From: Lennart Poettering Date: Tue, 26 Oct 2021 07:18:39 +0000 (+0200) Subject: homework: teach home_lock() + home_unlock() + home_deactivate() to use HomeSetup... X-Git-Tag: v250-rc1~390^2~13 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fc032ae197b04c151558ec7234025a58ca1ef165;p=thirdparty%2Fsystemd.git homework: teach home_lock() + home_unlock() + home_deactivate() to use HomeSetup, too This is just some minor refactoring, to make these two operations work like the rest. home_lock_luks() will now use the root_fd field of HomeSetup already, but for home_unlock_luks() + home_deactivate() this change has no effect for now. (But a later commit will change this.) --- diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c index b900855bcd6..c1c67f7ca75 100644 --- a/src/home/homework-luks.c +++ b/src/home/homework-luks.c @@ -1483,12 +1483,16 @@ int home_activate_luks( return 1; } -int home_deactivate_luks(UserRecord *h) { +int home_deactivate_luks(UserRecord *h, HomeSetup *setup) { _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL; _cleanup_free_ char *dm_name = NULL, *dm_node = NULL; bool we_detached; int r; + assert(h); + assert(setup); + assert(!setup->crypt_device); + /* Note that the DM device and loopback device are set to auto-detach, hence strictly speaking we * don't have to explicitly have to detach them. However, we do that nonetheless (in case of the DM * device), to avoid races: by explicitly detaching them we know when the detaching is complete. We @@ -3147,18 +3151,19 @@ int home_passwd_luks( return 1; } -int home_lock_luks(UserRecord *h) { +int home_lock_luks(UserRecord *h, HomeSetup *setup) { _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL; _cleanup_free_ char *dm_name = NULL, *dm_node = NULL; - _cleanup_close_ int root_fd = -1; const char *p; int r; assert(h); + assert(setup); + assert(setup->root_fd < 0); assert_se(p = user_record_home_directory(h)); - root_fd = open(p, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW); - if (root_fd < 0) + setup->root_fd = open(p, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW); + if (setup->root_fd < 0) return log_error_errno(errno, "Failed to open home directory: %m"); r = make_dm_names(h->user_name, &dm_name, &dm_node); @@ -3176,10 +3181,10 @@ int home_lock_luks(UserRecord *h) { log_info("Discovered used LUKS device %s.", dm_node); cryptsetup_enable_logging(cd); - if (syncfs(root_fd) < 0) /* Snake oil, but let's better be safe than sorry */ + if (syncfs(setup->root_fd) < 0) /* Snake oil, but let's better be safe than sorry */ return log_error_errno(errno, "Failed to synchronize file system %s: %m", p); - root_fd = safe_close(root_fd); + setup->root_fd = safe_close(setup->root_fd); log_info("File system synchronized."); @@ -3222,13 +3227,14 @@ static int luks_try_resume( return -ENOKEY; } -int home_unlock_luks(UserRecord *h, const PasswordCache *cache) { +int home_unlock_luks(UserRecord *h, HomeSetup *setup, const PasswordCache *cache) { _cleanup_free_ char *dm_name = NULL, *dm_node = NULL; _cleanup_(sym_crypt_freep) struct crypt_device *cd = NULL; char **list; int r; assert(h); + assert(setup); r = make_dm_names(h->user_name, &dm_name, &dm_node); if (r < 0) diff --git a/src/home/homework-luks.h b/src/home/homework-luks.h index 1896e3ce6c4..25d096a175c 100644 --- a/src/home/homework-luks.h +++ b/src/home/homework-luks.h @@ -8,7 +8,7 @@ int home_setup_luks(UserRecord *h, HomeSetupFlags flags, const char *force_image_path, PasswordCache *cache, HomeSetup *setup, UserRecord **ret_luks_home); int home_activate_luks(UserRecord *h, HomeSetup *setup, PasswordCache *cache, UserRecord **ret_home); -int home_deactivate_luks(UserRecord *h); +int home_deactivate_luks(UserRecord *h, HomeSetup *setup); int home_trim_luks(UserRecord *h); int home_store_header_identity_luks(UserRecord *h, HomeSetup *setup, UserRecord *old_home); @@ -21,8 +21,8 @@ int home_resize_luks(UserRecord *h, HomeSetupFlags flags, PasswordCache *cache, int home_passwd_luks(UserRecord *h, HomeSetup *setup, const PasswordCache *cache, char **effective_passwords); -int home_lock_luks(UserRecord *h); -int home_unlock_luks(UserRecord *h, const PasswordCache *cache); +int home_lock_luks(UserRecord *h, HomeSetup *setup); +int home_unlock_luks(UserRecord *h, HomeSetup *setup, const PasswordCache *cache); static inline uint64_t luks_volume_key_size_convert(struct crypt_device *cd) { int k; diff --git a/src/home/homework.c b/src/home/homework.c index 170f7f26fb8..318ee801ddd 100644 --- a/src/home/homework.c +++ b/src/home/homework.c @@ -883,6 +883,7 @@ static int home_activate(UserRecord *h, UserRecord **ret_home) { } static int home_deactivate(UserRecord *h, bool force) { + _cleanup_(home_setup_done) HomeSetup setup = HOME_SETUP_INIT; bool done = false; int r; @@ -919,7 +920,7 @@ static int home_deactivate(UserRecord *h, bool force) { log_info("Directory %s is already unmounted.", user_record_home_directory(h)); if (user_record_storage(h) == USER_LUKS) { - r = home_deactivate_luks(h); + r = home_deactivate_luks(h, &setup); if (r < 0) return r; if (r > 0) @@ -1685,6 +1686,7 @@ static int home_inspect(UserRecord *h, UserRecord **ret_home) { } static int home_lock(UserRecord *h) { + _cleanup_(home_setup_done) HomeSetup setup = HOME_SETUP_INIT; int r; assert(h); @@ -1700,7 +1702,7 @@ static int home_lock(UserRecord *h) { if (r != USER_TEST_MOUNTED) return log_error_errno(SYNTHETIC_ERRNO(ENOEXEC), "Home directory of %s is not mounted, can't lock.", h->user_name); - r = home_lock_luks(h); + r = home_lock_luks(h, &setup); if (r < 0) return r; @@ -1709,6 +1711,7 @@ static int home_lock(UserRecord *h) { } static int home_unlock(UserRecord *h) { + _cleanup_(home_setup_done) HomeSetup setup = HOME_SETUP_INIT; _cleanup_(password_cache_free) PasswordCache cache = {}; int r; @@ -1726,7 +1729,7 @@ static int home_unlock(UserRecord *h) { if (r < 0) return r; - r = home_unlock_luks(h, &cache); + r = home_unlock_luks(h, &setup, &cache); if (r < 0) return r;