/* SPDX-License-Identifier: LGPL-2.1-or-later */ #include "dns-domain.h" #include "home-util.h" #include "libcrypt-util.h" #include "memory-util.h" #include "path-util.h" #include "string-util.h" #include "strv.h" #include "user-util.h" bool suitable_user_name(const char *name) { /* Checks whether the specified name is suitable for management via homed. Note that client-side * we usually validate with the simple valid_user_group_name(), while server-side we are a bit more * restrictive, so that we can change the rules server-side without having to update things * client-side too. */ if (!valid_user_group_name(name, 0)) return false; /* We generally rely on NSS to tell us which users not to care for, but let's filter out some * particularly well-known users. */ if (STR_IN_SET(name, "root", "nobody", NOBODY_USER_NAME, NOBODY_GROUP_NAME)) return false; /* Let's also defend our own namespace, as well as Debian's (unwritten?) logic of prefixing system * users with underscores. */ if (STARTSWITH_SET(name, "systemd-", "_")) return false; return true; } int suitable_realm(const char *realm) { _cleanup_free_ char *normalized = NULL; int r; /* Similar to the above: let's validate the realm a bit stricter server-side than client side */ r = dns_name_normalize(realm, 0, &normalized); /* this also checks general validity */ if (r == -EINVAL) return 0; if (r < 0) return r; if (!streq(realm, normalized)) /* is this normalized? */ return false; if (dns_name_is_root(realm)) /* Don't allow top level domain */ return false; return true; } int suitable_image_path(const char *path) { return !empty_or_root(path) && path_is_valid(path) && path_is_absolute(path); } bool supported_fstype(const char *fstype) { /* Limit the set of supported file systems a bit, as protection against little tested kernel file * systems. Also, we only support the resize ioctls for these file systems. */ return STR_IN_SET(fstype, "ext4", "btrfs", "xfs"); } int split_user_name_realm(const char *t, char **ret_user_name, char **ret_realm) { _cleanup_free_ char *user_name = NULL, *realm = NULL; const char *c; int r; assert(t); assert(ret_user_name); assert(ret_realm); c = strchr(t, '@'); if (!c) { user_name = strdup(t); if (!user_name) return -ENOMEM; } else { user_name = strndup(t, c - t); if (!user_name) return -ENOMEM; realm = strdup(c + 1); if (!realm) return -ENOMEM; } if (!suitable_user_name(user_name)) return -EINVAL; if (realm) { r = suitable_realm(realm); if (r < 0) return r; if (r == 0) return -EINVAL; } *ret_user_name = TAKE_PTR(user_name); *ret_realm = TAKE_PTR(realm); return 0; } int bus_message_append_secret(sd_bus_message *m, UserRecord *secret) { _cleanup_(erase_and_freep) char *formatted = NULL; JsonVariant *v; int r; assert(m); assert(secret); if (!FLAGS_SET(secret->mask, USER_RECORD_SECRET)) return sd_bus_message_append(m, "s", "{}"); v = json_variant_by_key(secret->json, "secret"); if (!v) return -EINVAL; r = json_variant_format(v, 0, &formatted); if (r < 0) return r; (void) sd_bus_message_sensitive(m); return sd_bus_message_append(m, "s", formatted); } const char *home_record_dir(void) { return secure_getenv("SYSTEMD_HOME_RECORD_DIR") ?: "/var/lib/systemd/home/"; }