mirror of
https://github.com/systemd/systemd.git
synced 2025-01-10 05:18:17 +03:00
homework: Reconcile blob directories
Whenever the host & embedded records are reconciled, the host & embedded blob directories are now reconciled too in the same direction. Reconciling the blob directories serves exactly the same purpose as reconciling the user records, and thus should behave in the same way.
This commit is contained in:
parent
c3d50255fc
commit
17ac40e4cd
243
src/home/homework-blob.c
Normal file
243
src/home/homework-blob.c
Normal file
@ -0,0 +1,243 @@
|
||||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||
|
||||
#include "copy.h"
|
||||
#include "fileio.h"
|
||||
#include "fd-util.h"
|
||||
#include "format-util.h"
|
||||
#include "fs-util.h"
|
||||
#include "home-util.h"
|
||||
#include "homework-blob.h"
|
||||
#include "homework.h"
|
||||
#include "install-file.h"
|
||||
#include "macro.h"
|
||||
#include "path-util.h"
|
||||
#include "recurse-dir.h"
|
||||
#include "rm-rf.h"
|
||||
#include "sha256.h"
|
||||
#include "string-util.h"
|
||||
#include "tmpfile-util.h"
|
||||
#include "umask-util.h"
|
||||
#include "utf8.h"
|
||||
|
||||
static int copy_one_blob(
|
||||
int src_fd,
|
||||
int dest_dfd,
|
||||
const char *name,
|
||||
uint64_t *total_size,
|
||||
uid_t uid,
|
||||
Hashmap *manifest) {
|
||||
_cleanup_(unlink_and_freep) char *dest_tmpname = NULL;
|
||||
_cleanup_close_ int dest = -EBADF;
|
||||
uint8_t hash[SHA256_DIGEST_SIZE], *known_hash;
|
||||
off_t initial, size;
|
||||
int r;
|
||||
|
||||
assert(src_fd >= 0);
|
||||
assert(dest_dfd >= 0);
|
||||
assert(name);
|
||||
assert(total_size);
|
||||
assert(uid_is_valid(uid));
|
||||
assert(manifest);
|
||||
|
||||
if (!suitable_blob_filename(name)) {
|
||||
log_warning("Blob %s has invalid filename. Skipping.", name);
|
||||
return 0;
|
||||
}
|
||||
|
||||
known_hash = hashmap_get(manifest, name);
|
||||
if (!known_hash) {
|
||||
log_warning("Blob %s is missing from manifest. Skipping.", name);
|
||||
return 0;
|
||||
}
|
||||
|
||||
r = fd_verify_regular(src_fd);
|
||||
if (r < 0) {
|
||||
log_warning_errno(r, "Blob %s is not a regular file. Skipping.", name);
|
||||
return 0;
|
||||
}
|
||||
|
||||
initial = lseek(src_fd, 0, SEEK_CUR);
|
||||
if (initial < 0)
|
||||
return log_debug_errno(errno, "Failed to get initial pos on fd for blob %s: %m", name);
|
||||
if (initial > 0)
|
||||
log_debug("Blob %s started offset %s into file", name, FORMAT_BYTES(initial));
|
||||
|
||||
/* Hashing is relatively cheaper compared to copying, especially since we're possibly copying across
|
||||
* filesystems or even devices here. So first we check the hash and bail early if the file's contents
|
||||
* don't match what's in the manifest. */
|
||||
|
||||
r = sha256_fd(src_fd, BLOB_DIR_MAX_SIZE, hash);
|
||||
if (r == -EFBIG)
|
||||
return log_warning_errno(r, "Blob %s is larger than blob directory size limit. Not copying any further.", name);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to compute sha256 for blob %s: %m", name);
|
||||
if (memcmp(hash, known_hash, SHA256_DIGEST_SIZE) != 0) {
|
||||
log_warning("Blob %s has incorrect hash. Skipping.", name);
|
||||
return 0;
|
||||
}
|
||||
|
||||
size = lseek(src_fd, 0, SEEK_CUR);
|
||||
if (size < 0)
|
||||
return log_debug_errno(errno, "Failed to get final pos on fd for blob %s: %m", name);
|
||||
if (!DEC_SAFE(&size, initial))
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid seek position on fd for %s. Couldn't get size.", name);
|
||||
|
||||
if (!INC_SAFE(total_size, size))
|
||||
*total_size = UINT64_MAX;
|
||||
log_debug("Blob %s size is %s, making the new total dir size %s", name, FORMAT_BYTES(size),
|
||||
*total_size != UINT64_MAX ? FORMAT_BYTES(*total_size) : "overflow!");
|
||||
if (*total_size > BLOB_DIR_MAX_SIZE)
|
||||
return log_warning_errno(SYNTHETIC_ERRNO(EFBIG),
|
||||
"Blob %s will cause blob directory to exceed its size limit. Not copying any further.", name);
|
||||
|
||||
/* Next we copy but don't yet link the file into the blob directory */
|
||||
|
||||
if (lseek(src_fd, initial, SEEK_SET) < 0)
|
||||
return log_debug_errno(errno, "Failed to rewind fd for blob %s: %m", name);
|
||||
|
||||
dest = open_tmpfile_linkable_at(dest_dfd, name, O_RDWR|O_CLOEXEC, &dest_tmpname);
|
||||
if (dest < 0)
|
||||
return log_debug_errno(dest, "Failed to create dest tmpfile for blob %s: %m", name);
|
||||
|
||||
if (fchmod(dest, 0644) < 0)
|
||||
return log_debug_errno(errno, "Failed to chmod blob %s: %m", name);
|
||||
if (fchown(dest, uid, uid) < 0)
|
||||
return log_debug_errno(errno, "Failed to chown blob %s: %m", name);
|
||||
|
||||
r = copy_bytes(src_fd, dest, BLOB_DIR_MAX_SIZE, 0);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to copy blob %s: %m", name);
|
||||
|
||||
/* The source FD might have changed while we were busy copying, thus invalidating the hash.
|
||||
* So, we re-hash the data we just copied to make sure that this didn't happen. */
|
||||
|
||||
if (lseek(dest, 0, SEEK_SET) < 0)
|
||||
return log_debug_errno(errno, "Failed to rewind blob %s for rehash: %m", name);
|
||||
|
||||
r = sha256_fd(dest, BLOB_DIR_MAX_SIZE, hash);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to rehash blob %s: %m", name);
|
||||
if (memcmp(hash, known_hash, SHA256_DIGEST_SIZE) != 0) {
|
||||
log_warning("Blob %s has changed while we were copying it. Skipping.", name);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* The file's contents still match the blob manifest, so it's safe to expose it in the directory */
|
||||
|
||||
r = link_tmpfile_at(dest, dest_dfd, dest_tmpname, name, 0);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to link blob %s: %m", name);
|
||||
dest_tmpname = mfree(dest_tmpname);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int replace_blob_at(
|
||||
int src_base_dfd,
|
||||
const char *src_name,
|
||||
int dest_base_dfd,
|
||||
const char *dest_name,
|
||||
Hashmap *manifest,
|
||||
mode_t mode,
|
||||
uid_t uid) {
|
||||
_cleanup_free_ char *fn = NULL;
|
||||
_cleanup_close_ int src_dfd = -EBADF, dest_dfd = -EBADF;
|
||||
_cleanup_free_ DirectoryEntries *de = NULL;
|
||||
uint64_t total_size = 0;
|
||||
int r;
|
||||
|
||||
assert(src_base_dfd >= 0);
|
||||
assert(src_name);
|
||||
assert(dest_base_dfd >= 0);
|
||||
assert(dest_name);
|
||||
assert(uid_is_valid(uid));
|
||||
|
||||
src_dfd = openat(src_base_dfd, src_name, O_RDONLY|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW);
|
||||
if (src_dfd < 0) {
|
||||
if (errno == ENOENT)
|
||||
return 0;
|
||||
return log_debug_errno(errno, "Failed to open src blob dir: %m");
|
||||
}
|
||||
|
||||
r = tempfn_random(dest_name, NULL, &fn);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
dest_dfd = open_mkdir_at(dest_base_dfd, fn, O_EXCL|O_CLOEXEC, mode);
|
||||
if (dest_dfd < 0)
|
||||
return log_debug_errno(dest_dfd, "Failed to create/open dest blob dir: %m");
|
||||
|
||||
r = readdir_all(src_dfd, RECURSE_DIR_SORT, &de);
|
||||
if (r < 0) {
|
||||
log_debug_errno(r, "Failed to read src blob dir: %m");
|
||||
goto fail;
|
||||
}
|
||||
for (size_t i = 0; i < de->n_entries; i++) {
|
||||
const char *name = de->entries[i]->d_name;
|
||||
_cleanup_close_ int src_fd = -EBADF;
|
||||
|
||||
src_fd = openat(src_dfd, name, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
|
||||
if (src_fd < 0) {
|
||||
r = log_debug_errno(errno, "Failed to open %s in src blob dir: %m", name);
|
||||
goto fail;
|
||||
}
|
||||
|
||||
r = copy_one_blob(src_fd, dest_dfd, name, &total_size, uid, manifest);
|
||||
if (r == -EFBIG)
|
||||
break;
|
||||
if (r < 0)
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (fchown(dest_dfd, uid, uid) < 0) {
|
||||
r = log_debug_errno(errno, "Failed to chown dest blob dir: %m");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
r = install_file(dest_base_dfd, fn, dest_base_dfd, dest_name, INSTALL_REPLACE);
|
||||
if (r < 0) {
|
||||
log_debug_errno(r, "Failed to move dest blob dir into place: %m");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
||||
fail:
|
||||
(void) rm_rf_at(dest_base_dfd, fn, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_MISSING_OK);
|
||||
return r;
|
||||
}
|
||||
|
||||
int home_reconcile_blob_dirs(UserRecord *h, int root_fd, int reconciled) {
|
||||
_cleanup_close_ int sys_base_dfd = -EBADF;
|
||||
int r;
|
||||
|
||||
assert(h);
|
||||
assert(root_fd >= 0);
|
||||
assert(reconciled >= 0);
|
||||
|
||||
if (reconciled == USER_RECONCILE_IDENTICAL)
|
||||
return 0;
|
||||
|
||||
sys_base_dfd = open(home_system_blob_dir(), O_RDONLY|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW);
|
||||
if (sys_base_dfd < 0)
|
||||
return log_error_errno(errno, "Failed to open system blob dir: %m");
|
||||
|
||||
if (reconciled == USER_RECONCILE_HOST_WON) {
|
||||
r = replace_blob_at(sys_base_dfd, h->user_name, root_fd, ".identity-blob",
|
||||
h->blob_manifest, 0700, h->uid);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to replace embedded blobs with system blobs: %m");
|
||||
|
||||
log_info("Replaced embedded blob dir with contents of system blob dir.");
|
||||
} else {
|
||||
assert(reconciled == USER_RECONCILE_EMBEDDED_WON);
|
||||
|
||||
r = replace_blob_at(root_fd, ".identity-blob", sys_base_dfd, h->user_name,
|
||||
h->blob_manifest, 0755, 0);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to replace system blobs with embedded blobs: %m");
|
||||
|
||||
log_info("Replaced system blob dir with contents of embedded blob dir.");
|
||||
}
|
||||
return 0;
|
||||
}
|
7
src/home/homework-blob.h
Normal file
7
src/home/homework-blob.h
Normal file
@ -0,0 +1,7 @@
|
||||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||
|
||||
#pragma once
|
||||
|
||||
#include "user-record.h"
|
||||
|
||||
int home_reconcile_blob_dirs(UserRecord *h, int root_fd, int reconciled);
|
@ -4,6 +4,7 @@
|
||||
|
||||
#include "btrfs-util.h"
|
||||
#include "fd-util.h"
|
||||
#include "homework-blob.h"
|
||||
#include "homework-directory.h"
|
||||
#include "homework-mount.h"
|
||||
#include "homework-quota.h"
|
||||
@ -265,7 +266,7 @@ int home_resize_directory(
|
||||
UserRecord **ret_home) {
|
||||
|
||||
_cleanup_(user_record_unrefp) UserRecord *embedded_home = NULL, *new_home = NULL;
|
||||
int r;
|
||||
int r, reconciled;
|
||||
|
||||
assert(h);
|
||||
assert(setup);
|
||||
@ -276,9 +277,9 @@ int home_resize_directory(
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = home_load_embedded_identity(h, setup->root_fd, NULL, USER_RECONCILE_REQUIRE_NEWER_OR_EQUAL, cache, &embedded_home, &new_home);
|
||||
if (r < 0)
|
||||
return r;
|
||||
reconciled = home_load_embedded_identity(h, setup->root_fd, NULL, USER_RECONCILE_REQUIRE_NEWER_OR_EQUAL, cache, &embedded_home, &new_home);
|
||||
if (reconciled < 0)
|
||||
return reconciled;
|
||||
|
||||
r = home_maybe_shift_uid(h, flags, setup);
|
||||
if (r < 0)
|
||||
@ -294,6 +295,10 @@ int home_resize_directory(
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = home_reconcile_blob_dirs(new_home, setup->root_fd, reconciled);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = home_extend_embedded_identity(new_home, h, setup);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
@ -33,6 +33,7 @@
|
||||
#include "glyph-util.h"
|
||||
#include "gpt.h"
|
||||
#include "home-util.h"
|
||||
#include "homework-blob.h"
|
||||
#include "homework-luks.h"
|
||||
#include "homework-mount.h"
|
||||
#include "io-util.h"
|
||||
@ -3129,7 +3130,7 @@ int home_resize_luks(
|
||||
struct fdisk_partition *partition = NULL;
|
||||
_cleanup_close_ int opened_image_fd = -EBADF;
|
||||
_cleanup_free_ char *whole_disk = NULL;
|
||||
int r, resize_type, image_fd = -EBADF;
|
||||
int r, resize_type, image_fd = -EBADF, reconciled = USER_RECONCILE_IDENTICAL;
|
||||
sd_id128_t disk_uuid;
|
||||
const char *ip, *ipo;
|
||||
struct statfs sfs;
|
||||
@ -3235,9 +3236,9 @@ int home_resize_luks(
|
||||
return r;
|
||||
|
||||
if (!FLAGS_SET(flags, HOME_SETUP_RESIZE_DONT_SYNC_IDENTITIES)) {
|
||||
r = home_load_embedded_identity(h, setup->root_fd, header_home, USER_RECONCILE_REQUIRE_NEWER_OR_EQUAL, cache, &embedded_home, &new_home);
|
||||
if (r < 0)
|
||||
return r;
|
||||
reconciled = home_load_embedded_identity(h, setup->root_fd, header_home, USER_RECONCILE_REQUIRE_NEWER_OR_EQUAL, cache, &embedded_home, &new_home);
|
||||
if (reconciled < 0)
|
||||
return reconciled;
|
||||
}
|
||||
|
||||
r = home_maybe_shift_uid(h, flags, setup);
|
||||
@ -3451,6 +3452,10 @@ int home_resize_luks(
|
||||
r = home_store_embedded_identity(new_home, setup->root_fd, embedded_home);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = home_reconcile_blob_dirs(new_home, setup->root_fd, reconciled);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
if (S_ISREG(st.st_mode)) {
|
||||
@ -3539,6 +3544,10 @@ int home_resize_luks(
|
||||
r = home_store_embedded_identity(new_home, setup->root_fd, embedded_home);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = home_reconcile_blob_dirs(new_home, setup->root_fd, reconciled);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -11,6 +11,7 @@
|
||||
#include "filesystems.h"
|
||||
#include "fs-util.h"
|
||||
#include "home-util.h"
|
||||
#include "homework-blob.h"
|
||||
#include "homework-cifs.h"
|
||||
#include "homework-directory.h"
|
||||
#include "homework-fido2.h"
|
||||
@ -695,7 +696,7 @@ int home_load_embedded_identity(
|
||||
if (ret_new_home)
|
||||
*ret_new_home = TAKE_PTR(new_home);
|
||||
|
||||
return 0;
|
||||
return r; /* We pass along who won the reconciliation */
|
||||
}
|
||||
|
||||
int home_store_embedded_identity(UserRecord *h, int root_fd, UserRecord *old_home) {
|
||||
@ -826,7 +827,7 @@ int home_refresh(
|
||||
UserRecord **ret_new_home) {
|
||||
|
||||
_cleanup_(user_record_unrefp) UserRecord *embedded_home = NULL, *new_home = NULL;
|
||||
int r;
|
||||
int r, reconciled;
|
||||
|
||||
assert(h);
|
||||
assert(setup);
|
||||
@ -835,9 +836,9 @@ int home_refresh(
|
||||
/* When activating a home directory, does the identity work: loads the identity from the $HOME
|
||||
* directory, reconciles it with our idea, chown()s everything. */
|
||||
|
||||
r = home_load_embedded_identity(h, setup->root_fd, header_home, USER_RECONCILE_ANY, cache, &embedded_home, &new_home);
|
||||
if (r < 0)
|
||||
return r;
|
||||
reconciled = home_load_embedded_identity(h, setup->root_fd, header_home, USER_RECONCILE_ANY, cache, &embedded_home, &new_home);
|
||||
if (reconciled < 0)
|
||||
return reconciled;
|
||||
|
||||
r = home_maybe_shift_uid(h, flags, setup);
|
||||
if (r < 0)
|
||||
@ -851,6 +852,10 @@ int home_refresh(
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = home_reconcile_blob_dirs(new_home, setup->root_fd, reconciled);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = chown_recursive_directory(setup->root_fd, h->uid);
|
||||
if (r < 0)
|
||||
return r;
|
||||
@ -1071,6 +1076,10 @@ int home_populate(UserRecord *h, int dir_fd) {
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = home_reconcile_blob_dirs(h, dir_fd, USER_RECONCILE_HOST_WON);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = chown_recursive_directory(dir_fd, h->uid);
|
||||
if (r < 0)
|
||||
return r;
|
||||
@ -1611,6 +1620,10 @@ static int home_update(UserRecord *h, UserRecord **ret) {
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = home_reconcile_blob_dirs(new_home, setup.root_fd, USER_RECONCILE_HOST_WON);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = home_extend_embedded_identity(new_home, h, &setup);
|
||||
if (r < 0)
|
||||
return r;
|
||||
@ -1682,7 +1695,7 @@ static int home_passwd(UserRecord *h, UserRecord **ret_home) {
|
||||
_cleanup_(home_setup_done) HomeSetup setup = HOME_SETUP_INIT;
|
||||
_cleanup_(password_cache_free) PasswordCache cache = {};
|
||||
HomeSetupFlags flags = 0;
|
||||
int r;
|
||||
int r, reconciled;
|
||||
|
||||
assert(h);
|
||||
assert(ret_home);
|
||||
@ -1702,9 +1715,9 @@ static int home_passwd(UserRecord *h, UserRecord **ret_home) {
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = home_load_embedded_identity(h, setup.root_fd, header_home, USER_RECONCILE_REQUIRE_NEWER_OR_EQUAL, &cache, &embedded_home, &new_home);
|
||||
if (r < 0)
|
||||
return r;
|
||||
reconciled = home_load_embedded_identity(h, setup.root_fd, header_home, USER_RECONCILE_REQUIRE_NEWER_OR_EQUAL, &cache, &embedded_home, &new_home);
|
||||
if (reconciled < 0)
|
||||
return reconciled;
|
||||
|
||||
r = home_maybe_shift_uid(h, flags, &setup);
|
||||
if (r < 0)
|
||||
@ -1736,6 +1749,10 @@ static int home_passwd(UserRecord *h, UserRecord **ret_home) {
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = home_reconcile_blob_dirs(new_home, setup.root_fd, reconciled);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = home_extend_embedded_identity(new_home, h, &setup);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
@ -2,6 +2,7 @@
|
||||
|
||||
systemd_homework_sources = files(
|
||||
'home-util.c',
|
||||
'homework-blob.c',
|
||||
'homework-cifs.c',
|
||||
'homework-directory.c',
|
||||
'homework-fscrypt.c',
|
||||
|
Loading…
Reference in New Issue
Block a user