
3047 const char *ip, *seat;
3048 struct stat st;
3049 int r;
3050
3051 assert(h);
3052
3053 if (user_record_storage(h->record) != USER_LUKS)
3054 return -ENXIO;
3055
3056 ip = user_record_image_path(h->record);
3057 if (!ip)
3058 return -ENXIO;
3059
3060 if (!path_startswith(ip, "/dev/"))
3061 return -ENXIO;
3062
3063 if (stat(ip, &st) < 0)
3064 return -errno;
3065
3066 if (!S_ISBLK(st.st_mode))
3067 return -ENOTBLK;
3068
3069 r = sd_device_new_from_stat_rdev(&d, &st);
3070 if (r < 0)
3071 return r;
3072
3073 r = sd_device_get_property_value(d, "ID_SEAT", &seat);
3074 if (r == -ENOENT) /* no property means seat0 */
3075 seat = "seat0";
3076 else if (r < 0)
3077 return r;
3078
3079 c = strdup(seat);
3080 if (!c)
3081 return -ENOMEM;
3082
3083 *ret = TAKE_PTR(c);
3084 return 0;
3085 }
3086
home_auto_login(Home * h,char *** ret_seats)3087 int home_auto_login(Home *h, char ***ret_seats) {
3088 _cleanup_free_ char *seat = NULL, *seat2 = NULL;
3089
3090 assert(h);
3091 assert(ret_seats);
3092
3093 (void) home_get_image_path_seat(h, &seat);
3094
3095 if (h->record->auto_login > 0 && !streq_ptr(seat, "seat0")) {
3096 /* For now, when the auto-login boolean is set for a user, let's make it mean
3097 * "seat0". Eventually we can extend the concept and allow configuration of any kind of seat,
3098 * but let's keep simple initially, most likely the feature is interesting on single-user
3099 * systems anyway, only.
3100 *
3101 * We filter out users marked for auto-login in we know for sure their home directory is
3102 * absent. */
3103
3104 if (user_record_test_image_path(h->record) != USER_TEST_ABSENT) {
3105 seat2 = strdup("seat0");
3106 if (!seat2)
3107 return -ENOMEM;
3108 }
3109 }
3110
3111 if (seat || seat2) {
3112 _cleanup_strv_free_ char **list = NULL;
3113 size_t i = 0;
3114
3115 list = new(char*, 3);
3116 if (!list)
3117 return -ENOMEM;
3118
3119 if (seat)
3120 list[i++] = TAKE_PTR(seat);
3121 if (seat2)
3122 list[i++] = TAKE_PTR(seat2);
3123
3124 list[i] = NULL;
3125 *ret_seats = TAKE_PTR(list);
3126 return 1;
3127 }
3128
3129 *ret_seats = NULL;
3130 return 0;
3131 }
3132
home_set_current_message(Home * h,sd_bus_message * m)3133 int home_set_current_message(Home *h, sd_bus_message *m) {
3134 assert(h);
3135
3136 if (!m)
3137 return 0;
3138
3139 if (h->current_operation)
3140 return -EBUSY;
3141
3142 h->current_operation = operation_new(OPERATION_IMMEDIATE, m);
3143 if (!h->current_operation)
3144 return -ENOMEM;
3145
3146 return 1;
3147 }
3148
home_wait_for_worker(Home * h)3149 int home_wait_for_worker(Home *h) {
3150 assert(h);
3151
3152 if (h->worker_pid <= 0)
3153 return 0;
3154
3155 log_info("Worker process for home %s is still running while exiting. Waiting for it to finish.", h->user_name);
3156 (void) wait_for_terminate(h->worker_pid, NULL);
3157 (void) hashmap_remove_value(h->manager->homes_by_worker_pid, PID_TO_PTR(h->worker_pid), h);
3158 h->worker_pid = 0;
3159 return 1;
3160 }
3161
home_shall_rebalance(Home * h)3162 bool home_shall_rebalance(Home *h) {
3163 HomeState state;
3164
3165 assert(h);
3166
3167 /* Determines if the home directory is a candidate for rebalancing */
3168
3169 if (!user_record_shall_rebalance(h->record))
3170 return false;
3171
3172 state = home_get_state(h);
3173 if (!HOME_STATE_SHALL_REBALANCE(state))
3174 return false;
3175
3176 return true;
3177 }
3178
home_is_busy(Home * h)3179 bool home_is_busy(Home *h) {
3180 assert(h);
3181
3182 if (h->current_operation)
3183 return true;
3184
3185 if (!ordered_set_isempty(h->pending_operations))
3186 return true;
3187
3188 return HOME_STATE_IS_EXECUTING_OPERATION(home_get_state(h));
3189 }
3190
3191 static const char* const home_state_table[_HOME_STATE_MAX] = {
3192 [HOME_UNFIXATED] = "unfixated",
3193 [HOME_ABSENT] = "absent",
3194 [HOME_INACTIVE] = "inactive",
3195 [HOME_DIRTY] = "dirty",
3196 [HOME_FIXATING] = "fixating",
3197 [HOME_FIXATING_FOR_ACTIVATION] = "fixating-for-activation",
3198 [HOME_FIXATING_FOR_ACQUIRE] = "fixating-for-acquire",
3199 [HOME_ACTIVATING] = "activating",
3200 [HOME_ACTIVATING_FOR_ACQUIRE] = "activating-for-acquire",
3201 [HOME_DEACTIVATING] = "deactivating",
3202 [HOME_ACTIVE] = "active",
3203 [HOME_LINGERING] = "lingering",
3204 [HOME_LOCKING] = "locking",
3205 [HOME_LOCKED] = "locked",
3206 [HOME_UNLOCKING] = "unlocking",
3207 [HOME_UNLOCKING_FOR_ACQUIRE] = "unlocking-for-acquire",
3208 [HOME_CREATING] = "creating",
3209 [HOME_REMOVING] = "removing",
3210 [HOME_UPDATING] = "updating",
3211 [HOME_UPDATING_WHILE_ACTIVE] = "updating-while-active",
3212 [HOME_RESIZING] = "resizing",
3213 [HOME_RESIZING_WHILE_ACTIVE] = "resizing-while-active",
3214 [HOME_PASSWD] = "passwd",
3215 [HOME_PASSWD_WHILE_ACTIVE] = "passwd-while-active",
3216 [HOME_AUTHENTICATING] = "authenticating",
3217 [HOME_AUTHENTICATING_WHILE_ACTIVE] = "authenticating-while-active",
3218 [HOME_AUTHENTICATING_FOR_ACQUIRE] = "authenticating-for-acquire",
3219 };
3220
3221 DEFINE_STRING_TABLE_LOOKUP(home_state, HomeState);
3222