[thirdparty/systemd.git] / src / home / homework-cifs.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include "dirent-util.h"
#include "fd-util.h"
#include "fileio.h"
#include "format-util.h"
#include "fs-util.h"
#include "homework-cifs.h"
#include "homework-mount.h"
#include "mount-util.h"
#include "process-util.h"
#include "strv.h"
#include "tmpfile-util.h"

int home_setup_cifs(
                UserRecord *h,
                bool already_activated,
                HomeSetup *setup) {

        assert(h);
        assert(setup);
        assert(user_record_storage(h) == USER_CIFS);

        if (already_activated)
                setup->root_fd = open(user_record_home_directory(h), O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW);
        else {
                bool mounted = false;
                char **pw;
                int r;

                r = home_unshare_and_mount(NULL, NULL, false, user_record_mount_flags(h));
                if (r < 0)
                        return r;

                STRV_FOREACH(pw, h->password) {
                        _cleanup_(unlink_and_freep) char *p = NULL;
                        _cleanup_free_ char *options = NULL;
                        _cleanup_(fclosep) FILE *f = NULL;
                        pid_t mount_pid;
                        int exit_status;

                        r = fopen_temporary(NULL, &f, &p);
                        if (r < 0)
                                return log_error_errno(r, "Failed to create temporary credentials file: %m");

                        fprintf(f,
                                "username=%s\n"
                                "password=%s\n",
                                user_record_cifs_user_name(h),
                                *pw);

                        if (h->cifs_domain)
                                fprintf(f, "domain=%s\n", h->cifs_domain);

                        r = fflush_and_check(f);
                        if (r < 0)
                                return log_error_errno(r, "Failed to write temporary credentials file: %m");

                        f = safe_fclose(f);

                        if (asprintf(&options, "credentials=%s,uid=" UID_FMT ",forceuid,gid=" GID_FMT ",forcegid,file_mode=0%3o,dir_mode=0%3o",
                                     p, h->uid, user_record_gid(h), user_record_access_mode(h), user_record_access_mode(h)) < 0)
                                return log_oom();

                        r = safe_fork("(mount)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_STDOUT_TO_STDERR, &mount_pid);
                        if (r < 0)
                                return r;
                        if (r == 0) {
                                /* Child */
                                execl("/bin/mount", "/bin/mount", "-n", "-t", "cifs",
                                      h->cifs_service, "/run/systemd/user-home-mount",
                                      "-o", options, NULL);

                                log_error_errno(errno, "Failed to execute mount: %m");
                                _exit(EXIT_FAILURE);
                        }

                        exit_status = wait_for_terminate_and_check("mount", mount_pid, WAIT_LOG_ABNORMAL|WAIT_LOG_NON_ZERO_EXIT_STATUS);
                        if (exit_status < 0)
                                return exit_status;
                        if (exit_status != EXIT_SUCCESS)
                                return -EPROTO;

                        mounted = true;
                        break;
                }

                if (!mounted)
                        return log_error_errno(SYNTHETIC_ERRNO(ENOKEY),
                                               "Failed to mount home directory with supplied password.");

                setup->root_fd = open("/run/systemd/user-home-mount", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW);
        }
        if (setup->root_fd < 0)
                return log_error_errno(errno, "Failed to open home directory: %m");

        return 0;
}

int home_activate_cifs(
                UserRecord *h,
                PasswordCache *cache,
                UserRecord **ret_home) {

        _cleanup_(home_setup_done) HomeSetup setup = HOME_SETUP_INIT;
        _cleanup_(user_record_unrefp) UserRecord *new_home = NULL;
        const char *hdo, *hd;
        int r;

        assert(h);
        assert(user_record_storage(h) == USER_CIFS);
        assert(ret_home);

        if (!h->cifs_service)
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "User record lacks CIFS service, refusing.");

        assert_se(hdo = user_record_home_directory(h));
        hd = strdupa_safe(hdo); /* copy the string out, since it might change later in the home record object */

        r = home_setup_cifs(h, false, &setup);
        if (r < 0)
                return r;

        r = home_refresh(h, &setup, NULL, cache, NULL, &new_home);
        if (r < 0)
                return r;

        setup.root_fd = safe_close(setup.root_fd);

        r = home_move_mount(NULL, hd);
        if (r < 0)
                return r;

        setup.undo_mount = false;

        log_info("Everything completed.");

        *ret_home = TAKE_PTR(new_home);
        return 1;
}

int home_create_cifs(UserRecord *h, UserRecord **ret_home) {
        _cleanup_(home_setup_done) HomeSetup setup = HOME_SETUP_INIT;
        _cleanup_(user_record_unrefp) UserRecord *new_home = NULL;
        _cleanup_(closedirp) DIR *d = NULL;
        _cleanup_close_ int copy = -1;
        int r;

        assert(h);
        assert(user_record_storage(h) == USER_CIFS);
        assert(ret_home);

        if (!h->cifs_service)
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "User record lacks CIFS service, refusing.");

        if (access("/sbin/mount.cifs", F_OK) < 0) {
                if (errno == ENOENT)
                        return log_error_errno(SYNTHETIC_ERRNO(ENOLINK), "/sbin/mount.cifs is missing.");

                return log_error_errno(errno, "Unable to detect whether /sbin/mount.cifs exists: %m");
        }

        r = home_setup_cifs(h, false, &setup);
        if (r < 0)
                return r;

        copy = fcntl(setup.root_fd, F_DUPFD_CLOEXEC, 3);
        if (copy < 0)
                return -errno;

        d = take_fdopendir(&copy);
        if (!d)
                return -errno;

        errno = 0;
        if (readdir_no_dot(d))
                return log_error_errno(SYNTHETIC_ERRNO(ENOTEMPTY), "Selected CIFS directory not empty, refusing.");
        if (errno != 0)
                return log_error_errno(errno, "Failed to detect if CIFS directory is empty: %m");

        r = home_populate(h, setup.root_fd);
        if (r < 0)
                return r;

        r = home_sync_and_statfs(setup.root_fd, NULL);
        if (r < 0)
                return r;

        r = user_record_clone(h, USER_RECORD_LOAD_MASK_SECRET|USER_RECORD_PERMISSIVE, &new_home);
        if (r < 0)
                return log_error_errno(r, "Failed to clone record: %m");

        r = user_record_add_binding(
                        new_home,
                        USER_CIFS,
                        NULL,
                        SD_ID128_NULL,
                        SD_ID128_NULL,
                        SD_ID128_NULL,
                        NULL,
                        NULL,
                        UINT64_MAX,
                        NULL,
                        NULL,
                        h->uid,
                        (gid_t) h->uid);
        if (r < 0)
                return log_error_errno(r, "Failed to add binding to record: %m");

        log_info("Everything completed.");

        *ret_home = TAKE_PTR(new_home);
        return 0;
}
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
70a5db58 LP	2
	3	#include "dirent-util.h"
	4	#include "fd-util.h"
	5	#include "fileio.h"
	6	#include "format-util.h"
	7	#include "fs-util.h"
	8	#include "homework-cifs.h"
	9	#include "homework-mount.h"
	10	#include "mount-util.h"
	11	#include "process-util.h"
	12	#include "strv.h"
	13	#include "tmpfile-util.h"
	14
aa0a6214	15	int home_setup_cifs(
70a5db58 LP	16	UserRecord *h,
	17	bool already_activated,
	18	HomeSetup *setup) {
	19
70a5db58 LP	20	assert(h);
	21	assert(setup);
	22	assert(user_record_storage(h) == USER_CIFS);
	23
	24	if (already_activated)
	25	setup->root_fd = open(user_record_home_directory(h), O_RDONLY\|O_CLOEXEC\|O_DIRECTORY\|O_NOFOLLOW);
	26	else {
	27	bool mounted = false;
00c7b071 YW	28	char **pw;
00c7b071 YW	29	int r;
70a5db58	30
6a220cdb	31	r = home_unshare_and_mount(NULL, NULL, false, user_record_mount_flags(h));
70a5db58 LP	32	if (r < 0)
	33	return r;
	34
	35	STRV_FOREACH(pw, h->password) {
	36	_cleanup_(unlink_and_freep) char *p = NULL;
	37	_cleanup_free_ char *options = NULL;
	38	_cleanup_(fclosep) FILE *f = NULL;
	39	pid_t mount_pid;
	40	int exit_status;
	41
	42	r = fopen_temporary(NULL, &f, &p);
	43	if (r < 0)
	44	return log_error_errno(r, "Failed to create temporary credentials file: %m");
	45
	46	fprintf(f,
	47	"username=%s\n"
	48	"password=%s\n",
	49	user_record_cifs_user_name(h),
	50	*pw);
	51
	52	if (h->cifs_domain)
	53	fprintf(f, "domain=%s\n", h->cifs_domain);
	54
	55	r = fflush_and_check(f);
	56	if (r < 0)
	57	return log_error_errno(r, "Failed to write temporary credentials file: %m");
	58
	59	f = safe_fclose(f);
	60
279e060e LP	61	if (asprintf(&options, "credentials=%s,uid=" UID_FMT ",forceuid,gid=" GID_FMT ",forcegid,file_mode=0%3o,dir_mode=0%3o",
279e060e LP	62	p, h->uid, user_record_gid(h), user_record_access_mode(h), user_record_access_mode(h)) < 0)
70a5db58 LP	63	return log_oom();
	64
	65	r = safe_fork("(mount)", FORK_RESET_SIGNALS\|FORK_RLIMIT_NOFILE_SAFE\|FORK_DEATHSIG\|FORK_LOG\|FORK_STDOUT_TO_STDERR, &mount_pid);
	66	if (r < 0)
	67	return r;
	68	if (r == 0) {
	69	/* Child */
	70	execl("/bin/mount", "/bin/mount", "-n", "-t", "cifs",
	71	h->cifs_service, "/run/systemd/user-home-mount",
	72	"-o", options, NULL);
	73
e070b9ea	74	log_error_errno(errno, "Failed to execute mount: %m");
70a5db58 LP	75	_exit(EXIT_FAILURE);
	76	}
	77
	78	exit_status = wait_for_terminate_and_check("mount", mount_pid, WAIT_LOG_ABNORMAL\|WAIT_LOG_NON_ZERO_EXIT_STATUS);
	79	if (exit_status < 0)
	80	return exit_status;
	81	if (exit_status != EXIT_SUCCESS)
	82	return -EPROTO;
	83
	84	mounted = true;
	85	break;
	86	}
	87
	88	if (!mounted)
9191142d LP	89	return log_error_errno(SYNTHETIC_ERRNO(ENOKEY),
9191142d LP	90	"Failed to mount home directory with supplied password.");
70a5db58 LP	91
	92	setup->root_fd = open("/run/systemd/user-home-mount", O_RDONLY\|O_CLOEXEC\|O_DIRECTORY\|O_NOFOLLOW);
	93	}
	94	if (setup->root_fd < 0)
00c7b071	95	return log_error_errno(errno, "Failed to open home directory: %m");
70a5db58 LP	96
	97	return 0;
	98	}
	99
	100	int home_activate_cifs(
	101	UserRecord *h,
7b78db28	102	PasswordCache *cache,
70a5db58 LP	103	UserRecord **ret_home) {
70a5db58 LP	104
66aa51f8	105	_cleanup_(home_setup_done) HomeSetup setup = HOME_SETUP_INIT;
70a5db58 LP	106	_cleanup_(user_record_unrefp) UserRecord *new_home = NULL;
	107	const char hdo, hd;
	108	int r;
	109
	110	assert(h);
	111	assert(user_record_storage(h) == USER_CIFS);
	112	assert(ret_home);
	113
	114	if (!h->cifs_service)
	115	return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "User record lacks CIFS service, refusing.");
	116
	117	assert_se(hdo = user_record_home_directory(h));
2f82562b	118	hd = strdupa_safe(hdo); /* copy the string out, since it might change later in the home record object */
70a5db58	119
aa0a6214	120	r = home_setup_cifs(h, false, &setup);
70a5db58 LP	121	if (r < 0)
	122	return r;
	123
7b78db28	124	r = home_refresh(h, &setup, NULL, cache, NULL, &new_home);
70a5db58 LP	125	if (r < 0)
	126	return r;
	127
	128	setup.root_fd = safe_close(setup.root_fd);
	129
	130	r = home_move_mount(NULL, hd);
	131	if (r < 0)
	132	return r;
	133
	134	setup.undo_mount = false;
	135
	136	log_info("Everything completed.");
	137
	138	*ret_home = TAKE_PTR(new_home);
	139	return 1;
	140	}
	141
	142	int home_create_cifs(UserRecord h, UserRecord *ret_home) {
66aa51f8	143	_cleanup_(home_setup_done) HomeSetup setup = HOME_SETUP_INIT;
70a5db58 LP	144	_cleanup_(user_record_unrefp) UserRecord *new_home = NULL;
70a5db58 LP	145	_cleanup_(closedirp) DIR *d = NULL;
8e06af80 VC	146	_cleanup_close_ int copy = -1;
8e06af80 VC	147	int r;
70a5db58 LP	148
	149	assert(h);
	150	assert(user_record_storage(h) == USER_CIFS);
	151	assert(ret_home);
	152
	153	if (!h->cifs_service)
	154	return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "User record lacks CIFS service, refusing.");
	155
	156	if (access("/sbin/mount.cifs", F_OK) < 0) {
	157	if (errno == ENOENT)
	158	return log_error_errno(SYNTHETIC_ERRNO(ENOLINK), "/sbin/mount.cifs is missing.");
	159
	160	return log_error_errno(errno, "Unable to detect whether /sbin/mount.cifs exists: %m");
	161	}
	162
aa0a6214	163	r = home_setup_cifs(h, false, &setup);
70a5db58 LP	164	if (r < 0)
	165	return r;
	166
	167	copy = fcntl(setup.root_fd, F_DUPFD_CLOEXEC, 3);
	168	if (copy < 0)
	169	return -errno;
	170
8e06af80 VC	171	d = take_fdopendir(&copy);
8e06af80 VC	172	if (!d)
70a5db58	173	return -errno;
70a5db58 LP	174
	175	errno = 0;
	176	if (readdir_no_dot(d))
	177	return log_error_errno(SYNTHETIC_ERRNO(ENOTEMPTY), "Selected CIFS directory not empty, refusing.");
	178	if (errno != 0)
	179	return log_error_errno(errno, "Failed to detect if CIFS directory is empty: %m");
	180
	181	r = home_populate(h, setup.root_fd);
	182	if (r < 0)
	183	return r;
	184
	185	r = home_sync_and_statfs(setup.root_fd, NULL);
	186	if (r < 0)
	187	return r;
	188
bfc0cc1a	189	r = user_record_clone(h, USER_RECORD_LOAD_MASK_SECRET\|USER_RECORD_PERMISSIVE, &new_home);
70a5db58 LP	190	if (r < 0)
	191	return log_error_errno(r, "Failed to clone record: %m");
	192
	193	r = user_record_add_binding(
	194	new_home,
	195	USER_CIFS,
	196	NULL,
	197	SD_ID128_NULL,
	198	SD_ID128_NULL,
	199	SD_ID128_NULL,
	200	NULL,
	201	NULL,
	202	UINT64_MAX,
	203	NULL,
	204	NULL,
	205	h->uid,
	206	(gid_t) h->uid);
	207	if (r < 0)
	208	return log_error_errno(r, "Failed to add binding to record: %m");
	209
	210	log_info("Everything completed.");
	211
	212	*ret_home = TAKE_PTR(new_home);
	213	return 0;
	214	}