homework: also apply uid shifting when changing passwords/resizing/updating home...

This adds uidmap shifting also when resizing/updating/changing
passwords. Prviously I thought we didn't have to, because the user is
not going to access the uidmap if we only quickly activate the home
area. But this thinking is wrong, because the three operations will
result in an update ~/.identity fie to be written, and we should do that
with uidmap applied, so that its ownership maps down to nobody below as
intended.

Fixes: #21441

diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c
index 2e1c4c61701eb41e8b167aa0135a472b48d14566..29a18b48d961286be1047c3bb9fb0c3875ae20b5 100644 (file)
--- a/src/home/homework-luks.c
+++ b/src/home/homework-luks.c
@@ -3202,6 +3202,10 @@ int home_resize_luks(
                         return r;
         }
 
+        r = home_maybe_shift_uid(h, flags, setup);
+        if (r < 0)
+                return r;
+
         log_info("offset = %" PRIu64 ", size = %" PRIu64 ", image = %" PRIu64, setup->partition_offset, setup->partition_size, old_image_size);
 
         if ((UINT64_MAX - setup->partition_offset) < setup->partition_size ||

diff --git a/src/home/homework.c b/src/home/homework.c
index 864171faedc52785deb27722291c1d0361d8e1f2..d2a24d3210081ea6e0683e1c59f765650809ef70 100644 (file)
--- a/src/home/homework.c
+++ b/src/home/homework.c
@@ -1609,6 +1609,10 @@ static int home_update(UserRecord *h, UserRecord **ret) {
         if (r < 0)
                 return r;
 
+        r = home_maybe_shift_uid(h, flags, &setup);
+        if (r < 0)
+                return r;
+
         r = home_store_header_identity_luks(new_home, &setup, header_home);
         if (r < 0)
                 return r;
@@ -1701,6 +1705,10 @@ static int home_passwd(UserRecord *h, UserRecord **ret_home) {
         if (r < 0)
                 return r;
 
+        r = home_maybe_shift_uid(h, flags, &setup);
+        if (r < 0)
+                return r;
+
         switch (user_record_storage(h)) {
 
         case USER_LUKS: