1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-02 19:21:53 +03:00
Commit Graph

25146 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
79d6297252 Use (void) to silenc coverity on proc title changes
This is a cosmetic best-effort thing anyway.
2016-02-19 07:35:35 -05:00
Zbigniew Jędrzejewski-Szmek
18665d1f67 resolved: fix NULL dereference in debug stmt
CID #1351544, #1351545.
2016-02-19 07:27:43 -05:00
Daniel Mack
a972e1e0b3 Merge pull request #2661 from nwmcsween/nwmcsween
Include and internal struct member fixes.
2016-02-19 12:29:23 +01:00
Daniel Mack
dfec18925e Merge pull request #2660 from keszybz/memleaks-and-ubsan
Memleaks and ubsan
2016-02-19 12:23:43 +01:00
Daniel Mack
22b73e9cd7 Merge pull request #2662 from keszybz/activate-setenv
activate: fix -E option parsing
2016-02-19 12:19:18 +01:00
Martin Pitt
e4d86881d5 Merge pull request #2648 from keszybz/dnssec-work
Better support for DANE, shell completion
2016-02-19 07:50:50 +01:00
Zbigniew Jędrzejewski-Szmek
b722348d05 activate: fix -E option parsing
Fixes #2658.
2016-02-18 21:54:31 -05:00
Zbigniew Jędrzejewski-Szmek
240a7ba9d8 time-util: rewrite check in a way that does not confuse gcc
gcc thinks that multiplier might be unitialized. Split out the inner
loop to make the function easier to grok.
2016-02-18 19:39:10 -05:00
Zbigniew Jędrzejewski-Szmek
d09139e187 test-hashmap: fix undefined behaviour on string constants
The test was failing at -O2+ with gcc 5.3 and 6.0.
"val1" == "val1" and "val1" != "val1" are both valid.
http://stackoverflow.com/questions/4843640/why-is-a-a-in-c
2016-02-18 19:39:10 -05:00
Zbigniew Jędrzejewski-Szmek
06466a7f03 journal/catalog: fix memory leaks
Various buffers were lost because finish_item() either consumed
the buffer or allocated a new one (if an entry with the same key existed).
The caller would simply forget the buffer in either case.

Also add a check for the case when a valid identifier is followed by
an empty body. We should not allow this.

Also be more consistent in error handling and always print an error
message.
2016-02-18 19:39:09 -05:00
Zbigniew Jędrzejewski-Szmek
82501b3fc4 basic/strbuf: do not call bsearch with a null argument
Das ist verboten!

src/basic/strbuf.c:162:23: runtime error: null pointer passed as argument 2,
                           which is declared to never be null
2016-02-18 19:39:09 -05:00
Nathan McSween
3a43755733 Don't use internal struct member names 2016-02-18 23:35:22 +00:00
Nathan McSween
e306723ec4 Remove/add (un)needed includes 2016-02-18 23:34:30 +00:00
Zbigniew Jędrzejewski-Szmek
48ddca5f35 Merge pull request #2644 from 0xAX/check-alloc-overflow-macro
alloc-util: extract overflow check into inline function
2016-02-18 15:32:22 -05:00
Alexander Kuleshov
dbacacaaea alloc-util: cleanups
This patch contains a set of little cleanups for alloc-util.h:

1. The malloc_multiply(), realloc_multiply() and memdup_multiply()
functions check allocation related parameters on overflow. Let's
move them to the separate size_multiply_overflow() function for
simplicity, code duplication prevention and possible reuse in future.

2. use SIZE_MAX from stdlib instead of ((size_t) - 1) to be more
clear.

3. The 'a'/'b' variables are renamed to 'size' and 'need' to be
more clear.'
2016-02-19 01:36:46 +06:00
Martin Pitt
2150e62287 Merge pull request #2621 from keszybz/wheel-group
build-sys: allow wheel group name to be specified
2016-02-18 19:20:14 +01:00
Zbigniew Jędrzejewski-Szmek
e81eb2874e systemd-resolve: initial shell completion
v2:
- use /sys/class/net to list interfaces,
  also copy the same code to systemd-nspawn
v3:
- do not propose "any" twice for --type
2016-02-18 11:50:53 -05:00
Zbigniew Jędrzejewski-Szmek
e1caa6e09b resolve: also allow SSHFP payload to be exported 2016-02-18 11:41:40 -05:00
Zbigniew Jędrzejewski-Szmek
236d312b8d resolve: print TLSA packets in hexadecimal
https://tools.ietf.org/html/rfc6698#section-2.2 says:
> The certificate association data field MUST be represented as a string
> of hexadecimal characters. Whitespace is allowed within the string of
> hexadecimal characters
2016-02-18 11:41:40 -05:00
Zbigniew Jędrzejewski-Szmek
82d1d24093 systemd-resolve: easy querying of TLSA records
$ systemd-resolve --tlsa fedoraproject.org
_443._tcp.fedoraproject.org IN TLSA 0 0 1 GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=
        -- Cert. usage: CA constraint
        -- Selector: Full Certificate
        -- Matching type: SHA-256

$ systemd-resolve --tlsa=tcp fedoraproject.org:443
_443._tcp.fedoraproject.org IN TLSA 0 0 1 GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=
        ...

$ systemd-resolve --tlsa=udp fedoraproject.org
_443._udp.fedoraproject.org: resolve call failed: '_443._udp.fedoraproject.org' not found

v2:
- use uint16_t
- refuse port 0
2016-02-18 11:41:40 -05:00
Zbigniew Jędrzejewski-Szmek
57156d9507 Merge pull request #2646 from evverx/fix-2637
Fix #2637 (doubled specifier expansion in ExecStart=)
2016-02-18 10:24:16 -05:00
Martin Pitt
04af5d645e Merge pull request #2653 from keszybz/test-dns-domain
build-sys: remove duplicated entry in tests
2016-02-18 16:11:03 +01:00
Zbigniew Jędrzejewski-Szmek
43a90c32c2 build-sys: remove duplicated entry in tests
test-dns-domain should be built and run even without ENABLE_RESOLVED.
2016-02-18 08:30:18 -05:00
Evgeny Vereshchagin
bd1b973fb3 core: revert "core: resolve specifier in config_parse_exec()"
This reverts commit cb48dfca6a.

Exec*-settings resolve specifiers twice:
%%U -> config_parse_exec [cb48dfca6a] -> %U -> service_spawn -> 0

Fixes #2637
2016-02-18 11:55:53 +00:00
Martin Pitt
8ac0402c06 Merge pull request #2652 from filbranden/testsresolved1
Do not build tests that depend on resolved when it has been disabled
2016-02-18 10:33:39 +01:00
Filipe Brandenburger
e49a8dcc29 build-sys: Do not build tests that depend on resolved when it has been disabled
If ./configure --disable-resolved has been used, do not try to build
test-dns-packet and test-resolve-tables which depend on it.

Previously, the SOURCES, LIBS and LDADDs for these tests were made conditional
while the main rules for them weren't, causing build failures trying to build a
binary with no sources.

This was uncovered when trying to build udeb for systemd in CI, which uses
--disable-resolved for a minimal build, which uncovered the issue.

Fixes #2651.
2016-02-18 00:39:38 -08:00
Zbigniew Jędrzejewski-Szmek
2a998ffa1e build-sys: allow references to wheel group to be omitted
https://github.com/systemd/systemd/issues/2492
2016-02-17 23:47:23 -05:00
Evgeny Vereshchagin
252549990f tests: add test for https://github.com/systemd/systemd/issues/2637
+ perl -e 'exit(!(qq{0} eq qq{\x25U}))'
exec-spec-interpolation.service: Main process exited, code=exited, status=1/FAILURE
exec-spec-interpolation.service: Unit entered failed state.
exec-spec-interpolation.service: Failed with result 'exit-code'.
        PID: 11270
        Start Timestamp: Wed 2016-02-17 22:21:31 UTC
        Exit Timestamp: Wed 2016-02-17 22:21:31 UTC
        Exit Code: exited
        Exit Status: 1
Assertion 'service->main_exec_status.status == status_expected' failed at src/test/test-execute.c:65, function check(). Aborting.
2016-02-17 22:40:26 +00:00
Lennart Poettering
5031c4e21b Merge pull request #2640 from keszybz/dnssec-work-3
resolve: dumping of binary packets
2016-02-17 12:45:31 +01:00
Zbigniew Jędrzejewski-Szmek
5259c0559c test-resolve-tables: verify that dns type/class length is within limits
DNS_TYPE_STRING_MAX causes a problem with the table autogeneration code,
change to _DNS_TYPE_STRING_MAX.
2016-02-16 19:55:51 -05:00
Zbigniew Jędrzejewski-Szmek
202b76ae1a Use provided buffer in dns_resource_key_to_string
When the buffer is allocated on the stack we do not have to check for
failure everywhere. This is especially useful in debug statements, because
we can put dns_resource_key_to_string() call in the debug statement, and
we do not need a seperate if (log_level >= LOG_DEBUG) for the conversion.

dns_resource_key_to_string() is changed not to provide any whitespace
padding. Most callers were stripping the whitespace with strstrip(),
and it did not look to well anyway. systemd-resolve output is not column
aligned anymore.

The result of the conversion is not stored in DnsTransaction object
anymore. It is used only for debugging, so it seems fine to generate it
when needed.

Various debug statements are extended to provide more information.
2016-02-16 19:55:51 -05:00
Zbigniew Jędrzejewski-Szmek
1c02e7ba55 Replace DNS_RESOURCE_KEY_NAME with a version which always returns "." for root
This fixes formatting of root domain in debug messages:
Old:
systemd-resolved[10049]: Requesting DS to validate transaction 19313 (., DNSKEY with key tag: 19036).
New:
systemd-resolved[10049]: Requesting DS to validate transaction 19313 (, DNSKEY with key tag: 19036).
2016-02-16 19:55:51 -05:00
Zbigniew Jędrzejewski-Szmek
c690b20a85 systemd-resolved: split out inner loop
With two nested loops and a switch statements, it's quite hard to
understand what break and continue mean.
2016-02-16 19:55:51 -05:00
Zbigniew Jędrzejewski-Szmek
dab48ea63a systemd-resolve: allow whole packets to be dumped in binary form 2016-02-16 19:55:50 -05:00
Zbigniew Jędrzejewski-Szmek
2e74028a5c systemd-resolve: allow keys to be dumped in binary form
$ systemd-resolve --raw --openpgp zbyszek@fedoraproject.org | pgpdump /dev/stdin
2016-02-16 19:24:07 -05:00
Zbigniew Jędrzejewski-Szmek
1ace2438c6 systemd-resolve: reword --help output
The output didn't specify if the default for --cname/--search/--legend and
other options was yes or no. Change the description to be explicit about that.

Also make the --help output and man page closer.
2016-02-16 19:10:25 -05:00
Zbigniew Jędrzejewski-Szmek
edb4843fbd man: show output in example systemd-resolve commands
I think example output allows the reader of the man page to
see what functionlity is provided without running the commands
themselves. Specific values in the examples are bound to get out
of date but this is not a problem.
2016-02-16 19:10:25 -05:00
Zbigniew Jędrzejewski-Szmek
2c45295e47 Merge pull request #2623 from poettering/networkd-fixes
Networkd, resolved, build-sys fixes
2016-02-16 18:36:42 -05:00
Lennart Poettering
12343facf3 Merge pull request #2626 from poettering/fionread-fix
networkd: FIONREAD is not reliable on some sockets
2016-02-16 23:53:44 +01:00
Lennart Poettering
bd8b65996c Merge pull request #2636 from 0xAX/not-edit-errno-manually
main: no need to set errno manually
2016-02-16 20:22:07 +01:00
Lennart Poettering
c77d26122a resolved: make sure to normalize all domain names returned via the bus
Most domain names we deal with are normalized anyway (since we read them that
way from DNS packets), but some might not (because they are synthesized from
unnormalized configuration or so), hence make sure to normalize all names
before passing them out to clients, to be fully deterministic.

Note that internally we are process normalized and non-normalized names the
same way, and while comparing them ignore the differences due to unnormalized
names. However, that internal implementation detail really shouldn't spill out
the clients, hence make sure to clean it all up.
2016-02-16 15:30:04 +01:00
Lennart Poettering
6d2353394f udev: fix cg_unified() return code checking
Fixes fall-out from 8b3aa503c1.

Fixes: #2635
2016-02-16 15:30:04 +01:00
Lennart Poettering
3f51aec864 core: fix assertion check
Fixes: #2632
2016-02-16 15:30:04 +01:00
Lennart Poettering
41815a4aa6 resolve: print a noisy warning if we show crypto keys that could not be authenticated
Doing DNS retrieval on non-authenticated crypt keys is useless, hence warn
loudly about it.
2016-02-16 15:30:03 +01:00
Lennart Poettering
9dc907f9c9 networkd: rework idle detection logic of networkd
This patch makes networkd stay around as long as there is more than just a
loopback interface around, or the loopback device isn't fully probed yet, or
the loopback device has a .network file attached.

In essence, this means networkd stays around now continously as it should,
unless it is running in some (container?) environment that really has no
interface except a loopback device.

Fixes #2577.
2016-02-16 15:22:06 +01:00
Lennart Poettering
de08570050 build-sys: fix type detection
Before this patch existence of char16_t, char32_t, key_serial_t was checked
with AC_CHECK_DECLS() which doesn't actually work for types. Correct this to
use AC_CHECK_TYPES() instead.

Also, while we are at it, change the check for memfd_create() to use
AC_CHECK_DECLS() instead of AC_CHECK_FUNCS(). This is a better choice, since a
couple of syscalls are defined by glibc but not exported in the header files
(pivot_root() for example), and we hence should probably be more picky with
memfd_create() too, which glibc might decide to expose one day, but not
necessarily in the headers too.
2016-02-16 15:22:06 +01:00
Lennart Poettering
61ecb465b1 resolved: turn on DNSSEC by default, unless configured otherwise
Let's make sure DNSSEC gets more testing, by defaulting DNSSEC to
"allow-downgrade" mode. Since distros should probably not ship DNSSEC enabled
by default add a configure switch to disable this again.

DNSSEC in "allow-downgrade" mode should mostly work without affecting user
experience. There's one exception: some captive portal systems rewrite DNS in
order to redirect HTTP traffic to the captive portal. If these systems
implement DNS servers that are otherwise DNSSEC-capable (which in fact is
pretty unlikely, but still...), then this will result in the captive portal
being inaccessible. To fix this support in NetworkManager (or any other network
management solution that does captive portal detection) is required, which
simply turns off DNSSEC during the captive portal detection, and resets it back
to the default (i.e. on) after captive portal authentication is complete.
2016-02-16 15:22:05 +01:00
Alexander Kuleshov
b9f65a60c2 main: no need to set errno manually
If we are not PID 1 and started as init, we executing systemctl
with execv(). Here no need to set errno manually, because in a
failure case, because the execv() anyway will set errno depends
on a error.
2016-02-16 18:56:15 +06:00
Lennart Poettering
d477bc35b0 Merge pull request #2630 from keszybz/systemctl-m-h
systemctl: fix style to avoid modification of array passed by caller
2016-02-16 13:21:14 +01:00
Lennart Poettering
4edc2c9b6b networkd: FIONREAD is not reliable on some sockets
Fixes: #2457
2016-02-16 13:06:55 +01:00