summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-05-26sd-ndisc: rework size checking in ndisc_ra_parse()Lennart Poettering
Let's better check the size before we subtract. Also, let's change the size argument to size_t, as it cannot be signed anyway. Finally, use EBADMSG for indicating invalid packets, like we do everywhere else.
2016-05-26sd-ndisc: simplify clamping of router "pref" parameterLennart Poettering
2016-05-26sd-ndisc: append "event_source" to event source objects stored in structuresLennart Poettering
Otherwise it gets too confusing whether "timeout" refers to an event source or just a timeout time specification.
2016-05-26sd-ndisc: add log_ndisc_errno() macro, to complement log_ndisc() like elsewhereLennart Poettering
Also make use of it where appropriate.
2016-05-26sd-ndisc: use the right object to pass to log_ndisc()Lennart Poettering
There's no "client" object, in both cases. There's only "nd". This wasn't noticed before, as the context object is currently not actually used by the log macros.
2016-05-26sd-ndisc: Typo fix: s/advertisment/advertisement/Lennart Poettering
2016-05-26ipv4acd: rename "ll" parameter to "acd" everywhereLennart Poettering
Appears to be a (confusing) left-over from copy/paste when this still was ipv4ll code.
2016-05-26sd-ipv4ll: add a bit of logging to IPv4LL tooLennart Poettering
2016-05-26sd-ipv4acd: drop IPV4ACD_NETWORK definitionLennart Poettering
Appears to be a copy/paste mistake from sd-ipv4ll. Let's get rid of this.
2016-05-26ipv4acd: rework how we pick ipv4ll addressesLennart Poettering
Let's make the seed actually work as stable seed, and use siphash24 to generate the series of addresses, instead of the opaque libc random_r(). This not only makes the seed truly work as stable, portable seed, but also makes the code quite a bit shorter, and removes a couple of memory allocations.
2016-05-26ipv4ll: change "seed" parameter to be uint64_tLennart Poettering
Let's make clear this always has the same size, since otherwise it's not useful for reproducible runs, which this is really about however.
2016-05-26ipv4acd: make sure our event handler callbacks never check uninitialized "r" ↵Lennart Poettering
for errors
2016-05-26ipv4acd: normalize time types to usec_tLennart Poettering
We try to stick to usec_t for encoding time information, do that here too. In particular, get rid of "int" second specifications, since signed timespans are a weird thing.
2016-05-26ipv4acd: in case the state engine is reused, reset n_conflict timer to 0Lennart Poettering
2016-05-26ipv4acd: no need to memcpy() where assignment sufficesLennart Poettering
2016-05-26ipv4acd: introduce new "started" stateLennart Poettering
This state is active immediately after the state engine was started, but before the first timer hits. This way multiple _start() invocations on the same object are always detected correctly.
2016-05-26ipv4acd: rename ipv4acd_stop() → ipv4acd_reset()Lennart Poettering
This is much less confusing, since there's also sd_ipv4acd_stop(), which was idfferent from ipv4acd_stop(). After renaming it, let's also use the funciton when destroying ipv4acd objects, as the code is pretty much the same for that.
2016-05-26ipv4acd: add "_event_source" suffix to event source objectsLennart Poettering
Otherwise the field "receive_message" is a bit too confusing, as it suggests it actually stores a message object of some kind.
2016-05-26ipv4acd: make the iteration and conflict fields unsignedLennart Poettering
They are counters after all, and can never go below zero, hence don't pretend with the chose type that they could. Also, prefix their name with "n_", to indicate that they are counters.
2016-05-26ipv4l-{acd,ll}: make sure ipv4 addresses are unsignedLennart Poettering
And some other minor fixes.
2016-05-26ipv4acd: library code should never logLennart Poettering
Or actually, not at any level higher than debug.
2016-05-26sd-ipv4{acl,ll}: don't make use of RefCnt objectsLennart Poettering
These objects are only useful when multiple threads are involved, as they operate with atomic operations. Given that our libraries are explicitly not thread-safe don't make use of RefCnt here, and make things a bit simpler.
2016-05-26sd-network: don't needlessly abbreviate "callback" as "cb" in struct membersLennart Poettering
It's OK to abbreviate this in the local scope, but otherwise, let's not be needlessly terse.
2016-05-26dhcp: fix operator precedence issue with macroLennart Poettering
2016-05-26sd-ndisc: make the _stop() call idempotentLennart Poettering
It's a good idea to make stopcalls idempotent, so that they become nops if the object is already stopped.
2016-05-26sd-network: fix up assertion chaosLennart Poettering
assert_return() should only be used to validate user-facing parameters and state, assert() should be used for checking our own internal state and parameters.
2016-05-26sd-ndisc: rename sd_ndisc_init() to sd_ndisc_reset()Lennart Poettering
After all, it's actually used for resetting the state, not only for the initial initialization. While we are at it, also simplify the error path for sd_ndisc_discovery_start().
2016-05-26sd-network: rename "index" field of the various clients to "ifindex"Lennart Poettering
A field "index" is not particularly precise and also might conflict with libc's index() function definition. Also, pretty much everywhere else we call this concept "ifindex", including in networkd, the primary user of these libraries. Hence, let's fix this up and call this "ifindex" everywhere here too.
2016-05-26sd-ndisc: properly make various parameters unsignedLennart Poettering
2016-05-26sd-dhcp: shorten NUL initialization a bitLennart Poettering
2016-05-26manager: remove spurious newlineLennart Poettering
2016-05-26sd-network: unify packet processing logic a bitLennart Poettering
Let's always check for errno being EAGAIN/EINTR the same way, and always log if we receive weirdly short packets.
2016-05-26Typo: systemd-nspaw -> systemd-nspawn (#3354)Ansgar Burchardt
2016-05-24Merge pull request #3247 from fbuihuu/ask-passowrd-on-all-consolesLennart Poettering
ask-password: ask for passphrases not only on the first console
2016-05-24Udevadm trivial cleanups (#3331)Zbigniew Jędrzejewski-Szmek
* udevadm-info: use _cleanup_ * udevadm-info: propagate return value from export_devices() * sd-device: add comment and remove unnecessary braces
2016-05-24ask-password: ask for passphrases not only on the first console of /dev/consoleWerner Fink
but also on all other consoles. This does help on e.g. mainframes where often a serial console together with other consoles are used. Even rack based servers attachted to both a serial console as well as having a virtual console do sometimes miss a connected monitor. To be able to ask on all terminal devices of /dev/console the devices are collected. If more than one device are found, then on each of the terminals a inquiring task for passphrase is forked and do not return to the caller. Every task has its own session and its own controlling terminal. If one of the tasks does handle a password, the remaining tasks will be terminated. Also let contradictory options on the command of systemd-tty-ask-password-agent fail. Spwan for each device of the system console /dev/console a own process. Replace the system call wait() with with system call waitid(). Use SIGTERM instead of SIGHUP to get unresponsive childs down. Port the collect_consoles() function forward to a pulbic and strv based function "get_kernel_consoles()" in terminal-util.c and use this in tty-ask-password-agent.c.
2016-05-24Revert "rules: allow users to access frame buffer devices" (#3333)Zbigniew Jędrzejewski-Szmek
This reverts commit 483d8bbb4c0190f419bf9fba57fb0feb1a56bea6. In [1] Michel Dänzer and Daniel Vetter wrote: >> The scenario you describe isn't possible if the Wayland compositor >> directly uses the KMS API of /dev/dri/card*, but it may be possible if >> the Wayland compositor uses the fbdev API of /dev/fb* instead (e.g. if >> weston uses its fbdev backend). > > Yeah, if both weston and your screen grabber uses native fbdev API you can > now screenshot your desktop. And since fbdev has no concept of "current > owner of the display hw" like the drm master, I think this is not fixable. > At least not just in userspace. Also even with native KMS compositors > fbdev still doesn't have the concept of ownership, which is why it doesn't > bother clearing it's buffer before KMS takes over. I agree that this > should be reverted or at least hidden better. TBH, I think that privilege separation between processes running under the same UID is tenuous. Even with drm, in common setups any user process can ptrace the "current owner of the display" and call DROP_MASTER or do whatever. It *is* possible to prevent that, e.g. by disabling ptrace using yama.ptrace_scope, or selinux, and so on, but afaik this is not commonly done. E.g. all Fedora systems pull in elfutils-default-yama-scope.rpm through dependencies which sets yama.ptrace_scope=0. And even assuming that ptrace was disabled, it is trivial to modify files on disk, communicate through dbus, etc; there is just to many ways for a non-sandboxed process to interact maliciously with the display shell to close them all off. To achieve real protection, some sort of sandboxing must be implemented, and in that case there is no need to rely on access mode on the device files, since much more stringent measures have to be implemented anyway. The situation is similar for framebuffer devices. It is common to add framebuffer users to video group to allow them unlimited access to /dev/fb*. Using uaccess would be better solution in that case. Also, since there is no "current owner" limitation like in DRM, processes running under the same UID should be able to access /proc/<pid-of-display-server>/fd/* and gain access to the devices. Nevertheless, weston implements a suid wrapper to access the devices and then drop privileges, and this patch would make this daemon pointless. So if the weston developers feel that this change reduces security, I prefer to revert it. [1] https://lists.freedesktop.org/archives/wayland-devel/2016-May/029017.html
2016-05-23sd-device: udev-db - handle properties with empty value (#3330)Tom Gundersen
The statemachine was unable to parse properties with empty values, reported in [0]. When reaching the start of the KEY, we would unconditionally read one more character before starting to look for the end-of-line. Simply look for the end-of-line from the first character. [0]: <https://bugzilla.redhat.com/show_bug.cgi?id=1338823>
2016-05-23man: explain what list-units does a bit better (#3324)Zbigniew Jędrzejewski-Szmek
https://bugzilla.redhat.com/show_bug.cgi?id=1338584
2016-05-23networkd: networkd: ndisc set SO_BINDTODEVICE on socket (#3294)Susant Sahani
From the issue #2004 we are receiving packet even if this packet is not intended for this interface. This can be reproduced. lp3s0: Updating address: 2001:db8:1:0:7e7a:91ff:fe6d:ffe2/64 (valid for 1d) wlp3s0: Updating address: fe80::7e7a:91ff:fe6d:ffe2/64 (valid forever) NDisc CLIENT: Received RA from non-link-local address ::. Ignoring. NDisc CLIENT: Received RA on wrong interface: 2 != 6. Ignoring. NDisc CLIENT: Received RA on wrong interface: 2 != 3. Ignoring. enp0s25: Updating address: 2001:db8:1:0:2ad2:44ff:fe6a:ae07/64 (valid for 1d) enp0s25: Updating address: fe80::2ad2:44ff:fe6a:ae07/64 (valid forever) NDisc CLIENT: Sent Router Solicitation NDisc CLIENT: Sent Router Solicitation NDisc CLIENT: Sent Router Solicitation NDisc CLIENT: Received RA on wrong interface: 3 != 2. Ignoring. NDisc CLIENT: Received RA on wrong interface: 3 != 6. Ignoring. NDisc CLIENT: Received RA from non-link-local address ::. Ignoring. NDisc CLIENT: Received RA on wrong interface: 2 != 6. Ignoring. NDisc CLIENT: Received RA on wrong interface: 2 != 3. Ignoring. enp0s25: Updating address: 2001:db8:1:0:2ad2:44ff:fe6a:ae07/64 (valid for 1d) enp0s25: Updating address: fe80::2ad2:44ff:fe6a:ae07/64 (valid forever) Add SO_BINDTODEVICE to socket fixes #2004
2016-05-23Mention initrd-root-device.target in NEWS (#3325)Dave Reisner
2016-05-23resolved: don't stop handle messages after receiving a zero length UDP ↵Evgeny Vereshchagin
packet (#3323) Fixes: -bash-4.3# ss --udp -l -p State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 *:5355 *:* users:(("systemd-resolve",pid=601,fd=12)) UNCONN 0 0 :::5355 :::* users:(("systemd-resolve",pid=601,fd=14)) -bash-4.3# nping --udp -p 5355 --data-length 0 -c 1 localhost -bash-4.3# journalctl -u systemd-resolved -b --no-hostname ... May 21 14:59:22 systemd-resolved[601]: Event source llmnr-ipv4-udp (type io) returned error, disabling: Input/output error ... -bash-4.3# nping --udp -p 5355 --data-length 1000 -c 1 localhost -bash-4.3# ss --udp -l State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 2304 0 *:5355 *:* UNCONN 0 0 :::5355 :::*
2016-05-23Merge pull request #3322 from poettering/random-ipv4acd-fixesTom Gundersen
Random ipv4acd fixes
2016-05-22ipv4acd/ipv4ll: stop using read() on SOCK_DGRAM socketsLennart Poettering
This is a follow-up to cf447cb62d01137f4cbd1cd14b83b88823542bbf. Let's generally follow the rule to not use read() on SOCK_DGRAM sockets, let's always use recv() on that. Also, don't abort IPV4ACD logic in case we read a short packet. Simply log and ignore.
2016-05-22sd-ipv4acd: do not define ether_addr_is_nul() redundantlyLennart Poettering
we already have ether_addr_is_null() in ether-addr-util.h, let's use it here, too.
2016-05-22sd-ipv4acd: drop HASH_KEY definition, as it is unusedLennart Poettering
2016-05-22nspawn: remove unreachable return statement (#3320)Zbigniew Jędrzejewski-Szmek
2016-05-21networkd-ndisc: do not return value from void functionsystemd/v230Zbigniew Jędrzejewski-Szmek
Fixup for #3304. Only warn, and not return, because that's what sd_dhcp6_client_start() does right below the call to sd_dhcp6_client_set_local_address().
2016-05-21build-sys: bump so versionZbigniew Jędrzejewski-Szmek
2016-05-21NEWS: final updates for v230Zbigniew Jędrzejewski-Szmek