Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow different name for user data #11165

Merged
merged 1 commit into from
Nov 22, 2020
Merged

Allow different name for user data #11165

merged 1 commit into from
Nov 22, 2020

Conversation

CragW
Copy link
Contributor

@CragW CragW commented Nov 6, 2020
edited
Loading

Motivation and Context

Currently, the name of dataset for each user is predicted statically, as homes_prefix e.g. rpool/home, followed by user's name e.g. rpool/home/test. However, the naming style may vary from current prediction according to users own preference.

The problem for instance, filesystem dataset rpool/home/test_123456 is given to user test as home directory to hold user data, rather than the predicted name. In this case, failure is seen due to missing rpool/home/test.

Description

Proposed change in this commit brings option prop_mountpoint to pam_zfs_key.so module. Given option will take passwd's pw_dir e.g. /home/test comparing with property mountpoint from walking through all the filesystem datasets until one has the value matched.

How Has This Been Tested?

  1. Copy pam_zfs_key.so to /lib/x86_64-linux-gnu/security/
  2. Set homes=rpool/USERDATA prop_mountpoint to pam_zfs_key.so in /usr/share/pam-configs/zfs_key
  3. Run pam-auth-update to make changes effect
  4. Run adduser test to create a new user
  5. Dataset rpool/USERDATA/test_123456 is created for new added user test with mountpoint /home/test set
  6. Dataset rpool/USERDATA/test_123456 is found and passphrase is updated by pam_zfs_key.so successfully

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Performance enhancement (non-breaking change which improves efficiency)
  • Code cleanup (non-breaking change which makes code smaller or more readable)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation (a change to man pages or other documentation)

Checklist:

@behlendorf behlendorf added the Status: Code Review Needed Ready for review and testing label Nov 10, 2020
behlendorf
behlendorf reviewed Nov 11, 2020
View reviewed changes
Copy link
Contributor

@behlendorf behlendorf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@felixdoerre as the original author would you mind reviewing this.

felixdoerre
felixdoerre reviewed Nov 11, 2020
View reviewed changes
felixdoerre
felixdoerre reviewed Nov 12, 2020
View reviewed changes
felixdoerre
felixdoerre reviewed Nov 13, 2020
View reviewed changes
@CragW CragW changed the title Allow different name for user data, remove the key if dataset is encrypted Allow different name for user data Nov 18, 2020
@bghira
Copy link

bghira commented Nov 18, 2020

can you do something better than O(n) look-up complexity? perhaps using binary search?

@CragW
Copy link
Contributor Author

CragW commented Nov 19, 2020

That is a recursive call from within a wrapper zfs_iter_filesystems, I don't know how to improve O(n) without modifying the library stack.

I can simplify the searching so it starts from homes_prefix as behlendorf earlier mentioned that given homes_prefix should not be NULL therefore it is a good entry point. This idea is implemented in commit #160735, I can pull commit #160735 up to this PR.

@aerusso aerusso mentioned this pull request Nov 21, 2020
Closed
felixdoerre
felixdoerre approved these changes Nov 21, 2020
View reviewed changes
@behlendorf
Copy link
Contributor

@CragW can you please rebase this on the latest version of the master branch, squash your commits, and force update the PR.

@CragW
pam_zfs_key: accommodate different dataset naming scheme
2242612 
Name of dataset for user home directory may vary from the expected
$homes_prefix/$username, if different naming scheme is being used.

We can use property mountpoint to specify the dataset for $username
as long as its value is identical to passwd's pw_dir.

For example:
    NAME                       PROPERTY     VALUE
    rpool/home/myuser_123456   mountpoint   /home/myuser

Signed-off-by: Crag Wang <crag0715@gmail.com>
@CragW
Copy link
Contributor Author

CragW commented Nov 22, 2020

Done. BIG THANKS to @behlendorf and @felixdoerre .

@behlendorf behlendorf added Status: Accepted Ready to integrate (reviewed, tested) and removed Status: Code Review Needed Ready for review and testing labels Nov 22, 2020
@behlendorf behlendorf merged commit dc6d39a into openzfs:master Nov 22, 2020
@CragW CragW deleted the wip branch November 23, 2020 04:35
behlendorf pushed a commit that referenced this pull request Nov 25, 2020
@CragW @behlendorf
pam_zfs_key: accommodate different dataset naming scheme
14bdf57 
Name of dataset for user home directory may vary from the expected
$homes_prefix/$username, if different naming scheme is being used.

We can use property mountpoint to specify the dataset for $username
as long as its value is identical to passwd's pw_dir.

For example:
    NAME                       PROPERTY     VALUE
    rpool/home/myuser_123456   mountpoint   /home/myuser

Reviewed-by: Felix Dörre <felix@dogcraft.de>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Crag Wang <crag0715@gmail.com>
Closes #11165
jsai20 pushed a commit to jsai20/zfs that referenced this pull request Mar 30, 2021
@CragW @jsai20
pam_zfs_key: accommodate different dataset naming scheme
f2667de 
Name of dataset for user home directory may vary from the expected
$homes_prefix/$username, if different naming scheme is being used.

We can use property mountpoint to specify the dataset for $username
as long as its value is identical to passwd's pw_dir.

For example:
    NAME                       PROPERTY     VALUE
    rpool/home/myuser_123456   mountpoint   /home/myuser

Reviewed-by: Felix Dörre <felix@dogcraft.de>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Crag Wang <crag0715@gmail.com>
Closes openzfs#11165
sempervictus pushed a commit to sempervictus/zfs that referenced this pull request May 31, 2021
@CragW
pam_zfs_key: accommodate different dataset naming scheme
7eddf4d 
Name of dataset for user home directory may vary from the expected
$homes_prefix/$username, if different naming scheme is being used.

We can use property mountpoint to specify the dataset for $username
as long as its value is identical to passwd's pw_dir.

For example:
    NAME                       PROPERTY     VALUE
    rpool/home/myuser_123456   mountpoint   /home/myuser

Reviewed-by: Felix Dörre <felix@dogcraft.de>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Crag Wang <crag0715@gmail.com>
Closes openzfs#11165
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@behlendorf behlendorf behlendorf approved these changes

@felixdoerre felixdoerre felixdoerre approved these changes

Assignees
No one assigned
Labels
Status: Accepted Ready to integrate (reviewed, tested)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@CragW @bghira @behlendorf @felixdoerre