1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

44925 Commits

Author SHA1 Message Date
Evgeny Vereshchagin
0d5266541c tests: add a testcase for https://github.com/systemd/systemd/issues/15885 2020-05-22 13:35:00 +02:00
Susant Sahani
1eb73422f2 network: Fix crash when SendOption= is invalid
```
p11-kit-0.23.20-1.fc32.x86_64 pam-1.3.1-26.fc33.x86_64 xz-libs-5.2.5-1.fc33.x86_64 zlib-1.2.11-21.fc32.x86_64
(gdb) bt
    lvalue=0x560e10 "SendOption", ltype=2, rvalue=0x560e1b "11:string", data=0x561e20, userdata=0x561cd0) at ../src/network/networkd-dhcp-common.c:580
    table=0x4392e0 <network_network_gperf_lookup>, section=0x560ef0 "DHCPv4", section_line=14, lvalue=0x560e10 "SendOption", rvalue=0x560e1b "11:string", flags=CONFIG_PARSE_WARN,
    userdata=0x561cd0) at ../src/shared/conf-parser.c:132
    lookup=0x7ffff7d2f76d <config_item_perf_lookup>, table=0x4392e0 <network_network_gperf_lookup>, flags=CONFIG_PARSE_WARN, section=0x7fffffffc9f8, section_line=0x7fffffffc9a0,
    section_ignored=0x7fffffffc99d, l=0x560e10 "SendOption", userdata=0x561cd0) at ../src/shared/conf-parser.c:270
    lookup=0x7ffff7d2f76d <config_item_perf_lookup>, table=0x4392e0 <network_network_gperf_lookup>, flags=CONFIG_PARSE_WARN, userdata=0x561cd0) at ../src/shared/conf-parser.c:395
    lookup=0x7ffff7d2f76d <config_item_perf_lookup>, table=0x4392e0 <network_network_gperf_lookup>, flags=CONFIG_PARSE_WARN, userdata=0x561cd0) at ../src/shared/conf-parser.c:452
    dropin_dirname=0x7fffffffcbd0 "veth99.network.d", sections=0x4f3a18 "Match", lookup=0x7ffff7d2f76d <config_item_perf_lookup>, table=0x4392e0 <network_network_gperf_lookup>,
    flags=CONFIG_PARSE_WARN, userdata=0x561cd0) at ../src/shared/conf-parser.c:511
(gdb) q
A debugging session is active.

	Inferior 1 [process 118718] will be killed.
```

```
$ printf '[DHCPv4]\nSendOption=1:uint8' >crash

$ ./out/fuzz-network-parser ./crash
INFO: Seed: 1158717610
INFO: Loaded 2 modules   (199728 inline 8-bit counters): 136668 [0x7faf3e91a930, 0x7faf3e93bf0c), 63060 [0xadf190, 0xaee7e4),
INFO: Loaded 2 PC tables (199728 PCs): 136668 [0x7faf3e93bf10,0x7faf3eb51cd0), 63060 [0xaee7e8,0xbe4d28),
./out/fuzz-network-parser: Running 1 inputs 1 time(s) each.
Running: ./crash
Assertion 's' failed at src/basic/parse-util.c:458, function int safe_atou8(const char *, uint8_t *)(). Aborting.
==5588== ERROR: libFuzzer: deadly signal
    #0 0x51811e in __sanitizer_print_stack_trace (/home/vagrant/systemd/out/fuzz-network-parser+0x51811e)
    #1 0x46b921 in fuzzer::PrintStackTrace() (/home/vagrant/systemd/out/fuzz-network-parser+0x46b921)
    #2 0x44ded6 in fuzzer::Fuzzer::CrashCallback() (.part.0) (/home/vagrant/systemd/out/fuzz-network-parser+0x44ded6)
    #3 0x44df9d in fuzzer::Fuzzer::StaticCrashSignalCallback() (/home/vagrant/systemd/out/fuzz-network-parser+0x44df9d)
    #4 0x7faf3d6d7b1f  (/lib64/libpthread.so.0+0x14b1f)
    #5 0x7faf3d3c2624 in raise (/lib64/libc.so.6+0x3c624)
    #6 0x7faf3d3ab8d8 in abort (/lib64/libc.so.6+0x258d8)
    #7 0x7faf3e12593a in log_assert_failed_realm /home/vagrant/systemd/build/../src/basic/log.c:819:9
    #8 0x7faf3e140ce1 in safe_atou8 /home/vagrant/systemd/build/../src/basic/parse-util.c:458:9
    #9 0x68089c in config_parse_dhcp_send_option /home/vagrant/systemd/build/../src/network/networkd-dhcp-common.c:517:21
    #10 0x7faf3debed4e in next_assignment /home/vagrant/systemd/build/../src/shared/conf-parser.c:132:32
    #11 0x7faf3deb7783 in parse_line /home/vagrant/systemd/build/../src/shared/conf-parser.c:270:16
    #12 0x7faf3deb606c in config_parse /home/vagrant/systemd/build/../src/shared/conf-parser.c:395:21
    #13 0x7faf3deb85ee in config_parse_many_files /home/vagrant/systemd/build/../src/shared/conf-parser.c:452:21
    #14 0x7faf3deb8c57 in config_parse_many /home/vagrant/systemd/build/../src/shared/conf-parser.c:511:16
    #15 0x57c2eb in network_load_one /home/vagrant/systemd/build/../src/network/networkd-network.c:470:13
    #16 0x543490 in LLVMFuzzerTestOneInput /home/vagrant/systemd/build/../src/network/fuzz-network-parser.c:26:16
    #17 0x44e3e8 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/systemd/out/fuzz-network-parser+0x44e3e8)
    #18 0x433505 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vagrant/systemd/out/fuzz-network-parser+0x433505)
    #19 0x43c449 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/systemd/out/fuzz-network-parser+0x43c449)
    #20 0x42c4a6 in main (/home/vagrant/systemd/out/fuzz-network-parser+0x42c4a6)
    #21 0x7faf3d3ad1a2 in __libc_start_main (/lib64/libc.so.6+0x271a2)
    #22 0x42c4fd in _start (/home/vagrant/systemd/out/fuzz-network-parser+0x42c4fd)

NOTE: libFuzzer has rudimentary signal handlers.
      Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal

```
2020-05-22 11:57:22 +02:00
Zbigniew Jędrzejewski-Szmek
fbc6d1716f
Merge pull request #15869 from poettering/cant-auth
homed: fix logging into unfixated home directories
2020-05-22 08:20:54 +02:00
Evgeny Vereshchagin
5dd1469ef1
Merge pull request #15877 from mrc0mmand/meson-fuzz-test
meson: add fuzz-tests= option
2020-05-22 07:06:37 +03:00
Lennart Poettering
c8f145adbb homed: don't insist on authentication against host-copy user record
homed maintains two or three copies of the user's identity record per
home directory: one on the host, one inside the LUKS header, and one
embedded in the home directory.

Previously we'd insist that if a user logs in they have to authenticate
against all three, as a safety feature. This broke logging into
unfixated records however, since in that case the host version is
synthetic and thus does not carry any authentication data.

Let's hence losen the strictness here: accept authentication against
host records that carry no auth data. This should be safe as we know
after all that the second/third record will catch invalid accesses.

Fixes: #15178
2020-05-21 23:39:30 +02:00
Lennart Poettering
1a53adb3ab homed: include error string when in log message if quota doesn't work 2020-05-21 23:39:30 +02:00
Lennart Poettering
2fcbf417b6 bus-util: actually register the object manager 2020-05-21 23:39:30 +02:00
Lennart Poettering
fa3709c5fb homed: also fsync private/public key pair when storing it 2020-05-21 23:39:30 +02:00
Lennart Poettering
e8dd54ab3c homed: fix typo 2020-05-21 23:39:30 +02:00
Lennart Poettering
b847192699 homed: make sure we log about invalid user records we load 2020-05-21 23:39:30 +02:00
Lennart Poettering
20f4a308bf homed: automatically clean up empty user record files
See: #15178
2020-05-21 23:39:30 +02:00
Lennart Poettering
e4005ffe00 homed: when updating local copy of user record, sync to disk
Apparently xfs needs us to sync explicitly, see #15178.
2020-05-21 23:28:49 +02:00
Lennart Poettering
5b3f4a20ea fileio: sync directory after rename, too 2020-05-21 23:28:48 +02:00
Lennart Poettering
cbffdcecae homed: return a better error when a home has no authentication information defined
We can't log into home entries that have no password or PKCS#11 token.
Return a proper, useful error in that case.

See: #15178
2020-05-21 23:28:48 +02:00
Zbigniew Jędrzejewski-Szmek
766507972b
Merge pull request #15433 from mrc0mmand/test-reintroduce-parallelization
test: copy the test image instead of symlinking it
2020-05-21 17:56:33 +02:00
Frantisek Sumsal
c56463fdb4 meson: add fuzz-tests= option
The slow-tests= option already enables fuzzers as well, however, this
option can't be used in the "fully sanitized" runs, as certain slow
tests are affected by the performance quite significantly.

This option allows us to enable only fuzzers without the slow tests to
meet the needs of such runs.
2020-05-21 16:59:40 +02:00
Zbigniew Jędrzejewski-Szmek
e72ecbf506
Merge pull request #15873 from evverx/pointer-overflow-oss-fuzz
oss-fuzz: turn on the pointer-overflow check
2020-05-21 15:55:42 +02:00
codicodi
d0192e93f8 Update resolvectl zsh completion 2020-05-21 14:06:58 +02:00
Jeremy Cline
efdbf5fe9c shared: treat generator units as vendor units
Units created with "systemctl edit --full" from generator units aren't
removed with "systemctl revert" because units in the generator,
generator_early, and generator_late paths aren't considered vendor
units.

Alter path_is_vendor() to return true if the given path is a
generator unit, which in turn causes "systemctl revert" to remove units
created with "systemctl edit --full" as they now have vendor versions.

Fixes #10053
2020-05-21 10:03:40 +02:00
Lidong Zhong
9b3278d907 udev: rename the persistent link for ATA devices
ATA devices should use the ATA ids like port number and (possibly)
master/slave or multiplier id, not the generic SCSI ID.
Currently only port number is included in the link. With this patch
the link would be able to support more cases, which are a) when the
device is behind a port multiplexer b) the distinction between master
and slave (distinguished by target id).

I tried to verify scenario a) with this patch, but I failed to find a
machine with PMP SATA devices attached. But the link below
https://github.com/systemd/systemd/issues/3943
could show what's the difference. Here is my test for scenario b)

Current version:
linux-ql21:~ # ll /sys/class/block/sd[ab]
lrwxrwxrwx 1 root root 0 May  8 20:46 /sys/class/block/sda ->
../../devices/pci0000:00/0000:00:01.1/ata4/host3/target3:0:0/3:0:0:0/block/sda
lrwxrwxrwx 1 root root 0 May  8 20:46 /sys/class/block/sdb ->
../../devices/pci0000:00/0000:00:01.1/ata4/host3/target3:0:1/3:0:1:0/block/sdb
linux-ql21:~ # ll /dev/disk/by-path/pci-0000\:00\:01.1-ata-1
lrwxrwxrwx 1 root root 9 May  8 20:44
/dev/disk/by-path/pci-0000:00:01.1-ata-1 -> ../../sdb
linux-ql21:~ # udevadm info /sys/class/block/sda |grep by-path
S: disk/by-path/pci-0000:00:01.1-ata-1
E: DEVLINKS=/dev/disk/by-id/ata-VBOX_HARDDISK_VB3649e885-3e0cdd64
/dev/disk/by-id/scsi-0ATA_VBOX_HARDDISK_VB3649e885-3e0cdd64
/dev/disk/by-id/scsi-1ATA_VBOX_HARDDISK_VB3649e885-3e0cdd64
/dev/disk/by-path/pci-0000:00:01.1-ata-1
/dev/disk/by-id/scsi-SATA_VBOX_HARDDISK_VB3649e885-3e0cdd64
linux-ql21:~ # udevadm info /sys/class/block/sdb |grep by-path
S: disk/by-path/pci-0000:00:01.1-ata-1
E: DEVLINKS=/dev/disk/by-id/ata-VBOX_HARDDISK_VBc53b2498-d84ae8de
/dev/disk/by-id/scsi-SATA_VBOX_HARDDISK_VBc53b2498-d84ae8de
/dev/disk/by-id/scsi-1ATA_VBOX_HARDDISK_VBc53b2498-d84ae8de
/dev/disk/by-id/scsi-0ATA_VBOX_HARDDISK_VBc53b2498-d84ae8de
/dev/disk/by-path/pci-0000:00:01.1-ata-1

After patch applied:
linux-ql21:~ # ll /sys/class/block/sd[ab]
lrwxrwxrwx 1 root root 0 May  8 21:07 /sys/class/block/sda ->
../../devices/pci0000:00/0000:00:01.1/ata4/host3/target3:0:0/3:0:0:0/block/sda
lrwxrwxrwx 1 root root 0 May  8 21:07 /sys/class/block/sdb ->
../../devices/pci0000:00/0000:00:01.1/ata4/host3/target3:0:1/3:0:1:0/block/sdb
linux-ql21:~ # ll /dev/disk/by-path/pci-0000\:00\:01.1-ata-*
lrwxrwxrwx 1 root root  9 May  8 21:07
/dev/disk/by-path/pci-0000:00:01.1-ata-1.0 -> ../../sda
lrwxrwxrwx 1 root root  9 May  8 21:07
/dev/disk/by-path/pci-0000:00:01.1-ata-1.1 -> ../../sdb
linux-ql21:~ # udevadm info /sys/class/block/sda |grep by-path
S: disk/by-path/pci-0000:00:01.1-ata-1.0
E: DEVLINKS=/dev/disk/by-id/scsi-1ATA_VBOX_HARDDISK_VB3649e885-3e0cdd64
/dev/disk/by-id/scsi-0ATA_VBOX_HARDDISK_VB3649e885-3e0cdd64
/dev/disk/by-id/ata-VBOX_HARDDISK_VB3649e885-3e0cdd64
/dev/disk/by-path/pci-0000:00:01.1-ata-1.0
/dev/disk/by-id/scsi-SATA_VBOX_HARDDISK_VB3649e885-3e0cdd64
linux-ql21:~ # udevadm info /sys/class/block/sdb |grep by-path
S: disk/by-path/pci-0000:00:01.1-ata-1.1
E: DEVLINKS=/dev/disk/by-id/scsi-0ATA_VBOX_HARDDISK_VBc53b2498-d84ae8de
/dev/disk/by-id/ata-VBOX_HARDDISK_VBc53b2498-d84ae8de
/dev/disk/by-id/scsi-1ATA_VBOX_HARDDISK_VBc53b2498-d84ae8de
/dev/disk/by-id/scsi-SATA_VBOX_HARDDISK_VBc53b2498-d84ae8de
/dev/disk/by-path/pci-0000:00:01.1-ata-1.1

Changelog:
v5: add another parameter compat_link in handle_scsi()
v4: comment for ID_PATH_ATA_COMPAT
    get string length with pointer difference
    (suggested by Franck Bui<fbui@suse.com>)
v3: creating compatible link from env
    variables type change
v2: remove udev rules modification for compatible link
    setup a test scenario of master/slave ATA devices
v1: initial patch
2020-05-21 09:58:06 +02:00
Lennart Poettering
1b1b7b44cc rules: automatically pull in smartcard.target from all CCID devices
We apparently never matched the USB interface class. Let's fix that.

Prompted by: #15676
2020-05-21 09:23:06 +02:00
Zbigniew Jędrzejewski-Szmek
7c15a55f8b
Merge pull request #15870 from poettering/proc-cmdline-efi-fix
udev /proc/cmdline handling fixes
2020-05-21 09:07:27 +02:00
Evgeny Vereshchagin
2f0a427b45 docs: add a link to the Fossies codespell report 2020-05-21 09:00:53 +02:00
Evgeny Vereshchagin
1f034000a5 oss-fuzz: turn on the pointer-overflow check
It's off by default on OSS-Fuzz but it should be safe to turn it on
manually: https://github.com/google/oss-fuzz/issues/659#issuecomment-631897889

Just a follow-up to https://github.com/systemd/systemd/pull/15865.
2020-05-21 08:52:18 +02:00
Lennart Poettering
a60416f319 homed: fix return value mix-up
We generally return > 1 if any of the actions we are doing is instantly
complete and == 0 when we started doing it asynchronously (by forking
off homework), in our functions that execute operations on homes.

Fix a mix-up where the test for this was reversed in
home_dispatch_release() and home_dispatch_lock_all().

Fixes: #15684
2020-05-21 08:10:13 +02:00
Anita Zhang
b10ceb4783
Merge pull request #15557 from poettering/journal-zero-fix
journal: deal better with reading from zeroed out journal mmaps
2020-05-20 18:14:51 -07:00
Evgeny Vereshchagin
a88dce2bdd
Merge pull request #15865 from evverx/ubsan-to-the-rescue
build-system: build the fuzz targets with both ASan and UBSan
2020-05-21 03:17:20 +03:00
Anita Zhang
acf70f8dd1
Merge pull request #15854 from poettering/call-method-ret-error
explain async bus method callback ret_error parameter
2020-05-20 15:12:37 -07:00
Anita Zhang
30ed6e2250
Merge pull request #15864 from poettering/pam-sudo-fixes-part3
two more pam_systemd fixes, split out of #15742
2020-05-20 15:01:52 -07:00
Lennart Poettering
0c789b6b81
Merge pull request #15868 from keszybz/fix-failed-to-fix-up-pid1-environment
Fix bad errno checks
2020-05-20 21:07:47 +02:00
Lennart Poettering
09835de3cc proc-cmdline: make checking of EFI options variable optional
And do not use it in the IMPORT{cmdline} udev code. Wherever we expose
direct interfaces to check the kernel cmdline, let's not consult our
systemd-specific EFI variable, but strictly use the actual kernel
variable, because that's what we claim we do. i.e. it's fine to use the
EFI variable for our own settings, but for the generic APIs to the
kernel cmdline we should not use it.

Specifically, this applies to IMPORT{cmdline} and
ConditionKernelCommandLine=. In the latter case we weren#t checking the
EFI variable anyway, hence let's do the same for the udev case, too.

Fixes: #15739
2020-05-20 19:22:09 +02:00
Lennart Poettering
05a7827e87 proc-cmdline: add checking of EFI options variable in proc_cmdline_get_key_many() too 2020-05-20 19:18:45 +02:00
Lennart Poettering
4b5ee5901c proc-cmdline: fix return value clobbering in proc_cmdline_get_key()
Let's make sure proc_cmdline_get_key() follows our coding style: never
clobber return values on failure, and always initialize on success.
2020-05-20 19:17:44 +02:00
Zbigniew Jędrzejewski-Szmek
6b8664cb5b tree-wide: fix bad errno checks 2020-05-20 18:10:58 +02:00
Zbigniew Jędrzejewski-Szmek
a0fa268337 basic/efivars: fix errno propagation
Fixup for 484f4e5b2d. Should fix #15730.
2020-05-20 18:08:05 +02:00
Zbigniew Jędrzejewski-Szmek
929d07ddcb
Merge pull request #15274 from ssahani/network-issue-9610
DHCP4: Allow lease time to be set when missing from offer
2020-05-20 16:39:41 +02:00
Lennart Poettering
400530c1e2
Merge pull request #15490 from ssahani/dhcpv6-vendor-class
network: DHCPv6 - Add support to send vendor class information
2020-05-20 16:18:18 +02:00
Evgeny Vereshchagin
157dcb8de3 fuzzit: turn on the pointer-overflow check
Now that https://github.com/systemd/systemd/issues/15583 is gone, it
should be safe to turn it on.
2020-05-20 16:07:26 +02:00
Evgeny Vereshchagin
8976715804 build-system: build the fuzz targets with both ASan and UBSan
Just a follow-up to https://github.com/systemd/systemd/pull/15860
2020-05-20 16:07:13 +02:00
Lennart Poettering
2efa512a1a man: let's document explicitly that method reply handlers won't get ret_error set to method error
Fixes: #8108
2020-05-20 15:56:48 +02:00
Lennart Poettering
af955f917f man: include sd_bus_message_handler_t prototype in synopsys of all man pages that reference the type
The type is not trivial, and kinda important to understand things, hence
import it everywhere where appropriate.
2020-05-20 15:56:09 +02:00
Zbigniew Jędrzejewski-Szmek
a94d11cc66
Merge pull request #15860 from keszybz/bus-message-empty-fields
Fix crash on message with empty fields structure
2020-05-20 15:53:28 +02:00
Zbigniew Jędrzejewski-Szmek
bb94ded693
Merge pull request #15661 from hundeboll/mount-read-write-only
Mount read write only
2020-05-20 15:48:04 +02:00
Susant Sahani
579ca0a2b2 sd-network: DHCPv4 - Add user class, extra option and send generic options in request state 2020-05-20 15:43:20 +02:00
Zbigniew Jędrzejewski-Szmek
3d45f6b2d0
Merge pull request #15535 from fbuihuu/update-runtime-watchdog-on-reload
pid1: update RuntimeWatchogSec setting on daemon-reload as well
2020-05-20 15:40:34 +02:00
ExtinctFire
929fed02df load-fragment: fix a typo
Correct the typo of “priority” in log message
2020-05-20 15:22:37 +02:00
Martin Hundebøll
ad76560525 man: document x-systemd.rw-only fstab option 2020-05-20 14:26:04 +02:00
Martin Hundebøll
f42aa41683 fstab-generator: add x-systemd.rw-only option support
Support enabling the ReadwriteOnly= unit setting from fstab using
'x-systemd.rw-only'
2020-05-20 14:26:04 +02:00
Martin Hundebøll
75f4bd7fd0 man: document ReadWriteOnly property for mount units 2020-05-20 14:26:04 +02:00
Zbigniew Jędrzejewski-Szmek
a2dd991d0f bus-message: immediately reject messages with invalid type
For whatever reason, we were very permissive with accepting messages
of unknown type. Let's just reject any unknown types as early as
possible.
2020-05-20 09:34:09 +02:00