]>
Commit | Line | Data |
---|---|---|
70a5db58 LP |
1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
2 | ||
3 | #include <sys/mount.h> | |
4 | ||
5 | #include "btrfs-util.h" | |
6 | #include "fd-util.h" | |
7 | #include "homework-directory.h" | |
8 | #include "homework-quota.h" | |
9 | #include "mkdir.h" | |
10 | #include "mount-util.h" | |
11 | #include "path-util.h" | |
12 | #include "rm-rf.h" | |
13 | #include "tmpfile-util.h" | |
14 | #include "umask-util.h" | |
15 | ||
16 | int home_prepare_directory(UserRecord *h, bool already_activated, HomeSetup *setup) { | |
17 | assert(h); | |
18 | assert(setup); | |
19 | ||
20 | setup->root_fd = open(user_record_image_path(h), O_RDONLY|O_CLOEXEC|O_DIRECTORY); | |
21 | if (setup->root_fd < 0) | |
22 | return log_error_errno(errno, "Failed to open home directory: %m"); | |
23 | ||
24 | return 0; | |
25 | } | |
26 | ||
27 | int home_activate_directory( | |
28 | UserRecord *h, | |
7b78db28 | 29 | PasswordCache *cache, |
70a5db58 LP |
30 | UserRecord **ret_home) { |
31 | ||
32 | _cleanup_(user_record_unrefp) UserRecord *new_home = NULL, *header_home = NULL; | |
33 | _cleanup_(home_setup_undo) HomeSetup setup = HOME_SETUP_INIT; | |
34 | const char *hdo, *hd, *ipo, *ip; | |
35 | int r; | |
36 | ||
37 | assert(h); | |
38 | assert(IN_SET(user_record_storage(h), USER_DIRECTORY, USER_SUBVOLUME, USER_FSCRYPT)); | |
39 | assert(ret_home); | |
40 | ||
41 | assert_se(ipo = user_record_image_path(h)); | |
42 | ip = strdupa(ipo); /* copy out, since reconciliation might cause changing of the field */ | |
43 | ||
44 | assert_se(hdo = user_record_home_directory(h)); | |
45 | hd = strdupa(hdo); | |
46 | ||
7b78db28 | 47 | r = home_prepare(h, false, cache, &setup, &header_home); |
70a5db58 LP |
48 | if (r < 0) |
49 | return r; | |
50 | ||
7b78db28 | 51 | r = home_refresh(h, &setup, header_home, cache, NULL, &new_home); |
70a5db58 LP |
52 | if (r < 0) |
53 | return r; | |
54 | ||
55 | setup.root_fd = safe_close(setup.root_fd); | |
56 | ||
57 | /* Create mount point to mount over if necessary */ | |
58 | if (!path_equal(ip, hd)) | |
59 | (void) mkdir_p(hd, 0700); | |
60 | ||
61 | /* Create a mount point (even if the directory is already placed correctly), as a way to indicate | |
62 | * this mount point is now "activated". Moreover, we want to set per-user | |
63 | * MS_NOSUID/MS_NOEXEC/MS_NODEV. */ | |
64 | r = mount_verbose(LOG_ERR, ip, hd, NULL, MS_BIND, NULL); | |
65 | if (r < 0) | |
66 | return r; | |
67 | ||
68 | r = mount_verbose(LOG_ERR, NULL, hd, NULL, MS_BIND|MS_REMOUNT|user_record_mount_flags(h), NULL); | |
69 | if (r < 0) { | |
70 | (void) umount_verbose(hd); | |
71 | return r; | |
72 | } | |
73 | ||
74 | log_info("Everything completed."); | |
75 | ||
76 | *ret_home = TAKE_PTR(new_home); | |
77 | return 0; | |
78 | } | |
79 | ||
80 | int home_create_directory_or_subvolume(UserRecord *h, UserRecord **ret_home) { | |
81 | _cleanup_(rm_rf_subvolume_and_freep) char *temporary = NULL; | |
82 | _cleanup_(user_record_unrefp) UserRecord *new_home = NULL; | |
83 | _cleanup_close_ int root_fd = -1; | |
84 | _cleanup_free_ char *d = NULL; | |
85 | const char *ip; | |
86 | int r; | |
87 | ||
88 | assert(h); | |
89 | assert(IN_SET(user_record_storage(h), USER_DIRECTORY, USER_SUBVOLUME)); | |
90 | assert(ret_home); | |
91 | ||
92 | assert_se(ip = user_record_image_path(h)); | |
93 | ||
94 | r = tempfn_random(ip, "homework", &d); | |
95 | if (r < 0) | |
96 | return log_error_errno(r, "Failed to allocate temporary directory: %m"); | |
97 | ||
98 | (void) mkdir_parents(d, 0755); | |
99 | ||
100 | switch (user_record_storage(h)) { | |
101 | ||
102 | case USER_SUBVOLUME: | |
103 | RUN_WITH_UMASK(0077) | |
104 | r = btrfs_subvol_make(d); | |
105 | ||
106 | if (r >= 0) { | |
107 | log_info("Subvolume created."); | |
108 | ||
109 | if (h->disk_size != UINT64_MAX) { | |
110 | ||
111 | /* Enable quota for the subvolume we just created. Note we don't check for | |
112 | * errors here and only log about debug level about this. */ | |
113 | r = btrfs_quota_enable(d, true); | |
114 | if (r < 0) | |
115 | log_debug_errno(r, "Failed to enable quota on %s, ignoring: %m", d); | |
116 | ||
117 | r = btrfs_subvol_auto_qgroup(d, 0, false); | |
118 | if (r < 0) | |
119 | log_debug_errno(r, "Failed to set up automatic quota group on %s, ignoring: %m", d); | |
120 | ||
121 | /* Actually configure the quota. We also ignore errors here, but we do log | |
122 | * about them loudly, to keep things discoverable even though we don't | |
123 | * consider lacking quota support in kernel fatal. */ | |
124 | (void) home_update_quota_btrfs(h, d); | |
125 | } | |
126 | ||
127 | break; | |
128 | } | |
129 | if (r != -ENOTTY) | |
130 | return log_error_errno(r, "Failed to create temporary home directory subvolume %s: %m", d); | |
131 | ||
132 | log_info("Creating subvolume %s is not supported, as file system does not support subvolumes. Falling back to regular directory.", d); | |
133 | _fallthrough_; | |
134 | ||
135 | case USER_DIRECTORY: | |
136 | ||
137 | if (mkdir(d, 0700) < 0) | |
138 | return log_error_errno(errno, "Failed to create temporary home directory %s: %m", d); | |
139 | ||
140 | (void) home_update_quota_classic(h, d); | |
141 | break; | |
142 | ||
143 | default: | |
144 | assert_not_reached("unexpected storage"); | |
145 | } | |
146 | ||
147 | temporary = TAKE_PTR(d); /* Needs to be destroyed now */ | |
148 | ||
149 | root_fd = open(temporary, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW); | |
150 | if (root_fd < 0) | |
151 | return log_error_errno(errno, "Failed to open temporary home directory: %m"); | |
152 | ||
153 | r = home_populate(h, root_fd); | |
154 | if (r < 0) | |
155 | return r; | |
156 | ||
157 | r = home_sync_and_statfs(root_fd, NULL); | |
158 | if (r < 0) | |
159 | return r; | |
160 | ||
161 | r = user_record_clone(h, USER_RECORD_LOAD_MASK_SECRET, &new_home); | |
162 | if (r < 0) | |
163 | return log_error_errno(r, "Failed to clone record: %m"); | |
164 | ||
165 | r = user_record_add_binding( | |
166 | new_home, | |
167 | user_record_storage(h), | |
168 | ip, | |
169 | SD_ID128_NULL, | |
170 | SD_ID128_NULL, | |
171 | SD_ID128_NULL, | |
172 | NULL, | |
173 | NULL, | |
174 | UINT64_MAX, | |
175 | NULL, | |
176 | NULL, | |
177 | h->uid, | |
178 | (gid_t) h->uid); | |
179 | if (r < 0) | |
180 | return log_error_errno(r, "Failed to add binding to record: %m"); | |
181 | ||
182 | if (rename(temporary, ip) < 0) | |
183 | return log_error_errno(errno, "Failed to rename %s to %s: %m", temporary, ip); | |
184 | ||
185 | temporary = mfree(temporary); | |
186 | ||
187 | log_info("Everything completed."); | |
188 | ||
189 | *ret_home = TAKE_PTR(new_home); | |
190 | return 0; | |
191 | } | |
192 | ||
193 | int home_resize_directory( | |
194 | UserRecord *h, | |
195 | bool already_activated, | |
7b78db28 | 196 | PasswordCache *cache, |
70a5db58 LP |
197 | HomeSetup *setup, |
198 | UserRecord **ret_home) { | |
199 | ||
200 | _cleanup_(user_record_unrefp) UserRecord *embedded_home = NULL, *new_home = NULL; | |
201 | int r; | |
202 | ||
203 | assert(h); | |
204 | assert(setup); | |
205 | assert(ret_home); | |
206 | assert(IN_SET(user_record_storage(h), USER_DIRECTORY, USER_SUBVOLUME, USER_FSCRYPT)); | |
207 | ||
7b78db28 | 208 | r = home_prepare(h, already_activated, cache, setup, NULL); |
70a5db58 LP |
209 | if (r < 0) |
210 | return r; | |
211 | ||
7b78db28 | 212 | r = home_load_embedded_identity(h, setup->root_fd, NULL, USER_RECONCILE_REQUIRE_NEWER_OR_EQUAL, cache, &embedded_home, &new_home); |
70a5db58 LP |
213 | if (r < 0) |
214 | return r; | |
215 | ||
216 | r = home_update_quota_auto(h, NULL); | |
217 | if (ERRNO_IS_NOT_SUPPORTED(r)) | |
218 | return -ESOCKTNOSUPPORT; /* make recognizable */ | |
219 | if (r < 0) | |
220 | return r; | |
221 | ||
222 | r = home_store_embedded_identity(new_home, setup->root_fd, h->uid, embedded_home); | |
223 | if (r < 0) | |
224 | return r; | |
225 | ||
226 | r = home_extend_embedded_identity(new_home, h, setup); | |
227 | if (r < 0) | |
228 | return r; | |
229 | ||
230 | r = home_sync_and_statfs(setup->root_fd, NULL); | |
231 | if (r < 0) | |
232 | return r; | |
233 | ||
234 | r = home_setup_undo(setup); | |
235 | if (r < 0) | |
236 | return r; | |
237 | ||
238 | log_info("Everything completed."); | |
239 | ||
240 | *ret_home = TAKE_PTR(new_home); | |
241 | return 0; | |
242 | } |