]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
70a5db58 LP |
2 | |
3 | #include <grp.h> | |
4 | #include <linux/fs.h> | |
5 | #include <linux/magic.h> | |
d357b80d | 6 | #include <math.h> |
70a5db58 LP |
7 | #include <openssl/pem.h> |
8 | #include <pwd.h> | |
9 | #include <sys/ioctl.h> | |
10 | #include <sys/quota.h> | |
11 | #include <sys/stat.h> | |
12 | ||
e1614484 ZJS |
13 | #include "sd-id128.h" |
14 | ||
70a5db58 LP |
15 | #include "btrfs-util.h" |
16 | #include "bus-common-errors.h" | |
17 | #include "bus-error.h" | |
ac9f55ed | 18 | #include "bus-log-control-api.h" |
70a5db58 LP |
19 | #include "bus-polkit.h" |
20 | #include "clean-ipc.h" | |
21 | #include "conf-files.h" | |
22 | #include "device-util.h" | |
23 | #include "dirent-util.h" | |
24 | #include "fd-util.h" | |
25 | #include "fileio.h" | |
26 | #include "format-util.h" | |
27 | #include "fs-util.h" | |
e2341b6b | 28 | #include "glyph-util.h" |
70a5db58 LP |
29 | #include "gpt.h" |
30 | #include "home-util.h" | |
c76dd733 | 31 | #include "homed-conf.h" |
70a5db58 LP |
32 | #include "homed-home-bus.h" |
33 | #include "homed-home.h" | |
34 | #include "homed-manager-bus.h" | |
35 | #include "homed-manager.h" | |
36 | #include "homed-varlink.h" | |
37 | #include "io-util.h" | |
38 | #include "mkdir.h" | |
39 | #include "process-util.h" | |
40 | #include "quota-util.h" | |
41 | #include "random-util.h" | |
d357b80d | 42 | #include "resize-fs.h" |
70a5db58 | 43 | #include "socket-util.h" |
d357b80d | 44 | #include "sort-util.h" |
70a5db58 LP |
45 | #include "stat-util.h" |
46 | #include "strv.h" | |
bf819d3a | 47 | #include "sync-util.h" |
70a5db58 LP |
48 | #include "tmpfile-util.h" |
49 | #include "udev-util.h" | |
50 | #include "user-record-sign.h" | |
51 | #include "user-record-util.h" | |
52 | #include "user-record.h" | |
53 | #include "user-util.h" | |
54 | ||
55 | /* Where to look for private/public keys that are used to sign the user records. We are not using | |
56 | * CONF_PATHS_NULSTR() here since we want to insert /var/lib/systemd/home/ in the middle. And we insert that | |
57 | * since we want to auto-generate a persistent private/public key pair if we need to. */ | |
58 | #define KEY_PATHS_NULSTR \ | |
59 | "/etc/systemd/home/\0" \ | |
60 | "/run/systemd/home/\0" \ | |
61 | "/var/lib/systemd/home/\0" \ | |
62 | "/usr/local/lib/systemd/home/\0" \ | |
63 | "/usr/lib/systemd/home/\0" | |
64 | ||
65 | static bool uid_is_home(uid_t uid) { | |
66 | return uid >= HOME_UID_MIN && uid <= HOME_UID_MAX; | |
67 | } | |
68 | /* Takes a value generated randomly or by hashing and turns it into a UID in the right range */ | |
69 | ||
70 | #define UID_CLAMP_INTO_HOME_RANGE(rnd) (((uid_t) (rnd) % (HOME_UID_MAX - HOME_UID_MIN + 1)) + HOME_UID_MIN) | |
71 | ||
72 | DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(homes_by_uid_hash_ops, void, trivial_hash_func, trivial_compare_func, Home, home_free); | |
73 | DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(homes_by_name_hash_ops, char, string_hash_func, string_compare_func, Home, home_free); | |
74 | DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(homes_by_worker_pid_hash_ops, void, trivial_hash_func, trivial_compare_func, Home, home_free); | |
75 | DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(homes_by_sysfs_hash_ops, char, path_hash_func, path_compare, Home, home_free); | |
76 | ||
77 | static int on_home_inotify(sd_event_source *s, const struct inotify_event *event, void *userdata); | |
78 | static int manager_gc_images(Manager *m); | |
79 | static int manager_enumerate_images(Manager *m); | |
80 | static int manager_assess_image(Manager *m, int dir_fd, const char *dir_path, const char *dentry_name); | |
81 | static void manager_revalidate_image(Manager *m, Home *h); | |
82 | ||
83 | static void manager_watch_home(Manager *m) { | |
84 | struct statfs sfs; | |
85 | int r; | |
86 | ||
87 | assert(m); | |
88 | ||
cf536638 | 89 | m->inotify_event_source = sd_event_source_disable_unref(m->inotify_event_source); |
70a5db58 LP |
90 | m->scan_slash_home = false; |
91 | ||
2700fecd | 92 | if (statfs(get_home_root(), &sfs) < 0) { |
70a5db58 | 93 | log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno, |
2700fecd | 94 | "Failed to statfs() %s directory, disabling automatic scanning.", get_home_root()); |
70a5db58 LP |
95 | return; |
96 | } | |
97 | ||
98 | if (is_network_fs(&sfs)) { | |
2700fecd | 99 | log_info("%s is a network file system, disabling automatic scanning.", get_home_root()); |
70a5db58 LP |
100 | return; |
101 | } | |
102 | ||
103 | if (is_fs_type(&sfs, AUTOFS_SUPER_MAGIC)) { | |
2700fecd | 104 | log_info("%s is on autofs, disabling automatic scanning.", get_home_root()); |
70a5db58 LP |
105 | return; |
106 | } | |
107 | ||
108 | m->scan_slash_home = true; | |
109 | ||
2700fecd | 110 | r = sd_event_add_inotify(m->event, &m->inotify_event_source, get_home_root(), |
23d24b76 ZJS |
111 | IN_CREATE|IN_CLOSE_WRITE|IN_DELETE_SELF|IN_MOVE_SELF|IN_ONLYDIR|IN_MOVED_TO|IN_MOVED_FROM|IN_DELETE, |
112 | on_home_inotify, m); | |
70a5db58 LP |
113 | if (r < 0) |
114 | log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_WARNING, r, | |
2700fecd | 115 | "Failed to create inotify watch on %s, ignoring.", get_home_root()); |
70a5db58 LP |
116 | |
117 | (void) sd_event_source_set_description(m->inotify_event_source, "home-inotify"); | |
2700fecd LP |
118 | |
119 | log_info("Watching %s.", get_home_root()); | |
70a5db58 LP |
120 | } |
121 | ||
122 | static int on_home_inotify(sd_event_source *s, const struct inotify_event *event, void *userdata) { | |
2700fecd | 123 | _cleanup_free_ char *j = NULL; |
99534007 | 124 | Manager *m = ASSERT_PTR(userdata); |
70a5db58 LP |
125 | const char *e, *n; |
126 | ||
70a5db58 LP |
127 | assert(event); |
128 | ||
129 | if ((event->mask & (IN_Q_OVERFLOW|IN_MOVE_SELF|IN_DELETE_SELF|IN_IGNORED|IN_UNMOUNT)) != 0) { | |
130 | ||
131 | if (FLAGS_SET(event->mask, IN_Q_OVERFLOW)) | |
2700fecd | 132 | log_debug("%s inotify queue overflow, rescanning.", get_home_root()); |
70a5db58 | 133 | else if (FLAGS_SET(event->mask, IN_MOVE_SELF)) |
2700fecd | 134 | log_info("%s moved or renamed, recreating watch and rescanning.", get_home_root()); |
70a5db58 | 135 | else if (FLAGS_SET(event->mask, IN_DELETE_SELF)) |
2700fecd | 136 | log_info("%s deleted, recreating watch and rescanning.", get_home_root()); |
70a5db58 | 137 | else if (FLAGS_SET(event->mask, IN_UNMOUNT)) |
2700fecd | 138 | log_info("%s unmounted, recreating watch and rescanning.", get_home_root()); |
70a5db58 | 139 | else if (FLAGS_SET(event->mask, IN_IGNORED)) |
2700fecd | 140 | log_info("%s watch invalidated, recreating watch and rescanning.", get_home_root()); |
70a5db58 LP |
141 | |
142 | manager_watch_home(m); | |
143 | (void) manager_gc_images(m); | |
144 | (void) manager_enumerate_images(m); | |
145 | (void) bus_manager_emit_auto_login_changed(m); | |
146 | return 0; | |
147 | } | |
148 | ||
149 | /* For the other inotify events, let's ignore all events for file names that don't match our | |
150 | * expectations */ | |
151 | if (isempty(event->name)) | |
152 | return 0; | |
153 | e = endswith(event->name, FLAGS_SET(event->mask, IN_ISDIR) ? ".homedir" : ".home"); | |
154 | if (!e) | |
155 | return 0; | |
156 | ||
2f82562b | 157 | n = strndupa_safe(event->name, e - event->name); |
70a5db58 LP |
158 | if (!suitable_user_name(n)) |
159 | return 0; | |
160 | ||
2700fecd LP |
161 | j = path_join(get_home_root(), event->name); |
162 | if (!j) | |
163 | return log_oom(); | |
164 | ||
70a5db58 LP |
165 | if ((event->mask & (IN_CREATE|IN_CLOSE_WRITE|IN_MOVED_TO)) != 0) { |
166 | if (FLAGS_SET(event->mask, IN_CREATE)) | |
2700fecd | 167 | log_debug("%s has been created, having a look.", j); |
70a5db58 | 168 | else if (FLAGS_SET(event->mask, IN_CLOSE_WRITE)) |
2700fecd | 169 | log_debug("%s has been modified, having a look.", j); |
70a5db58 | 170 | else if (FLAGS_SET(event->mask, IN_MOVED_TO)) |
2700fecd | 171 | log_debug("%s has been moved in, having a look.", j); |
70a5db58 | 172 | |
2700fecd | 173 | (void) manager_assess_image(m, -1, get_home_root(), event->name); |
70a5db58 LP |
174 | (void) bus_manager_emit_auto_login_changed(m); |
175 | } | |
176 | ||
755b35b1 | 177 | if ((event->mask & (IN_DELETE | IN_CLOSE_WRITE | IN_MOVED_FROM)) != 0) { |
70a5db58 LP |
178 | Home *h; |
179 | ||
180 | if (FLAGS_SET(event->mask, IN_DELETE)) | |
2700fecd | 181 | log_debug("%s has been deleted, revalidating.", j); |
70a5db58 | 182 | else if (FLAGS_SET(event->mask, IN_CLOSE_WRITE)) |
2700fecd | 183 | log_debug("%s has been closed after writing, revalidating.", j); |
70a5db58 | 184 | else if (FLAGS_SET(event->mask, IN_MOVED_FROM)) |
2700fecd | 185 | log_debug("%s has been moved away, revalidating.", j); |
70a5db58 LP |
186 | |
187 | h = hashmap_get(m->homes_by_name, n); | |
188 | if (h) { | |
189 | manager_revalidate_image(m, h); | |
190 | (void) bus_manager_emit_auto_login_changed(m); | |
191 | } | |
192 | } | |
193 | ||
194 | return 0; | |
195 | } | |
196 | ||
197 | int manager_new(Manager **ret) { | |
198 | _cleanup_(manager_freep) Manager *m = NULL; | |
199 | int r; | |
200 | ||
201 | assert(ret); | |
202 | ||
c76dd733 | 203 | m = new(Manager, 1); |
70a5db58 LP |
204 | if (!m) |
205 | return -ENOMEM; | |
206 | ||
c76dd733 LP |
207 | *m = (Manager) { |
208 | .default_storage = _USER_STORAGE_INVALID, | |
d357b80d | 209 | .rebalance_interval_usec = 2 * USEC_PER_MINUTE, /* initially, rebalance every 2min */ |
c76dd733 LP |
210 | }; |
211 | ||
212 | r = manager_parse_config_file(m); | |
213 | if (r < 0) | |
214 | return r; | |
215 | ||
70a5db58 LP |
216 | r = sd_event_default(&m->event); |
217 | if (r < 0) | |
218 | return r; | |
219 | ||
220 | r = sd_event_add_signal(m->event, NULL, SIGINT, NULL, NULL); | |
221 | if (r < 0) | |
222 | return r; | |
223 | ||
224 | r = sd_event_add_signal(m->event, NULL, SIGTERM, NULL, NULL); | |
225 | if (r < 0) | |
226 | return r; | |
227 | ||
228 | (void) sd_event_set_watchdog(m->event, true); | |
229 | ||
230 | m->homes_by_uid = hashmap_new(&homes_by_uid_hash_ops); | |
231 | if (!m->homes_by_uid) | |
232 | return -ENOMEM; | |
233 | ||
234 | m->homes_by_name = hashmap_new(&homes_by_name_hash_ops); | |
235 | if (!m->homes_by_name) | |
236 | return -ENOMEM; | |
237 | ||
238 | m->homes_by_worker_pid = hashmap_new(&homes_by_worker_pid_hash_ops); | |
239 | if (!m->homes_by_worker_pid) | |
240 | return -ENOMEM; | |
241 | ||
242 | m->homes_by_sysfs = hashmap_new(&homes_by_sysfs_hash_ops); | |
243 | if (!m->homes_by_sysfs) | |
244 | return -ENOMEM; | |
245 | ||
246 | *ret = TAKE_PTR(m); | |
247 | return 0; | |
248 | } | |
249 | ||
250 | Manager* manager_free(Manager *m) { | |
9796a9fb LP |
251 | Home *h; |
252 | ||
70a5db58 LP |
253 | assert(m); |
254 | ||
9796a9fb LP |
255 | HASHMAP_FOREACH(h, m->homes_by_worker_pid) |
256 | (void) home_wait_for_worker(h); | |
257 | ||
76fc1577 YW |
258 | m->bus = sd_bus_flush_close_unref(m->bus); |
259 | m->polkit_registry = bus_verify_polkit_async_registry_free(m->polkit_registry); | |
70a5db58 | 260 | |
70a5db58 LP |
261 | m->device_monitor = sd_device_monitor_unref(m->device_monitor); |
262 | ||
f76e5644 ZJS |
263 | m->inotify_event_source = sd_event_source_unref(m->inotify_event_source); |
264 | m->notify_socket_event_source = sd_event_source_unref(m->notify_socket_event_source); | |
70a5db58 LP |
265 | m->deferred_rescan_event_source = sd_event_source_unref(m->deferred_rescan_event_source); |
266 | m->deferred_gc_event_source = sd_event_source_unref(m->deferred_gc_event_source); | |
267 | m->deferred_auto_login_event_source = sd_event_source_unref(m->deferred_auto_login_event_source); | |
d357b80d | 268 | m->rebalance_event_source = sd_event_source_unref(m->rebalance_event_source); |
70a5db58 | 269 | |
76fc1577 | 270 | m->event = sd_event_unref(m->event); |
f76e5644 | 271 | |
76fc1577 YW |
272 | m->homes_by_uid = hashmap_free(m->homes_by_uid); |
273 | m->homes_by_name = hashmap_free(m->homes_by_name); | |
274 | m->homes_by_worker_pid = hashmap_free(m->homes_by_worker_pid); | |
275 | m->homes_by_sysfs = hashmap_free(m->homes_by_sysfs); | |
f76e5644 | 276 | |
70a5db58 LP |
277 | if (m->private_key) |
278 | EVP_PKEY_free(m->private_key); | |
279 | ||
280 | hashmap_free(m->public_keys); | |
281 | ||
282 | varlink_server_unref(m->varlink_server); | |
cc9886bc | 283 | free(m->userdb_service); |
70a5db58 | 284 | |
c76dd733 LP |
285 | free(m->default_file_system_type); |
286 | ||
70a5db58 LP |
287 | return mfree(m); |
288 | } | |
289 | ||
290 | int manager_verify_user_record(Manager *m, UserRecord *hr) { | |
291 | EVP_PKEY *pkey; | |
70a5db58 LP |
292 | int r; |
293 | ||
294 | assert(m); | |
295 | assert(hr); | |
296 | ||
297 | if (!m->private_key && hashmap_isempty(m->public_keys)) { | |
298 | r = user_record_has_signature(hr); | |
299 | if (r < 0) | |
300 | return r; | |
301 | ||
302 | return r ? -ENOKEY : USER_RECORD_UNSIGNED; | |
303 | } | |
304 | ||
305 | /* Is it our own? */ | |
306 | if (m->private_key) { | |
307 | r = user_record_verify(hr, m->private_key); | |
308 | switch (r) { | |
309 | ||
310 | case USER_RECORD_FOREIGN: | |
311 | /* This record is not signed by this key, but let's see below */ | |
312 | break; | |
313 | ||
314 | case USER_RECORD_SIGNED: /* Signed by us, but also by others, let's propagate that */ | |
315 | case USER_RECORD_SIGNED_EXCLUSIVE: /* Signed by us, and nothing else, ditto */ | |
316 | case USER_RECORD_UNSIGNED: /* Not signed at all, ditto */ | |
317 | default: | |
318 | return r; | |
319 | } | |
320 | } | |
321 | ||
90e74a66 | 322 | HASHMAP_FOREACH(pkey, m->public_keys) { |
70a5db58 LP |
323 | r = user_record_verify(hr, pkey); |
324 | switch (r) { | |
325 | ||
326 | case USER_RECORD_FOREIGN: | |
327 | /* This record is not signed by this key, but let's see our other keys */ | |
328 | break; | |
329 | ||
330 | case USER_RECORD_SIGNED: /* It's signed by this key we are happy with, but which is not our own. */ | |
331 | case USER_RECORD_SIGNED_EXCLUSIVE: | |
332 | return USER_RECORD_FOREIGN; | |
333 | ||
334 | case USER_RECORD_UNSIGNED: /* It's not signed at all */ | |
335 | default: | |
336 | return r; | |
337 | } | |
338 | } | |
339 | ||
340 | return -ENOKEY; | |
341 | } | |
342 | ||
343 | static int manager_add_home_by_record( | |
344 | Manager *m, | |
345 | const char *name, | |
346 | int dir_fd, | |
347 | const char *fname) { | |
348 | ||
349 | _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; | |
852640f8 | 350 | _cleanup_(user_record_unrefp) UserRecord *hr = NULL; |
70a5db58 LP |
351 | unsigned line, column; |
352 | int r, is_signed; | |
20f4a308 | 353 | struct stat st; |
70a5db58 LP |
354 | Home *h; |
355 | ||
356 | assert(m); | |
357 | assert(name); | |
358 | assert(fname); | |
359 | ||
20f4a308 LP |
360 | if (fstatat(dir_fd, fname, &st, 0) < 0) |
361 | return log_error_errno(errno, "Failed to stat identity record %s: %m", fname); | |
362 | ||
363 | if (!S_ISREG(st.st_mode)) { | |
364 | log_debug("Identity record file %s is not a regular file, ignoring.", fname); | |
365 | return 0; | |
366 | } | |
367 | ||
368 | if (st.st_size == 0) | |
369 | goto unlink_this_file; | |
370 | ||
70a5db58 LP |
371 | r = json_parse_file_at(NULL, dir_fd, fname, JSON_PARSE_SENSITIVE, &v, &line, &column); |
372 | if (r < 0) | |
373 | return log_error_errno(r, "Failed to parse identity record at %s:%u%u: %m", fname, line, column); | |
374 | ||
20f4a308 LP |
375 | if (json_variant_is_blank_object(v)) |
376 | goto unlink_this_file; | |
377 | ||
70a5db58 LP |
378 | hr = user_record_new(); |
379 | if (!hr) | |
380 | return log_oom(); | |
381 | ||
bfc0cc1a | 382 | r = user_record_load(hr, v, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_LOG|USER_RECORD_PERMISSIVE); |
70a5db58 LP |
383 | if (r < 0) |
384 | return r; | |
385 | ||
386 | if (!streq_ptr(hr->user_name, name)) | |
23d24b76 ZJS |
387 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), |
388 | "Identity's user name %s does not match file name %s, refusing.", | |
389 | hr->user_name, name); | |
70a5db58 LP |
390 | |
391 | is_signed = manager_verify_user_record(m, hr); | |
392 | switch (is_signed) { | |
393 | ||
394 | case -ENOKEY: | |
395 | return log_warning_errno(is_signed, "User record %s is not signed by any accepted key, ignoring.", fname); | |
396 | case USER_RECORD_UNSIGNED: | |
397 | return log_warning_errno(SYNTHETIC_ERRNO(EPERM), "User record %s is not signed at all, ignoring.", fname); | |
398 | case USER_RECORD_SIGNED: | |
399 | log_info("User record %s is signed by us (and others), accepting.", fname); | |
400 | break; | |
401 | case USER_RECORD_SIGNED_EXCLUSIVE: | |
402 | log_info("User record %s is signed only by us, accepting.", fname); | |
403 | break; | |
404 | case USER_RECORD_FOREIGN: | |
405 | log_info("User record %s is signed by registered key from others, accepting.", fname); | |
406 | break; | |
407 | default: | |
408 | assert(is_signed < 0); | |
409 | return log_error_errno(is_signed, "Failed to verify signature of user record in %s: %m", fname); | |
410 | } | |
411 | ||
412 | h = hashmap_get(m->homes_by_name, name); | |
413 | if (h) { | |
414 | r = home_set_record(h, hr); | |
415 | if (r < 0) | |
416 | return log_error_errno(r, "Failed to update home record for %s: %m", name); | |
417 | ||
418 | /* If we acquired a record now for a previously unallocated entry, then reset the state. This | |
419 | * makes sure home_get_state() will check for the availability of the image file dynamically | |
162392b7 | 420 | * in order to detect to distinguish HOME_INACTIVE and HOME_ABSENT. */ |
70a5db58 LP |
421 | if (h->state == HOME_UNFIXATED) |
422 | h->state = _HOME_STATE_INVALID; | |
423 | } else { | |
424 | r = home_new(m, hr, NULL, &h); | |
425 | if (r < 0) | |
426 | return log_error_errno(r, "Failed to allocate new home object: %m"); | |
427 | ||
428 | log_info("Added registered home for user %s.", hr->user_name); | |
429 | } | |
430 | ||
431 | /* Only entries we exclusively signed are writable to us, hence remember the result */ | |
432 | h->signed_locally = is_signed == USER_RECORD_SIGNED_EXCLUSIVE; | |
433 | ||
434 | return 1; | |
20f4a308 LP |
435 | |
436 | unlink_this_file: | |
437 | /* If this is an empty file, then let's just remove it. An empty file is not useful in any case, and | |
438 | * apparently xfs likes to leave empty files around when not unmounted cleanly (see | |
439 | * https://github.com/systemd/systemd/issues/15178 for example). Note that we don't delete non-empty | |
440 | * files even if they are invalid, because that's just too risky, we might delete data the user still | |
441 | * needs. But empty files are never useful, hence let's just remove them. */ | |
442 | ||
443 | if (unlinkat(dir_fd, fname, 0) < 0) | |
444 | return log_error_errno(errno, "Failed to remove empty user record file %s: %m", fname); | |
445 | ||
005daeed | 446 | log_notice("Discovered empty user record file %s/%s, removed automatically.", home_record_dir(), fname); |
20f4a308 | 447 | return 0; |
70a5db58 LP |
448 | } |
449 | ||
450 | static int manager_enumerate_records(Manager *m) { | |
451 | _cleanup_closedir_ DIR *d = NULL; | |
70a5db58 LP |
452 | |
453 | assert(m); | |
454 | ||
005daeed | 455 | d = opendir(home_record_dir()); |
70a5db58 LP |
456 | if (!d) |
457 | return log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, errno, | |
005daeed | 458 | "Failed to open %s: %m", home_record_dir()); |
70a5db58 LP |
459 | |
460 | FOREACH_DIRENT(de, d, return log_error_errno(errno, "Failed to read record directory: %m")) { | |
461 | _cleanup_free_ char *n = NULL; | |
462 | const char *e; | |
463 | ||
464 | if (!dirent_is_file(de)) | |
465 | continue; | |
466 | ||
467 | e = endswith(de->d_name, ".identity"); | |
468 | if (!e) | |
469 | continue; | |
470 | ||
471 | n = strndup(de->d_name, e - de->d_name); | |
472 | if (!n) | |
473 | return log_oom(); | |
474 | ||
475 | if (!suitable_user_name(n)) | |
476 | continue; | |
477 | ||
478 | (void) manager_add_home_by_record(m, n, dirfd(d), de->d_name); | |
479 | } | |
480 | ||
481 | return 0; | |
482 | } | |
483 | ||
484 | static int search_quota(uid_t uid, const char *exclude_quota_path) { | |
485 | struct stat exclude_st = {}; | |
486 | dev_t previous_devno = 0; | |
70a5db58 LP |
487 | int r; |
488 | ||
489 | /* Checks whether the specified UID owns any files on the files system, but ignore any file system | |
490 | * backing the specified file. The file is used when operating on home directories, where it's OK if | |
491 | * the UID of them already owns files. */ | |
492 | ||
493 | if (exclude_quota_path && stat(exclude_quota_path, &exclude_st) < 0) { | |
494 | if (errno != ENOENT) | |
495 | return log_warning_errno(errno, "Failed to stat %s, ignoring: %m", exclude_quota_path); | |
496 | } | |
497 | ||
498 | /* Check a few usual suspects where regular users might own files. Note that this is by no means | |
499 | * comprehensive, but should cover most cases. Note that in an ideal world every user would be | |
500 | * registered in NSS and avoid our own UID range, but for all other cases, it's a good idea to be | |
501 | * paranoid and check quota if we can. */ | |
2700fecd | 502 | FOREACH_STRING(where, get_home_root(), "/tmp/", "/var/", "/var/mail/", "/var/tmp/", "/var/spool/") { |
70a5db58 LP |
503 | struct dqblk req; |
504 | struct stat st; | |
505 | ||
506 | if (stat(where, &st) < 0) { | |
507 | log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, errno, | |
508 | "Failed to stat %s, ignoring: %m", where); | |
509 | continue; | |
510 | } | |
511 | ||
512 | if (major(st.st_dev) == 0) { | |
513 | log_debug("Directory %s is not on a real block device, not checking quota for UID use.", where); | |
514 | continue; | |
515 | } | |
516 | ||
517 | if (st.st_dev == exclude_st.st_dev) { /* If an exclude path is specified, then ignore quota | |
518 | * reported on the same block device as that path. */ | |
519 | log_debug("Directory %s is where the home directory is located, not checking quota for UID use.", where); | |
520 | continue; | |
521 | } | |
522 | ||
523 | if (st.st_dev == previous_devno) { /* Does this directory have the same devno as the previous | |
524 | * one we tested? If so, there's no point in testing this | |
525 | * again. */ | |
526 | log_debug("Directory %s is on same device as previous tested directory, not checking quota for UID use a second time.", where); | |
527 | continue; | |
528 | } | |
529 | ||
530 | previous_devno = st.st_dev; | |
531 | ||
7176f06c | 532 | r = quotactl_devnum(QCMD_FIXED(Q_GETQUOTA, USRQUOTA), st.st_dev, uid, &req); |
70a5db58 LP |
533 | if (r < 0) { |
534 | if (ERRNO_IS_NOT_SUPPORTED(r)) | |
535 | log_debug_errno(r, "No UID quota support on %s, ignoring.", where); | |
5e5e11b8 LP |
536 | else if (ERRNO_IS_PRIVILEGE(r)) |
537 | log_debug_errno(r, "UID quota support for %s prohibited, ignoring.", where); | |
70a5db58 | 538 | else |
1a53adb3 | 539 | log_warning_errno(r, "Failed to query quota on %s, ignoring: %m", where); |
70a5db58 LP |
540 | |
541 | continue; | |
542 | } | |
543 | ||
544 | if ((FLAGS_SET(req.dqb_valid, QIF_SPACE) && req.dqb_curspace > 0) || | |
545 | (FLAGS_SET(req.dqb_valid, QIF_INODES) && req.dqb_curinodes > 0)) { | |
546 | log_debug_errno(errno, "Quota reports UID " UID_FMT " occupies disk space on %s.", uid, where); | |
547 | return 1; | |
548 | } | |
549 | } | |
550 | ||
551 | return 0; | |
552 | } | |
553 | ||
554 | static int manager_acquire_uid( | |
555 | Manager *m, | |
556 | uid_t start_uid, | |
557 | const char *user_name, | |
558 | const char *exclude_quota_path, | |
559 | uid_t *ret) { | |
560 | ||
561 | static const uint8_t hash_key[] = { | |
562 | 0xa3, 0xb8, 0x82, 0x69, 0x9a, 0x71, 0xf7, 0xa9, | |
563 | 0xe0, 0x7c, 0xf6, 0xf1, 0x21, 0x69, 0xd2, 0x1e | |
564 | }; | |
565 | ||
566 | enum { | |
567 | PHASE_SUGGESTED, | |
568 | PHASE_HASHED, | |
569 | PHASE_RANDOM | |
570 | } phase = PHASE_SUGGESTED; | |
571 | ||
572 | unsigned n_tries = 100; | |
573 | int r; | |
574 | ||
575 | assert(m); | |
576 | assert(ret); | |
577 | ||
578 | for (;;) { | |
579 | struct passwd *pw; | |
580 | struct group *gr; | |
581 | uid_t candidate; | |
582 | Home *other; | |
583 | ||
584 | if (--n_tries <= 0) | |
585 | return -EBUSY; | |
586 | ||
587 | switch (phase) { | |
588 | ||
589 | case PHASE_SUGGESTED: | |
590 | phase = PHASE_HASHED; | |
591 | ||
592 | if (!uid_is_home(start_uid)) | |
593 | continue; | |
594 | ||
595 | candidate = start_uid; | |
596 | break; | |
597 | ||
598 | case PHASE_HASHED: | |
599 | phase = PHASE_RANDOM; | |
600 | ||
601 | if (!user_name) | |
602 | continue; | |
603 | ||
604 | candidate = UID_CLAMP_INTO_HOME_RANGE(siphash24(user_name, strlen(user_name), hash_key)); | |
605 | break; | |
606 | ||
607 | case PHASE_RANDOM: | |
608 | random_bytes(&candidate, sizeof(candidate)); | |
609 | candidate = UID_CLAMP_INTO_HOME_RANGE(candidate); | |
610 | break; | |
611 | ||
612 | default: | |
04499a70 | 613 | assert_not_reached(); |
70a5db58 LP |
614 | } |
615 | ||
616 | other = hashmap_get(m->homes_by_uid, UID_TO_PTR(candidate)); | |
617 | if (other) { | |
23d24b76 ZJS |
618 | log_debug("Candidate UID " UID_FMT " already used by another home directory (%s), let's try another.", |
619 | candidate, other->user_name); | |
70a5db58 LP |
620 | continue; |
621 | } | |
622 | ||
623 | pw = getpwuid(candidate); | |
624 | if (pw) { | |
23d24b76 ZJS |
625 | log_debug("Candidate UID " UID_FMT " already registered by another user in NSS (%s), let's try another.", |
626 | candidate, pw->pw_name); | |
70a5db58 LP |
627 | continue; |
628 | } | |
629 | ||
630 | gr = getgrgid((gid_t) candidate); | |
631 | if (gr) { | |
23d24b76 ZJS |
632 | log_debug("Candidate UID " UID_FMT " already registered by another group in NSS (%s), let's try another.", |
633 | candidate, gr->gr_name); | |
70a5db58 LP |
634 | continue; |
635 | } | |
636 | ||
637 | r = search_ipc(candidate, (gid_t) candidate); | |
638 | if (r < 0) | |
639 | continue; | |
640 | if (r > 0) { | |
23d24b76 ZJS |
641 | log_debug_errno(r, "Candidate UID " UID_FMT " already owns IPC objects, let's try another: %m", |
642 | candidate); | |
70a5db58 LP |
643 | continue; |
644 | } | |
645 | ||
646 | r = search_quota(candidate, exclude_quota_path); | |
647 | if (r != 0) | |
648 | continue; | |
649 | ||
650 | *ret = candidate; | |
651 | return 0; | |
652 | } | |
653 | } | |
654 | ||
655 | static int manager_add_home_by_image( | |
656 | Manager *m, | |
657 | const char *user_name, | |
658 | const char *realm, | |
659 | const char *image_path, | |
660 | const char *sysfs, | |
661 | UserStorage storage, | |
662 | uid_t start_uid) { | |
663 | ||
664 | _cleanup_(user_record_unrefp) UserRecord *hr = NULL; | |
665 | uid_t uid; | |
666 | Home *h; | |
667 | int r; | |
668 | ||
669 | assert(m); | |
670 | ||
671 | assert(m); | |
672 | assert(user_name); | |
673 | assert(image_path); | |
674 | assert(storage >= 0); | |
675 | assert(storage < _USER_STORAGE_MAX); | |
676 | ||
677 | h = hashmap_get(m->homes_by_name, user_name); | |
678 | if (h) { | |
679 | bool same; | |
680 | ||
681 | if (h->state != HOME_UNFIXATED) { | |
682 | log_debug("Found an image for user %s which already has a record, skipping.", user_name); | |
683 | return 0; /* ignore images that synthesize a user we already have a record for */ | |
684 | } | |
685 | ||
686 | same = user_record_storage(h->record) == storage; | |
687 | if (same) { | |
688 | if (h->sysfs && sysfs) | |
689 | same = path_equal(h->sysfs, sysfs); | |
690 | else if (!!h->sysfs != !!sysfs) | |
691 | same = false; | |
692 | else { | |
693 | const char *p; | |
694 | ||
695 | p = user_record_image_path(h->record); | |
696 | same = p && path_equal(p, image_path); | |
697 | } | |
698 | } | |
699 | ||
700 | if (!same) { | |
80ace4f2 | 701 | log_debug("Found multiple images for user '%s', ignoring image '%s'.", user_name, image_path); |
70a5db58 LP |
702 | return 0; |
703 | } | |
704 | } else { | |
705 | /* Check NSS, in case there's another user or group by this name */ | |
706 | if (getpwnam(user_name) || getgrnam(user_name)) { | |
707 | log_debug("Found an existing user or group by name '%s', ignoring image '%s'.", user_name, image_path); | |
708 | return 0; | |
709 | } | |
710 | } | |
711 | ||
712 | if (h && uid_is_valid(h->uid)) | |
713 | uid = h->uid; | |
714 | else { | |
23d24b76 ZJS |
715 | r = manager_acquire_uid(m, start_uid, user_name, |
716 | IN_SET(storage, USER_SUBVOLUME, USER_DIRECTORY, USER_FSCRYPT) ? image_path : NULL, | |
717 | &uid); | |
70a5db58 LP |
718 | if (r < 0) |
719 | return log_warning_errno(r, "Failed to acquire unused UID for %s: %m", user_name); | |
720 | } | |
721 | ||
722 | hr = user_record_new(); | |
723 | if (!hr) | |
724 | return log_oom(); | |
725 | ||
726 | r = user_record_synthesize(hr, user_name, realm, image_path, storage, uid, (gid_t) uid); | |
727 | if (r < 0) | |
728 | return log_error_errno(r, "Failed to synthesize home record for %s (image %s): %m", user_name, image_path); | |
729 | ||
730 | if (h) { | |
731 | r = home_set_record(h, hr); | |
732 | if (r < 0) | |
733 | return log_error_errno(r, "Failed to update home record for %s: %m", user_name); | |
734 | } else { | |
735 | r = home_new(m, hr, sysfs, &h); | |
736 | if (r < 0) | |
737 | return log_error_errno(r, "Failed to allocate new home object: %m"); | |
738 | ||
739 | h->state = HOME_UNFIXATED; | |
740 | ||
741 | log_info("Discovered new home for user %s through image %s.", user_name, image_path); | |
742 | } | |
743 | ||
744 | return 1; | |
745 | } | |
746 | ||
747 | int manager_augment_record_with_uid( | |
748 | Manager *m, | |
749 | UserRecord *hr) { | |
750 | ||
751 | const char *exclude_quota_path = NULL; | |
752 | uid_t start_uid = UID_INVALID, uid; | |
753 | int r; | |
754 | ||
755 | assert(m); | |
756 | assert(hr); | |
757 | ||
758 | if (uid_is_valid(hr->uid)) | |
759 | return 0; | |
760 | ||
761 | if (IN_SET(hr->storage, USER_CLASSIC, USER_SUBVOLUME, USER_DIRECTORY, USER_FSCRYPT)) { | |
762 | const char * ip; | |
763 | ||
764 | ip = user_record_image_path(hr); | |
765 | if (ip) { | |
766 | struct stat st; | |
767 | ||
768 | if (stat(ip, &st) < 0) { | |
769 | if (errno != ENOENT) | |
770 | log_warning_errno(errno, "Failed to stat(%s): %m", ip); | |
771 | } else if (uid_is_home(st.st_uid)) { | |
772 | start_uid = st.st_uid; | |
773 | exclude_quota_path = ip; | |
774 | } | |
775 | } | |
776 | } | |
777 | ||
778 | r = manager_acquire_uid(m, start_uid, hr->user_name, exclude_quota_path, &uid); | |
779 | if (r < 0) | |
780 | return r; | |
781 | ||
782 | log_debug("Acquired new UID " UID_FMT " for %s.", uid, hr->user_name); | |
783 | ||
784 | r = user_record_add_binding( | |
785 | hr, | |
786 | _USER_STORAGE_INVALID, | |
787 | NULL, | |
788 | SD_ID128_NULL, | |
789 | SD_ID128_NULL, | |
790 | SD_ID128_NULL, | |
791 | NULL, | |
792 | NULL, | |
793 | UINT64_MAX, | |
794 | NULL, | |
795 | NULL, | |
796 | uid, | |
797 | (gid_t) uid); | |
798 | if (r < 0) | |
799 | return r; | |
800 | ||
801 | return 1; | |
802 | } | |
803 | ||
804 | static int manager_assess_image( | |
805 | Manager *m, | |
806 | int dir_fd, | |
807 | const char *dir_path, | |
808 | const char *dentry_name) { | |
809 | ||
810 | char *luks_suffix, *directory_suffix; | |
811 | _cleanup_free_ char *path = NULL; | |
812 | struct stat st; | |
813 | int r; | |
814 | ||
815 | assert(m); | |
816 | assert(dir_path); | |
817 | assert(dentry_name); | |
818 | ||
819 | luks_suffix = endswith(dentry_name, ".home"); | |
820 | if (luks_suffix) | |
821 | directory_suffix = NULL; | |
822 | else | |
823 | directory_suffix = endswith(dentry_name, ".homedir"); | |
824 | ||
825 | /* Early filter out: by name */ | |
826 | if (!luks_suffix && !directory_suffix) | |
827 | return 0; | |
828 | ||
829 | path = path_join(dir_path, dentry_name); | |
830 | if (!path) | |
831 | return log_oom(); | |
832 | ||
833 | /* Follow symlinks here, to allow people to link in stuff to make them available locally. */ | |
834 | if (dir_fd >= 0) | |
835 | r = fstatat(dir_fd, dentry_name, &st, 0); | |
836 | else | |
837 | r = stat(path, &st); | |
838 | if (r < 0) | |
839 | return log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno, | |
80ace4f2 | 840 | "Failed to stat() directory entry '%s', ignoring: %m", dentry_name); |
70a5db58 LP |
841 | |
842 | if (S_ISREG(st.st_mode)) { | |
843 | _cleanup_free_ char *n = NULL, *user_name = NULL, *realm = NULL; | |
844 | ||
845 | if (!luks_suffix) | |
846 | return 0; | |
847 | ||
848 | n = strndup(dentry_name, luks_suffix - dentry_name); | |
849 | if (!n) | |
850 | return log_oom(); | |
851 | ||
852 | r = split_user_name_realm(n, &user_name, &realm); | |
853 | if (r == -EINVAL) /* Not the right format: ignore */ | |
854 | return 0; | |
855 | if (r < 0) | |
856 | return log_error_errno(r, "Failed to split image name into user name/realm: %m"); | |
857 | ||
858 | return manager_add_home_by_image(m, user_name, realm, path, NULL, USER_LUKS, UID_INVALID); | |
859 | } | |
860 | ||
861 | if (S_ISDIR(st.st_mode)) { | |
862 | _cleanup_free_ char *n = NULL, *user_name = NULL, *realm = NULL; | |
863 | _cleanup_close_ int fd = -1; | |
864 | UserStorage storage; | |
865 | ||
866 | if (!directory_suffix) | |
867 | return 0; | |
868 | ||
869 | n = strndup(dentry_name, directory_suffix - dentry_name); | |
870 | if (!n) | |
871 | return log_oom(); | |
872 | ||
873 | r = split_user_name_realm(n, &user_name, &realm); | |
874 | if (r == -EINVAL) /* Not the right format: ignore */ | |
875 | return 0; | |
876 | if (r < 0) | |
877 | return log_error_errno(r, "Failed to split image name into user name/realm: %m"); | |
878 | ||
879 | if (dir_fd >= 0) | |
880 | fd = openat(dir_fd, dentry_name, O_DIRECTORY|O_RDONLY|O_CLOEXEC); | |
881 | else | |
882 | fd = open(path, O_DIRECTORY|O_RDONLY|O_CLOEXEC); | |
883 | if (fd < 0) | |
884 | return log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno, | |
885 | "Failed to open directory '%s', ignoring: %m", path); | |
886 | ||
887 | if (fstat(fd, &st) < 0) | |
888 | return log_warning_errno(errno, "Failed to fstat() %s, ignoring: %m", path); | |
889 | ||
890 | assert(S_ISDIR(st.st_mode)); /* Must hold, we used O_DIRECTORY above */ | |
891 | ||
892 | r = btrfs_is_subvol_fd(fd); | |
893 | if (r < 0) | |
894 | return log_warning_errno(errno, "Failed to determine whether %s is a btrfs subvolume: %m", path); | |
895 | if (r > 0) | |
896 | storage = USER_SUBVOLUME; | |
897 | else { | |
898 | struct fscrypt_policy policy; | |
899 | ||
900 | if (ioctl(fd, FS_IOC_GET_ENCRYPTION_POLICY, &policy) < 0) { | |
901 | ||
902 | if (errno == ENODATA) | |
903 | log_debug_errno(errno, "Determined %s is not fscrypt encrypted.", path); | |
904 | else if (ERRNO_IS_NOT_SUPPORTED(errno)) | |
80ace4f2 | 905 | log_debug_errno(errno, "Determined %s is not fscrypt encrypted because kernel or file system doesn't support it.", path); |
70a5db58 LP |
906 | else |
907 | log_debug_errno(errno, "FS_IOC_GET_ENCRYPTION_POLICY failed with unexpected error code on %s, ignoring: %m", path); | |
908 | ||
909 | storage = USER_DIRECTORY; | |
910 | } else | |
911 | storage = USER_FSCRYPT; | |
912 | } | |
913 | ||
914 | return manager_add_home_by_image(m, user_name, realm, path, NULL, storage, st.st_uid); | |
915 | } | |
916 | ||
917 | return 0; | |
918 | } | |
919 | ||
920 | int manager_enumerate_images(Manager *m) { | |
921 | _cleanup_closedir_ DIR *d = NULL; | |
70a5db58 LP |
922 | |
923 | assert(m); | |
924 | ||
925 | if (!m->scan_slash_home) | |
926 | return 0; | |
927 | ||
2700fecd | 928 | d = opendir(get_home_root()); |
70a5db58 LP |
929 | if (!d) |
930 | return log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, errno, | |
2700fecd | 931 | "Failed to open %s: %m", get_home_root()); |
70a5db58 | 932 | |
2700fecd LP |
933 | FOREACH_DIRENT(de, d, return log_error_errno(errno, "Failed to read %s directory: %m", get_home_root())) |
934 | (void) manager_assess_image(m, dirfd(d), get_home_root(), de->d_name); | |
70a5db58 LP |
935 | |
936 | return 0; | |
937 | } | |
938 | ||
939 | static int manager_connect_bus(Manager *m) { | |
1d3b68f6 | 940 | _cleanup_free_ char *b = NULL; |
cc9886bc | 941 | const char *suffix, *busname; |
70a5db58 LP |
942 | int r; |
943 | ||
944 | assert(m); | |
945 | assert(!m->bus); | |
946 | ||
947 | r = sd_bus_default_system(&m->bus); | |
948 | if (r < 0) | |
949 | return log_error_errno(r, "Failed to connect to system bus: %m"); | |
950 | ||
cfd508a9 | 951 | r = bus_add_implementation(m->bus, &manager_object, m); |
ac9f55ed LP |
952 | if (r < 0) |
953 | return r; | |
954 | ||
c42234ab LP |
955 | r = bus_log_control_api_register(m->bus); |
956 | if (r < 0) | |
957 | return r; | |
958 | ||
cc9886bc | 959 | suffix = getenv("SYSTEMD_HOME_DEBUG_SUFFIX"); |
1d3b68f6 AZ |
960 | if (suffix) { |
961 | b = strjoin("org.freedesktop.home1.", suffix); | |
962 | if (!b) | |
963 | return log_oom(); | |
964 | busname = b; | |
965 | } else | |
cc9886bc LP |
966 | busname = "org.freedesktop.home1"; |
967 | ||
968 | r = sd_bus_request_name_async(m->bus, NULL, busname, 0, NULL, NULL); | |
70a5db58 LP |
969 | if (r < 0) |
970 | return log_error_errno(r, "Failed to request name: %m"); | |
971 | ||
972 | r = sd_bus_attach_event(m->bus, m->event, 0); | |
973 | if (r < 0) | |
974 | return log_error_errno(r, "Failed to attach bus to event loop: %m"); | |
975 | ||
976 | (void) sd_bus_set_exit_on_disconnect(m->bus, true); | |
977 | ||
978 | return 0; | |
979 | } | |
980 | ||
981 | static int manager_bind_varlink(Manager *m) { | |
1d3b68f6 | 982 | _cleanup_free_ char *p = NULL; |
cc9886bc | 983 | const char *suffix, *socket_path; |
70a5db58 LP |
984 | int r; |
985 | ||
986 | assert(m); | |
987 | assert(!m->varlink_server); | |
988 | ||
9807fdc1 | 989 | r = varlink_server_new(&m->varlink_server, VARLINK_SERVER_ACCOUNT_UID|VARLINK_SERVER_INHERIT_USERDATA); |
70a5db58 LP |
990 | if (r < 0) |
991 | return log_error_errno(r, "Failed to allocate varlink server object: %m"); | |
992 | ||
993 | varlink_server_set_userdata(m->varlink_server, m); | |
994 | ||
995 | r = varlink_server_bind_method_many( | |
996 | m->varlink_server, | |
997 | "io.systemd.UserDatabase.GetUserRecord", vl_method_get_user_record, | |
998 | "io.systemd.UserDatabase.GetGroupRecord", vl_method_get_group_record, | |
999 | "io.systemd.UserDatabase.GetMemberships", vl_method_get_memberships); | |
1000 | if (r < 0) | |
1001 | return log_error_errno(r, "Failed to register varlink methods: %m"); | |
1002 | ||
1003 | (void) mkdir_p("/run/systemd/userdb", 0755); | |
1004 | ||
cc9886bc LP |
1005 | /* To make things easier to debug, when working from a homed managed home directory, let's optionally |
1006 | * use a different varlink socket name */ | |
1007 | suffix = getenv("SYSTEMD_HOME_DEBUG_SUFFIX"); | |
1d3b68f6 AZ |
1008 | if (suffix) { |
1009 | p = strjoin("/run/systemd/userdb/io.systemd.Home.", suffix); | |
1010 | if (!p) | |
1011 | return log_oom(); | |
1012 | socket_path = p; | |
1013 | } else | |
cc9886bc LP |
1014 | socket_path = "/run/systemd/userdb/io.systemd.Home"; |
1015 | ||
1016 | r = varlink_server_listen_address(m->varlink_server, socket_path, 0666); | |
70a5db58 LP |
1017 | if (r < 0) |
1018 | return log_error_errno(r, "Failed to bind to varlink socket: %m"); | |
1019 | ||
1020 | r = varlink_server_attach_event(m->varlink_server, m->event, SD_EVENT_PRIORITY_NORMAL); | |
1021 | if (r < 0) | |
1022 | return log_error_errno(r, "Failed to attach varlink connection to event loop: %m"); | |
1023 | ||
cc9886bc LP |
1024 | assert(!m->userdb_service); |
1025 | m->userdb_service = strdup(basename(socket_path)); | |
1026 | if (!m->userdb_service) | |
1027 | return log_oom(); | |
1028 | ||
1029 | /* Avoid recursion */ | |
1030 | if (setenv("SYSTEMD_BYPASS_USERDB", m->userdb_service, 1) < 0) | |
1031 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to set $SYSTEMD_BYPASS_USERDB: %m"); | |
1032 | ||
70a5db58 LP |
1033 | return 0; |
1034 | } | |
1035 | ||
2aaf565a LP |
1036 | static ssize_t read_datagram( |
1037 | int fd, | |
1038 | struct ucred *ret_sender, | |
1039 | void **ret, | |
1040 | int *ret_passed_fd) { | |
1041 | ||
1042 | CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred)) + CMSG_SPACE(sizeof(int))) control; | |
70a5db58 | 1043 | _cleanup_free_ void *buffer = NULL; |
2aaf565a LP |
1044 | _cleanup_close_ int passed_fd = -1; |
1045 | struct ucred *sender = NULL; | |
1046 | struct cmsghdr *cmsg; | |
1047 | struct msghdr mh; | |
1048 | struct iovec iov; | |
70a5db58 LP |
1049 | ssize_t n, m; |
1050 | ||
1051 | assert(fd >= 0); | |
1052 | assert(ret_sender); | |
1053 | assert(ret); | |
2aaf565a | 1054 | assert(ret_passed_fd); |
70a5db58 LP |
1055 | |
1056 | n = next_datagram_size_fd(fd); | |
1057 | if (n < 0) | |
1058 | return n; | |
1059 | ||
1060 | buffer = malloc(n + 2); | |
1061 | if (!buffer) | |
1062 | return -ENOMEM; | |
1063 | ||
2aaf565a LP |
1064 | /* Pass one extra byte, as a size check */ |
1065 | iov = IOVEC_MAKE(buffer, n + 1); | |
70a5db58 | 1066 | |
2aaf565a LP |
1067 | mh = (struct msghdr) { |
1068 | .msg_iov = &iov, | |
1069 | .msg_iovlen = 1, | |
1070 | .msg_control = &control, | |
1071 | .msg_controllen = sizeof(control), | |
1072 | }; | |
70a5db58 | 1073 | |
2aaf565a LP |
1074 | m = recvmsg_safe(fd, &mh, MSG_DONTWAIT|MSG_CMSG_CLOEXEC); |
1075 | if (m < 0) | |
1076 | return m; | |
70a5db58 | 1077 | |
2aaf565a LP |
1078 | /* Ensure the size matches what we determined before */ |
1079 | if (m != n) { | |
70a5db58 | 1080 | cmsg_close_all(&mh); |
2aaf565a LP |
1081 | return -EMSGSIZE; |
1082 | } | |
70a5db58 | 1083 | |
2aaf565a LP |
1084 | CMSG_FOREACH(cmsg, &mh) { |
1085 | if (cmsg->cmsg_level == SOL_SOCKET && | |
1086 | cmsg->cmsg_type == SCM_CREDENTIALS && | |
1087 | cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) { | |
1088 | assert(!sender); | |
1089 | sender = (struct ucred*) CMSG_DATA(cmsg); | |
1090 | } | |
70a5db58 | 1091 | |
2aaf565a LP |
1092 | if (cmsg->cmsg_level == SOL_SOCKET && |
1093 | cmsg->cmsg_type == SCM_RIGHTS) { | |
70a5db58 | 1094 | |
2aaf565a LP |
1095 | if (cmsg->cmsg_len != CMSG_LEN(sizeof(int))) { |
1096 | cmsg_close_all(&mh); | |
1097 | return -EMSGSIZE; | |
70a5db58 LP |
1098 | } |
1099 | ||
2aaf565a LP |
1100 | assert(passed_fd < 0); |
1101 | passed_fd = *(int*) CMSG_DATA(cmsg); | |
1102 | } | |
70a5db58 LP |
1103 | } |
1104 | ||
2aaf565a LP |
1105 | if (sender) |
1106 | *ret_sender = *sender; | |
1107 | else | |
1108 | *ret_sender = (struct ucred) UCRED_INVALID; | |
1109 | ||
1110 | *ret_passed_fd = TAKE_FD(passed_fd); | |
1111 | ||
70a5db58 LP |
1112 | /* For safety reasons: let's always NUL terminate. */ |
1113 | ((char*) buffer)[n] = 0; | |
1114 | *ret = TAKE_PTR(buffer); | |
1115 | ||
1116 | return 0; | |
1117 | } | |
1118 | ||
1119 | static int on_notify_socket(sd_event_source *s, int fd, uint32_t revents, void *userdata) { | |
1120 | _cleanup_strv_free_ char **l = NULL; | |
1121 | _cleanup_free_ void *datagram = NULL; | |
2aaf565a LP |
1122 | _cleanup_close_ int passed_fd = -1; |
1123 | struct ucred sender = UCRED_INVALID; | |
99534007 | 1124 | Manager *m = ASSERT_PTR(userdata); |
70a5db58 LP |
1125 | ssize_t n; |
1126 | Home *h; | |
1127 | ||
1128 | assert(s); | |
70a5db58 | 1129 | |
2aaf565a | 1130 | n = read_datagram(fd, &sender, &datagram, &passed_fd); |
8add30a0 YW |
1131 | if (n < 0) { |
1132 | if (ERRNO_IS_TRANSIENT(n)) | |
1133 | return 0; | |
70a5db58 | 1134 | return log_error_errno(n, "Failed to read notify datagram: %m"); |
8add30a0 | 1135 | } |
70a5db58 LP |
1136 | |
1137 | if (sender.pid <= 0) { | |
1138 | log_warning("Received notify datagram without valid sender PID, ignoring."); | |
1139 | return 0; | |
1140 | } | |
1141 | ||
1142 | h = hashmap_get(m->homes_by_worker_pid, PID_TO_PTR(sender.pid)); | |
1143 | if (!h) { | |
162392b7 | 1144 | log_warning("Received notify datagram of unknown process, ignoring."); |
70a5db58 LP |
1145 | return 0; |
1146 | } | |
1147 | ||
1148 | l = strv_split(datagram, "\n"); | |
1149 | if (!l) | |
1150 | return log_oom(); | |
1151 | ||
2aaf565a | 1152 | home_process_notify(h, l, TAKE_FD(passed_fd)); |
70a5db58 LP |
1153 | return 0; |
1154 | } | |
1155 | ||
1156 | static int manager_listen_notify(Manager *m) { | |
1157 | _cleanup_close_ int fd = -1; | |
425d925f ZJS |
1158 | union sockaddr_union sa = { |
1159 | .un.sun_family = AF_UNIX, | |
1160 | .un.sun_path = "/run/systemd/home/notify", | |
1161 | }; | |
cc9886bc | 1162 | const char *suffix; |
70a5db58 LP |
1163 | int r; |
1164 | ||
1165 | assert(m); | |
1166 | assert(!m->notify_socket_event_source); | |
1167 | ||
cc9886bc LP |
1168 | suffix = getenv("SYSTEMD_HOME_DEBUG_SUFFIX"); |
1169 | if (suffix) { | |
1d3b68f6 | 1170 | _cleanup_free_ char *unix_path = NULL; |
cc9886bc | 1171 | |
1d3b68f6 AZ |
1172 | unix_path = strjoin("/run/systemd/home/notify.", suffix); |
1173 | if (!unix_path) | |
1174 | return log_oom(); | |
cc9886bc LP |
1175 | r = sockaddr_un_set_path(&sa.un, unix_path); |
1176 | if (r < 0) | |
1177 | return log_error_errno(r, "Socket path %s does not fit in sockaddr_un: %m", unix_path); | |
1178 | } | |
1179 | ||
70a5db58 LP |
1180 | fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0); |
1181 | if (fd < 0) | |
1182 | return log_error_errno(errno, "Failed to create listening socket: %m"); | |
1183 | ||
70a5db58 LP |
1184 | (void) mkdir_parents(sa.un.sun_path, 0755); |
1185 | (void) sockaddr_un_unlink(&sa.un); | |
1186 | ||
1187 | if (bind(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) | |
1188 | return log_error_errno(errno, "Failed to bind to socket: %m"); | |
1189 | ||
1190 | r = setsockopt_int(fd, SOL_SOCKET, SO_PASSCRED, true); | |
1191 | if (r < 0) | |
1192 | return r; | |
1193 | ||
1194 | r = sd_event_add_io(m->event, &m->notify_socket_event_source, fd, EPOLLIN, on_notify_socket, m); | |
1195 | if (r < 0) | |
1196 | return log_error_errno(r, "Failed to allocate event source for notify socket: %m"); | |
1197 | ||
1198 | (void) sd_event_source_set_description(m->notify_socket_event_source, "notify-socket"); | |
1199 | ||
1200 | /* Make sure we process sd_notify() before SIGCHLD for any worker, so that we always know the error | |
1201 | * number of a client before it exits. */ | |
1202 | r = sd_event_source_set_priority(m->notify_socket_event_source, SD_EVENT_PRIORITY_NORMAL - 5); | |
1203 | if (r < 0) | |
1204 | return log_error_errno(r, "Failed to alter priority of NOTIFY_SOCKET event source: %m"); | |
1205 | ||
1206 | r = sd_event_source_set_io_fd_own(m->notify_socket_event_source, true); | |
1207 | if (r < 0) | |
1208 | return log_error_errno(r, "Failed to pass ownership of notify socket: %m"); | |
1209 | ||
1210 | return TAKE_FD(fd); | |
1211 | } | |
1212 | ||
1213 | static int manager_add_device(Manager *m, sd_device *d) { | |
1214 | _cleanup_free_ char *user_name = NULL, *realm = NULL, *node = NULL; | |
1215 | const char *tabletype, *parttype, *partname, *partuuid, *sysfs; | |
1216 | sd_id128_t id; | |
1217 | int r; | |
1218 | ||
1219 | assert(m); | |
1220 | assert(d); | |
1221 | ||
1222 | r = sd_device_get_syspath(d, &sysfs); | |
1223 | if (r < 0) | |
1224 | return log_error_errno(r, "Failed to acquire sysfs path of device: %m"); | |
1225 | ||
1226 | r = sd_device_get_property_value(d, "ID_PART_TABLE_TYPE", &tabletype); | |
1227 | if (r == -ENOENT) | |
1228 | return 0; | |
1229 | if (r < 0) | |
1230 | return log_error_errno(r, "Failed to acquire ID_PART_TABLE_TYPE device property, ignoring: %m"); | |
1231 | ||
1232 | if (!streq(tabletype, "gpt")) { | |
1233 | log_debug("Found partition (%s) on non-GPT table, ignoring.", sysfs); | |
1234 | return 0; | |
1235 | } | |
1236 | ||
1237 | r = sd_device_get_property_value(d, "ID_PART_ENTRY_TYPE", &parttype); | |
1238 | if (r == -ENOENT) | |
1239 | return 0; | |
1240 | if (r < 0) | |
1241 | return log_error_errno(r, "Failed to acquire ID_PART_ENTRY_TYPE device property, ignoring: %m"); | |
e1614484 | 1242 | if (sd_id128_string_equal(parttype, GPT_USER_HOME) <= 0) { |
70a5db58 LP |
1243 | log_debug("Found partition (%s) we don't care about, ignoring.", sysfs); |
1244 | return 0; | |
1245 | } | |
1246 | ||
1247 | r = sd_device_get_property_value(d, "ID_PART_ENTRY_NAME", &partname); | |
1248 | if (r < 0) | |
1249 | return log_warning_errno(r, "Failed to acquire ID_PART_ENTRY_NAME device property, ignoring: %m"); | |
1250 | ||
1251 | r = split_user_name_realm(partname, &user_name, &realm); | |
1252 | if (r == -EINVAL) | |
1253 | return log_warning_errno(r, "Found partition with correct partition type but a non-parsable partition name '%s', ignoring.", partname); | |
1254 | if (r < 0) | |
1255 | return log_error_errno(r, "Failed to validate partition name '%s': %m", partname); | |
1256 | ||
1257 | r = sd_device_get_property_value(d, "ID_FS_UUID", &partuuid); | |
1258 | if (r < 0) | |
1259 | return log_warning_errno(r, "Failed to acquire ID_FS_UUID device property, ignoring: %m"); | |
1260 | ||
1261 | r = sd_id128_from_string(partuuid, &id); | |
1262 | if (r < 0) | |
1263 | return log_warning_errno(r, "Failed to parse ID_FS_UUID field '%s', ignoring: %m", partuuid); | |
1264 | ||
1265 | if (asprintf(&node, "/dev/disk/by-uuid/" SD_ID128_UUID_FORMAT_STR, SD_ID128_FORMAT_VAL(id)) < 0) | |
1266 | return log_oom(); | |
1267 | ||
1268 | return manager_add_home_by_image(m, user_name, realm, node, sysfs, USER_LUKS, UID_INVALID); | |
1269 | } | |
1270 | ||
1271 | static int manager_on_device(sd_device_monitor *monitor, sd_device *d, void *userdata) { | |
99534007 | 1272 | Manager *m = ASSERT_PTR(userdata); |
70a5db58 LP |
1273 | int r; |
1274 | ||
70a5db58 LP |
1275 | assert(d); |
1276 | ||
a1130022 | 1277 | if (device_for_action(d, SD_DEVICE_REMOVE)) { |
70a5db58 LP |
1278 | const char *sysfs; |
1279 | Home *h; | |
1280 | ||
1281 | r = sd_device_get_syspath(d, &sysfs); | |
1282 | if (r < 0) { | |
1283 | log_warning_errno(r, "Failed to acquire sysfs path from device: %m"); | |
1284 | return 0; | |
1285 | } | |
1286 | ||
1287 | log_info("block device %s has been removed.", sysfs); | |
1288 | ||
1289 | /* Let's see if we previously synthesized a home record from this device, if so, let's just | |
1290 | * revalidate that. Otherwise let's revalidate them all, but asynchronously. */ | |
1291 | h = hashmap_get(m->homes_by_sysfs, sysfs); | |
1292 | if (h) | |
1293 | manager_revalidate_image(m, h); | |
1294 | else | |
1295 | manager_enqueue_gc(m, NULL); | |
1296 | } else | |
1297 | (void) manager_add_device(m, d); | |
1298 | ||
1299 | (void) bus_manager_emit_auto_login_changed(m); | |
1300 | return 0; | |
1301 | } | |
1302 | ||
1303 | static int manager_watch_devices(Manager *m) { | |
1304 | int r; | |
1305 | ||
1306 | assert(m); | |
1307 | assert(!m->device_monitor); | |
1308 | ||
1309 | r = sd_device_monitor_new(&m->device_monitor); | |
1310 | if (r < 0) | |
1311 | return log_error_errno(r, "Failed to allocate device monitor: %m"); | |
1312 | ||
1313 | r = sd_device_monitor_filter_add_match_subsystem_devtype(m->device_monitor, "block", NULL); | |
1314 | if (r < 0) | |
1315 | return log_error_errno(r, "Failed to configure device monitor match: %m"); | |
1316 | ||
1317 | r = sd_device_monitor_attach_event(m->device_monitor, m->event); | |
1318 | if (r < 0) | |
1319 | return log_error_errno(r, "Failed to attach device monitor to event loop: %m"); | |
1320 | ||
1321 | r = sd_device_monitor_start(m->device_monitor, manager_on_device, m); | |
1322 | if (r < 0) | |
1323 | return log_error_errno(r, "Failed to start device monitor: %m"); | |
1324 | ||
1325 | return 0; | |
1326 | } | |
1327 | ||
1328 | static int manager_enumerate_devices(Manager *m) { | |
1329 | _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; | |
1330 | sd_device *d; | |
1331 | int r; | |
1332 | ||
1333 | assert(m); | |
1334 | ||
1335 | r = sd_device_enumerator_new(&e); | |
1336 | if (r < 0) | |
1337 | return r; | |
1338 | ||
1339 | r = sd_device_enumerator_add_match_subsystem(e, "block", true); | |
1340 | if (r < 0) | |
1341 | return r; | |
1342 | ||
1343 | FOREACH_DEVICE(e, d) | |
1344 | (void) manager_add_device(m, d); | |
1345 | ||
1346 | return 0; | |
1347 | } | |
1348 | ||
1349 | static int manager_load_key_pair(Manager *m) { | |
1350 | _cleanup_(fclosep) FILE *f = NULL; | |
1351 | struct stat st; | |
1352 | int r; | |
1353 | ||
1354 | assert(m); | |
1355 | ||
1356 | if (m->private_key) { | |
1357 | EVP_PKEY_free(m->private_key); | |
1358 | m->private_key = NULL; | |
1359 | } | |
1360 | ||
2708160c | 1361 | r = search_and_fopen_nulstr("local.private", "re", NULL, KEY_PATHS_NULSTR, &f, NULL); |
70a5db58 LP |
1362 | if (r == -ENOENT) |
1363 | return 0; | |
1364 | if (r < 0) | |
1365 | return log_error_errno(r, "Failed to read private key file: %m"); | |
1366 | ||
1367 | if (fstat(fileno(f), &st) < 0) | |
1368 | return log_error_errno(errno, "Failed to stat private key file: %m"); | |
1369 | ||
1370 | r = stat_verify_regular(&st); | |
1371 | if (r < 0) | |
1372 | return log_error_errno(r, "Private key file is not regular: %m"); | |
1373 | ||
1374 | if (st.st_uid != 0 || (st.st_mode & 0077) != 0) | |
1375 | return log_error_errno(SYNTHETIC_ERRNO(EPERM), "Private key file is readable by more than the root user"); | |
1376 | ||
1377 | m->private_key = PEM_read_PrivateKey(f, NULL, NULL, NULL); | |
1378 | if (!m->private_key) | |
1379 | return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to load private key pair"); | |
1380 | ||
1381 | log_info("Successfully loaded private key pair."); | |
1382 | ||
1383 | return 1; | |
1384 | } | |
1385 | ||
fd421c4a | 1386 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY_CTX*, EVP_PKEY_CTX_free, NULL); |
70a5db58 LP |
1387 | |
1388 | static int manager_generate_key_pair(Manager *m) { | |
1389 | _cleanup_(EVP_PKEY_CTX_freep) EVP_PKEY_CTX *ctx = NULL; | |
1390 | _cleanup_(unlink_and_freep) char *temp_public = NULL, *temp_private = NULL; | |
1391 | _cleanup_fclose_ FILE *fpublic = NULL, *fprivate = NULL; | |
1392 | int r; | |
1393 | ||
1394 | if (m->private_key) { | |
1395 | EVP_PKEY_free(m->private_key); | |
1396 | m->private_key = NULL; | |
1397 | } | |
1398 | ||
1399 | ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL); | |
1400 | if (!ctx) | |
1401 | return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to allocate Ed25519 key generation context."); | |
1402 | ||
1403 | if (EVP_PKEY_keygen_init(ctx) <= 0) | |
1404 | return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to initialize Ed25519 key generation context."); | |
1405 | ||
1406 | log_info("Generating key pair for signing local user identity records."); | |
1407 | ||
1408 | if (EVP_PKEY_keygen(ctx, &m->private_key) <= 0) | |
1409 | return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to generate Ed25519 key pair"); | |
1410 | ||
1411 | log_info("Successfully created Ed25519 key pair."); | |
1412 | ||
1413 | (void) mkdir_p("/var/lib/systemd/home", 0755); | |
1414 | ||
1415 | /* Write out public key (note that we only do that as a help to the user, we don't make use of this ever */ | |
1416 | r = fopen_temporary("/var/lib/systemd/home/local.public", &fpublic, &temp_public); | |
1417 | if (r < 0) | |
80ace4f2 | 1418 | return log_error_errno(errno, "Failed to open key file for writing: %m"); |
70a5db58 LP |
1419 | |
1420 | if (PEM_write_PUBKEY(fpublic, m->private_key) <= 0) | |
1421 | return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to write public key."); | |
1422 | ||
fa3709c5 | 1423 | r = fflush_sync_and_check(fpublic); |
70a5db58 LP |
1424 | if (r < 0) |
1425 | return log_error_errno(r, "Failed to write private key: %m"); | |
1426 | ||
1427 | fpublic = safe_fclose(fpublic); | |
1428 | ||
1429 | /* Write out the private key (this actually writes out both private and public, OpenSSL is confusing) */ | |
1430 | r = fopen_temporary("/var/lib/systemd/home/local.private", &fprivate, &temp_private); | |
1431 | if (r < 0) | |
80ace4f2 | 1432 | return log_error_errno(errno, "Failed to open key file for writing: %m"); |
70a5db58 LP |
1433 | |
1434 | if (PEM_write_PrivateKey(fprivate, m->private_key, NULL, NULL, 0, NULL, 0) <= 0) | |
1435 | return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to write private key pair."); | |
1436 | ||
fa3709c5 | 1437 | r = fflush_sync_and_check(fprivate); |
70a5db58 LP |
1438 | if (r < 0) |
1439 | return log_error_errno(r, "Failed to write private key: %m"); | |
1440 | ||
1441 | fprivate = safe_fclose(fprivate); | |
1442 | ||
1443 | /* Both are written now, move them into place */ | |
1444 | ||
1445 | if (rename(temp_public, "/var/lib/systemd/home/local.public") < 0) | |
1446 | return log_error_errno(errno, "Failed to move public key file into place: %m"); | |
1447 | temp_public = mfree(temp_public); | |
1448 | ||
1449 | if (rename(temp_private, "/var/lib/systemd/home/local.private") < 0) { | |
1450 | (void) unlink_noerrno("/var/lib/systemd/home/local.public"); /* try to remove the file we already created */ | |
e8dd54ab | 1451 | return log_error_errno(errno, "Failed to move private key file into place: %m"); |
70a5db58 LP |
1452 | } |
1453 | temp_private = mfree(temp_private); | |
1454 | ||
fa3709c5 LP |
1455 | r = fsync_path_at(AT_FDCWD, "/var/lib/systemd/home/"); |
1456 | if (r < 0) | |
1457 | log_warning_errno(r, "Failed to sync /var/lib/systemd/home/, ignoring: %m"); | |
1458 | ||
70a5db58 LP |
1459 | return 1; |
1460 | } | |
1461 | ||
1462 | int manager_acquire_key_pair(Manager *m) { | |
1463 | int r; | |
1464 | ||
1465 | assert(m); | |
1466 | ||
1467 | /* Already there? */ | |
1468 | if (m->private_key) | |
1469 | return 1; | |
1470 | ||
1471 | /* First try to load key off disk */ | |
1472 | r = manager_load_key_pair(m); | |
1473 | if (r != 0) | |
1474 | return r; | |
1475 | ||
1476 | /* Didn't work, generate a new one */ | |
1477 | return manager_generate_key_pair(m); | |
1478 | } | |
1479 | ||
1480 | int manager_sign_user_record(Manager *m, UserRecord *u, UserRecord **ret, sd_bus_error *error) { | |
1481 | int r; | |
1482 | ||
1483 | assert(m); | |
1484 | assert(u); | |
1485 | assert(ret); | |
1486 | ||
1487 | r = manager_acquire_key_pair(m); | |
1488 | if (r < 0) | |
1489 | return r; | |
1490 | if (r == 0) | |
1b09b81c | 1491 | return sd_bus_error_set(error, BUS_ERROR_NO_PRIVATE_KEY, "Can't sign without local key."); |
70a5db58 LP |
1492 | |
1493 | return user_record_sign(u, m->private_key, ret); | |
1494 | } | |
1495 | ||
1496 | DEFINE_PRIVATE_HASH_OPS_FULL(public_key_hash_ops, char, string_hash_func, string_compare_func, free, EVP_PKEY, EVP_PKEY_free); | |
fd421c4a | 1497 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY*, EVP_PKEY_free, NULL); |
70a5db58 LP |
1498 | |
1499 | static int manager_load_public_key_one(Manager *m, const char *path) { | |
1500 | _cleanup_(EVP_PKEY_freep) EVP_PKEY *pkey = NULL; | |
1501 | _cleanup_fclose_ FILE *f = NULL; | |
1502 | _cleanup_free_ char *fn = NULL; | |
1503 | struct stat st; | |
1504 | int r; | |
1505 | ||
1506 | assert(m); | |
1507 | ||
1508 | if (streq(basename(path), "local.public")) /* we already loaded the private key, which includes the public one */ | |
1509 | return 0; | |
1510 | ||
1511 | f = fopen(path, "re"); | |
1512 | if (!f) { | |
1513 | if (errno == ENOENT) | |
1514 | return 0; | |
1515 | ||
1516 | return log_error_errno(errno, "Failed to open public key %s: %m", path); | |
1517 | } | |
1518 | ||
1519 | if (fstat(fileno(f), &st) < 0) | |
1520 | return log_error_errno(errno, "Failed to stat public key %s: %m", path); | |
1521 | ||
1522 | r = stat_verify_regular(&st); | |
1523 | if (r < 0) | |
1524 | return log_error_errno(r, "Public key file %s is not a regular file: %m", path); | |
1525 | ||
1526 | if (st.st_uid != 0 || (st.st_mode & 0022) != 0) | |
1527 | return log_error_errno(SYNTHETIC_ERRNO(EPERM), "Public key file %s is writable by more than the root user, refusing.", path); | |
1528 | ||
1529 | r = hashmap_ensure_allocated(&m->public_keys, &public_key_hash_ops); | |
1530 | if (r < 0) | |
1531 | return log_oom(); | |
1532 | ||
1533 | pkey = PEM_read_PUBKEY(f, &pkey, NULL, NULL); | |
1534 | if (!pkey) | |
1535 | return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to parse public key file %s.", path); | |
1536 | ||
1537 | fn = strdup(basename(path)); | |
1538 | if (!fn) | |
1539 | return log_oom(); | |
1540 | ||
1541 | r = hashmap_put(m->public_keys, fn, pkey); | |
1542 | if (r < 0) | |
1543 | return log_error_errno(r, "Failed to add public key to set: %m"); | |
1544 | ||
1545 | TAKE_PTR(fn); | |
1546 | TAKE_PTR(pkey); | |
1547 | ||
1548 | return 0; | |
1549 | } | |
1550 | ||
1551 | static int manager_load_public_keys(Manager *m) { | |
1552 | _cleanup_strv_free_ char **files = NULL; | |
70a5db58 LP |
1553 | int r; |
1554 | ||
1555 | assert(m); | |
1556 | ||
1557 | m->public_keys = hashmap_free(m->public_keys); | |
1558 | ||
1559 | r = conf_files_list_nulstr( | |
1560 | &files, | |
1561 | ".public", | |
1562 | NULL, | |
1563 | CONF_FILES_REGULAR|CONF_FILES_FILTER_MASKED, | |
1564 | KEY_PATHS_NULSTR); | |
1565 | if (r < 0) | |
1566 | return log_error_errno(r, "Failed to assemble list of public key directories: %m"); | |
1567 | ||
1568 | STRV_FOREACH(i, files) | |
1569 | (void) manager_load_public_key_one(m, *i); | |
1570 | ||
1571 | return 0; | |
1572 | } | |
1573 | ||
1574 | int manager_startup(Manager *m) { | |
1575 | int r; | |
1576 | ||
1577 | assert(m); | |
1578 | ||
1579 | r = manager_listen_notify(m); | |
1580 | if (r < 0) | |
1581 | return r; | |
1582 | ||
1583 | r = manager_connect_bus(m); | |
1584 | if (r < 0) | |
1585 | return r; | |
1586 | ||
1587 | r = manager_bind_varlink(m); | |
1588 | if (r < 0) | |
1589 | return r; | |
1590 | ||
1591 | r = manager_load_key_pair(m); /* only try to load it, don't generate any */ | |
1592 | if (r < 0) | |
1593 | return r; | |
1594 | ||
1595 | r = manager_load_public_keys(m); | |
1596 | if (r < 0) | |
1597 | return r; | |
1598 | ||
1599 | manager_watch_home(m); | |
1600 | (void) manager_watch_devices(m); | |
1601 | ||
1602 | (void) manager_enumerate_records(m); | |
1603 | (void) manager_enumerate_images(m); | |
1604 | (void) manager_enumerate_devices(m); | |
1605 | ||
1606 | /* Let's clean up home directories whose devices got removed while we were not running */ | |
1607 | (void) manager_enqueue_gc(m, NULL); | |
1608 | ||
1609 | return 0; | |
1610 | } | |
1611 | ||
1612 | void manager_revalidate_image(Manager *m, Home *h) { | |
1613 | int r; | |
1614 | ||
1615 | assert(m); | |
1616 | assert(h); | |
1617 | ||
1618 | /* Frees an automatically discovered image, if it's synthetic and its image disappeared. Unmounts any | |
1619 | * image if it's mounted but it's image vanished. */ | |
1620 | ||
1621 | if (h->current_operation || !ordered_set_isempty(h->pending_operations)) | |
1622 | return; | |
1623 | ||
1624 | if (h->state == HOME_UNFIXATED) { | |
1625 | r = user_record_test_image_path(h->record); | |
1626 | if (r < 0) | |
1627 | log_warning_errno(r, "Can't determine if image of %s exists, freeing unfixated user: %m", h->user_name); | |
1628 | else if (r == USER_TEST_ABSENT) | |
1629 | log_info("Image for %s disappeared, freeing unfixated user.", h->user_name); | |
1630 | else | |
1631 | return; | |
1632 | ||
1633 | home_free(h); | |
1634 | ||
1635 | } else if (h->state < 0) { | |
1636 | ||
1637 | r = user_record_test_home_directory(h->record); | |
1638 | if (r < 0) { | |
1639 | log_warning_errno(r, "Unable to determine state of home directory, ignoring: %m"); | |
1640 | return; | |
1641 | } | |
1642 | ||
1643 | if (r == USER_TEST_MOUNTED) { | |
1644 | r = user_record_test_image_path(h->record); | |
1645 | if (r < 0) { | |
1646 | log_warning_errno(r, "Unable to determine state of image path, ignoring: %m"); | |
1647 | return; | |
1648 | } | |
1649 | ||
1650 | if (r == USER_TEST_ABSENT) { | |
1651 | _cleanup_(operation_unrefp) Operation *o = NULL; | |
1652 | ||
1653 | log_notice("Backing image disappeared while home directory %s was mounted, unmounting it forcibly.", h->user_name); | |
1654 | /* Wowza, the thing is mounted, but the device is gone? Act on it. */ | |
1655 | ||
1656 | r = home_killall(h); | |
1657 | if (r < 0) | |
1658 | log_warning_errno(r, "Failed to kill processes of user %s, ignoring: %m", h->user_name); | |
1659 | ||
1660 | /* We enqueue the operation here, after all the home directory might | |
1661 | * currently already run some operation, and we can deactivate it only after | |
1662 | * that's complete. */ | |
1663 | o = operation_new(OPERATION_DEACTIVATE_FORCE, NULL); | |
1664 | if (!o) { | |
1665 | log_oom(); | |
1666 | return; | |
1667 | } | |
1668 | ||
1669 | r = home_schedule_operation(h, o, NULL); | |
1670 | if (r < 0) | |
1671 | log_warning_errno(r, "Failed to enqueue forced home directory %s deactivation, ignoring: %m", h->user_name); | |
1672 | } | |
1673 | } | |
1674 | } | |
1675 | } | |
1676 | ||
1677 | int manager_gc_images(Manager *m) { | |
1678 | Home *h; | |
1679 | ||
1680 | assert_se(m); | |
1681 | ||
1682 | if (m->gc_focus) { | |
1683 | /* Focus on a specific home */ | |
1684 | ||
1685 | h = TAKE_PTR(m->gc_focus); | |
1686 | manager_revalidate_image(m, h); | |
1687 | } else { | |
1688 | /* Gc all */ | |
70a5db58 | 1689 | |
90e74a66 | 1690 | HASHMAP_FOREACH(h, m->homes_by_name) |
70a5db58 LP |
1691 | manager_revalidate_image(m, h); |
1692 | } | |
1693 | ||
1694 | return 0; | |
1695 | } | |
1696 | ||
1697 | static int on_deferred_rescan(sd_event_source *s, void *userdata) { | |
99534007 | 1698 | Manager *m = ASSERT_PTR(userdata); |
70a5db58 | 1699 | |
cf536638 | 1700 | m->deferred_rescan_event_source = sd_event_source_disable_unref(m->deferred_rescan_event_source); |
70a5db58 LP |
1701 | |
1702 | manager_enumerate_devices(m); | |
1703 | manager_enumerate_images(m); | |
1704 | return 0; | |
1705 | } | |
1706 | ||
1707 | int manager_enqueue_rescan(Manager *m) { | |
1708 | int r; | |
1709 | ||
1710 | assert(m); | |
1711 | ||
1712 | if (m->deferred_rescan_event_source) | |
1713 | return 0; | |
1714 | ||
1715 | if (!m->event) | |
1716 | return 0; | |
1717 | ||
1718 | if (IN_SET(sd_event_get_state(m->event), SD_EVENT_FINISHED, SD_EVENT_EXITING)) | |
1719 | return 0; | |
1720 | ||
1721 | r = sd_event_add_defer(m->event, &m->deferred_rescan_event_source, on_deferred_rescan, m); | |
1722 | if (r < 0) | |
1723 | return log_error_errno(r, "Failed to allocate rescan event source: %m"); | |
1724 | ||
1725 | r = sd_event_source_set_priority(m->deferred_rescan_event_source, SD_EVENT_PRIORITY_IDLE+1); | |
1726 | if (r < 0) | |
1727 | log_warning_errno(r, "Failed to tweak priority of event source, ignoring: %m"); | |
1728 | ||
1729 | (void) sd_event_source_set_description(m->deferred_rescan_event_source, "deferred-rescan"); | |
1730 | return 1; | |
1731 | } | |
1732 | ||
1733 | static int on_deferred_gc(sd_event_source *s, void *userdata) { | |
99534007 | 1734 | Manager *m = ASSERT_PTR(userdata); |
70a5db58 | 1735 | |
cf536638 | 1736 | m->deferred_gc_event_source = sd_event_source_disable_unref(m->deferred_gc_event_source); |
70a5db58 LP |
1737 | |
1738 | manager_gc_images(m); | |
1739 | return 0; | |
1740 | } | |
1741 | ||
1742 | int manager_enqueue_gc(Manager *m, Home *focus) { | |
1743 | int r; | |
1744 | ||
1745 | assert(m); | |
1746 | ||
1747 | /* This enqueues a request to GC dead homes. It may be called with focus=NULL in which case all homes | |
1748 | * will be scanned, or with the parameter set, in which case only that home is checked. */ | |
1749 | ||
1750 | if (!m->event) | |
1751 | return 0; | |
1752 | ||
1753 | if (IN_SET(sd_event_get_state(m->event), SD_EVENT_FINISHED, SD_EVENT_EXITING)) | |
1754 | return 0; | |
1755 | ||
1756 | /* If a focus home is specified, then remember to focus just on this home. Otherwise invalidate any | |
1757 | * focus that might be set to look at all homes. */ | |
1758 | ||
1759 | if (m->deferred_gc_event_source) { | |
1760 | if (m->gc_focus != focus) /* not the same focus, then look at everything */ | |
1761 | m->gc_focus = NULL; | |
1762 | ||
1763 | return 0; | |
1764 | } else | |
162392b7 | 1765 | m->gc_focus = focus; /* start focused */ |
70a5db58 LP |
1766 | |
1767 | r = sd_event_add_defer(m->event, &m->deferred_gc_event_source, on_deferred_gc, m); | |
1768 | if (r < 0) | |
80ace4f2 | 1769 | return log_error_errno(r, "Failed to allocate GC event source: %m"); |
70a5db58 LP |
1770 | |
1771 | r = sd_event_source_set_priority(m->deferred_gc_event_source, SD_EVENT_PRIORITY_IDLE); | |
1772 | if (r < 0) | |
1773 | log_warning_errno(r, "Failed to tweak priority of event source, ignoring: %m"); | |
1774 | ||
1775 | (void) sd_event_source_set_description(m->deferred_gc_event_source, "deferred-gc"); | |
1776 | return 1; | |
1777 | } | |
d357b80d LP |
1778 | |
1779 | static bool manager_shall_rebalance(Manager *m) { | |
1780 | Home *h; | |
1781 | ||
1782 | assert(m); | |
1783 | ||
1784 | if (IN_SET(m->rebalance_state, REBALANCE_PENDING, REBALANCE_SHRINKING, REBALANCE_GROWING)) | |
1785 | return true; | |
1786 | ||
1787 | HASHMAP_FOREACH(h, m->homes_by_name) | |
1788 | if (home_shall_rebalance(h)) | |
1789 | return true; | |
1790 | ||
1791 | return false; | |
1792 | } | |
1793 | ||
1794 | static int home_cmp(Home *const*a, Home *const*b) { | |
1795 | int r; | |
1796 | ||
1797 | assert(a); | |
1798 | assert(*a); | |
1799 | assert(b); | |
1800 | assert(*b); | |
1801 | ||
1802 | /* Order user records by their weight (and by their name, to make things stable). We put the records | |
a6f44d61 | 1803 | * with the highest weight last, since we distribute space from the beginning and round down, hence |
d357b80d LP |
1804 | * later entries tend to get slightly more than earlier entries. */ |
1805 | ||
1806 | r = CMP(user_record_rebalance_weight((*a)->record), user_record_rebalance_weight((*b)->record)); | |
1807 | if (r != 0) | |
1808 | return r; | |
1809 | ||
1810 | return strcmp((*a)->user_name, (*b)->user_name); | |
1811 | } | |
1812 | ||
1813 | static int manager_rebalance_calculate(Manager *m) { | |
1814 | uint64_t weight_sum, free_sum, usage_sum = 0, min_free = UINT64_MAX; | |
1815 | _cleanup_free_ Home **array = NULL; | |
1816 | bool relevant = false; | |
1817 | struct statfs sfs; | |
1818 | int c = 0, r; | |
1819 | Home *h; | |
1820 | ||
1821 | assert(m); | |
1822 | ||
1823 | if (statfs(get_home_root(), &sfs) < 0) | |
1824 | return log_error_errno(errno, "Failed to statfs() /home: %m"); | |
1825 | ||
1826 | free_sum = (uint64_t) sfs.f_bsize * sfs.f_bavail; /* This much free space is available on the | |
1827 | * underlying pool directory */ | |
1828 | ||
1829 | weight_sum = REBALANCE_WEIGHT_BACKING; /* Grant the underlying pool directory a fixed weight of 20 | |
1830 | * (home dirs get 100 by default, i.e. 5x more). This weight | |
1831 | * is not configurable, the per-home weights are. */ | |
1832 | ||
1833 | HASHMAP_FOREACH(h, m->homes_by_name) { | |
1834 | statfs_f_type_t fstype; | |
1835 | h->rebalance_pending = false; /* First, reset the flag, we only want it to be true for the | |
1836 | * homes that qualify for rebalancing */ | |
1837 | ||
1838 | if (!home_shall_rebalance(h)) /* Only look at actual candidates */ | |
1839 | continue; | |
1840 | ||
1841 | if (home_is_busy(h)) | |
1842 | return -EBUSY; /* Let's not rebalance if there's a busy home directory. */ | |
1843 | ||
1844 | r = home_get_disk_status( | |
1845 | h, | |
1846 | &h->rebalance_size, | |
1847 | &h->rebalance_usage, | |
1848 | &h->rebalance_free, | |
1849 | NULL, | |
1850 | NULL, | |
1851 | &fstype, | |
1852 | NULL); | |
1853 | if (r < 0) { | |
1854 | log_warning_errno(r, "Failed to get free space of home '%s', ignoring.", h->user_name); | |
1855 | continue; | |
1856 | } | |
1857 | ||
1858 | if (h->rebalance_free > UINT64_MAX - free_sum) | |
1859 | return log_error_errno(SYNTHETIC_ERRNO(EOVERFLOW), "Rebalance free overflow"); | |
1860 | free_sum += h->rebalance_free; | |
1861 | ||
1862 | if (h->rebalance_usage > UINT64_MAX - usage_sum) | |
1863 | return log_error_errno(SYNTHETIC_ERRNO(EOVERFLOW), "Rebalance usage overflow"); | |
1864 | usage_sum += h->rebalance_usage; | |
1865 | ||
1866 | h->rebalance_weight = user_record_rebalance_weight(h->record); | |
1867 | if (h->rebalance_weight > UINT64_MAX - weight_sum) | |
1868 | return log_error_errno(SYNTHETIC_ERRNO(EOVERFLOW), "Rebalance weight overflow"); | |
1869 | weight_sum += h->rebalance_weight; | |
1870 | ||
1871 | h->rebalance_min = minimal_size_by_fs_magic(fstype); | |
1872 | ||
1873 | if (!GREEDY_REALLOC(array, c+1)) | |
1874 | return log_oom(); | |
1875 | ||
1876 | array[c++] = h; | |
1877 | } | |
1878 | ||
1879 | if (c == 0) { | |
1880 | log_debug("No homes to rebalance."); | |
1881 | return 0; | |
1882 | } | |
1883 | ||
1884 | assert(weight_sum > 0); | |
1885 | ||
1886 | log_debug("Disk space usage by all home directories to rebalance: %s — available disk space: %s", | |
1887 | FORMAT_BYTES(usage_sum), FORMAT_BYTES(free_sum)); | |
1888 | ||
1889 | /* Bring the home directories in a well-defined order, so that we distribute space in a reproducible | |
1890 | * way for the same parameters. */ | |
1891 | typesafe_qsort(array, c, home_cmp); | |
1892 | ||
1893 | for (int i = 0; i < c; i++) { | |
1894 | uint64_t new_free; | |
1895 | double d; | |
1896 | ||
1897 | h = array[i]; | |
1898 | ||
1899 | assert(h->rebalance_free <= free_sum); | |
1900 | assert(h->rebalance_usage <= usage_sum); | |
1901 | assert(h->rebalance_weight <= weight_sum); | |
1902 | ||
1903 | d = ((double) (free_sum / 4096) * (double) h->rebalance_weight) / (double) weight_sum; /* Calculate new space for this home in units of 4K */ | |
1904 | ||
1905 | /* Convert from units of 4K back to bytes */ | |
1906 | if (d >= (double) (UINT64_MAX/4096)) | |
1907 | new_free = UINT64_MAX; | |
1908 | else | |
1909 | new_free = (uint64_t) d * 4096; | |
1910 | ||
1911 | /* Subtract the weight and assigned space from the sums now, to distribute the rounding noise | |
1912 | * to the remaining home dirs */ | |
1913 | free_sum = LESS_BY(free_sum, new_free); | |
1914 | weight_sum = LESS_BY(weight_sum, h->rebalance_weight); | |
1915 | ||
1916 | /* Keep track of home directory with the least amount of space left: we want to schedule the | |
1917 | * next rebalance more quickly if this is low */ | |
1918 | if (new_free < min_free) | |
1919 | min_free = h->rebalance_size; | |
1920 | ||
1921 | if (new_free > UINT64_MAX - h->rebalance_usage) | |
1922 | h->rebalance_goal = UINT64_MAX-1; /* maximum size */ | |
1923 | else { | |
1924 | h->rebalance_goal = h->rebalance_usage + new_free; | |
1925 | ||
1926 | if (h->rebalance_min != UINT64_MAX && h->rebalance_goal < h->rebalance_min) | |
1927 | h->rebalance_goal = h->rebalance_min; | |
1928 | } | |
1929 | ||
1930 | /* Skip over this home if the state doesn't match the operation */ | |
1931 | if ((m->rebalance_state == REBALANCE_SHRINKING && h->rebalance_goal > h->rebalance_size) || | |
1932 | (m->rebalance_state == REBALANCE_GROWING && h->rebalance_goal < h->rebalance_size)) | |
1933 | h->rebalance_pending = false; | |
1934 | else { | |
e2341b6b DT |
1935 | log_debug("Rebalancing home directory '%s' %s %s %s.", h->user_name, |
1936 | FORMAT_BYTES(h->rebalance_size), | |
1937 | special_glyph(SPECIAL_GLYPH_ARROW_RIGHT), | |
1938 | FORMAT_BYTES(h->rebalance_goal)); | |
d357b80d LP |
1939 | h->rebalance_pending = true; |
1940 | } | |
1941 | ||
1942 | if ((fabs((double) h->rebalance_size - (double) h->rebalance_goal) * 100 / (double) h->rebalance_size) >= 5.0) | |
1943 | relevant = true; | |
1944 | } | |
1945 | ||
1946 | /* Scale next rebalancing interval based on the least amount of space of any of the home | |
1947 | * directories. We pick a time in the range 1min … 15min, scaled by log2(min_free), so that: | |
1948 | * 10M → ~0.7min, 100M → ~2.7min, 1G → ~4.6min, 10G → ~6.5min, 100G ~8.4 */ | |
1949 | m->rebalance_interval_usec = (usec_t) CLAMP((LESS_BY(log2(min_free), 22)*15*USEC_PER_MINUTE)/26, | |
1950 | 1 * USEC_PER_MINUTE, | |
1951 | 15 * USEC_PER_MINUTE); | |
1952 | ||
1953 | ||
1954 | log_debug("Rebalancing interval set to %s.", FORMAT_TIMESPAN(m->rebalance_interval_usec, USEC_PER_MSEC)); | |
1955 | ||
1956 | /* Let's suppress small resizes, growing/shrinking file systems isn't free after all */ | |
1957 | if (!relevant) { | |
1958 | log_debug("Skipping rebalancing, since all calculated size changes are below ±5%%."); | |
1959 | return 0; | |
1960 | } | |
1961 | ||
1962 | return c; | |
1963 | } | |
1964 | ||
1965 | static int manager_rebalance_apply(Manager *m) { | |
1966 | int c = 0, r; | |
1967 | Home *h; | |
1968 | ||
1969 | assert(m); | |
1970 | ||
1971 | HASHMAP_FOREACH(h, m->homes_by_name) { | |
1972 | _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; | |
1973 | ||
1974 | if (!h->rebalance_pending) | |
1975 | continue; | |
1976 | ||
1977 | h->rebalance_pending = false; | |
1978 | ||
1979 | r = home_resize(h, h->rebalance_goal, /* secret= */ NULL, /* automatic= */ true, &error); | |
1980 | if (r < 0) | |
1981 | log_warning_errno(r, "Failed to resize home '%s' for rebalancing, ignoring: %s", | |
1982 | h->user_name, bus_error_message(&error, r)); | |
1983 | else | |
1984 | c++; | |
1985 | } | |
1986 | ||
1987 | return c; | |
1988 | } | |
1989 | ||
49505916 LP |
1990 | static void manager_rebalance_reply_messages(Manager *m) { |
1991 | int r; | |
1992 | ||
1993 | assert(m); | |
1994 | ||
1995 | for (;;) { | |
1996 | _cleanup_(sd_bus_message_unrefp) sd_bus_message *msg = | |
1997 | set_steal_first(m->rebalance_pending_method_calls); | |
1998 | ||
1999 | if (!msg) | |
2000 | break; | |
2001 | ||
2002 | r = sd_bus_reply_method_return(msg, NULL); | |
2003 | if (r < 0) | |
2004 | log_debug_errno(r, "Failed to reply to rebalance method call, ignoring: %m"); | |
2005 | } | |
2006 | } | |
2007 | ||
d357b80d LP |
2008 | static int manager_rebalance_now(Manager *m) { |
2009 | RebalanceState busy_state; /* the state to revert to when operation fails if busy */ | |
2010 | int r; | |
2011 | ||
2012 | assert(m); | |
2013 | ||
2014 | log_debug("Rebalancing now..."); | |
2015 | ||
2016 | /* We maintain a simple state engine here to keep track of what we are doing. We'll first shrink all | |
a6f44d61 | 2017 | * homes that shall be shrunk and then grow all homes that shall be grown, so that they can take up |
d357b80d LP |
2018 | * the space now freed. */ |
2019 | ||
2020 | for (;;) { | |
2021 | switch (m->rebalance_state) { | |
2022 | ||
2023 | case REBALANCE_IDLE: | |
2024 | case REBALANCE_PENDING: | |
2025 | case REBALANCE_WAITING: | |
2026 | /* First shrink large home dirs */ | |
2027 | m->rebalance_state = REBALANCE_SHRINKING; | |
2028 | busy_state = REBALANCE_PENDING; | |
49505916 LP |
2029 | |
2030 | /* We are initiating the next rebalancing cycle now, let's make the queued methods | |
2031 | * calls the pending ones, and flush out any pending ones (which shouldn't exist at | |
2032 | * this time anyway) */ | |
2033 | set_clear(m->rebalance_pending_method_calls); | |
2034 | SWAP_TWO(m->rebalance_pending_method_calls, m->rebalance_queued_method_calls); | |
2035 | ||
d357b80d LP |
2036 | log_debug("Shrinking phase.."); |
2037 | break; | |
2038 | ||
2039 | case REBALANCE_SHRINKING: | |
2040 | /* Then grow small home dirs */ | |
2041 | m->rebalance_state = REBALANCE_GROWING; | |
2042 | busy_state = REBALANCE_SHRINKING; | |
2043 | log_debug("Growing phase.."); | |
2044 | break; | |
2045 | ||
2046 | case REBALANCE_GROWING: | |
2047 | /* Finally, we are done */ | |
2048 | log_info("Rebalancing complete."); | |
2049 | m->rebalance_state = REBALANCE_IDLE; | |
2050 | r = 0; | |
2051 | goto finish; | |
2052 | ||
2053 | case REBALANCE_OFF: | |
2054 | default: | |
2055 | assert_not_reached(); | |
2056 | } | |
2057 | ||
2058 | r = manager_rebalance_calculate(m); | |
2059 | if (r == -EBUSY) { | |
2060 | /* Calculations failed because one home directory is currently busy. Revert to a state that | |
2061 | * tells us what to do next. */ | |
2062 | log_debug("Can't enter phase, busy."); | |
2063 | m->rebalance_state = busy_state; | |
2064 | return r; | |
2065 | } | |
2066 | if (r < 0) | |
2067 | goto finish; | |
2068 | if (r == 0) | |
2069 | continue; /* got to next step immediately, if there's nothing to do */ | |
2070 | ||
2071 | r = manager_rebalance_apply(m); | |
2072 | if (r < 0) | |
2073 | goto finish; | |
2074 | if (r > 0) | |
2075 | break; /* At least one resize operation is now pending, we are done for now */ | |
2076 | ||
2077 | /* If there was nothing to apply, go for next state right-away */ | |
2078 | } | |
2079 | ||
2080 | return 0; | |
2081 | ||
2082 | finish: | |
2083 | /* Reset state and schedule next rebalance */ | |
2084 | m->rebalance_state = REBALANCE_IDLE; | |
49505916 | 2085 | manager_rebalance_reply_messages(m); |
d357b80d LP |
2086 | (void) manager_schedule_rebalance(m, /* immediately= */ false); |
2087 | return r; | |
2088 | } | |
2089 | ||
2090 | static int on_rebalance_timer(sd_event_source *s, usec_t t, void *userdata) { | |
99534007 | 2091 | Manager *m = ASSERT_PTR(userdata); |
d357b80d LP |
2092 | |
2093 | assert(s); | |
d357b80d LP |
2094 | assert(IN_SET(m->rebalance_state, REBALANCE_WAITING, REBALANCE_PENDING, REBALANCE_SHRINKING, REBALANCE_GROWING)); |
2095 | ||
2096 | (void) manager_rebalance_now(m); | |
2097 | return 0; | |
2098 | } | |
2099 | ||
2100 | int manager_schedule_rebalance(Manager *m, bool immediately) { | |
2101 | int r; | |
2102 | ||
2103 | assert(m); | |
2104 | ||
2105 | /* Check if there are any records where rebalancing is requested */ | |
2106 | if (!manager_shall_rebalance(m)) { | |
2107 | log_debug("Not scheduling rebalancing, not needed."); | |
49505916 | 2108 | r = 0; /* report that we didn't schedule anything because nothing needed it */ |
d357b80d LP |
2109 | goto turn_off; |
2110 | } | |
2111 | ||
2112 | if (immediately) { | |
2113 | /* If we are told to rebalance immediately, then mark a rebalance as pending (even if we area | |
2114 | * already running one) */ | |
2115 | ||
2116 | if (m->rebalance_event_source) { | |
2117 | r = sd_event_source_set_time(m->rebalance_event_source, 0); | |
2118 | if (r < 0) { | |
2119 | log_error_errno(r, "Failed to schedule immediate rebalancing: %m"); | |
2120 | goto turn_off; | |
2121 | } | |
2122 | ||
2123 | r = sd_event_source_set_enabled(m->rebalance_event_source, SD_EVENT_ONESHOT); | |
2124 | if (r < 0) { | |
2125 | log_error_errno(r, "Failed to enable rebalancing event source: %m"); | |
2126 | goto turn_off; | |
2127 | } | |
2128 | } else { | |
2129 | r = sd_event_add_time(m->event, &m->rebalance_event_source, CLOCK_MONOTONIC, 0, USEC_PER_SEC, on_rebalance_timer, m); | |
2130 | if (r < 0) { | |
2131 | log_error_errno(r, "Failed to allocate rebalance event source: %m"); | |
2132 | goto turn_off; | |
2133 | } | |
2134 | ||
2135 | r = sd_event_source_set_priority(m->rebalance_event_source, SD_EVENT_PRIORITY_IDLE + 10); | |
2136 | if (r < 0) { | |
2137 | log_error_errno(r, "Failed to set rebalance event source priority: %m"); | |
2138 | goto turn_off; | |
2139 | } | |
2140 | ||
2141 | (void) sd_event_source_set_description(m->rebalance_event_source, "rebalance"); | |
2142 | ||
2143 | } | |
2144 | ||
2145 | if (!IN_SET(m->rebalance_state, REBALANCE_PENDING, REBALANCE_SHRINKING, REBALANCE_GROWING)) | |
2146 | m->rebalance_state = REBALANCE_PENDING; | |
2147 | ||
2148 | log_debug("Scheduled immediate rebalancing..."); | |
49505916 | 2149 | return 1; /* report that we scheduled something */ |
d357b80d LP |
2150 | } |
2151 | ||
2152 | /* If we are told to schedule a rebalancing eventually, then do so only if we are not executing | |
2153 | * anything yet. Also if we have something scheduled already, leave it in place */ | |
2154 | if (!IN_SET(m->rebalance_state, REBALANCE_OFF, REBALANCE_IDLE)) | |
49505916 | 2155 | return 1; /* report that there's already something scheduled */ |
d357b80d LP |
2156 | |
2157 | if (m->rebalance_event_source) { | |
2158 | r = sd_event_source_set_time_relative(m->rebalance_event_source, m->rebalance_interval_usec); | |
2159 | if (r < 0) { | |
2160 | log_error_errno(r, "Failed to schedule immediate rebalancing: %m"); | |
2161 | goto turn_off; | |
2162 | } | |
2163 | ||
2164 | r = sd_event_source_set_enabled(m->rebalance_event_source, SD_EVENT_ONESHOT); | |
2165 | if (r < 0) { | |
2166 | log_error_errno(r, "Failed to enable rebalancing event source: %m"); | |
2167 | goto turn_off; | |
2168 | } | |
2169 | } else { | |
2170 | r = sd_event_add_time_relative(m->event, &m->rebalance_event_source, CLOCK_MONOTONIC, m->rebalance_interval_usec, USEC_PER_SEC, on_rebalance_timer, m); | |
2171 | if (r < 0) { | |
2172 | log_error_errno(r, "Failed to allocate rebalance event source: %m"); | |
2173 | goto turn_off; | |
2174 | } | |
2175 | ||
2176 | r = sd_event_source_set_priority(m->rebalance_event_source, SD_EVENT_PRIORITY_IDLE + 10); | |
2177 | if (r < 0) { | |
2178 | log_error_errno(r, "Failed to set rebalance event source priority: %m"); | |
2179 | goto turn_off; | |
2180 | } | |
2181 | ||
2182 | (void) sd_event_source_set_description(m->rebalance_event_source, "rebalance"); | |
2183 | } | |
2184 | ||
2185 | m->rebalance_state = REBALANCE_WAITING; /* We managed to enqueue a timer event, we now wait until it fires */ | |
2186 | log_debug("Scheduled rebalancing in %s...", FORMAT_TIMESPAN(m->rebalance_interval_usec, 0)); | |
49505916 | 2187 | return 1; /* report that we scheduled something */ |
d357b80d LP |
2188 | |
2189 | turn_off: | |
2190 | m->rebalance_event_source = sd_event_source_disable_unref(m->rebalance_event_source); | |
2191 | m->rebalance_state = REBALANCE_OFF; | |
49505916 | 2192 | manager_rebalance_reply_messages(m); |
d357b80d LP |
2193 | return r; |
2194 | } | |
2195 | ||
2196 | int manager_reschedule_rebalance(Manager *m) { | |
2197 | int r; | |
2198 | ||
2199 | assert(m); | |
2200 | ||
2201 | /* If a rebalance is pending reschedules it so it gets executed immediately */ | |
2202 | ||
2203 | if (!IN_SET(m->rebalance_state, REBALANCE_PENDING, REBALANCE_SHRINKING, REBALANCE_GROWING)) | |
2204 | return 0; | |
2205 | ||
2206 | r = manager_schedule_rebalance(m, /* immediately= */ true); | |
2207 | if (r < 0) | |
2208 | return r; | |
2209 | ||
2210 | return 1; | |
2211 | } |