From cbffdcecaecd61ec73813d536e1cce406b552e1e Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 20 May 2020 17:02:12 +0200
Subject: [PATCH] homed: return a better error when a home has no
 authentication information defined

We can't log into home entries that have no password or PKCS#11 token.
Return a proper, useful error in that case.

See: #15178
---
 src/home/homed-home.c                     | 2 ++
 src/home/homework.c                       | 1 +
 src/libsystemd/sd-bus/bus-common-errors.c | 1 +
 src/libsystemd/sd-bus/bus-common-errors.h | 1 +
 4 files changed, 5 insertions(+)

diff --git a/src/home/homed-home.c b/src/home/homed-home.c
index be1a710ccc..cf11c05d60 100644
--- a/src/home/homed-home.c
+++ b/src/home/homed-home.c
@@ -471,6 +471,8 @@ static int convert_worker_errno(Home *h, int e, sd_bus_error *error) {
                 return sd_bus_error_setf(error, BUS_ERROR_HOME_NOT_ACTIVE, "Home %s is currently not active", h->user_name);
         case -ENOSPC:
                 return sd_bus_error_setf(error, BUS_ERROR_NO_DISK_SPACE, "Not enough disk space for home %s", h->user_name);
+        case -EKEYREVOKED:
+                return sd_bus_error_setf(error, BUS_ERROR_HOME_CANT_AUTHENTICATE, "Home %s has no password or other authentication mechanism defined.", h->user_name);
         }
 
         return 0;
diff --git a/src/home/homework.c b/src/home/homework.c
index 76fd79fc2a..2c10997b6b 100644
--- a/src/home/homework.c
+++ b/src/home/homework.c
@@ -1489,6 +1489,7 @@ static int run(int argc, char *argv[]) {
          * EBUSY           â file system is currently active
          * ENOEXEC         â file system is currently not active
          * ENOSPC          â not enough disk space for operation
+         * EKEYREVOKED     â user record has not suitable hashed password or pkcs#11 entry, we cannot authenticate
          */
 
         if (streq(argv[1], "activate"))
diff --git a/src/libsystemd/sd-bus/bus-common-errors.c b/src/libsystemd/sd-bus/bus-common-errors.c
index 174f1228af..28f98cebce 100644
--- a/src/libsystemd/sd-bus/bus-common-errors.c
+++ b/src/libsystemd/sd-bus/bus-common-errors.c
@@ -134,6 +134,7 @@ BUS_ERROR_MAP_ELF_REGISTER const sd_bus_error_map bus_common_errors[] = {
         SD_BUS_ERROR_MAP(BUS_ERROR_HOME_NOT_LOCKED,              ENOEXEC),
         SD_BUS_ERROR_MAP(BUS_ERROR_TOO_MANY_OPERATIONS,          ENOBUFS),
         SD_BUS_ERROR_MAP(BUS_ERROR_AUTHENTICATION_LIMIT_HIT,     ETOOMANYREFS),
+        SD_BUS_ERROR_MAP(BUS_ERROR_HOME_CANT_AUTHENTICATE,       EKEYREVOKED),
 
         SD_BUS_ERROR_MAP_END
 };
diff --git a/src/libsystemd/sd-bus/bus-common-errors.h b/src/libsystemd/sd-bus/bus-common-errors.h
index dc58f88bbd..68ecbd65dd 100644
--- a/src/libsystemd/sd-bus/bus-common-errors.h
+++ b/src/libsystemd/sd-bus/bus-common-errors.h
@@ -115,5 +115,6 @@
 #define BUS_ERROR_NO_DISK_SPACE "org.freedesktop.home1.NoDiskSpace"
 #define BUS_ERROR_TOO_MANY_OPERATIONS "org.freedesktop.home1.TooManyOperations"
 #define BUS_ERROR_AUTHENTICATION_LIMIT_HIT "org.freedesktop.home1.AuthenticationLimitHit"
+#define BUS_ERROR_HOME_CANT_AUTHENTICATE "org.freedesktop.home1.HomeCantAuthenticate"
 
 BUS_ERROR_MAP_ELF_USE(bus_common_errors);
-- 
2.25.1