1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-31 16:21:26 +03:00
Commit Graph

49627 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
75db809ae5 tree-wide: return NULL from freeing functions
I started working on this because I wanted to change how
DEFINE_TRIVIAL_CLEANUP_FUNC is defined. Even independently of that change, it's
nice to make make things more consistent and predictable.
2021-02-16 17:15:10 +01:00
Lennart Poettering
1d123e772d resolved: reduce indentation level a bit 2021-02-16 16:46:01 +01:00
Lennart Poettering
13eb76ef06 resolved: let's preferably route reverse lookups for local subnets to matching interfaces
Let's preferably route traffic for reverse lookups to LLMNR/mDNS/DNS on
the matching interface if the IP address is in the local subnet. Also,
if looking up an IP address of our own host, let's avoid doing
LLMNR/mDNS at all.

This is useful if "~." is a routing domain to DNS, as it means, local
reverse lookups still go to LLMNR/mDNS, too.

Fixes: #16243 #10081
2021-02-16 16:13:42 +01:00
Zbigniew Jędrzejewski-Szmek
13734c75b5 Refactor strv_env_replace() into strv_env_replace_consume()
All callers of strv_env_replace() would free the argument on error.
So let's follow the same pattern as with strv_consume (and similar
naming) and unconditionally "use up" the argument.
2021-02-16 16:10:14 +01:00
Zbigniew Jędrzejewski-Szmek
b230baaeb7 shared/exec-util: fix minor memleak
p was not freed on error.
2021-02-16 16:10:14 +01:00
Zbigniew Jędrzejewski-Szmek
73c8cc7164 test-env-util: add tests for the two new functions 2021-02-16 16:10:14 +01:00
Zbigniew Jędrzejewski-Szmek
99bfce1080 basic/env-util: drop now-unused strv_env_set() 2021-02-16 16:10:14 +01:00
Zbigniew Jędrzejewski-Szmek
f08231fe07 basic/env-util: add strv_env_assign() helper 2021-02-16 16:10:14 +01:00
Zbigniew Jędrzejewski-Szmek
6f8f8688e1 shared/user-record: inline iterator variable declarations 2021-02-16 16:10:14 +01:00
Zbigniew Jędrzejewski-Szmek
ab4ab13c74 locale: inline iterator variable declarations 2021-02-16 16:10:14 +01:00
Luca Boccassi
809ceb8217 namespace: store and use original MountEntry paths when prefixing
Some paths (eg: mount_tmpfs) simply assumed that prefixing always
happens and it always stores the original path in path_const, and
the prefixed path in path_malloc.
But if a MountEntry is set up in a helper function and thus uses
only _malloc struct members, this assumption doesn't hold and there's
a crash.

Refactor so that prefixing is done with a helper which stores the
original path in a separate struct member, and accessing it also
uses a helper which does the right thing.
2021-02-16 14:33:23 +00:00
Luca Boccassi
b850a9b29f MountImages: actually support optional paths
ENOENT did not cause an image mount to be skipped, fix it
2021-02-16 14:33:23 +00:00
Zbigniew Jędrzejewski-Szmek
5d160a2304 networkd: make network_config_section_free() inline 2021-02-16 14:27:59 +01:00
Zbigniew Jędrzejewski-Szmek
1f38830153 resolved: make dns_transaction_gc return a pointer
_gc() does cleanup if it is possible. So far it returned a bool to
signal if it succeeded (false on success). When working on the resolved
code I had to look at the definition every time, because the (arguably
reversed) calling convention is unobvious. So let's return a pointer
(non-NULL: gc has not been done, NULL: gc has been done).

This fits nicely with the standard to return a pointer from all free
functions obviously.
2021-02-16 14:27:59 +01:00
Zbigniew Jędrzejewski-Szmek
d3b56a0cad networkd-ndisc: drop confused freepp function
The function to cleanup IPv6Token was defined using freep, i.e. the macro
generated a freepp function. The correct way would be to do something like
  #define ipv6_token_free mfree
  DEFINE_TRIVIAL_CLEANUP_FUNC(IPv6Token *, ipv6_token_free);
which would create ipv6_token_freep().
But since the cleanup function is unused, let's just drop it.
2021-02-16 14:27:59 +01:00
Zbigniew Jędrzejewski-Szmek
450918d111 coredump: add typedef for struct 2021-02-16 14:27:59 +01:00
Zbigniew Jędrzejewski-Szmek
a779cf30d2 basic/capability-util: add missing initialization
There was no error, because the pointer is unconditionally set below.
2021-02-16 14:27:59 +01:00
Zbigniew Jędrzejewski-Szmek
6aa601c56c analyze: use typedefs for structs and inline iterator variable decls 2021-02-16 14:27:59 +01:00
Lennart Poettering
1e69eaddf8 resolved: log process info of clients requesting resolution via D-Bus
Let's make things more debuggable: when debug logging is on, let's
say which client is asking for our services.

This is helpful for easily figuring out which local process might
interfere with your debugging sessions by issuing additional requests
while you try to debug a request (I am looking at you, geoclue!).
2021-02-16 13:42:49 +01:00
Lennart Poettering
ff05157f82
Merge pull request #18617 from poettering/resolved-confidential
resolved: tell clients which source a response is from, and whether it was never sent via unencrypted transports
2021-02-16 13:40:46 +01:00
Lennart Poettering
5c1790d1ce resolved: propagate source where an RR from back to client
This is extremely useful when debugging stuff: knowing whether a result
was cached, came from network, or was synthesized.
2021-02-16 10:03:43 +01:00
Lennart Poettering
43fc4baa26 resolved: add "confidential" flag for replies passed to clients
Let's introduce a new flag that indicates whether the response was
acquired in "confidential" mode, i.e. via encrypted DNS-over-TLS, or
synthesized locally.

Fixes: #12859
2021-02-16 10:03:43 +01:00
Lennart Poettering
6f055e43b8 resolved: replace "answer_authenticated" bool by uint64_t query_flags field
Let's use the same flags type we use for client communication, i.e.
instead of "bool answer_authenticated", let's use "uint64_t
answer_query_flags", with the SD_RESOLVED_AUTHENTICATED flag.

This is mostly just search/replace, i.e. a refactoring, no change in
behaviour.

This becomes useful once in a later commit SD_RESOLVED_CONFIDENTIAL is
added to indicate resolution that either were encrypted (DNS-over-TLS)
or never left the local system.
2021-02-16 10:03:43 +01:00
Lennart Poettering
0e703bb48d
Merge pull request #18611 from poettering/ifname-validate-tighter
make ifname validation tighter
2021-02-16 09:52:32 +01:00
Lennart Poettering
e03d156f78
Merge pull request #18603 from poettering/socket-graveyard
resolved: keep udp sockets until we receive a reply or timeout
2021-02-16 09:51:41 +01:00
Lennart Poettering
018b642a98 resolvectl: clarify IDNA and search path logic in combination with "resolvectl query --type="
When low-level RR resolution is requested from "resolvectl query" via
"--type=" or "--class=" no search domain logic is applied and no IDNA
translation.

Explain this in detail in the documentation, and also mentions this when
users attempt to resolve single-label names or names with international
characters in the output.

I believe the current behaviour is correct, but it is indeed surprising.
Hence the documentation and output improvement.

Fixes: #11325 #10737
2021-02-16 09:51:17 +01:00
Zbigniew Jędrzejewski-Szmek
a16d732a51 fuzz-systemctl-parse-argv: avoid "leak" of bus object
Memory sanitizer would report leaked memory from --boot-load-entry=help.

Maybe we should disable all bus connections from the fuzzer? It seems not
appropriate to communicate with logind. OTOH, in a real fuzzing environment
this call should just fail, so maybe that's OK.
2021-02-16 08:57:12 +01:00
Zbigniew Jędrzejewski-Szmek
e557c82dd5
Merge pull request #18571 from bluca/portable_dbus_doc
portable: use helpers for DBUS registration and document DBUS interface
2021-02-16 08:30:27 +01:00
Zbigniew Jędrzejewski-Szmek
8f50eb04ac
Merge pull request #18481 from keszybz/rpm-restart-post-trans
Restart units after the rpm transaction
2021-02-16 08:25:49 +01:00
Lennart Poettering
71311efe23 journalctl: rotation is not a reason to warn, but certainly noteworthy
Downgrade the phrasing, since it is a bit misleading.

Fixes: #18465
2021-02-15 14:41:57 -08:00
Lennart Poettering
83ce3b1944
Merge pull request #18579 from keszybz/fix-fragment-id-crash
Fix fragment id crash
2021-02-15 23:35:25 +01:00
Lennart Poettering
d68dbb37d7 resolved: close UDP socket when we received a network error on it 2021-02-15 23:14:32 +01:00
Lennart Poettering
80710ade03 resolved: instead of closing DNS UDP transaction fds right-away, add them to a socket "graveyard"
The "socket graveyard" shall contain sockets we have sent a question out
of, but not received a reply. If we'd close thus sockets immediately
when we are not interested anymore, we'd trigger ICMP port unreachable
messages once we after all *do* get a reply. Let's avoid that, by
leaving the fds open for a bit longer, until a timeout is reached or a
reply datagram received.

Fixes: #17421
2021-02-15 23:14:32 +01:00
Lennart Poettering
0886999416
Merge pull request #18605 from poettering/suppress-repeated-stub
resolved: filter repeated stub queries
2021-02-15 23:06:37 +01:00
Lennart Poettering
ee29bd5dc5 socket-util: tighten parsing of ifnames
Numeric ifnames should be acceptable only if that's enabled by flag, and
refused otherwise. Hence, let's parse as ifindex first, and if that
works decide. Finally, let's refuse any numeric ifnames that are not
valid ifindexs, but look like them.
2021-02-15 22:51:16 +01:00
Lennart Poettering
e774e6fb04 socket-util: fix indentation 2021-02-15 22:50:43 +01:00
Luca Boccassi
23e5c8d296 portabled: add DBUS documentation 2021-02-15 21:34:00 +00:00
Luca Boccassi
598f938e3b portabled: use SD_BUS_METHOD_WITH_ARGS 2021-02-15 21:30:01 +00:00
Luca Boccassi
3b91bae3ce portabled: use service_parse_argv/bus_add_implementation
Remove some boilerplate and allow introspection
2021-02-15 21:20:14 +00:00
Lennart Poettering
5e8bc852d5 resolved: don't redundantly switch DNS servers because of transaction failures
When a transaction fails and we decide to switch DNS servers, don#t do
so unconditionally. Check if the current DNS server is still the same as
when the transaction was initiated. And if not, do not do anything.

That should reduce the number of redundant DNS server switches if many
parallel transactions fail simultaneously (which is pretty likely if
DNSSEC is on).

Fixes: #17040
2021-02-15 21:59:05 +01:00
Lennart Poettering
c78735eb79 resolved: reuse check for link-local IP address lookups
Let's reuse accept_link_local_reverse_lookups() at one more place, where
we check for the list of link local reverase address domains. Since we
don't actually accept the domains here (but rather the opposite, not
accept), let's rename the function a bit more generically with accept_ →
match_.

While we are at it invert the if branches, to make things more easily
understandable: filter out the unwatnted stuff and have the "all good"
state as main codepath.
2021-02-15 21:54:53 +01:00
Zbigniew Jędrzejewski-Szmek
bb3443d4f6
Merge pull request #18604 from poettering/resolved-minor-tweaks
two minor resolved tweaks
2021-02-15 21:18:34 +01:00
Zbigniew Jędrzejewski-Szmek
fa97d2fcf6 rpm: restart services in %posttrans
This fixes a long-standing issue in packaging scriptlets: daemon-reload
was moved to the end of the transaction, but restarting services was still
straightaway after package installation.

https://bugzilla.redhat.com/show_bug.cgi?id=1614751

Note that daemon-reload is called twice. This wouldn't be hardly noticable,
except that now a bunch of units (at least in Fedora) generate very verbose
warnings about deprecated features. So we get those warnings twice…

reload-or-restart --needing-restart is also called twice, but the second call
is usually a noop, because the first clears the flag for restarted units. The
second call is necessary for the case where we only uninstall packages, and the
%transfiletriggerpostun trigger fires, but not the %transfiletriggerin
scriptlet.

Also note that this assumes that units are marked only for restart if paths
under @systemunitdir@ or /etc/systemd/system have been touched. I would prefer
make the trigger that does 'restart --needing-restart' fire always, but it
seems rpm doesn't have such functionality. (Except as a %transfiletrigger that
would trigger on "/*" to catch all transactions, but that seems ineffiecient
and ugly.)
2021-02-15 20:49:14 +01:00
Zbigniew Jędrzejewski-Szmek
cd621954ed rpm: order sysctl/sysusers/tmpfiles execution before package scriptlets
P>1000000 is *before* "normal" scriptlets, P<1000000 is *after*. I think it
makes sense to do stuff like execution of sysctl/sysusers/tmpfiles configuration
before package scriptlets. I think that was the intent, but a single digit got
dropped ;(

Also, let's reorder the scriptlets in the file to match execution order, to
make it easier to see what is going on.

Most of those may happen in any order, but there are some exceptions:
tmpfiles should be after sysusers,
udevadm --reload should be after hwdb.
2021-02-15 20:49:14 +01:00
Zbigniew Jędrzejewski-Szmek
b492db99d6 rpm: simplify daemon-reload trigger
The trigger was initially written to use %transfiletriggerun instead
of %transfiletriggerpostun because the latter would not fire. It turned
out to a buffer overread in rpm that since has been long fixed:
https://bugzilla.redhat.com/show_bug.cgi?id=1284645
f6521c50f6
2021-02-15 20:49:14 +01:00
Zbigniew Jędrzejewski-Szmek
addf2c0ecd rpm: sync the shell version of triggers.systemd with the lua version
Note that this goes both ways: in particular the lua version had udev
scriptlets in the wrong package, fixed in
3c9433d7cf.

Add missing "|| :" so the scriptlets never fail.
2021-02-15 20:49:14 +01:00
Zbigniew Jędrzejewski-Szmek
8e5658010d rpm: pull in the alternative trigger implementation in sh
From https://src.fedoraproject.org/rpms/systemd/blob/master/f/triggers.systemd.

In 12dde791d5 scriptlets were converted to lua.
This is not only faster and cleaner, but also avoids a nasty dependency loop:
rpm implements the lua scripting internally, so we don't need a working shell
for the scriplets. This is nice and all, but unfortunately ostree wants to
capture scriptlets and execute them at a later time and does not support lua.
So in Fedora we ended up with a revert back to a shell-based implementation
[1]. At the time I hoped this would only be a temporary workaround, but three
years later I think it's fair to assume that this will not happen any time
soon. But carrying the upstream lua version and the downstream sh version is
error prone. So let's import the other version into our tree too so that they
can be kept in sync.

[1] 8e6b39457b
2021-02-15 20:49:14 +01:00
Zbigniew Jędrzejewski-Szmek
2a9b4bbe3e Move rpm stuff into a separate src/rpm/ directory
It is only of interest to rpm-based distros, we can move it out of src/core/
which is pretty busy.
2021-02-15 20:49:14 +01:00
Zbigniew Jędrzejewski-Szmek
c9615f7352 systemctl: add "reload-or-restart --marked"
This is almost equivalent to 'busctl call-method org.freedesktop.systemd1
/org/freedesktop/systemd1 org.freedesktop.systemd1.Manager EnqueueMarkedJobs',
but waits for the jobs to finish.
2021-02-15 20:49:14 +01:00
Zbigniew Jędrzejewski-Szmek
deaf4b863b systemctl: reduce scope of iterator variables 2021-02-15 20:49:14 +01:00