summaryrefslogtreecommitdiff
path: root/src/libsystemd
AgeCommit message (Collapse)Author
2016-01-04resolved: explicitly handle case when the trust anchor is emptyLennart Poettering
Since we honour RFC5011 revoked keys it might happen we end up with an empty trust anchor, or one where there's no entry for the root left. With this patch the logic is changed what to do in this case. Before this patch we'd end up requesting the root DS, which returns with NODATA but a signed NSEC we cannot verify, since the trust anchor is empty after all. Thus we'd return a DNSSEC result of "missing-key", as we lack a verified version of the key. With this patch in place, look-ups for the root DS are explicitly recognized, and not passed on to the DNS servers. Instead, if downgrade-ok mode is on an unsigned NODATA response is synthesized, so that the validator code continues under the assumption the root zone was unsigned. If downgrade-ok mode is off a new transaction failure is generated, that makes this case recognizable.
2016-01-04resolved: introduce a proper bus error for DNSSEC validation errorsLennart Poettering
2016-01-01Merge pull request #2241 from poettering/dnssec9Tom Gundersen
Ninth DNSSEC patch set
2015-12-29resolved: properly handle SRV RRs with the DNS root as hostnameLennart Poettering
2015-12-29resolved: add errno mapping for BUS_ERROR_CONNECTION_FAILURELennart Poettering
This was missing when the error type was added in ac720200b7e5b80cc4985087e38f3452e5b3b080.
2015-12-29resolved: change mapping of BUS_ERROR_NO_NAME_SERVERS to ESRCHLennart Poettering
EIO is really too generic, and indicates transmission problems.
2015-12-29tests: fix memory leak in test-bus-marshalEvgeny Vereshchagin
Fixes: ``` $ ./configure ... --enable-dbus $ make $ make valgrind-tests TESTS=test-bus-marshal ... ==25301== 51 bytes in 1 blocks are definitely lost in loss record 7 of 18 ==25301== at 0x4C2DD9F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==25301== by 0x5496B8C: ??? (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.3) ==25301== by 0x54973E3: _dbus_string_append_printf_valist (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.3) ==25301== by 0x547E5C2: _dbus_set_error_valist (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.3) ==25301== by 0x547E73E: dbus_set_error (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.3) ==25301== by 0x548969A: dbus_message_demarshal (in /lib/x86_64-linux-gnu/libdbus-1.so.3.14.3) ==25301== by 0x115C1A: main (test-bus-marshal.c:244) ==25301== ```
2015-12-26resolved: generate an explicit transaction error when we cannot reach server ↵Lennart Poettering
via TCP Previously, if we couldn't reach a server via UDP we'd generate an MAX_ATTEMPTS transaction result, but if we couldn't reach it via TCP we'd generate a RESOURCES transaction result. While it is OK to generate two different errors I think, "RESOURCES" is certainly a misnomer. Introduce a new transaction result "CONNECTION_FAILURE" instead.
2015-12-21sd-event: improve debugging of event source errorsDaniel Mack
Printing the pointer variable really doesn't help, so drop that. Instead, add a string lookup table for the EventSourceType enum, and print the type of event source in case of errors.
2015-12-02tests: turn check if manager cannot be intialized into macroZbigniew Jędrzejewski-Szmek
We need to check the same thing in multiple tests. Use a shared macro to make it easier to update the list of errnos. Change the errno code for "unitialized cgroup fs" for ENOMEDIUM. Exec format error looks like something more serious. This fixes test-execute invocation in mock.
2015-11-27selinux: split up mac_selinux_have() from mac_selinux_use()Lennart Poettering
Let's distuingish the cases where our code takes an active role in selinux management, or just passively reports whatever selinux properties are set. mac_selinux_have() now checks whether selinux is around for the passive stuff, and mac_selinux_use() for the active stuff. The latter checks the former, plus also checks UID == 0, under the assumption that only when we run priviliged selinux management really makes sense. Fixes: #1941
2015-11-27tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easyLennart Poettering
GLIB has recently started to officially support the gcc cleanup attribute in its public API, hence let's do the same for our APIs. With this patch we'll define an xyz_unrefp() call for each public xyz_unref() call, to make it easy to use inside a __attribute__((cleanup())) expression. Then, all code is ported over to make use of this. The new calls are also documented in the man pages, with examples how to use them (well, I only added docs where the _unref() call itself already had docs, and the examples, only cover sd_bus_unrefp() and sd_event_unrefp()). This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we tend to call our destructors these days. Note that this defines no public macro that wraps gcc's attribute and makes it easier to use. While I think it's our duty in the library to make our stuff easy to use, I figure it's not our duty to make gcc's own features easy to use on its own. Most likely, client code which wants to make use of this should define its own: #define _cleanup_(function) __attribute__((cleanup(function))) Or similar, to make the gcc feature easier to use. Making this logic public has the benefit that we can remove three header files whose only purpose was to define these functions internally. See #2008.
2015-11-23tests: add sd_event_now to test_basicEvgeny Vereshchagin
2015-11-22tests: add missing sd_event_add_post to test_basicEvgeny Vereshchagin
2015-11-22tests: check exit handler invocationEvgeny Vereshchagin
2015-11-22sd-event: use prioq_ensure_allocated where possibleEvgeny Vereshchagin
2015-11-19sd-event: define a new PREPARING stateLennart Poettering
We already have a state RUNNING and EXITING when we dispatch regular and exit callbacks. Let's introduce a new state called PREPARING that is active while we invoke preparation callbacks. This way we have a state each for all three kinds of event handlers. The states are currently not documented, hence let's add a new state to the end, before we start documenting this.
2015-11-19sd-event: make _ref() calls NOPs when NULL is passed to themLennart Poettering
Let's make _ref() calls happy when NULL is passed to them, and simply return NULL without any assertion logic. This makes them nicely symmetric to the _unref() calls which also are happy to take NULL and become NOPs then.
2015-11-18tree-wide: sort includes in *.hThomas Hindoe Paaboel Andersen
This is a continuation of the previous include sort patch, which only sorted for .c files.
2015-11-17tree-wide: use right cast macros for UIDs, GIDs and PIDsLennart Poettering
2015-11-17Merge pull request #1923 from zonque/siphashLennart Poettering
siphash24: let siphash24_finalize() and siphash24() return the result…
2015-11-16siphash24: let siphash24_finalize() and siphash24() return the result directlyDaniel Mack
Rather than passing a pointer to return the result, return it directly from the function calls. Also, return the result in native endianess, and let the callers care about the conversion. For hash tables and bloom filters, we don't care, but in order to keep MAC addresses and DHCP client IDs stable, we explicitly convert to LE.
2015-11-16tree-wide: sort includesThomas Hindoe Paaboel Andersen
Sort the includes accoding to the new coding style.
2015-11-16tree-wide: add missing includesThomas Hindoe Paaboel Andersen
Add a few includes that we rely on to be include already.
2015-11-16siphash24: change result argument to uint64_tMartin Pitt
Change the "out" parameter from uint8_t[8] to uint64_t. On architectures which enforce pointer alignment this fixes crashes when we previously cast an unaligned array to uint64_t*, and on others this should at least improve performance as the compiler now aligns these properly. This also simplifies the code in most cases by getting rid of typecasts. The only place which we can't change is struct duid's en.id, as that is _packed_ and public API, so we can't enforce alignment of the "id" field and have to use memcpy instead.
2015-11-11sd-netlink: add support for RTA_PREFTom Gundersen
2015-11-11sd-netlink: types - let tables be sized implicitlyTom Gundersen
This way we do not rely on the size MAX* constants from the kernel headers, as these will be out-of-sync in case we have old headers and new defines in missing.h.
2015-11-11sd-netlink: add sd_rtnl_message_route_{s,g}et_flags()Tom Gundersen
2015-11-11sd-bus: don't try to acquire connection selinux label unless selinux is ↵Lennart Poettering
actually enabled Otherwise we might end up mistaking a SMACK label for an selinux label. Also, fixes unexpect debug messages: http://lists.freedesktop.org/archives/systemd-devel/2015-November/034913.html
2015-11-09Merge pull request #1820 from michich/errno-v2Daniel Mack
[v2] treewide: treatment of errno and other cleanups
2015-11-06doc: correct punctuation and improve typography in documentationJan Engelhardt
2015-11-05sd-resolve: simplify pthread_join() callMichal Schmidt
POSIX says: The pthread_join() function shall not return an error code of [EINTR].
2015-11-04Merge pull request #1768 from vcaputo/sd-daemon-listen-fds-overflow-bisLennart Poettering
sd-daemon: fix potential LISTEN_FDS overflow in sd_listen_fds()
2015-11-03sd-daemon: fix potential LISTEN_FDS overflow in sd_listen_fds()Vito Caputo
2015-11-03sd-daemon: explicitly filter out -1 when parsing watchdog timeoutLennart Poettering
We already filter out 0, and as -1 is usually special (meaning infinity, as in USEC_INFINITY) we should better not accept it either. Better safe than sorry...
2015-11-03parse-util: introduce parse_ifindex() and make use of it everywhereLennart Poettering
We have enough places where we parse an ifindex, hence introduce a proper parsing function for it, that verifies all parameters.
2015-11-01sd-daemon: verify NOTIFY_SOCKET path lengthLennart Poettering
Better generate a real error then simply connect to the wrong socket.
2015-10-31sd-daemon: increase sd_notify() socket buffer sizeLennart Poettering
Let's make sure we don't start blocking on sd_notify() earlier than necessary, let's bump the socket buffer sizes to 8M. We already do something similar for our logging socket buffers, hence apply a similar bump here.
2015-10-27util-lib: move inotify-related definitions to fs-util.[ch]Lennart Poettering
2015-10-27util-lib: split out allocation calls into alloc-util.[ch]Lennart Poettering
2015-10-27util-lib: split out printf() helpers to stdio-util.hLennart Poettering
2015-10-27io-util.h: move iovec stuff from macro.h to io-util.hLennart Poettering
2015-10-27user-util: move UID/GID related macros from macro.h to user-util.hLennart Poettering
2015-10-27src/basic: rename audit.[ch] → audit-util.[ch] and capability.[ch] → ↵Lennart Poettering
capability-util.[ch] The files are named too generically, so that they might conflict with the upstream project headers. Hence, let's add a "-util" suffix, to clarify that this are just our utility headers and not any official upstream headers.
2015-10-27util-lib: move more locale-related calls to locale-util.[ch]Lennart Poettering
2015-10-27util-lib: move string table stuff into its own string-table.[ch]Lennart Poettering
2015-10-27util-lib: split stat()/statfs()/stavfs() related calls into stat-util.[ch]Lennart Poettering
2015-10-27util-lib: move a number of fs operations into fs-util.[ch]Lennart Poettering
2015-10-27util-lib: introduce dirent-util.[ch] for directory entry callsLennart Poettering
Also, move a couple of more path-related functions to path-util.c.
2015-10-27util: move filename_is_valid() and path_is_safe() to path-util.[ch]Lennart Poettering