]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
70a5db58 LP |
2 | |
3 | #include "dirent-util.h" | |
4 | #include "fd-util.h" | |
5 | #include "fileio.h" | |
6 | #include "format-util.h" | |
7 | #include "fs-util.h" | |
8 | #include "homework-cifs.h" | |
9 | #include "homework-mount.h" | |
10 | #include "mount-util.h" | |
11 | #include "process-util.h" | |
12 | #include "strv.h" | |
13 | #include "tmpfile-util.h" | |
14 | ||
aa0a6214 | 15 | int home_setup_cifs( |
70a5db58 LP |
16 | UserRecord *h, |
17 | bool already_activated, | |
18 | HomeSetup *setup) { | |
19 | ||
70a5db58 LP |
20 | assert(h); |
21 | assert(setup); | |
22 | assert(user_record_storage(h) == USER_CIFS); | |
23 | ||
24 | if (already_activated) | |
25 | setup->root_fd = open(user_record_home_directory(h), O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW); | |
26 | else { | |
27 | bool mounted = false; | |
00c7b071 YW |
28 | char **pw; |
29 | int r; | |
70a5db58 | 30 | |
6a220cdb | 31 | r = home_unshare_and_mount(NULL, NULL, false, user_record_mount_flags(h)); |
70a5db58 LP |
32 | if (r < 0) |
33 | return r; | |
34 | ||
35 | STRV_FOREACH(pw, h->password) { | |
36 | _cleanup_(unlink_and_freep) char *p = NULL; | |
37 | _cleanup_free_ char *options = NULL; | |
38 | _cleanup_(fclosep) FILE *f = NULL; | |
39 | pid_t mount_pid; | |
40 | int exit_status; | |
41 | ||
42 | r = fopen_temporary(NULL, &f, &p); | |
43 | if (r < 0) | |
44 | return log_error_errno(r, "Failed to create temporary credentials file: %m"); | |
45 | ||
46 | fprintf(f, | |
47 | "username=%s\n" | |
48 | "password=%s\n", | |
49 | user_record_cifs_user_name(h), | |
50 | *pw); | |
51 | ||
52 | if (h->cifs_domain) | |
53 | fprintf(f, "domain=%s\n", h->cifs_domain); | |
54 | ||
55 | r = fflush_and_check(f); | |
56 | if (r < 0) | |
57 | return log_error_errno(r, "Failed to write temporary credentials file: %m"); | |
58 | ||
59 | f = safe_fclose(f); | |
60 | ||
279e060e LP |
61 | if (asprintf(&options, "credentials=%s,uid=" UID_FMT ",forceuid,gid=" GID_FMT ",forcegid,file_mode=0%3o,dir_mode=0%3o", |
62 | p, h->uid, user_record_gid(h), user_record_access_mode(h), user_record_access_mode(h)) < 0) | |
70a5db58 LP |
63 | return log_oom(); |
64 | ||
65 | r = safe_fork("(mount)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_STDOUT_TO_STDERR, &mount_pid); | |
66 | if (r < 0) | |
67 | return r; | |
68 | if (r == 0) { | |
69 | /* Child */ | |
70 | execl("/bin/mount", "/bin/mount", "-n", "-t", "cifs", | |
71 | h->cifs_service, "/run/systemd/user-home-mount", | |
72 | "-o", options, NULL); | |
73 | ||
e070b9ea | 74 | log_error_errno(errno, "Failed to execute mount: %m"); |
70a5db58 LP |
75 | _exit(EXIT_FAILURE); |
76 | } | |
77 | ||
78 | exit_status = wait_for_terminate_and_check("mount", mount_pid, WAIT_LOG_ABNORMAL|WAIT_LOG_NON_ZERO_EXIT_STATUS); | |
79 | if (exit_status < 0) | |
80 | return exit_status; | |
81 | if (exit_status != EXIT_SUCCESS) | |
82 | return -EPROTO; | |
83 | ||
84 | mounted = true; | |
85 | break; | |
86 | } | |
87 | ||
88 | if (!mounted) | |
9191142d LP |
89 | return log_error_errno(SYNTHETIC_ERRNO(ENOKEY), |
90 | "Failed to mount home directory with supplied password."); | |
70a5db58 LP |
91 | |
92 | setup->root_fd = open("/run/systemd/user-home-mount", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW); | |
93 | } | |
94 | if (setup->root_fd < 0) | |
00c7b071 | 95 | return log_error_errno(errno, "Failed to open home directory: %m"); |
70a5db58 LP |
96 | |
97 | return 0; | |
98 | } | |
99 | ||
100 | int home_activate_cifs( | |
101 | UserRecord *h, | |
7b78db28 | 102 | PasswordCache *cache, |
70a5db58 LP |
103 | UserRecord **ret_home) { |
104 | ||
66aa51f8 | 105 | _cleanup_(home_setup_done) HomeSetup setup = HOME_SETUP_INIT; |
70a5db58 LP |
106 | _cleanup_(user_record_unrefp) UserRecord *new_home = NULL; |
107 | const char *hdo, *hd; | |
108 | int r; | |
109 | ||
110 | assert(h); | |
111 | assert(user_record_storage(h) == USER_CIFS); | |
112 | assert(ret_home); | |
113 | ||
114 | if (!h->cifs_service) | |
115 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "User record lacks CIFS service, refusing."); | |
116 | ||
117 | assert_se(hdo = user_record_home_directory(h)); | |
2f82562b | 118 | hd = strdupa_safe(hdo); /* copy the string out, since it might change later in the home record object */ |
70a5db58 | 119 | |
aa0a6214 | 120 | r = home_setup_cifs(h, false, &setup); |
70a5db58 LP |
121 | if (r < 0) |
122 | return r; | |
123 | ||
7b78db28 | 124 | r = home_refresh(h, &setup, NULL, cache, NULL, &new_home); |
70a5db58 LP |
125 | if (r < 0) |
126 | return r; | |
127 | ||
128 | setup.root_fd = safe_close(setup.root_fd); | |
129 | ||
130 | r = home_move_mount(NULL, hd); | |
131 | if (r < 0) | |
132 | return r; | |
133 | ||
134 | setup.undo_mount = false; | |
135 | ||
136 | log_info("Everything completed."); | |
137 | ||
138 | *ret_home = TAKE_PTR(new_home); | |
139 | return 1; | |
140 | } | |
141 | ||
142 | int home_create_cifs(UserRecord *h, UserRecord **ret_home) { | |
66aa51f8 | 143 | _cleanup_(home_setup_done) HomeSetup setup = HOME_SETUP_INIT; |
70a5db58 LP |
144 | _cleanup_(user_record_unrefp) UserRecord *new_home = NULL; |
145 | _cleanup_(closedirp) DIR *d = NULL; | |
8e06af80 VC |
146 | _cleanup_close_ int copy = -1; |
147 | int r; | |
70a5db58 LP |
148 | |
149 | assert(h); | |
150 | assert(user_record_storage(h) == USER_CIFS); | |
151 | assert(ret_home); | |
152 | ||
153 | if (!h->cifs_service) | |
154 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "User record lacks CIFS service, refusing."); | |
155 | ||
156 | if (access("/sbin/mount.cifs", F_OK) < 0) { | |
157 | if (errno == ENOENT) | |
158 | return log_error_errno(SYNTHETIC_ERRNO(ENOLINK), "/sbin/mount.cifs is missing."); | |
159 | ||
160 | return log_error_errno(errno, "Unable to detect whether /sbin/mount.cifs exists: %m"); | |
161 | } | |
162 | ||
aa0a6214 | 163 | r = home_setup_cifs(h, false, &setup); |
70a5db58 LP |
164 | if (r < 0) |
165 | return r; | |
166 | ||
167 | copy = fcntl(setup.root_fd, F_DUPFD_CLOEXEC, 3); | |
168 | if (copy < 0) | |
169 | return -errno; | |
170 | ||
8e06af80 VC |
171 | d = take_fdopendir(©); |
172 | if (!d) | |
70a5db58 | 173 | return -errno; |
70a5db58 LP |
174 | |
175 | errno = 0; | |
176 | if (readdir_no_dot(d)) | |
177 | return log_error_errno(SYNTHETIC_ERRNO(ENOTEMPTY), "Selected CIFS directory not empty, refusing."); | |
178 | if (errno != 0) | |
179 | return log_error_errno(errno, "Failed to detect if CIFS directory is empty: %m"); | |
180 | ||
181 | r = home_populate(h, setup.root_fd); | |
182 | if (r < 0) | |
183 | return r; | |
184 | ||
185 | r = home_sync_and_statfs(setup.root_fd, NULL); | |
186 | if (r < 0) | |
187 | return r; | |
188 | ||
bfc0cc1a | 189 | r = user_record_clone(h, USER_RECORD_LOAD_MASK_SECRET|USER_RECORD_PERMISSIVE, &new_home); |
70a5db58 LP |
190 | if (r < 0) |
191 | return log_error_errno(r, "Failed to clone record: %m"); | |
192 | ||
193 | r = user_record_add_binding( | |
194 | new_home, | |
195 | USER_CIFS, | |
196 | NULL, | |
197 | SD_ID128_NULL, | |
198 | SD_ID128_NULL, | |
199 | SD_ID128_NULL, | |
200 | NULL, | |
201 | NULL, | |
202 | UINT64_MAX, | |
203 | NULL, | |
204 | NULL, | |
205 | h->uid, | |
206 | (gid_t) h->uid); | |
207 | if (r < 0) | |
208 | return log_error_errno(r, "Failed to add binding to record: %m"); | |
209 | ||
210 | log_info("Everything completed."); | |
211 | ||
212 | *ret_home = TAKE_PTR(new_home); | |
213 | return 0; | |
214 | } |