1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-31 16:21:26 +03:00
Commit Graph

49490 Commits

Author SHA1 Message Date
Benjamin Robin
7a563bb2bd basic: use -EINVAL for _DUID_TYPE_INVALID
Follow-up of #11484 and of #18481
2021-02-16 23:39:58 +01:00
Benjamin Robin
bbb697fe02 shared: Fix _DNS_CACHE_MODE_INVALID value: use -EINVAL
Follow-up of #11484
2021-02-16 23:38:16 +01:00
Benjamin Robin
c1b48a7f5b shared: use -EINVAL for _UNIT_FILE_CHANGE_TYPE_INVALID
Follow-up of #11484
2021-02-16 23:35:25 +01:00
Benjamin Robin
9de42a6a5f shared: use -EINVAL for _EXEC_COMMAND_FLAGS_INVALID
Follow-up of #11484
2021-02-16 23:34:58 +01:00
Benjamin Robin
925484aacb basic: use -EINVAL for _MANAGED_OOM_PREFERENCE_INVALID
Follow-up of #11484
2021-02-16 23:33:01 +01:00
Lennart Poettering
a9a43d8aa2
Merge pull request #18636 from poettering/resolved-different-server
resolved: tweaks for switching to different DNS servers
2021-02-16 20:27:09 +01:00
Lennart Poettering
23220d8a00
Merge pull request #18620 from bluca/mount_images_fixes
MountImages and core tmpfs fixes
2021-02-16 20:26:06 +01:00
Lennart Poettering
0addd9ba9c
Merge pull request #18616 from keszybz/argv-fuzzer-quick-fix
fuzz-systemctl-parse-argv: avoid "leak" of bus object
2021-02-16 20:25:37 +01:00
Joshua Watt
7820a56ccb logind: Restore chvt as non-root user without polkit
4acf0cfd2f ("logind: check PolicyKit before allowing VT switch") broke
the ability to write user sessions that run graphical sessions (e.g.
weston/X11). This was partially amended in 19bb87fbfa ("login: allow
non-console sessions to change vt") by changing the default PolicyKit
policy so that non-root users with a session are again allowed to switch
the VT. This makes the policy when PolKit is not enabled (as on many
embedded systems) closer the default PolKit policy and allows launching
graphical sessions as a non-root user.

Closes #17473

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
2021-02-16 20:24:53 +01:00
Luca Boccassi
b8f762f2fe stat-util: fix dir_is_empty_at without path
Use the right FD, and do a fd_reopen instead of a dup, since the
latter will still share the internal pointer which then gets
moved by FOREACH_DIRENT, affecting the caller's FD.
2021-02-16 20:24:27 +01:00
Lennart Poettering
42b23010b9
Merge pull request #18624 from poettering/resolved-feature-level-tweak
resolved: three tweaks to server feature level tracking
2021-02-16 20:24:05 +01:00
Yu Watanabe
955b11ffd3
Merge pull request #18629 from yuwata/sd-netlink-nexthop-types
sd-netlink: add nexthop related types
2021-02-17 04:06:15 +09:00
Lennart Poettering
9147b591a1 resolved: unify code for trying a different DNS server
Let's unify some code, and add a common implementation of a function
that checks whether we have tried all DNS servers yet, and retries the
transaction if we don't. We already use this same code twice. Let's use
it at some other places too now — basically all cases where we switch to
a new server — with the one case of packet loss, where we too switch
servers, but don#t care how many times we already tried to switch.
2021-02-16 18:54:33 +01:00
Lennart Poettering
7ef863a76a resolved: improve log message when retrying a transaction with a different server 2021-02-16 18:53:33 +01:00
Lennart Poettering
fba3e94df5 resolved: never go below DNSSEC feature level in DNSSEC strict mode
This adjusts our feature level handling: when DNSSEC strict mode is on,
let's never lower the feature level below the lowest DNSSEC mode.

Also, when asking whether DNSSEC is supproted, always say yes in strict
mode. This means that error reporting about transactions that fail
because of missing DNSSEC RRs will not report "incompatible-server" but
instead "missing-signature" or suchlike.

The main difference here is that DNSSEC failures become local to a
transaction, instead of propagating into the feature level we reuse for
future transactions. This is beneficial with routers that implement
"mostly a DNS proxy", i.e. that propagate most DNS requests 1:1 to their
upstream servers, but synthesize local answers for a select few domains.
For example, AVM Fritz!Boxes operate that way: they proxy most traffic
1:1 upstream in an DNSSEC-compatible fashion, but synthesize the
"fritz.box" locally, so that it can be used to configure the router.
This local domain cannot be DNSSEC verified, it comes without
signatures. Previously this would mean once that domain was resolved
feature level would be downgraded, and we'd thus fail all future DNSSEC
attempts. With this change, the immediate lookup for "fritz.box" will
fail validation, but for all other unrelated future ones that comes
without prejudice.

(While we are at it, also make a couple of other downgrade paths a bit
tighter.)

Fixes: #10570 #14435 #6490
2021-02-16 18:44:01 +01:00
Lennart Poettering
d8592a4e2f resolved: make feature level checks a bit more discriptive
The levels have an order, but the order is sometimes a bit arbitrary.
Hence add simple macros to check for specific features and use those, so
that the ordering leaks a bit less into all files.
2021-02-16 18:41:08 +01:00
Lennart Poettering
2c42a217a2 resolved: when we can't parse a packet, downgrade feature level
So far we didn't really handle the case where we can't parse a reply
packet. Since this apparently happens in real-life though, let's add
some minimal logic, to downgrade/restart if we see this.
2021-02-16 18:41:08 +01:00
Yu Watanabe
ccb4072e21 man: fix indentation 2021-02-16 17:59:21 +01:00
Lennart Poettering
b52eac2010 resolved: paranoia — ensure DNS reply came over stream we sent it to 2021-02-16 17:43:27 +01:00
heretoenhance
8d186a35cb
Adding an explanation for CONFIG_NET requirement (#18600)
* README: replace CONFIG_NET with CONFIG_UNIX in requirements list
2021-02-16 16:26:51 +00:00
Yu Watanabe
4684ec5e3d netlink: add nexthop related types 2021-02-17 01:16:42 +09:00
Yu Watanabe
f5b7deb969 sd-netlink: add RTA_NH_ID attribute support 2021-02-17 01:16:10 +09:00
Zbigniew Jędrzejewski-Szmek
15567b3a73 Rename unit_times_free to unit_times_free_array
It frees the whole array and the type is UnitTimes not UnitTime.
2021-02-16 17:15:11 +01:00
Zbigniew Jędrzejewski-Szmek
cfb1a0e555 Rename strbuf_cleanup to strbuf_free
It frees the whole object.
2021-02-16 17:15:11 +01:00
Zbigniew Jędrzejewski-Szmek
425ac7a253 fuzz-systemctl-parse-argv: call static destuctors
With all the preparatory work in previous PRs, we can now call static destructors
repeatedly without issue. We need to do it here so that global variables allocated
during parsing are properly freed.
2021-02-16 17:15:11 +01:00
Zbigniew Jędrzejewski-Szmek
36556f6e51 systemctl: use free_and_replace on global variable
In normal usage we cannot set it multiple times, but from a fuzzer we
may. Doing it this way is nicer anyway.
2021-02-16 17:15:11 +01:00
Zbigniew Jędrzejewski-Szmek
fd421c4adc tree-wide: reset the cleaned-up variable in cleanup functions
If the cleanup function returns the appropriate type, use that to reset the
variable. For other functions (usually the foreign ones which return void), add
an explicit value to reset to.

This causes a bit of code churn, but I think it might be worth it. In a
following patch static destructors will be called from a fuzzer, and this
change allows them to be called multiple times. But I think such a change might
help with detecting unitialized code reuse too. We hit various bugs like this,
and things are more obvious when a pointer has been set to NULL.

I was worried whether this change increases text size, but it doesn't seem to:

-Dbuildtype=debug:
before "tree-wide: return NULL from freeing functions":
-rwxrwxr-x 1 zbyszek zbyszek 4117672 Feb 16 14:36 build/libsystemd.so.0.30.0*
-rwxrwxr-x 1 zbyszek zbyszek 4494520 Feb 16 15:06 build/systemd*
after "tree-wide: return NULL from freeing functions":
-rwxrwxr-x 1 zbyszek zbyszek 4117672 Feb 16 14:36 build/libsystemd.so.0.30.0*
-rwxrwxr-x 1 zbyszek zbyszek 4494576 Feb 16 15:10 build/systemd*
now:
-rwxrwxr-x 1 zbyszek zbyszek 4117672 Feb 16 14:36 build/libsystemd.so.0.30.0*
-rwxrwxr-x 1 zbyszek zbyszek 4494640 Feb 16 15:15 build/systemd*

-Dbuildtype=release:
before "tree-wide: return NULL from freeing functions":
-rwxrwxr-x 1 zbyszek zbyszek 5252256 Feb 14 14:47 build-rawhide/libsystemd.so.0.30.0*
-rwxrwxr-x 1 zbyszek zbyszek 1834184 Feb 16 15:09 build-rawhide/systemd*
after "tree-wide: return NULL from freeing functions":
-rwxrwxr-x 1 zbyszek zbyszek 5252256 Feb 14 14:47 build-rawhide/libsystemd.so.0.30.0*
-rwxrwxr-x 1 zbyszek zbyszek 1834184 Feb 16 15:10 build-rawhide/systemd*
now:
-rwxrwxr-x 1 zbyszek zbyszek 5252256 Feb 14 14:47 build-rawhide/libsystemd.so.0.30.0*
-rwxrwxr-x 1 zbyszek zbyszek 1834184 Feb 16 15:16 build-rawhide/systemd*

I would expect that the compiler would be able to elide the setting of a
variable if the variable is never used again. And this seems to be the case:
in optimized builds there is no change in size whatsoever. And the change in
size in unoptimized build is negligible.

Something strange is happening with size of libsystemd: it's bigger in
optimized builds. Something to figure out, but unrelated to this patch.
2021-02-16 17:15:11 +01:00
Zbigniew Jędrzejewski-Szmek
75db809ae5 tree-wide: return NULL from freeing functions
I started working on this because I wanted to change how
DEFINE_TRIVIAL_CLEANUP_FUNC is defined. Even independently of that change, it's
nice to make make things more consistent and predictable.
2021-02-16 17:15:10 +01:00
Lennart Poettering
1d123e772d resolved: reduce indentation level a bit 2021-02-16 16:46:01 +01:00
Lennart Poettering
13eb76ef06 resolved: let's preferably route reverse lookups for local subnets to matching interfaces
Let's preferably route traffic for reverse lookups to LLMNR/mDNS/DNS on
the matching interface if the IP address is in the local subnet. Also,
if looking up an IP address of our own host, let's avoid doing
LLMNR/mDNS at all.

This is useful if "~." is a routing domain to DNS, as it means, local
reverse lookups still go to LLMNR/mDNS, too.

Fixes: #16243 #10081
2021-02-16 16:13:42 +01:00
Luca Boccassi
809ceb8217 namespace: store and use original MountEntry paths when prefixing
Some paths (eg: mount_tmpfs) simply assumed that prefixing always
happens and it always stores the original path in path_const, and
the prefixed path in path_malloc.
But if a MountEntry is set up in a helper function and thus uses
only _malloc struct members, this assumption doesn't hold and there's
a crash.

Refactor so that prefixing is done with a helper which stores the
original path in a separate struct member, and accessing it also
uses a helper which does the right thing.
2021-02-16 14:33:23 +00:00
Luca Boccassi
b850a9b29f MountImages: actually support optional paths
ENOENT did not cause an image mount to be skipped, fix it
2021-02-16 14:33:23 +00:00
Zbigniew Jędrzejewski-Szmek
5d160a2304 networkd: make network_config_section_free() inline 2021-02-16 14:27:59 +01:00
Zbigniew Jędrzejewski-Szmek
1f38830153 resolved: make dns_transaction_gc return a pointer
_gc() does cleanup if it is possible. So far it returned a bool to
signal if it succeeded (false on success). When working on the resolved
code I had to look at the definition every time, because the (arguably
reversed) calling convention is unobvious. So let's return a pointer
(non-NULL: gc has not been done, NULL: gc has been done).

This fits nicely with the standard to return a pointer from all free
functions obviously.
2021-02-16 14:27:59 +01:00
Zbigniew Jędrzejewski-Szmek
d3b56a0cad networkd-ndisc: drop confused freepp function
The function to cleanup IPv6Token was defined using freep, i.e. the macro
generated a freepp function. The correct way would be to do something like
  #define ipv6_token_free mfree
  DEFINE_TRIVIAL_CLEANUP_FUNC(IPv6Token *, ipv6_token_free);
which would create ipv6_token_freep().
But since the cleanup function is unused, let's just drop it.
2021-02-16 14:27:59 +01:00
Zbigniew Jędrzejewski-Szmek
450918d111 coredump: add typedef for struct 2021-02-16 14:27:59 +01:00
Zbigniew Jędrzejewski-Szmek
a779cf30d2 basic/capability-util: add missing initialization
There was no error, because the pointer is unconditionally set below.
2021-02-16 14:27:59 +01:00
Zbigniew Jędrzejewski-Szmek
6aa601c56c analyze: use typedefs for structs and inline iterator variable decls 2021-02-16 14:27:59 +01:00
Lennart Poettering
1e69eaddf8 resolved: log process info of clients requesting resolution via D-Bus
Let's make things more debuggable: when debug logging is on, let's
say which client is asking for our services.

This is helpful for easily figuring out which local process might
interfere with your debugging sessions by issuing additional requests
while you try to debug a request (I am looking at you, geoclue!).
2021-02-16 13:42:49 +01:00
Lennart Poettering
ff05157f82
Merge pull request #18617 from poettering/resolved-confidential
resolved: tell clients which source a response is from, and whether it was never sent via unencrypted transports
2021-02-16 13:40:46 +01:00
Lennart Poettering
5c1790d1ce resolved: propagate source where an RR from back to client
This is extremely useful when debugging stuff: knowing whether a result
was cached, came from network, or was synthesized.
2021-02-16 10:03:43 +01:00
Lennart Poettering
43fc4baa26 resolved: add "confidential" flag for replies passed to clients
Let's introduce a new flag that indicates whether the response was
acquired in "confidential" mode, i.e. via encrypted DNS-over-TLS, or
synthesized locally.

Fixes: #12859
2021-02-16 10:03:43 +01:00
Lennart Poettering
6f055e43b8 resolved: replace "answer_authenticated" bool by uint64_t query_flags field
Let's use the same flags type we use for client communication, i.e.
instead of "bool answer_authenticated", let's use "uint64_t
answer_query_flags", with the SD_RESOLVED_AUTHENTICATED flag.

This is mostly just search/replace, i.e. a refactoring, no change in
behaviour.

This becomes useful once in a later commit SD_RESOLVED_CONFIDENTIAL is
added to indicate resolution that either were encrypted (DNS-over-TLS)
or never left the local system.
2021-02-16 10:03:43 +01:00
Lennart Poettering
0e703bb48d
Merge pull request #18611 from poettering/ifname-validate-tighter
make ifname validation tighter
2021-02-16 09:52:32 +01:00
Lennart Poettering
e03d156f78
Merge pull request #18603 from poettering/socket-graveyard
resolved: keep udp sockets until we receive a reply or timeout
2021-02-16 09:51:41 +01:00
Lennart Poettering
018b642a98 resolvectl: clarify IDNA and search path logic in combination with "resolvectl query --type="
When low-level RR resolution is requested from "resolvectl query" via
"--type=" or "--class=" no search domain logic is applied and no IDNA
translation.

Explain this in detail in the documentation, and also mentions this when
users attempt to resolve single-label names or names with international
characters in the output.

I believe the current behaviour is correct, but it is indeed surprising.
Hence the documentation and output improvement.

Fixes: #11325 #10737
2021-02-16 09:51:17 +01:00
Zbigniew Jędrzejewski-Szmek
a16d732a51 fuzz-systemctl-parse-argv: avoid "leak" of bus object
Memory sanitizer would report leaked memory from --boot-load-entry=help.

Maybe we should disable all bus connections from the fuzzer? It seems not
appropriate to communicate with logind. OTOH, in a real fuzzing environment
this call should just fail, so maybe that's OK.
2021-02-16 08:57:12 +01:00
Zbigniew Jędrzejewski-Szmek
e557c82dd5
Merge pull request #18571 from bluca/portable_dbus_doc
portable: use helpers for DBUS registration and document DBUS interface
2021-02-16 08:30:27 +01:00
Zbigniew Jędrzejewski-Szmek
8f50eb04ac
Merge pull request #18481 from keszybz/rpm-restart-post-trans
Restart units after the rpm transaction
2021-02-16 08:25:49 +01:00
Lennart Poettering
71311efe23 journalctl: rotation is not a reason to warn, but certainly noteworthy
Downgrade the phrasing, since it is a bit misleading.

Fixes: #18465
2021-02-15 14:41:57 -08:00