]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/home/homework-cifs.c
projects / thirdparty / systemd.git / blob
? search:


cfceaed74274fdd2dd98ccc41d5d5103a5b03371
[thirdparty/systemd.git] / src / home / homework-cifs.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #include "dirent-util.h"
4 #include "fd-util.h"
5 #include "fileio.h"
6 #include "format-util.h"
7 #include "fs-util.h"
8 #include "homework-cifs.h"
9 #include "homework-mount.h"
10 #include "mount-util.h"
11 #include "process-util.h"
12 #include "strv.h"
13 #include "tmpfile-util.h"
14
15 int home_prepare_cifs(
16 UserRecord *h,
17 bool already_activated,
18 HomeSetup *setup) {
19
20 assert(h);
21 assert(setup);
22 assert(user_record_storage(h) == USER_CIFS);
23
24 if (already_activated)
25 setup->root_fd = open(user_record_home_directory(h), O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW);
26 else {
27 bool mounted = false;
28 char **pw;
29 int r;
30
31 r = home_unshare_and_mount(NULL, NULL, false, user_record_mount_flags(h));
32 if (r < 0)
33 return r;
34
35 STRV_FOREACH(pw, h->password) {
36 _cleanup_(unlink_and_freep) char *p = NULL;
37 _cleanup_free_ char *options = NULL;
38 _cleanup_(fclosep) FILE *f = NULL;
39 pid_t mount_pid;
40 int exit_status;
41
42 r = fopen_temporary(NULL, &f, &p);
43 if (r < 0)
44 return log_error_errno(r, "Failed to create temporary credentials file: %m");
45
46 fprintf(f,
47 "username=%s\n"
48 "password=%s\n",
49 user_record_cifs_user_name(h),
50 *pw);
51
52 if (h->cifs_domain)
53 fprintf(f, "domain=%s\n", h->cifs_domain);
54
55 r = fflush_and_check(f);
56 if (r < 0)
57 return log_error_errno(r, "Failed to write temporary credentials file: %m");
58
59 f = safe_fclose(f);
60
61 if (asprintf(&options, "credentials=%s,uid=" UID_FMT ",forceuid,gid=" UID_FMT ",forcegid,file_mode=0%3o,dir_mode=0%3o",
62 p, h->uid, h->uid, h->access_mode, h->access_mode) < 0)
63 return log_oom();
64
65 r = safe_fork("(mount)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_STDOUT_TO_STDERR, &mount_pid);
66 if (r < 0)
67 return r;
68 if (r == 0) {
69 /* Child */
70 execl("/bin/mount", "/bin/mount", "-n", "-t", "cifs",
71 h->cifs_service, "/run/systemd/user-home-mount",
72 "-o", options, NULL);
73
74 log_error_errno(errno, "Failed to execute fsck: %m");
75 _exit(EXIT_FAILURE);
76 }
77
78 exit_status = wait_for_terminate_and_check("mount", mount_pid, WAIT_LOG_ABNORMAL|WAIT_LOG_NON_ZERO_EXIT_STATUS);
79 if (exit_status < 0)
80 return exit_status;
81 if (exit_status != EXIT_SUCCESS)
82 return -EPROTO;
83
84 mounted = true;
85 break;
86 }
87
88 if (!mounted)
89 return log_error_errno(ENOKEY, "Failed to mount home directory with supplied password.");
90
91 setup->root_fd = open("/run/systemd/user-home-mount", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW);
92 }
93 if (setup->root_fd < 0)
94 return log_error_errno(errno, "Failed to open home directory: %m");
95
96 return 0;
97 }
98
99 int home_activate_cifs(
100 UserRecord *h,
101 PasswordCache *cache,
102 UserRecord **ret_home) {
103
104 _cleanup_(home_setup_undo) HomeSetup setup = HOME_SETUP_INIT;
105 _cleanup_(user_record_unrefp) UserRecord *new_home = NULL;
106 const char *hdo, *hd;
107 int r;
108
109 assert(h);
110 assert(user_record_storage(h) == USER_CIFS);
111 assert(ret_home);
112
113 if (!h->cifs_service)
114 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "User record lacks CIFS service, refusing.");
115
116 assert_se(hdo = user_record_home_directory(h));
117 hd = strdupa(hdo); /* copy the string out, since it might change later in the home record object */
118
119 r = home_prepare_cifs(h, false, &setup);
120 if (r < 0)
121 return r;
122
123 r = home_refresh(h, &setup, NULL, cache, NULL, &new_home);
124 if (r < 0)
125 return r;
126
127 setup.root_fd = safe_close(setup.root_fd);
128
129 r = home_move_mount(NULL, hd);
130 if (r < 0)
131 return r;
132
133 setup.undo_mount = false;
134
135 log_info("Everything completed.");
136
137 *ret_home = TAKE_PTR(new_home);
138 return 1;
139 }
140
141 int home_create_cifs(UserRecord *h, UserRecord **ret_home) {
142 _cleanup_(home_setup_undo) HomeSetup setup = HOME_SETUP_INIT;
143 _cleanup_(user_record_unrefp) UserRecord *new_home = NULL;
144 _cleanup_(closedirp) DIR *d = NULL;
145 _cleanup_close_ int copy = -1;
146 int r;
147
148 assert(h);
149 assert(user_record_storage(h) == USER_CIFS);
150 assert(ret_home);
151
152 if (!h->cifs_service)
153 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "User record lacks CIFS service, refusing.");
154
155 if (access("/sbin/mount.cifs", F_OK) < 0) {
156 if (errno == ENOENT)
157 return log_error_errno(SYNTHETIC_ERRNO(ENOLINK), "/sbin/mount.cifs is missing.");
158
159 return log_error_errno(errno, "Unable to detect whether /sbin/mount.cifs exists: %m");
160 }
161
162 r = home_prepare_cifs(h, false, &setup);
163 if (r < 0)
164 return r;
165
166 copy = fcntl(setup.root_fd, F_DUPFD_CLOEXEC, 3);
167 if (copy < 0)
168 return -errno;
169
170 d = take_fdopendir(&copy);
171 if (!d)
172 return -errno;
173
174 errno = 0;
175 if (readdir_no_dot(d))
176 return log_error_errno(SYNTHETIC_ERRNO(ENOTEMPTY), "Selected CIFS directory not empty, refusing.");
177 if (errno != 0)
178 return log_error_errno(errno, "Failed to detect if CIFS directory is empty: %m");
179
180 r = home_populate(h, setup.root_fd);
181 if (r < 0)
182 return r;
183
184 r = home_sync_and_statfs(setup.root_fd, NULL);
185 if (r < 0)
186 return r;
187
188 r = user_record_clone(h, USER_RECORD_LOAD_MASK_SECRET, &new_home);
189 if (r < 0)
190 return log_error_errno(r, "Failed to clone record: %m");
191
192 r = user_record_add_binding(
193 new_home,
194 USER_CIFS,
195 NULL,
196 SD_ID128_NULL,
197 SD_ID128_NULL,
198 SD_ID128_NULL,
199 NULL,
200 NULL,
201 UINT64_MAX,
202 NULL,
203 NULL,
204 h->uid,
205 (gid_t) h->uid);
206 if (r < 0)
207 return log_error_errno(r, "Failed to add binding to record: %m");
208
209 log_info("Everything completed.");
210
211 *ret_home = TAKE_PTR(new_home);
212 return 0;
213 }
Unnamed repository; edit this file 'description' to name the repository.