From: Lennart Poettering Date: Thu, 21 Oct 2021 11:46:01 +0000 (+0200) Subject: homework: make sure fscrypt backend takes a HomeSetup object for all calls X-Git-Tag: v250-rc1~397^2~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=655807f572def087d230e22659ccd9a45cccf77b;p=thirdparty%2Fsystemd.git homework: make sure fscrypt backend takes a HomeSetup object for all calls Similar to the same chage we did for the directory backend. Let's always path the setup context object, i.e. HomeSetup, and store whatever we set up in there. No actual change in behaviour. --- diff --git a/src/home/homework-fscrypt.c b/src/home/homework-fscrypt.c index 899d4e10c6c..77185c9c747 100644 --- a/src/home/homework-fscrypt.c +++ b/src/home/homework-fscrypt.c @@ -456,6 +456,7 @@ finish: int home_create_fscrypt( UserRecord *h, + HomeSetup *setup, char **effective_passwords, UserRecord **ret_home) { @@ -464,7 +465,6 @@ int home_create_fscrypt( _cleanup_(erase_and_freep) void *volume_key = NULL; struct fscrypt_policy policy = {}; size_t volume_key_size = 512 / 8; - _cleanup_close_ int root_fd = -1; _cleanup_free_ char *d = NULL; uint32_t nr = 0; const char *ip; @@ -473,6 +473,7 @@ int home_create_fscrypt( assert(h); assert(user_record_storage(h) == USER_FSCRYPT); + assert(setup); assert(ret_home); assert_se(ip = user_record_image_path(h)); @@ -488,11 +489,11 @@ int home_create_fscrypt( temporary = TAKE_PTR(d); /* Needs to be destroyed now */ - root_fd = open(temporary, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW); - if (root_fd < 0) + setup->root_fd = open(temporary, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW); + if (setup->root_fd < 0) return log_error_errno(errno, "Failed to open temporary home directory: %m"); - if (ioctl(root_fd, FS_IOC_GET_ENCRYPTION_POLICY, &policy) < 0) { + if (ioctl(setup->root_fd, FS_IOC_GET_ENCRYPTION_POLICY, &policy) < 0) { if (ERRNO_IS_NOT_SUPPORTED(errno)) { log_error_errno(errno, "File system does not support fscrypt: %m"); return -ENOLINK; /* make recognizable */ @@ -526,13 +527,13 @@ int home_create_fscrypt( log_info("Uploaded volume key to kernel."); - if (ioctl(root_fd, FS_IOC_SET_ENCRYPTION_POLICY, &policy) < 0) + if (ioctl(setup->root_fd, FS_IOC_SET_ENCRYPTION_POLICY, &policy) < 0) return log_error_errno(errno, "Failed to set fscrypt policy on directory: %m"); log_info("Encryption policy set."); STRV_FOREACH(i, effective_passwords) { - r = fscrypt_slot_set(root_fd, volume_key, volume_key_size, *i, nr); + r = fscrypt_slot_set(setup->root_fd, volume_key, volume_key_size, *i, nr); if (r < 0) return r; @@ -541,11 +542,11 @@ int home_create_fscrypt( (void) home_update_quota_classic(h, temporary); - r = home_populate(h, root_fd); + r = home_populate(h, setup->root_fd); if (r < 0) return r; - r = home_sync_and_statfs(root_fd, NULL); + r = home_sync_and_statfs(setup->root_fd, NULL); if (r < 0) return r; diff --git a/src/home/homework-fscrypt.h b/src/home/homework-fscrypt.h index 736bcb9dcd9..e9262c6349a 100644 --- a/src/home/homework-fscrypt.h +++ b/src/home/homework-fscrypt.h @@ -5,6 +5,7 @@ #include "user-record.h" int home_setup_fscrypt(UserRecord *h, const PasswordCache *cache, HomeSetup *setup); -int home_create_fscrypt(UserRecord *h, char **effective_passwords, UserRecord **ret_home); + +int home_create_fscrypt(UserRecord *h, HomeSetup *setup, char **effective_passwords, UserRecord **ret_home); int home_passwd_fscrypt(UserRecord *h, HomeSetup *setup, const PasswordCache *cache, char **effective_passwords); diff --git a/src/home/homework.c b/src/home/homework.c index cfc0c945def..7d1ea481cea 100644 --- a/src/home/homework.c +++ b/src/home/homework.c @@ -1272,7 +1272,7 @@ static int home_create(UserRecord *h, UserRecord **ret_home) { break; case USER_FSCRYPT: - r = home_create_fscrypt(h, effective_passwords, &new_home); + r = home_create_fscrypt(h, &setup, effective_passwords, &new_home); break; case USER_CIFS: