diff options
34 files changed, 174 insertions, 81 deletions
| diff --git a/Makefile.am b/Makefile.am index 5d30d7d51c..8fa43f50ba 100644 --- a/Makefile.am +++ b/Makefile.am @@ -762,6 +762,8 @@ libsystemd_shared_la_SOURCES = \  	src/shared/udev-util.h \  	src/shared/device-nodes.c \  	src/shared/device-nodes.h \ +	src/shared/dns-domain.c \ +	src/shared/dns-domain.h \  	src/shared/util.c \  	src/shared/util.h \  	src/shared/virt.c \ @@ -978,6 +980,7 @@ libsystemd_shared_la_CFLAGS = \  libsystemd_shared_la_LIBADD = \  	$(SELINUX_LIBS) \  	$(CAP_LIBS) \ +	$(LIBIDN_LIBS) \  	-lm  # ----------------------------------------------------------------------------- @@ -1446,7 +1449,8 @@ tests += \  	test-copy \  	test-cap-list \  	test-sigbus \ -	test-verbs +	test-verbs \ +	test-dns-domain  EXTRA_DIST += \  	test/a.service \ @@ -1577,6 +1581,15 @@ test_hostname_SOURCES = \  test_hostname_LDADD = \  	libsystemd-core.la +test_dns_domain_SOURCES = \ +	src/test/test-dns-domain.c + +test_dns_domain_LDADD = \ +	libsystemd-network.la \ +	libsystemd-internal.la \ +	libsystemd-shared.la \ +	$(LIBIDN_LIBS) +  if ENABLE_EFI  manual_tests += \  	test-boot-timestamp @@ -3382,7 +3395,8 @@ test_dhcp_client_SOURCES = \  test_dhcp_client_LDADD = \  	libsystemd-network.la \  	libsystemd-internal.la \ -	libsystemd-shared.la +	libsystemd-shared.la \ +	$(LIBIDN_LIBS)  test_dhcp_server_SOURCES = \  	src/libsystemd-network/test-dhcp-server.c @@ -3603,6 +3617,9 @@ test_unifont_LDADD = \  src/libsystemd-terminal/unifont-glyph-array.bin: tools/compile-unifont.py $(UNIFONT)  	$(AM_V_GEN)$(PYTHON) $< <$(UNIFONT) >$@ +EXTRA_DIST += \ +	tools/compile-unifont.py +  # ------------------------------------------------------------------------------  include_HEADERS += \  	src/libudev/libudev.h @@ -5405,8 +5422,6 @@ systemd_resolved_SOURCES = \  	src/resolve/resolved-link.h \  	src/resolve/resolved-link.c \  	src/resolve/resolved-def.h \ -	src/resolve/resolved-dns-domain.h \ -	src/resolve/resolved-dns-domain.c \  	src/resolve/resolved-dns-rr.h \  	src/resolve/resolved-dns-rr.c \  	src/resolve/resolved-dns-question.h \ @@ -5476,20 +5491,6 @@ GENERAL_ALIASES += \  nodist_pkgsysconf_DATA += \  	src/resolve/resolved.conf -tests += \ -	test-dns-domain - -test_dns_domain_SOURCES = \ -	src/resolve/resolved-dns-domain.h \ -	src/resolve/resolved-dns-domain.c \ -	src/resolve/test-dns-domain.c - -test_dns_domain_LDADD = \ -	libsystemd-network.la \ -	libsystemd-internal.la \ -	libsystemd-shared.la \ -	$(LIBIDN_LIBS) -  libnss_resolve_la_SOURCES = \  	src/nss-resolve/nss-resolve.sym \  	src/nss-resolve/nss-resolve.c @@ -5520,8 +5521,6 @@ systemd_resolve_host_SOURCES = \  	src/resolve/resolved-dns-answer.h \  	src/resolve/resolved-dns-question.c \  	src/resolve/resolved-dns-question.h \ -	src/resolve/resolved-dns-domain.c \ -	src/resolve/resolved-dns-domain.h \  	src/resolve/dns-type.c \  	src/resolve/dns-type.h @@ -5551,7 +5550,8 @@ systemd_networkd_SOURCES = \  	src/network/networkd.c  systemd_networkd_LDADD = \ -	libsystemd-networkd-core.la +	libsystemd-networkd-core.la \ +	$(LIBIDN_LIBS)  if HAVE_LIBIPTC  systemd_networkd_LDADD += \ @@ -5650,7 +5650,8 @@ test_network_SOURCES = \  	src/network/test-network.c  test_network_LDADD = \ -	libsystemd-networkd-core.la +	libsystemd-networkd-core.la \ +	$(LIBIDN_LIBS)  if HAVE_LIBIPTC  test_network_LDADD += \ diff --git a/man/udev.xml b/man/udev.xml index d5d8a17cdb..70f4f59c08 100644 --- a/man/udev.xml +++ b/man/udev.xml @@ -472,7 +472,8 @@                <varlistentry>                  <term><literal>program</literal></term>                  <listitem> -                  <para>Execute an external program specified as the assigned value and +                  <para>Execute an external program specified as the assigned +                  value and if it returns successfully                    import its output, which must be in environment key                    format. Path specification, command/argument separation,                    and quoting work like in <varname>RUN</varname>.</para> diff --git a/src/core/manager.c b/src/core/manager.c index 564fb5d579..eb80dd1b46 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -1546,7 +1546,7 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t                          return -errno;                  } -                for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg; cmsg = CMSG_NXTHDR(&msghdr, cmsg)) { +                CMSG_FOREACH(cmsg, &msghdr) {                          if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {                                  fd_array = (int*) CMSG_DATA(cmsg); diff --git a/src/core/namespace.c b/src/core/namespace.c index 01a817bf23..045321e1d4 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -696,12 +696,11 @@ int setup_netns(int netns_storage_socket[2]) {          } else {                  /* Yay, found something, so let's join the namespace */ -                for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) { +                CMSG_FOREACH(cmsg, &mh)                          if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {                                  assert(cmsg->cmsg_len == CMSG_LEN(sizeof(int)));                                  netns = *(int*) CMSG_DATA(cmsg);                          } -                }                  if (setns(netns, CLONE_NEWNET) < 0) {                          r = -errno; diff --git a/src/import/importd.c b/src/import/importd.c index e2df44ad26..05a619ac0c 100644 --- a/src/import/importd.c +++ b/src/import/importd.c @@ -599,7 +599,7 @@ static int manager_on_notify(sd_event_source *s, int fd, uint32_t revents, void          cmsg_close_all(&msghdr); -        for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg; cmsg = CMSG_NXTHDR(&msghdr, cmsg)) { +        CMSG_FOREACH(cmsg, &msghdr) {                  if (cmsg->cmsg_level == SOL_SOCKET &&                             cmsg->cmsg_type == SCM_CREDENTIALS &&                             cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) { diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c index 3353024f4e..32da8d61fc 100644 --- a/src/journal/journald-server.c +++ b/src/journal/journald-server.c @@ -1177,7 +1177,7 @@ int server_process_datagram(sd_event_source *es, int fd, uint32_t revents, void                          return -errno;                  } -                for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg; cmsg = CMSG_NXTHDR(&msghdr, cmsg)) { +                CMSG_FOREACH(cmsg, &msghdr) {                          if (cmsg->cmsg_level == SOL_SOCKET &&                              cmsg->cmsg_type == SCM_CREDENTIALS && diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c index 0193e42d65..6853038b67 100644 --- a/src/libsystemd-network/sd-dhcp-client.c +++ b/src/libsystemd-network/sd-dhcp-client.c @@ -1588,7 +1588,7 @@ static int client_receive_message_raw(sd_event_source *s, int fd,          } else if ((size_t)len < sizeof(DHCPPacket))                  return 0; -        for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) { +        CMSG_FOREACH(cmsg, &msg) {                  if (cmsg->cmsg_level == SOL_PACKET &&                      cmsg->cmsg_type == PACKET_AUXDATA &&                      cmsg->cmsg_len == CMSG_LEN(sizeof(struct tpacket_auxdata))) { diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c index 8a4220621b..d8bc76edda 100644 --- a/src/libsystemd-network/sd-dhcp-lease.c +++ b/src/libsystemd-network/sd-dhcp-lease.c @@ -32,6 +32,7 @@  #include "dhcp-lease-internal.h"  #include "sd-dhcp-lease.h"  #include "network-internal.h" +#include "dns-domain.h"  int sd_dhcp_lease_get_address(sd_dhcp_lease *lease, struct in_addr *addr) {          assert_return(lease, -EINVAL); @@ -504,9 +505,18 @@ int dhcp_lease_parse_options(uint8_t code, uint8_t len, const uint8_t *option,                  if (e)                          *e = 0; -                if (!hostname_is_valid(domainname) || is_localhost(domainname)) +                if (is_localhost(domainname))                          break; +                r = dns_name_is_valid(domainname); +                if (r <= 0) { +                        if (r < 0) +                                log_error_errno(r, "Failed to validate domain name: %s: %m", domainname); +                        if (r == 0) +                                log_warning("Domain name is not valid, ignoring: %s", domainname); +                        break; +                } +                  free(lease->domainname);                  lease->domainname = domainname;                  domainname = NULL; diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c index a0a2320efa..cc5e032344 100644 --- a/src/libsystemd-network/sd-dhcp-server.c +++ b/src/libsystemd-network/sd-dhcp-server.c @@ -902,7 +902,7 @@ static int server_receive_message(sd_event_source *s, int fd,          else if ((size_t)len < sizeof(DHCPMessage))                  return 0; -        for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) { +        CMSG_FOREACH(cmsg, &msg) {                  if (cmsg->cmsg_level == IPPROTO_IP &&                      cmsg->cmsg_type == IP_PKTINFO &&                      cmsg->cmsg_len == CMSG_LEN(sizeof(struct in_pktinfo))) { diff --git a/src/libsystemd/sd-bus/bus-bloom.c b/src/libsystemd/sd-bus/bus-bloom.c index 3556774074..91fab90cb0 100644 --- a/src/libsystemd/sd-bus/bus-bloom.c +++ b/src/libsystemd/sd-bus/bus-bloom.c @@ -116,11 +116,19 @@ void bloom_add_prefixes(uint64_t filter[], size_t size, unsigned k, const char *          p = stpcpy(stpcpy(c, a), ":");          strcpy(p, b); +        bloom_add_data(filter, size, k, c, n); +          for (;;) {                  char *e;                  e = strrchr(p, sep); -                if (!e || e == p) +                if (!e) +                        break; + +                *(e + 1) = 0; +                bloom_add_data(filter, size, k, c, e - c + 1); + +                if (e == p)                          break;                  *e = 0; diff --git a/src/libsystemd/sd-bus/bus-container.c b/src/libsystemd/sd-bus/bus-container.c index f157c25bba..fa7a207448 100644 --- a/src/libsystemd/sd-bus/bus-container.c +++ b/src/libsystemd/sd-bus/bus-container.c @@ -222,7 +222,7 @@ int bus_container_connect_kernel(sd_bus *b) {          if (recvmsg(pair[0], &mh, MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) < 0)                  return -errno; -        for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) +        CMSG_FOREACH(cmsg, &mh)                  if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {                          int *fds;                          unsigned n_fds; diff --git a/src/libsystemd/sd-bus/bus-control.c b/src/libsystemd/sd-bus/bus-control.c index 1103903358..7a59702cb2 100644 --- a/src/libsystemd/sd-bus/bus-control.c +++ b/src/libsystemd/sd-bus/bus-control.c @@ -1291,10 +1291,8 @@ int bus_add_match_internal_kernel(                          break;                  case BUS_MATCH_PATH_NAMESPACE: -                        if (!streq(c->value_str, "/")) { -                                bloom_add_pair(bloom, bus->bloom_size, bus->bloom_n_hash, "path-slash-prefix", c->value_str); -                                using_bloom = true; -                        } +                        bloom_add_pair(bloom, bus->bloom_size, bus->bloom_n_hash, "path-slash-prefix", c->value_str); +                        using_bloom = true;                          break;                  case BUS_MATCH_ARG...BUS_MATCH_ARG_LAST: { @@ -1310,11 +1308,18 @@ int bus_add_match_internal_kernel(                  }                  case BUS_MATCH_ARG_PATH...BUS_MATCH_ARG_PATH_LAST: { -                        char buf[sizeof("arg")-1 + 2 + sizeof("-slash-prefix")]; - -                        xsprintf(buf, "arg%i-slash-prefix", c->type - BUS_MATCH_ARG_PATH); -                        bloom_add_pair(bloom, bus->bloom_size, bus->bloom_n_hash, buf, c->value_str); -                        using_bloom = true; +                        /* +                         * XXX: DBus spec defines arg[0..63]path= matching to be +                         * a two-way glob. That is, if either string is a prefix +                         * of the other, it matches. +                         * This is really hard to realize in bloom-filters, as +                         * we would have to create a bloom-match for each prefix +                         * of @c->value_str. This is excessive, hence we just +                         * ignore all those matches and accept everything from +                         * the kernel. People should really avoid those matches. +                         * If they're used in real-life some day, we will have +                         * to properly support multiple-matches here. +                         */                          break;                  } diff --git a/src/libsystemd/sd-bus/bus-internal.c b/src/libsystemd/sd-bus/bus-internal.c index 91b288cd25..37793e48ed 100644 --- a/src/libsystemd/sd-bus/bus-internal.c +++ b/src/libsystemd/sd-bus/bus-internal.c @@ -211,6 +211,17 @@ bool member_name_is_valid(const char *p) {          return true;  } +/* + * Complex pattern match + * This checks whether @a is a 'complex-prefix' of @b, or @b is a + * 'complex-prefix' of @a, based on strings that consist of labels with @c as + * spearator. This function returns true if: + *   - both strings are equal + *   - either is a prefix of the other and ends with @c + * The second rule makes sure that either string needs to be fully included in + * the other, and the string which is considered the prefix needs to end with a + * separator. + */  static bool complex_pattern_check(char c, const char *a, const char *b) {          bool separator = false; @@ -222,9 +233,7 @@ static bool complex_pattern_check(char c, const char *a, const char *b) {          for (;;) {                  if (*a != *b) -                        return (separator && (*a == 0 || *b == 0)) || -                                (*a == 0 && *b == c && b[1] == 0) || -                                (*b == 0 && *a == c && a[1] == 0); +                        return (separator && (*a == 0 || *b == 0));                  if (*a == 0)                          return true; @@ -243,7 +252,18 @@ bool path_complex_pattern(const char *pattern, const char *value) {          return complex_pattern_check('/', pattern, value);  } +/* + * Simple pattern match + * This checks whether @a is a 'simple-prefix' of @b, based on strings that + * consist of labels with @c as separator. This function returns true, if: + *   - if @a and @b are equal + *   - if @a is a prefix of @b, and the first following character in @b (or the + *     last character in @a) is @c + * The second rule basically makes sure that if @a is a prefix of @b, then @b + * must follow with a new label separated by @c. It cannot extend the label. + */  static bool simple_pattern_check(char c, const char *a, const char *b) { +        bool separator = false;          if (!a && !b)                  return true; @@ -253,11 +273,13 @@ static bool simple_pattern_check(char c, const char *a, const char *b) {          for (;;) {                  if (*a != *b) -                        return *a == 0 && *b == c; +                        return *a == 0 && (*b == c || separator);                  if (*a == 0)                          return true; +                separator = *a == c; +                  a++, b++;          }  } diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c index 9f3756f0c2..322d57ddbb 100644 --- a/src/libsystemd/sd-bus/bus-socket.c +++ b/src/libsystemd/sd-bus/bus-socket.c @@ -502,7 +502,6 @@ static int bus_socket_read_auth(sd_bus *b) {                  struct cmsghdr cmsghdr;                  uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX)];          } control; -        struct cmsghdr *cmsg;          bool handle_cmsg = false;          assert(b); @@ -552,8 +551,10 @@ static int bus_socket_read_auth(sd_bus *b) {          b->rbuffer_size += k; -        if (handle_cmsg) -                for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) +        if (handle_cmsg) { +                struct cmsghdr *cmsg; + +                CMSG_FOREACH(cmsg, &mh)                          if (cmsg->cmsg_level == SOL_SOCKET &&                              cmsg->cmsg_type == SCM_RIGHTS) {                                  int j; @@ -567,6 +568,7 @@ static int bus_socket_read_auth(sd_bus *b) {                          } else                                  log_debug("Got unexpected auxiliary data with level=%d and type=%d",                                            cmsg->cmsg_level, cmsg->cmsg_type); +        }          r = bus_socket_auth_verify(b);          if (r != 0) @@ -916,7 +918,6 @@ int bus_socket_read_message(sd_bus *bus) {                  struct cmsghdr cmsghdr;                  uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX)];          } control; -        struct cmsghdr *cmsg;          bool handle_cmsg = false;          assert(bus); @@ -961,8 +962,10 @@ int bus_socket_read_message(sd_bus *bus) {          bus->rbuffer_size += k; -        if (handle_cmsg) -                for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) +        if (handle_cmsg) { +                struct cmsghdr *cmsg; + +                CMSG_FOREACH(cmsg, &mh)                          if (cmsg->cmsg_level == SOL_SOCKET &&                              cmsg->cmsg_type == SCM_RIGHTS) {                                  int n, *f; @@ -990,6 +993,7 @@ int bus_socket_read_message(sd_bus *bus) {                          } else                                  log_debug("Got unexpected auxiliary data with level=%d and type=%d",                                            cmsg->cmsg_level, cmsg->cmsg_type); +        }          r = bus_socket_read_message_need(bus, &need);          if (r < 0) diff --git a/src/libsystemd/sd-bus/test-bus-kernel-bloom.c b/src/libsystemd/sd-bus/test-bus-kernel-bloom.c index b11c43bd7b..90eb1f2a33 100644 --- a/src/libsystemd/sd-bus/test-bus-kernel-bloom.c +++ b/src/libsystemd/sd-bus/test-bus-kernel-bloom.c @@ -26,6 +26,14 @@  #include "bus-kernel.h"  #include "bus-util.h" +static int test_match(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) { +        int *found = userdata; + +        *found = 1; + +        return 0; +} +  static void test_one(                  const char *path,                  const char *interface, @@ -39,7 +47,7 @@ static void test_one(          _cleanup_free_ char *name = NULL, *bus_name = NULL, *address = NULL;          _cleanup_bus_message_unref_ sd_bus_message *m = NULL;          sd_bus *a, *b; -        int r; +        int r, found = 0;          assert_se(asprintf(&name, "deine-mutter-%u", (unsigned) getpid()) >= 0); @@ -71,7 +79,7 @@ static void test_one(          assert_se(r >= 0);          log_debug("match"); -        r = sd_bus_add_match(b, NULL, match, NULL, NULL); +        r = sd_bus_add_match(b, NULL, match, test_match, &found);          assert_se(r >= 0);          log_debug("signal"); @@ -83,7 +91,7 @@ static void test_one(          assert_se(r >= 0);          r = sd_bus_process(b, &m); -        assert_se(r >= 0 && (good == !!m)); +        assert_se(r >= 0 && good == !!found);          sd_bus_unref(a);          sd_bus_unref(b); @@ -115,6 +123,17 @@ int main(int argc, char *argv[]) {          test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path_namespace='/foo'", true);          test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path_namespace='/'", true);          test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path_namespace='/quux'", false); +        test_one("/", "waldo.com", "Piep", false, "foobar", "path_namespace='/'", true); + +        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/foo/bar/waldo/'", false); +        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path='/foo/'", false); +        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path_namespace='/foo/bar/waldo/'", false); +        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "foobar", "path_namespace='/foo/'", true); + +        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "/foo/bar/waldo", "arg0path='/foo/'", true); +        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "/foo", "arg0path='/foo'", true); +        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "/foo", "arg0path='/foo/bar/waldo'", false); +        test_one("/foo/bar/waldo", "waldo.com", "Piep", false, "/foo/", "arg0path='/foo/bar/waldo'", true);          return 0;  } diff --git a/src/libsystemd/sd-bus/test-bus-signature.c b/src/libsystemd/sd-bus/test-bus-signature.c index 4165c9273a..17c6188ca0 100644 --- a/src/libsystemd/sd-bus/test-bus-signature.c +++ b/src/libsystemd/sd-bus/test-bus-signature.c @@ -95,23 +95,28 @@ int main(int argc, char *argv[]) {          assert_se(!namespace_complex_pattern("foo.", ""));          assert_se(path_complex_pattern("", "")); -        assert_se(path_complex_pattern("", "/")); -        assert_se(path_complex_pattern("/", "")); +        assert_se(!path_complex_pattern("", "/")); +        assert_se(!path_complex_pattern("/", ""));          assert_se(path_complex_pattern("/", "/"));          assert_se(path_complex_pattern("/foobar/", "/")); -        assert_se(path_complex_pattern("/foobar/", "/foobar")); +        assert_se(!path_complex_pattern("/foobar/", "/foobar"));          assert_se(path_complex_pattern("/foobar", "/foobar")); -        assert_se(path_complex_pattern("/foobar", "/foobar/")); +        assert_se(!path_complex_pattern("/foobar", "/foobar/"));          assert_se(!path_complex_pattern("/foobar", "/foobar/waldo"));          assert_se(path_complex_pattern("/foobar/", "/foobar/waldo")); +        assert_se(path_complex_pattern("/foobar/waldo", "/foobar/")); + +        assert_se(path_simple_pattern("/foo/", "/foo/bar/waldo"));          assert_se(namespace_simple_pattern("", "")); +        assert_se(namespace_simple_pattern("", ".foobar"));          assert_se(namespace_simple_pattern("foobar", "foobar"));          assert_se(namespace_simple_pattern("foobar.waldo", "foobar.waldo"));          assert_se(namespace_simple_pattern("foobar", "foobar.waldo"));          assert_se(!namespace_simple_pattern("foobar.waldo", "foobar"));          assert_se(!namespace_simple_pattern("", "foo"));          assert_se(!namespace_simple_pattern("foo", "")); +        assert_se(namespace_simple_pattern("foo.", "foo.bar.waldo"));          assert_se(streq(object_path_startswith("/foo/bar", "/foo"), "bar"));          assert_se(streq(object_path_startswith("/foo", "/foo"), "")); diff --git a/src/libsystemd/sd-rtnl/rtnl-message.c b/src/libsystemd/sd-rtnl/rtnl-message.c index bab2a4ff08..9dcf7df559 100644 --- a/src/libsystemd/sd-rtnl/rtnl-message.c +++ b/src/libsystemd/sd-rtnl/rtnl-message.c @@ -1442,7 +1442,7 @@ static int socket_recv_message(int fd, struct iovec *iov, uint32_t *_group, bool                  return (errno == EAGAIN || errno == EINTR) ? 0 : -errno;          } -        for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) { +        CMSG_FOREACH(cmsg, &msg) {                  if (cmsg->cmsg_level == SOL_SOCKET &&                      cmsg->cmsg_type == SCM_CREDENTIALS &&                      cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) { diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c index 5947084106..6f32e5f4a4 100644 --- a/src/network/networkd-network.c +++ b/src/network/networkd-network.c @@ -30,6 +30,7 @@  #include "networkd-netdev.h"  #include "networkd-link.h"  #include "network-internal.h" +#include "dns-domain.h"  static int network_load_one(Manager *manager, const char *filename) {          _cleanup_network_free_ Network *network = NULL; @@ -466,11 +467,16 @@ int config_parse_domains(const char *unit,          STRV_FOREACH(domain, *domains) {                  if (is_localhost(*domain))                          log_syntax(unit, LOG_ERR, filename, line, EINVAL, "'localhost' domain names may not be configured, ignoring assignment: %s", *domain); -                else if (!hostname_is_valid(*domain)) { -                        if (!streq(*domain, "*")) -                                log_syntax(unit, LOG_ERR, filename, line, EINVAL, "domain name is not valid, ignoring assignment: %s", *domain); -                } else -                        continue; +                else { +                        r = dns_name_is_valid(*domain); +                        if (r <= 0 && !streq(*domain, "*")) { +                                if (r < 0) +                                        log_error_errno(r, "Failed to validate domain name: %s: %m", *domain); +                                if (r == 0) +                                        log_warning("Domain name is not valid, ignoring assignment: %s", *domain); +                        } else +                                continue; +                }                  strv_remove(*domains, *domain); diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c index 171141e3a4..6db12511f9 100644 --- a/src/resolve/resolved-bus.c +++ b/src/resolve/resolved-bus.c @@ -22,7 +22,7 @@  #include "bus-common-errors.h"  #include "bus-util.h" -#include "resolved-dns-domain.h" +#include "dns-domain.h"  #include "resolved-bus.h"  #include "resolved-def.h" diff --git a/src/resolve/resolved-dns-answer.c b/src/resolve/resolved-dns-answer.c index e08eb667cc..f77b98e505 100644 --- a/src/resolve/resolved-dns-answer.c +++ b/src/resolve/resolved-dns-answer.c @@ -20,7 +20,7 @@  ***/  #include "resolved-dns-answer.h" -#include "resolved-dns-domain.h" +#include "dns-domain.h"  DnsAnswer *dns_answer_new(unsigned n) {          DnsAnswer *a; diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c index 21756f566f..bb74b1828e 100644 --- a/src/resolve/resolved-dns-packet.c +++ b/src/resolve/resolved-dns-packet.c @@ -23,7 +23,7 @@  #include "util.h"  #include "strv.h"  #include "unaligned.h" -#include "resolved-dns-domain.h" +#include "dns-domain.h"  #include "resolved-dns-packet.h"  int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) { diff --git a/src/resolve/resolved-dns-question.c b/src/resolve/resolved-dns-question.c index 45bcbbf23a..4d71f5e3d4 100644 --- a/src/resolve/resolved-dns-question.c +++ b/src/resolve/resolved-dns-question.c @@ -20,7 +20,7 @@  ***/  #include "resolved-dns-question.h" -#include "resolved-dns-domain.h" +#include "dns-domain.h"  DnsQuestion *dns_question_new(unsigned n) {          DnsQuestion *q; diff --git a/src/resolve/resolved-dns-rr.c b/src/resolve/resolved-dns-rr.c index 78d9e4a412..c1818eef9c 100644 --- a/src/resolve/resolved-dns-rr.c +++ b/src/resolve/resolved-dns-rr.c @@ -23,7 +23,7 @@  #include "strv.h" -#include "resolved-dns-domain.h" +#include "dns-domain.h"  #include "resolved-dns-rr.h"  #include "resolved-dns-packet.h"  #include "dns-type.h" diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c index 7369cbf50f..c25ac2216d 100644 --- a/src/resolve/resolved-dns-scope.c +++ b/src/resolve/resolved-dns-scope.c @@ -27,7 +27,7 @@  #include "af-list.h"  #include "random-util.h"  #include "hostname-util.h" -#include "resolved-dns-domain.h" +#include "dns-domain.h"  #include "resolved-dns-scope.h"  #define MULTICAST_RATELIMIT_INTERVAL_USEC (1*USEC_PER_SEC) diff --git a/src/resolve/resolved-dns-stream.c b/src/resolve/resolved-dns-stream.c index 4c0b557bad..7f47e7223a 100644 --- a/src/resolve/resolved-dns-stream.c +++ b/src/resolve/resolved-dns-stream.c @@ -113,7 +113,8 @@ static int dns_stream_identify(DnsStream *s) {          mh.msg_control = &control;          mh.msg_controllen = sl; -        for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) { + +        CMSG_FOREACH(cmsg, &mh) {                  if (cmsg->cmsg_level == IPPROTO_IPV6) {                          assert(s->peer.sa.sa_family == AF_INET6); diff --git a/src/resolve/resolved-dns-zone.c b/src/resolve/resolved-dns-zone.c index a4c9b7d7af..32d771a954 100644 --- a/src/resolve/resolved-dns-zone.c +++ b/src/resolve/resolved-dns-zone.c @@ -22,7 +22,7 @@  #include "list.h"  #include "resolved-dns-zone.h" -#include "resolved-dns-domain.h" +#include "dns-domain.h"  #include "resolved-dns-packet.h"  /* Never allow more than 1K entries */ diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c index 52695376f0..f8d4db7aad 100644 --- a/src/resolve/resolved-manager.c +++ b/src/resolve/resolved-manager.c @@ -34,7 +34,7 @@  #include "random-util.h"  #include "hostname-util.h" -#include "resolved-dns-domain.h" +#include "dns-domain.h"  #include "resolved-conf.h"  #include "resolved-bus.h"  #include "resolved-manager.h" @@ -920,7 +920,7 @@ int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {          } else                  return -EAFNOSUPPORT; -        for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) { +        CMSG_FOREACH(cmsg, &mh) {                  if (cmsg->cmsg_level == IPPROTO_IPV6) {                          assert(p->family == AF_INET6); diff --git a/src/resolve/resolved-dns-domain.c b/src/shared/dns-domain.c index e1eb3ddfe5..20a44ce4e1 100644 --- a/src/resolve/resolved-dns-domain.c +++ b/src/shared/dns-domain.c @@ -24,7 +24,7 @@  #include <stringprep.h>  #endif -#include "resolved-dns-domain.h" +#include "dns-domain.h"  int dns_label_unescape(const char **name, char *dest, size_t sz) {          const char *n; diff --git a/src/resolve/resolved-dns-domain.h b/src/shared/dns-domain.h index 516d244f7a..00caf5d700 100644 --- a/src/resolve/resolved-dns-domain.h +++ b/src/shared/dns-domain.h @@ -35,6 +35,15 @@ int dns_label_apply_idna(const char *encoded, size_t encoded_size, char *decoded  int dns_label_undo_idna(const char *encoded, size_t encoded_size, char *decoded, size_t decoded_max);  int dns_name_normalize(const char *s, char **_ret); +static inline int dns_name_is_valid(const char *s) { +        int r; +        r = dns_name_normalize(s, NULL); +        if (r == -EINVAL) +                return 0; +        if (r < 0) +                return r; +        return 1; +}  unsigned long dns_name_hash_func(const void *s, const uint8_t hash_key[HASH_KEY_SIZE]);  int dns_name_compare_func(const void *a, const void *b); diff --git a/src/shared/macro.h b/src/shared/macro.h index 7ae1ed80b6..cc1c9e73c0 100644 --- a/src/shared/macro.h +++ b/src/shared/macro.h @@ -467,4 +467,7 @@ do {                                                                    \          }                                                       \          struct __useless_struct_to_allow_trailing_semicolon__ +#define CMSG_FOREACH(cmsg, mh)                                          \ +        for ((cmsg) = CMSG_FIRSTHDR(mh); (cmsg); (cmsg) = CMSG_NXTHDR((mh), (cmsg))) +  #include "log.h" diff --git a/src/shared/util.c b/src/shared/util.c index a20e7bb2ef..6f6906f877 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -5520,7 +5520,7 @@ int openpt_in_namespace(pid_t pid, int flags) {          if (recvmsg(pair[0], &mh, MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) < 0)                  return -errno; -        for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) +        CMSG_FOREACH(cmsg, &mh)                  if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {                          int *fds;                          unsigned n_fds; @@ -5908,7 +5908,7 @@ void cmsg_close_all(struct msghdr *mh) {          assert(mh); -        for (cmsg = CMSG_FIRSTHDR(mh); cmsg; cmsg = CMSG_NXTHDR(mh, cmsg)) +        CMSG_FOREACH(cmsg, mh)                  if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS)                          close_many((int*) CMSG_DATA(cmsg), (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int));  } diff --git a/src/resolve/test-dns-domain.c b/src/test/test-dns-domain.c index c3208abc78..527cdd3b54 100644 --- a/src/resolve/test-dns-domain.c +++ b/src/test/test-dns-domain.c @@ -20,7 +20,7 @@   ***/  #include "macro.h" -#include "resolved-dns-domain.h" +#include "dns-domain.h"  static void test_dns_label_unescape_one(const char *what, const char *expect, size_t buffer_sz, int ret) {          char buffer[buffer_sz]; diff --git a/src/timesync/timesyncd-manager.c b/src/timesync/timesyncd-manager.c index 88e9cf98ed..40e0fd31fe 100644 --- a/src/timesync/timesyncd-manager.c +++ b/src/timesync/timesyncd-manager.c @@ -528,7 +528,7 @@ static int manager_receive_response(sd_event_source *source, int fd, uint32_t re          }          recv_time = NULL; -        for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg; cmsg = CMSG_NXTHDR(&msghdr, cmsg)) { +        CMSG_FOREACH(cmsg, &msghdr) {                  if (cmsg->cmsg_level != SOL_SOCKET)                          continue; diff --git a/src/udev/udevd.c b/src/udev/udevd.c index 26aae89990..2affb5944a 100644 --- a/src/udev/udevd.c +++ b/src/udev/udevd.c @@ -875,7 +875,7 @@ static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdat                          continue;                  } -                for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg; cmsg = CMSG_NXTHDR(&msghdr, cmsg)) { +                CMSG_FOREACH(cmsg, &msghdr) {                          if (cmsg->cmsg_level == SOL_SOCKET &&                              cmsg->cmsg_type == SCM_CREDENTIALS &&                              cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) | 
