summaryrefslogtreecommitdiffstats
path: root/src/home/homework-blob.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/home/homework-blob.c301
1 files changed, 301 insertions, 0 deletions
diff --git a/src/home/homework-blob.c b/src/home/homework-blob.c
new file mode 100644
index 0000000..6b22ab6
--- /dev/null
+++ b/src/home/homework-blob.c
@@ -0,0 +1,301 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include "copy.h"
+#include "fileio.h"
+#include "fd-util.h"
+#include "format-util.h"
+#include "fs-util.h"
+#include "home-util.h"
+#include "homework-blob.h"
+#include "homework.h"
+#include "install-file.h"
+#include "macro.h"
+#include "path-util.h"
+#include "recurse-dir.h"
+#include "rm-rf.h"
+#include "sha256.h"
+#include "string-util.h"
+#include "tmpfile-util.h"
+#include "umask-util.h"
+#include "utf8.h"
+
+static int copy_one_blob(
+ int src_fd,
+ int dest_dfd,
+ const char *name,
+ uint64_t *total_size,
+ uid_t uid,
+ Hashmap *manifest) {
+ _cleanup_(unlink_and_freep) char *dest_tmpname = NULL;
+ _cleanup_close_ int dest = -EBADF;
+ uint8_t hash[SHA256_DIGEST_SIZE], *known_hash;
+ off_t initial, size;
+ int r;
+
+ assert(src_fd >= 0);
+ assert(dest_dfd >= 0);
+ assert(name);
+ assert(total_size);
+ assert(uid_is_valid(uid));
+ assert(manifest);
+
+ if (!suitable_blob_filename(name)) {
+ log_warning("Blob %s has invalid filename. Skipping.", name);
+ return 0;
+ }
+
+ known_hash = hashmap_get(manifest, name);
+ if (!known_hash) {
+ log_warning("Blob %s is missing from manifest. Skipping.", name);
+ return 0;
+ }
+
+ r = fd_verify_regular(src_fd);
+ if (r < 0) {
+ log_warning_errno(r, "Blob %s is not a regular file. Skipping.", name);
+ return 0;
+ }
+
+ initial = lseek(src_fd, 0, SEEK_CUR);
+ if (initial < 0)
+ return log_debug_errno(errno, "Failed to get initial pos on fd for blob %s: %m", name);
+ if (initial > 0)
+ log_debug("Blob %s started offset %s into file", name, FORMAT_BYTES(initial));
+
+ /* Hashing is relatively cheaper compared to copying, especially since we're possibly copying across
+ * filesystems or even devices here. So first we check the hash and bail early if the file's contents
+ * don't match what's in the manifest. */
+
+ r = sha256_fd(src_fd, BLOB_DIR_MAX_SIZE, hash);
+ if (r == -EFBIG)
+ return log_warning_errno(r, "Blob %s is larger than blob directory size limit. Not copying any further.", name);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to compute sha256 for blob %s: %m", name);
+ if (memcmp(hash, known_hash, SHA256_DIGEST_SIZE) != 0) {
+ log_warning("Blob %s has incorrect hash. Skipping.", name);
+ return 0;
+ }
+
+ size = lseek(src_fd, 0, SEEK_CUR);
+ if (size < 0)
+ return log_debug_errno(errno, "Failed to get final pos on fd for blob %s: %m", name);
+ if (!DEC_SAFE(&size, initial))
+ return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid seek position on fd for %s. Couldn't get size.", name);
+
+ if (!INC_SAFE(total_size, size))
+ *total_size = UINT64_MAX;
+ log_debug("Blob %s size is %s, making the new total dir size %s", name, FORMAT_BYTES(size),
+ *total_size != UINT64_MAX ? FORMAT_BYTES(*total_size) : "overflow!");
+ if (*total_size > BLOB_DIR_MAX_SIZE)
+ return log_warning_errno(SYNTHETIC_ERRNO(EFBIG),
+ "Blob %s will cause blob directory to exceed its size limit. Not copying any further.", name);
+
+ /* Next we copy but don't yet link the file into the blob directory */
+
+ if (lseek(src_fd, initial, SEEK_SET) < 0)
+ return log_debug_errno(errno, "Failed to rewind fd for blob %s: %m", name);
+
+ dest = open_tmpfile_linkable_at(dest_dfd, name, O_RDWR|O_CLOEXEC, &dest_tmpname);
+ if (dest < 0)
+ return log_debug_errno(dest, "Failed to create dest tmpfile for blob %s: %m", name);
+
+ if (fchmod(dest, 0644) < 0)
+ return log_debug_errno(errno, "Failed to chmod blob %s: %m", name);
+ if (fchown(dest, uid, uid) < 0)
+ return log_debug_errno(errno, "Failed to chown blob %s: %m", name);
+
+ r = copy_bytes(src_fd, dest, BLOB_DIR_MAX_SIZE, 0);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to copy blob %s: %m", name);
+
+ /* The source FD might have changed while we were busy copying, thus invalidating the hash.
+ * So, we re-hash the data we just copied to make sure that this didn't happen. */
+
+ if (lseek(dest, 0, SEEK_SET) < 0)
+ return log_debug_errno(errno, "Failed to rewind blob %s for rehash: %m", name);
+
+ r = sha256_fd(dest, BLOB_DIR_MAX_SIZE, hash);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to rehash blob %s: %m", name);
+ if (memcmp(hash, known_hash, SHA256_DIGEST_SIZE) != 0) {
+ log_warning("Blob %s has changed while we were copying it. Skipping.", name);
+ return 0;
+ }
+
+ /* The file's contents still match the blob manifest, so it's safe to expose it in the directory */
+
+ r = link_tmpfile_at(dest, dest_dfd, dest_tmpname, name, 0);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to link blob %s: %m", name);
+ dest_tmpname = mfree(dest_tmpname);
+
+ return 0;
+}
+
+static int replace_blob_at(
+ int src_base_dfd,
+ const char *src_name,
+ int dest_base_dfd,
+ const char *dest_name,
+ Hashmap *manifest,
+ mode_t mode,
+ uid_t uid) {
+ _cleanup_free_ char *fn = NULL;
+ _cleanup_close_ int src_dfd = -EBADF, dest_dfd = -EBADF;
+ _cleanup_free_ DirectoryEntries *de = NULL;
+ uint64_t total_size = 0;
+ int r;
+
+ assert(src_base_dfd >= 0);
+ assert(src_name);
+ assert(dest_base_dfd >= 0);
+ assert(dest_name);
+ assert(uid_is_valid(uid));
+
+ src_dfd = openat(src_base_dfd, src_name, O_RDONLY|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW);
+ if (src_dfd < 0) {
+ if (errno == ENOENT)
+ return 0;
+ return log_debug_errno(errno, "Failed to open src blob dir: %m");
+ }
+
+ r = tempfn_random(dest_name, NULL, &fn);
+ if (r < 0)
+ return r;
+
+ dest_dfd = open_mkdir_at(dest_base_dfd, fn, O_EXCL|O_CLOEXEC, mode);
+ if (dest_dfd < 0)
+ return log_debug_errno(dest_dfd, "Failed to create/open dest blob dir: %m");
+
+ r = readdir_all(src_dfd, RECURSE_DIR_SORT, &de);
+ if (r < 0) {
+ log_debug_errno(r, "Failed to read src blob dir: %m");
+ goto fail;
+ }
+ for (size_t i = 0; i < de->n_entries; i++) {
+ const char *name = de->entries[i]->d_name;
+ _cleanup_close_ int src_fd = -EBADF;
+
+ src_fd = openat(src_dfd, name, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
+ if (src_fd < 0) {
+ r = log_debug_errno(errno, "Failed to open %s in src blob dir: %m", name);
+ goto fail;
+ }
+
+ r = copy_one_blob(src_fd, dest_dfd, name, &total_size, uid, manifest);
+ if (r == -EFBIG)
+ break;
+ if (r < 0)
+ goto fail;
+ }
+
+ if (fchown(dest_dfd, uid, uid) < 0) {
+ r = log_debug_errno(errno, "Failed to chown dest blob dir: %m");
+ goto fail;
+ }
+
+ r = install_file(dest_base_dfd, fn, dest_base_dfd, dest_name, INSTALL_REPLACE);
+ if (r < 0) {
+ log_debug_errno(r, "Failed to move dest blob dir into place: %m");
+ goto fail;
+ }
+
+ return 0;
+
+fail:
+ (void) rm_rf_at(dest_base_dfd, fn, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_MISSING_OK);
+ return r;
+}
+
+int home_reconcile_blob_dirs(UserRecord *h, int root_fd, int reconciled) {
+ _cleanup_close_ int sys_base_dfd = -EBADF;
+ int r;
+
+ assert(h);
+ assert(root_fd >= 0);
+ assert(reconciled >= 0);
+
+ if (reconciled == USER_RECONCILE_IDENTICAL)
+ return 0;
+
+ sys_base_dfd = open(home_system_blob_dir(), O_RDONLY|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW);
+ if (sys_base_dfd < 0)
+ return log_error_errno(errno, "Failed to open system blob dir: %m");
+
+ if (reconciled == USER_RECONCILE_HOST_WON) {
+ r = replace_blob_at(sys_base_dfd, h->user_name, root_fd, ".identity-blob",
+ h->blob_manifest, 0700, h->uid);
+ if (r < 0)
+ return log_error_errno(r, "Failed to replace embedded blobs with system blobs: %m");
+
+ log_info("Replaced embedded blob dir with contents of system blob dir.");
+ } else {
+ assert(reconciled == USER_RECONCILE_EMBEDDED_WON);
+
+ r = replace_blob_at(root_fd, ".identity-blob", sys_base_dfd, h->user_name,
+ h->blob_manifest, 0755, 0);
+ if (r < 0)
+ return log_error_errno(r, "Failed to replace system blobs with embedded blobs: %m");
+
+ log_info("Replaced system blob dir with contents of embedded blob dir.");
+ }
+ return 0;
+}
+
+int home_apply_new_blob_dir(UserRecord *h, Hashmap *blobs) {
+ _cleanup_free_ char *fn = NULL;
+ _cleanup_close_ int base_dfd = -EBADF, dfd = -EBADF;
+ uint64_t total_size = 0;
+ const char *filename;
+ const void *v;
+ int r;
+
+ assert(h);
+
+ if (!blobs) /* Shortcut: If no blobs are passed from dbus, we have nothing to do. */
+ return 0;
+
+ base_dfd = open(home_system_blob_dir(), O_RDONLY|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW);
+ if (base_dfd < 0)
+ return log_error_errno(errno, "Failed to open system blob base dir: %m");
+
+ if (hashmap_isempty(blobs)) {
+ /* Shortcut: If blobs was passed but empty, we can simply delete the contents
+ * of the directory. */
+ r = rm_rf_at(base_dfd, h->user_name, REMOVE_PHYSICAL|REMOVE_MISSING_OK);
+ if (r < 0)
+ return log_error_errno(r, "Failed to empty out system blob dir: %m");
+ return 0;
+ }
+
+ r = tempfn_random(h->user_name, NULL, &fn);
+ if (r < 0)
+ return r;
+
+ dfd = open_mkdir_at(base_dfd, fn, O_EXCL|O_CLOEXEC, 0755);
+ if (dfd < 0)
+ return log_error_errno(errno, "Failed to create system blob dir: %m");
+
+ HASHMAP_FOREACH_KEY(v, filename, blobs) {
+ r = copy_one_blob(PTR_TO_FD(v), dfd, filename, &total_size, 0, h->blob_manifest);
+ if (r == -EFBIG)
+ break;
+ if (r < 0) {
+ log_error_errno(r, "Failed to copy %s into system blob dir: %m", filename);
+ goto fail;
+ }
+ }
+
+ r = install_file(base_dfd, fn, base_dfd, h->user_name, INSTALL_REPLACE);
+ if (r < 0) {
+ log_error_errno(r, "Failed to move system blob dir into place: %m");
+ goto fail;
+ }
+
+ log_info("Replaced system blob directory.");
+ return 0;
+
+fail:
+ (void) rm_rf_at(base_dfd, fn, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_MISSING_OK);
+ return r;
+}