1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00
Commit Graph

24476 Commits

Author SHA1 Message Date
Lennart Poettering
2e1bab34bd resolved: when switching between DNSSEC modes, possibly flush caches
If the networkd configuration changes during runtime, make sure to flush all caches when we switch from a less trusted
to a more trusted mode.
2016-01-17 20:47:46 +01:00
Lennart Poettering
c02cf2f41f resolved: when the server feature level changes between query and response restart transaction
In some cases we learn something about a server's feature level through its responses. If we notice that after doing
basic checking of a response, and after collecting all auxiliary DNSSEC info the feature level of the server is lower
than where we started, restart the whole transaction.

This is useful to deal with servers that response rubbish when talked to with too high feature levels.
2016-01-17 20:47:46 +01:00
Lennart Poettering
ed9717fcbf resolved: check OPT RR before accepting a reply for verification of server feature level
Let's make sure we first check if the OPT was lost in the reply, before we accept a reply as successful and use it for
verifying the current feature level.
2016-01-17 20:47:46 +01:00
Lennart Poettering
c5b4f86178 resolved: when restarting a DNS transaction, remove all auxiliary DNSSEC transactions
When we restart a DNS transaction, remove all connections to any auxiliary DNSSEC transactions, after all we might
acquire completely different data this time, requiring different auxiliary DNSSEC transactions.
2016-01-17 20:47:46 +01:00
Lennart Poettering
b64513580c resolved: when we receive an reply which is OPT-less or RRSIG-less, downgrade what we verified
If we receive a reply that lacks the OPT RR, then this is reason to downgrade what was verified before, as it's
apparently no longer true, and the previous OPT RR we saw was only superficially OK.

Similar, if we realize that RRSIGs are not augmented, then also downgrade the feature level that was verified, as
DNSSEC is after all not supported. This check is in particular necessary, as we might notice the fact that RRSIG is not
augmented only very late, when verifying the root domain.

Also, when verifying a successful response, actually take in consideration that it might have been reported already
that RRSIG or OPT are missing in the response.
2016-01-17 20:47:46 +01:00
Lennart Poettering
de54e62b4b resolved: downgrade server feature level more aggressively when we have reason to
This adds logic to downgrade the feature level more aggressively when we have reason to. Specifically:

- When we get a response packet that lacks an OPT RR for a query that had it. If so, downgrade immediately to UDP mode,
  i.e. don't generate EDNS0 packets anymore.

- When we get a response which we are sure should be signed, but lacks RRSIG RRs, we downgrade to EDNS0 mode, i.e.
  below DO mode, since DO is apparently not really supported.

This should increase compatibility with servers that generate non-sensical responses if they messages with OPT RRs and
suchlike, for example the situation described here:

https://open.nlnetlabs.nl/pipermail/dnssec-trigger/2014-November/000376.html

This also changes the downgrade code to explain in a debug log message why a specific downgrade happened.
2016-01-17 20:47:46 +01:00
Lennart Poettering
c3f7000e61 resolved: ignore invalid OPT RRs in incoming packets
This validates OPT RRs more rigorously, before honouring them: if we any of the following condition holds, we'll ignore
them:

a) Multiple OPT RRs in the same message
b) OPT RR not owned by the root domain
c) OPT RR in the wrong section (Belkin routers do this)
d) OPT RR contain rfc6975 algorithm data (Belkin routers do this)
e) OPT version is not 0
f) OPT payload doesn't add up with the lengths

Note that d) may be an indication that the server just blindly copied OPT data from the response into the reply.
RFC6975 data is only supposed to be included in queries, and we do so. It's not supposed to be included in responses
(and the RFC is very clear on that). Hence if we get it back in a reply, then the server probably just copied the OPT
RR.
2016-01-17 20:47:46 +01:00
Lennart Poettering
afc58cc2fb resolved: update RFCs list and TODO list 2016-01-17 20:47:46 +01:00
Lennart Poettering
412577e3c8 resolved: add complex test case
This new test case tries to resolve a couple of known domains, to verify the validation results. It talks to resolved
via the bus, thus comprehensively testing the whole shebang.

Of course, it requires network connectivity and a DNSSEC capable DNS server, hence this is a manual test.
2016-01-17 20:47:46 +01:00
Lennart Poettering
ab481675f9 resolved: complete NSEC non-existance proofs
This fills in the last few gaps:

- When checking if a domain is non-existing, also check that no wildcard for it exists
- Ensure we don't base "covering" tests on NSEC RRs from a parent zone
- Refuse to accept expanded wildcard NSEC RRs for absence proofs.
2016-01-17 20:47:46 +01:00
Lennart Poettering
d86c982a34 resolved: make sure the NSEC proof-of-non-existance check also looks for wildcard domains 2016-01-17 20:47:46 +01:00
Lennart Poettering
b9282bc128 resolved: on negative NODATA replies, properly deal with empty non-terminals
empty non-terminals generally lack NSEC RRs, which means we can deduce their existance only from the fact that there
are other RRs that contain them in their suffix. Specifically, the NSEC proof for NODATA on ENTs works by sending the
NSEC whose next name is a suffix of the queried name to the client. Use this information properly.
2016-01-17 20:47:46 +01:00
Lennart Poettering
96bb76734d resolved: rename dnssec_verify_dnskey() → dnssec_verify_dnskey_by_ds()
This should clarify that this is not regular signature-based validation, but validation through DS RR fingerprints.
2016-01-17 20:47:45 +01:00
Lennart Poettering
93a3b9294f resolved: be stricter when using NSEC3
We can user signer and synthesizing source information to check that the NSEC3 RRs we want to use are
actually reasonable and properly signed.
2016-01-17 20:47:45 +01:00
Lennart Poettering
97c67192ea resolved: when validating an RRset, store information about the synthesizing source and zone in each RR
Having this information available is useful when we need to check whether various RRs are suitable for proofs. This
information is stored in the RRs as number of labels to skip from the beginning of the owner name to reach the
synthesizing source/signer. Simple accessor calls are then added to retrieve the signer/source from the RR using this
information.

This also moves validation of a a number of RRSIG parameters into a new call dnssec_rrsig_prepare() that as side-effect
initializes the two numeric values.
2016-01-17 20:47:45 +01:00
Lennart Poettering
1827a1582c resolved: do not use NSEC RRs from the wrong zone for proofs
When proving NODATA DS lookups we need to insist on looking at the parent zone's NSEC RR, not the child zone's.

When proving any other NODATA lookups we need to insist on looking at the child zone's NSEC RR, not the parent's.
2016-01-17 20:44:25 +01:00
Lennart Poettering
54b778e7d6 resolved: ignore DS RRs without generating an error if they use an unsupported digest algorithm 2016-01-17 20:44:25 +01:00
Lennart Poettering
588c53d044 resolved: some RR types may appear only or not at all in a zone apex
Add extra checks when validating with RRSIGs. This follows recommendations from:

http://www.george-barwood.pwp.blueyonder.co.uk/DnsServer/NotesOnDNSSSEC.htm
2016-01-17 20:44:25 +01:00
Lennart Poettering
3d39e6e5d4 Update TODO 2016-01-17 20:44:25 +01:00
Daniel Mack
3855df576f Merge pull request #2340 from evverx/fix-memory-leak-on-enable-disable-etc
core: fix memory leak on set-default, enable, disable etc
2016-01-17 13:47:18 +01:00
Evgeny Vereshchagin
24f412ca41 core: fix memory leak on set-default, enable, disable etc
Fixes:
==1==    by 0x23E44C: remove_marked_symlinks_fd (install.c:453)
==1==    by 0x23E256: remove_marked_symlinks_fd (install.c:405)
==1==    by 0x23E630: remove_marked_symlinks (install.c:494)
==1==    by 0x2427A0: unit_file_disable (install.c:1876)
==1==    by 0x18A633: method_disable_unit_files_generic (dbus-manager.c:1760)
==1==    by 0x18A6CA: method_disable_unit_files (dbus-manager.c:1768)
==1==    by 0x1D8146: method_callbacks_run (bus-objects.c:420)
==1==    by 0x1DA9D8: object_find_and_run (bus-objects.c:1257)
==1==    by 0x1DB01A: bus_process_object (bus-objects.c:1373)
==1==
==1== 228 (48 direct, 180 indirect) bytes in 2 blocks are definitely lost in loss record 8 of 14
==1==    at 0x4C2BBCF: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1==    by 0x4C2DE2F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1==    by 0x23DA60: unit_file_changes_add (install.c:233)
==1==    by 0x23DDB2: create_symlink (install.c:298)
==1==    by 0x240C5C: install_info_symlink_wants (install.c:1328)
==1==    by 0x240FC8: install_info_apply (install.c:1384)
==1==    by 0x241211: install_context_apply (install.c:1439)
==1==    by 0x242563: unit_file_enable (install.c:1830)
==1==    by 0x18A06E: method_enable_unit_files_generic (dbus-manager.c:1650)
==1==    by 0x18A141: method_enable_unit_files (dbus-manager.c:1660)
==1==    by 0x1D8146: method_callbacks_run (bus-objects.c:420)
==1==    by 0x1DA9D8: object_find_and_run (bus-objects.c:1257)
==1==
==1== 467 (144 direct, 323 indirect) bytes in 3 blocks are definitely lost in loss record 9 of 14
==1==    at 0x4C2DD9F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1==    by 0x23DA60: unit_file_changes_add (install.c:233)
==1==    by 0x23DE97: create_symlink (install.c:320)
==1==    by 0x242CFC: unit_file_set_default (install.c:1951)
==1==    by 0x18A881: method_set_default_target (dbus-manager.c:1802)
==1==    by 0x1D8146: method_callbacks_run (bus-objects.c:420)
==1==    by 0x1DA9D8: object_find_and_run (bus-objects.c:1257)
==1==    by 0x1DB01A: bus_process_object (bus-objects.c:1373)
==1==    by 0x259143: process_message (sd-bus.c:2567)
==1==    by 0x259326: process_running (sd-bus.c:2609)
==1==    by 0x259BDC: bus_process_internal (sd-bus.c:2798)
==1==    by 0x259CAD: sd_bus_process (sd-bus.c:2817)
==1==
==1== LEAK SUMMARY:
==1==    definitely lost: 216 bytes in 6 blocks
==1==    indirectly lost: 560 bytes in 14 blocks
==1==      possibly lost: 0 bytes in 0 blocks
==1==    still reachable: 65,536 bytes in 5 blocks
==1==         suppressed: 0 bytes in 0 blocks
==1== Reachable blocks (those to which a pointer was found) are not shown.
==1== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==1==
2016-01-17 10:05:55 +00:00
nmartensen
104bc12fbc fstab-generator: fix ordering of /sysroot/usr mount
According to bootup(7) and the behavior when /usr is specified in /etc/fstab, the /sysroot/usr mount should be before initrd-fs.target, not before initrd-root-fs.target.
2016-01-17 10:58:40 +01:00
Dominik Hannen
f217be196e Fix IPv6PrivacyExtension (networkd-ndisc.c)
This small addition fixes the issues #1982 and #2242.
IPv6PrivacyExtension now works as expected even when a RA is received.
2016-01-16 00:44:46 +01:00
Daniel Mack
05c72f0f18 Merge pull request #2334 from jwilk/spelling
man: fix typos
2016-01-15 13:11:16 +01:00
Jakub Wilk
b8e1d4d183 man: fix typos 2016-01-15 12:48:01 +01:00
Daniel Mack
bf8febb96a Merge pull request #2328 from evverx/fix-transient-units-memeory-leak
Fix transient units memory leak
2016-01-15 09:03:34 +01:00
nmartensen
ce3f6d82b0 fstab-generator: remove bogus condition
The sysroot mount is already taken care of by the add_sysroot_mount function. With this condition left in, we can get something like this:

initrd-root-fs.target.requires
`-- usr.mount -> /run/systemd/generator/usr.mount

in the main system (i.e., not in the initramfs). In the initramfs, the previous condition already kicks in.
2016-01-15 07:55:25 +01:00
Yu Watanabe
d70698b7e6 journal-remote: add SupplementaryGroups to systemd-journal-upload.service 2016-01-15 15:25:36 +09:00
Yu Watanabe
dcdd441140 journal-remote: change owner of /var/log/journal/remote and create /var/lib/systemd/journal-upload 2016-01-15 15:19:52 +09:00
Susant Sahani
efd3c89734 networkd: tunnel add support to configure address "any"
It enhances tunnel(IPIP,GRE, SIT) to aconfigure address as
any.

Fixes #2279
2016-01-15 09:32:58 +05:30
Evgeny Vereshchagin
cb2f9d3f29 tests: add function for valgrind wrapper creation
I used it for d9814c7 and bffd87b
2016-01-15 02:53:47 +00:00
Evgeny Vereshchagin
bffd87bb12 core: fix memory leak in transient units
Fixes:
==1== HEAP SUMMARY:
==1==     in use at exit: 67,182 bytes in 91 blocks
==1==   total heap usage: 70,485 allocs, 70,394 frees, 42,184,635 bytes
allocated
==1==
==1== 5,742 (696 direct, 5,046 indirect) bytes in 29 blocks are
definitely lost in loss record 4 of 7
==1==    at 0x4C2DD9F: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1==    by 0x21ADDD: realloc_multiply (alloc-util.h:67)
==1==    by 0x21BFB0: strv_push (strv.c:448)
==1==    by 0x21C245: strv_consume (strv.c:520)
==1==    by 0x21C33C: strv_extend (strv.c:559)
==1==    by 0x278AD7: unit_write_drop_in (unit.c:3352)
==1==    by 0x278EEB: unit_write_drop_in_private (unit.c:3403)
==1==    by 0x190C21: bus_service_set_transient_property
(dbus-service.c:254)
==1==    by 0x190DBC: bus_service_set_property (dbus-service.c:284)
==1==    by 0x18F00E: bus_unit_set_properties (dbus-unit.c:1226)
==1==    by 0x186F6A: transient_unit_from_message (dbus-manager.c:683)
==1==    by 0x1872B7: method_start_transient_unit (dbus-manager.c:763)
==1==
==1== LEAK SUMMARY:
==1==    definitely lost: 696 bytes in 29 blocks
==1==    indirectly lost: 5,046 bytes in 58 blocks
==1==      possibly lost: 0 bytes in 0 blocks
==1==    still reachable: 61,440 bytes in 4 blocks
==1==         suppressed: 0 bytes in 0 blocks
2016-01-15 02:46:43 +00:00
Vito Caputo
7a24f3bf2f journal: coalesce ftruncate()s in 250ms windows
Prior to this change every journal append causes an ftruncate() for the
sake of inotify propagation of the mmap-based writes.

With this change the notification is deferred up to ~250ms, coalescing
any repeated journal writes during the deferred period into a single
ftruncate().  The ftruncate() call isn't free and doing it on every
append adds unnecessary overhead and latency in the journald event loop.

Introduces journal_file_enable_post_change_timer() which manages a
timer on the provided sd-event instance for scheduling coalesced
ftruncates.  The ftruncate() behavior is unchanged unless
journal_file_enable_post_change_timer() is called on the JournalFile.

While not a tremendous improvement, profiling systemd-journald event loop
latencies using instrumentation as introduced by 34b8751 it was observed that
coalescing the ftruncates was low-hanging fruit worth pursuing.

Note orders 12 and 13 shifting left into order 11 and order 6 dipping into
order 5:

Unmodified:
     log2(us)   1 2 3  4 5  6   7   8  9   10 11   12   13 14 15 16 17 18 19
                -----------------------------------------------------------
[10685.414572]  0 0 0  0 38 602 61  2  290 60 1643 2554 13 1  4  1  0  0  1
[10690.415114]  0 0 0  0 0  646 54  7  309 44 2073 2148 17 1  3  0  0  0  1
[10695.415509]  0 0 0  0 1  650 73  3  324 37 2071 2270 9  0  0  1  0  1  0
[10700.416297]  0 0 0  0 0  659 50  4  318 38 2111 2152 6  0  1  0  0  1  1
[10705.417136]  0 0 0  0 2  660 48  4  320 38 2129 2146 12 1  1  0  0  1  1
[10710.489114]  0 0 0  0 0  673 38  3  321 37 1925 2339 7  0  0  0  0  1  1
[10715.489613]  0 0 0  0 3  656 64  8  317 48 2365 2007 7  0  0  0  0  0  1

Coalesced:
     log2(us)   1 2 3  4 5  6   7   8  9   10 11   12   13 14 15 16 17 18 19
                -----------------------------------------------------------
[ 6169.161360]  0 0 0  1 24 786 54  11 389 24 4192 771  6  4  0  0  1  0  1
[ 6174.161705]  0 0 0  1 18 800 35  6  380 27 3977 893  3  1  0  0  1  0  1
[ 6179.162741]  0 0 0  1 28 768 51  4  391 16 3998 831  5  3  0  0  0  0  2
[ 6184.162856]  0 0 0  0 19 770 60  2  376 26 3795 1004 9  5  1  0  1  0  1
[ 6189.163279]  0 0 0  0 28 761 49  7  372 27 3729 1056 3  2  0  0  1  0  1
[ 6194.164255]  0 0 0  0 25 785 49  7  394 19 3996 908  6  3  2  0  0  0  1
[ 6199.164658]  0 0 0  0 29 797 35  5  389 18 3995 898  3  4  1  1  1  0  1

The remaining high-order delays are a result of the synchronous fsyncs in
systemd-journald, beyond the scope of this commit.
2016-01-14 16:36:07 -08:00
Zbigniew Jędrzejewski-Szmek
50b480246c Merge pull request #2322 from fbuihuu/downgrade-warn-for-not-found-unit
transaction: downgrade warnings about wanted units which are not found
2016-01-14 12:33:19 -05:00
Tom Gundersen
becc96b726 Merge pull request #2316 from poettering/dnssec14
Fourteenth DNSSEC PR
2016-01-14 17:02:57 +01:00
Lennart Poettering
deebd4d26f Merge pull request #2319 from walyong/log_msg_v04
[v4] bus-util: print "systemctl --user" on user service manager
2016-01-14 16:09:54 +01:00
Franck Bui
f14637fc19 transaction: downgrade warnings about wanted unit which are not found
If a unit was pulled by a Wants= dependency but its unit file was not
present then we logged this as an error.

However Wants= might be used to configure a soft/optional dependency
on another unit, ie. start an optional service only if it's installed
otherwise simply skip it. In this case emitting an error doesn't look
appropriate.

But it's still an error if the optional dependency exists but its
activation fails for any reasons.
2016-01-14 10:46:12 +01:00
Daniel Mack
ca9ec350f3 Merge pull request #2320 from evverx/fix-memory-leak-on-reload
Fix memory leak on daemon-reload
2016-01-14 10:35:45 +01:00
Evgeny Vereshchagin
a2fbff31c9 tests: add function for valgrind installation
I used it for d9814c76ec
Very handy:)
2016-01-14 08:11:17 +00:00
Evgeny Vereshchagin
d9814c76ec core: fix memory leak on reload
==1== HEAP SUMMARY:
==1==     in use at exit: 61,728 bytes in 22 blocks
==1==   total heap usage: 258,122 allocs, 258,100 frees, 78,219,628
bytes allocated
==1==
==1== 16 bytes in 1 blocks are definitely lost in loss record 1 of 6
==1==    at 0x4C2BBCF: malloc (vg_replace_malloc.c:299)
==1==    by 0x1E350E: memdup (alloc-util.c:34)
==1==    by 0x135AFB: memdup_multiply (alloc-util.h:74)
==1==    by 0x140F97: manager_set_default_rlimits (manager.c:2929)
==1==    by 0x1303DA: manager_set_defaults (main.c:737)
==1==    by 0x133A02: main (main.c:1718)
==1==
==1== 272 bytes in 17 blocks are definitely lost in loss record 2 of 6
==1==    at 0x4C2BBCF: malloc (vg_replace_malloc.c:299)
==1==    by 0x1E350E: memdup (alloc-util.c:34)
==1==    by 0x135AFB: memdup_multiply (alloc-util.h:74)
==1==    by 0x140F97: manager_set_default_rlimits (manager.c:2929)
==1==    by 0x1303DA: manager_set_defaults (main.c:737)
==1==    by 0x13480D: main (main.c:1828)
==1==
==1== LEAK SUMMARY:
==1==    definitely lost: 288 bytes in 18 blocks
==1==    indirectly lost: 0 bytes in 0 blocks
==1==      possibly lost: 0 bytes in 0 blocks
==1==    still reachable: 61,440 bytes in 4 blocks
==1==         suppressed: 0 bytes in 0 blocks
==1== Reachable blocks (those to which a pointer was found) are not
shown.
==1== To see them, rerun with: --leak-check=full --show-leak-kinds=all
2016-01-14 07:45:03 +00:00
WaLyong Cho
10ba483504 bus-util: print "systemctl --user" on user service manager
When a unit was started with "systemctl --user" and it failed, error
messages is printed as "systemctl status". But it should be "systemctl
--user status".
2016-01-14 15:33:43 +09:00
Daniel Mack
8ec46f55e5 Merge pull request #2317 from evverx/rm-mtab
README, tests: remove /etc/mtab
2016-01-14 01:40:27 +01:00
Evgeny Vereshchagin
75f63f0640 README, tests: remove /etc/mtab
This is a followup for 1d40ddb
2016-01-14 00:11:07 +00:00
Zbigniew Jędrzejewski-Szmek
b326715278 tree-wide: check if errno is greater than zero (2)
Compare errno with zero in a way that tells gcc that
(if the condition is true) errno is positive.
2016-01-13 15:10:17 -05:00
Zbigniew Jędrzejewski-Szmek
f5e5c28f42 tree-wide: check if errno is greater then zero
gcc is confused by the common idiom of
  return errno ? -errno : -ESOMETHING
and thinks a positive value may be returned. Replace this condition
with errno > 0 to help gcc and avoid many spurious warnings. I filed
a gcc rfe a long time ago, but it hard to say if it will ever be
implemented [1].

Both conventions were used in the codebase, this change makes things
more consistent. This is a follow up to bcb161b023.

[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61846
2016-01-13 15:09:55 -05:00
Lennart Poettering
81ec9e0887 shared: reuse dns_label_unescape_undo_idna() in more places
We frequently unescape DNS label follwed by IDNA undoing. We now have a function that does that in one step, hence use
it everywhere.
2016-01-13 20:45:58 +01:00
Lennart Poettering
45c4210ed6 shared: simplify string concatenation with strjoin() 2016-01-13 20:45:20 +01:00
Lennart Poettering
34361485a8 shared: port dns_name_compare_func() to make use of ascii_strcasecmp_nn()
This way we become compatible with DNS names with embedded NUL bytes.
2016-01-13 20:22:32 +01:00
Lennart Poettering
f6fbd9c21f shared: simplify dns_name_is_single_label() by using dns_name_parent() to skip first label 2016-01-13 20:22:32 +01:00
Lennart Poettering
c174983474 basic: add ascii_strcasecmp_nn() call
In contrast to ascii_strcasecmp_nn() it takes two character buffers with their individual length. It will then compare
the buffers up the smaller size of the two buffers, and finally the length themselves.
2016-01-13 20:22:32 +01:00