RegisterHome(in s user_record);
UnregisterHome(in s user_name);
CreateHome(in s user_record);
+ CreateHomeEx(in s user_record,
+ in a{sh} blobs,
+ in t flags);
RealizeHome(in s user_name,
in s secret);
RemoveHome(in s user_name);
AuthenticateHome(in s user_name,
in s secret);
UpdateHome(in s user_record);
+ UpdateHomeEx(in s user_record,
+ in a{sh} blobs,
+ in t flags);
ResizeHome(in s user_name,
in t size,
in s secret);
<variablelist class="dbus-method" generated="True" extra-ref="CreateHome()"/>
+ <variablelist class="dbus-method" generated="True" extra-ref="CreateHomeEx()"/>
+
<variablelist class="dbus-method" generated="True" extra-ref="RealizeHome()"/>
<variablelist class="dbus-method" generated="True" extra-ref="RemoveHome()"/>
<variablelist class="dbus-method" generated="True" extra-ref="UpdateHome()"/>
+ <variablelist class="dbus-method" generated="True" extra-ref="UpdateHomeEx()"/>
+
<variablelist class="dbus-method" generated="True" extra-ref="ResizeHome()"/>
<variablelist class="dbus-method" generated="True" extra-ref="ChangePasswordHome()"/>
the user record locally and creates a home directory matching it, depending on the settings specified
in the record in combination with local configuration.</para>
+ <para><function>CreateHomeEx()</function> is like <function>CreateHome()</function>, but it allows the
+ home directory to be created with a pre-populated blob directory (see
+ <ulink url="https://systemd.io/USER_RECORD_BLOB_DIRS">User Record Blob Directories</ulink> for more info).
+ This can be done via the dictionary passed as the <varname>blobs</varname> argument to this method: the values
+ are open file descriptors to regular files, and the keys are the filenames that should contain their respective
+ file's data in the blob directory. Note that for security reasons, the file descriptors passed into this method
+ must have enough privileges to read their target file and thus cannot be <literal>O_PATH</literal>; this
+ is done to ensure the caller is actually permitted to read the file they are asking to publish in the
+ blob directories. If the user record passed as the first argument contains a <literal>blobManifest</literal>
+ field it will be enforced; otherwise, a <literal>blobManifest</literal> field will be generated and inserted
+ into the record. The <varname>flags</varname> argument may be used for future expansion, but for now
+ pass 0.</para>
+
<para><function>RealizeHome()</function> creates a home directory whose user record is already
registered locally. This takes a user name plus a user record consisting only of the
<literal>secret</literal> section. Invoking <function>RegisterHome()</function> followed by
as the storage resized using <function>ResizeHome()</function>. This method is equivalent to
<function>Update()</function> on the <classname>org.freedesktop.home1.Home</classname> interface.</para>
+ <para><function>UpdateHomeEx()</function> is like <function>UpdateHome()</function>, but it allows for
+ changes to the blob directory (see <ulink url="https://systemd.io/USER_RECORD_BLOB_DIRS">User Record Blob
+ Directories</ulink> for more info). The <varname>blobs</varname> argument works in the same way as
+ <function>CreateHomeEx()</function>, so check there for details. The new blob directory contents passed into
+ this method will completely replace the user's existing blob directory. The <varname>flags</varname> argument
+ may be used for future expansion, but for now pass 0. This method is equivalent to <function>UpdateEx()</function>
+ on the <classname>org.freedesktop.home1.Home</classname> interface.</para>
+
<para><function>ResizeHome()</function> resizes the storage associated with a user record. Takes a user
name, a disk size in bytes and a user record consisting only of the <literal>secret</literal> section
as argument. If the size is specified as <constant>UINT64_MAX</constant> the storage is resized to the
Fixate(in s secret);
Authenticate(in s secret);
Update(in s user_record);
+ UpdateEx(in s user_record,
+ in a{sh} blobs,
+ in t flags);
Resize(in t size,
in s secret);
ChangePassword(in s new_secret,
<variablelist class="dbus-method" generated="True" extra-ref="Update()"/>
+ <variablelist class="dbus-method" generated="True" extra-ref="UpdateEx()"/>
+
<variablelist class="dbus-method" generated="True" extra-ref="Resize()"/>
<variablelist class="dbus-method" generated="True" extra-ref="ChangePassword()"/>
<para><function>Activate()</function>, <function>ActivateIfReferenced()</function>,
<function>Deactivate()</function>, <function>Unregister()</function>, <function>Realize()</function>,
<function>Remove()</function>, <function>Fixate()</function>, <function>Authenticate()</function>,
- <function>Update()</function>, <function>Resize()</function>, <function>ChangePassword()</function>,
- <function>Lock()</function>, <function>Unlock()</function>, <function>Acquire()</function>,
- <function>Ref()</function>, <function>RefUnrestricted()</function>, <function>Release()</function>,
- <function>InhibitSuspend()</function> operate like their matching counterparts on the
- <classname>org.freedesktop.home1.Manager</classname> interface (see above). The main difference is that
+ <function>Update()</function>, <function>UpdateEx()</function>, <function>Resize()</function>,
+ <function>ChangePassword()</function>, <function>Lock()</function>, <function>Unlock()</function>,
+ <function>Acquire()</function>, <function>Ref()</function>, <function>RefUnrestricted()</function>,
+ <function>Release()</function>, <function>InhibitSuspend()</function> operate like their matching counterparts
+ on the <classname>org.freedesktop.home1.Manager</classname> interface (see above). The main difference is that
they are methods of the home directory objects, and hence carry no additional user name
parameter. Which of the two flavors of methods to call depends on the handles to the user known on the
client side: if only the user name is known, it's preferable to use the methods on the manager object
<title>History</title>
<refsect2>
<title>The Manager Object</title>
- <para><function>InhibitSuspendHome()</function>, <function>ActivateHomeIfReferenced()</function>, <function>RefHomeUnrestricted()</function> wer added in version 256.</para>
+ <para><function>InhibitSuspendHome()</function>, <function>ActivateHomeIfReferenced()</function>, <function>RefHomeUnrestricted()</function>,
+ <function>CreateHomeEx()</function>, and <function>UpdateHomeEx()</function> were added in version 256.</para>
</refsect2>
<refsect2>
<title>Home Objects</title>
- <para><function>InhibitSuspend()</function>, <function>ActivateIfReferenced()</function> and <function>RefUnrestricted()</function> were added in version 256.</para>
+ <para><function>InhibitSuspend()</function>, <function>ActivateIfReferenced()</function>, <function>RefUnrestricted()</function>, and
+ <function>UpdateEx()</function> were added in version 256.</para>
</refsect2>
</refsect1>
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include "dns-domain.h"
+#include "fd-util.h"
#include "home-util.h"
#include "libcrypt-util.h"
#include "memory-util.h"
#include "strv.h"
#include "user-util.h"
+DEFINE_HASH_OPS_FULL(blob_fd_hash_ops, char, path_hash_func, path_compare, free, void, close_fd_ptr);
+
bool suitable_user_name(const char *name) {
/* Checks whether the specified name is suitable for management via homed. Note that client-side
#include "sd-bus.h"
+#include "hash-funcs.h"
#include "time-util.h"
#include "user-record.h"
/* This should be 83% right now, i.e. 100 of (100 + 20). Let's protect us against accidental changes. */
assert_cc(USER_DISK_SIZE_DEFAULT_PERCENT == 83U);
+extern const struct hash_ops blob_fd_hash_ops;
+
bool suitable_user_name(const char *name);
int suitable_realm(const char *realm);
int suitable_image_path(const char *path);
/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#include "fd-util.h"
+#include "home-util.h"
#include "homed-bus.h"
+#include "missing_fcntl.h"
+#include "stat-util.h"
#include "strv.h"
int bus_message_read_secret(sd_bus_message *m, UserRecord **ret, sd_bus_error *error) {
*ret = TAKE_PTR(hr);
return 0;
}
+
+int bus_message_read_blobs(sd_bus_message *m, Hashmap **ret, sd_bus_error *error) {
+ _cleanup_hashmap_free_ Hashmap *blobs = NULL;
+ int r;
+
+ assert(m);
+ assert(ret);
+
+ /* We want to differentiate between blobs being NULL (not passed at all)
+ * and empty (passed from dbus, but it was empty) */
+ r = hashmap_ensure_allocated(&blobs, &blob_fd_hash_ops);
+ if (r < 0)
+ return r;
+
+ r = sd_bus_message_enter_container(m, 'a', "{sh}");
+ if (r < 0)
+ return r;
+
+ for (;;) {
+ _cleanup_free_ char *filename = NULL;
+ _cleanup_close_ int fd = -EBADF;
+ const char *_filename = NULL;
+ int _fd, flags;
+
+ r = sd_bus_message_read(m, "{sh}", &_filename, &_fd);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ break;
+
+ filename = strdup(_filename);
+ if (!filename)
+ return -ENOMEM;
+
+ fd = fcntl(_fd, F_DUPFD_CLOEXEC, 3);
+ if (fd < 0)
+ return -errno;
+
+ r = suitable_blob_filename(filename);
+ if (r < 0)
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid blob directory filename: %s", filename);
+
+ r = fd_verify_regular(fd);
+ if (r < 0)
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "FD for %s is not a regular file", filename);
+
+ flags = fcntl(fd, F_GETFL);
+ if (flags < 0)
+ return -errno;
+
+ /* Refuse fds w/ unexpected flags set. In particular, we don't want to permit O_PATH FDs, since
+ * those don't actually guarentee that the client has access to the file. */
+ if ((flags & ~(O_ACCMODE|RAW_O_LARGEFILE)) != 0)
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "FD for %s has unexpected flags set", filename);
+
+ r = hashmap_put(blobs, filename, FD_TO_PTR(fd));
+ if (r < 0)
+ return r;
+ TAKE_PTR(filename); /* Ownership transferred to hashmap */
+ TAKE_FD(fd);
+ }
+
+ r = sd_bus_message_exit_container(m);
+ if (r < 0)
+ return r;
+
+ *ret = TAKE_PTR(blobs);
+ return 0;
+}
#include "sd-bus.h"
-#include "user-record.h"
+#include "hashmap.h"
#include "json.h"
+#include "user-record.h"
int bus_message_read_secret(sd_bus_message *m, UserRecord **ret, sd_bus_error *error);
int bus_message_read_home_record(sd_bus_message *m, UserRecordLoadFlags flags, UserRecord **ret, sd_bus_error *error);
+int bus_message_read_blobs(sd_bus_message *m, Hashmap **ret, sd_bus_error *error);
if (r == 0)
return 1; /* Will call us back */
- r = home_create(h, secret, error);
+ r = home_create(h, secret, NULL, 0, error);
if (r < 0)
return r;
return 1;
}
-int bus_home_method_update_record(Home *h, sd_bus_message *message, UserRecord *hr, sd_bus_error *error) {
+int bus_home_method_update_record(
+ Home *h,
+ sd_bus_message *message,
+ UserRecord *hr,
+ Hashmap *blobs,
+ uint64_t flags,
+ sd_bus_error *error) {
int r;
assert(h);
if (r < 0)
return r;
+ if (flags != 0)
+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Provided flags are unsupported.");
+
r = home_verify_polkit_async(
h,
message,
if (r == 0)
return 1; /* Will call us back */
- r = home_update(h, hr, error);
+ r = home_update(h, hr, blobs, flags, error);
if (r < 0)
return r;
sd_bus_error *error) {
_cleanup_(user_record_unrefp) UserRecord *hr = NULL;
+ _cleanup_hashmap_free_ Hashmap *blobs = NULL;
+ uint64_t flags = 0;
Home *h = ASSERT_PTR(userdata);
int r;
if (r < 0)
return r;
- return bus_home_method_update_record(h, message, hr, error);
+ if (endswith(sd_bus_message_get_member(message), "Ex")) {
+ r = bus_message_read_blobs(message, &blobs, error);
+ if (r < 0)
+ return r;
+
+ r = sd_bus_message_read(message, "t", &flags);
+ if (r < 0)
+ return r;
+ }
+
+ return bus_home_method_update_record(h, message, hr, blobs, flags, error);
}
int bus_home_method_resize(
SD_BUS_NO_RESULT,
bus_home_method_update,
SD_BUS_VTABLE_UNPRIVILEGED|SD_BUS_VTABLE_SENSITIVE),
+ SD_BUS_METHOD_WITH_ARGS("UpdateEx",
+ SD_BUS_ARGS("s", user_record, "a{sh}", blobs, "t", flags),
+ SD_BUS_NO_RESULT,
+ bus_home_method_update,
+ SD_BUS_VTABLE_UNPRIVILEGED|SD_BUS_VTABLE_SENSITIVE),
SD_BUS_METHOD_WITH_ARGS("Resize",
SD_BUS_ARGS("t", size, "s", secret),
SD_BUS_NO_RESULT,
int bus_home_method_fixate(sd_bus_message *message, void *userdata, sd_bus_error *error);
int bus_home_method_authenticate(sd_bus_message *message, void *userdata, sd_bus_error *error);
int bus_home_method_update(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int bus_home_method_update_record(Home *home, sd_bus_message *message, UserRecord *hr, sd_bus_error *error);
+int bus_home_method_update_record(Home *home, sd_bus_message *message, UserRecord *hr, Hashmap *blobs, uint64_t flags, sd_bus_error *error);
int bus_home_method_resize(sd_bus_message *message, void *userdata, sd_bus_error *error);
int bus_home_method_change_password(sd_bus_message *message, void *userdata, sd_bus_error *error);
int bus_home_method_lock(sd_bus_message *message, void *userdata, sd_bus_error *error);
assert_cc(HOME_UID_MIN <= HOME_UID_MAX);
assert_cc(HOME_USERS_MAX <= (HOME_UID_MAX - HOME_UID_MIN + 1));
-static int home_start_work(Home *h, const char *verb, UserRecord *hr, UserRecord *secret);
+static int home_start_work(
+ Home *h,
+ const char *verb,
+ UserRecord *hr,
+ UserRecord *secret,
+ Hashmap *blobs,
+ uint64_t flags);
DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(operation_hash_ops, void, trivial_hash_func, trivial_compare_func, Operation, operation_unref);
if (IN_SET(h->state, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE)) {
- r = home_start_work(h, "activate", h->record, secret);
+ r = home_start_work(h, "activate", h->record, secret, NULL, 0);
if (r < 0) {
h->current_operation = operation_result_unref(h->current_operation, r, NULL);
home_set_state(h, _HOME_STATE_INVALID);
return 0;
}
-static int home_start_work(Home *h, const char *verb, UserRecord *hr, UserRecord *secret) {
- _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
+static int home_start_work(
+ Home *h,
+ const char *verb,
+ UserRecord *hr,
+ UserRecord *secret,
+ Hashmap *blobs,
+ uint64_t flags) {
+ _cleanup_(json_variant_unrefp) JsonVariant *v = NULL, *fdmap = NULL;
_cleanup_(erase_and_freep) char *formatted = NULL;
_cleanup_close_ int stdin_fd = -EBADF, stdout_fd = -EBADF;
+ _cleanup_free_ int *blob_fds = NULL;
pid_t pid = 0;
int r;
return r;
}
+ if (blobs) {
+ const char *blob_filename = NULL;
+ void *fd_ptr;
+ size_t i = 0;
+
+ blob_fds = new(int, hashmap_size(blobs));
+ if (!blob_fds)
+ return -ENOMEM;
+
+ /* homework needs to be able to tell the difference between blobs being null
+ * (the fdmap field is completely missing) and it being empty (the field is an
+ * empty object) */
+ r = json_variant_new_object(&fdmap, NULL, 0);
+ if (r < 0)
+ return r;
+
+ HASHMAP_FOREACH_KEY(fd_ptr, blob_filename, blobs) {
+ blob_fds[i] = PTR_TO_FD(fd_ptr);
+
+ r = json_variant_set_field_integer(&fdmap, blob_filename, i);
+ if (r < 0)
+ return r;
+
+ i++;
+ }
+
+ r = json_variant_set_field(&v, HOMEWORK_BLOB_FDMAP_FIELD, fdmap);
+ if (r < 0)
+ return r;
+ }
+
r = json_variant_format(v, 0, &formatted);
if (r < 0)
return r;
r = safe_fork_full("(sd-homework)",
(int[]) { stdin_fd, stdout_fd, STDERR_FILENO },
- NULL, 0,
- FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG_SIGTERM|FORK_REARRANGE_STDIO|FORK_LOG|FORK_REOPEN_LOG, &pid);
+ blob_fds, hashmap_size(blobs),
+ FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_CLOEXEC_OFF|FORK_PACK_FDS|FORK_DEATHSIG_SIGTERM|
+ FORK_REARRANGE_STDIO|FORK_LOG|FORK_REOPEN_LOG, &pid);
if (r < 0)
return r;
if (r == 0) {
if (r < 0)
log_warning_errno(r, "Failed to update $SYSTEMD_EXEC_PID, ignoring: %m");
+ r = setenv_systemd_log_level();
+ if (r < 0)
+ log_warning_errno(r, "Failed to update $SYSTEMD_LOG_LEVEL, ignoring: %m");
+
/* Allow overriding the homework path via an environment variable, to make debugging
* easier. */
homework = getenv("SYSTEMD_HOMEWORK_PATH") ?: SYSTEMD_HOMEWORK_PATH;
assert(secret);
assert(IN_SET(for_state, HOME_FIXATING, HOME_FIXATING_FOR_ACTIVATION, HOME_FIXATING_FOR_ACQUIRE));
- r = home_start_work(h, "inspect", h->record, secret);
+ r = home_start_work(h, "inspect", h->record, secret, NULL, 0);
if (r < 0)
return r;
assert(secret);
assert(IN_SET(for_state, HOME_ACTIVATING, HOME_ACTIVATING_FOR_ACQUIRE));
- r = home_start_work(h, "activate", h->record, secret);
+ r = home_start_work(h, "activate", h->record, secret, NULL, 0);
if (r < 0)
return r;
assert(secret);
assert(IN_SET(for_state, HOME_AUTHENTICATING, HOME_AUTHENTICATING_WHILE_ACTIVE, HOME_AUTHENTICATING_FOR_ACQUIRE));
- r = home_start_work(h, "inspect", h->record, secret);
+ r = home_start_work(h, "inspect", h->record, secret, NULL, 0);
if (r < 0)
return r;
home_unpin(h); /* unpin so that we can deactivate */
- r = home_start_work(h, force ? "deactivate-force" : "deactivate", h->record, NULL);
+ r = home_start_work(h, force ? "deactivate-force" : "deactivate", h->record, NULL, NULL, 0);
if (r < 0)
/* Operation failed before it even started, reacquire pin fd, if state still dictates so */
home_update_pin_fd(h, _HOME_STATE_INVALID);
return home_deactivate_internal(h, force, error);
}
-int home_create(Home *h, UserRecord *secret, sd_bus_error *error) {
+int home_create(Home *h, UserRecord *secret, Hashmap *blobs, uint64_t flags, sd_bus_error *error) {
int r;
assert(h);
return r;
}
- r = home_start_work(h, "create", h->record, secret);
+ r = home_start_work(h, "create", h->record, secret, blobs, flags);
if (r < 0)
return r;
return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "Home %s is currently being used, or an operation on home %s is currently being executed.", h->user_name, h->user_name);
}
- r = home_start_work(h, "remove", h->record, NULL);
+ r = home_start_work(h, "remove", h->record, NULL, NULL, 0);
if (r < 0)
return r;
const char *verb,
UserRecord *hr,
UserRecord *secret,
+ Hashmap *blobs,
+ uint64_t flags,
sd_bus_error *error) {
_cleanup_(user_record_unrefp) UserRecord *new_hr = NULL, *saved_secret = NULL, *signed_hr = NULL;
secret = saved_secret;
}
+ if (blobs) {
+ const char *failed = NULL;
+ r = user_record_ensure_blob_manifest(hr, blobs, &failed);
+ if (r == -EINVAL)
+ return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Provided blob files do not correspond to blob manifest.");
+ if (r < 0)
+ return sd_bus_error_set_errnof(error, r, "Failed to generate hash for blob %s: %m", strnull(failed));
+ }
+
r = manager_verify_user_record(h->manager, hr);
switch (r) {
return sd_bus_error_set(error, BUS_ERROR_HOME_RECORD_MISMATCH, "Home record different but timestamp remained the same, refusing.");
}
- r = home_start_work(h, verb, new_hr, secret);
+ r = home_start_work(h, verb, new_hr, secret, blobs, flags);
if (r < 0)
return r;
return 0;
}
-int home_update(Home *h, UserRecord *hr, sd_bus_error *error) {
+int home_update(Home *h, UserRecord *hr, Hashmap *blobs, uint64_t flags, sd_bus_error *error) {
HomeState state;
int r;
if (r < 0)
return r;
- r = home_update_internal(h, "update", hr, NULL, error);
+ r = home_update_internal(h, "update", hr, NULL, blobs, flags, error);
if (r < 0)
return r;
c = TAKE_PTR(signed_c);
}
- r = home_update_internal(h, automatic ? "resize-auto" : "resize", c, secret, error);
+ r = home_update_internal(h, automatic ? "resize-auto" : "resize", c, secret, NULL, 0, error);
if (r < 0)
return r;
return r;
}
- r = home_update_internal(h, "passwd", signed_c, merged_secret, error);
+ r = home_update_internal(h, "passwd", signed_c, merged_secret, NULL, 0, error);
if (r < 0)
return r;
return sd_bus_error_setf(error, BUS_ERROR_HOME_BUSY, "An operation on home %s is currently being executed.", h->user_name);
}
- r = home_start_work(h, "lock", h->record, NULL);
+ r = home_start_work(h, "lock", h->record, NULL, NULL, 0);
if (r < 0)
return r;
assert(secret);
assert(IN_SET(for_state, HOME_UNLOCKING, HOME_UNLOCKING_FOR_ACQUIRE));
- r = home_start_work(h, "unlock", h->record, secret);
+ r = home_start_work(h, "unlock", h->record, secret, NULL, 0);
if (r < 0)
return r;
typedef struct Home Home;
+#include "hashmap.h"
#include "homed-manager.h"
#include "homed-operation.h"
#include "list.h"
int home_activate(Home *h, bool if_referenced, UserRecord *secret, sd_bus_error *error);
int home_authenticate(Home *h, UserRecord *secret, sd_bus_error *error);
int home_deactivate(Home *h, bool force, sd_bus_error *error);
-int home_create(Home *h, UserRecord *secret, sd_bus_error *error);
+int home_create(Home *h, UserRecord *secret, Hashmap *blobs, uint64_t flags, sd_bus_error *error);
int home_remove(Home *h, sd_bus_error *error);
-int home_update(Home *h, UserRecord *new_record, sd_bus_error *error);
+int home_update(Home *h, UserRecord *new_record, Hashmap *blobs, uint64_t flags, sd_bus_error *error);
int home_resize(Home *h, uint64_t disk_size, UserRecord *secret, bool automatic, sd_bus_error *error);
int home_passwd(Home *h, UserRecord *new_secret, UserRecord *old_secret, sd_bus_error *error);
int home_unregister(Home *h, sd_bus_error *error);
return generic_home_method(userdata, message, bus_home_method_deactivate, error);
}
-static int validate_and_allocate_home(Manager *m, UserRecord *hr, Home **ret, sd_bus_error *error) {
+static int validate_and_allocate_home(Manager *m, UserRecord *hr, Hashmap *blobs, Home **ret, sd_bus_error *error) {
_cleanup_(user_record_unrefp) UserRecord *signed_hr = NULL;
bool signed_locally;
Home *other;
if (r != -ESRCH)
return r;
+ if (blobs) {
+ const char *failed = NULL;
+ r = user_record_ensure_blob_manifest(hr, blobs, &failed);
+ if (r == -EINVAL)
+ return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Provided blob files do not correspond to blob manifest.");
+ if (r < 0)
+ return sd_bus_error_set_errnof(error, r, "Failed to generate hash for blob %s: %m", strnull(failed));
+ }
+
r = manager_verify_user_record(m, hr);
switch (r) {
if (r == 0)
return 1; /* Will call us back */
- r = validate_and_allocate_home(m, hr, &h, error);
+ r = validate_and_allocate_home(m, hr, NULL, &h, error);
if (r < 0)
return r;
return generic_home_method(userdata, message, bus_home_method_unregister, error);
}
-static int method_create_home(
- sd_bus_message *message,
- void *userdata,
- sd_bus_error *error) {
+static int method_create_home(sd_bus_message *message, void *userdata, sd_bus_error *error) {
_cleanup_(user_record_unrefp) UserRecord *hr = NULL;
+ _cleanup_hashmap_free_ Hashmap *blobs = NULL;
+ uint64_t flags = 0;
Manager *m = ASSERT_PTR(userdata);
Home *h;
int r;
if (r < 0)
return r;
+ if (endswith(sd_bus_message_get_member(message), "Ex")) {
+ r = bus_message_read_blobs(message, &blobs, error);
+ if (r < 0)
+ return r;
+
+ r = sd_bus_message_read(message, "t", &flags);
+ if (r < 0)
+ return r;
+ if (flags != 0)
+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Provided flags are unsupported.");
+ }
+
r = bus_verify_polkit_async(
message,
"org.freedesktop.home1.create-home",
if (r == 0)
return 1; /* Will call us back */
- r = validate_and_allocate_home(m, hr, &h, error);
+ r = validate_and_allocate_home(m, hr, blobs, &h, error);
if (r < 0)
return r;
- r = home_create(h, hr, error);
+ r = home_create(h, hr, blobs, flags, error);
if (r < 0)
goto fail;
static int method_update_home(sd_bus_message *message, void *userdata, sd_bus_error *error) {
_cleanup_(user_record_unrefp) UserRecord *hr = NULL;
+ _cleanup_hashmap_free_ Hashmap *blobs = NULL;
+ uint64_t flags = 0;
Manager *m = ASSERT_PTR(userdata);
Home *h;
int r;
if (r < 0)
return r;
+ if (endswith(sd_bus_message_get_member(message), "Ex")) {
+ r = bus_message_read_blobs(message, &blobs, error);
+ if (r < 0)
+ return r;
+
+ r = sd_bus_message_read(message, "t", &flags);
+ if (r < 0)
+ return r;
+ }
+
assert(hr->user_name);
h = hashmap_get(m->homes_by_name, hr->user_name);
if (!h)
return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_HOME, "No home for user %s known", hr->user_name);
- return bus_home_method_update_record(h, message, hr, error);
+ return bus_home_method_update_record(h, message, hr, blobs, flags, error);
}
static int method_resize_home(sd_bus_message *message, void *userdata, sd_bus_error *error) {
SD_BUS_NO_RESULT,
method_create_home,
SD_BUS_VTABLE_UNPRIVILEGED|SD_BUS_VTABLE_SENSITIVE),
+ SD_BUS_METHOD_WITH_ARGS("CreateHomeEx",
+ SD_BUS_ARGS("s", user_record, "a{sh}", blobs, "t", flags),
+ SD_BUS_NO_RESULT,
+ method_create_home,
+ SD_BUS_VTABLE_UNPRIVILEGED|SD_BUS_VTABLE_SENSITIVE),
/* Create $HOME for already registered JSON entry */
SD_BUS_METHOD_WITH_ARGS("RealizeHome",
SD_BUS_NO_RESULT,
method_update_home,
SD_BUS_VTABLE_UNPRIVILEGED|SD_BUS_VTABLE_SENSITIVE),
+ SD_BUS_METHOD_WITH_ARGS("UpdateHomeEx",
+ SD_BUS_ARGS("s", user_record, "a{sh}", blobs, "t", flags),
+ SD_BUS_NO_RESULT,
+ method_update_home,
+ SD_BUS_VTABLE_UNPRIVILEGED|SD_BUS_VTABLE_SENSITIVE),
SD_BUS_METHOD_WITH_ARGS("ResizeHome",
SD_BUS_ARGS("s", user_name, "t", size, "s", secret),
}
return 0;
}
+
+int home_apply_new_blob_dir(UserRecord *h, Hashmap *blobs) {
+ _cleanup_free_ char *fn = NULL;
+ _cleanup_close_ int base_dfd = -EBADF, dfd = -EBADF;
+ uint64_t total_size = 0;
+ const char *filename;
+ const void *v;
+ int r;
+
+ assert(h);
+
+ if (!blobs) /* Shortcut: If no blobs are passed from dbus, we have nothing to do. */
+ return 0;
+
+ base_dfd = open(home_system_blob_dir(), O_RDONLY|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW);
+ if (base_dfd < 0)
+ return log_error_errno(errno, "Failed to open system blob base dir: %m");
+
+ if (hashmap_isempty(blobs)) {
+ /* Shortcut: If blobs was passed but empty, we can simply delete the contents
+ * of the directory. */
+ r = rm_rf_at(base_dfd, h->user_name, REMOVE_PHYSICAL|REMOVE_MISSING_OK);
+ if (r < 0)
+ return log_error_errno(errno, "Failed to empty out system blob dir: %m");
+ return 0;
+ }
+
+ r = tempfn_random(h->user_name, NULL, &fn);
+ if (r < 0)
+ return r;
+
+ dfd = open_mkdir_at(base_dfd, fn, O_EXCL|O_CLOEXEC, 0755);
+ if (dfd < 0)
+ return log_error_errno(errno, "Failed to create system blob dir: %m");
+
+ HASHMAP_FOREACH_KEY(v, filename, blobs) {
+ r = copy_one_blob(PTR_TO_FD(v), dfd, filename, &total_size, 0, h->blob_manifest);
+ if (r == -EFBIG)
+ break;
+ if (r < 0) {
+ log_error_errno(r, "Failed to copy %s into system blob dir: %m", filename);
+ goto fail;
+ }
+ }
+
+ r = install_file(base_dfd, fn, base_dfd, h->user_name, INSTALL_REPLACE);
+ if (r < 0) {
+ log_error_errno(r, "Failed to move system blob dir into place: %m");
+ goto fail;
+ }
+
+ log_info("Replaced system blob directory.");
+ return 0;
+
+fail:
+ (void) rm_rf_at(base_dfd, fn, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_MISSING_OK);
+ return r;
+}
#include "user-record.h"
int home_reconcile_blob_dirs(UserRecord *h, int root_fd, int reconciled);
+
+int home_apply_new_blob_dir(UserRecord *h, Hashmap *blobs);
#include "memory-util.h"
#include "missing_magic.h"
#include "mount-util.h"
+#include "parse-util.h"
#include "path-util.h"
#include "recovery-key.h"
#include "rm-rf.h"
return 0;
}
-static int home_create(UserRecord *h, UserRecord **ret_home) {
+static int home_create(UserRecord *h, Hashmap *blobs, UserRecord **ret_home) {
_cleanup_strv_free_erase_ char **effective_passwords = NULL;
_cleanup_(home_setup_done) HomeSetup setup = HOME_SETUP_INIT;
_cleanup_(user_record_unrefp) UserRecord *new_home = NULL;
if (!IN_SET(r, USER_TEST_ABSENT, USER_TEST_UNDEFINED, USER_TEST_MAYBE))
return log_error_errno(SYNTHETIC_ERRNO(EEXIST), "Image path %s already exists, refusing.", user_record_image_path(h));
+ r = home_apply_new_blob_dir(h, blobs);
+ if (r < 0)
+ return r;
+
switch (user_record_storage(h)) {
case USER_LUKS:
return has_mount; /* return true if the home record is already active */
}
-static int home_update(UserRecord *h, UserRecord **ret) {
+static int home_update(UserRecord *h, Hashmap *blobs, UserRecord **ret) {
_cleanup_(user_record_unrefp) UserRecord *new_home = NULL, *header_home = NULL, *embedded_home = NULL;
_cleanup_(home_setup_done) HomeSetup setup = HOME_SETUP_INIT;
_cleanup_(password_cache_free) PasswordCache cache = {};
if (r < 0)
return r;
+ r = home_apply_new_blob_dir(h, blobs);
+ if (r < 0)
+ return r;
+
r = home_setup(h, flags, &setup, &cache, &header_home);
if (r < 0)
return r;
_cleanup_(user_record_unrefp) UserRecord *home = NULL, *new_home = NULL;
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
_cleanup_fclose_ FILE *opened_file = NULL;
+ _cleanup_hashmap_free_ Hashmap *blobs = NULL;
unsigned line = 0, column = 0;
- const char *json_path = NULL;
+ const char *json_path = NULL, *blob_filename;
FILE *json_file;
usec_t start;
+ JsonVariant *fdmap, *blob_fd_variant;
int r;
start = now(CLOCK_MONOTONIC);
if (r < 0)
return log_error_errno(r, "[%s:%u:%u] Failed to parse JSON data: %m", json_path, line, column);
+ fdmap = json_variant_by_key(v, HOMEWORK_BLOB_FDMAP_FIELD);
+ if (fdmap) {
+ r = hashmap_ensure_allocated(&blobs, &blob_fd_hash_ops);
+ if (r < 0)
+ return log_oom();
+
+ JSON_VARIANT_OBJECT_FOREACH(blob_filename, blob_fd_variant, fdmap) {
+ _cleanup_free_ char *filename = NULL;
+ _cleanup_close_ int fd = -EBADF;
+
+ assert(json_variant_is_integer(blob_fd_variant));
+ assert(json_variant_integer(blob_fd_variant) >= 0);
+ assert(json_variant_integer(blob_fd_variant) <= INT_MAX - SD_LISTEN_FDS_START);
+ fd = SD_LISTEN_FDS_START + (int) json_variant_integer(blob_fd_variant);
+
+ if (DEBUG_LOGGING) {
+ _cleanup_free_ char *resolved = NULL;
+ r = fd_get_path(fd, &resolved);
+ log_debug("Got blob from daemon: %s (%d) → %s",
+ blob_filename, fd, resolved ?: STRERROR(r));
+ }
+
+ filename = strdup(blob_filename);
+ if (!filename)
+ return log_oom();
+
+ r = fd_cloexec(fd, true);
+ if (r < 0)
+ return log_error_errno(r, "Failed to enable O_CLOEXEC on blob %s: %m", filename);
+
+ r = hashmap_put(blobs, filename, FD_TO_PTR(fd));
+ if (r < 0)
+ return log_error_errno(r, "Failed to insert blob %s into map: %m", filename);
+ TAKE_PTR(filename); /* Ownership transfers to hashmap */
+ TAKE_FD(fd);
+ }
+
+ r = json_variant_filter(&v, STRV_MAKE(HOMEWORK_BLOB_FDMAP_FIELD));
+ if (r < 0)
+ return log_error_errno(r, "Failed to strip internal fdmap from JSON: %m");
+ }
+
home = user_record_new();
if (!home)
return log_oom();
else if (streq(argv[1], "deactivate-force"))
r = home_deactivate(home, true);
else if (streq(argv[1], "create"))
- r = home_create(home, &new_home);
+ r = home_create(home, blobs, &new_home);
else if (streq(argv[1], "remove"))
r = home_remove(home);
else if (streq(argv[1], "update"))
- r = home_update(home, &new_home);
+ r = home_update(home, blobs, &new_home);
else if (streq(argv[1], "resize")) /* Resize on user request */
r = home_resize(home, false, &new_home);
else if (streq(argv[1], "resize-auto")) /* Automatic resize */
send_interface="org.freedesktop.home1.Manager"
send_member="CreateHome"/>
+ <allow send_destination="org.freedesktop.home1"
+ send_interface="org.freedesktop.home1.Manager"
+ send_member="CreateHomeEx"/>
+
<allow send_destination="org.freedesktop.home1"
send_interface="org.freedesktop.home1.Manager"
send_member="RealizeHome"/>
send_interface="org.freedesktop.home1.Manager"
send_member="UpdateHome"/>
+ <allow send_destination="org.freedesktop.home1"
+ send_interface="org.freedesktop.home1.Manager"
+ send_member="UpdateHomeEx"/>
+
<allow send_destination="org.freedesktop.home1"
send_interface="org.freedesktop.home1.Manager"
send_member="ResizeHome"/>
send_interface="org.freedesktop.home1.Home"
send_member="Update"/>
+ <allow send_destination="org.freedesktop.home1"
+ send_interface="org.freedesktop.home1.Home"
+ send_member="UpdateEx"/>
+
<allow send_destination="org.freedesktop.home1"
send_interface="org.freedesktop.home1.Home"
send_member="Resize"/>
#include <sys/xattr.h>
#include "errno-util.h"
+#include "fd-util.h"
#include "home-util.h"
#include "id128-util.h"
#include "libcrypt-util.h"
#include "recovery-key.h"
#include "mountpoint-util.h"
#include "path-util.h"
+#include "sha256.h"
#include "stat-util.h"
#include "user-record-util.h"
#include "user-util.h"
return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Cannot manage custom blob directories.");
}
+ if (json_variant_by_key(hr->json, HOMEWORK_BLOB_FDMAP_FIELD))
+ return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "User record contains unsafe internal fields.");
+
return 0;
}
h->mask |= USER_RECORD_PER_MACHINE;
return 0;
}
+
+int user_record_ensure_blob_manifest(UserRecord *h, Hashmap *blobs, const char **ret_failed) {
+ _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
+ _cleanup_hashmap_free_ Hashmap *manifest = NULL;
+ const char *filename;
+ void *key, *value;
+ uint64_t total_size = 0;
+ int r;
+
+ assert(h);
+ assert(h->json);
+ assert(blobs);
+ assert(ret_failed);
+
+ /* Ensures that blobManifest exists (possibly creating it using the
+ * contents of blobs), and that the set of keys in both hashmaps are
+ * exactly the same. If it fails to handle one blob file, the filename
+ * is put it ret_failed for nicer error reporting. ret_failed is a pointer
+ * to the same memory blobs uses to store its keys, so it is valid for
+ * as long as blobs is valid and the corresponding key isn't removed! */
+
+ if (h->blob_manifest) {
+ /* blobManifest already exists. In this case we verify
+ * that the sets of keys are equal and that's it */
+
+ HASHMAP_FOREACH_KEY(value, key, h->blob_manifest)
+ if (!hashmap_contains(blobs, key))
+ return -EINVAL;
+ HASHMAP_FOREACH_KEY(value, key, blobs)
+ if (!hashmap_contains(h->blob_manifest, key))
+ return -EINVAL;
+
+ return 0;
+ }
+
+ /* blobManifest doesn't exist, so we need to create it */
+
+ HASHMAP_FOREACH_KEY(value, filename, blobs) {
+ _cleanup_free_ char *filename_dup = NULL;
+ _cleanup_free_ uint8_t *hash = NULL;
+ _cleanup_(json_variant_unrefp) JsonVariant *hash_json = NULL;
+ int fd = PTR_TO_FD(value);
+ off_t initial, size;
+
+ *ret_failed = filename;
+
+ filename_dup = strdup(filename);
+ if (!filename_dup)
+ return -ENOMEM;
+
+ hash = malloc(SHA256_DIGEST_SIZE);
+ if (!hash)
+ return -ENOMEM;
+
+ initial = lseek(fd, 0, SEEK_CUR);
+ if (initial < 0)
+ return -errno;
+
+ r = sha256_fd(fd, BLOB_DIR_MAX_SIZE, hash);
+ if (r < 0)
+ return r;
+
+ size = lseek(fd, 0, SEEK_CUR);
+ if (size < 0)
+ return -errno;
+ if (!DEC_SAFE(&size, initial))
+ return -EOVERFLOW;
+
+ if (!INC_SAFE(&total_size, size))
+ total_size = UINT64_MAX;
+ if (total_size > BLOB_DIR_MAX_SIZE)
+ return -EFBIG;
+
+ if (lseek(fd, initial, SEEK_SET) < 0)
+ return -errno;
+
+ r = json_variant_new_hex(&hash_json, hash, SHA256_DIGEST_SIZE);
+ if (r < 0)
+ return r;
+
+ r = hashmap_ensure_put(&manifest, &path_hash_ops_free_free, filename_dup, hash);
+ if (r < 0)
+ return r;
+ TAKE_PTR(filename_dup); /* Ownership transfers to hashmap */
+ TAKE_PTR(hash);
+
+ r = json_variant_set_field(&v, filename, hash_json);
+ if (r < 0)
+ return r;
+
+ *ret_failed = NULL;
+ }
+
+ r = json_variant_set_field_non_null(&h->json, "blobManifest", v);
+ if (r < 0)
+ return r;
+
+ h->blob_manifest = TAKE_PTR(manifest);
+ return 0;
+}
#include "user-record.h"
#include "group-record.h"
+/* We intentionally use snake_case instead of the usual camelCase here to further
+ * reduce the chance of collision with a field any legitimate user record may ever
+ * want to set. */
+#define HOMEWORK_BLOB_FDMAP_FIELD "__systemd_homework_internal_blob_fdmap"
+
int user_record_synthesize(UserRecord *h, const char *user_name, const char *realm, const char *image_path, UserStorage storage, uid_t uid, gid_t gid);
int group_record_synthesize(GroupRecord *g, UserRecord *u);
bool user_record_shall_rebalance(UserRecord *h);
int user_record_set_rebalance_weight(UserRecord *h, uint64_t weight);
+
+int user_record_ensure_blob_manifest(UserRecord *h, Hashmap *blobs, const char **ret_failed);
projects / thirdparty / systemd.git / commitdiff
