summaryrefslogtreecommitdiffstats
path: root/src/shared/user-record.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* user-record: only synthesize default list of self-modifiable fields for ↵Lennart Poettering10 days1-3/+16
| | | | | | | | | | | | *regular* users For system users we should lock things down, hence generate an empty list. This is mostly a safety precaution, but also hides really confusing output of "userdbctl user" for an system user. Follow-up for: a192250eda1e5cc1f8fc799cf9b85d37e7fa0519
* json: introduce json_dispatch_strv_environment()Ivan Kruglov2024-11-061-36/+2
| | | | | I just moved json_dispatch_environment() from src/shared/user-record.c under name 'json_dispatch_strv_environment()' to shared json code.
* user-record: add missing comma to list of stringsLuca Boccassi2024-11-021-1/+1
| | | | Follow-up for ad03f2d5f0d7f87b775357e5a2727dbcbc973fce
* homed: Allow user to change parts of their recordAdrian Vovk2024-11-011-2/+168
| | | | | | | | | | This allows an unprivileged user that is active at the console to change the fields that are in the selfModifiable allowlists (introduced in a previous commit) without authenticating as a system administrator. Administrators can disable this behavior per-user by setting the relevant selfModifiable allowlists, or system-wide by changing the policy of the org.freedesktop.home1.update-home-by-owner Polkit action.
* user-record: Introduce selfModifiable fieldsAdrian Vovk2024-11-011-0/+82
| | | | | Allows the system administrator to configure what fields the user is allowed to edit about themself, along with hard-coded defaults.
* tree-wide: replace for loop with FOREACH_ELEMENT or FOREACH_ARRAY macros ↵Integral2024-10-261-11/+11
| | | | (#34893)
* userdbctl: add some basic client-side filteringLennart Poettering2024-10-241-0/+66
| | | | | | | | | | | | | | This adds some basic client-side user/group filtering to "userdbctl": 1. by uid/gid min/max 2. by user "disposition" (i.e. show only regular users with "userdbctl user -R") 3. by fuzzy name (i.e. search by substring/levenshtein of user name, real name, and other identifiers of the user/group record). In the long run we also want to support this server side, but let's start out with doing this client-side, since many backends won't support server-side filtering anytime soon anyway, so we need it in either case.
* tree-wide: replace reallocarray() with GREEDY_REALLOC()Yu Watanabe2024-10-081-23/+7
|
* tree-wide: use strv_extend_strv_consume() where appropriateMike Yuan2024-09-211-4/+3
|
* treewide: use sd_json_variant_un{hex|base64}() pervasivelyLennart Poettering2024-08-301-16/+4
| | | | | | | | Use these helpers whenever appropriate. Drop separate string checks, since these helpers already do them anyway. No actual code change, just a rework to make use of a nice helper we have already.
* user-record: add helper that checks if a user record is root or the nobody userLennart Poettering2024-08-281-3/+15
|
* various: move const ptr indicator to return valueZbigniew Jędrzejewski-Szmek2024-06-191-10/+10
|
* sd-json: rename SD_JSON_SAFE → SD_JSON_STRICTLennart Poettering2024-06-121-204/+204
| | | | | | | | The flag is fairly generic these days and just selects a slightly stricter validation, with details depending on the selected dispatch function. Hence, let's give it more precise name, in particular one that mirrors the SD_JSON_RELAXED flag nicely (which does the opposite: relaxes parsing)
* libsystemd: turn json.[ch] into a public APILennart Poettering2024-06-121-444/+445
| | | | | | | | | | | | | | | This is preparation for making our Varlink API a public API. Since our Varlink API is built on top of our JSON API we need to make that public first (it's a nice API, but JSON APIs there are already enough, this is purely about the Varlink angle). I made most of the json.h APIs public, and just placed them in sd-json.h. Sometimes I wasn't so sure however, since the underlying data structures would have to be made public too. If in doubt I didn#t risk it, and moved the relevant API to src/libsystemd/sd-json/json-util.h instead (without any sd_* symbol prefixes). This is mostly a giant search/replace patch.
* json: merge json_dispatch_path() + json_dispatch_absolute_path()Lennart Poettering2024-06-121-33/+7
| | | | | | | | | | | | | The functions more or less do the same thing. Merge them. This makes json_dispatch_path() the common resulting implementation. it learnt: 1. Will reset the path to NULL if specified as null in JSON 2. Depending on the JSON_SAFE flag will insist on normalized path or not With this the two implementations are identical, except for the differences now toggable via JSON_SAFE flag
* tree-wide: fix type confusion around parsing JSON booleansLennart Poettering2024-05-021-1/+1
| | | | | | Sometimes we store them in a tristate, sometimes in C stdbool booleans. Sometimes we fucked up picking the right parsing function however. Fix that.
* user-record: Add preferredSession{Type,Launcher}Adrian Vovk2024-03-011-0/+7
| | | | | | | These will be used by display managers to pre-select the user's preferred desktop environment and display server type. On homed, the display manager will also be able to set these fields to cache the user's last selection.
* user-record: Add blobDirectory and blobManifestAdrian Vovk2024-02-191-0/+63
| | | | | | These fields are used to connect a JSON user record to its blob directory, and to include the directory's contents in the record's signature
* user-record: add fields for a fallback home dir + shellLennart Poettering2024-02-141-20/+52
| | | | | | | | | | | | | | | | This adds fields to the user record logic to allow a "fallback" home directory and shell to be set as part of the "status" section of the user record, i.e. supplied by the manager of the user record. The idea is that if the fallback homedir/shell is set it will take precedence over the real one in most ways. Usecase: let's try to make ssh logins into homed directories work. systemd-homed would set a fallback shell/homedir for inactive home dirs. Thus, when ssh logins take place via key auth, we can allow them, and these fallback session params would be used because the real home cannot be activated just yet becasue we cannot acquire any password for it from the user.
* user-record: Add languages fieldAdrian Vovk2024-02-131-2/+83
| | | | | | | | | | | | | | | | This field is like preferredLanguage, but takes a priority list of languages instead. If an app isn't translated into a user's primary language, it can fall back to one of the other languages in the list thus making the app more accessible to the user. For instance: in my experience, many Ukrainians are fluent in Russian, often significantly better than English (especially if they are of a generation that grew up during the USSR). Such a person might set this new variable to ["uk_UA.UTF-8", "ru_UA.UTF-8"] so that software that lacks Ukrainian translations will first try Russian translations before defaulting to English. Fixes #31290
* user-record: Add method to match whole perMachine entryAdrian Vovk2024-01-181-24/+31
| | | | | We already had methods to check just the machine-id or just the hostname, so this method pretty trivially checks both
* src/basic: rename uid-alloc-range.[ch] to uid-classification.[ch]Zbigniew Jędrzejewski-Szmek2024-01-091-1/+1
| | | | | | | | | We had both uid-range.h and uid-alloc-range.h. The latter now contains helpers like {uid,gid}_is_{system,dynamic,container}(), uid_for_system_journal(), so the existing name is outdated. I think the uid-range.[ch] should stay separate because it has a bunch of helpers for parsing and printing of uid ranges. So let's rename as in $subject to better reflect the contents of the file and make the two sets of files harder to confuse.
* hexdecoct: make unbase64mem and unhexmem always use SIZE_MAXMike Yuan2024-01-081-4/+4
|
* Merge pull request #30784 from poettering/json-dispatch-enumLennart Poettering2024-01-051-40/+5
|\ | | | | json: add macro for automatically defining a dispatcher for an enum
| * user-record: port over to JSON_DISPATCH_ENUM_DEFINE()Lennart Poettering2024-01-051-40/+5
| |
* | tree-wide: use JSON_ALLOW_EXTENSIONS when disptching at various placesLennart Poettering2024-01-051-1/+1
|/ | | | | | | | | If we want to allow method replies to be extended without this breaking compat, then we should set this flag. Do so at various method call replies hence. Also do it when parsing user/group records, which are expressly documented to be extensible, as well as the hibernate JSON record.
* tree-wide: take in all *our* JSON structures also decimal stringsLennart Poettering2023-11-071-48/+48
| | | | | | | | | | | | Let's be friendly in what we accept: whenever we define a JSON structure, let's also allow decimal strings where we want an integer. This patch purely replaces JSON_VARIANT_UNSIGNED by _JSON_VARIANT_TYPE_INVALID in the various JsonDispatch[] tables, so that we'll happily accept any type in json_dispatch(), so that json_dispatch_uint64() and related tools can do their thing. This does not switch over OCI (as a JSON structure not defined by us).
* varlink,json: introduce new varlink_dispatch() helperLennart Poettering2023-11-021-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | varlink_dispatch() is a simple wrapper around json_dispatch() that returns clean, standards-compliant InvalidParameter error back to clients, if the specified JSON cannot be parsed properly. For this json_dispatch() is extended to return the offending field's name. Because it already has quite a few parameters, I then renamed json_dispatch() to json_dispatch_full() and made json_dispatch() a wrapper around it that passes the new argument as NULL. While doing so I figured we should also get rid of the bad= argument in the short wrapper, since it's only used in the OCI code. To simplify the OCI code this adds a second wrapper oci_dispatch() around json_dispatch_full(), that fills in bad= the way we want. Net result: instead of one json_dispatch() call there are now: 1. json_dispatch_full() for the fully feature mother of all dispathers. 2. json_dispatch() for the simpler version that you want to use most of the time. 3. varlink_dispatch() that generates nice Varlink errors 4. oci_dispatch() that does the OCI specific error handling And that's all there is.
* user-record: extend user records with an ambient and bounding caps set fieldLennart Poettering2023-02-281-0/+44
| | | | | In particular the ambieht caps field is useful: we can use it later to pass caps such as CAP_WAKE_ALARM to regular users on login.
* Implement --luks-pbkdf-force-iterations for homedAidan Dang2022-12-061-0/+14
|
* Implement --luks-sector-size for homedAidan Dang2022-10-071-0/+13
|
* tree-wide: use ASSERT_PTR moreDavid Tardon2022-09-131-3/+1
|
* tree-wide: allow ASCII fallback for … in logsDavid Tardon2022-06-281-5/+17
|
* Use new default-user-shell option instead of hard-coding bash in nspawn and ↵наб2022-03-281-1/+1
| | | | | | | | | | | user-record Defaults to /bin/bash, no changes in the default configuration The fallback shell for non-root users is as-specified, and the interactive shell for nspawn sessions is started as exec(default-user-shell, "-" + basename(default-user-shell), ...) before falling through to bash and sh
* user-record: add rebalanceWeight fieldLennart Poettering2021-11-251-0/+42
|
* user-record: add auto-resize propertyLennart Poettering2021-11-231-0/+46
|
* shared/json: use int64_t instead of intmax_tZbigniew Jędrzejewski-Szmek2021-11-181-9/+7
| | | | | | | | | | | We were already asserting that the intmax_t and uintmax_t types are the same as int64_t and uint64_t. Pretty much everywhere in the code base we use the latter types. In principle intmax_t could be something different on some new architecture, and then the code would fail to compile or behave differently. We actually do not want the code to behave differently on those architectures, because that'd break interoperability. So let's just use int64_t/uint64_t since that's what we indend to use.
* user-record: relax rules on diskSize user record fieldLennart Poettering2021-11-161-22/+2
| | | | | | | | | Let's not refuse low or high disk sizes unnecessarily early. They disk sizes are subject fs limits anyway, hence there's no point in adding another limit. Relaxing thhe rules here as the advantage that we can later allow "homectl resize lennart 0" as a generic way to minimize disk space.
* shared: split out UID allocation range stuff from user-record.hLennart Poettering2021-11-131-120/+1
| | | | | | | | user-record.[ch] are about the UserRecord JSON stuff, and the UID allocation range stuff (i.e. login.defs handling) is a very different thing, and complex enough on its own, let's give it its own c/h files. No code changes, just some splitting out of code.
* Merge pull request #21333 from poettering/homed-report-fs-and-access-modeLennart Poettering2021-11-131-15/+17
|\ | | | | homed: report actual home dir access mode and fs type in effect
| * homed: include actual fs type + access mode as part of "status" section of ↵Lennart Poettering2021-11-121-15/+17
| | | | | | | | | | | | | | | | | | | | | | user record So far we have two properties for the intended fstype + access mode of home dirs, but they might differ from what is actually used (because the user record changed from the home dir, after it was created, or vice versa). Let's hence add these props also to the "status" section of user record, which report the status quo. That way we can always show the correct, current settings.
* | homework: also add a way to configure additional mount options via a JSON ↵Lennart Poettering2021-11-121-0/+3
|/ | | | | | user record field Fixes: #15120
* homework: allow specifying explicit additional mount options when using CIFS ↵Lennart Poettering2021-10-271-0/+3
| | | | | | | | backend This is useful since certain shares can only be mounted with additional mount flags. For example the SMB share in modern AVM Fritz!Boxes requires "noserverino" to be set to work from Linux.
* homed: allow overriding the root directory for home dirs via env var (i.e. ↵Lennart Poettering2021-10-111-3/+3
| | | | | | | | | | | | | | | | | | | use a different path than /home/) This is a debugging feature. It's sometimes incredibly useful to be able to run a second instance of homed that operates on another dir than /home/. Specifically, if you build homed from the source tree you can now run an instance of it pretty reasonably directly from the build tree via: sudo SYSTEMD_HOME_DEBUG_SUFFIX=foo SYSTEMD_HOMEWORK_PATH=$(pwd)/build/systemd-homework SYSTEMD_HOME_ROOT=/home/foo ./build/systemd-homed And then talk to it via sudo SYSTEMD_HOME_DEBUG_SUFFIX=foo homectl … (you might need to tweak your dbus policy for this to work fully though)
* homed: optionally, drop caches on logoutLennart Poettering2021-10-111-1/+14
| | | | Fixes: #20857
* user-record: disable two pbkdf fields that don't apply for pkbdf2Lennart Poettering2021-10-061-4/+5
| | | | Fixes: #20830
* basic: move chase_symlinks_and_fopen_unlocked() → chase-symlinks.[ch]Lennart Poettering2021-10-051-1/+1
|
* basic: spit out chase_symlinks() from fs-util.[ch] → chase-symlinks.[ch]Lennart Poettering2021-10-051-0/+1
|
* user-record: switch the default LUKS PBKDF to argon2id to match cryptsetupnl67202021-09-241-1/+1
| | | | | cryptsetup 2.4.0 changed the default LUKS2 PBKDF to argon2id. See https://gitlab.com/cryptsetup/cryptsetup/-/commit/db775417909db0f0b07168d07fdf8813e3ca94fe.
* tree-wide: port everything over to new sd-id128 compund literal blissLennart Poettering2021-08-201-4/+2
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-29 16:44:51 +0100