[thirdparty/systemd.git] / src / home / homework.h

/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once

#include <sys/vfs.h>

#include "sd-id128.h"

#include "cryptsetup-util.h"
#include "homework-password-cache.h"
#include "loop-util.h"
#include "missing_fs.h" /* for FS_KEY_DESCRIPTOR_SIZE, do not include linux/fs.h */
#include "missing_keyctl.h"
#include "missing_syscall.h"
#include "user-record.h"
#include "user-record-util.h"

typedef struct HomeSetup {
        char *dm_name;   /* "home-<username>" */
        char *dm_node;   /* "/dev/mapper/home-<username>" */

        LoopDevice *loop;
        struct crypt_device *crypt_device;
        int root_fd;
        int image_fd;
        sd_id128_t found_partition_uuid;
        sd_id128_t found_luks_uuid;
        sd_id128_t found_fs_uuid;

        uint8_t fscrypt_key_descriptor[FS_KEY_DESCRIPTOR_SIZE];

        void *volume_key;
        size_t volume_key_size;

        key_serial_t key_serial;

        bool undo_dm:1;
        bool undo_mount:1;            /* Whether to unmount /run/systemd/user-home-mount */
        bool do_offline_fitrim:1;
        bool do_offline_fallocate:1;
        bool do_mark_clean:1;
        bool do_drop_caches:1;

        uint64_t partition_offset;
        uint64_t partition_size;

        char *mount_suffix;           /* The directory to use as home dir is this path below /run/systemd/user-home-mount */

        char *temporary_image_path;
} HomeSetup;

#define HOME_SETUP_INIT                                 \
        {                                               \
                .root_fd = -EBADF,                      \
                .image_fd = -EBADF,                     \
                .partition_offset = UINT64_MAX,         \
                .partition_size = UINT64_MAX,           \
                .key_serial = -1,                       \
        }

/* Various flags for the operation of setting up a home directory */
typedef enum HomeSetupFlags {
        HOME_SETUP_ALREADY_ACTIVATED           = 1 << 0, /* Open an already activated home, rather than activate it afresh */

        /* CIFS backend: */
        HOME_SETUP_CIFS_MKDIR                  = 1 << 1, /* Create CIFS subdir when missing */

        /* Applies only for resize operations */
        HOME_SETUP_RESIZE_DONT_SYNC_IDENTITIES = 1 << 2, /* Don't sync identity records into home and LUKS header */
        HOME_SETUP_RESIZE_MINIMIZE             = 1 << 3, /* Shrink to minimal size */
        HOME_SETUP_RESIZE_DONT_GROW            = 1 << 4, /* If the resize would grow, gracefully terminate operation */
        HOME_SETUP_RESIZE_DONT_SHRINK          = 1 << 5, /* If the resize would shrink, gracefully terminate operation */
        HOME_SETUP_RESIZE_DONT_UNDO            = 1 << 6, /* Leave loopback/DM device context open after successful operation */
} HomeSetupFlags;

int home_setup_done(HomeSetup *setup);

int home_setup_undo_mount(HomeSetup *setup, int level);
int home_setup_undo_dm(HomeSetup *setup, int level);

int keyring_unlink(key_serial_t k);

int home_setup(UserRecord *h, HomeSetupFlags flags, HomeSetup *setup, PasswordCache *cache, UserRecord **ret_header_home);

int home_refresh(UserRecord *h, HomeSetupFlags flags, HomeSetup *setup, UserRecord *header_home, PasswordCache *cache, struct statfs *ret_statfs, UserRecord **ret_new_home);

int home_maybe_shift_uid(UserRecord *h, HomeSetupFlags flags, HomeSetup *setup);
int home_populate(UserRecord *h, int dir_fd);

int home_load_embedded_identity(UserRecord *h, int root_fd, UserRecord *header_home, UserReconcileMode mode, PasswordCache *cache, UserRecord **ret_embedded_home, UserRecord **ret_new_home);
int home_store_embedded_identity(UserRecord *h, int root_fd, uid_t uid, UserRecord *old_home);
int home_extend_embedded_identity(UserRecord *h, UserRecord *used, HomeSetup *setup);

int user_record_authenticate(UserRecord *h, UserRecord *secret, PasswordCache *cache, bool strict_verify);

int home_sync_and_statfs(int root_fd, struct statfs *ret);

#define HOME_RUNTIME_WORK_DIR "/run/systemd/user-home-mount"
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
70a5db58 LP	2	#pragma once
70a5db58 LP	3
70a5db58 LP	4	#include <sys/vfs.h>
	5
	6	#include "sd-id128.h"
	7
0a58cd00	8	#include "cryptsetup-util.h"
6b945d70	9	#include "homework-password-cache.h"
70a5db58	10	#include "loop-util.h"
0a58cd00	11	#include "missing_fs.h" /* for FS_KEY_DESCRIPTOR_SIZE, do not include linux/fs.h */
d26cdde3 LP	12	#include "missing_keyctl.h"
d26cdde3 LP	13	#include "missing_syscall.h"
70a5db58 LP	14	#include "user-record.h"
	15	#include "user-record-util.h"
	16
	17	typedef struct HomeSetup {
491347bd LP	18	char dm_name; / "home-<username>" */
491347bd LP	19	char dm_node; / "/dev/mapper/home-<username>" */
70a5db58 LP	20
	21	LoopDevice *loop;
	22	struct crypt_device *crypt_device;
	23	int root_fd;
28a7f106	24	int image_fd;
70a5db58 LP	25	sd_id128_t found_partition_uuid;
	26	sd_id128_t found_luks_uuid;
	27	sd_id128_t found_fs_uuid;
	28
	29	uint8_t fscrypt_key_descriptor[FS_KEY_DESCRIPTOR_SIZE];
	30
	31	void *volume_key;
	32	size_t volume_key_size;
	33
d26cdde3 LP	34	key_serial_t key_serial;
d26cdde3 LP	35
baa41cee LP	36	bool undo_dm:1;
	37	bool undo_mount:1; /* Whether to unmount /run/systemd/user-home-mount */
	38	bool do_offline_fitrim:1;
	39	bool do_offline_fallocate:1;
	40	bool do_mark_clean:1;
	41	bool do_drop_caches:1;
70a5db58 LP	42
	43	uint64_t partition_offset;
	44	uint64_t partition_size;
bf15879b LP	45
bf15879b LP	46	char mount_suffix; / The directory to use as home dir is this path below /run/systemd/user-home-mount */
32dda527 LP	47
32dda527 LP	48	char *temporary_image_path;
70a5db58 LP	49	} HomeSetup;
	50
	51	#define HOME_SETUP_INIT \
	52	{ \
254d1313 ZJS	53	.root_fd = -EBADF, \
254d1313 ZJS	54	.image_fd = -EBADF, \
70a5db58 LP	55	.partition_offset = UINT64_MAX, \
70a5db58 LP	56	.partition_size = UINT64_MAX, \
d26cdde3	57	.key_serial = -1, \
70a5db58 LP	58	}
70a5db58 LP	59
e1df968b LP	60	/* Various flags for the operation of setting up a home directory */
e1df968b LP	61	typedef enum HomeSetupFlags {
4e6e72f1	62	HOME_SETUP_ALREADY_ACTIVATED = 1 << 0, /* Open an already activated home, rather than activate it afresh */
bf15879b LP	63
bf15879b LP	64	/* CIFS backend: */
4e6e72f1 LP	65	HOME_SETUP_CIFS_MKDIR = 1 << 1, /* Create CIFS subdir when missing */
	66
	67	/* Applies only for resize operations */
	68	HOME_SETUP_RESIZE_DONT_SYNC_IDENTITIES = 1 << 2, /* Don't sync identity records into home and LUKS header */
c8caf53c LP	69	HOME_SETUP_RESIZE_MINIMIZE = 1 << 3, /* Shrink to minimal size */
	70	HOME_SETUP_RESIZE_DONT_GROW = 1 << 4, /* If the resize would grow, gracefully terminate operation */
	71	HOME_SETUP_RESIZE_DONT_SHRINK = 1 << 5, /* If the resize would shrink, gracefully terminate operation */
5813fca6	72	HOME_SETUP_RESIZE_DONT_UNDO = 1 << 6, /* Leave loopback/DM device context open after successful operation */
e1df968b LP	73	} HomeSetupFlags;
e1df968b LP	74
66aa51f8	75	int home_setup_done(HomeSetup *setup);
70a5db58	76
55166094	77	int home_setup_undo_mount(HomeSetup *setup, int level);
f7800049	78	int home_setup_undo_dm(HomeSetup *setup, int level);
55166094	79
d26cdde3 LP	80	int keyring_unlink(key_serial_t k);
d26cdde3 LP	81
c00b2ddc	82	int home_setup(UserRecord h, HomeSetupFlags flags, HomeSetup setup, PasswordCache cache, UserRecord *ret_header_home);
70a5db58	83
6f2c8136	84	int home_refresh(UserRecord h, HomeSetupFlags flags, HomeSetup setup, UserRecord header_home, PasswordCache cache, struct statfs ret_statfs, UserRecord *ret_new_home);
70a5db58	85
6f2c8136	86	int home_maybe_shift_uid(UserRecord h, HomeSetupFlags flags, HomeSetup setup);
70a5db58 LP	87	int home_populate(UserRecord *h, int dir_fd);
70a5db58 LP	88
7b78db28	89	int home_load_embedded_identity(UserRecord h, int root_fd, UserRecord header_home, UserReconcileMode mode, PasswordCache cache, UserRecord ret_embedded_home, UserRecord *ret_new_home);
70a5db58 LP	90	int home_store_embedded_identity(UserRecord h, int root_fd, uid_t uid, UserRecord old_home);
	91	int home_extend_embedded_identity(UserRecord h, UserRecord used, HomeSetup *setup);
	92
7b78db28	93	int user_record_authenticate(UserRecord h, UserRecord secret, PasswordCache *cache, bool strict_verify);
70a5db58 LP	94
70a5db58 LP	95	int home_sync_and_statfs(int root_fd, struct statfs *ret);
498abadb LP	96
498abadb LP	97	#define HOME_RUNTIME_WORK_DIR "/run/systemd/user-home-mount"