]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/home/homework-luks.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #21034 from poettering/homed-password-cache-tweaks
[thirdparty/systemd.git] / src / home / homework-luks.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <libfdisk.h>
4 #include <linux/loop.h>
5 #include <poll.h>
6 #include <sys/file.h>
7 #include <sys/ioctl.h>
8 #include <sys/mount.h>
9 #include <sys/xattr.h>
10
11 #if HAVE_VALGRIND_MEMCHECK_H
12 #include <valgrind/memcheck.h>
13 #endif
14
15 #include "sd-daemon.h"
16
17 #include "blkid-util.h"
18 #include "blockdev-util.h"
19 #include "btrfs-util.h"
20 #include "chattr-util.h"
21 #include "dm-util.h"
22 #include "env-util.h"
23 #include "errno-util.h"
24 #include "fd-util.h"
25 #include "fileio.h"
26 #include "fs-util.h"
27 #include "fsck-util.h"
28 #include "home-util.h"
29 #include "homework-luks.h"
30 #include "homework-mount.h"
31 #include "id128-util.h"
32 #include "io-util.h"
33 #include "memory-util.h"
34 #include "missing_magic.h"
35 #include "mkdir.h"
36 #include "mkfs-util.h"
37 #include "mount-util.h"
38 #include "openssl-util.h"
39 #include "parse-util.h"
40 #include "path-util.h"
41 #include "process-util.h"
42 #include "random-util.h"
43 #include "resize-fs.h"
44 #include "stat-util.h"
45 #include "strv.h"
46 #include "sync-util.h"
47 #include "tmpfile-util.h"
48
49 /* Round down to the nearest 4K size. Given that newer hardware generally prefers 4K sectors, let's align our
50 * partitions to that too. In the worst case we'll waste 3.5K per partition that way, but I think I can live
51 * with that. */
52 #define DISK_SIZE_ROUND_DOWN(x) ((x) & ~UINT64_C(4095))
53
54 /* Rounds up to the nearest 4K boundary. Returns UINT64_MAX on overflow */
55 #define DISK_SIZE_ROUND_UP(x) \
56 ({ \
57 uint64_t _x = (x); \
58 _x > UINT64_MAX - 4095U ? UINT64_MAX : (_x + 4095U) & ~UINT64_C(4095); \
59 })
60
61
62 int run_mark_dirty(int fd, bool b) {
63 char x = '1';
64 int r, ret;
65
66 /* Sets or removes the 'user.home-dirty' xattr on the specified file. We use this to detect when a
67 * home directory was not properly unmounted. */
68
69 assert(fd >= 0);
70
71 r = fd_verify_regular(fd);
72 if (r < 0)
73 return r;
74
75 if (b) {
76 ret = fsetxattr(fd, "user.home-dirty", &x, 1, XATTR_CREATE);
77 if (ret < 0 && errno != EEXIST)
78 return log_debug_errno(errno, "Could not mark home directory as dirty: %m");
79
80 } else {
81 r = fsync_full(fd);
82 if (r < 0)
83 return log_debug_errno(r, "Failed to synchronize image before marking it clean: %m");
84
85 ret = fremovexattr(fd, "user.home-dirty");
86 if (ret < 0 && errno != ENODATA)
87 return log_debug_errno(errno, "Could not mark home directory as clean: %m");
88 }
89
90 r = fsync_full(fd);
91 if (r < 0)
92 return log_debug_errno(r, "Failed to synchronize dirty flag to disk: %m");
93
94 return ret >= 0;
95 }
96
97 int run_mark_dirty_by_path(const char *path, bool b) {
98 _cleanup_close_ int fd = -1;
99
100 assert(path);
101
102 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY);
103 if (fd < 0)
104 return log_debug_errno(errno, "Failed to open %s to mark dirty or clean: %m", path);
105
106 return run_mark_dirty(fd, b);
107 }
108
109 static int probe_file_system_by_fd(
110 int fd,
111 char **ret_fstype,
112 sd_id128_t *ret_uuid) {
113
114 _cleanup_(blkid_free_probep) blkid_probe b = NULL;
115 _cleanup_free_ char *s = NULL;
116 const char *fstype = NULL, *uuid = NULL;
117 sd_id128_t id;
118 int r;
119
120 assert(fd >= 0);
121 assert(ret_fstype);
122 assert(ret_uuid);
123
124 b = blkid_new_probe();
125 if (!b)
126 return -ENOMEM;
127
128 errno = 0;
129 r = blkid_probe_set_device(b, fd, 0, 0);
130 if (r != 0)
131 return errno > 0 ? -errno : -ENOMEM;
132
133 (void) blkid_probe_enable_superblocks(b, 1);
134 (void) blkid_probe_set_superblocks_flags(b, BLKID_SUBLKS_TYPE|BLKID_SUBLKS_UUID);
135
136 errno = 0;
137 r = blkid_do_safeprobe(b);
138 if (IN_SET(r, -2, 1)) /* nothing found or ambiguous result */
139 return -ENOPKG;
140 if (r != 0)
141 return errno > 0 ? -errno : -EIO;
142
143 (void) blkid_probe_lookup_value(b, "TYPE", &fstype, NULL);
144 if (!fstype)
145 return -ENOPKG;
146
147 (void) blkid_probe_lookup_value(b, "UUID", &uuid, NULL);
148 if (!uuid)
149 return -ENOPKG;
150
151 r = sd_id128_from_string(uuid, &id);
152 if (r < 0)
153 return r;
154
155 s = strdup(fstype);
156 if (!s)
157 return -ENOMEM;
158
159 *ret_fstype = TAKE_PTR(s);
160 *ret_uuid = id;
161
162 return 0;
163 }
164
165 static int probe_file_system_by_path(const char *path, char **ret_fstype, sd_id128_t *ret_uuid) {
166 _cleanup_close_ int fd = -1;
167
168 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
169 if (fd < 0)
170 return -errno;
171
172 return probe_file_system_by_fd(fd, ret_fstype, ret_uuid);
173 }
174
175 static int block_get_size_by_fd(int fd, uint64_t *ret) {
176 struct stat st;
177
178 assert(fd >= 0);
179 assert(ret);
180
181 if (fstat(fd, &st) < 0)
182 return -errno;
183
184 if (!S_ISBLK(st.st_mode))
185 return -ENOTBLK;
186
187 if (ioctl(fd, BLKGETSIZE64, ret) < 0)
188 return -errno;
189
190 return 0;
191 }
192
193 static int block_get_size_by_path(const char *path, uint64_t *ret) {
194 _cleanup_close_ int fd = -1;
195
196 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
197 if (fd < 0)
198 return -errno;
199
200 return block_get_size_by_fd(fd, ret);
201 }
202
203 static int run_fsck(const char *node, const char *fstype) {
204 int r, exit_status;
205 pid_t fsck_pid;
206
207 assert(node);
208 assert(fstype);
209
210 r = fsck_exists(fstype);
211 if (r < 0)
212 return log_error_errno(r, "Failed to check if fsck for file system %s exists: %m", fstype);
213 if (r == 0) {
214 log_warning("No fsck for file system %s installed, ignoring.", fstype);
215 return 0;
216 }
217
218 r = safe_fork("(fsck)",
219 FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_STDOUT_TO_STDERR|FORK_CLOSE_ALL_FDS,
220 &fsck_pid);
221 if (r < 0)
222 return r;
223 if (r == 0) {
224 /* Child */
225 execl("/sbin/fsck", "/sbin/fsck", "-aTl", node, NULL);
226 log_open();
227 log_error_errno(errno, "Failed to execute fsck: %m");
228 _exit(FSCK_OPERATIONAL_ERROR);
229 }
230
231 exit_status = wait_for_terminate_and_check("fsck", fsck_pid, WAIT_LOG_ABNORMAL);
232 if (exit_status < 0)
233 return exit_status;
234 if ((exit_status & ~FSCK_ERROR_CORRECTED) != 0) {
235 log_warning("fsck failed with exit status %i.", exit_status);
236
237 if ((exit_status & (FSCK_SYSTEM_SHOULD_REBOOT|FSCK_ERRORS_LEFT_UNCORRECTED)) != 0)
238 return log_error_errno(SYNTHETIC_ERRNO(EIO), "File system is corrupted, refusing.");
239
240 log_warning("Ignoring fsck error.");
241 }
242
243 log_info("File system check completed.");
244
245 return 1;
246 }
247
248 static int luks_try_passwords(
249 struct crypt_device *cd,
250 char **passwords,
251 void *volume_key,
252 size_t *volume_key_size) {
253
254 char **pp;
255 int r;
256
257 assert(cd);
258
259 STRV_FOREACH(pp, passwords) {
260 size_t vks = *volume_key_size;
261
262 r = sym_crypt_volume_key_get(
263 cd,
264 CRYPT_ANY_SLOT,
265 volume_key,
266 &vks,
267 *pp,
268 strlen(*pp));
269 if (r >= 0) {
270 *volume_key_size = vks;
271 return 0;
272 }
273
274 log_debug_errno(r, "Password %zu didn't work for unlocking LUKS superblock: %m", (size_t) (pp - passwords));
275 }
276
277 return -ENOKEY;
278 }
279
280 static int luks_setup(
281 const char *node,
282 const char *dm_name,
283 sd_id128_t uuid,
284 const char *cipher,
285 const char *cipher_mode,
286 uint64_t volume_key_size,
287 char **passwords,
288 const PasswordCache *cache,
289 bool discard,
290 struct crypt_device **ret,
291 sd_id128_t *ret_found_uuid,
292 void **ret_volume_key,
293 size_t *ret_volume_key_size) {
294
295 _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
296 _cleanup_(erase_and_freep) void *vk = NULL;
297 sd_id128_t p;
298 size_t vks;
299 char **list;
300 int r;
301
302 assert(node);
303 assert(dm_name);
304 assert(ret);
305
306 r = sym_crypt_init(&cd, node);
307 if (r < 0)
308 return log_error_errno(r, "Failed to allocate libcryptsetup context: %m");
309
310 cryptsetup_enable_logging(cd);
311
312 r = sym_crypt_load(cd, CRYPT_LUKS2, NULL);
313 if (r < 0)
314 return log_error_errno(r, "Failed to load LUKS superblock: %m");
315
316 r = sym_crypt_get_volume_key_size(cd);
317 if (r <= 0)
318 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to determine LUKS volume key size");
319 vks = (size_t) r;
320
321 if (!sd_id128_is_null(uuid) || ret_found_uuid) {
322 const char *s;
323
324 s = sym_crypt_get_uuid(cd);
325 if (!s)
326 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE), "LUKS superblock has no UUID.");
327
328 r = sd_id128_from_string(s, &p);
329 if (r < 0)
330 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE), "LUKS superblock has invalid UUID.");
331
332 /* Check that the UUID matches, if specified */
333 if (!sd_id128_is_null(uuid) &&
334 !sd_id128_equal(uuid, p))
335 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE), "LUKS superblock has wrong UUID.");
336 }
337
338 if (cipher && !streq_ptr(cipher, sym_crypt_get_cipher(cd)))
339 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE), "LUKS superblock declares wrong cipher.");
340
341 if (cipher_mode && !streq_ptr(cipher_mode, sym_crypt_get_cipher_mode(cd)))
342 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE), "LUKS superblock declares wrong cipher mode.");
343
344 if (volume_key_size != UINT64_MAX && vks != volume_key_size)
345 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE), "LUKS superblock declares wrong volume key size.");
346
347 vk = malloc(vks);
348 if (!vk)
349 return log_oom();
350
351 r = -ENOKEY;
352 FOREACH_POINTER(list,
353 cache ? cache->pkcs11_passwords : NULL,
354 cache ? cache->fido2_passwords : NULL,
355 passwords) {
356 r = luks_try_passwords(cd, list, vk, &vks);
357 if (r != -ENOKEY)
358 break;
359 }
360 if (r == -ENOKEY)
361 return log_error_errno(r, "No valid password for LUKS superblock.");
362 if (r < 0)
363 return log_error_errno(r, "Failed to unlocks LUKS superblock: %m");
364
365 r = sym_crypt_activate_by_volume_key(
366 cd,
367 dm_name,
368 vk, vks,
369 discard ? CRYPT_ACTIVATE_ALLOW_DISCARDS : 0);
370 if (r < 0)
371 return log_error_errno(r, "Failed to unlock LUKS superblock: %m");
372
373 log_info("Setting up LUKS device /dev/mapper/%s completed.", dm_name);
374
375 *ret = TAKE_PTR(cd);
376
377 if (ret_found_uuid) /* Return the UUID actually found if the caller wants to know */
378 *ret_found_uuid = p;
379 if (ret_volume_key)
380 *ret_volume_key = TAKE_PTR(vk);
381 if (ret_volume_key_size)
382 *ret_volume_key_size = vks;
383
384 return 0;
385 }
386
387 static int luks_open(
388 const char *dm_name,
389 char **passwords,
390 const PasswordCache *cache,
391 struct crypt_device **ret,
392 sd_id128_t *ret_found_uuid,
393 void **ret_volume_key,
394 size_t *ret_volume_key_size) {
395
396 _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
397 _cleanup_(erase_and_freep) void *vk = NULL;
398 sd_id128_t p;
399 char **list;
400 size_t vks;
401 int r;
402
403 assert(dm_name);
404 assert(ret);
405
406 /* Opens a LUKS device that is already set up. Re-validates the password while doing so (which also
407 * provides us with the volume key, which we want). */
408
409 r = sym_crypt_init_by_name(&cd, dm_name);
410 if (r < 0)
411 return log_error_errno(r, "Failed to initialize cryptsetup context for %s: %m", dm_name);
412
413 cryptsetup_enable_logging(cd);
414
415 r = sym_crypt_load(cd, CRYPT_LUKS2, NULL);
416 if (r < 0)
417 return log_error_errno(r, "Failed to load LUKS superblock: %m");
418
419 r = sym_crypt_get_volume_key_size(cd);
420 if (r <= 0)
421 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to determine LUKS volume key size");
422 vks = (size_t) r;
423
424 if (ret_found_uuid) {
425 const char *s;
426
427 s = sym_crypt_get_uuid(cd);
428 if (!s)
429 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE), "LUKS superblock has no UUID.");
430
431 r = sd_id128_from_string(s, &p);
432 if (r < 0)
433 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE), "LUKS superblock has invalid UUID.");
434 }
435
436 vk = malloc(vks);
437 if (!vk)
438 return log_oom();
439
440 r = -ENOKEY;
441 FOREACH_POINTER(list,
442 cache ? cache->pkcs11_passwords : NULL,
443 cache ? cache->fido2_passwords : NULL,
444 passwords) {
445 r = luks_try_passwords(cd, list, vk, &vks);
446 if (r != -ENOKEY)
447 break;
448 }
449 if (r == -ENOKEY)
450 return log_error_errno(r, "No valid password for LUKS superblock.");
451 if (r < 0)
452 return log_error_errno(r, "Failed to unlocks LUKS superblock: %m");
453
454 log_info("Discovered used LUKS device /dev/mapper/%s, and validated password.", dm_name);
455
456 /* This is needed so that crypt_resize() can operate correctly for pre-existing LUKS devices. We need
457 * to tell libcryptsetup the volume key explicitly, so that it is in the kernel keyring. */
458 r = sym_crypt_activate_by_volume_key(cd, NULL, vk, vks, CRYPT_ACTIVATE_KEYRING_KEY);
459 if (r < 0)
460 return log_error_errno(r, "Failed to upload volume key again: %m");
461
462 log_info("Successfully re-activated LUKS device.");
463
464 *ret = TAKE_PTR(cd);
465
466 if (ret_found_uuid)
467 *ret_found_uuid = p;
468 if (ret_volume_key)
469 *ret_volume_key = TAKE_PTR(vk);
470 if (ret_volume_key_size)
471 *ret_volume_key_size = vks;
472
473 return 0;
474 }
475
476 static int fs_validate(
477 const char *dm_node,
478 sd_id128_t uuid,
479 char **ret_fstype,
480 sd_id128_t *ret_found_uuid) {
481
482 _cleanup_free_ char *fstype = NULL;
483 sd_id128_t u;
484 int r;
485
486 assert(dm_node);
487 assert(ret_fstype);
488
489 r = probe_file_system_by_path(dm_node, &fstype, &u);
490 if (r < 0)
491 return log_error_errno(r, "Failed to probe file system: %m");
492
493 /* Limit the set of supported file systems a bit, as protection against little tested kernel file
494 * systems. Also, we only support the resize ioctls for these file systems. */
495 if (!supported_fstype(fstype))
496 return log_error_errno(SYNTHETIC_ERRNO(EPROTONOSUPPORT), "Image contains unsupported file system: %s", strna(fstype));
497
498 if (!sd_id128_is_null(uuid) &&
499 !sd_id128_equal(uuid, u))
500 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE), "File system has wrong UUID.");
501
502 log_info("Probing file system completed (found %s).", fstype);
503
504 *ret_fstype = TAKE_PTR(fstype);
505
506 if (ret_found_uuid) /* Return the UUID actually found if the caller wants to know */
507 *ret_found_uuid = u;
508
509 return 0;
510 }
511
512 static int make_dm_names(const char *user_name, char **ret_dm_name, char **ret_dm_node) {
513 _cleanup_free_ char *name = NULL, *node = NULL;
514
515 assert(user_name);
516 assert(ret_dm_name);
517 assert(ret_dm_node);
518
519 name = strjoin("home-", user_name);
520 if (!name)
521 return log_oom();
522
523 node = path_join("/dev/mapper/", name);
524 if (!node)
525 return log_oom();
526
527 *ret_dm_name = TAKE_PTR(name);
528 *ret_dm_node = TAKE_PTR(node);
529 return 0;
530 }
531
532 static int luks_validate(
533 int fd,
534 const char *label,
535 sd_id128_t partition_uuid,
536 sd_id128_t *ret_partition_uuid,
537 uint64_t *ret_offset,
538 uint64_t *ret_size) {
539
540 _cleanup_(blkid_free_probep) blkid_probe b = NULL;
541 sd_id128_t found_partition_uuid = SD_ID128_NULL;
542 const char *fstype = NULL, *pttype = NULL;
543 blkid_loff_t offset = 0, size = 0;
544 blkid_partlist pl;
545 bool found = false;
546 int r, n;
547
548 assert(fd >= 0);
549 assert(label);
550 assert(ret_offset);
551 assert(ret_size);
552
553 b = blkid_new_probe();
554 if (!b)
555 return -ENOMEM;
556
557 errno = 0;
558 r = blkid_probe_set_device(b, fd, 0, 0);
559 if (r != 0)
560 return errno > 0 ? -errno : -ENOMEM;
561
562 (void) blkid_probe_enable_superblocks(b, 1);
563 (void) blkid_probe_set_superblocks_flags(b, BLKID_SUBLKS_TYPE);
564 (void) blkid_probe_enable_partitions(b, 1);
565 (void) blkid_probe_set_partitions_flags(b, BLKID_PARTS_ENTRY_DETAILS);
566
567 errno = 0;
568 r = blkid_do_safeprobe(b);
569 if (IN_SET(r, -2, 1)) /* nothing found or ambiguous result */
570 return -ENOPKG;
571 if (r != 0)
572 return errno > 0 ? -errno : -EIO;
573
574 (void) blkid_probe_lookup_value(b, "TYPE", &fstype, NULL);
575 if (streq_ptr(fstype, "crypto_LUKS")) {
576 /* Directly a LUKS image */
577 *ret_offset = 0;
578 *ret_size = UINT64_MAX; /* full disk */
579 *ret_partition_uuid = SD_ID128_NULL;
580 return 0;
581 } else if (fstype)
582 return -ENOPKG;
583
584 (void) blkid_probe_lookup_value(b, "PTTYPE", &pttype, NULL);
585 if (!streq_ptr(pttype, "gpt"))
586 return -ENOPKG;
587
588 errno = 0;
589 pl = blkid_probe_get_partitions(b);
590 if (!pl)
591 return errno > 0 ? -errno : -ENOMEM;
592
593 errno = 0;
594 n = blkid_partlist_numof_partitions(pl);
595 if (n < 0)
596 return errno > 0 ? -errno : -EIO;
597
598 for (int i = 0; i < n; i++) {
599 blkid_partition pp;
600 sd_id128_t id = SD_ID128_NULL;
601 const char *sid;
602
603 errno = 0;
604 pp = blkid_partlist_get_partition(pl, i);
605 if (!pp)
606 return errno > 0 ? -errno : -EIO;
607
608 if (!streq_ptr(blkid_partition_get_type_string(pp), "773f91ef-66d4-49b5-bd83-d683bf40ad16"))
609 continue;
610
611 if (!streq_ptr(blkid_partition_get_name(pp), label))
612 continue;
613
614 sid = blkid_partition_get_uuid(pp);
615 if (sid) {
616 r = sd_id128_from_string(sid, &id);
617 if (r < 0)
618 log_debug_errno(r, "Couldn't parse partition UUID %s, weird: %m", sid);
619
620 if (!sd_id128_is_null(partition_uuid) && !sd_id128_equal(id, partition_uuid))
621 continue;
622 }
623
624 if (found)
625 return -ENOPKG;
626
627 offset = blkid_partition_get_start(pp);
628 size = blkid_partition_get_size(pp);
629 found_partition_uuid = id;
630
631 found = true;
632 }
633
634 if (!found)
635 return -ENOPKG;
636
637 if (offset < 0)
638 return -EINVAL;
639 if ((uint64_t) offset > UINT64_MAX / 512U)
640 return -EINVAL;
641 if (size <= 0)
642 return -EINVAL;
643 if ((uint64_t) size > UINT64_MAX / 512U)
644 return -EINVAL;
645
646 *ret_offset = offset * 512U;
647 *ret_size = size * 512U;
648 *ret_partition_uuid = found_partition_uuid;
649
650 return 0;
651 }
652
653 static int crypt_device_to_evp_cipher(struct crypt_device *cd, const EVP_CIPHER **ret) {
654 _cleanup_free_ char *cipher_name = NULL;
655 const char *cipher, *cipher_mode, *e;
656 size_t key_size, key_bits;
657 const EVP_CIPHER *cc;
658 int r;
659
660 assert(cd);
661
662 /* Let's find the right OpenSSL EVP_CIPHER object that matches the encryption settings of the LUKS
663 * device */
664
665 cipher = sym_crypt_get_cipher(cd);
666 if (!cipher)
667 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Cannot get cipher from LUKS device.");
668
669 cipher_mode = sym_crypt_get_cipher_mode(cd);
670 if (!cipher_mode)
671 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Cannot get cipher mode from LUKS device.");
672
673 e = strchr(cipher_mode, '-');
674 if (e)
675 cipher_mode = strndupa_safe(cipher_mode, e - cipher_mode);
676
677 r = sym_crypt_get_volume_key_size(cd);
678 if (r <= 0)
679 return log_error_errno(r < 0 ? r : SYNTHETIC_ERRNO(EINVAL), "Cannot get volume key size from LUKS device.");
680
681 key_size = r;
682 key_bits = key_size * 8;
683 if (streq(cipher_mode, "xts"))
684 key_bits /= 2;
685
686 if (asprintf(&cipher_name, "%s-%zu-%s", cipher, key_bits, cipher_mode) < 0)
687 return log_oom();
688
689 cc = EVP_get_cipherbyname(cipher_name);
690 if (!cc)
691 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Selected cipher mode '%s' not supported, can't encrypt JSON record.", cipher_name);
692
693 /* Verify that our key length calculations match what OpenSSL thinks */
694 r = EVP_CIPHER_key_length(cc);
695 if (r < 0 || (uint64_t) r != key_size)
696 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Key size of selected cipher doesn't meet our expectations.");
697
698 *ret = cc;
699 return 0;
700 }
701
702 static int luks_validate_home_record(
703 struct crypt_device *cd,
704 UserRecord *h,
705 const void *volume_key,
706 PasswordCache *cache,
707 UserRecord **ret_luks_home_record) {
708
709 int r;
710
711 assert(cd);
712 assert(h);
713
714 for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
715 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL, *rr = NULL;
716 _cleanup_(EVP_CIPHER_CTX_freep) EVP_CIPHER_CTX *context = NULL;
717 _cleanup_(user_record_unrefp) UserRecord *lhr = NULL;
718 _cleanup_free_ void *encrypted = NULL, *iv = NULL;
719 size_t decrypted_size, encrypted_size, iv_size;
720 int decrypted_size_out1, decrypted_size_out2;
721 _cleanup_free_ char *decrypted = NULL;
722 const char *text, *type;
723 crypt_token_info state;
724 JsonVariant *jr, *jiv;
725 unsigned line, column;
726 const EVP_CIPHER *cc;
727
728 state = sym_crypt_token_status(cd, token, &type);
729 if (state == CRYPT_TOKEN_INACTIVE) /* First unconfigured token, give up */
730 break;
731 if (IN_SET(state, CRYPT_TOKEN_INTERNAL, CRYPT_TOKEN_INTERNAL_UNKNOWN, CRYPT_TOKEN_EXTERNAL))
732 continue;
733 if (state != CRYPT_TOKEN_EXTERNAL_UNKNOWN)
734 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unexpected token state of token %i: %i", token, (int) state);
735
736 if (!streq(type, "systemd-homed"))
737 continue;
738
739 r = sym_crypt_token_json_get(cd, token, &text);
740 if (r < 0)
741 return log_error_errno(r, "Failed to read LUKS token %i: %m", token);
742
743 r = json_parse(text, JSON_PARSE_SENSITIVE, &v, &line, &column);
744 if (r < 0)
745 return log_error_errno(r, "Failed to parse LUKS token JSON data %u:%u: %m", line, column);
746
747 jr = json_variant_by_key(v, "record");
748 if (!jr)
749 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "LUKS token lacks 'record' field.");
750 jiv = json_variant_by_key(v, "iv");
751 if (!jiv)
752 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "LUKS token lacks 'iv' field.");
753
754 r = json_variant_unbase64(jr, &encrypted, &encrypted_size);
755 if (r < 0)
756 return log_error_errno(r, "Failed to base64 decode record: %m");
757
758 r = json_variant_unbase64(jiv, &iv, &iv_size);
759 if (r < 0)
760 return log_error_errno(r, "Failed to base64 decode IV: %m");
761
762 r = crypt_device_to_evp_cipher(cd, &cc);
763 if (r < 0)
764 return r;
765 if (iv_size > INT_MAX || EVP_CIPHER_iv_length(cc) != (int) iv_size)
766 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "IV size doesn't match.");
767
768 context = EVP_CIPHER_CTX_new();
769 if (!context)
770 return log_oom();
771
772 if (EVP_DecryptInit_ex(context, cc, NULL, volume_key, iv) != 1)
773 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initialize decryption context.");
774
775 decrypted_size = encrypted_size + EVP_CIPHER_key_length(cc) * 2;
776 decrypted = new(char, decrypted_size);
777 if (!decrypted)
778 return log_oom();
779
780 if (EVP_DecryptUpdate(context, (uint8_t*) decrypted, &decrypted_size_out1, encrypted, encrypted_size) != 1)
781 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to decrypt JSON record.");
782
783 assert((size_t) decrypted_size_out1 <= decrypted_size);
784
785 if (EVP_DecryptFinal_ex(context, (uint8_t*) decrypted + decrypted_size_out1, &decrypted_size_out2) != 1)
786 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to finish decryption of JSON record.");
787
788 assert((size_t) decrypted_size_out1 + (size_t) decrypted_size_out2 < decrypted_size);
789 decrypted_size = (size_t) decrypted_size_out1 + (size_t) decrypted_size_out2;
790
791 if (memchr(decrypted, 0, decrypted_size))
792 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Inner NUL byte in JSON record, refusing.");
793
794 decrypted[decrypted_size] = 0;
795
796 r = json_parse(decrypted, JSON_PARSE_SENSITIVE, &rr, NULL, NULL);
797 if (r < 0)
798 return log_error_errno(r, "Failed to parse decrypted JSON record, refusing.");
799
800 lhr = user_record_new();
801 if (!lhr)
802 return log_oom();
803
804 r = user_record_load(lhr, rr, USER_RECORD_LOAD_EMBEDDED|USER_RECORD_PERMISSIVE);
805 if (r < 0)
806 return log_error_errno(r, "Failed to parse user record: %m");
807
808 if (!user_record_compatible(h, lhr))
809 return log_error_errno(SYNTHETIC_ERRNO(EREMCHG), "LUKS home record not compatible with host record, refusing.");
810
811 r = user_record_authenticate(lhr, h, cache, /* strict_verify= */ true);
812 if (r < 0)
813 return r;
814 assert(r > 0); /* Insist that a password was verified */
815
816 *ret_luks_home_record = TAKE_PTR(lhr);
817 return 0;
818 }
819
820 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Couldn't find home record in LUKS2 header, refusing.");
821 }
822
823 static int format_luks_token_text(
824 struct crypt_device *cd,
825 UserRecord *hr,
826 const void *volume_key,
827 char **ret) {
828
829 int r, encrypted_size_out1 = 0, encrypted_size_out2 = 0, iv_size, key_size;
830 _cleanup_(EVP_CIPHER_CTX_freep) EVP_CIPHER_CTX *context = NULL;
831 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
832 _cleanup_free_ void *iv = NULL, *encrypted = NULL;
833 size_t text_length, encrypted_size;
834 _cleanup_free_ char *text = NULL;
835 const EVP_CIPHER *cc;
836
837 assert(cd);
838 assert(hr);
839 assert(volume_key);
840 assert(ret);
841
842 r = crypt_device_to_evp_cipher(cd, &cc);
843 if (r < 0)
844 return r;
845
846 key_size = EVP_CIPHER_key_length(cc);
847 iv_size = EVP_CIPHER_iv_length(cc);
848
849 if (iv_size > 0) {
850 iv = malloc(iv_size);
851 if (!iv)
852 return log_oom();
853
854 r = genuine_random_bytes(iv, iv_size, RANDOM_BLOCK);
855 if (r < 0)
856 return log_error_errno(r, "Failed to generate IV: %m");
857 }
858
859 context = EVP_CIPHER_CTX_new();
860 if (!context)
861 return log_oom();
862
863 if (EVP_EncryptInit_ex(context, cc, NULL, volume_key, iv) != 1)
864 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initialize encryption context.");
865
866 r = json_variant_format(hr->json, 0, &text);
867 if (r < 0)
868 return log_error_errno(r, "Failed to format user record for LUKS: %m");
869
870 text_length = strlen(text);
871 encrypted_size = text_length + 2*key_size - 1;
872
873 encrypted = malloc(encrypted_size);
874 if (!encrypted)
875 return log_oom();
876
877 if (EVP_EncryptUpdate(context, encrypted, &encrypted_size_out1, (uint8_t*) text, text_length) != 1)
878 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to encrypt JSON record.");
879
880 assert((size_t) encrypted_size_out1 <= encrypted_size);
881
882 if (EVP_EncryptFinal_ex(context, (uint8_t*) encrypted + encrypted_size_out1, &encrypted_size_out2) != 1)
883 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to finish encryption of JSON record. ");
884
885 assert((size_t) encrypted_size_out1 + (size_t) encrypted_size_out2 <= encrypted_size);
886
887 r = json_build(&v,
888 JSON_BUILD_OBJECT(
889 JSON_BUILD_PAIR("type", JSON_BUILD_STRING("systemd-homed")),
890 JSON_BUILD_PAIR("keyslots", JSON_BUILD_EMPTY_ARRAY),
891 JSON_BUILD_PAIR("record", JSON_BUILD_BASE64(encrypted, encrypted_size_out1 + encrypted_size_out2)),
892 JSON_BUILD_PAIR("iv", JSON_BUILD_BASE64(iv, iv_size))));
893 if (r < 0)
894 return log_error_errno(r, "Failed to prepare LUKS JSON token object: %m");
895
896 r = json_variant_format(v, 0, ret);
897 if (r < 0)
898 return log_error_errno(r, "Failed to format encrypted user record for LUKS: %m");
899
900 return 0;
901 }
902
903 int home_store_header_identity_luks(
904 UserRecord *h,
905 HomeSetup *setup,
906 UserRecord *old_home) {
907
908 _cleanup_(user_record_unrefp) UserRecord *header_home = NULL;
909 _cleanup_free_ char *text = NULL;
910 int r;
911
912 assert(h);
913
914 if (!setup->crypt_device)
915 return 0;
916
917 assert(setup->volume_key);
918
919 /* Let's store the user's identity record in the LUKS2 "token" header data fields, in an encrypted
920 * fashion. Why that? If we'd rely on the record being embedded in the payload file system itself we
921 * would have to mount the file system before we can validate the JSON record, its signatures and
922 * whether it matches what we are looking for. However, kernel file system implementations are
923 * generally not ready to be used on untrusted media. Hence let's store the record independently of
924 * the file system, so that we can validate it first, and only then mount the file system. To keep
925 * things simple we use the same encryption settings for this record as for the file system itself. */
926
927 r = user_record_clone(h, USER_RECORD_EXTRACT_EMBEDDED|USER_RECORD_PERMISSIVE, &header_home);
928 if (r < 0)
929 return log_error_errno(r, "Failed to determine new header record: %m");
930
931 if (old_home && user_record_equal(old_home, header_home)) {
932 log_debug("Not updating header home record.");
933 return 0;
934 }
935
936 r = format_luks_token_text(setup->crypt_device, header_home, setup->volume_key, &text);
937 if (r < 0)
938 return r;
939
940 for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
941 crypt_token_info state;
942 const char *type;
943
944 state = sym_crypt_token_status(setup->crypt_device, token, &type);
945 if (state == CRYPT_TOKEN_INACTIVE) /* First unconfigured token, we are done */
946 break;
947 if (IN_SET(state, CRYPT_TOKEN_INTERNAL, CRYPT_TOKEN_INTERNAL_UNKNOWN, CRYPT_TOKEN_EXTERNAL))
948 continue; /* Not ours */
949 if (state != CRYPT_TOKEN_EXTERNAL_UNKNOWN)
950 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unexpected token state of token %i: %i", token, (int) state);
951
952 if (!streq(type, "systemd-homed"))
953 continue;
954
955 r = sym_crypt_token_json_set(setup->crypt_device, token, text);
956 if (r < 0)
957 return log_error_errno(r, "Failed to set JSON token for slot %i: %m", token);
958
959 /* Now, let's free the text so that for all further matching tokens we all crypt_json_token_set()
960 * with a NULL text in order to invalidate the tokens. */
961 text = mfree(text);
962 }
963
964 if (text)
965 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Didn't find any record token to update.");
966
967 log_info("Wrote LUKS header user record.");
968
969 return 1;
970 }
971
972 int run_fitrim(int root_fd) {
973 struct fstrim_range range = {
974 .len = UINT64_MAX,
975 };
976
977 /* If discarding is on, discard everything right after mounting, so that the discard setting takes
978 * effect on activation. (Also, optionally, trim on logout) */
979
980 assert(root_fd >= 0);
981
982 if (ioctl(root_fd, FITRIM, &range) < 0) {
983 if (ERRNO_IS_NOT_SUPPORTED(errno) || errno == EBADF) {
984 log_debug_errno(errno, "File system does not support FITRIM, not trimming.");
985 return 0;
986 }
987
988 return log_warning_errno(errno, "Failed to invoke FITRIM, ignoring: %m");
989 }
990
991 log_info("Discarded unused %s.", FORMAT_BYTES(range.len));
992 return 1;
993 }
994
995 int run_fitrim_by_path(const char *root_path) {
996 _cleanup_close_ int root_fd = -1;
997
998 root_fd = open(root_path, O_RDONLY|O_DIRECTORY|O_CLOEXEC);
999 if (root_fd < 0)
1000 return log_error_errno(errno, "Failed to open file system '%s' for trimming: %m", root_path);
1001
1002 return run_fitrim(root_fd);
1003 }
1004
1005 int run_fallocate(int backing_fd, const struct stat *st) {
1006 struct stat stbuf;
1007
1008 assert(backing_fd >= 0);
1009
1010 /* If discarding is off, let's allocate the whole image before mounting, so that the setting takes
1011 * effect on activation */
1012
1013 if (!st) {
1014 if (fstat(backing_fd, &stbuf) < 0)
1015 return log_error_errno(errno, "Failed to fstat(): %m");
1016
1017 st = &stbuf;
1018 }
1019
1020 if (!S_ISREG(st->st_mode))
1021 return 0;
1022
1023 if (st->st_blocks >= DIV_ROUND_UP(st->st_size, 512)) {
1024 log_info("Backing file is fully allocated already.");
1025 return 0;
1026 }
1027
1028 if (fallocate(backing_fd, FALLOC_FL_KEEP_SIZE, 0, st->st_size) < 0) {
1029
1030 if (ERRNO_IS_NOT_SUPPORTED(errno)) {
1031 log_debug_errno(errno, "fallocate() not supported on file system, ignoring.");
1032 return 0;
1033 }
1034
1035 if (ERRNO_IS_DISK_SPACE(errno)) {
1036 log_debug_errno(errno, "Not enough disk space to fully allocate home.");
1037 return -ENOSPC; /* make recognizable */
1038 }
1039
1040 return log_error_errno(errno, "Failed to allocate backing file blocks: %m");
1041 }
1042
1043 log_info("Allocated additional %s.",
1044 FORMAT_BYTES((DIV_ROUND_UP(st->st_size, 512) - st->st_blocks) * 512));
1045 return 1;
1046 }
1047
1048 int run_fallocate_by_path(const char *backing_path) {
1049 _cleanup_close_ int backing_fd = -1;
1050
1051 backing_fd = open(backing_path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
1052 if (backing_fd < 0)
1053 return log_error_errno(errno, "Failed to open '%s' for fallocate(): %m", backing_path);
1054
1055 return run_fallocate(backing_fd, NULL);
1056 }
1057
1058 static int lock_image_fd(int image_fd, const char *ip) {
1059 int r;
1060
1061 /* If the $SYSTEMD_LUKS_LOCK environment variable is set we'll take an exclusive BSD lock on the
1062 * image file, and send it to our parent. homed will keep it open to ensure no other instance of
1063 * homed (across the network or such) will also mount the file. */
1064
1065 r = getenv_bool("SYSTEMD_LUKS_LOCK");
1066 if (r == -ENXIO)
1067 return 0;
1068 if (r < 0)
1069 return log_error_errno(r, "Failed to parse $SYSTEMD_LUKS_LOCK environment variable: %m");
1070 if (r > 0) {
1071 struct stat st;
1072
1073 if (fstat(image_fd, &st) < 0)
1074 return log_error_errno(errno, "Failed to stat image file: %m");
1075 if (S_ISBLK(st.st_mode)) {
1076 /* Locking block devices doesn't really make sense, as this might interfear with
1077 * udev's workings, and these locks aren't network propagated anyway, hence not what
1078 * we are after here. */
1079 log_debug("Not locking image file '%s', since it's a block device.", ip);
1080 return 0;
1081 }
1082 r = stat_verify_regular(&st);
1083 if (r < 0)
1084 return log_error_errno(r, "Image file to lock is not a regular file: %m");
1085
1086 if (flock(image_fd, LOCK_EX|LOCK_NB) < 0) {
1087
1088 if (errno == EWOULDBLOCK)
1089 log_error_errno(errno, "Image file '%s' already locked, can't use.", ip);
1090 else
1091 log_error_errno(errno, "Failed to lock image file '%s': %m", ip);
1092
1093 return errno != EWOULDBLOCK ? -errno : -EADDRINUSE; /* Make error recognizable */
1094 }
1095
1096 log_info("Successfully locked image file '%s'.", ip);
1097
1098 /* Now send it to our parent to keep safe while the home dir is active */
1099 r = sd_pid_notify_with_fds(0, false, "SYSTEMD_LUKS_LOCK_FD=1", &image_fd, 1);
1100 if (r < 0)
1101 log_warning_errno(r, "Failed to send LUKS lock fd to parent, ignoring: %m");
1102 }
1103
1104 return 0;
1105 }
1106
1107 static int open_image_file(
1108 UserRecord *h,
1109 const char *force_image_path,
1110 struct stat *ret_stat) {
1111
1112 _cleanup_close_ int image_fd = -1;
1113 struct stat st;
1114 const char *ip;
1115 int r;
1116
1117 ip = force_image_path ?: user_record_image_path(h);
1118
1119 image_fd = open(ip, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
1120 if (image_fd < 0)
1121 return log_error_errno(errno, "Failed to open image file %s: %m", ip);
1122
1123 if (fstat(image_fd, &st) < 0)
1124 return log_error_errno(errno, "Failed to fstat() image file: %m");
1125 if (!S_ISREG(st.st_mode) && !S_ISBLK(st.st_mode))
1126 return log_error_errno(
1127 S_ISDIR(st.st_mode) ? SYNTHETIC_ERRNO(EISDIR) : SYNTHETIC_ERRNO(EBADFD),
1128 "Image file %s is not a regular file or block device: %m", ip);
1129
1130 r = lock_image_fd(image_fd, ip);
1131 if (r < 0)
1132 return r;
1133
1134 if (ret_stat)
1135 *ret_stat = st;
1136
1137 return TAKE_FD(image_fd);
1138 }
1139
1140 int home_setup_luks(
1141 UserRecord *h,
1142 HomeSetupFlags flags,
1143 const char *force_image_path,
1144 PasswordCache *cache,
1145 HomeSetup *setup,
1146 UserRecord **ret_luks_home) {
1147
1148 sd_id128_t found_partition_uuid, found_luks_uuid, found_fs_uuid;
1149 _cleanup_(user_record_unrefp) UserRecord *luks_home = NULL;
1150 _cleanup_(loop_device_unrefp) LoopDevice *loop = NULL;
1151 _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
1152 _cleanup_(erase_and_freep) void *volume_key = NULL;
1153 _cleanup_close_ int opened_image_fd = -1, root_fd = -1;
1154 bool dm_activated = false, mounted = false;
1155 size_t volume_key_size = 0;
1156 bool marked_dirty = false;
1157 uint64_t offset, size;
1158 int r, image_fd = -1;
1159
1160 assert(h);
1161 assert(setup);
1162 assert(setup->dm_name);
1163 assert(setup->dm_node);
1164
1165 assert(user_record_storage(h) == USER_LUKS);
1166
1167 r = dlopen_cryptsetup();
1168 if (r < 0)
1169 return r;
1170
1171 if (FLAGS_SET(flags, HOME_SETUP_ALREADY_ACTIVATED)) {
1172 struct loop_info64 info;
1173 const char *n;
1174
1175 r = luks_open(setup->dm_name,
1176 h->password,
1177 cache,
1178 &cd,
1179 &found_luks_uuid,
1180 &volume_key,
1181 &volume_key_size);
1182 if (r < 0)
1183 return r;
1184
1185 r = luks_validate_home_record(cd, h, volume_key, cache, &luks_home);
1186 if (r < 0)
1187 return r;
1188
1189 n = sym_crypt_get_device_name(cd);
1190 if (!n)
1191 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to determine backing device for DM %s.", setup->dm_name);
1192
1193 r = loop_device_open(n, O_RDWR, &loop);
1194 if (r < 0)
1195 return log_error_errno(r, "Failed to open loopback device %s: %m", n);
1196
1197 if (ioctl(loop->fd, LOOP_GET_STATUS64, &info) < 0) {
1198 _cleanup_free_ char *sysfs = NULL;
1199 struct stat st;
1200
1201 if (!IN_SET(errno, ENOTTY, EINVAL))
1202 return log_error_errno(errno, "Failed to get block device metrics of %s: %m", n);
1203
1204 if (ioctl(loop->fd, BLKGETSIZE64, &size) < 0)
1205 return log_error_errno(r, "Failed to read block device size of %s: %m", n);
1206
1207 if (fstat(loop->fd, &st) < 0)
1208 return log_error_errno(r, "Failed to stat block device %s: %m", n);
1209 assert(S_ISBLK(st.st_mode));
1210
1211 if (asprintf(&sysfs, "/sys/dev/block/%u:%u/partition", major(st.st_rdev), minor(st.st_rdev)) < 0)
1212 return log_oom();
1213
1214 if (access(sysfs, F_OK) < 0) {
1215 if (errno != ENOENT)
1216 return log_error_errno(errno, "Failed to determine whether %s exists: %m", sysfs);
1217
1218 offset = 0;
1219 } else {
1220 _cleanup_free_ char *buffer = NULL;
1221
1222 if (asprintf(&sysfs, "/sys/dev/block/%u:%u/start", major(st.st_rdev), minor(st.st_rdev)) < 0)
1223 return log_oom();
1224
1225 r = read_one_line_file(sysfs, &buffer);
1226 if (r < 0)
1227 return log_error_errno(r, "Failed to read partition start offset: %m");
1228
1229 r = safe_atou64(buffer, &offset);
1230 if (r < 0)
1231 return log_error_errno(r, "Failed to parse partition start offset: %m");
1232
1233 if (offset > UINT64_MAX / 512U)
1234 return log_error_errno(SYNTHETIC_ERRNO(E2BIG), "Offset too large for 64 byte range, refusing.");
1235
1236 offset *= 512U;
1237 }
1238 } else {
1239 #if HAVE_VALGRIND_MEMCHECK_H
1240 VALGRIND_MAKE_MEM_DEFINED(&info, sizeof(info));
1241 #endif
1242
1243 offset = info.lo_offset;
1244 size = info.lo_sizelimit;
1245 }
1246
1247 found_partition_uuid = found_fs_uuid = SD_ID128_NULL;
1248
1249 log_info("Discovered used loopback device %s.", loop->node);
1250
1251 root_fd = open(user_record_home_directory(h), O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW);
1252 if (root_fd < 0) {
1253 r = log_error_errno(errno, "Failed to open home directory: %m");
1254 goto fail;
1255 }
1256 } else {
1257 _cleanup_free_ char *fstype = NULL, *subdir = NULL;
1258 const char *ip;
1259 struct stat st;
1260
1261 ip = force_image_path ?: user_record_image_path(h);
1262
1263 subdir = path_join("/run/systemd/user-home-mount/", user_record_user_name_and_realm(h));
1264 if (!subdir)
1265 return log_oom();
1266
1267 /* Reuse the image fd if it has already been opened by an earlier step */
1268 if (setup->image_fd < 0) {
1269 opened_image_fd = open_image_file(h, force_image_path, &st);
1270 if (opened_image_fd < 0)
1271 return opened_image_fd;
1272
1273 image_fd = opened_image_fd;
1274 } else
1275 image_fd = setup->image_fd;
1276
1277 r = luks_validate(image_fd, user_record_user_name_and_realm(h), h->partition_uuid, &found_partition_uuid, &offset, &size);
1278 if (r < 0)
1279 return log_error_errno(r, "Failed to validate disk label: %m");
1280
1281 /* Everything before this point left the image untouched. We are now starting to make
1282 * changes, hence mark the image dirty */
1283 marked_dirty = run_mark_dirty(image_fd, true) > 0;
1284
1285 if (!user_record_luks_discard(h)) {
1286 r = run_fallocate(image_fd, &st);
1287 if (r < 0)
1288 return r;
1289 }
1290
1291 r = loop_device_make(image_fd, O_RDWR, offset, size, 0, &loop);
1292 if (r == -ENOENT) {
1293 log_error_errno(r, "Loopback block device support is not available on this system.");
1294 return -ENOLINK; /* make recognizable */
1295 }
1296 if (r < 0)
1297 return log_error_errno(r, "Failed to allocate loopback context: %m");
1298
1299 log_info("Setting up loopback device %s completed.", loop->node ?: ip);
1300
1301 r = luks_setup(loop->node ?: ip,
1302 setup->dm_name,
1303 h->luks_uuid,
1304 h->luks_cipher,
1305 h->luks_cipher_mode,
1306 h->luks_volume_key_size,
1307 h->password,
1308 cache,
1309 user_record_luks_discard(h) || user_record_luks_offline_discard(h),
1310 &cd,
1311 &found_luks_uuid,
1312 &volume_key,
1313 &volume_key_size);
1314 if (r < 0)
1315 return r;
1316
1317 dm_activated = true;
1318
1319 r = luks_validate_home_record(cd, h, volume_key, cache, &luks_home);
1320 if (r < 0)
1321 goto fail;
1322
1323 r = fs_validate(setup->dm_node, h->file_system_uuid, &fstype, &found_fs_uuid);
1324 if (r < 0)
1325 goto fail;
1326
1327 r = run_fsck(setup->dm_node, fstype);
1328 if (r < 0)
1329 goto fail;
1330
1331 r = home_unshare_and_mount(setup->dm_node, fstype, user_record_luks_discard(h), user_record_mount_flags(h));
1332 if (r < 0)
1333 goto fail;
1334
1335 mounted = true;
1336
1337 root_fd = open(subdir, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW);
1338 if (root_fd < 0) {
1339 r = log_error_errno(errno, "Failed to open home directory: %m");
1340 goto fail;
1341 }
1342
1343 if (user_record_luks_discard(h))
1344 (void) run_fitrim(root_fd);
1345
1346 /* And now, fill in everything */
1347 if (opened_image_fd >= 0) {
1348 safe_close(setup->image_fd);
1349 setup->image_fd = TAKE_FD(opened_image_fd);
1350 }
1351
1352 setup->do_offline_fallocate = !(setup->do_offline_fitrim = user_record_luks_offline_discard(h));
1353 setup->do_mark_clean = marked_dirty;
1354 }
1355
1356 setup->loop = TAKE_PTR(loop);
1357 setup->crypt_device = TAKE_PTR(cd);
1358 setup->root_fd = TAKE_FD(root_fd);
1359 setup->found_partition_uuid = found_partition_uuid;
1360 setup->found_luks_uuid = found_luks_uuid;
1361 setup->found_fs_uuid = found_fs_uuid;
1362 setup->partition_offset = offset;
1363 setup->partition_size = size;
1364 setup->volume_key = TAKE_PTR(volume_key);
1365 setup->volume_key_size = volume_key_size;
1366
1367 setup->undo_mount = mounted;
1368 setup->undo_dm = dm_activated;
1369
1370 if (ret_luks_home)
1371 *ret_luks_home = TAKE_PTR(luks_home);
1372
1373 return 0;
1374
1375 fail:
1376 if (mounted)
1377 (void) umount_verbose(LOG_ERR, "/run/systemd/user-home-mount", UMOUNT_NOFOLLOW);
1378
1379 if (dm_activated)
1380 (void) sym_crypt_deactivate_by_name(cd, setup->dm_name, 0);
1381
1382 if (image_fd >= 0 && marked_dirty)
1383 (void) run_mark_dirty(image_fd, false);
1384
1385 return r;
1386 }
1387
1388 static void print_size_summary(uint64_t host_size, uint64_t encrypted_size, struct statfs *sfs) {
1389 assert(sfs);
1390
1391 log_info("Image size is %s, file system size is %s, file system payload size is %s, file system free is %s.",
1392 FORMAT_BYTES(host_size),
1393 FORMAT_BYTES(encrypted_size),
1394 FORMAT_BYTES((uint64_t) sfs->f_blocks * (uint64_t) sfs->f_frsize),
1395 FORMAT_BYTES((uint64_t) sfs->f_bfree * (uint64_t) sfs->f_frsize));
1396 }
1397
1398 int home_activate_luks(
1399 UserRecord *h,
1400 HomeSetup *setup,
1401 PasswordCache *cache,
1402 UserRecord **ret_home) {
1403
1404 _cleanup_(user_record_unrefp) UserRecord *new_home = NULL, *luks_home_record = NULL;
1405 uint64_t host_size, encrypted_size;
1406 const char *hdo, *hd;
1407 struct statfs sfs;
1408 int r;
1409
1410 assert(h);
1411 assert(user_record_storage(h) == USER_LUKS);
1412 assert(setup);
1413 assert(ret_home);
1414
1415 r = dlopen_cryptsetup();
1416 if (r < 0)
1417 return r;
1418
1419 assert_se(hdo = user_record_home_directory(h));
1420 hd = strdupa_safe(hdo); /* copy the string out, since it might change later in the home record object */
1421
1422 r = home_get_state_luks(h, setup);
1423 if (r < 0)
1424 return r;
1425 if (r > 0)
1426 return log_error_errno(SYNTHETIC_ERRNO(EEXIST), "Device mapper device %s already exists, refusing.", setup->dm_node);
1427
1428 r = home_setup_luks(
1429 h,
1430 0,
1431 NULL,
1432 cache,
1433 setup,
1434 &luks_home_record);
1435 if (r < 0)
1436 return r;
1437
1438 r = block_get_size_by_fd(setup->loop->fd, &host_size);
1439 if (r < 0)
1440 return log_error_errno(r, "Failed to get loopback block device size: %m");
1441
1442 r = block_get_size_by_path(setup->dm_node, &encrypted_size);
1443 if (r < 0)
1444 return log_error_errno(r, "Failed to get LUKS block device size: %m");
1445
1446 r = home_refresh(
1447 h,
1448 setup,
1449 luks_home_record,
1450 cache,
1451 &sfs,
1452 &new_home);
1453 if (r < 0)
1454 return r;
1455
1456 r = home_extend_embedded_identity(new_home, h, setup);
1457 if (r < 0)
1458 return r;
1459
1460 setup->root_fd = safe_close(setup->root_fd);
1461
1462 r = home_move_mount(user_record_user_name_and_realm(h), hd);
1463 if (r < 0)
1464 return r;
1465
1466 setup->undo_mount = false;
1467 setup->do_offline_fitrim = false;
1468
1469 loop_device_relinquish(setup->loop);
1470
1471 r = sym_crypt_deactivate_by_name(NULL, setup->dm_name, CRYPT_DEACTIVATE_DEFERRED);
1472 if (r < 0)
1473 log_warning_errno(r, "Failed to relinquish DM device, ignoring: %m");
1474
1475 setup->undo_dm = false;
1476 setup->do_offline_fallocate = false;
1477 setup->do_mark_clean = false;
1478
1479 log_info("Everything completed.");
1480
1481 print_size_summary(host_size, encrypted_size, &sfs);
1482
1483 *ret_home = TAKE_PTR(new_home);
1484 return 1;
1485 }
1486
1487 int home_deactivate_luks(UserRecord *h) {
1488 _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
1489 _cleanup_free_ char *dm_name = NULL, *dm_node = NULL;
1490 bool we_detached;
1491 int r;
1492
1493 /* Note that the DM device and loopback device are set to auto-detach, hence strictly speaking we
1494 * don't have to explicitly have to detach them. However, we do that nonetheless (in case of the DM
1495 * device), to avoid races: by explicitly detaching them we know when the detaching is complete. We
1496 * don't bother about the loopback device because unlike the DM device it doesn't have a fixed
1497 * name. */
1498
1499 r = dlopen_cryptsetup();
1500 if (r < 0)
1501 return r;
1502
1503 r = make_dm_names(h->user_name, &dm_name, &dm_node);
1504 if (r < 0)
1505 return r;
1506
1507 r = sym_crypt_init_by_name(&cd, dm_name);
1508 if (IN_SET(r, -ENODEV, -EINVAL, -ENOENT)) {
1509 log_debug_errno(r, "LUKS device %s has already been detached.", dm_name);
1510 we_detached = false;
1511 } else if (r < 0)
1512 return log_error_errno(r, "Failed to initialize cryptsetup context for %s: %m", dm_name);
1513 else {
1514 log_info("Discovered used LUKS device %s.", dm_node);
1515
1516 cryptsetup_enable_logging(cd);
1517
1518 r = sym_crypt_deactivate_by_name(cd, dm_name, 0);
1519 if (IN_SET(r, -ENODEV, -EINVAL, -ENOENT)) {
1520 log_debug_errno(r, "LUKS device %s is already detached.", dm_node);
1521 we_detached = false;
1522 } else if (r < 0)
1523 return log_info_errno(r, "LUKS device %s couldn't be deactivated: %m", dm_node);
1524 else {
1525 log_info("LUKS device detaching completed.");
1526 we_detached = true;
1527 }
1528 }
1529
1530 if (user_record_luks_offline_discard(h))
1531 log_debug("Not allocating on logout.");
1532 else
1533 (void) run_fallocate_by_path(user_record_image_path(h));
1534
1535 run_mark_dirty_by_path(user_record_image_path(h), false);
1536 return we_detached;
1537 }
1538
1539 int home_trim_luks(UserRecord *h) {
1540 assert(h);
1541
1542 if (!user_record_luks_offline_discard(h)) {
1543 log_debug("Not trimming on logout.");
1544 return 0;
1545 }
1546
1547 (void) run_fitrim_by_path(user_record_home_directory(h));
1548 return 0;
1549 }
1550
1551 static struct crypt_pbkdf_type* build_good_pbkdf(struct crypt_pbkdf_type *buffer, UserRecord *hr) {
1552 assert(buffer);
1553 assert(hr);
1554
1555 *buffer = (struct crypt_pbkdf_type) {
1556 .hash = user_record_luks_pbkdf_hash_algorithm(hr),
1557 .type = user_record_luks_pbkdf_type(hr),
1558 .time_ms = user_record_luks_pbkdf_time_cost_usec(hr) / USEC_PER_MSEC,
1559 .max_memory_kb = user_record_luks_pbkdf_memory_cost(hr) / 1024,
1560 .parallel_threads = user_record_luks_pbkdf_parallel_threads(hr),
1561 };
1562
1563 return buffer;
1564 }
1565
1566 static struct crypt_pbkdf_type* build_minimal_pbkdf(struct crypt_pbkdf_type *buffer, UserRecord *hr) {
1567 assert(buffer);
1568 assert(hr);
1569
1570 /* For PKCS#11 derived keys (which are generated randomly and are of high quality already) we use a
1571 * minimal PBKDF */
1572 *buffer = (struct crypt_pbkdf_type) {
1573 .hash = user_record_luks_pbkdf_hash_algorithm(hr),
1574 .type = CRYPT_KDF_PBKDF2,
1575 .iterations = 1,
1576 .time_ms = 1,
1577 };
1578
1579 return buffer;
1580 }
1581
1582 static int luks_format(
1583 const char *node,
1584 const char *dm_name,
1585 sd_id128_t uuid,
1586 const char *label,
1587 const PasswordCache *cache,
1588 char **effective_passwords,
1589 bool discard,
1590 UserRecord *hr,
1591 struct crypt_device **ret) {
1592
1593 _cleanup_(user_record_unrefp) UserRecord *reduced = NULL;
1594 _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
1595 _cleanup_(erase_and_freep) void *volume_key = NULL;
1596 struct crypt_pbkdf_type good_pbkdf, minimal_pbkdf;
1597 _cleanup_free_ char *text = NULL;
1598 size_t volume_key_size;
1599 int slot = 0, r;
1600 char **pp;
1601
1602 assert(node);
1603 assert(dm_name);
1604 assert(hr);
1605 assert(ret);
1606
1607 r = sym_crypt_init(&cd, node);
1608 if (r < 0)
1609 return log_error_errno(r, "Failed to allocate libcryptsetup context: %m");
1610
1611 cryptsetup_enable_logging(cd);
1612
1613 /* Normally we'd, just leave volume key generation to libcryptsetup. However, we can't, since we
1614 * can't extract the volume key from the library again, but we need it in order to encrypt the JSON
1615 * record. Hence, let's generate it on our own, so that we can keep track of it. */
1616
1617 volume_key_size = user_record_luks_volume_key_size(hr);
1618 volume_key = malloc(volume_key_size);
1619 if (!volume_key)
1620 return log_oom();
1621
1622 r = genuine_random_bytes(volume_key, volume_key_size, RANDOM_BLOCK);
1623 if (r < 0)
1624 return log_error_errno(r, "Failed to generate volume key: %m");
1625
1626 #if HAVE_CRYPT_SET_METADATA_SIZE
1627 /* Increase the metadata space to 4M, the largest LUKS2 supports */
1628 r = sym_crypt_set_metadata_size(cd, 4096U*1024U, 0);
1629 if (r < 0)
1630 return log_error_errno(r, "Failed to change LUKS2 metadata size: %m");
1631 #endif
1632
1633 build_good_pbkdf(&good_pbkdf, hr);
1634 build_minimal_pbkdf(&minimal_pbkdf, hr);
1635
1636 r = sym_crypt_format(
1637 cd,
1638 CRYPT_LUKS2,
1639 user_record_luks_cipher(hr),
1640 user_record_luks_cipher_mode(hr),
1641 ID128_TO_UUID_STRING(uuid),
1642 volume_key,
1643 volume_key_size,
1644 &(struct crypt_params_luks2) {
1645 .label = label,
1646 .subsystem = "systemd-home",
1647 .sector_size = 512U,
1648 .pbkdf = &good_pbkdf,
1649 });
1650 if (r < 0)
1651 return log_error_errno(r, "Failed to format LUKS image: %m");
1652
1653 log_info("LUKS formatting completed.");
1654
1655 STRV_FOREACH(pp, effective_passwords) {
1656
1657 if (password_cache_contains(cache, *pp)) { /* is this a fido2 or pkcs11 password? */
1658 log_debug("Using minimal PBKDF for slot %i", slot);
1659 r = sym_crypt_set_pbkdf_type(cd, &minimal_pbkdf);
1660 } else {
1661 log_debug("Using good PBKDF for slot %i", slot);
1662 r = sym_crypt_set_pbkdf_type(cd, &good_pbkdf);
1663 }
1664 if (r < 0)
1665 return log_error_errno(r, "Failed to tweak PBKDF for slot %i: %m", slot);
1666
1667 r = sym_crypt_keyslot_add_by_volume_key(
1668 cd,
1669 slot,
1670 volume_key,
1671 volume_key_size,
1672 *pp,
1673 strlen(*pp));
1674 if (r < 0)
1675 return log_error_errno(r, "Failed to set up LUKS password for slot %i: %m", slot);
1676
1677 log_info("Writing password to LUKS keyslot %i completed.", slot);
1678 slot++;
1679 }
1680
1681 r = sym_crypt_activate_by_volume_key(
1682 cd,
1683 dm_name,
1684 volume_key,
1685 volume_key_size,
1686 discard ? CRYPT_ACTIVATE_ALLOW_DISCARDS : 0);
1687 if (r < 0)
1688 return log_error_errno(r, "Failed to activate LUKS superblock: %m");
1689
1690 log_info("LUKS activation by volume key succeeded.");
1691
1692 r = user_record_clone(hr, USER_RECORD_EXTRACT_EMBEDDED|USER_RECORD_PERMISSIVE, &reduced);
1693 if (r < 0)
1694 return log_error_errno(r, "Failed to prepare home record for LUKS: %m");
1695
1696 r = format_luks_token_text(cd, reduced, volume_key, &text);
1697 if (r < 0)
1698 return r;
1699
1700 r = sym_crypt_token_json_set(cd, CRYPT_ANY_TOKEN, text);
1701 if (r < 0)
1702 return log_error_errno(r, "Failed to set LUKS JSON token: %m");
1703
1704 log_info("Writing user record as LUKS token completed.");
1705
1706 if (ret)
1707 *ret = TAKE_PTR(cd);
1708
1709 return 0;
1710 }
1711
1712 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct fdisk_context*, fdisk_unref_context, NULL);
1713 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct fdisk_partition*, fdisk_unref_partition, NULL);
1714 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct fdisk_parttype*, fdisk_unref_parttype, NULL);
1715 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct fdisk_table*, fdisk_unref_table, NULL);
1716
1717 static int make_partition_table(
1718 int fd,
1719 const char *label,
1720 sd_id128_t uuid,
1721 uint64_t *ret_offset,
1722 uint64_t *ret_size,
1723 sd_id128_t *ret_disk_uuid) {
1724
1725 _cleanup_(fdisk_unref_partitionp) struct fdisk_partition *p = NULL, *q = NULL;
1726 _cleanup_(fdisk_unref_parttypep) struct fdisk_parttype *t = NULL;
1727 _cleanup_(fdisk_unref_contextp) struct fdisk_context *c = NULL;
1728 _cleanup_free_ char *path = NULL, *disk_uuid_as_string = NULL;
1729 uint64_t offset, size, first_lba, start, last_lba, end;
1730 sd_id128_t disk_uuid;
1731 int r;
1732
1733 assert(fd >= 0);
1734 assert(label);
1735 assert(ret_offset);
1736 assert(ret_size);
1737
1738 t = fdisk_new_parttype();
1739 if (!t)
1740 return log_oom();
1741
1742 r = fdisk_parttype_set_typestr(t, "773f91ef-66d4-49b5-bd83-d683bf40ad16");
1743 if (r < 0)
1744 return log_error_errno(r, "Failed to initialize partition type: %m");
1745
1746 c = fdisk_new_context();
1747 if (!c)
1748 return log_oom();
1749
1750 if (asprintf(&path, "/proc/self/fd/%i", fd) < 0)
1751 return log_oom();
1752
1753 r = fdisk_assign_device(c, path, 0);
1754 if (r < 0)
1755 return log_error_errno(r, "Failed to open device: %m");
1756
1757 r = fdisk_create_disklabel(c, "gpt");
1758 if (r < 0)
1759 return log_error_errno(r, "Failed to create GPT disk label: %m");
1760
1761 p = fdisk_new_partition();
1762 if (!p)
1763 return log_oom();
1764
1765 r = fdisk_partition_set_type(p, t);
1766 if (r < 0)
1767 return log_error_errno(r, "Failed to set partition type: %m");
1768
1769 r = fdisk_partition_partno_follow_default(p, 1);
1770 if (r < 0)
1771 return log_error_errno(r, "Failed to place partition at first free partition index: %m");
1772
1773 first_lba = fdisk_get_first_lba(c); /* Boundary where usable space starts */
1774 assert(first_lba <= UINT64_MAX/512);
1775 start = DISK_SIZE_ROUND_UP(first_lba * 512); /* Round up to multiple of 4K */
1776
1777 if (start == UINT64_MAX)
1778 return log_error_errno(SYNTHETIC_ERRNO(ERANGE), "Overflow while rounding up start LBA.");
1779
1780 last_lba = fdisk_get_last_lba(c); /* One sector before boundary where usable space ends */
1781 assert(last_lba < UINT64_MAX/512);
1782 end = DISK_SIZE_ROUND_DOWN((last_lba + 1) * 512); /* Round down to multiple of 4K */
1783
1784 if (end <= start)
1785 return log_error_errno(SYNTHETIC_ERRNO(ERANGE), "Resulting partition size zero or negative.");
1786
1787 r = fdisk_partition_set_start(p, start / 512);
1788 if (r < 0)
1789 return log_error_errno(r, "Failed to place partition at offset %" PRIu64 ": %m", start);
1790
1791 r = fdisk_partition_set_size(p, (end - start) / 512);
1792 if (r < 0)
1793 return log_error_errno(r, "Failed to end partition at offset %" PRIu64 ": %m", end);
1794
1795 r = fdisk_partition_set_name(p, label);
1796 if (r < 0)
1797 return log_error_errno(r, "Failed to set partition name: %m");
1798
1799 r = fdisk_partition_set_uuid(p, ID128_TO_UUID_STRING(uuid));
1800 if (r < 0)
1801 return log_error_errno(r, "Failed to set partition UUID: %m");
1802
1803 r = fdisk_add_partition(c, p, NULL);
1804 if (r < 0)
1805 return log_error_errno(r, "Failed to add partition: %m");
1806
1807 r = fdisk_write_disklabel(c);
1808 if (r < 0)
1809 return log_error_errno(r, "Failed to write disk label: %m");
1810
1811 r = fdisk_get_disklabel_id(c, &disk_uuid_as_string);
1812 if (r < 0)
1813 return log_error_errno(r, "Failed to determine disk label UUID: %m");
1814
1815 r = sd_id128_from_string(disk_uuid_as_string, &disk_uuid);
1816 if (r < 0)
1817 return log_error_errno(r, "Failed to parse disk label UUID: %m");
1818
1819 r = fdisk_get_partition(c, 0, &q);
1820 if (r < 0)
1821 return log_error_errno(r, "Failed to read created partition metadata: %m");
1822
1823 assert(fdisk_partition_has_start(q));
1824 offset = fdisk_partition_get_start(q);
1825 if (offset > UINT64_MAX / 512U)
1826 return log_error_errno(SYNTHETIC_ERRNO(ERANGE), "Partition offset too large.");
1827
1828 assert(fdisk_partition_has_size(q));
1829 size = fdisk_partition_get_size(q);
1830 if (size > UINT64_MAX / 512U)
1831 return log_error_errno(SYNTHETIC_ERRNO(ERANGE), "Partition size too large.");
1832
1833 *ret_offset = offset * 512U;
1834 *ret_size = size * 512U;
1835 *ret_disk_uuid = disk_uuid;
1836
1837 return 0;
1838 }
1839
1840 static bool supported_fs_size(const char *fstype, uint64_t host_size) {
1841 uint64_t m;
1842
1843 m = minimal_size_by_fs_name(fstype);
1844 if (m == UINT64_MAX)
1845 return false;
1846
1847 return host_size >= m;
1848 }
1849
1850 static int wait_for_devlink(const char *path) {
1851 _cleanup_close_ int inotify_fd = -1;
1852 usec_t until;
1853 int r;
1854
1855 /* let's wait for a device link to show up in /dev, with a timeout. This is good to do since we
1856 * return a /dev/disk/by-uuid/… link to our callers and they likely want to access it right-away,
1857 * hence let's wait until udev has caught up with our changes, and wait for the symlink to be
1858 * created. */
1859
1860 until = usec_add(now(CLOCK_MONOTONIC), 45 * USEC_PER_SEC);
1861
1862 for (;;) {
1863 _cleanup_free_ char *dn = NULL;
1864 usec_t w;
1865
1866 if (laccess(path, F_OK) < 0) {
1867 if (errno != ENOENT)
1868 return log_error_errno(errno, "Failed to determine whether %s exists: %m", path);
1869 } else
1870 return 0; /* Found it */
1871
1872 if (inotify_fd < 0) {
1873 /* We need to wait for the device symlink to show up, let's create an inotify watch for it */
1874 inotify_fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
1875 if (inotify_fd < 0)
1876 return log_error_errno(errno, "Failed to allocate inotify fd: %m");
1877 }
1878
1879 dn = dirname_malloc(path);
1880 for (;;) {
1881 if (!dn)
1882 return log_oom();
1883
1884 log_info("Watching %s", dn);
1885
1886 if (inotify_add_watch(inotify_fd, dn, IN_CREATE|IN_MOVED_TO|IN_ONLYDIR|IN_DELETE_SELF|IN_MOVE_SELF) < 0) {
1887 if (errno != ENOENT)
1888 return log_error_errno(errno, "Failed to add watch on %s: %m", dn);
1889 } else
1890 break;
1891
1892 if (empty_or_root(dn))
1893 break;
1894
1895 dn = dirname_malloc(dn);
1896 }
1897
1898 w = now(CLOCK_MONOTONIC);
1899 if (w >= until)
1900 return log_error_errno(SYNTHETIC_ERRNO(ETIMEDOUT), "Device link %s still hasn't shown up, giving up.", path);
1901
1902 r = fd_wait_for_event(inotify_fd, POLLIN, usec_sub_unsigned(until, w));
1903 if (r < 0)
1904 return log_error_errno(r, "Failed to watch inotify: %m");
1905
1906 (void) flush_fd(inotify_fd);
1907 }
1908 }
1909
1910 static int calculate_disk_size(UserRecord *h, const char *parent_dir, uint64_t *ret) {
1911 struct statfs sfs;
1912 uint64_t m;
1913
1914 assert(h);
1915 assert(parent_dir);
1916 assert(ret);
1917
1918 if (h->disk_size != UINT64_MAX) {
1919 *ret = DISK_SIZE_ROUND_DOWN(h->disk_size);
1920 return 0;
1921 }
1922
1923 if (statfs(parent_dir, &sfs) < 0)
1924 return log_error_errno(errno, "statfs() on %s failed: %m", parent_dir);
1925
1926 m = sfs.f_bsize * sfs.f_bavail;
1927
1928 if (h->disk_size_relative == UINT64_MAX) {
1929
1930 if (m > UINT64_MAX / USER_DISK_SIZE_DEFAULT_PERCENT)
1931 return log_error_errno(SYNTHETIC_ERRNO(EOVERFLOW), "Disk size too large.");
1932
1933 *ret = DISK_SIZE_ROUND_DOWN(m * USER_DISK_SIZE_DEFAULT_PERCENT / 100);
1934
1935 log_info("Sizing home to %u%% of available disk space, which is %s.",
1936 USER_DISK_SIZE_DEFAULT_PERCENT,
1937 FORMAT_BYTES(*ret));
1938 } else {
1939 *ret = DISK_SIZE_ROUND_DOWN((uint64_t) ((double) m * (double) h->disk_size_relative / (double) UINT32_MAX));
1940
1941 log_info("Sizing home to %" PRIu64 ".%01" PRIu64 "%% of available disk space, which is %s.",
1942 (h->disk_size_relative * 100) / UINT32_MAX,
1943 ((h->disk_size_relative * 1000) / UINT32_MAX) % 10,
1944 FORMAT_BYTES(*ret));
1945 }
1946
1947 if (*ret < USER_DISK_SIZE_MIN)
1948 *ret = USER_DISK_SIZE_MIN;
1949
1950 return 0;
1951 }
1952
1953 static int home_truncate(
1954 UserRecord *h,
1955 int fd,
1956 const char *path,
1957 uint64_t size) {
1958
1959 bool trunc;
1960 int r;
1961
1962 assert(h);
1963 assert(fd >= 0);
1964 assert(path);
1965
1966 trunc = user_record_luks_discard(h);
1967 if (!trunc) {
1968 r = fallocate(fd, 0, 0, size);
1969 if (r < 0 && ERRNO_IS_NOT_SUPPORTED(errno)) {
1970 /* Some file systems do not support fallocate(), let's gracefully degrade
1971 * (ZFS, reiserfs, …) and fall back to truncation */
1972 log_notice_errno(errno, "Backing file system does not support fallocate(), falling back to ftruncate(), i.e. implicitly using non-discard mode.");
1973 trunc = true;
1974 }
1975 }
1976
1977 if (trunc)
1978 r = ftruncate(fd, size);
1979
1980 if (r < 0) {
1981 if (ERRNO_IS_DISK_SPACE(errno)) {
1982 log_error_errno(errno, "Not enough disk space to allocate home.");
1983 return -ENOSPC; /* make recognizable */
1984 }
1985
1986 return log_error_errno(errno, "Failed to truncate home image %s: %m", path);
1987 }
1988
1989 return 0;
1990 }
1991
1992 int home_create_luks(
1993 UserRecord *h,
1994 const PasswordCache *cache,
1995 char **effective_passwords,
1996 UserRecord **ret_home) {
1997
1998 _cleanup_free_ char *dm_name = NULL, *dm_node = NULL, *subdir = NULL, *disk_uuid_path = NULL, *temporary_image_path = NULL;
1999 uint64_t encrypted_size,
2000 host_size = 0, partition_offset = 0, partition_size = 0; /* Unnecessary initialization to appease gcc */
2001 bool image_created = false, dm_activated = false, mounted = false;
2002 _cleanup_(user_record_unrefp) UserRecord *new_home = NULL;
2003 sd_id128_t partition_uuid, fs_uuid, luks_uuid, disk_uuid;
2004 _cleanup_(loop_device_unrefp) LoopDevice *loop = NULL;
2005 _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
2006 _cleanup_close_ int image_fd = -1, root_fd = -1;
2007 const char *fstype, *ip;
2008 struct statfs sfs;
2009 int r;
2010
2011 assert(h);
2012 assert(h->storage < 0 || h->storage == USER_LUKS);
2013 assert(ret_home);
2014
2015 r = dlopen_cryptsetup();
2016 if (r < 0)
2017 return r;
2018
2019 assert_se(ip = user_record_image_path(h));
2020
2021 fstype = user_record_file_system_type(h);
2022 if (!supported_fstype(fstype))
2023 return log_error_errno(SYNTHETIC_ERRNO(EPROTONOSUPPORT), "Unsupported file system type: %s", fstype);
2024
2025 r = mkfs_exists(fstype);
2026 if (r < 0)
2027 return log_error_errno(r, "Failed to check if mkfs binary for %s exists: %m", fstype);
2028 if (r == 0) {
2029 if (h->file_system_type || streq(fstype, "ext4") || !supported_fstype("ext4"))
2030 return log_error_errno(SYNTHETIC_ERRNO(EPROTONOSUPPORT), "mkfs binary for file system type %s does not exist.", fstype);
2031
2032 /* If the record does not explicitly declare a file system to use, and the compiled-in
2033 * default does not actually exist, than do an automatic fallback onto ext4, as the baseline
2034 * fs of Linux. We won't search for a working fs type here beyond ext4, i.e. nothing fancier
2035 * than a single, conservative fallback to baseline. This should be useful in minimal
2036 * environments where mkfs.btrfs or so are not made available, but mkfs.ext4 as Linux' most
2037 * boring, most basic fs is. */
2038 log_info("Formatting tool for compiled-in default file system %s not available, falling back to ext4 instead.", fstype);
2039 fstype = "ext4";
2040 }
2041
2042 if (sd_id128_is_null(h->partition_uuid)) {
2043 r = sd_id128_randomize(&partition_uuid);
2044 if (r < 0)
2045 return log_error_errno(r, "Failed to acquire partition UUID: %m");
2046 } else
2047 partition_uuid = h->partition_uuid;
2048
2049 if (sd_id128_is_null(h->luks_uuid)) {
2050 r = sd_id128_randomize(&luks_uuid);
2051 if (r < 0)
2052 return log_error_errno(r, "Failed to acquire LUKS UUID: %m");
2053 } else
2054 luks_uuid = h->luks_uuid;
2055
2056 if (sd_id128_is_null(h->file_system_uuid)) {
2057 r = sd_id128_randomize(&fs_uuid);
2058 if (r < 0)
2059 return log_error_errno(r, "Failed to acquire file system UUID: %m");
2060 } else
2061 fs_uuid = h->file_system_uuid;
2062
2063 r = make_dm_names(h->user_name, &dm_name, &dm_node);
2064 if (r < 0)
2065 return r;
2066
2067 r = access(dm_node, F_OK);
2068 if (r < 0) {
2069 if (errno != ENOENT)
2070 return log_error_errno(errno, "Failed to determine whether %s exists: %m", dm_node);
2071 } else
2072 return log_error_errno(SYNTHETIC_ERRNO(EEXIST), "Device mapper device %s already exists, refusing.", dm_node);
2073
2074 if (path_startswith(ip, "/dev/")) {
2075 _cleanup_free_ char *sysfs = NULL;
2076 uint64_t block_device_size;
2077 struct stat st;
2078
2079 /* Let's place the home directory on a real device, i.e. an USB stick or such */
2080
2081 image_fd = open(ip, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
2082 if (image_fd < 0)
2083 return log_error_errno(errno, "Failed to open device %s: %m", ip);
2084
2085 if (fstat(image_fd, &st) < 0)
2086 return log_error_errno(errno, "Failed to stat device %s: %m", ip);
2087 if (!S_ISBLK(st.st_mode))
2088 return log_error_errno(SYNTHETIC_ERRNO(ENOTBLK), "Device is not a block device, refusing.");
2089
2090 if (asprintf(&sysfs, "/sys/dev/block/%u:%u/partition", major(st.st_rdev), minor(st.st_rdev)) < 0)
2091 return log_oom();
2092 if (access(sysfs, F_OK) < 0) {
2093 if (errno != ENOENT)
2094 return log_error_errno(errno, "Failed to check whether %s exists: %m", sysfs);
2095 } else
2096 return log_error_errno(SYNTHETIC_ERRNO(ENOTBLK), "Operating on partitions is currently not supported, sorry. Please specify a top-level block device.");
2097
2098 if (flock(image_fd, LOCK_EX) < 0) /* make sure udev doesn't read from it while we operate on the device */
2099 return log_error_errno(errno, "Failed to lock block device %s: %m", ip);
2100
2101 if (ioctl(image_fd, BLKGETSIZE64, &block_device_size) < 0)
2102 return log_error_errno(errno, "Failed to read block device size: %m");
2103
2104 if (h->disk_size == UINT64_MAX) {
2105
2106 /* If a relative disk size is requested, apply it relative to the block device size */
2107 if (h->disk_size_relative < UINT32_MAX)
2108 host_size = CLAMP(DISK_SIZE_ROUND_DOWN(block_device_size * h->disk_size_relative / UINT32_MAX),
2109 USER_DISK_SIZE_MIN, USER_DISK_SIZE_MAX);
2110 else
2111 host_size = block_device_size; /* Otherwise, take the full device */
2112
2113 } else if (h->disk_size > block_device_size)
2114 return log_error_errno(SYNTHETIC_ERRNO(EMSGSIZE), "Selected disk size larger than backing block device, refusing.");
2115 else
2116 host_size = DISK_SIZE_ROUND_DOWN(h->disk_size);
2117
2118 if (!supported_fs_size(fstype, host_size))
2119 return log_error_errno(SYNTHETIC_ERRNO(ERANGE),
2120 "Selected file system size too small for %s.", fstype);
2121
2122 /* After creation we should reference this partition by its UUID instead of the block
2123 * device. That's preferable since the user might have specified a device node such as
2124 * /dev/sdb to us, which might look very different when replugged. */
2125 if (asprintf(&disk_uuid_path, "/dev/disk/by-uuid/" SD_ID128_UUID_FORMAT_STR, SD_ID128_FORMAT_VAL(luks_uuid)) < 0)
2126 return log_oom();
2127
2128 if (user_record_luks_discard(h) || user_record_luks_offline_discard(h)) {
2129 /* If we want online or offline discard, discard once before we start using things. */
2130
2131 if (ioctl(image_fd, BLKDISCARD, (uint64_t[]) { 0, block_device_size }) < 0)
2132 log_full_errno(errno == EOPNOTSUPP ? LOG_DEBUG : LOG_WARNING, errno,
2133 "Failed to issue full-device BLKDISCARD on device, ignoring: %m");
2134 else
2135 log_info("Full device discard completed.");
2136 }
2137 } else {
2138 _cleanup_free_ char *parent = NULL;
2139
2140 parent = dirname_malloc(ip);
2141 if (!parent)
2142 return log_oom();
2143
2144 r = mkdir_p(parent, 0755);
2145 if (r < 0)
2146 return log_error_errno(r, "Failed to create parent directory %s: %m", parent);
2147
2148 r = calculate_disk_size(h, parent, &host_size);
2149 if (r < 0)
2150 return r;
2151
2152 if (!supported_fs_size(fstype, host_size))
2153 return log_error_errno(SYNTHETIC_ERRNO(ERANGE), "Selected file system size too small for %s.", fstype);
2154
2155 r = tempfn_random(ip, "homework", &temporary_image_path);
2156 if (r < 0)
2157 return log_error_errno(r, "Failed to derive temporary file name for %s: %m", ip);
2158
2159 image_fd = open(temporary_image_path, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0600);
2160 if (image_fd < 0)
2161 return log_error_errno(errno, "Failed to create home image %s: %m", temporary_image_path);
2162
2163 image_created = true;
2164
2165 r = chattr_fd(image_fd, FS_NOCOW_FL, FS_NOCOW_FL, NULL);
2166 if (r < 0)
2167 log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) ? LOG_DEBUG : LOG_WARNING, r,
2168 "Failed to set file attributes on %s, ignoring: %m", temporary_image_path);
2169
2170 r = home_truncate(h, image_fd, temporary_image_path, host_size);
2171 if (r < 0)
2172 goto fail;
2173
2174 log_info("Allocating image file completed.");
2175 }
2176
2177 r = make_partition_table(
2178 image_fd,
2179 user_record_user_name_and_realm(h),
2180 partition_uuid,
2181 &partition_offset,
2182 &partition_size,
2183 &disk_uuid);
2184 if (r < 0)
2185 goto fail;
2186
2187 log_info("Writing of partition table completed.");
2188
2189 r = loop_device_make(image_fd, O_RDWR, partition_offset, partition_size, 0, &loop);
2190 if (r < 0) {
2191 if (r == -ENOENT) { /* this means /dev/loop-control doesn't exist, i.e. we are in a container
2192 * or similar and loopback bock devices are not available, return a
2193 * recognizable error in this case. */
2194 log_error_errno(r, "Loopback block device support is not available on this system.");
2195 r = -ENOLINK;
2196 goto fail;
2197 }
2198
2199 log_error_errno(r, "Failed to set up loopback device for %s: %m", temporary_image_path);
2200 goto fail;
2201 }
2202
2203 r = loop_device_flock(loop, LOCK_EX); /* make sure udev won't read before we are done */
2204 if (r < 0) {
2205 log_error_errno(r, "Failed to take lock on loop device: %m");
2206 goto fail;
2207 }
2208
2209 log_info("Setting up loopback device %s completed.", loop->node ?: ip);
2210
2211 r = luks_format(loop->node,
2212 dm_name,
2213 luks_uuid,
2214 user_record_user_name_and_realm(h),
2215 cache,
2216 effective_passwords,
2217 user_record_luks_discard(h) || user_record_luks_offline_discard(h),
2218 h,
2219 &cd);
2220 if (r < 0)
2221 goto fail;
2222
2223 dm_activated = true;
2224
2225 r = block_get_size_by_path(dm_node, &encrypted_size);
2226 if (r < 0) {
2227 log_error_errno(r, "Failed to get encrypted block device size: %m");
2228 goto fail;
2229 }
2230
2231 log_info("Setting up LUKS device %s completed.", dm_node);
2232
2233 r = make_filesystem(dm_node, fstype, user_record_user_name_and_realm(h), fs_uuid, user_record_luks_discard(h));
2234 if (r < 0)
2235 goto fail;
2236
2237 log_info("Formatting file system completed.");
2238
2239 r = home_unshare_and_mount(dm_node, fstype, user_record_luks_discard(h), user_record_mount_flags(h));
2240 if (r < 0)
2241 goto fail;
2242
2243 mounted = true;
2244
2245 subdir = path_join("/run/systemd/user-home-mount/", user_record_user_name_and_realm(h));
2246 if (!subdir) {
2247 r = log_oom();
2248 goto fail;
2249 }
2250
2251 /* Prefer using a btrfs subvolume if we can, fall back to directory otherwise */
2252 r = btrfs_subvol_make_fallback(subdir, 0700);
2253 if (r < 0) {
2254 log_error_errno(r, "Failed to create user directory in mounted image file: %m");
2255 goto fail;
2256 }
2257
2258 root_fd = open(subdir, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW);
2259 if (root_fd < 0) {
2260 r = log_error_errno(errno, "Failed to open user directory in mounted image file: %m");
2261 goto fail;
2262 }
2263
2264 r = home_populate(h, root_fd);
2265 if (r < 0)
2266 goto fail;
2267
2268 r = home_sync_and_statfs(root_fd, &sfs);
2269 if (r < 0)
2270 goto fail;
2271
2272 r = user_record_clone(h, USER_RECORD_LOAD_MASK_SECRET|USER_RECORD_LOG|USER_RECORD_PERMISSIVE, &new_home);
2273 if (r < 0) {
2274 log_error_errno(r, "Failed to clone record: %m");
2275 goto fail;
2276 }
2277
2278 r = user_record_add_binding(
2279 new_home,
2280 USER_LUKS,
2281 disk_uuid_path ?: ip,
2282 partition_uuid,
2283 luks_uuid,
2284 fs_uuid,
2285 sym_crypt_get_cipher(cd),
2286 sym_crypt_get_cipher_mode(cd),
2287 luks_volume_key_size_convert(cd),
2288 fstype,
2289 NULL,
2290 h->uid,
2291 (gid_t) h->uid);
2292 if (r < 0) {
2293 log_error_errno(r, "Failed to add binding to record: %m");
2294 goto fail;
2295 }
2296
2297 if (user_record_luks_offline_discard(h)) {
2298 r = run_fitrim(root_fd);
2299 if (r < 0)
2300 goto fail;
2301 }
2302
2303 root_fd = safe_close(root_fd);
2304
2305 r = umount_verbose(LOG_ERR, "/run/systemd/user-home-mount", UMOUNT_NOFOLLOW);
2306 if (r < 0)
2307 goto fail;
2308
2309 mounted = false;
2310
2311 r = sym_crypt_deactivate_by_name(cd, dm_name, 0);
2312 if (r < 0) {
2313 log_error_errno(r, "Failed to deactivate LUKS device: %m");
2314 goto fail;
2315 }
2316
2317 sym_crypt_free(cd);
2318 cd = NULL;
2319
2320 dm_activated = false;
2321
2322 loop = loop_device_unref(loop);
2323
2324 if (!user_record_luks_offline_discard(h)) {
2325 r = run_fallocate(image_fd, NULL /* refresh stat() data */);
2326 if (r < 0)
2327 goto fail;
2328 }
2329
2330 /* Sync everything to disk before we move things into place under the final name. */
2331 if (fsync(image_fd) < 0) {
2332 r = log_error_errno(r, "Failed to synchronize image to disk: %m");
2333 goto fail;
2334 }
2335
2336 if (disk_uuid_path)
2337 (void) ioctl(image_fd, BLKRRPART, 0);
2338 else {
2339 /* If we operate on a file, sync the containing directory too. */
2340 r = fsync_directory_of_file(image_fd);
2341 if (r < 0) {
2342 log_error_errno(r, "Failed to synchronize directory of image file to disk: %m");
2343 goto fail;
2344 }
2345 }
2346
2347 /* Let's close the image fd now. If we are operating on a real block device this will release the BSD
2348 * lock that ensures udev doesn't interfere with what we are doing */
2349 image_fd = safe_close(image_fd);
2350
2351 if (temporary_image_path) {
2352 if (rename(temporary_image_path, ip) < 0) {
2353 log_error_errno(errno, "Failed to rename image file: %m");
2354 goto fail;
2355 }
2356
2357 log_info("Moved image file into place.");
2358 }
2359
2360 if (disk_uuid_path)
2361 (void) wait_for_devlink(disk_uuid_path);
2362
2363 log_info("Everything completed.");
2364
2365 print_size_summary(host_size, encrypted_size, &sfs);
2366
2367 *ret_home = TAKE_PTR(new_home);
2368 return 0;
2369
2370 fail:
2371 /* Let's close all files before we unmount the file system, to avoid EBUSY */
2372 root_fd = safe_close(root_fd);
2373
2374 if (mounted)
2375 (void) umount_verbose(LOG_WARNING, "/run/systemd/user-home-mount", UMOUNT_NOFOLLOW);
2376
2377 if (dm_activated)
2378 (void) sym_crypt_deactivate_by_name(cd, dm_name, 0);
2379
2380 loop = loop_device_unref(loop);
2381
2382 if (image_created)
2383 (void) unlink(temporary_image_path);
2384
2385 return r;
2386 }
2387
2388 int home_get_state_luks(UserRecord *h, HomeSetup *setup) {
2389 _cleanup_free_ char *dm_name = NULL, *dm_node = NULL;
2390 int r;
2391
2392 assert(h);
2393 assert(setup);
2394
2395 r = make_dm_names(h->user_name, &dm_name, &dm_node);
2396 if (r < 0)
2397 return r;
2398
2399 r = access(dm_node, F_OK);
2400 if (r < 0 && errno != ENOENT)
2401 return log_error_errno(errno, "Failed to determine whether %s exists: %m", dm_node);
2402
2403 free_and_replace(setup->dm_name, dm_name);
2404 free_and_replace(setup->dm_node, dm_node);
2405
2406 return r >= 0;
2407 }
2408
2409 enum {
2410 CAN_RESIZE_ONLINE,
2411 CAN_RESIZE_OFFLINE,
2412 };
2413
2414 static int can_resize_fs(int fd, uint64_t old_size, uint64_t new_size) {
2415 struct statfs sfs;
2416
2417 assert(fd >= 0);
2418
2419 /* Filter out bogus requests early */
2420 if (old_size == 0 || old_size == UINT64_MAX ||
2421 new_size == 0 || new_size == UINT64_MAX)
2422 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid resize parameters.");
2423
2424 if ((old_size & 511) != 0 || (new_size & 511) != 0)
2425 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Resize parameters not multiple of 512.");
2426
2427 if (fstatfs(fd, &sfs) < 0)
2428 return log_error_errno(errno, "Failed to fstatfs() file system: %m");
2429
2430 if (is_fs_type(&sfs, BTRFS_SUPER_MAGIC)) {
2431
2432 if (new_size < BTRFS_MINIMAL_SIZE)
2433 return log_error_errno(SYNTHETIC_ERRNO(ERANGE), "New file system size too small for btrfs (needs to be 256M at least.");
2434
2435 /* btrfs can grow and shrink online */
2436
2437 } else if (is_fs_type(&sfs, XFS_SB_MAGIC)) {
2438
2439 if (new_size < XFS_MINIMAL_SIZE)
2440 return log_error_errno(SYNTHETIC_ERRNO(ERANGE), "New file system size too small for xfs (needs to be 14M at least).");
2441
2442 /* XFS can grow, but not shrink */
2443 if (new_size < old_size)
2444 return log_error_errno(SYNTHETIC_ERRNO(EMSGSIZE), "Shrinking this type of file system is not supported.");
2445
2446 } else if (is_fs_type(&sfs, EXT4_SUPER_MAGIC)) {
2447
2448 if (new_size < EXT4_MINIMAL_SIZE)
2449 return log_error_errno(SYNTHETIC_ERRNO(ERANGE), "New file system size too small for ext4 (needs to be 1M at least).");
2450
2451 /* ext4 can grow online, and shrink offline */
2452 if (new_size < old_size)
2453 return CAN_RESIZE_OFFLINE;
2454
2455 } else
2456 return log_error_errno(SYNTHETIC_ERRNO(ESOCKTNOSUPPORT), "Resizing this type of file system is not supported.");
2457
2458 return CAN_RESIZE_ONLINE;
2459 }
2460
2461 static int ext4_offline_resize_fs(HomeSetup *setup, uint64_t new_size, bool discard, unsigned long flags) {
2462 _cleanup_free_ char *size_str = NULL;
2463 bool re_open = false, re_mount = false;
2464 pid_t resize_pid, fsck_pid;
2465 int r, exit_status;
2466
2467 assert(setup);
2468 assert(setup->dm_node);
2469
2470 /* First, unmount the file system */
2471 if (setup->root_fd >= 0) {
2472 setup->root_fd = safe_close(setup->root_fd);
2473 re_open = true;
2474 }
2475
2476 if (setup->undo_mount) {
2477 r = umount_verbose(LOG_ERR, "/run/systemd/user-home-mount", UMOUNT_NOFOLLOW);
2478 if (r < 0)
2479 return r;
2480
2481 setup->undo_mount = false;
2482 re_mount = true;
2483 }
2484
2485 log_info("Temporary unmounting of file system completed.");
2486
2487 /* resize2fs requires that the file system is force checked first, do so. */
2488 r = safe_fork("(e2fsck)",
2489 FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_STDOUT_TO_STDERR|FORK_CLOSE_ALL_FDS,
2490 &fsck_pid);
2491 if (r < 0)
2492 return r;
2493 if (r == 0) {
2494 /* Child */
2495 execlp("e2fsck" ,"e2fsck", "-fp", setup->dm_node, NULL);
2496 log_open();
2497 log_error_errno(errno, "Failed to execute e2fsck: %m");
2498 _exit(EXIT_FAILURE);
2499 }
2500
2501 exit_status = wait_for_terminate_and_check("e2fsck", fsck_pid, WAIT_LOG_ABNORMAL);
2502 if (exit_status < 0)
2503 return exit_status;
2504 if ((exit_status & ~FSCK_ERROR_CORRECTED) != 0) {
2505 log_warning("e2fsck failed with exit status %i.", exit_status);
2506
2507 if ((exit_status & (FSCK_SYSTEM_SHOULD_REBOOT|FSCK_ERRORS_LEFT_UNCORRECTED)) != 0)
2508 return log_error_errno(SYNTHETIC_ERRNO(EIO), "File system is corrupted, refusing.");
2509
2510 log_warning("Ignoring fsck error.");
2511 }
2512
2513 log_info("Forced file system check completed.");
2514
2515 /* We use 512 sectors here, because resize2fs doesn't do byte sizes */
2516 if (asprintf(&size_str, "%" PRIu64 "s", new_size / 512) < 0)
2517 return log_oom();
2518
2519 /* Resize the thing */
2520 r = safe_fork("(e2resize)",
2521 FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_WAIT|FORK_STDOUT_TO_STDERR|FORK_CLOSE_ALL_FDS,
2522 &resize_pid);
2523 if (r < 0)
2524 return r;
2525 if (r == 0) {
2526 /* Child */
2527 execlp("resize2fs" ,"resize2fs", setup->dm_node, size_str, NULL);
2528 log_open();
2529 log_error_errno(errno, "Failed to execute resize2fs: %m");
2530 _exit(EXIT_FAILURE);
2531 }
2532
2533 log_info("Offline file system resize completed.");
2534
2535 /* Re-establish mounts and reopen the directory */
2536 if (re_mount) {
2537 r = home_mount_node(setup->dm_node, "ext4", discard, flags);
2538 if (r < 0)
2539 return r;
2540
2541 setup->undo_mount = true;
2542 }
2543
2544 if (re_open) {
2545 setup->root_fd = open("/run/systemd/user-home-mount", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW);
2546 if (setup->root_fd < 0)
2547 return log_error_errno(errno, "Failed to reopen file system: %m");
2548 }
2549
2550 log_info("File system mounted again.");
2551
2552 return 0;
2553 }
2554
2555 static int prepare_resize_partition(
2556 int fd,
2557 uint64_t partition_offset,
2558 uint64_t old_partition_size,
2559 uint64_t new_partition_size,
2560 sd_id128_t *ret_disk_uuid,
2561 struct fdisk_table **ret_table) {
2562
2563 _cleanup_(fdisk_unref_contextp) struct fdisk_context *c = NULL;
2564 _cleanup_(fdisk_unref_tablep) struct fdisk_table *t = NULL;
2565 _cleanup_free_ char *path = NULL, *disk_uuid_as_string = NULL;
2566 size_t n_partitions;
2567 sd_id128_t disk_uuid;
2568 bool found = false;
2569 int r;
2570
2571 assert(fd >= 0);
2572 assert(ret_disk_uuid);
2573 assert(ret_table);
2574
2575 assert((partition_offset & 511) == 0);
2576 assert((old_partition_size & 511) == 0);
2577 assert((new_partition_size & 511) == 0);
2578 assert(UINT64_MAX - old_partition_size >= partition_offset);
2579 assert(UINT64_MAX - new_partition_size >= partition_offset);
2580
2581 if (partition_offset == 0) {
2582 /* If the offset is at the beginning we assume no partition table, let's exit early. */
2583 log_debug("Not rewriting partition table, operating on naked device.");
2584 *ret_disk_uuid = SD_ID128_NULL;
2585 *ret_table = NULL;
2586 return 0;
2587 }
2588
2589 c = fdisk_new_context();
2590 if (!c)
2591 return log_oom();
2592
2593 if (asprintf(&path, "/proc/self/fd/%i", fd) < 0)
2594 return log_oom();
2595
2596 r = fdisk_assign_device(c, path, 0);
2597 if (r < 0)
2598 return log_error_errno(r, "Failed to open device: %m");
2599
2600 if (!fdisk_is_labeltype(c, FDISK_DISKLABEL_GPT))
2601 return log_error_errno(SYNTHETIC_ERRNO(ENOMEDIUM), "Disk has no GPT partition table.");
2602
2603 r = fdisk_get_disklabel_id(c, &disk_uuid_as_string);
2604 if (r < 0)
2605 return log_error_errno(r, "Failed to acquire disk UUID: %m");
2606
2607 r = sd_id128_from_string(disk_uuid_as_string, &disk_uuid);
2608 if (r < 0)
2609 return log_error_errno(r, "Failed parse disk UUID: %m");
2610
2611 r = fdisk_get_partitions(c, &t);
2612 if (r < 0)
2613 return log_error_errno(r, "Failed to acquire partition table: %m");
2614
2615 n_partitions = fdisk_table_get_nents(t);
2616 for (size_t i = 0; i < n_partitions; i++) {
2617 struct fdisk_partition *p;
2618
2619 p = fdisk_table_get_partition(t, i);
2620 if (!p)
2621 return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to read partition metadata: %m");
2622
2623 if (fdisk_partition_is_used(p) <= 0)
2624 continue;
2625 if (fdisk_partition_has_start(p) <= 0 || fdisk_partition_has_size(p) <= 0 || fdisk_partition_has_end(p) <= 0)
2626 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Found partition without a size.");
2627
2628 if (fdisk_partition_get_start(p) == partition_offset / 512U &&
2629 fdisk_partition_get_size(p) == old_partition_size / 512U) {
2630
2631 if (found)
2632 return log_error_errno(SYNTHETIC_ERRNO(ENOTUNIQ), "Partition found twice, refusing.");
2633
2634 /* Found our partition, now patch it */
2635 r = fdisk_partition_size_explicit(p, 1);
2636 if (r < 0)
2637 return log_error_errno(r, "Failed to enable explicit partition size: %m");
2638
2639 r = fdisk_partition_set_size(p, new_partition_size / 512U);
2640 if (r < 0)
2641 return log_error_errno(r, "Failed to change partition size: %m");
2642
2643 found = true;
2644 continue;
2645
2646 } else {
2647 if (fdisk_partition_get_start(p) < partition_offset + new_partition_size / 512U &&
2648 fdisk_partition_get_end(p) >= partition_offset / 512)
2649 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Can't extend, conflicting partition found.");
2650 }
2651 }
2652
2653 if (!found)
2654 return log_error_errno(SYNTHETIC_ERRNO(ENOPKG), "Failed to find matching partition to resize.");
2655
2656 *ret_table = TAKE_PTR(t);
2657 *ret_disk_uuid = disk_uuid;
2658
2659 return 1;
2660 }
2661
2662 static int ask_cb(struct fdisk_context *c, struct fdisk_ask *ask, void *userdata) {
2663 char *result;
2664
2665 assert(c);
2666
2667 switch (fdisk_ask_get_type(ask)) {
2668
2669 case FDISK_ASKTYPE_STRING:
2670 result = new(char, 37);
2671 if (!result)
2672 return log_oom();
2673
2674 fdisk_ask_string_set_result(ask, id128_to_uuid_string(*(sd_id128_t*) userdata, result));
2675 break;
2676
2677 default:
2678 log_debug("Unexpected question from libfdisk, ignoring.");
2679 }
2680
2681 return 0;
2682 }
2683
2684 static int apply_resize_partition(int fd, sd_id128_t disk_uuids, struct fdisk_table *t) {
2685 _cleanup_(fdisk_unref_contextp) struct fdisk_context *c = NULL;
2686 _cleanup_free_ void *two_zero_lbas = NULL;
2687 _cleanup_free_ char *path = NULL;
2688 ssize_t n;
2689 int r;
2690
2691 assert(fd >= 0);
2692
2693 if (!t) /* no partition table to apply, exit early */
2694 return 0;
2695
2696 two_zero_lbas = malloc0(1024U);
2697 if (!two_zero_lbas)
2698 return log_oom();
2699
2700 /* libfdisk appears to get confused by the existing PMBR. Let's explicitly flush it out. */
2701 n = pwrite(fd, two_zero_lbas, 1024U, 0);
2702 if (n < 0)
2703 return log_error_errno(errno, "Failed to wipe partition table: %m");
2704 if (n != 1024)
2705 return log_error_errno(SYNTHETIC_ERRNO(EIO), "Short write while wiping partition table.");
2706
2707 c = fdisk_new_context();
2708 if (!c)
2709 return log_oom();
2710
2711 if (asprintf(&path, "/proc/self/fd/%i", fd) < 0)
2712 return log_oom();
2713
2714 r = fdisk_assign_device(c, path, 0);
2715 if (r < 0)
2716 return log_error_errno(r, "Failed to open device: %m");
2717
2718 r = fdisk_create_disklabel(c, "gpt");
2719 if (r < 0)
2720 return log_error_errno(r, "Failed to create GPT disk label: %m");
2721
2722 r = fdisk_apply_table(c, t);
2723 if (r < 0)
2724 return log_error_errno(r, "Failed to apply partition table: %m");
2725
2726 r = fdisk_set_ask(c, ask_cb, &disk_uuids);
2727 if (r < 0)
2728 return log_error_errno(r, "Failed to set libfdisk query function: %m");
2729
2730 r = fdisk_set_disklabel_id(c);
2731 if (r < 0)
2732 return log_error_errno(r, "Failed to change disklabel ID: %m");
2733
2734 r = fdisk_write_disklabel(c);
2735 if (r < 0)
2736 return log_error_errno(r, "Failed to write disk label: %m");
2737
2738 return 1;
2739 }
2740
2741 int home_resize_luks(
2742 UserRecord *h,
2743 HomeSetupFlags flags,
2744 PasswordCache *cache,
2745 HomeSetup *setup,
2746 UserRecord **ret_home) {
2747
2748 uint64_t old_image_size, new_image_size, old_fs_size, new_fs_size, crypto_offset, new_partition_size;
2749 _cleanup_(user_record_unrefp) UserRecord *header_home = NULL, *embedded_home = NULL, *new_home = NULL;
2750 _cleanup_(fdisk_unref_tablep) struct fdisk_table *table = NULL;
2751 _cleanup_close_ int opened_image_fd = -1;
2752 _cleanup_free_ char *whole_disk = NULL;
2753 int r, resize_type, image_fd = -1;
2754 sd_id128_t disk_uuid;
2755 const char *ip, *ipo;
2756 struct statfs sfs;
2757 struct stat st;
2758
2759 assert(h);
2760 assert(user_record_storage(h) == USER_LUKS);
2761 assert(setup);
2762 assert(ret_home);
2763
2764 r = dlopen_cryptsetup();
2765 if (r < 0)
2766 return r;
2767
2768 assert_se(ipo = user_record_image_path(h));
2769 ip = strdupa_safe(ipo); /* copy out since original might change later in home record object */
2770
2771 if (setup->image_fd < 0) {
2772 setup->image_fd = open_image_file(h, NULL, &st);
2773 if (setup->image_fd < 0)
2774 return setup->image_fd;
2775 } else {
2776 if (fstat(setup->image_fd, &st) < 0)
2777 return log_error_errno(errno, "Failed to stat image file %s: %m", ip);
2778 }
2779
2780 image_fd = setup->image_fd;
2781
2782 if (S_ISBLK(st.st_mode)) {
2783 dev_t parent;
2784
2785 r = block_get_whole_disk(st.st_rdev, &parent);
2786 if (r < 0)
2787 return log_error_errno(r, "Failed to acquire whole block device for %s: %m", ip);
2788 if (r > 0) {
2789 /* If we shall resize a file system on a partition device, then let's figure out the
2790 * whole disk device and operate on that instead, since we need to rewrite the
2791 * partition table to resize the partition. */
2792
2793 log_info("Operating on partition device %s, using parent device.", ip);
2794
2795 r = device_path_make_major_minor(st.st_mode, parent, &whole_disk);
2796 if (r < 0)
2797 return log_error_errno(r, "Failed to derive whole disk path for %s: %m", ip);
2798
2799 opened_image_fd = open(whole_disk, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
2800 if (opened_image_fd < 0)
2801 return log_error_errno(errno, "Failed to open whole block device %s: %m", whole_disk);
2802
2803 image_fd = opened_image_fd;
2804
2805 if (fstat(image_fd, &st) < 0)
2806 return log_error_errno(errno, "Failed to stat whole block device %s: %m", whole_disk);
2807 if (!S_ISBLK(st.st_mode))
2808 return log_error_errno(SYNTHETIC_ERRNO(ENOTBLK), "Whole block device %s is not actually a block device, refusing.", whole_disk);
2809 } else
2810 log_info("Operating on whole block device %s.", ip);
2811
2812 if (ioctl(image_fd, BLKGETSIZE64, &old_image_size) < 0)
2813 return log_error_errno(errno, "Failed to determine size of original block device: %m");
2814
2815 if (flock(image_fd, LOCK_EX) < 0) /* make sure udev doesn't read from it while we operate on the device */
2816 return log_error_errno(errno, "Failed to lock block device %s: %m", ip);
2817
2818 new_image_size = old_image_size; /* we can't resize physical block devices */
2819 } else {
2820 uint64_t new_image_size_rounded;
2821
2822 r = stat_verify_regular(&st);
2823 if (r < 0)
2824 return log_error_errno(r, "Image %s is not a block device nor regular file: %m", ip);
2825
2826 old_image_size = st.st_size;
2827
2828 /* Note an asymetry here: when we operate on loopback files the specified disk size we get we
2829 * apply onto the loopback file as a whole. When we operate on block devices we instead apply
2830 * to the partition itself only. */
2831
2832 new_image_size_rounded = DISK_SIZE_ROUND_DOWN(h->disk_size);
2833
2834 if (old_image_size == h->disk_size ||
2835 old_image_size == new_image_size_rounded) {
2836 /* If exact match, or a match after we rounded down, don't do a thing */
2837 log_info("Image size already matching, skipping operation.");
2838 return 0;
2839 }
2840
2841 new_image_size = new_image_size_rounded;
2842 }
2843
2844 r = home_setup_luks(h, flags, whole_disk, cache, setup, &header_home);
2845 if (r < 0)
2846 return r;
2847
2848 r = home_load_embedded_identity(h, setup->root_fd, header_home, USER_RECONCILE_REQUIRE_NEWER_OR_EQUAL, cache, &embedded_home, &new_home);
2849 if (r < 0)
2850 return r;
2851
2852 log_info("offset = %" PRIu64 ", size = %" PRIu64 ", image = %" PRIu64, setup->partition_offset, setup->partition_size, old_image_size);
2853
2854 if ((UINT64_MAX - setup->partition_offset) < setup->partition_size ||
2855 setup->partition_offset + setup->partition_size > old_image_size)
2856 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Old partition doesn't fit in backing storage, refusing.");
2857
2858 if (S_ISREG(st.st_mode)) {
2859 uint64_t partition_table_extra;
2860
2861 partition_table_extra = old_image_size - setup->partition_size;
2862 if (new_image_size <= partition_table_extra)
2863 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "New size smaller than partition table metadata.");
2864
2865 new_partition_size = DISK_SIZE_ROUND_DOWN(new_image_size - partition_table_extra);
2866 } else {
2867 uint64_t new_partition_size_rounded;
2868
2869 assert(S_ISBLK(st.st_mode));
2870
2871 new_partition_size_rounded = DISK_SIZE_ROUND_DOWN(h->disk_size);
2872
2873 if (h->disk_size == setup->partition_size ||
2874 new_partition_size_rounded == setup->partition_size) {
2875 log_info("Partition size already matching, skipping operation.");
2876 return 0;
2877 }
2878
2879 new_partition_size = new_partition_size_rounded;
2880 }
2881
2882 if ((UINT64_MAX - setup->partition_offset) < new_partition_size ||
2883 setup->partition_offset + new_partition_size > new_image_size)
2884 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "New partition doesn't fit into backing storage, refusing.");
2885
2886 crypto_offset = sym_crypt_get_data_offset(setup->crypt_device);
2887 if (setup->partition_size / 512U <= crypto_offset)
2888 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Weird, old crypto payload offset doesn't actually fit in partition size?");
2889 if (new_partition_size / 512U <= crypto_offset)
2890 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "New size smaller than crypto payload offset?");
2891
2892 old_fs_size = (setup->partition_size / 512U - crypto_offset) * 512U;
2893 new_fs_size = DISK_SIZE_ROUND_DOWN((new_partition_size / 512U - crypto_offset) * 512U);
2894
2895 /* Before we start doing anything, let's figure out if we actually can */
2896 resize_type = can_resize_fs(setup->root_fd, old_fs_size, new_fs_size);
2897 if (resize_type < 0)
2898 return resize_type;
2899 if (resize_type == CAN_RESIZE_OFFLINE && FLAGS_SET(flags, HOME_SETUP_ALREADY_ACTIVATED))
2900 return log_error_errno(SYNTHETIC_ERRNO(ETXTBSY), "File systems of this type can only be resized offline, but is currently online.");
2901
2902 log_info("Ready to resize image size %s → %s, partition size %s → %s, file system size %s → %s.",
2903 FORMAT_BYTES(old_image_size),
2904 FORMAT_BYTES(new_image_size),
2905 FORMAT_BYTES(setup->partition_size),
2906 FORMAT_BYTES(new_partition_size),
2907 FORMAT_BYTES(old_fs_size),
2908 FORMAT_BYTES(new_fs_size));
2909
2910 r = prepare_resize_partition(
2911 image_fd,
2912 setup->partition_offset,
2913 setup->partition_size,
2914 new_partition_size,
2915 &disk_uuid,
2916 &table);
2917 if (r < 0)
2918 return r;
2919
2920 if (new_fs_size > old_fs_size) {
2921
2922 if (S_ISREG(st.st_mode)) {
2923 /* Grow file size */
2924 r = home_truncate(h, image_fd, ip, new_image_size);
2925 if (r < 0)
2926 return r;
2927
2928 log_info("Growing of image file completed.");
2929 }
2930
2931 /* Make sure loopback device sees the new bigger size */
2932 r = loop_device_refresh_size(setup->loop, UINT64_MAX, new_partition_size);
2933 if (r == -ENOTTY)
2934 log_debug_errno(r, "Device is not a loopback device, not refreshing size.");
2935 else if (r < 0)
2936 return log_error_errno(r, "Failed to refresh loopback device size: %m");
2937 else
2938 log_info("Refreshing loop device size completed.");
2939
2940 r = apply_resize_partition(image_fd, disk_uuid, table);
2941 if (r < 0)
2942 return r;
2943 if (r > 0)
2944 log_info("Growing of partition completed.");
2945
2946 if (S_ISBLK(st.st_mode) && ioctl(image_fd, BLKRRPART, 0) < 0)
2947 log_debug_errno(errno, "BLKRRPART failed on block device, ignoring: %m");
2948
2949 /* Tell LUKS about the new bigger size too */
2950 r = sym_crypt_resize(setup->crypt_device, setup->dm_name, new_fs_size / 512U);
2951 if (r < 0)
2952 return log_error_errno(r, "Failed to grow LUKS device: %m");
2953
2954 log_info("LUKS device growing completed.");
2955 } else {
2956 r = home_store_embedded_identity(new_home, setup->root_fd, h->uid, embedded_home);
2957 if (r < 0)
2958 return r;
2959
2960 if (S_ISREG(st.st_mode)) {
2961 if (user_record_luks_discard(h))
2962 /* Before we shrink, let's trim the file system, so that we need less space on disk during the shrinking */
2963 (void) run_fitrim(setup->root_fd);
2964 else {
2965 /* If discard is off, let's ensure all backing blocks are allocated, so that our resize operation doesn't fail half-way */
2966 r = run_fallocate(image_fd, &st);
2967 if (r < 0)
2968 return r;
2969 }
2970 }
2971 }
2972
2973 /* Now resize the file system */
2974 if (resize_type == CAN_RESIZE_ONLINE) {
2975 r = resize_fs(setup->root_fd, new_fs_size, NULL);
2976 if (r < 0)
2977 return log_error_errno(r, "Failed to resize file system: %m");
2978 } else {
2979 r = ext4_offline_resize_fs(setup, new_fs_size, user_record_luks_discard(h), user_record_mount_flags(h));
2980 if (r < 0)
2981 return r;
2982 }
2983
2984 log_info("File system resizing completed.");
2985
2986 /* Immediately sync afterwards */
2987 r = home_sync_and_statfs(setup->root_fd, NULL);
2988 if (r < 0)
2989 return r;
2990
2991 if (new_fs_size < old_fs_size) {
2992
2993 /* Shrink the LUKS device now, matching the new file system size */
2994 r = sym_crypt_resize(setup->crypt_device, setup->dm_name, new_fs_size / 512);
2995 if (r < 0)
2996 return log_error_errno(r, "Failed to shrink LUKS device: %m");
2997
2998 log_info("LUKS device shrinking completed.");
2999
3000 if (S_ISREG(st.st_mode)) {
3001 /* Shrink the image file */
3002 if (ftruncate(image_fd, new_image_size) < 0)
3003 return log_error_errno(errno, "Failed to shrink image file %s: %m", ip);
3004
3005 log_info("Shrinking of image file completed.");
3006 }
3007
3008 /* Refresh the loop devices size */
3009 r = loop_device_refresh_size(setup->loop, UINT64_MAX, new_partition_size);
3010 if (r == -ENOTTY)
3011 log_debug_errno(r, "Device is not a loopback device, not refreshing size.");
3012 else if (r < 0)
3013 return log_error_errno(r, "Failed to refresh loopback device size: %m");
3014 else
3015 log_info("Refreshing loop device size completed.");
3016
3017 r = apply_resize_partition(image_fd, disk_uuid, table);
3018 if (r < 0)
3019 return r;
3020 if (r > 0)
3021 log_info("Shrinking of partition completed.");
3022
3023 if (S_ISBLK(st.st_mode) && ioctl(image_fd, BLKRRPART, 0) < 0)
3024 log_debug_errno(errno, "BLKRRPART failed on block device, ignoring: %m");
3025 } else {
3026 r = home_store_embedded_identity(new_home, setup->root_fd, h->uid, embedded_home);
3027 if (r < 0)
3028 return r;
3029 }
3030
3031 r = home_store_header_identity_luks(new_home, setup, header_home);
3032 if (r < 0)
3033 return r;
3034
3035 r = home_extend_embedded_identity(new_home, h, setup);
3036 if (r < 0)
3037 return r;
3038
3039 if (user_record_luks_discard(h))
3040 (void) run_fitrim(setup->root_fd);
3041
3042 r = home_sync_and_statfs(setup->root_fd, &sfs);
3043 if (r < 0)
3044 return r;
3045
3046 r = home_setup_done(setup);
3047 if (r < 0)
3048 return r;
3049
3050 log_info("Everything completed.");
3051
3052 print_size_summary(new_image_size, new_fs_size, &sfs);
3053
3054 *ret_home = TAKE_PTR(new_home);
3055 return 0;
3056 }
3057
3058 int home_passwd_luks(
3059 UserRecord *h,
3060 HomeSetup *setup,
3061 const PasswordCache *cache, /* the passwords acquired via PKCS#11/FIDO2 security tokens */
3062 char **effective_passwords /* new passwords */) {
3063
3064 size_t volume_key_size, max_key_slots, n_effective;
3065 _cleanup_(erase_and_freep) void *volume_key = NULL;
3066 struct crypt_pbkdf_type good_pbkdf, minimal_pbkdf;
3067 const char *type;
3068 char **list;
3069 int r;
3070
3071 assert(h);
3072 assert(user_record_storage(h) == USER_LUKS);
3073 assert(setup);
3074
3075 r = dlopen_cryptsetup();
3076 if (r < 0)
3077 return r;
3078
3079 type = sym_crypt_get_type(setup->crypt_device);
3080 if (!type)
3081 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to determine crypto device type.");
3082
3083 r = sym_crypt_keyslot_max(type);
3084 if (r <= 0)
3085 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to determine number of key slots.");
3086 max_key_slots = r;
3087
3088 r = sym_crypt_get_volume_key_size(setup->crypt_device);
3089 if (r <= 0)
3090 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to determine volume key size.");
3091 volume_key_size = (size_t) r;
3092
3093 volume_key = malloc(volume_key_size);
3094 if (!volume_key)
3095 return log_oom();
3096
3097 r = -ENOKEY;
3098 FOREACH_POINTER(list,
3099 cache ? cache->pkcs11_passwords : NULL,
3100 cache ? cache->fido2_passwords : NULL,
3101 h->password) {
3102
3103 r = luks_try_passwords(setup->crypt_device, list, volume_key, &volume_key_size);
3104 if (r != -ENOKEY)
3105 break;
3106 }
3107 if (r == -ENOKEY)
3108 return log_error_errno(SYNTHETIC_ERRNO(ENOKEY), "Failed to unlock LUKS superblock with supplied passwords.");
3109 if (r < 0)
3110 return log_error_errno(r, "Failed to unlocks LUKS superblock: %m");
3111
3112 n_effective = strv_length(effective_passwords);
3113
3114 build_good_pbkdf(&good_pbkdf, h);
3115 build_minimal_pbkdf(&minimal_pbkdf, h);
3116
3117 for (size_t i = 0; i < max_key_slots; i++) {
3118 r = sym_crypt_keyslot_destroy(setup->crypt_device, i);
3119 if (r < 0 && !IN_SET(r, -ENOENT, -EINVAL)) /* Returns EINVAL or ENOENT if there's no key in this slot already */
3120 return log_error_errno(r, "Failed to destroy LUKS password: %m");
3121
3122 if (i >= n_effective) {
3123 if (r >= 0)
3124 log_info("Destroyed LUKS key slot %zu.", i);
3125 continue;
3126 }
3127
3128 if (password_cache_contains(cache, effective_passwords[i])) { /* Is this a FIDO2 or PKCS#11 password? */
3129 log_debug("Using minimal PBKDF for slot %zu", i);
3130 r = sym_crypt_set_pbkdf_type(setup->crypt_device, &minimal_pbkdf);
3131 } else {
3132 log_debug("Using good PBKDF for slot %zu", i);
3133 r = sym_crypt_set_pbkdf_type(setup->crypt_device, &good_pbkdf);
3134 }
3135 if (r < 0)
3136 return log_error_errno(r, "Failed to tweak PBKDF for slot %zu: %m", i);
3137
3138 r = sym_crypt_keyslot_add_by_volume_key(
3139 setup->crypt_device,
3140 i,
3141 volume_key,
3142 volume_key_size,
3143 effective_passwords[i],
3144 strlen(effective_passwords[i]));
3145 if (r < 0)
3146 return log_error_errno(r, "Failed to set up LUKS password: %m");
3147
3148 log_info("Updated LUKS key slot %zu.", i);
3149 }
3150
3151 return 1;
3152 }
3153
3154 int home_lock_luks(UserRecord *h) {
3155 _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
3156 _cleanup_free_ char *dm_name = NULL, *dm_node = NULL;
3157 _cleanup_close_ int root_fd = -1;
3158 const char *p;
3159 int r;
3160
3161 assert(h);
3162
3163 assert_se(p = user_record_home_directory(h));
3164 root_fd = open(p, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW);
3165 if (root_fd < 0)
3166 return log_error_errno(errno, "Failed to open home directory: %m");
3167
3168 r = make_dm_names(h->user_name, &dm_name, &dm_node);
3169 if (r < 0)
3170 return r;
3171
3172 r = dlopen_cryptsetup();
3173 if (r < 0)
3174 return r;
3175
3176 r = sym_crypt_init_by_name(&cd, dm_name);
3177 if (r < 0)
3178 return log_error_errno(r, "Failed to initialize cryptsetup context for %s: %m", dm_name);
3179
3180 log_info("Discovered used LUKS device %s.", dm_node);
3181 cryptsetup_enable_logging(cd);
3182
3183 if (syncfs(root_fd) < 0) /* Snake oil, but let's better be safe than sorry */
3184 return log_error_errno(errno, "Failed to synchronize file system %s: %m", p);
3185
3186 root_fd = safe_close(root_fd);
3187
3188 log_info("File system synchronized.");
3189
3190 /* Note that we don't invoke FIFREEZE here, it appears libcryptsetup/device-mapper already does that on its own for us */
3191
3192 r = sym_crypt_suspend(cd, dm_name);
3193 if (r < 0)
3194 return log_error_errno(r, "Failed to suspend cryptsetup device: %s: %m", dm_node);
3195
3196 log_info("LUKS device suspended.");
3197 return 0;
3198 }
3199
3200 static int luks_try_resume(
3201 struct crypt_device *cd,
3202 const char *dm_name,
3203 char **password) {
3204
3205 char **pp;
3206 int r;
3207
3208 assert(cd);
3209 assert(dm_name);
3210
3211 STRV_FOREACH(pp, password) {
3212 r = sym_crypt_resume_by_passphrase(
3213 cd,
3214 dm_name,
3215 CRYPT_ANY_SLOT,
3216 *pp,
3217 strlen(*pp));
3218 if (r >= 0) {
3219 log_info("Resumed LUKS device %s.", dm_name);
3220 return 0;
3221 }
3222
3223 log_debug_errno(r, "Password %zu didn't work for resuming device: %m", (size_t) (pp - password));
3224 }
3225
3226 return -ENOKEY;
3227 }
3228
3229 int home_unlock_luks(UserRecord *h, const PasswordCache *cache) {
3230 _cleanup_free_ char *dm_name = NULL, *dm_node = NULL;
3231 _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL;
3232 char **list;
3233 int r;
3234
3235 assert(h);
3236
3237 r = make_dm_names(h->user_name, &dm_name, &dm_node);
3238 if (r < 0)
3239 return r;
3240
3241 r = dlopen_cryptsetup();
3242 if (r < 0)
3243 return r;
3244
3245 r = sym_crypt_init_by_name(&cd, dm_name);
3246 if (r < 0)
3247 return log_error_errno(r, "Failed to initialize cryptsetup context for %s: %m", dm_name);
3248
3249 log_info("Discovered used LUKS device %s.", dm_node);
3250 cryptsetup_enable_logging(cd);
3251
3252 r = -ENOKEY;
3253 FOREACH_POINTER(list,
3254 cache ? cache->pkcs11_passwords : NULL,
3255 cache ? cache->fido2_passwords : NULL,
3256 h->password) {
3257 r = luks_try_resume(cd, dm_name, list);
3258 if (r != -ENOKEY)
3259 break;
3260 }
3261 if (r == -ENOKEY)
3262 return log_error_errno(r, "No valid password for LUKS superblock.");
3263 if (r < 0)
3264 return log_error_errno(r, "Failed to resume LUKS superblock: %m");
3265
3266 log_info("LUKS device resumed.");
3267 return 0;
3268 }
Unnamed repository; edit this file 'description' to name the repository.