]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/home/homework-cifs.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
test: also flush and rotate journal before read
[thirdparty/systemd.git] / src / home / homework-cifs.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <sys/mount.h>
4 #if WANT_LINUX_FS_H
5 #include <linux/fs.h>
6 #endif
7
8 #include "data-fd-util.h"
9 #include "dirent-util.h"
10 #include "fd-util.h"
11 #include "fileio.h"
12 #include "format-util.h"
13 #include "fs-util.h"
14 #include "homework-cifs.h"
15 #include "homework-mount.h"
16 #include "mkdir.h"
17 #include "mount-util.h"
18 #include "process-util.h"
19 #include "stat-util.h"
20 #include "strv.h"
21 #include "tmpfile-util.h"
22
23 int home_setup_cifs(
24 UserRecord *h,
25 HomeSetupFlags flags,
26 HomeSetup *setup) {
27
28 _cleanup_free_ char *chost = NULL, *cservice = NULL, *cdir = NULL, *chost_and_service = NULL, *j = NULL, *options = NULL;
29 int r;
30
31 assert(h);
32 assert(user_record_storage(h) == USER_CIFS);
33 assert(setup);
34 assert(!setup->undo_mount);
35 assert(setup->root_fd < 0);
36
37 if (FLAGS_SET(flags, HOME_SETUP_ALREADY_ACTIVATED)) {
38 setup->root_fd = open(user_record_home_directory(h), O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW);
39 if (setup->root_fd < 0)
40 return log_error_errno(errno, "Failed to open home directory: %m");
41
42 return 0;
43 }
44
45 if (!h->cifs_service)
46 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "User record lacks CIFS service, refusing.");
47
48 r = parse_cifs_service(h->cifs_service, &chost, &cservice, &cdir);
49 if (r < 0)
50 return log_error_errno(r, "Failed parse CIFS service specification: %m");
51
52 /* Just the host and service part, without the directory */
53 chost_and_service = strjoin("//", chost, "/", cservice);
54 if (!chost_and_service)
55 return log_oom();
56
57 if (asprintf(&options, "user=%s,uid=" UID_FMT ",forceuid,gid=" GID_FMT ",forcegid,file_mode=0%3o,dir_mode=0%3o",
58 user_record_cifs_user_name(h), h->uid, user_record_gid(h), user_record_access_mode(h),
59 user_record_access_mode(h)) < 0)
60 return log_oom();
61
62 if (h->cifs_domain)
63 if (strextendf_with_separator(&options, ",", "domain=%s", h->cifs_domain) < 0)
64 return log_oom();
65
66 if (h->cifs_extra_mount_options)
67 if (!strextend_with_separator(&options, ",", h->cifs_extra_mount_options))
68 return log_oom();
69
70 r = home_unshare_and_mkdir();
71 if (r < 0)
72 return r;
73
74 STRV_FOREACH(pw, h->password) {
75 _cleanup_close_ int passwd_fd = -EBADF;
76 pid_t mount_pid;
77 int exit_status;
78
79 passwd_fd = acquire_data_fd(*pw);
80 if (passwd_fd < 0)
81 return log_error_errno(passwd_fd, "Failed to create data FD for password: %m");
82
83 r = safe_fork("(mount)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_STDOUT_TO_STDERR, &mount_pid);
84 if (r < 0)
85 return r;
86 if (r == 0) {
87 /* Child */
88
89 r = fd_cloexec(passwd_fd, false);
90 if (r < 0) {
91 log_error_errno(r, "Failed to disable CLOEXEC on password FD: %m");
92 _exit(EXIT_FAILURE);
93 }
94
95 r = setenvf("PASSWD_FD", /* overwrite= */ true, "%d", passwd_fd);
96 if (r < 0) {
97 log_error_errno(r, "Failed to set $PASSWD_FD: %m");
98 _exit(EXIT_FAILURE);
99 }
100
101 execl("/bin/mount", "/bin/mount", "-n", "-t", "cifs",
102 chost_and_service, HOME_RUNTIME_WORK_DIR,
103 "-o", options, NULL);
104
105 log_error_errno(errno, "Failed to execute mount: %m");
106 _exit(EXIT_FAILURE);
107 }
108
109 exit_status = wait_for_terminate_and_check("mount", mount_pid, WAIT_LOG_ABNORMAL|WAIT_LOG_NON_ZERO_EXIT_STATUS);
110 if (exit_status < 0)
111 return exit_status;
112 if (exit_status == EXIT_SUCCESS) {
113 setup->undo_mount = true;
114 break;
115 }
116
117 if (pw[1])
118 log_info("CIFS mount failed with password #%zu, trying next password.", (size_t) (pw - h->password) + 1);
119 }
120
121 if (!setup->undo_mount)
122 return log_error_errno(SYNTHETIC_ERRNO(ENOKEY),
123 "Failed to mount home directory, supplied password(s) possibly wrong.");
124
125 /* Adjust MS_SUID and similar flags */
126 r = mount_nofollow_verbose(LOG_ERR, NULL, HOME_RUNTIME_WORK_DIR, NULL, MS_BIND|MS_REMOUNT|user_record_mount_flags(h), NULL);
127 if (r < 0)
128 return r;
129
130 if (cdir) {
131 j = path_join(HOME_RUNTIME_WORK_DIR, cdir);
132 if (!j)
133 return log_oom();
134
135 if (FLAGS_SET(flags, HOME_SETUP_CIFS_MKDIR)) {
136 setup->root_fd = open_mkdir_at(AT_FDCWD, j, O_CLOEXEC, 0700);
137 if (setup->root_fd < 0)
138 return log_error_errno(setup->root_fd, "Failed to create CIFS subdirectory: %m");
139 }
140 }
141
142 if (setup->root_fd < 0) {
143 setup->root_fd = open(j ?: HOME_RUNTIME_WORK_DIR, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW);
144 if (setup->root_fd < 0)
145 return log_error_errno(errno, "Failed to open home directory: %m");
146 }
147
148 setup->mount_suffix = TAKE_PTR(cdir);
149 return 0;
150 }
151
152 int home_activate_cifs(
153 UserRecord *h,
154 HomeSetupFlags flags,
155 HomeSetup *setup,
156 PasswordCache *cache,
157 UserRecord **ret_home) {
158
159 _cleanup_(user_record_unrefp) UserRecord *new_home = NULL, *header_home = NULL;
160 const char *hdo, *hd;
161 int r;
162
163 assert(h);
164 assert(user_record_storage(h) == USER_CIFS);
165 assert(setup);
166 assert(ret_home);
167
168 assert_se(hdo = user_record_home_directory(h));
169 hd = strdupa_safe(hdo); /* copy the string out, since it might change later in the home record object */
170
171 r = home_setup(h, 0, setup, cache, &header_home);
172 if (r < 0)
173 return r;
174
175 r = home_refresh(h, flags, setup, header_home, cache, NULL, &new_home);
176 if (r < 0)
177 return r;
178
179 setup->root_fd = safe_close(setup->root_fd);
180
181 r = home_move_mount(setup->mount_suffix, hd);
182 if (r < 0)
183 return r;
184
185 setup->undo_mount = false;
186 setup->do_drop_caches = false;
187
188 log_info("Everything completed.");
189
190 *ret_home = TAKE_PTR(new_home);
191 return 1;
192 }
193
194 int home_create_cifs(UserRecord *h, HomeSetup *setup, UserRecord **ret_home) {
195 _cleanup_(user_record_unrefp) UserRecord *new_home = NULL;
196 int r;
197
198 assert(h);
199 assert(user_record_storage(h) == USER_CIFS);
200 assert(setup);
201 assert(ret_home);
202
203 if (!h->cifs_service)
204 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "User record lacks CIFS service, refusing.");
205
206 if (access("/sbin/mount.cifs", F_OK) < 0) {
207 if (errno == ENOENT)
208 return log_error_errno(SYNTHETIC_ERRNO(ENOLINK), "/sbin/mount.cifs is missing.");
209
210 return log_error_errno(errno, "Unable to detect whether /sbin/mount.cifs exists: %m");
211 }
212
213 r = home_setup_cifs(h, HOME_SETUP_CIFS_MKDIR, setup);
214 if (r < 0)
215 return r;
216
217 r = dir_is_empty_at(setup->root_fd, NULL, /* ignore_hidden_or_backup= */ false);
218 if (r < 0)
219 return log_error_errno(r, "Failed to detect if CIFS directory is empty: %m");
220 if (r == 0)
221 return log_error_errno(SYNTHETIC_ERRNO(ENOTEMPTY), "Selected CIFS directory not empty, refusing.");
222
223 r = home_populate(h, setup->root_fd);
224 if (r < 0)
225 return r;
226
227 r = home_sync_and_statfs(setup->root_fd, NULL);
228 if (r < 0)
229 return r;
230
231 r = user_record_clone(h, USER_RECORD_LOAD_MASK_SECRET|USER_RECORD_PERMISSIVE, &new_home);
232 if (r < 0)
233 return log_error_errno(r, "Failed to clone record: %m");
234
235 r = user_record_add_binding(
236 new_home,
237 USER_CIFS,
238 NULL,
239 SD_ID128_NULL,
240 SD_ID128_NULL,
241 SD_ID128_NULL,
242 NULL,
243 NULL,
244 UINT64_MAX,
245 NULL,
246 NULL,
247 h->uid,
248 (gid_t) h->uid);
249 if (r < 0)
250 return log_error_errno(r, "Failed to add binding to record: %m");
251
252 log_info("Everything completed.");
253
254 *ret_home = TAKE_PTR(new_home);
255 return 0;
256 }
Unnamed repository; edit this file 'description' to name the repository.