summaryrefslogtreecommitdiff
path: root/src/shared/user-record.h
Commit message (Collapse)AuthorAgeFilesLines
* homectl: store FIDO2 up/uv/clientPin fields in user records tooLennart Poettering2021-06-011-0/+4
| | | | | | | | | | | | This catches up homed's FIDO2 support with cryptsetup's: we'll now store the uv/up/clientPin configuration at enrollment in the user record JSON data, and use it when authenticating with it. This also adds explicit "uv" support: we'll only allow it to happen when the client explicity said it's OK. This is then used by clients to print a nice message suggesting "uv" has to take place before retrying allowing it this time. This is modelled after the existing handling for "up".
* user-record: optionally, allow parsing empty user record JSON objectsLennart Poettering2021-05-191-0/+3
|
* tree-wide: use -EINVAL for enum invalid valuesZbigniew Jędrzejewski-Szmek2021-02-101-2/+2
| | | | | | | | | As suggested in https://github.com/systemd/systemd/pull/11484#issuecomment-775288617. This does not touch anything exposed in src/systemd. Changing the defines there would be a compatibility break. Note that tests are broken after this commit. They will be fixed in the next one.
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* sysusers: look at login.defs when setting the default range to allocate usersZbigniew Jędrzejewski-Szmek2020-10-011-0/+1
| | | | | | | | | | | | | Also, even if login.defs are not present, don't start allocating at 1, but at SYSTEM_UID_MIN. Fixes #9769. The test is adjusted. Actually, it was busted before, because sysusers would never use SYSTEM_GID_MIN, so if SYSTEM_GID_MIN was different than SYSTEM_UID_MIN, the tests would fail. On all "normal" systems the two are equal, so we didn't notice. Since sysusers now always uses the minimum of the two, we only need to substitute one value.
* Also parse the minimum uid/gid valuesZbigniew Jędrzejewski-Szmek2020-10-011-0/+2
| | | | | | | We don't (and shouldn't I think) look at them when determining the type of the user, but they should be used during user/group allocation. (For example, an admin may specify SYS_UID_MIN==200 to allow statically numbered users that are shared with other systems in the range 1–199.)
* Look at /etc/login.defs for the system_max_[ug]id valuesZbigniew Jędrzejewski-Szmek2020-10-011-7/+9
| | | | | | | | | | | | | | | It makes little sense to make the boundary between systemd and user guids configurable. Nevertheless, a completely fixed compile-time define is not enough in two scenarios: - the systemd_uid_max boundary has moved over time. The default used to be 500 for a long time. Systems which are upgraded over time might have users in the wrong range, but changing existing systems is complicated and expensive (offline disks, backups, remote systems, read-only media, etc.) - systems are used in a heterogenous enviornment, where some vendors pick one value and others another. So let's make this boundary overridable using /etc/login.defs. Fixes #3855, #10184.
* Move {uid,gid}_is_*() from basic to sharedZbigniew Jędrzejewski-Szmek2020-09-251-0/+24
| | | | | Those are functions that express policy, and nothing in basic/ uses (or should use) them.
* tree-wide: fix typos found by codespellFrantisek Sumsal2020-09-141-1/+1
| | | | Reported by Fossies.org
* user-record: add recovery key fields to user recordLennart Poettering2020-08-251-0/+12
|
* userdb: add "description" field to group recordsLennart Poettering2020-08-071-0/+1
| | | | | | | | | User records have the realname/gecos fields, groups never had that, but it would really be useful to have it, hence let's add it with similar semantics. We enforce the same syntax as for GECOS, since it's better to start with strict rules and losen them later instead of the opposite.
* Fix two typos found by codespellZbigniew Jędrzejewski-Szmek2020-07-061-1/+1
|
* homed: add support for authenticating with fido2 hmac-secret tokensLennart Poettering2020-07-011-0/+1
|
* user-record: add fields for FIDO2 HMAC authentication optionsLennart Poettering2020-07-011-0/+22
|
* user-record: rename JSON field "pkcs11Pin" to "tokenPin"Lennart Poettering2020-07-011-1/+1
| | | | | | | We'd like to use it for FIDO2 tokens too, and the concept is entirely generic, hence let's just reuse the field, but rename it. Read the old name for compatibility, and treat the old name and the new name as identical for most purposes.
* user-record: split out code that generates automatic image path for recordsLennart Poettering2020-05-071-0/+2
| | | | | No change of behaviour, just some refactoring, so that we can use this new helper function elswhere, too.
* user-record: add new field for requesting LUKS discard on logoutLennart Poettering2020-05-071-0/+2
| | | | | | | | | | | | | | | | | | | | | | We make this entirely independent of the regular discard field, i.e. the one that controls discard behaviour when the home directory is online. Not all combinations make a ridiculous amount of sense, but most do. Specifically: online-discard = yes, offline-discard = yes → Discard when activating explicitly, and during runtime using the "discard" mount option, and discard explicitly when logging out again. online-discard = no, offline-discard = yes → The new default: when logging in allocate the full backing store, and use no discard while active. When loging out discard everything. This provides nice behaviour: we take minimal storage when offline but provide allocation guarantees while online. online-discard = no, offline-discard = no → Never, ever discard, always operate with fully allocated backing store. The extra safe mode.
* shared: add generic user/group record structures and JSON parsersLennart Poettering2020-01-151-0/+375
View Lorry Controller Status