1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
4 #include <linux/loop.h>
11 #if HAVE_VALGRIND_MEMCHECK_H
12 #include <valgrind/memcheck.h>
15 #include "sd-daemon.h"
17 #include "blkid-util.h"
18 #include "blockdev-util.h"
19 #include "btrfs-util.h"
20 #include "chattr-util.h"
23 #include "errno-util.h"
27 #include "fsck-util.h"
28 #include "home-util.h"
29 #include "homework-luks.h"
30 #include "homework-mount.h"
31 #include "id128-util.h"
33 #include "memory-util.h"
34 #include "missing_magic.h"
36 #include "mkfs-util.h"
37 #include "mount-util.h"
38 #include "openssl-util.h"
39 #include "parse-util.h"
40 #include "path-util.h"
41 #include "process-util.h"
42 #include "random-util.h"
43 #include "resize-fs.h"
44 #include "stat-util.h"
46 #include "sync-util.h"
47 #include "tmpfile-util.h"
49 /* Round down to the nearest 4K size. Given that newer hardware generally prefers 4K sectors, let's align our
50 * partitions to that too. In the worst case we'll waste 3.5K per partition that way, but I think I can live
52 #define DISK_SIZE_ROUND_DOWN(x) ((x) & ~UINT64_C(4095))
54 /* Rounds up to the nearest 4K boundary. Returns UINT64_MAX on overflow */
55 #define DISK_SIZE_ROUND_UP(x) \
58 _x > UINT64_MAX - 4095U ? UINT64_MAX : (_x + 4095U) & ~UINT64_C(4095); \
62 int run_mark_dirty(int fd
, bool b
) {
66 /* Sets or removes the 'user.home-dirty' xattr on the specified file. We use this to detect when a
67 * home directory was not properly unmounted. */
71 r
= fd_verify_regular(fd
);
76 ret
= fsetxattr(fd
, "user.home-dirty", &x
, 1, XATTR_CREATE
);
77 if (ret
< 0 && errno
!= EEXIST
)
78 return log_debug_errno(errno
, "Could not mark home directory as dirty: %m");
83 return log_debug_errno(r
, "Failed to synchronize image before marking it clean: %m");
85 ret
= fremovexattr(fd
, "user.home-dirty");
86 if (ret
< 0 && errno
!= ENODATA
)
87 return log_debug_errno(errno
, "Could not mark home directory as clean: %m");
92 return log_debug_errno(r
, "Failed to synchronize dirty flag to disk: %m");
97 int run_mark_dirty_by_path(const char *path
, bool b
) {
98 _cleanup_close_
int fd
= -1;
102 fd
= open(path
, O_RDWR
|O_CLOEXEC
|O_NOCTTY
);
104 return log_debug_errno(errno
, "Failed to open %s to mark dirty or clean: %m", path
);
106 return run_mark_dirty(fd
, b
);
109 static int probe_file_system_by_fd(
112 sd_id128_t
*ret_uuid
) {
114 _cleanup_(blkid_free_probep
) blkid_probe b
= NULL
;
115 _cleanup_free_
char *s
= NULL
;
116 const char *fstype
= NULL
, *uuid
= NULL
;
124 b
= blkid_new_probe();
129 r
= blkid_probe_set_device(b
, fd
, 0, 0);
131 return errno
> 0 ? -errno
: -ENOMEM
;
133 (void) blkid_probe_enable_superblocks(b
, 1);
134 (void) blkid_probe_set_superblocks_flags(b
, BLKID_SUBLKS_TYPE
|BLKID_SUBLKS_UUID
);
137 r
= blkid_do_safeprobe(b
);
138 if (IN_SET(r
, -2, 1)) /* nothing found or ambiguous result */
141 return errno
> 0 ? -errno
: -EIO
;
143 (void) blkid_probe_lookup_value(b
, "TYPE", &fstype
, NULL
);
147 (void) blkid_probe_lookup_value(b
, "UUID", &uuid
, NULL
);
151 r
= sd_id128_from_string(uuid
, &id
);
159 *ret_fstype
= TAKE_PTR(s
);
165 static int probe_file_system_by_path(const char *path
, char **ret_fstype
, sd_id128_t
*ret_uuid
) {
166 _cleanup_close_
int fd
= -1;
168 fd
= open(path
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
);
172 return probe_file_system_by_fd(fd
, ret_fstype
, ret_uuid
);
175 static int block_get_size_by_fd(int fd
, uint64_t *ret
) {
181 if (fstat(fd
, &st
) < 0)
184 if (!S_ISBLK(st
.st_mode
))
187 if (ioctl(fd
, BLKGETSIZE64
, ret
) < 0)
193 static int block_get_size_by_path(const char *path
, uint64_t *ret
) {
194 _cleanup_close_
int fd
= -1;
196 fd
= open(path
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
);
200 return block_get_size_by_fd(fd
, ret
);
203 static int run_fsck(const char *node
, const char *fstype
) {
210 r
= fsck_exists(fstype
);
212 return log_error_errno(r
, "Failed to check if fsck for file system %s exists: %m", fstype
);
214 log_warning("No fsck for file system %s installed, ignoring.", fstype
);
218 r
= safe_fork("(fsck)",
219 FORK_RESET_SIGNALS
|FORK_RLIMIT_NOFILE_SAFE
|FORK_DEATHSIG
|FORK_LOG
|FORK_STDOUT_TO_STDERR
|FORK_CLOSE_ALL_FDS
,
225 execl("/sbin/fsck", "/sbin/fsck", "-aTl", node
, NULL
);
227 log_error_errno(errno
, "Failed to execute fsck: %m");
228 _exit(FSCK_OPERATIONAL_ERROR
);
231 exit_status
= wait_for_terminate_and_check("fsck", fsck_pid
, WAIT_LOG_ABNORMAL
);
234 if ((exit_status
& ~FSCK_ERROR_CORRECTED
) != 0) {
235 log_warning("fsck failed with exit status %i.", exit_status
);
237 if ((exit_status
& (FSCK_SYSTEM_SHOULD_REBOOT
|FSCK_ERRORS_LEFT_UNCORRECTED
)) != 0)
238 return log_error_errno(SYNTHETIC_ERRNO(EIO
), "File system is corrupted, refusing.");
240 log_warning("Ignoring fsck error.");
243 log_info("File system check completed.");
248 static int luks_try_passwords(
249 struct crypt_device
*cd
,
252 size_t *volume_key_size
) {
259 STRV_FOREACH(pp
, passwords
) {
260 size_t vks
= *volume_key_size
;
262 r
= sym_crypt_volume_key_get(
270 *volume_key_size
= vks
;
274 log_debug_errno(r
, "Password %zu didn't work for unlocking LUKS superblock: %m", (size_t) (pp
- passwords
));
280 static int luks_setup(
285 const char *cipher_mode
,
286 uint64_t volume_key_size
,
288 const PasswordCache
*cache
,
290 struct crypt_device
**ret
,
291 sd_id128_t
*ret_found_uuid
,
292 void **ret_volume_key
,
293 size_t *ret_volume_key_size
) {
295 _cleanup_(sym_crypt_freep
) struct crypt_device
*cd
= NULL
;
296 _cleanup_(erase_and_freep
) void *vk
= NULL
;
306 r
= sym_crypt_init(&cd
, node
);
308 return log_error_errno(r
, "Failed to allocate libcryptsetup context: %m");
310 cryptsetup_enable_logging(cd
);
312 r
= sym_crypt_load(cd
, CRYPT_LUKS2
, NULL
);
314 return log_error_errno(r
, "Failed to load LUKS superblock: %m");
316 r
= sym_crypt_get_volume_key_size(cd
);
318 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to determine LUKS volume key size");
321 if (!sd_id128_is_null(uuid
) || ret_found_uuid
) {
324 s
= sym_crypt_get_uuid(cd
);
326 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE
), "LUKS superblock has no UUID.");
328 r
= sd_id128_from_string(s
, &p
);
330 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE
), "LUKS superblock has invalid UUID.");
332 /* Check that the UUID matches, if specified */
333 if (!sd_id128_is_null(uuid
) &&
334 !sd_id128_equal(uuid
, p
))
335 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE
), "LUKS superblock has wrong UUID.");
338 if (cipher
&& !streq_ptr(cipher
, sym_crypt_get_cipher(cd
)))
339 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE
), "LUKS superblock declares wrong cipher.");
341 if (cipher_mode
&& !streq_ptr(cipher_mode
, sym_crypt_get_cipher_mode(cd
)))
342 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE
), "LUKS superblock declares wrong cipher mode.");
344 if (volume_key_size
!= UINT64_MAX
&& vks
!= volume_key_size
)
345 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE
), "LUKS superblock declares wrong volume key size.");
352 FOREACH_POINTER(list
,
353 cache
? cache
->pkcs11_passwords
: NULL
,
354 cache
? cache
->fido2_passwords
: NULL
,
356 r
= luks_try_passwords(cd
, list
, vk
, &vks
);
361 return log_error_errno(r
, "No valid password for LUKS superblock.");
363 return log_error_errno(r
, "Failed to unlocks LUKS superblock: %m");
365 r
= sym_crypt_activate_by_volume_key(
369 discard
? CRYPT_ACTIVATE_ALLOW_DISCARDS
: 0);
371 return log_error_errno(r
, "Failed to unlock LUKS superblock: %m");
373 log_info("Setting up LUKS device /dev/mapper/%s completed.", dm_name
);
377 if (ret_found_uuid
) /* Return the UUID actually found if the caller wants to know */
380 *ret_volume_key
= TAKE_PTR(vk
);
381 if (ret_volume_key_size
)
382 *ret_volume_key_size
= vks
;
387 static int luks_open(
390 const PasswordCache
*cache
,
391 struct crypt_device
**ret
,
392 sd_id128_t
*ret_found_uuid
,
393 void **ret_volume_key
,
394 size_t *ret_volume_key_size
) {
396 _cleanup_(sym_crypt_freep
) struct crypt_device
*cd
= NULL
;
397 _cleanup_(erase_and_freep
) void *vk
= NULL
;
406 /* Opens a LUKS device that is already set up. Re-validates the password while doing so (which also
407 * provides us with the volume key, which we want). */
409 r
= sym_crypt_init_by_name(&cd
, dm_name
);
411 return log_error_errno(r
, "Failed to initialize cryptsetup context for %s: %m", dm_name
);
413 cryptsetup_enable_logging(cd
);
415 r
= sym_crypt_load(cd
, CRYPT_LUKS2
, NULL
);
417 return log_error_errno(r
, "Failed to load LUKS superblock: %m");
419 r
= sym_crypt_get_volume_key_size(cd
);
421 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to determine LUKS volume key size");
424 if (ret_found_uuid
) {
427 s
= sym_crypt_get_uuid(cd
);
429 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE
), "LUKS superblock has no UUID.");
431 r
= sd_id128_from_string(s
, &p
);
433 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE
), "LUKS superblock has invalid UUID.");
441 FOREACH_POINTER(list
,
442 cache
? cache
->pkcs11_passwords
: NULL
,
443 cache
? cache
->fido2_passwords
: NULL
,
445 r
= luks_try_passwords(cd
, list
, vk
, &vks
);
450 return log_error_errno(r
, "No valid password for LUKS superblock.");
452 return log_error_errno(r
, "Failed to unlocks LUKS superblock: %m");
454 log_info("Discovered used LUKS device /dev/mapper/%s, and validated password.", dm_name
);
456 /* This is needed so that crypt_resize() can operate correctly for pre-existing LUKS devices. We need
457 * to tell libcryptsetup the volume key explicitly, so that it is in the kernel keyring. */
458 r
= sym_crypt_activate_by_volume_key(cd
, NULL
, vk
, vks
, CRYPT_ACTIVATE_KEYRING_KEY
);
460 return log_error_errno(r
, "Failed to upload volume key again: %m");
462 log_info("Successfully re-activated LUKS device.");
469 *ret_volume_key
= TAKE_PTR(vk
);
470 if (ret_volume_key_size
)
471 *ret_volume_key_size
= vks
;
476 static int fs_validate(
480 sd_id128_t
*ret_found_uuid
) {
482 _cleanup_free_
char *fstype
= NULL
;
489 r
= probe_file_system_by_path(dm_node
, &fstype
, &u
);
491 return log_error_errno(r
, "Failed to probe file system: %m");
493 /* Limit the set of supported file systems a bit, as protection against little tested kernel file
494 * systems. Also, we only support the resize ioctls for these file systems. */
495 if (!supported_fstype(fstype
))
496 return log_error_errno(SYNTHETIC_ERRNO(EPROTONOSUPPORT
), "Image contains unsupported file system: %s", strna(fstype
));
498 if (!sd_id128_is_null(uuid
) &&
499 !sd_id128_equal(uuid
, u
))
500 return log_error_errno(SYNTHETIC_ERRNO(EMEDIUMTYPE
), "File system has wrong UUID.");
502 log_info("Probing file system completed (found %s).", fstype
);
504 *ret_fstype
= TAKE_PTR(fstype
);
506 if (ret_found_uuid
) /* Return the UUID actually found if the caller wants to know */
512 static int make_dm_names(const char *user_name
, char **ret_dm_name
, char **ret_dm_node
) {
513 _cleanup_free_
char *name
= NULL
, *node
= NULL
;
519 name
= strjoin("home-", user_name
);
523 node
= path_join("/dev/mapper/", name
);
527 *ret_dm_name
= TAKE_PTR(name
);
528 *ret_dm_node
= TAKE_PTR(node
);
532 static int luks_validate(
535 sd_id128_t partition_uuid
,
536 sd_id128_t
*ret_partition_uuid
,
537 uint64_t *ret_offset
,
538 uint64_t *ret_size
) {
540 _cleanup_(blkid_free_probep
) blkid_probe b
= NULL
;
541 sd_id128_t found_partition_uuid
= SD_ID128_NULL
;
542 const char *fstype
= NULL
, *pttype
= NULL
;
543 blkid_loff_t offset
= 0, size
= 0;
553 b
= blkid_new_probe();
558 r
= blkid_probe_set_device(b
, fd
, 0, 0);
560 return errno
> 0 ? -errno
: -ENOMEM
;
562 (void) blkid_probe_enable_superblocks(b
, 1);
563 (void) blkid_probe_set_superblocks_flags(b
, BLKID_SUBLKS_TYPE
);
564 (void) blkid_probe_enable_partitions(b
, 1);
565 (void) blkid_probe_set_partitions_flags(b
, BLKID_PARTS_ENTRY_DETAILS
);
568 r
= blkid_do_safeprobe(b
);
569 if (IN_SET(r
, -2, 1)) /* nothing found or ambiguous result */
572 return errno
> 0 ? -errno
: -EIO
;
574 (void) blkid_probe_lookup_value(b
, "TYPE", &fstype
, NULL
);
575 if (streq_ptr(fstype
, "crypto_LUKS")) {
576 /* Directly a LUKS image */
578 *ret_size
= UINT64_MAX
; /* full disk */
579 *ret_partition_uuid
= SD_ID128_NULL
;
584 (void) blkid_probe_lookup_value(b
, "PTTYPE", &pttype
, NULL
);
585 if (!streq_ptr(pttype
, "gpt"))
589 pl
= blkid_probe_get_partitions(b
);
591 return errno
> 0 ? -errno
: -ENOMEM
;
594 n
= blkid_partlist_numof_partitions(pl
);
596 return errno
> 0 ? -errno
: -EIO
;
598 for (int i
= 0; i
< n
; i
++) {
600 sd_id128_t id
= SD_ID128_NULL
;
604 pp
= blkid_partlist_get_partition(pl
, i
);
606 return errno
> 0 ? -errno
: -EIO
;
608 if (!streq_ptr(blkid_partition_get_type_string(pp
), "773f91ef-66d4-49b5-bd83-d683bf40ad16"))
611 if (!streq_ptr(blkid_partition_get_name(pp
), label
))
614 sid
= blkid_partition_get_uuid(pp
);
616 r
= sd_id128_from_string(sid
, &id
);
618 log_debug_errno(r
, "Couldn't parse partition UUID %s, weird: %m", sid
);
620 if (!sd_id128_is_null(partition_uuid
) && !sd_id128_equal(id
, partition_uuid
))
627 offset
= blkid_partition_get_start(pp
);
628 size
= blkid_partition_get_size(pp
);
629 found_partition_uuid
= id
;
639 if ((uint64_t) offset
> UINT64_MAX
/ 512U)
643 if ((uint64_t) size
> UINT64_MAX
/ 512U)
646 *ret_offset
= offset
* 512U;
647 *ret_size
= size
* 512U;
648 *ret_partition_uuid
= found_partition_uuid
;
653 static int crypt_device_to_evp_cipher(struct crypt_device
*cd
, const EVP_CIPHER
**ret
) {
654 _cleanup_free_
char *cipher_name
= NULL
;
655 const char *cipher
, *cipher_mode
, *e
;
656 size_t key_size
, key_bits
;
657 const EVP_CIPHER
*cc
;
662 /* Let's find the right OpenSSL EVP_CIPHER object that matches the encryption settings of the LUKS
665 cipher
= sym_crypt_get_cipher(cd
);
667 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Cannot get cipher from LUKS device.");
669 cipher_mode
= sym_crypt_get_cipher_mode(cd
);
671 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Cannot get cipher mode from LUKS device.");
673 e
= strchr(cipher_mode
, '-');
675 cipher_mode
= strndupa_safe(cipher_mode
, e
- cipher_mode
);
677 r
= sym_crypt_get_volume_key_size(cd
);
679 return log_error_errno(r
< 0 ? r
: SYNTHETIC_ERRNO(EINVAL
), "Cannot get volume key size from LUKS device.");
682 key_bits
= key_size
* 8;
683 if (streq(cipher_mode
, "xts"))
686 if (asprintf(&cipher_name
, "%s-%zu-%s", cipher
, key_bits
, cipher_mode
) < 0)
689 cc
= EVP_get_cipherbyname(cipher_name
);
691 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP
), "Selected cipher mode '%s' not supported, can't encrypt JSON record.", cipher_name
);
693 /* Verify that our key length calculations match what OpenSSL thinks */
694 r
= EVP_CIPHER_key_length(cc
);
695 if (r
< 0 || (uint64_t) r
!= key_size
)
696 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Key size of selected cipher doesn't meet our expectations.");
702 static int luks_validate_home_record(
703 struct crypt_device
*cd
,
705 const void *volume_key
,
706 PasswordCache
*cache
,
707 UserRecord
**ret_luks_home_record
) {
714 for (int token
= 0; token
< sym_crypt_token_max(CRYPT_LUKS2
); token
++) {
715 _cleanup_(json_variant_unrefp
) JsonVariant
*v
= NULL
, *rr
= NULL
;
716 _cleanup_(EVP_CIPHER_CTX_freep
) EVP_CIPHER_CTX
*context
= NULL
;
717 _cleanup_(user_record_unrefp
) UserRecord
*lhr
= NULL
;
718 _cleanup_free_
void *encrypted
= NULL
, *iv
= NULL
;
719 size_t decrypted_size
, encrypted_size
, iv_size
;
720 int decrypted_size_out1
, decrypted_size_out2
;
721 _cleanup_free_
char *decrypted
= NULL
;
722 const char *text
, *type
;
723 crypt_token_info state
;
724 JsonVariant
*jr
, *jiv
;
725 unsigned line
, column
;
726 const EVP_CIPHER
*cc
;
728 state
= sym_crypt_token_status(cd
, token
, &type
);
729 if (state
== CRYPT_TOKEN_INACTIVE
) /* First unconfigured token, give up */
731 if (IN_SET(state
, CRYPT_TOKEN_INTERNAL
, CRYPT_TOKEN_INTERNAL_UNKNOWN
, CRYPT_TOKEN_EXTERNAL
))
733 if (state
!= CRYPT_TOKEN_EXTERNAL_UNKNOWN
)
734 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Unexpected token state of token %i: %i", token
, (int) state
);
736 if (!streq(type
, "systemd-homed"))
739 r
= sym_crypt_token_json_get(cd
, token
, &text
);
741 return log_error_errno(r
, "Failed to read LUKS token %i: %m", token
);
743 r
= json_parse(text
, JSON_PARSE_SENSITIVE
, &v
, &line
, &column
);
745 return log_error_errno(r
, "Failed to parse LUKS token JSON data %u:%u: %m", line
, column
);
747 jr
= json_variant_by_key(v
, "record");
749 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "LUKS token lacks 'record' field.");
750 jiv
= json_variant_by_key(v
, "iv");
752 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "LUKS token lacks 'iv' field.");
754 r
= json_variant_unbase64(jr
, &encrypted
, &encrypted_size
);
756 return log_error_errno(r
, "Failed to base64 decode record: %m");
758 r
= json_variant_unbase64(jiv
, &iv
, &iv_size
);
760 return log_error_errno(r
, "Failed to base64 decode IV: %m");
762 r
= crypt_device_to_evp_cipher(cd
, &cc
);
765 if (iv_size
> INT_MAX
|| EVP_CIPHER_iv_length(cc
) != (int) iv_size
)
766 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "IV size doesn't match.");
768 context
= EVP_CIPHER_CTX_new();
772 if (EVP_DecryptInit_ex(context
, cc
, NULL
, volume_key
, iv
) != 1)
773 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to initialize decryption context.");
775 decrypted_size
= encrypted_size
+ EVP_CIPHER_key_length(cc
) * 2;
776 decrypted
= new(char, decrypted_size
);
780 if (EVP_DecryptUpdate(context
, (uint8_t*) decrypted
, &decrypted_size_out1
, encrypted
, encrypted_size
) != 1)
781 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to decrypt JSON record.");
783 assert((size_t) decrypted_size_out1
<= decrypted_size
);
785 if (EVP_DecryptFinal_ex(context
, (uint8_t*) decrypted
+ decrypted_size_out1
, &decrypted_size_out2
) != 1)
786 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to finish decryption of JSON record.");
788 assert((size_t) decrypted_size_out1
+ (size_t) decrypted_size_out2
< decrypted_size
);
789 decrypted_size
= (size_t) decrypted_size_out1
+ (size_t) decrypted_size_out2
;
791 if (memchr(decrypted
, 0, decrypted_size
))
792 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Inner NUL byte in JSON record, refusing.");
794 decrypted
[decrypted_size
] = 0;
796 r
= json_parse(decrypted
, JSON_PARSE_SENSITIVE
, &rr
, NULL
, NULL
);
798 return log_error_errno(r
, "Failed to parse decrypted JSON record, refusing.");
800 lhr
= user_record_new();
804 r
= user_record_load(lhr
, rr
, USER_RECORD_LOAD_EMBEDDED
|USER_RECORD_PERMISSIVE
);
806 return log_error_errno(r
, "Failed to parse user record: %m");
808 if (!user_record_compatible(h
, lhr
))
809 return log_error_errno(SYNTHETIC_ERRNO(EREMCHG
), "LUKS home record not compatible with host record, refusing.");
811 r
= user_record_authenticate(lhr
, h
, cache
, /* strict_verify= */ true);
814 assert(r
> 0); /* Insist that a password was verified */
816 *ret_luks_home_record
= TAKE_PTR(lhr
);
820 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG
), "Couldn't find home record in LUKS2 header, refusing.");
823 static int format_luks_token_text(
824 struct crypt_device
*cd
,
826 const void *volume_key
,
829 int r
, encrypted_size_out1
= 0, encrypted_size_out2
= 0, iv_size
, key_size
;
830 _cleanup_(EVP_CIPHER_CTX_freep
) EVP_CIPHER_CTX
*context
= NULL
;
831 _cleanup_(json_variant_unrefp
) JsonVariant
*v
= NULL
;
832 _cleanup_free_
void *iv
= NULL
, *encrypted
= NULL
;
833 size_t text_length
, encrypted_size
;
834 _cleanup_free_
char *text
= NULL
;
835 const EVP_CIPHER
*cc
;
842 r
= crypt_device_to_evp_cipher(cd
, &cc
);
846 key_size
= EVP_CIPHER_key_length(cc
);
847 iv_size
= EVP_CIPHER_iv_length(cc
);
850 iv
= malloc(iv_size
);
854 r
= genuine_random_bytes(iv
, iv_size
, RANDOM_BLOCK
);
856 return log_error_errno(r
, "Failed to generate IV: %m");
859 context
= EVP_CIPHER_CTX_new();
863 if (EVP_EncryptInit_ex(context
, cc
, NULL
, volume_key
, iv
) != 1)
864 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to initialize encryption context.");
866 r
= json_variant_format(hr
->json
, 0, &text
);
868 return log_error_errno(r
, "Failed to format user record for LUKS: %m");
870 text_length
= strlen(text
);
871 encrypted_size
= text_length
+ 2*key_size
- 1;
873 encrypted
= malloc(encrypted_size
);
877 if (EVP_EncryptUpdate(context
, encrypted
, &encrypted_size_out1
, (uint8_t*) text
, text_length
) != 1)
878 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to encrypt JSON record.");
880 assert((size_t) encrypted_size_out1
<= encrypted_size
);
882 if (EVP_EncryptFinal_ex(context
, (uint8_t*) encrypted
+ encrypted_size_out1
, &encrypted_size_out2
) != 1)
883 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to finish encryption of JSON record. ");
885 assert((size_t) encrypted_size_out1
+ (size_t) encrypted_size_out2
<= encrypted_size
);
889 JSON_BUILD_PAIR("type", JSON_BUILD_STRING("systemd-homed")),
890 JSON_BUILD_PAIR("keyslots", JSON_BUILD_EMPTY_ARRAY
),
891 JSON_BUILD_PAIR("record", JSON_BUILD_BASE64(encrypted
, encrypted_size_out1
+ encrypted_size_out2
)),
892 JSON_BUILD_PAIR("iv", JSON_BUILD_BASE64(iv
, iv_size
))));
894 return log_error_errno(r
, "Failed to prepare LUKS JSON token object: %m");
896 r
= json_variant_format(v
, 0, ret
);
898 return log_error_errno(r
, "Failed to format encrypted user record for LUKS: %m");
903 int home_store_header_identity_luks(
906 UserRecord
*old_home
) {
908 _cleanup_(user_record_unrefp
) UserRecord
*header_home
= NULL
;
909 _cleanup_free_
char *text
= NULL
;
914 if (!setup
->crypt_device
)
917 assert(setup
->volume_key
);
919 /* Let's store the user's identity record in the LUKS2 "token" header data fields, in an encrypted
920 * fashion. Why that? If we'd rely on the record being embedded in the payload file system itself we
921 * would have to mount the file system before we can validate the JSON record, its signatures and
922 * whether it matches what we are looking for. However, kernel file system implementations are
923 * generally not ready to be used on untrusted media. Hence let's store the record independently of
924 * the file system, so that we can validate it first, and only then mount the file system. To keep
925 * things simple we use the same encryption settings for this record as for the file system itself. */
927 r
= user_record_clone(h
, USER_RECORD_EXTRACT_EMBEDDED
|USER_RECORD_PERMISSIVE
, &header_home
);
929 return log_error_errno(r
, "Failed to determine new header record: %m");
931 if (old_home
&& user_record_equal(old_home
, header_home
)) {
932 log_debug("Not updating header home record.");
936 r
= format_luks_token_text(setup
->crypt_device
, header_home
, setup
->volume_key
, &text
);
940 for (int token
= 0; token
< sym_crypt_token_max(CRYPT_LUKS2
); token
++) {
941 crypt_token_info state
;
944 state
= sym_crypt_token_status(setup
->crypt_device
, token
, &type
);
945 if (state
== CRYPT_TOKEN_INACTIVE
) /* First unconfigured token, we are done */
947 if (IN_SET(state
, CRYPT_TOKEN_INTERNAL
, CRYPT_TOKEN_INTERNAL_UNKNOWN
, CRYPT_TOKEN_EXTERNAL
))
948 continue; /* Not ours */
949 if (state
!= CRYPT_TOKEN_EXTERNAL_UNKNOWN
)
950 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Unexpected token state of token %i: %i", token
, (int) state
);
952 if (!streq(type
, "systemd-homed"))
955 r
= sym_crypt_token_json_set(setup
->crypt_device
, token
, text
);
957 return log_error_errno(r
, "Failed to set JSON token for slot %i: %m", token
);
959 /* Now, let's free the text so that for all further matching tokens we all crypt_json_token_set()
960 * with a NULL text in order to invalidate the tokens. */
965 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG
), "Didn't find any record token to update.");
967 log_info("Wrote LUKS header user record.");
972 int run_fitrim(int root_fd
) {
973 struct fstrim_range range
= {
977 /* If discarding is on, discard everything right after mounting, so that the discard setting takes
978 * effect on activation. (Also, optionally, trim on logout) */
980 assert(root_fd
>= 0);
982 if (ioctl(root_fd
, FITRIM
, &range
) < 0) {
983 if (ERRNO_IS_NOT_SUPPORTED(errno
) || errno
== EBADF
) {
984 log_debug_errno(errno
, "File system does not support FITRIM, not trimming.");
988 return log_warning_errno(errno
, "Failed to invoke FITRIM, ignoring: %m");
991 log_info("Discarded unused %s.", FORMAT_BYTES(range
.len
));
995 int run_fitrim_by_path(const char *root_path
) {
996 _cleanup_close_
int root_fd
= -1;
998 root_fd
= open(root_path
, O_RDONLY
|O_DIRECTORY
|O_CLOEXEC
);
1000 return log_error_errno(errno
, "Failed to open file system '%s' for trimming: %m", root_path
);
1002 return run_fitrim(root_fd
);
1005 int run_fallocate(int backing_fd
, const struct stat
*st
) {
1008 assert(backing_fd
>= 0);
1010 /* If discarding is off, let's allocate the whole image before mounting, so that the setting takes
1011 * effect on activation */
1014 if (fstat(backing_fd
, &stbuf
) < 0)
1015 return log_error_errno(errno
, "Failed to fstat(): %m");
1020 if (!S_ISREG(st
->st_mode
))
1023 if (st
->st_blocks
>= DIV_ROUND_UP(st
->st_size
, 512)) {
1024 log_info("Backing file is fully allocated already.");
1028 if (fallocate(backing_fd
, FALLOC_FL_KEEP_SIZE
, 0, st
->st_size
) < 0) {
1030 if (ERRNO_IS_NOT_SUPPORTED(errno
)) {
1031 log_debug_errno(errno
, "fallocate() not supported on file system, ignoring.");
1035 if (ERRNO_IS_DISK_SPACE(errno
)) {
1036 log_debug_errno(errno
, "Not enough disk space to fully allocate home.");
1037 return -ENOSPC
; /* make recognizable */
1040 return log_error_errno(errno
, "Failed to allocate backing file blocks: %m");
1043 log_info("Allocated additional %s.",
1044 FORMAT_BYTES((DIV_ROUND_UP(st
->st_size
, 512) - st
->st_blocks
) * 512));
1048 int run_fallocate_by_path(const char *backing_path
) {
1049 _cleanup_close_
int backing_fd
= -1;
1051 backing_fd
= open(backing_path
, O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
);
1053 return log_error_errno(errno
, "Failed to open '%s' for fallocate(): %m", backing_path
);
1055 return run_fallocate(backing_fd
, NULL
);
1058 static int lock_image_fd(int image_fd
, const char *ip
) {
1061 /* If the $SYSTEMD_LUKS_LOCK environment variable is set we'll take an exclusive BSD lock on the
1062 * image file, and send it to our parent. homed will keep it open to ensure no other instance of
1063 * homed (across the network or such) will also mount the file. */
1065 r
= getenv_bool("SYSTEMD_LUKS_LOCK");
1069 return log_error_errno(r
, "Failed to parse $SYSTEMD_LUKS_LOCK environment variable: %m");
1073 if (fstat(image_fd
, &st
) < 0)
1074 return log_error_errno(errno
, "Failed to stat image file: %m");
1075 if (S_ISBLK(st
.st_mode
)) {
1076 /* Locking block devices doesn't really make sense, as this might interfear with
1077 * udev's workings, and these locks aren't network propagated anyway, hence not what
1078 * we are after here. */
1079 log_debug("Not locking image file '%s', since it's a block device.", ip
);
1082 r
= stat_verify_regular(&st
);
1084 return log_error_errno(r
, "Image file to lock is not a regular file: %m");
1086 if (flock(image_fd
, LOCK_EX
|LOCK_NB
) < 0) {
1088 if (errno
== EWOULDBLOCK
)
1089 log_error_errno(errno
, "Image file '%s' already locked, can't use.", ip
);
1091 log_error_errno(errno
, "Failed to lock image file '%s': %m", ip
);
1093 return errno
!= EWOULDBLOCK
? -errno
: -EADDRINUSE
; /* Make error recognizable */
1096 log_info("Successfully locked image file '%s'.", ip
);
1098 /* Now send it to our parent to keep safe while the home dir is active */
1099 r
= sd_pid_notify_with_fds(0, false, "SYSTEMD_LUKS_LOCK_FD=1", &image_fd
, 1);
1101 log_warning_errno(r
, "Failed to send LUKS lock fd to parent, ignoring: %m");
1107 static int open_image_file(
1109 const char *force_image_path
,
1110 struct stat
*ret_stat
) {
1112 _cleanup_close_
int image_fd
= -1;
1117 ip
= force_image_path
?: user_record_image_path(h
);
1119 image_fd
= open(ip
, O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
);
1121 return log_error_errno(errno
, "Failed to open image file %s: %m", ip
);
1123 if (fstat(image_fd
, &st
) < 0)
1124 return log_error_errno(errno
, "Failed to fstat() image file: %m");
1125 if (!S_ISREG(st
.st_mode
) && !S_ISBLK(st
.st_mode
))
1126 return log_error_errno(
1127 S_ISDIR(st
.st_mode
) ? SYNTHETIC_ERRNO(EISDIR
) : SYNTHETIC_ERRNO(EBADFD
),
1128 "Image file %s is not a regular file or block device: %m", ip
);
1130 r
= lock_image_fd(image_fd
, ip
);
1137 return TAKE_FD(image_fd
);
1140 int home_setup_luks(
1142 HomeSetupFlags flags
,
1143 const char *force_image_path
,
1144 PasswordCache
*cache
,
1146 UserRecord
**ret_luks_home
) {
1148 sd_id128_t found_partition_uuid
, found_luks_uuid
, found_fs_uuid
;
1149 _cleanup_(user_record_unrefp
) UserRecord
*luks_home
= NULL
;
1150 _cleanup_(loop_device_unrefp
) LoopDevice
*loop
= NULL
;
1151 _cleanup_(sym_crypt_freep
) struct crypt_device
*cd
= NULL
;
1152 _cleanup_(erase_and_freep
) void *volume_key
= NULL
;
1153 _cleanup_close_
int opened_image_fd
= -1, root_fd
= -1;
1154 bool dm_activated
= false, mounted
= false;
1155 size_t volume_key_size
= 0;
1156 bool marked_dirty
= false;
1157 uint64_t offset
, size
;
1158 int r
, image_fd
= -1;
1162 assert(setup
->dm_name
);
1163 assert(setup
->dm_node
);
1165 assert(user_record_storage(h
) == USER_LUKS
);
1167 r
= dlopen_cryptsetup();
1171 if (FLAGS_SET(flags
, HOME_SETUP_ALREADY_ACTIVATED
)) {
1172 struct loop_info64 info
;
1175 r
= luks_open(setup
->dm_name
,
1185 r
= luks_validate_home_record(cd
, h
, volume_key
, cache
, &luks_home
);
1189 n
= sym_crypt_get_device_name(cd
);
1191 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to determine backing device for DM %s.", setup
->dm_name
);
1193 r
= loop_device_open(n
, O_RDWR
, &loop
);
1195 return log_error_errno(r
, "Failed to open loopback device %s: %m", n
);
1197 if (ioctl(loop
->fd
, LOOP_GET_STATUS64
, &info
) < 0) {
1198 _cleanup_free_
char *sysfs
= NULL
;
1201 if (!IN_SET(errno
, ENOTTY
, EINVAL
))
1202 return log_error_errno(errno
, "Failed to get block device metrics of %s: %m", n
);
1204 if (ioctl(loop
->fd
, BLKGETSIZE64
, &size
) < 0)
1205 return log_error_errno(r
, "Failed to read block device size of %s: %m", n
);
1207 if (fstat(loop
->fd
, &st
) < 0)
1208 return log_error_errno(r
, "Failed to stat block device %s: %m", n
);
1209 assert(S_ISBLK(st
.st_mode
));
1211 if (asprintf(&sysfs
, "/sys/dev/block/%u:%u/partition", major(st
.st_rdev
), minor(st
.st_rdev
)) < 0)
1214 if (access(sysfs
, F_OK
) < 0) {
1215 if (errno
!= ENOENT
)
1216 return log_error_errno(errno
, "Failed to determine whether %s exists: %m", sysfs
);
1220 _cleanup_free_
char *buffer
= NULL
;
1222 if (asprintf(&sysfs
, "/sys/dev/block/%u:%u/start", major(st
.st_rdev
), minor(st
.st_rdev
)) < 0)
1225 r
= read_one_line_file(sysfs
, &buffer
);
1227 return log_error_errno(r
, "Failed to read partition start offset: %m");
1229 r
= safe_atou64(buffer
, &offset
);
1231 return log_error_errno(r
, "Failed to parse partition start offset: %m");
1233 if (offset
> UINT64_MAX
/ 512U)
1234 return log_error_errno(SYNTHETIC_ERRNO(E2BIG
), "Offset too large for 64 byte range, refusing.");
1239 #if HAVE_VALGRIND_MEMCHECK_H
1240 VALGRIND_MAKE_MEM_DEFINED(&info
, sizeof(info
));
1243 offset
= info
.lo_offset
;
1244 size
= info
.lo_sizelimit
;
1247 found_partition_uuid
= found_fs_uuid
= SD_ID128_NULL
;
1249 log_info("Discovered used loopback device %s.", loop
->node
);
1251 root_fd
= open(user_record_home_directory(h
), O_RDONLY
|O_CLOEXEC
|O_DIRECTORY
|O_NOFOLLOW
);
1253 r
= log_error_errno(errno
, "Failed to open home directory: %m");
1257 _cleanup_free_
char *fstype
= NULL
, *subdir
= NULL
;
1261 ip
= force_image_path
?: user_record_image_path(h
);
1263 subdir
= path_join("/run/systemd/user-home-mount/", user_record_user_name_and_realm(h
));
1267 /* Reuse the image fd if it has already been opened by an earlier step */
1268 if (setup
->image_fd
< 0) {
1269 opened_image_fd
= open_image_file(h
, force_image_path
, &st
);
1270 if (opened_image_fd
< 0)
1271 return opened_image_fd
;
1273 image_fd
= opened_image_fd
;
1275 image_fd
= setup
->image_fd
;
1277 r
= luks_validate(image_fd
, user_record_user_name_and_realm(h
), h
->partition_uuid
, &found_partition_uuid
, &offset
, &size
);
1279 return log_error_errno(r
, "Failed to validate disk label: %m");
1281 /* Everything before this point left the image untouched. We are now starting to make
1282 * changes, hence mark the image dirty */
1283 marked_dirty
= run_mark_dirty(image_fd
, true) > 0;
1285 if (!user_record_luks_discard(h
)) {
1286 r
= run_fallocate(image_fd
, &st
);
1291 r
= loop_device_make(image_fd
, O_RDWR
, offset
, size
, 0, &loop
);
1293 log_error_errno(r
, "Loopback block device support is not available on this system.");
1294 return -ENOLINK
; /* make recognizable */
1297 return log_error_errno(r
, "Failed to allocate loopback context: %m");
1299 log_info("Setting up loopback device %s completed.", loop
->node
?: ip
);
1301 r
= luks_setup(loop
->node
?: ip
,
1305 h
->luks_cipher_mode
,
1306 h
->luks_volume_key_size
,
1309 user_record_luks_discard(h
) || user_record_luks_offline_discard(h
),
1317 dm_activated
= true;
1319 r
= luks_validate_home_record(cd
, h
, volume_key
, cache
, &luks_home
);
1323 r
= fs_validate(setup
->dm_node
, h
->file_system_uuid
, &fstype
, &found_fs_uuid
);
1327 r
= run_fsck(setup
->dm_node
, fstype
);
1331 r
= home_unshare_and_mount(setup
->dm_node
, fstype
, user_record_luks_discard(h
), user_record_mount_flags(h
));
1337 root_fd
= open(subdir
, O_RDONLY
|O_CLOEXEC
|O_DIRECTORY
|O_NOFOLLOW
);
1339 r
= log_error_errno(errno
, "Failed to open home directory: %m");
1343 if (user_record_luks_discard(h
))
1344 (void) run_fitrim(root_fd
);
1346 /* And now, fill in everything */
1347 if (opened_image_fd
>= 0) {
1348 safe_close(setup
->image_fd
);
1349 setup
->image_fd
= TAKE_FD(opened_image_fd
);
1352 setup
->do_offline_fallocate
= !(setup
->do_offline_fitrim
= user_record_luks_offline_discard(h
));
1353 setup
->do_mark_clean
= marked_dirty
;
1356 setup
->loop
= TAKE_PTR(loop
);
1357 setup
->crypt_device
= TAKE_PTR(cd
);
1358 setup
->root_fd
= TAKE_FD(root_fd
);
1359 setup
->found_partition_uuid
= found_partition_uuid
;
1360 setup
->found_luks_uuid
= found_luks_uuid
;
1361 setup
->found_fs_uuid
= found_fs_uuid
;
1362 setup
->partition_offset
= offset
;
1363 setup
->partition_size
= size
;
1364 setup
->volume_key
= TAKE_PTR(volume_key
);
1365 setup
->volume_key_size
= volume_key_size
;
1367 setup
->undo_mount
= mounted
;
1368 setup
->undo_dm
= dm_activated
;
1371 *ret_luks_home
= TAKE_PTR(luks_home
);
1377 (void) umount_verbose(LOG_ERR
, "/run/systemd/user-home-mount", UMOUNT_NOFOLLOW
);
1380 (void) sym_crypt_deactivate_by_name(cd
, setup
->dm_name
, 0);
1382 if (image_fd
>= 0 && marked_dirty
)
1383 (void) run_mark_dirty(image_fd
, false);
1388 static void print_size_summary(uint64_t host_size
, uint64_t encrypted_size
, struct statfs
*sfs
) {
1391 log_info("Image size is %s, file system size is %s, file system payload size is %s, file system free is %s.",
1392 FORMAT_BYTES(host_size
),
1393 FORMAT_BYTES(encrypted_size
),
1394 FORMAT_BYTES((uint64_t) sfs
->f_blocks
* (uint64_t) sfs
->f_frsize
),
1395 FORMAT_BYTES((uint64_t) sfs
->f_bfree
* (uint64_t) sfs
->f_frsize
));
1398 int home_activate_luks(
1401 PasswordCache
*cache
,
1402 UserRecord
**ret_home
) {
1404 _cleanup_(user_record_unrefp
) UserRecord
*new_home
= NULL
, *luks_home_record
= NULL
;
1405 uint64_t host_size
, encrypted_size
;
1406 const char *hdo
, *hd
;
1411 assert(user_record_storage(h
) == USER_LUKS
);
1415 r
= dlopen_cryptsetup();
1419 assert_se(hdo
= user_record_home_directory(h
));
1420 hd
= strdupa_safe(hdo
); /* copy the string out, since it might change later in the home record object */
1422 r
= home_get_state_luks(h
, setup
);
1426 return log_error_errno(SYNTHETIC_ERRNO(EEXIST
), "Device mapper device %s already exists, refusing.", setup
->dm_node
);
1428 r
= home_setup_luks(
1438 r
= block_get_size_by_fd(setup
->loop
->fd
, &host_size
);
1440 return log_error_errno(r
, "Failed to get loopback block device size: %m");
1442 r
= block_get_size_by_path(setup
->dm_node
, &encrypted_size
);
1444 return log_error_errno(r
, "Failed to get LUKS block device size: %m");
1456 r
= home_extend_embedded_identity(new_home
, h
, setup
);
1460 setup
->root_fd
= safe_close(setup
->root_fd
);
1462 r
= home_move_mount(user_record_user_name_and_realm(h
), hd
);
1466 setup
->undo_mount
= false;
1467 setup
->do_offline_fitrim
= false;
1469 loop_device_relinquish(setup
->loop
);
1471 r
= sym_crypt_deactivate_by_name(NULL
, setup
->dm_name
, CRYPT_DEACTIVATE_DEFERRED
);
1473 log_warning_errno(r
, "Failed to relinquish DM device, ignoring: %m");
1475 setup
->undo_dm
= false;
1476 setup
->do_offline_fallocate
= false;
1477 setup
->do_mark_clean
= false;
1479 log_info("Everything completed.");
1481 print_size_summary(host_size
, encrypted_size
, &sfs
);
1483 *ret_home
= TAKE_PTR(new_home
);
1487 int home_deactivate_luks(UserRecord
*h
) {
1488 _cleanup_(sym_crypt_freep
) struct crypt_device
*cd
= NULL
;
1489 _cleanup_free_
char *dm_name
= NULL
, *dm_node
= NULL
;
1493 /* Note that the DM device and loopback device are set to auto-detach, hence strictly speaking we
1494 * don't have to explicitly have to detach them. However, we do that nonetheless (in case of the DM
1495 * device), to avoid races: by explicitly detaching them we know when the detaching is complete. We
1496 * don't bother about the loopback device because unlike the DM device it doesn't have a fixed
1499 r
= dlopen_cryptsetup();
1503 r
= make_dm_names(h
->user_name
, &dm_name
, &dm_node
);
1507 r
= sym_crypt_init_by_name(&cd
, dm_name
);
1508 if (IN_SET(r
, -ENODEV
, -EINVAL
, -ENOENT
)) {
1509 log_debug_errno(r
, "LUKS device %s has already been detached.", dm_name
);
1510 we_detached
= false;
1512 return log_error_errno(r
, "Failed to initialize cryptsetup context for %s: %m", dm_name
);
1514 log_info("Discovered used LUKS device %s.", dm_node
);
1516 cryptsetup_enable_logging(cd
);
1518 r
= sym_crypt_deactivate_by_name(cd
, dm_name
, 0);
1519 if (IN_SET(r
, -ENODEV
, -EINVAL
, -ENOENT
)) {
1520 log_debug_errno(r
, "LUKS device %s is already detached.", dm_node
);
1521 we_detached
= false;
1523 return log_info_errno(r
, "LUKS device %s couldn't be deactivated: %m", dm_node
);
1525 log_info("LUKS device detaching completed.");
1530 if (user_record_luks_offline_discard(h
))
1531 log_debug("Not allocating on logout.");
1533 (void) run_fallocate_by_path(user_record_image_path(h
));
1535 run_mark_dirty_by_path(user_record_image_path(h
), false);
1539 int home_trim_luks(UserRecord
*h
) {
1542 if (!user_record_luks_offline_discard(h
)) {
1543 log_debug("Not trimming on logout.");
1547 (void) run_fitrim_by_path(user_record_home_directory(h
));
1551 static struct crypt_pbkdf_type
* build_good_pbkdf(struct crypt_pbkdf_type
*buffer
, UserRecord
*hr
) {
1555 *buffer
= (struct crypt_pbkdf_type
) {
1556 .hash
= user_record_luks_pbkdf_hash_algorithm(hr
),
1557 .type
= user_record_luks_pbkdf_type(hr
),
1558 .time_ms
= user_record_luks_pbkdf_time_cost_usec(hr
) / USEC_PER_MSEC
,
1559 .max_memory_kb
= user_record_luks_pbkdf_memory_cost(hr
) / 1024,
1560 .parallel_threads
= user_record_luks_pbkdf_parallel_threads(hr
),
1566 static struct crypt_pbkdf_type
* build_minimal_pbkdf(struct crypt_pbkdf_type
*buffer
, UserRecord
*hr
) {
1570 /* For PKCS#11 derived keys (which are generated randomly and are of high quality already) we use a
1572 *buffer
= (struct crypt_pbkdf_type
) {
1573 .hash
= user_record_luks_pbkdf_hash_algorithm(hr
),
1574 .type
= CRYPT_KDF_PBKDF2
,
1582 static int luks_format(
1584 const char *dm_name
,
1587 const PasswordCache
*cache
,
1588 char **effective_passwords
,
1591 struct crypt_device
**ret
) {
1593 _cleanup_(user_record_unrefp
) UserRecord
*reduced
= NULL
;
1594 _cleanup_(sym_crypt_freep
) struct crypt_device
*cd
= NULL
;
1595 _cleanup_(erase_and_freep
) void *volume_key
= NULL
;
1596 struct crypt_pbkdf_type good_pbkdf
, minimal_pbkdf
;
1597 _cleanup_free_
char *text
= NULL
;
1598 size_t volume_key_size
;
1607 r
= sym_crypt_init(&cd
, node
);
1609 return log_error_errno(r
, "Failed to allocate libcryptsetup context: %m");
1611 cryptsetup_enable_logging(cd
);
1613 /* Normally we'd, just leave volume key generation to libcryptsetup. However, we can't, since we
1614 * can't extract the volume key from the library again, but we need it in order to encrypt the JSON
1615 * record. Hence, let's generate it on our own, so that we can keep track of it. */
1617 volume_key_size
= user_record_luks_volume_key_size(hr
);
1618 volume_key
= malloc(volume_key_size
);
1622 r
= genuine_random_bytes(volume_key
, volume_key_size
, RANDOM_BLOCK
);
1624 return log_error_errno(r
, "Failed to generate volume key: %m");
1626 #if HAVE_CRYPT_SET_METADATA_SIZE
1627 /* Increase the metadata space to 4M, the largest LUKS2 supports */
1628 r
= sym_crypt_set_metadata_size(cd
, 4096U*1024U, 0);
1630 return log_error_errno(r
, "Failed to change LUKS2 metadata size: %m");
1633 build_good_pbkdf(&good_pbkdf
, hr
);
1634 build_minimal_pbkdf(&minimal_pbkdf
, hr
);
1636 r
= sym_crypt_format(
1639 user_record_luks_cipher(hr
),
1640 user_record_luks_cipher_mode(hr
),
1641 ID128_TO_UUID_STRING(uuid
),
1644 &(struct crypt_params_luks2
) {
1646 .subsystem
= "systemd-home",
1647 .sector_size
= 512U,
1648 .pbkdf
= &good_pbkdf
,
1651 return log_error_errno(r
, "Failed to format LUKS image: %m");
1653 log_info("LUKS formatting completed.");
1655 STRV_FOREACH(pp
, effective_passwords
) {
1657 if (password_cache_contains(cache
, *pp
)) { /* is this a fido2 or pkcs11 password? */
1658 log_debug("Using minimal PBKDF for slot %i", slot
);
1659 r
= sym_crypt_set_pbkdf_type(cd
, &minimal_pbkdf
);
1661 log_debug("Using good PBKDF for slot %i", slot
);
1662 r
= sym_crypt_set_pbkdf_type(cd
, &good_pbkdf
);
1665 return log_error_errno(r
, "Failed to tweak PBKDF for slot %i: %m", slot
);
1667 r
= sym_crypt_keyslot_add_by_volume_key(
1675 return log_error_errno(r
, "Failed to set up LUKS password for slot %i: %m", slot
);
1677 log_info("Writing password to LUKS keyslot %i completed.", slot
);
1681 r
= sym_crypt_activate_by_volume_key(
1686 discard
? CRYPT_ACTIVATE_ALLOW_DISCARDS
: 0);
1688 return log_error_errno(r
, "Failed to activate LUKS superblock: %m");
1690 log_info("LUKS activation by volume key succeeded.");
1692 r
= user_record_clone(hr
, USER_RECORD_EXTRACT_EMBEDDED
|USER_RECORD_PERMISSIVE
, &reduced
);
1694 return log_error_errno(r
, "Failed to prepare home record for LUKS: %m");
1696 r
= format_luks_token_text(cd
, reduced
, volume_key
, &text
);
1700 r
= sym_crypt_token_json_set(cd
, CRYPT_ANY_TOKEN
, text
);
1702 return log_error_errno(r
, "Failed to set LUKS JSON token: %m");
1704 log_info("Writing user record as LUKS token completed.");
1707 *ret
= TAKE_PTR(cd
);
1712 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct fdisk_context
*, fdisk_unref_context
, NULL
);
1713 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct fdisk_partition
*, fdisk_unref_partition
, NULL
);
1714 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct fdisk_parttype
*, fdisk_unref_parttype
, NULL
);
1715 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct fdisk_table
*, fdisk_unref_table
, NULL
);
1717 static int make_partition_table(
1721 uint64_t *ret_offset
,
1723 sd_id128_t
*ret_disk_uuid
) {
1725 _cleanup_(fdisk_unref_partitionp
) struct fdisk_partition
*p
= NULL
, *q
= NULL
;
1726 _cleanup_(fdisk_unref_parttypep
) struct fdisk_parttype
*t
= NULL
;
1727 _cleanup_(fdisk_unref_contextp
) struct fdisk_context
*c
= NULL
;
1728 _cleanup_free_
char *path
= NULL
, *disk_uuid_as_string
= NULL
;
1729 uint64_t offset
, size
, first_lba
, start
, last_lba
, end
;
1730 sd_id128_t disk_uuid
;
1738 t
= fdisk_new_parttype();
1742 r
= fdisk_parttype_set_typestr(t
, "773f91ef-66d4-49b5-bd83-d683bf40ad16");
1744 return log_error_errno(r
, "Failed to initialize partition type: %m");
1746 c
= fdisk_new_context();
1750 if (asprintf(&path
, "/proc/self/fd/%i", fd
) < 0)
1753 r
= fdisk_assign_device(c
, path
, 0);
1755 return log_error_errno(r
, "Failed to open device: %m");
1757 r
= fdisk_create_disklabel(c
, "gpt");
1759 return log_error_errno(r
, "Failed to create GPT disk label: %m");
1761 p
= fdisk_new_partition();
1765 r
= fdisk_partition_set_type(p
, t
);
1767 return log_error_errno(r
, "Failed to set partition type: %m");
1769 r
= fdisk_partition_partno_follow_default(p
, 1);
1771 return log_error_errno(r
, "Failed to place partition at first free partition index: %m");
1773 first_lba
= fdisk_get_first_lba(c
); /* Boundary where usable space starts */
1774 assert(first_lba
<= UINT64_MAX
/512);
1775 start
= DISK_SIZE_ROUND_UP(first_lba
* 512); /* Round up to multiple of 4K */
1777 if (start
== UINT64_MAX
)
1778 return log_error_errno(SYNTHETIC_ERRNO(ERANGE
), "Overflow while rounding up start LBA.");
1780 last_lba
= fdisk_get_last_lba(c
); /* One sector before boundary where usable space ends */
1781 assert(last_lba
< UINT64_MAX
/512);
1782 end
= DISK_SIZE_ROUND_DOWN((last_lba
+ 1) * 512); /* Round down to multiple of 4K */
1785 return log_error_errno(SYNTHETIC_ERRNO(ERANGE
), "Resulting partition size zero or negative.");
1787 r
= fdisk_partition_set_start(p
, start
/ 512);
1789 return log_error_errno(r
, "Failed to place partition at offset %" PRIu64
": %m", start
);
1791 r
= fdisk_partition_set_size(p
, (end
- start
) / 512);
1793 return log_error_errno(r
, "Failed to end partition at offset %" PRIu64
": %m", end
);
1795 r
= fdisk_partition_set_name(p
, label
);
1797 return log_error_errno(r
, "Failed to set partition name: %m");
1799 r
= fdisk_partition_set_uuid(p
, ID128_TO_UUID_STRING(uuid
));
1801 return log_error_errno(r
, "Failed to set partition UUID: %m");
1803 r
= fdisk_add_partition(c
, p
, NULL
);
1805 return log_error_errno(r
, "Failed to add partition: %m");
1807 r
= fdisk_write_disklabel(c
);
1809 return log_error_errno(r
, "Failed to write disk label: %m");
1811 r
= fdisk_get_disklabel_id(c
, &disk_uuid_as_string
);
1813 return log_error_errno(r
, "Failed to determine disk label UUID: %m");
1815 r
= sd_id128_from_string(disk_uuid_as_string
, &disk_uuid
);
1817 return log_error_errno(r
, "Failed to parse disk label UUID: %m");
1819 r
= fdisk_get_partition(c
, 0, &q
);
1821 return log_error_errno(r
, "Failed to read created partition metadata: %m");
1823 assert(fdisk_partition_has_start(q
));
1824 offset
= fdisk_partition_get_start(q
);
1825 if (offset
> UINT64_MAX
/ 512U)
1826 return log_error_errno(SYNTHETIC_ERRNO(ERANGE
), "Partition offset too large.");
1828 assert(fdisk_partition_has_size(q
));
1829 size
= fdisk_partition_get_size(q
);
1830 if (size
> UINT64_MAX
/ 512U)
1831 return log_error_errno(SYNTHETIC_ERRNO(ERANGE
), "Partition size too large.");
1833 *ret_offset
= offset
* 512U;
1834 *ret_size
= size
* 512U;
1835 *ret_disk_uuid
= disk_uuid
;
1840 static bool supported_fs_size(const char *fstype
, uint64_t host_size
) {
1843 m
= minimal_size_by_fs_name(fstype
);
1844 if (m
== UINT64_MAX
)
1847 return host_size
>= m
;
1850 static int wait_for_devlink(const char *path
) {
1851 _cleanup_close_
int inotify_fd
= -1;
1855 /* let's wait for a device link to show up in /dev, with a timeout. This is good to do since we
1856 * return a /dev/disk/by-uuid/… link to our callers and they likely want to access it right-away,
1857 * hence let's wait until udev has caught up with our changes, and wait for the symlink to be
1860 until
= usec_add(now(CLOCK_MONOTONIC
), 45 * USEC_PER_SEC
);
1863 _cleanup_free_
char *dn
= NULL
;
1866 if (laccess(path
, F_OK
) < 0) {
1867 if (errno
!= ENOENT
)
1868 return log_error_errno(errno
, "Failed to determine whether %s exists: %m", path
);
1870 return 0; /* Found it */
1872 if (inotify_fd
< 0) {
1873 /* We need to wait for the device symlink to show up, let's create an inotify watch for it */
1874 inotify_fd
= inotify_init1(IN_NONBLOCK
|IN_CLOEXEC
);
1876 return log_error_errno(errno
, "Failed to allocate inotify fd: %m");
1879 dn
= dirname_malloc(path
);
1884 log_info("Watching %s", dn
);
1886 if (inotify_add_watch(inotify_fd
, dn
, IN_CREATE
|IN_MOVED_TO
|IN_ONLYDIR
|IN_DELETE_SELF
|IN_MOVE_SELF
) < 0) {
1887 if (errno
!= ENOENT
)
1888 return log_error_errno(errno
, "Failed to add watch on %s: %m", dn
);
1892 if (empty_or_root(dn
))
1895 dn
= dirname_malloc(dn
);
1898 w
= now(CLOCK_MONOTONIC
);
1900 return log_error_errno(SYNTHETIC_ERRNO(ETIMEDOUT
), "Device link %s still hasn't shown up, giving up.", path
);
1902 r
= fd_wait_for_event(inotify_fd
, POLLIN
, usec_sub_unsigned(until
, w
));
1904 return log_error_errno(r
, "Failed to watch inotify: %m");
1906 (void) flush_fd(inotify_fd
);
1910 static int calculate_disk_size(UserRecord
*h
, const char *parent_dir
, uint64_t *ret
) {
1918 if (h
->disk_size
!= UINT64_MAX
) {
1919 *ret
= DISK_SIZE_ROUND_DOWN(h
->disk_size
);
1923 if (statfs(parent_dir
, &sfs
) < 0)
1924 return log_error_errno(errno
, "statfs() on %s failed: %m", parent_dir
);
1926 m
= sfs
.f_bsize
* sfs
.f_bavail
;
1928 if (h
->disk_size_relative
== UINT64_MAX
) {
1930 if (m
> UINT64_MAX
/ USER_DISK_SIZE_DEFAULT_PERCENT
)
1931 return log_error_errno(SYNTHETIC_ERRNO(EOVERFLOW
), "Disk size too large.");
1933 *ret
= DISK_SIZE_ROUND_DOWN(m
* USER_DISK_SIZE_DEFAULT_PERCENT
/ 100);
1935 log_info("Sizing home to %u%% of available disk space, which is %s.",
1936 USER_DISK_SIZE_DEFAULT_PERCENT
,
1937 FORMAT_BYTES(*ret
));
1939 *ret
= DISK_SIZE_ROUND_DOWN((uint64_t) ((double) m
* (double) h
->disk_size_relative
/ (double) UINT32_MAX
));
1941 log_info("Sizing home to %" PRIu64
".%01" PRIu64
"%% of available disk space, which is %s.",
1942 (h
->disk_size_relative
* 100) / UINT32_MAX
,
1943 ((h
->disk_size_relative
* 1000) / UINT32_MAX
) % 10,
1944 FORMAT_BYTES(*ret
));
1947 if (*ret
< USER_DISK_SIZE_MIN
)
1948 *ret
= USER_DISK_SIZE_MIN
;
1953 static int home_truncate(
1966 trunc
= user_record_luks_discard(h
);
1968 r
= fallocate(fd
, 0, 0, size
);
1969 if (r
< 0 && ERRNO_IS_NOT_SUPPORTED(errno
)) {
1970 /* Some file systems do not support fallocate(), let's gracefully degrade
1971 * (ZFS, reiserfs, …) and fall back to truncation */
1972 log_notice_errno(errno
, "Backing file system does not support fallocate(), falling back to ftruncate(), i.e. implicitly using non-discard mode.");
1978 r
= ftruncate(fd
, size
);
1981 if (ERRNO_IS_DISK_SPACE(errno
)) {
1982 log_error_errno(errno
, "Not enough disk space to allocate home.");
1983 return -ENOSPC
; /* make recognizable */
1986 return log_error_errno(errno
, "Failed to truncate home image %s: %m", path
);
1992 int home_create_luks(
1994 const PasswordCache
*cache
,
1995 char **effective_passwords
,
1996 UserRecord
**ret_home
) {
1998 _cleanup_free_
char *dm_name
= NULL
, *dm_node
= NULL
, *subdir
= NULL
, *disk_uuid_path
= NULL
, *temporary_image_path
= NULL
;
1999 uint64_t encrypted_size
,
2000 host_size
= 0, partition_offset
= 0, partition_size
= 0; /* Unnecessary initialization to appease gcc */
2001 bool image_created
= false, dm_activated
= false, mounted
= false;
2002 _cleanup_(user_record_unrefp
) UserRecord
*new_home
= NULL
;
2003 sd_id128_t partition_uuid
, fs_uuid
, luks_uuid
, disk_uuid
;
2004 _cleanup_(loop_device_unrefp
) LoopDevice
*loop
= NULL
;
2005 _cleanup_(sym_crypt_freep
) struct crypt_device
*cd
= NULL
;
2006 _cleanup_close_
int image_fd
= -1, root_fd
= -1;
2007 const char *fstype
, *ip
;
2012 assert(h
->storage
< 0 || h
->storage
== USER_LUKS
);
2015 r
= dlopen_cryptsetup();
2019 assert_se(ip
= user_record_image_path(h
));
2021 fstype
= user_record_file_system_type(h
);
2022 if (!supported_fstype(fstype
))
2023 return log_error_errno(SYNTHETIC_ERRNO(EPROTONOSUPPORT
), "Unsupported file system type: %s", fstype
);
2025 r
= mkfs_exists(fstype
);
2027 return log_error_errno(r
, "Failed to check if mkfs binary for %s exists: %m", fstype
);
2029 if (h
->file_system_type
|| streq(fstype
, "ext4") || !supported_fstype("ext4"))
2030 return log_error_errno(SYNTHETIC_ERRNO(EPROTONOSUPPORT
), "mkfs binary for file system type %s does not exist.", fstype
);
2032 /* If the record does not explicitly declare a file system to use, and the compiled-in
2033 * default does not actually exist, than do an automatic fallback onto ext4, as the baseline
2034 * fs of Linux. We won't search for a working fs type here beyond ext4, i.e. nothing fancier
2035 * than a single, conservative fallback to baseline. This should be useful in minimal
2036 * environments where mkfs.btrfs or so are not made available, but mkfs.ext4 as Linux' most
2037 * boring, most basic fs is. */
2038 log_info("Formatting tool for compiled-in default file system %s not available, falling back to ext4 instead.", fstype
);
2042 if (sd_id128_is_null(h
->partition_uuid
)) {
2043 r
= sd_id128_randomize(&partition_uuid
);
2045 return log_error_errno(r
, "Failed to acquire partition UUID: %m");
2047 partition_uuid
= h
->partition_uuid
;
2049 if (sd_id128_is_null(h
->luks_uuid
)) {
2050 r
= sd_id128_randomize(&luks_uuid
);
2052 return log_error_errno(r
, "Failed to acquire LUKS UUID: %m");
2054 luks_uuid
= h
->luks_uuid
;
2056 if (sd_id128_is_null(h
->file_system_uuid
)) {
2057 r
= sd_id128_randomize(&fs_uuid
);
2059 return log_error_errno(r
, "Failed to acquire file system UUID: %m");
2061 fs_uuid
= h
->file_system_uuid
;
2063 r
= make_dm_names(h
->user_name
, &dm_name
, &dm_node
);
2067 r
= access(dm_node
, F_OK
);
2069 if (errno
!= ENOENT
)
2070 return log_error_errno(errno
, "Failed to determine whether %s exists: %m", dm_node
);
2072 return log_error_errno(SYNTHETIC_ERRNO(EEXIST
), "Device mapper device %s already exists, refusing.", dm_node
);
2074 if (path_startswith(ip
, "/dev/")) {
2075 _cleanup_free_
char *sysfs
= NULL
;
2076 uint64_t block_device_size
;
2079 /* Let's place the home directory on a real device, i.e. an USB stick or such */
2081 image_fd
= open(ip
, O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
);
2083 return log_error_errno(errno
, "Failed to open device %s: %m", ip
);
2085 if (fstat(image_fd
, &st
) < 0)
2086 return log_error_errno(errno
, "Failed to stat device %s: %m", ip
);
2087 if (!S_ISBLK(st
.st_mode
))
2088 return log_error_errno(SYNTHETIC_ERRNO(ENOTBLK
), "Device is not a block device, refusing.");
2090 if (asprintf(&sysfs
, "/sys/dev/block/%u:%u/partition", major(st
.st_rdev
), minor(st
.st_rdev
)) < 0)
2092 if (access(sysfs
, F_OK
) < 0) {
2093 if (errno
!= ENOENT
)
2094 return log_error_errno(errno
, "Failed to check whether %s exists: %m", sysfs
);
2096 return log_error_errno(SYNTHETIC_ERRNO(ENOTBLK
), "Operating on partitions is currently not supported, sorry. Please specify a top-level block device.");
2098 if (flock(image_fd
, LOCK_EX
) < 0) /* make sure udev doesn't read from it while we operate on the device */
2099 return log_error_errno(errno
, "Failed to lock block device %s: %m", ip
);
2101 if (ioctl(image_fd
, BLKGETSIZE64
, &block_device_size
) < 0)
2102 return log_error_errno(errno
, "Failed to read block device size: %m");
2104 if (h
->disk_size
== UINT64_MAX
) {
2106 /* If a relative disk size is requested, apply it relative to the block device size */
2107 if (h
->disk_size_relative
< UINT32_MAX
)
2108 host_size
= CLAMP(DISK_SIZE_ROUND_DOWN(block_device_size
* h
->disk_size_relative
/ UINT32_MAX
),
2109 USER_DISK_SIZE_MIN
, USER_DISK_SIZE_MAX
);
2111 host_size
= block_device_size
; /* Otherwise, take the full device */
2113 } else if (h
->disk_size
> block_device_size
)
2114 return log_error_errno(SYNTHETIC_ERRNO(EMSGSIZE
), "Selected disk size larger than backing block device, refusing.");
2116 host_size
= DISK_SIZE_ROUND_DOWN(h
->disk_size
);
2118 if (!supported_fs_size(fstype
, host_size
))
2119 return log_error_errno(SYNTHETIC_ERRNO(ERANGE
),
2120 "Selected file system size too small for %s.", fstype
);
2122 /* After creation we should reference this partition by its UUID instead of the block
2123 * device. That's preferable since the user might have specified a device node such as
2124 * /dev/sdb to us, which might look very different when replugged. */
2125 if (asprintf(&disk_uuid_path
, "/dev/disk/by-uuid/" SD_ID128_UUID_FORMAT_STR
, SD_ID128_FORMAT_VAL(luks_uuid
)) < 0)
2128 if (user_record_luks_discard(h
) || user_record_luks_offline_discard(h
)) {
2129 /* If we want online or offline discard, discard once before we start using things. */
2131 if (ioctl(image_fd
, BLKDISCARD
, (uint64_t[]) { 0, block_device_size
}) < 0)
2132 log_full_errno(errno
== EOPNOTSUPP
? LOG_DEBUG
: LOG_WARNING
, errno
,
2133 "Failed to issue full-device BLKDISCARD on device, ignoring: %m");
2135 log_info("Full device discard completed.");
2138 _cleanup_free_
char *parent
= NULL
;
2140 parent
= dirname_malloc(ip
);
2144 r
= mkdir_p(parent
, 0755);
2146 return log_error_errno(r
, "Failed to create parent directory %s: %m", parent
);
2148 r
= calculate_disk_size(h
, parent
, &host_size
);
2152 if (!supported_fs_size(fstype
, host_size
))
2153 return log_error_errno(SYNTHETIC_ERRNO(ERANGE
), "Selected file system size too small for %s.", fstype
);
2155 r
= tempfn_random(ip
, "homework", &temporary_image_path
);
2157 return log_error_errno(r
, "Failed to derive temporary file name for %s: %m", ip
);
2159 image_fd
= open(temporary_image_path
, O_RDWR
|O_CREAT
|O_EXCL
|O_CLOEXEC
|O_NOCTTY
|O_NOFOLLOW
, 0600);
2161 return log_error_errno(errno
, "Failed to create home image %s: %m", temporary_image_path
);
2163 image_created
= true;
2165 r
= chattr_fd(image_fd
, FS_NOCOW_FL
, FS_NOCOW_FL
, NULL
);
2167 log_full_errno(ERRNO_IS_NOT_SUPPORTED(r
) ? LOG_DEBUG
: LOG_WARNING
, r
,
2168 "Failed to set file attributes on %s, ignoring: %m", temporary_image_path
);
2170 r
= home_truncate(h
, image_fd
, temporary_image_path
, host_size
);
2174 log_info("Allocating image file completed.");
2177 r
= make_partition_table(
2179 user_record_user_name_and_realm(h
),
2187 log_info("Writing of partition table completed.");
2189 r
= loop_device_make(image_fd
, O_RDWR
, partition_offset
, partition_size
, 0, &loop
);
2191 if (r
== -ENOENT
) { /* this means /dev/loop-control doesn't exist, i.e. we are in a container
2192 * or similar and loopback bock devices are not available, return a
2193 * recognizable error in this case. */
2194 log_error_errno(r
, "Loopback block device support is not available on this system.");
2199 log_error_errno(r
, "Failed to set up loopback device for %s: %m", temporary_image_path
);
2203 r
= loop_device_flock(loop
, LOCK_EX
); /* make sure udev won't read before we are done */
2205 log_error_errno(r
, "Failed to take lock on loop device: %m");
2209 log_info("Setting up loopback device %s completed.", loop
->node
?: ip
);
2211 r
= luks_format(loop
->node
,
2214 user_record_user_name_and_realm(h
),
2216 effective_passwords
,
2217 user_record_luks_discard(h
) || user_record_luks_offline_discard(h
),
2223 dm_activated
= true;
2225 r
= block_get_size_by_path(dm_node
, &encrypted_size
);
2227 log_error_errno(r
, "Failed to get encrypted block device size: %m");
2231 log_info("Setting up LUKS device %s completed.", dm_node
);
2233 r
= make_filesystem(dm_node
, fstype
, user_record_user_name_and_realm(h
), fs_uuid
, user_record_luks_discard(h
));
2237 log_info("Formatting file system completed.");
2239 r
= home_unshare_and_mount(dm_node
, fstype
, user_record_luks_discard(h
), user_record_mount_flags(h
));
2245 subdir
= path_join("/run/systemd/user-home-mount/", user_record_user_name_and_realm(h
));
2251 /* Prefer using a btrfs subvolume if we can, fall back to directory otherwise */
2252 r
= btrfs_subvol_make_fallback(subdir
, 0700);
2254 log_error_errno(r
, "Failed to create user directory in mounted image file: %m");
2258 root_fd
= open(subdir
, O_RDONLY
|O_CLOEXEC
|O_DIRECTORY
|O_NOFOLLOW
);
2260 r
= log_error_errno(errno
, "Failed to open user directory in mounted image file: %m");
2264 r
= home_populate(h
, root_fd
);
2268 r
= home_sync_and_statfs(root_fd
, &sfs
);
2272 r
= user_record_clone(h
, USER_RECORD_LOAD_MASK_SECRET
|USER_RECORD_LOG
|USER_RECORD_PERMISSIVE
, &new_home
);
2274 log_error_errno(r
, "Failed to clone record: %m");
2278 r
= user_record_add_binding(
2281 disk_uuid_path
?: ip
,
2285 sym_crypt_get_cipher(cd
),
2286 sym_crypt_get_cipher_mode(cd
),
2287 luks_volume_key_size_convert(cd
),
2293 log_error_errno(r
, "Failed to add binding to record: %m");
2297 if (user_record_luks_offline_discard(h
)) {
2298 r
= run_fitrim(root_fd
);
2303 root_fd
= safe_close(root_fd
);
2305 r
= umount_verbose(LOG_ERR
, "/run/systemd/user-home-mount", UMOUNT_NOFOLLOW
);
2311 r
= sym_crypt_deactivate_by_name(cd
, dm_name
, 0);
2313 log_error_errno(r
, "Failed to deactivate LUKS device: %m");
2320 dm_activated
= false;
2322 loop
= loop_device_unref(loop
);
2324 if (!user_record_luks_offline_discard(h
)) {
2325 r
= run_fallocate(image_fd
, NULL
/* refresh stat() data */);
2330 /* Sync everything to disk before we move things into place under the final name. */
2331 if (fsync(image_fd
) < 0) {
2332 r
= log_error_errno(r
, "Failed to synchronize image to disk: %m");
2337 (void) ioctl(image_fd
, BLKRRPART
, 0);
2339 /* If we operate on a file, sync the containing directory too. */
2340 r
= fsync_directory_of_file(image_fd
);
2342 log_error_errno(r
, "Failed to synchronize directory of image file to disk: %m");
2347 /* Let's close the image fd now. If we are operating on a real block device this will release the BSD
2348 * lock that ensures udev doesn't interfere with what we are doing */
2349 image_fd
= safe_close(image_fd
);
2351 if (temporary_image_path
) {
2352 if (rename(temporary_image_path
, ip
) < 0) {
2353 log_error_errno(errno
, "Failed to rename image file: %m");
2357 log_info("Moved image file into place.");
2361 (void) wait_for_devlink(disk_uuid_path
);
2363 log_info("Everything completed.");
2365 print_size_summary(host_size
, encrypted_size
, &sfs
);
2367 *ret_home
= TAKE_PTR(new_home
);
2371 /* Let's close all files before we unmount the file system, to avoid EBUSY */
2372 root_fd
= safe_close(root_fd
);
2375 (void) umount_verbose(LOG_WARNING
, "/run/systemd/user-home-mount", UMOUNT_NOFOLLOW
);
2378 (void) sym_crypt_deactivate_by_name(cd
, dm_name
, 0);
2380 loop
= loop_device_unref(loop
);
2383 (void) unlink(temporary_image_path
);
2388 int home_get_state_luks(UserRecord
*h
, HomeSetup
*setup
) {
2389 _cleanup_free_
char *dm_name
= NULL
, *dm_node
= NULL
;
2395 r
= make_dm_names(h
->user_name
, &dm_name
, &dm_node
);
2399 r
= access(dm_node
, F_OK
);
2400 if (r
< 0 && errno
!= ENOENT
)
2401 return log_error_errno(errno
, "Failed to determine whether %s exists: %m", dm_node
);
2403 free_and_replace(setup
->dm_name
, dm_name
);
2404 free_and_replace(setup
->dm_node
, dm_node
);
2414 static int can_resize_fs(int fd
, uint64_t old_size
, uint64_t new_size
) {
2419 /* Filter out bogus requests early */
2420 if (old_size
== 0 || old_size
== UINT64_MAX
||
2421 new_size
== 0 || new_size
== UINT64_MAX
)
2422 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Invalid resize parameters.");
2424 if ((old_size
& 511) != 0 || (new_size
& 511) != 0)
2425 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Resize parameters not multiple of 512.");
2427 if (fstatfs(fd
, &sfs
) < 0)
2428 return log_error_errno(errno
, "Failed to fstatfs() file system: %m");
2430 if (is_fs_type(&sfs
, BTRFS_SUPER_MAGIC
)) {
2432 if (new_size
< BTRFS_MINIMAL_SIZE
)
2433 return log_error_errno(SYNTHETIC_ERRNO(ERANGE
), "New file system size too small for btrfs (needs to be 256M at least.");
2435 /* btrfs can grow and shrink online */
2437 } else if (is_fs_type(&sfs
, XFS_SB_MAGIC
)) {
2439 if (new_size
< XFS_MINIMAL_SIZE
)
2440 return log_error_errno(SYNTHETIC_ERRNO(ERANGE
), "New file system size too small for xfs (needs to be 14M at least).");
2442 /* XFS can grow, but not shrink */
2443 if (new_size
< old_size
)
2444 return log_error_errno(SYNTHETIC_ERRNO(EMSGSIZE
), "Shrinking this type of file system is not supported.");
2446 } else if (is_fs_type(&sfs
, EXT4_SUPER_MAGIC
)) {
2448 if (new_size
< EXT4_MINIMAL_SIZE
)
2449 return log_error_errno(SYNTHETIC_ERRNO(ERANGE
), "New file system size too small for ext4 (needs to be 1M at least).");
2451 /* ext4 can grow online, and shrink offline */
2452 if (new_size
< old_size
)
2453 return CAN_RESIZE_OFFLINE
;
2456 return log_error_errno(SYNTHETIC_ERRNO(ESOCKTNOSUPPORT
), "Resizing this type of file system is not supported.");
2458 return CAN_RESIZE_ONLINE
;
2461 static int ext4_offline_resize_fs(HomeSetup
*setup
, uint64_t new_size
, bool discard
, unsigned long flags
) {
2462 _cleanup_free_
char *size_str
= NULL
;
2463 bool re_open
= false, re_mount
= false;
2464 pid_t resize_pid
, fsck_pid
;
2468 assert(setup
->dm_node
);
2470 /* First, unmount the file system */
2471 if (setup
->root_fd
>= 0) {
2472 setup
->root_fd
= safe_close(setup
->root_fd
);
2476 if (setup
->undo_mount
) {
2477 r
= umount_verbose(LOG_ERR
, "/run/systemd/user-home-mount", UMOUNT_NOFOLLOW
);
2481 setup
->undo_mount
= false;
2485 log_info("Temporary unmounting of file system completed.");
2487 /* resize2fs requires that the file system is force checked first, do so. */
2488 r
= safe_fork("(e2fsck)",
2489 FORK_RESET_SIGNALS
|FORK_RLIMIT_NOFILE_SAFE
|FORK_DEATHSIG
|FORK_LOG
|FORK_STDOUT_TO_STDERR
|FORK_CLOSE_ALL_FDS
,
2495 execlp("e2fsck" ,"e2fsck", "-fp", setup
->dm_node
, NULL
);
2497 log_error_errno(errno
, "Failed to execute e2fsck: %m");
2498 _exit(EXIT_FAILURE
);
2501 exit_status
= wait_for_terminate_and_check("e2fsck", fsck_pid
, WAIT_LOG_ABNORMAL
);
2502 if (exit_status
< 0)
2504 if ((exit_status
& ~FSCK_ERROR_CORRECTED
) != 0) {
2505 log_warning("e2fsck failed with exit status %i.", exit_status
);
2507 if ((exit_status
& (FSCK_SYSTEM_SHOULD_REBOOT
|FSCK_ERRORS_LEFT_UNCORRECTED
)) != 0)
2508 return log_error_errno(SYNTHETIC_ERRNO(EIO
), "File system is corrupted, refusing.");
2510 log_warning("Ignoring fsck error.");
2513 log_info("Forced file system check completed.");
2515 /* We use 512 sectors here, because resize2fs doesn't do byte sizes */
2516 if (asprintf(&size_str
, "%" PRIu64
"s", new_size
/ 512) < 0)
2519 /* Resize the thing */
2520 r
= safe_fork("(e2resize)",
2521 FORK_RESET_SIGNALS
|FORK_RLIMIT_NOFILE_SAFE
|FORK_DEATHSIG
|FORK_LOG
|FORK_WAIT
|FORK_STDOUT_TO_STDERR
|FORK_CLOSE_ALL_FDS
,
2527 execlp("resize2fs" ,"resize2fs", setup
->dm_node
, size_str
, NULL
);
2529 log_error_errno(errno
, "Failed to execute resize2fs: %m");
2530 _exit(EXIT_FAILURE
);
2533 log_info("Offline file system resize completed.");
2535 /* Re-establish mounts and reopen the directory */
2537 r
= home_mount_node(setup
->dm_node
, "ext4", discard
, flags
);
2541 setup
->undo_mount
= true;
2545 setup
->root_fd
= open("/run/systemd/user-home-mount", O_RDONLY
|O_CLOEXEC
|O_DIRECTORY
|O_NOFOLLOW
);
2546 if (setup
->root_fd
< 0)
2547 return log_error_errno(errno
, "Failed to reopen file system: %m");
2550 log_info("File system mounted again.");
2555 static int prepare_resize_partition(
2557 uint64_t partition_offset
,
2558 uint64_t old_partition_size
,
2559 uint64_t new_partition_size
,
2560 sd_id128_t
*ret_disk_uuid
,
2561 struct fdisk_table
**ret_table
) {
2563 _cleanup_(fdisk_unref_contextp
) struct fdisk_context
*c
= NULL
;
2564 _cleanup_(fdisk_unref_tablep
) struct fdisk_table
*t
= NULL
;
2565 _cleanup_free_
char *path
= NULL
, *disk_uuid_as_string
= NULL
;
2566 size_t n_partitions
;
2567 sd_id128_t disk_uuid
;
2572 assert(ret_disk_uuid
);
2575 assert((partition_offset
& 511) == 0);
2576 assert((old_partition_size
& 511) == 0);
2577 assert((new_partition_size
& 511) == 0);
2578 assert(UINT64_MAX
- old_partition_size
>= partition_offset
);
2579 assert(UINT64_MAX
- new_partition_size
>= partition_offset
);
2581 if (partition_offset
== 0) {
2582 /* If the offset is at the beginning we assume no partition table, let's exit early. */
2583 log_debug("Not rewriting partition table, operating on naked device.");
2584 *ret_disk_uuid
= SD_ID128_NULL
;
2589 c
= fdisk_new_context();
2593 if (asprintf(&path
, "/proc/self/fd/%i", fd
) < 0)
2596 r
= fdisk_assign_device(c
, path
, 0);
2598 return log_error_errno(r
, "Failed to open device: %m");
2600 if (!fdisk_is_labeltype(c
, FDISK_DISKLABEL_GPT
))
2601 return log_error_errno(SYNTHETIC_ERRNO(ENOMEDIUM
), "Disk has no GPT partition table.");
2603 r
= fdisk_get_disklabel_id(c
, &disk_uuid_as_string
);
2605 return log_error_errno(r
, "Failed to acquire disk UUID: %m");
2607 r
= sd_id128_from_string(disk_uuid_as_string
, &disk_uuid
);
2609 return log_error_errno(r
, "Failed parse disk UUID: %m");
2611 r
= fdisk_get_partitions(c
, &t
);
2613 return log_error_errno(r
, "Failed to acquire partition table: %m");
2615 n_partitions
= fdisk_table_get_nents(t
);
2616 for (size_t i
= 0; i
< n_partitions
; i
++) {
2617 struct fdisk_partition
*p
;
2619 p
= fdisk_table_get_partition(t
, i
);
2621 return log_error_errno(SYNTHETIC_ERRNO(EIO
), "Failed to read partition metadata: %m");
2623 if (fdisk_partition_is_used(p
) <= 0)
2625 if (fdisk_partition_has_start(p
) <= 0 || fdisk_partition_has_size(p
) <= 0 || fdisk_partition_has_end(p
) <= 0)
2626 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Found partition without a size.");
2628 if (fdisk_partition_get_start(p
) == partition_offset
/ 512U &&
2629 fdisk_partition_get_size(p
) == old_partition_size
/ 512U) {
2632 return log_error_errno(SYNTHETIC_ERRNO(ENOTUNIQ
), "Partition found twice, refusing.");
2634 /* Found our partition, now patch it */
2635 r
= fdisk_partition_size_explicit(p
, 1);
2637 return log_error_errno(r
, "Failed to enable explicit partition size: %m");
2639 r
= fdisk_partition_set_size(p
, new_partition_size
/ 512U);
2641 return log_error_errno(r
, "Failed to change partition size: %m");
2647 if (fdisk_partition_get_start(p
) < partition_offset
+ new_partition_size
/ 512U &&
2648 fdisk_partition_get_end(p
) >= partition_offset
/ 512)
2649 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Can't extend, conflicting partition found.");
2654 return log_error_errno(SYNTHETIC_ERRNO(ENOPKG
), "Failed to find matching partition to resize.");
2656 *ret_table
= TAKE_PTR(t
);
2657 *ret_disk_uuid
= disk_uuid
;
2662 static int ask_cb(struct fdisk_context
*c
, struct fdisk_ask
*ask
, void *userdata
) {
2667 switch (fdisk_ask_get_type(ask
)) {
2669 case FDISK_ASKTYPE_STRING
:
2670 result
= new(char, 37);
2674 fdisk_ask_string_set_result(ask
, id128_to_uuid_string(*(sd_id128_t
*) userdata
, result
));
2678 log_debug("Unexpected question from libfdisk, ignoring.");
2684 static int apply_resize_partition(int fd
, sd_id128_t disk_uuids
, struct fdisk_table
*t
) {
2685 _cleanup_(fdisk_unref_contextp
) struct fdisk_context
*c
= NULL
;
2686 _cleanup_free_
void *two_zero_lbas
= NULL
;
2687 _cleanup_free_
char *path
= NULL
;
2693 if (!t
) /* no partition table to apply, exit early */
2696 two_zero_lbas
= malloc0(1024U);
2700 /* libfdisk appears to get confused by the existing PMBR. Let's explicitly flush it out. */
2701 n
= pwrite(fd
, two_zero_lbas
, 1024U, 0);
2703 return log_error_errno(errno
, "Failed to wipe partition table: %m");
2705 return log_error_errno(SYNTHETIC_ERRNO(EIO
), "Short write while wiping partition table.");
2707 c
= fdisk_new_context();
2711 if (asprintf(&path
, "/proc/self/fd/%i", fd
) < 0)
2714 r
= fdisk_assign_device(c
, path
, 0);
2716 return log_error_errno(r
, "Failed to open device: %m");
2718 r
= fdisk_create_disklabel(c
, "gpt");
2720 return log_error_errno(r
, "Failed to create GPT disk label: %m");
2722 r
= fdisk_apply_table(c
, t
);
2724 return log_error_errno(r
, "Failed to apply partition table: %m");
2726 r
= fdisk_set_ask(c
, ask_cb
, &disk_uuids
);
2728 return log_error_errno(r
, "Failed to set libfdisk query function: %m");
2730 r
= fdisk_set_disklabel_id(c
);
2732 return log_error_errno(r
, "Failed to change disklabel ID: %m");
2734 r
= fdisk_write_disklabel(c
);
2736 return log_error_errno(r
, "Failed to write disk label: %m");
2741 int home_resize_luks(
2743 HomeSetupFlags flags
,
2744 PasswordCache
*cache
,
2746 UserRecord
**ret_home
) {
2748 uint64_t old_image_size
, new_image_size
, old_fs_size
, new_fs_size
, crypto_offset
, new_partition_size
;
2749 _cleanup_(user_record_unrefp
) UserRecord
*header_home
= NULL
, *embedded_home
= NULL
, *new_home
= NULL
;
2750 _cleanup_(fdisk_unref_tablep
) struct fdisk_table
*table
= NULL
;
2751 _cleanup_close_
int opened_image_fd
= -1;
2752 _cleanup_free_
char *whole_disk
= NULL
;
2753 int r
, resize_type
, image_fd
= -1;
2754 sd_id128_t disk_uuid
;
2755 const char *ip
, *ipo
;
2760 assert(user_record_storage(h
) == USER_LUKS
);
2764 r
= dlopen_cryptsetup();
2768 assert_se(ipo
= user_record_image_path(h
));
2769 ip
= strdupa_safe(ipo
); /* copy out since original might change later in home record object */
2771 if (setup
->image_fd
< 0) {
2772 setup
->image_fd
= open_image_file(h
, NULL
, &st
);
2773 if (setup
->image_fd
< 0)
2774 return setup
->image_fd
;
2776 if (fstat(setup
->image_fd
, &st
) < 0)
2777 return log_error_errno(errno
, "Failed to stat image file %s: %m", ip
);
2780 image_fd
= setup
->image_fd
;
2782 if (S_ISBLK(st
.st_mode
)) {
2785 r
= block_get_whole_disk(st
.st_rdev
, &parent
);
2787 return log_error_errno(r
, "Failed to acquire whole block device for %s: %m", ip
);
2789 /* If we shall resize a file system on a partition device, then let's figure out the
2790 * whole disk device and operate on that instead, since we need to rewrite the
2791 * partition table to resize the partition. */
2793 log_info("Operating on partition device %s, using parent device.", ip
);
2795 r
= device_path_make_major_minor(st
.st_mode
, parent
, &whole_disk
);
2797 return log_error_errno(r
, "Failed to derive whole disk path for %s: %m", ip
);
2799 opened_image_fd
= open(whole_disk
, O_RDWR
|O_CLOEXEC
|O_NOCTTY
|O_NONBLOCK
);
2800 if (opened_image_fd
< 0)
2801 return log_error_errno(errno
, "Failed to open whole block device %s: %m", whole_disk
);
2803 image_fd
= opened_image_fd
;
2805 if (fstat(image_fd
, &st
) < 0)
2806 return log_error_errno(errno
, "Failed to stat whole block device %s: %m", whole_disk
);
2807 if (!S_ISBLK(st
.st_mode
))
2808 return log_error_errno(SYNTHETIC_ERRNO(ENOTBLK
), "Whole block device %s is not actually a block device, refusing.", whole_disk
);
2810 log_info("Operating on whole block device %s.", ip
);
2812 if (ioctl(image_fd
, BLKGETSIZE64
, &old_image_size
) < 0)
2813 return log_error_errno(errno
, "Failed to determine size of original block device: %m");
2815 if (flock(image_fd
, LOCK_EX
) < 0) /* make sure udev doesn't read from it while we operate on the device */
2816 return log_error_errno(errno
, "Failed to lock block device %s: %m", ip
);
2818 new_image_size
= old_image_size
; /* we can't resize physical block devices */
2820 uint64_t new_image_size_rounded
;
2822 r
= stat_verify_regular(&st
);
2824 return log_error_errno(r
, "Image %s is not a block device nor regular file: %m", ip
);
2826 old_image_size
= st
.st_size
;
2828 /* Note an asymetry here: when we operate on loopback files the specified disk size we get we
2829 * apply onto the loopback file as a whole. When we operate on block devices we instead apply
2830 * to the partition itself only. */
2832 new_image_size_rounded
= DISK_SIZE_ROUND_DOWN(h
->disk_size
);
2834 if (old_image_size
== h
->disk_size
||
2835 old_image_size
== new_image_size_rounded
) {
2836 /* If exact match, or a match after we rounded down, don't do a thing */
2837 log_info("Image size already matching, skipping operation.");
2841 new_image_size
= new_image_size_rounded
;
2844 r
= home_setup_luks(h
, flags
, whole_disk
, cache
, setup
, &header_home
);
2848 r
= home_load_embedded_identity(h
, setup
->root_fd
, header_home
, USER_RECONCILE_REQUIRE_NEWER_OR_EQUAL
, cache
, &embedded_home
, &new_home
);
2852 log_info("offset = %" PRIu64
", size = %" PRIu64
", image = %" PRIu64
, setup
->partition_offset
, setup
->partition_size
, old_image_size
);
2854 if ((UINT64_MAX
- setup
->partition_offset
) < setup
->partition_size
||
2855 setup
->partition_offset
+ setup
->partition_size
> old_image_size
)
2856 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Old partition doesn't fit in backing storage, refusing.");
2858 if (S_ISREG(st
.st_mode
)) {
2859 uint64_t partition_table_extra
;
2861 partition_table_extra
= old_image_size
- setup
->partition_size
;
2862 if (new_image_size
<= partition_table_extra
)
2863 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "New size smaller than partition table metadata.");
2865 new_partition_size
= DISK_SIZE_ROUND_DOWN(new_image_size
- partition_table_extra
);
2867 uint64_t new_partition_size_rounded
;
2869 assert(S_ISBLK(st
.st_mode
));
2871 new_partition_size_rounded
= DISK_SIZE_ROUND_DOWN(h
->disk_size
);
2873 if (h
->disk_size
== setup
->partition_size
||
2874 new_partition_size_rounded
== setup
->partition_size
) {
2875 log_info("Partition size already matching, skipping operation.");
2879 new_partition_size
= new_partition_size_rounded
;
2882 if ((UINT64_MAX
- setup
->partition_offset
) < new_partition_size
||
2883 setup
->partition_offset
+ new_partition_size
> new_image_size
)
2884 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "New partition doesn't fit into backing storage, refusing.");
2886 crypto_offset
= sym_crypt_get_data_offset(setup
->crypt_device
);
2887 if (setup
->partition_size
/ 512U <= crypto_offset
)
2888 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Weird, old crypto payload offset doesn't actually fit in partition size?");
2889 if (new_partition_size
/ 512U <= crypto_offset
)
2890 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "New size smaller than crypto payload offset?");
2892 old_fs_size
= (setup
->partition_size
/ 512U - crypto_offset
) * 512U;
2893 new_fs_size
= DISK_SIZE_ROUND_DOWN((new_partition_size
/ 512U - crypto_offset
) * 512U);
2895 /* Before we start doing anything, let's figure out if we actually can */
2896 resize_type
= can_resize_fs(setup
->root_fd
, old_fs_size
, new_fs_size
);
2897 if (resize_type
< 0)
2899 if (resize_type
== CAN_RESIZE_OFFLINE
&& FLAGS_SET(flags
, HOME_SETUP_ALREADY_ACTIVATED
))
2900 return log_error_errno(SYNTHETIC_ERRNO(ETXTBSY
), "File systems of this type can only be resized offline, but is currently online.");
2902 log_info("Ready to resize image size %s → %s, partition size %s → %s, file system size %s → %s.",
2903 FORMAT_BYTES(old_image_size
),
2904 FORMAT_BYTES(new_image_size
),
2905 FORMAT_BYTES(setup
->partition_size
),
2906 FORMAT_BYTES(new_partition_size
),
2907 FORMAT_BYTES(old_fs_size
),
2908 FORMAT_BYTES(new_fs_size
));
2910 r
= prepare_resize_partition(
2912 setup
->partition_offset
,
2913 setup
->partition_size
,
2920 if (new_fs_size
> old_fs_size
) {
2922 if (S_ISREG(st
.st_mode
)) {
2923 /* Grow file size */
2924 r
= home_truncate(h
, image_fd
, ip
, new_image_size
);
2928 log_info("Growing of image file completed.");
2931 /* Make sure loopback device sees the new bigger size */
2932 r
= loop_device_refresh_size(setup
->loop
, UINT64_MAX
, new_partition_size
);
2934 log_debug_errno(r
, "Device is not a loopback device, not refreshing size.");
2936 return log_error_errno(r
, "Failed to refresh loopback device size: %m");
2938 log_info("Refreshing loop device size completed.");
2940 r
= apply_resize_partition(image_fd
, disk_uuid
, table
);
2944 log_info("Growing of partition completed.");
2946 if (S_ISBLK(st
.st_mode
) && ioctl(image_fd
, BLKRRPART
, 0) < 0)
2947 log_debug_errno(errno
, "BLKRRPART failed on block device, ignoring: %m");
2949 /* Tell LUKS about the new bigger size too */
2950 r
= sym_crypt_resize(setup
->crypt_device
, setup
->dm_name
, new_fs_size
/ 512U);
2952 return log_error_errno(r
, "Failed to grow LUKS device: %m");
2954 log_info("LUKS device growing completed.");
2956 r
= home_store_embedded_identity(new_home
, setup
->root_fd
, h
->uid
, embedded_home
);
2960 if (S_ISREG(st
.st_mode
)) {
2961 if (user_record_luks_discard(h
))
2962 /* Before we shrink, let's trim the file system, so that we need less space on disk during the shrinking */
2963 (void) run_fitrim(setup
->root_fd
);
2965 /* If discard is off, let's ensure all backing blocks are allocated, so that our resize operation doesn't fail half-way */
2966 r
= run_fallocate(image_fd
, &st
);
2973 /* Now resize the file system */
2974 if (resize_type
== CAN_RESIZE_ONLINE
) {
2975 r
= resize_fs(setup
->root_fd
, new_fs_size
, NULL
);
2977 return log_error_errno(r
, "Failed to resize file system: %m");
2979 r
= ext4_offline_resize_fs(setup
, new_fs_size
, user_record_luks_discard(h
), user_record_mount_flags(h
));
2984 log_info("File system resizing completed.");
2986 /* Immediately sync afterwards */
2987 r
= home_sync_and_statfs(setup
->root_fd
, NULL
);
2991 if (new_fs_size
< old_fs_size
) {
2993 /* Shrink the LUKS device now, matching the new file system size */
2994 r
= sym_crypt_resize(setup
->crypt_device
, setup
->dm_name
, new_fs_size
/ 512);
2996 return log_error_errno(r
, "Failed to shrink LUKS device: %m");
2998 log_info("LUKS device shrinking completed.");
3000 if (S_ISREG(st
.st_mode
)) {
3001 /* Shrink the image file */
3002 if (ftruncate(image_fd
, new_image_size
) < 0)
3003 return log_error_errno(errno
, "Failed to shrink image file %s: %m", ip
);
3005 log_info("Shrinking of image file completed.");
3008 /* Refresh the loop devices size */
3009 r
= loop_device_refresh_size(setup
->loop
, UINT64_MAX
, new_partition_size
);
3011 log_debug_errno(r
, "Device is not a loopback device, not refreshing size.");
3013 return log_error_errno(r
, "Failed to refresh loopback device size: %m");
3015 log_info("Refreshing loop device size completed.");
3017 r
= apply_resize_partition(image_fd
, disk_uuid
, table
);
3021 log_info("Shrinking of partition completed.");
3023 if (S_ISBLK(st
.st_mode
) && ioctl(image_fd
, BLKRRPART
, 0) < 0)
3024 log_debug_errno(errno
, "BLKRRPART failed on block device, ignoring: %m");
3026 r
= home_store_embedded_identity(new_home
, setup
->root_fd
, h
->uid
, embedded_home
);
3031 r
= home_store_header_identity_luks(new_home
, setup
, header_home
);
3035 r
= home_extend_embedded_identity(new_home
, h
, setup
);
3039 if (user_record_luks_discard(h
))
3040 (void) run_fitrim(setup
->root_fd
);
3042 r
= home_sync_and_statfs(setup
->root_fd
, &sfs
);
3046 r
= home_setup_done(setup
);
3050 log_info("Everything completed.");
3052 print_size_summary(new_image_size
, new_fs_size
, &sfs
);
3054 *ret_home
= TAKE_PTR(new_home
);
3058 int home_passwd_luks(
3061 const PasswordCache
*cache
, /* the passwords acquired via PKCS#11/FIDO2 security tokens */
3062 char **effective_passwords
/* new passwords */) {
3064 size_t volume_key_size
, max_key_slots
, n_effective
;
3065 _cleanup_(erase_and_freep
) void *volume_key
= NULL
;
3066 struct crypt_pbkdf_type good_pbkdf
, minimal_pbkdf
;
3072 assert(user_record_storage(h
) == USER_LUKS
);
3075 r
= dlopen_cryptsetup();
3079 type
= sym_crypt_get_type(setup
->crypt_device
);
3081 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to determine crypto device type.");
3083 r
= sym_crypt_keyslot_max(type
);
3085 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to determine number of key slots.");
3088 r
= sym_crypt_get_volume_key_size(setup
->crypt_device
);
3090 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to determine volume key size.");
3091 volume_key_size
= (size_t) r
;
3093 volume_key
= malloc(volume_key_size
);
3098 FOREACH_POINTER(list
,
3099 cache
? cache
->pkcs11_passwords
: NULL
,
3100 cache
? cache
->fido2_passwords
: NULL
,
3103 r
= luks_try_passwords(setup
->crypt_device
, list
, volume_key
, &volume_key_size
);
3108 return log_error_errno(SYNTHETIC_ERRNO(ENOKEY
), "Failed to unlock LUKS superblock with supplied passwords.");
3110 return log_error_errno(r
, "Failed to unlocks LUKS superblock: %m");
3112 n_effective
= strv_length(effective_passwords
);
3114 build_good_pbkdf(&good_pbkdf
, h
);
3115 build_minimal_pbkdf(&minimal_pbkdf
, h
);
3117 for (size_t i
= 0; i
< max_key_slots
; i
++) {
3118 r
= sym_crypt_keyslot_destroy(setup
->crypt_device
, i
);
3119 if (r
< 0 && !IN_SET(r
, -ENOENT
, -EINVAL
)) /* Returns EINVAL or ENOENT if there's no key in this slot already */
3120 return log_error_errno(r
, "Failed to destroy LUKS password: %m");
3122 if (i
>= n_effective
) {
3124 log_info("Destroyed LUKS key slot %zu.", i
);
3128 if (password_cache_contains(cache
, effective_passwords
[i
])) { /* Is this a FIDO2 or PKCS#11 password? */
3129 log_debug("Using minimal PBKDF for slot %zu", i
);
3130 r
= sym_crypt_set_pbkdf_type(setup
->crypt_device
, &minimal_pbkdf
);
3132 log_debug("Using good PBKDF for slot %zu", i
);
3133 r
= sym_crypt_set_pbkdf_type(setup
->crypt_device
, &good_pbkdf
);
3136 return log_error_errno(r
, "Failed to tweak PBKDF for slot %zu: %m", i
);
3138 r
= sym_crypt_keyslot_add_by_volume_key(
3139 setup
->crypt_device
,
3143 effective_passwords
[i
],
3144 strlen(effective_passwords
[i
]));
3146 return log_error_errno(r
, "Failed to set up LUKS password: %m");
3148 log_info("Updated LUKS key slot %zu.", i
);
3154 int home_lock_luks(UserRecord
*h
) {
3155 _cleanup_(sym_crypt_freep
) struct crypt_device
*cd
= NULL
;
3156 _cleanup_free_
char *dm_name
= NULL
, *dm_node
= NULL
;
3157 _cleanup_close_
int root_fd
= -1;
3163 assert_se(p
= user_record_home_directory(h
));
3164 root_fd
= open(p
, O_RDONLY
|O_CLOEXEC
|O_DIRECTORY
|O_NOFOLLOW
);
3166 return log_error_errno(errno
, "Failed to open home directory: %m");
3168 r
= make_dm_names(h
->user_name
, &dm_name
, &dm_node
);
3172 r
= dlopen_cryptsetup();
3176 r
= sym_crypt_init_by_name(&cd
, dm_name
);
3178 return log_error_errno(r
, "Failed to initialize cryptsetup context for %s: %m", dm_name
);
3180 log_info("Discovered used LUKS device %s.", dm_node
);
3181 cryptsetup_enable_logging(cd
);
3183 if (syncfs(root_fd
) < 0) /* Snake oil, but let's better be safe than sorry */
3184 return log_error_errno(errno
, "Failed to synchronize file system %s: %m", p
);
3186 root_fd
= safe_close(root_fd
);
3188 log_info("File system synchronized.");
3190 /* Note that we don't invoke FIFREEZE here, it appears libcryptsetup/device-mapper already does that on its own for us */
3192 r
= sym_crypt_suspend(cd
, dm_name
);
3194 return log_error_errno(r
, "Failed to suspend cryptsetup device: %s: %m", dm_node
);
3196 log_info("LUKS device suspended.");
3200 static int luks_try_resume(
3201 struct crypt_device
*cd
,
3202 const char *dm_name
,
3211 STRV_FOREACH(pp
, password
) {
3212 r
= sym_crypt_resume_by_passphrase(
3219 log_info("Resumed LUKS device %s.", dm_name
);
3223 log_debug_errno(r
, "Password %zu didn't work for resuming device: %m", (size_t) (pp
- password
));
3229 int home_unlock_luks(UserRecord
*h
, const PasswordCache
*cache
) {
3230 _cleanup_free_
char *dm_name
= NULL
, *dm_node
= NULL
;
3231 _cleanup_(sym_crypt_freep
) struct crypt_device
*cd
= NULL
;
3237 r
= make_dm_names(h
->user_name
, &dm_name
, &dm_node
);
3241 r
= dlopen_cryptsetup();
3245 r
= sym_crypt_init_by_name(&cd
, dm_name
);
3247 return log_error_errno(r
, "Failed to initialize cryptsetup context for %s: %m", dm_name
);
3249 log_info("Discovered used LUKS device %s.", dm_node
);
3250 cryptsetup_enable_logging(cd
);
3253 FOREACH_POINTER(list
,
3254 cache
? cache
->pkcs11_passwords
: NULL
,
3255 cache
? cache
->fido2_passwords
: NULL
,
3257 r
= luks_try_resume(cd
, dm_name
, list
);
3262 return log_error_errno(r
, "No valid password for LUKS superblock.");
3264 return log_error_errno(r
, "Failed to resume LUKS superblock: %m");
3266 log_info("LUKS device resumed.");