return 1;
}
-int home_deactivate_luks(UserRecord *h) {
+int home_deactivate_luks(UserRecord *h, HomeSetup *setup) {
_cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
_cleanup_free_ char *dm_name = NULL, *dm_node = NULL;
bool we_detached;
int r;
+ assert(h);
+ assert(setup);
+ assert(!setup->crypt_device);
+
/* Note that the DM device and loopback device are set to auto-detach, hence strictly speaking we
* don't have to explicitly have to detach them. However, we do that nonetheless (in case of the DM
* device), to avoid races: by explicitly detaching them we know when the detaching is complete. We
return 1;
}
-int home_lock_luks(UserRecord *h) {
+int home_lock_luks(UserRecord *h, HomeSetup *setup) {
_cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
_cleanup_free_ char *dm_name = NULL, *dm_node = NULL;
- _cleanup_close_ int root_fd = -1;
const char *p;
int r;
assert(h);
+ assert(setup);
+ assert(setup->root_fd < 0);
assert_se(p = user_record_home_directory(h));
- root_fd = open(p, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW);
- if (root_fd < 0)
+ setup->root_fd = open(p, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW);
+ if (setup->root_fd < 0)
return log_error_errno(errno, "Failed to open home directory: %m");
r = make_dm_names(h->user_name, &dm_name, &dm_node);
log_info("Discovered used LUKS device %s.", dm_node);
cryptsetup_enable_logging(cd);
- if (syncfs(root_fd) < 0) /* Snake oil, but let's better be safe than sorry */
+ if (syncfs(setup->root_fd) < 0) /* Snake oil, but let's better be safe than sorry */
return log_error_errno(errno, "Failed to synchronize file system %s: %m", p);
- root_fd = safe_close(root_fd);
+ setup->root_fd = safe_close(setup->root_fd);
log_info("File system synchronized.");
return -ENOKEY;
}
-int home_unlock_luks(UserRecord *h, const PasswordCache *cache) {
+int home_unlock_luks(UserRecord *h, HomeSetup *setup, const PasswordCache *cache) {
_cleanup_free_ char *dm_name = NULL, *dm_node = NULL;
_cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
char **list;
int r;
assert(h);
+ assert(setup);
r = make_dm_names(h->user_name, &dm_name, &dm_node);
if (r < 0)
int home_setup_luks(UserRecord *h, HomeSetupFlags flags, const char *force_image_path, PasswordCache *cache, HomeSetup *setup, UserRecord **ret_luks_home);
int home_activate_luks(UserRecord *h, HomeSetup *setup, PasswordCache *cache, UserRecord **ret_home);
-int home_deactivate_luks(UserRecord *h);
+int home_deactivate_luks(UserRecord *h, HomeSetup *setup);
int home_trim_luks(UserRecord *h);
int home_store_header_identity_luks(UserRecord *h, HomeSetup *setup, UserRecord *old_home);
int home_passwd_luks(UserRecord *h, HomeSetup *setup, const PasswordCache *cache, char **effective_passwords);
-int home_lock_luks(UserRecord *h);
-int home_unlock_luks(UserRecord *h, const PasswordCache *cache);
+int home_lock_luks(UserRecord *h, HomeSetup *setup);
+int home_unlock_luks(UserRecord *h, HomeSetup *setup, const PasswordCache *cache);
static inline uint64_t luks_volume_key_size_convert(struct crypt_device *cd) {
int k;
}
static int home_deactivate(UserRecord *h, bool force) {
+ _cleanup_(home_setup_done) HomeSetup setup = HOME_SETUP_INIT;
bool done = false;
int r;
log_info("Directory %s is already unmounted.", user_record_home_directory(h));
if (user_record_storage(h) == USER_LUKS) {
- r = home_deactivate_luks(h);
+ r = home_deactivate_luks(h, &setup);
if (r < 0)
return r;
if (r > 0)
}
static int home_lock(UserRecord *h) {
+ _cleanup_(home_setup_done) HomeSetup setup = HOME_SETUP_INIT;
int r;
assert(h);
if (r != USER_TEST_MOUNTED)
return log_error_errno(SYNTHETIC_ERRNO(ENOEXEC), "Home directory of %s is not mounted, can't lock.", h->user_name);
- r = home_lock_luks(h);
+ r = home_lock_luks(h, &setup);
if (r < 0)
return r;
}
static int home_unlock(UserRecord *h) {
+ _cleanup_(home_setup_done) HomeSetup setup = HOME_SETUP_INIT;
_cleanup_(password_cache_free) PasswordCache cache = {};
int r;
if (r < 0)
return r;
- r = home_unlock_luks(h, &cache);
+ r = home_unlock_luks(h, &setup, &cache);
if (r < 0)
return r;