summaryrefslogtreecommitdiff
path: root/src/shared
AgeCommit message (Collapse)Author
2015-12-26resolved: tighten search for NSEC3 RRs a bitLennart Poettering
Be stricter when searching suitable NSEC3 RRs for proof: generalize the check we use to find suitable NSEC3 RRs, in nsec3_is_good(), and add additional checks, such as checking whether all NSEC3 RRs use the same parameters, have the same suffix and so on.
2015-12-26resolved: properly implement RRSIG validation of wildcarded RRsetsLennart Poettering
Note that this is still not complete, one additional step is still missing: when we verified that a wildcard RRset is properly signed, we still need to do an NSEC/NSEC3 proof that no more specific RRset exists.
2015-12-23Merge pull request #2158 from keszybz/journal-decompressionLennart Poettering
Journal decompression fixes
2015-12-18shared: add dns_name_parent() call to determine parent domain of a domainLennart Poettering
2015-12-13journal: properly handle an unexpectedly missing fieldZbigniew Jędrzejewski-Szmek
parse_field() checks if the field has the expected format, and returns 0 if it doesn't. In that case, value and size are not set. Nevertheless, we would try to continue, and hit an assert in safe_atou64. This case shouldn't happen, unless sd_j_get_data is borked, so cleanly assert that we got the expected field. Also, oom is the only way that parse_field can fail, which we log already. Instead of outputting a debug statement and carrying on, treat oom as fatal.
2015-12-10importd: drop dkr supportLennart Poettering
The current code is not compatible with current dkr protocols anyway, and dkr has a different focus ("microservices") than nspawn anyway ("whole machine containers"), hence drop support for it, we cannot reasonably keep this up to date, and it creates the impression we'd actually care for the microservices usecase.
2015-12-10Merge pull request #2056 from evverx/expose-soft-limits-on-the-busLennart Poettering
Expose soft limits on the bus
2015-12-06shared: include what we useThomas Hindoe Paaboel Andersen
The next step of a general cleanup of our includes. This one mostly adds missing includes but there are a few removals as well.
2015-12-02resolved: add basic DNSSEC supportLennart Poettering
This adds most basic operation for doing DNSSEC validation on the client side. However, it does not actually add the verification logic to the resolver. Specifically, this patch only includes: - Verifying DNSKEY RRs against a DS RRs - Verifying RRSets against a combination of RRSIG and DNSKEY RRs - Matching up RRSIG RRs and DNSKEY RRs - Matching up RR keys and RRSIG RRs - Calculating the DNSSEC key tag from a DNSKEY RR All currently used DNSSEC combinations of SHA and RSA are implemented. Support for MD5 hashing and DSA or EC cyphers are not. MD5 and DSA are probably obsolete, and shouldn't be added. EC should probably be added eventually, if it actually is deployed on the Internet.
2015-12-02util-lib: update dns_name_to_wire_format() to optionally generate DNSSEC ↵Lennart Poettering
canonical names We'll need this later when putting together RR serializations to checksum.
2015-11-30core: expose soft limits on the busEvgeny Vereshchagin
This is a follow-up for https://github.com/systemd/systemd/pull/1994 See https://github.com/systemd/systemd/pull/1994#issuecomment-160087219
2015-11-30dns-domain: change error codes when dealing with too short buffers to ENOBUFSLennart Poettering
Some calls used ENOBUFS to indicate too-short result buffers, others used ENOSPC. Let's unify this on ENOBUFS.
2015-11-30dns-domain: check resulting domain name length in dns_name_to_wire_format()Lennart Poettering
Let's better be safe than sorry.
2015-11-30dns-domain: make sure dns_name_to_wire_format() may properly encode the root ↵Lennart Poettering
domain The root domain consists of zero labels, and we should be able to encode that.
2015-11-30dns-domain: don't accept overly long hostnamesLennart Poettering
Make sure dns_name_normalize(), dns_name_concat(), dns_name_is_valid() do not accept/generate invalidly long hostnames, i.e. longer than 253 characters.
2015-11-30dns-domain: be more strict when encoding/decoding labelsLennart Poettering
Labels of zero length are not OK, refuse them early on. The concept of a "zero-length label" doesn't exist, a zero-length full domain name however does (representing the root domain). See RFC 2181, Section 11.
2015-11-30Merge pull request #2053 from poettering/selinux-fixDavid Herrmann
Two unrelated fixes
2015-11-30Merge pull request #2063 from keszybz/issue-1977-2Lennart Poettering
journal: clean up permission setting and acl adjustements on user journals
2015-11-29tree-wide: remove unused variablesThomas Hindoe Paaboel Andersen
2015-11-28acl-util: only set the mask if not presentZbigniew Jędrzejewski-Szmek
When we have non-owner user or group entries, we need the mask for the acl to be valid. But acl_calc_mask() calculates the mask to include all permissions, even those that were masked before. Apparently this happens when we inherit *:r-x permissions from a parent directory — the kernel sets *:r-x, mask:r--, effectively masking the executable bit. acl_calc_mask() would set the mask:r-x, effectively enabling the bit. To avoid this, be more conservative when to add the mask entry: first iterate over all entries, and do nothing if a mask. This returns the code closer to J.A.Steffens' original version in v204-90-g23ad4dd884. Should fix https://github.com/systemd/systemd/issues/1977.
2015-11-27journal: move the gist of server_fix_perms to acl-util.[hc]Zbigniew Jędrzejewski-Szmek
Most of the function is moved to acl-util.c to make it possible to add tests in subsequent commit. Setting of the mode in server_fix_perms is removed: - we either just created the file ourselves, and the permission be better right, - or the file was already there, and we should not modify the permissions. server_fix_perms is renamed to server_fix_acls to better reflect new meaning, and made static because it is only used in one file.
2015-11-27selinux: split up mac_selinux_have() from mac_selinux_use()Lennart Poettering
Let's distuingish the cases where our code takes an active role in selinux management, or just passively reports whatever selinux properties are set. mac_selinux_have() now checks whether selinux is around for the passive stuff, and mac_selinux_use() for the active stuff. The latter checks the former, plus also checks UID == 0, under the assumption that only when we run priviliged selinux management really makes sense. Fixes: #1941
2015-11-27util-lib: move nss-util.h from shared/ to basic/Lennart Poettering
The header file defines some helpers for GLIBC NSS and doesn't include anything else but glibc headers, hence there's little reason to keep it in shared/. See: #2008
2015-11-27tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easyLennart Poettering
GLIB has recently started to officially support the gcc cleanup attribute in its public API, hence let's do the same for our APIs. With this patch we'll define an xyz_unrefp() call for each public xyz_unref() call, to make it easy to use inside a __attribute__((cleanup())) expression. Then, all code is ported over to make use of this. The new calls are also documented in the man pages, with examples how to use them (well, I only added docs where the _unref() call itself already had docs, and the examples, only cover sd_bus_unrefp() and sd_event_unrefp()). This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we tend to call our destructors these days. Note that this defines no public macro that wraps gcc's attribute and makes it easier to use. While I think it's our duty in the library to make our stuff easy to use, I figure it's not our duty to make gcc's own features easy to use on its own. Most likely, client code which wants to make use of this should define its own: #define _cleanup_(function) __attribute__((cleanup(function))) Or similar, to make the gcc feature easier to use. Making this logic public has the benefit that we can remove three header files whose only purpose was to define these functions internally. See #2008.
2015-11-27Merge pull request #2040 from keszybz/randomized-delayLennart Poettering
core: rename Random* to RandomizedDelay*
2015-11-26core: rename Random* to RandomizedDelay*Zbigniew Jędrzejewski-Szmek
The name RandomSec is too generic: "Sec" just specifies the default unit type, and "Random" by itself is not enough. Rename to something that should give the user general idea what the setting does without looking at documentation.
2015-11-25dns-domain: rework dns_label_escape() to not imply memory allocationLennart Poettering
The new dns_label_escape() call now operates on a buffer passed in, similar to dns_label_unescape(). This should make decoding a bit faster, and nicer.
2015-11-25dns-domain: change dns_srv_type_is_valid() return value to boolLennart Poettering
For similar reasons as dns_name_is_root() got changed in the previous commit.
2015-11-25dns-domain: simplify dns_name_is_root() and dns_name_is_single_label()Lennart Poettering
Let's change the return value to bool. If we encounter an error while parsing, return "false" instead of the actual parsing error, after all the specified hostname does not qualify for what the function is supposed to test. Dealing with the additional error codes was always cumbersome, and easily misused, like for example in the DHCP code. Let's also rename the functions from dns_name_root() to dns_name_is_root(), to indicate that this function checks something and returns a bool. Similar for dns_name_is_signal_label().
2015-11-25dns-domain: remove prototype for function that doesn't existLennart Poettering
2015-11-24resolved: implement client-side DNAME resolutionLennart Poettering
Most servers apparently always implicitly convert DNAME to CNAME, but some servers don't, hence implement this properly, as this is required by edns0.
2015-11-23dns-domain: add calls to join/split SRV/DNS-SD service domainsLennart Poettering
This adds dns_service_join() and dns_service_split() which may be used to concatenate a DNS-SD service name, am SRV service type string, and a domain name into a full resolvable DNS domain name string. If the service name is specified as NULL, only the type and domain are appended, to implement classic, non-DNS-SD SRV lookups. The reverse is dns_service_split() which takes the full name, and split it into the three components again.
2015-11-23dns-domain: add code for verifying validity of DNS-SD service names and typesLennart Poettering
2015-11-19Merge pull request #1947 from phomes/sort-includes2Lennart Poettering
tree-wide: sort includes in *.h
2015-11-19Merge pull request #1931 from bengal/dhcp-fqdn-v2Tom Gundersen
libsystemd-network: add support for "Client FQDN" DHCP option (v2)
2015-11-18tree-wide: sort includes in *.hThomas Hindoe Paaboel Andersen
This is a continuation of the previous include sort patch, which only sorted for .c files.
2015-11-18core: add new RandomSec= setting for time unitsLennart Poettering
This allows configuration of a random time on top of the elapse events, in order to spread time events in a network evenly across a range.
2015-11-18bus-util: make sure --property=RemainAfterElapse=1 worksLennart Poettering
2015-11-18bus-util: add in forgotten error messagesLennart Poettering
2015-11-17dns-domain: add dns_name_to_wire_format()Beniamino Galvani
The function converts a domain name string to the wire format described in RFC 1035 Section 3.1.
2015-11-16tree-wide: sort includesThomas Hindoe Paaboel Andersen
Sort the includes accoding to the new coding style.
2015-11-15install: don't mix state and type enumsThomas Hindoe Paaboel Andersen
from 0ec0deaa
2015-11-13Merge pull request #1869 from poettering/kill-overridableMichal Schmidt
Remove support for RequiresOverridable= and RequisiteOverridable=
2015-11-12generator: order initrd fsck-root after local-fs-preMichael Marineau
The initrd version of systemd-fsck-root.service must wait for local-fs-pre.target just like systemd-fsck@.service to prevent modifications to the filesystem prior to resuming from hibernation. As-is my laptop routinely fails to resume due to fsck errors. The rest of the time it is probably silently corrupting the filesystem. Unlike normal boot, in the initrd systemd-fsck-root.service has no special significance so it needs to be kept in sync with systemd-fsck@.service. The name systemd-fsck-root.service is only used to preserve state across switch-root.
2015-11-12core: remove support for RequiresOverridable= and RequisiteOverridable=Lennart Poettering
As discussed at systemd.conf 2015 and on also raised on the ML: http://lists.freedesktop.org/archives/systemd-devel/2015-November/034880.html This removes the two XyzOverridable= unit dependencies, that were basically never used, and do not enhance user experience in any way. Most folks looking for the functionality this provides probably opt for the "ignore-dependencies" job mode, and that's probably a good idea. Hence, let's simplify systemd's dependency engine and remove these two dependency types (and their inverses). The unit file parser and the dbus property parser will now redirect the settings/properties to result in an equivalent non-overridable dependency. In the case of the unit file parser we generate a warning, to inform the user. The dbus properties for this unit type stay available on the unit objects, but they are now hidden from usual introspection and will always return the empty list when queried. This should provide enough compatibility for the few unit files that actually ever made use of this.
2015-11-12core: simplify handling of %u, %U, %s and %h unit file specifiersLennart Poettering
Previously, the %u, %U, %s and %h specifiers would resolve to the user name, numeric user ID, shell and home directory of the user configured in the User= setting of a unit file, or the user of the manager instance if no User= setting was configured. That at least was the theory. In real-life this was not ever actually useful: - For the systemd --user instance it made no sense to ever set User=, since the instance runs in user context after all, and hence the privileges to change user IDs don't even exist. The four specifiers were actually not useful at all in this case. - For the systemd --system instance we did not allow any resolving that would require NSS. Hence, %s and %h were not supported, unless User=root was set, in which case they would be hardcoded to /bin/sh and /root, to avoid NSS. Then, %u would actually resolve to whatever was set with User=, but %U would only resolve to the numeric UID of that setting if the User= was specified in numeric form, or happened to be root (in which case 0 was hardcoded as mapping). Two of the specifiers are entirely useless in this case, one is realistically also useless, and one is pretty pointless. - Resolving of these settings would only happen if User= was actually set *before* the specifiers where resolved. This behaviour was undocumented and is really ugly, as specifiers should actually be considered something that applies to the whole file equally, independently of order... With this change, %u, %U, %s and %h are drastically simplified: they now always refer to the user that is running the service instance, and the user configured in the unit file is irrelevant. For the system instance of systemd this means they always resolve to "root", "0", "/bin/sh" and "/root", thus avoiding NSS. For the user instance, to the data for the specific user. The new behaviour is identical to the old behaviour in all --user cases and for all units that have no User= set (or set to "0" or "root").
2015-11-12install: follow unit file symlinks in /usr, but not /etc when looking for ↵Lennart Poettering
[Install] data Some distributions use alias unit files via symlinks in /usr to cover for legacy service names. With this change we'll allow "systemctl enable" on such aliases. Previously, our rule was that symlinks are user configuration that "systemctl enable" + "systemctl disable" creates and removes, while unit files is where the instructions to do so are store. As a result of the rule we'd never read install information through symlinks, since that would mix enablement state with installation instructions. Now, the new rule is that only symlinks inside of /etc are configuration. Unit files, and symlinks in /usr are now valid for installation instructions. This patch is quite a rework of the whole install logic, and makes the following addional changes: - Adds a complete test "test-instal-root" that tests the install logic pretty comprehensively. - Never uses canonicalize_file_name(), because that's incompatible with operation relative to a specific root directory. - unit_file_get_state() is reworked to return a proper error, and returns the state in a call-by-ref parameter. This cleans up confusion between the enum type and errno-like errors. - The new logic puts a limit on how long to follow unit file symlinks: it will do so only for 64 steps at max. - The InstallContext object's fields are renamed to will_process and has_processed (will_install and has_installed) since they are also used for deinstallation and all kinds of other operations. - The root directory is always verified before use. - install.c is reordered to place the exported functions together. - Stricter rules are followed when traversing symlinks: the unit suffix must say identical, and it's not allowed to link between regular units and templated units. - Various modernizations - The "invalid" unit file state has been renamed to "bad", in order to avoid confusion between UNIT_FILE_INVALID and _UNIT_FILE_STATE_INVALID. Given that the state should normally not be seen and is not documented this should not be a problematic change. The new name is now documented however. Fixes #1375, #1718, #1706
2015-11-12install: never log from install functionsLennart Poettering
Instead, let the caller do that. Fix this by moving masked unit messages into the caller, by returning a clear error code (ESHUTDOWN) by which this may be detected.
2015-11-12install: various simplificationsLennart Poettering
2015-11-11execute: Add new PassEnvironment= directiveFilipe Brandenburger
This directive allows passing environment variables from the system manager to spawned services. Variables in the system manager can be set inside a container by passing `--set-env=...` options to systemd-spawn. Tested with an on-disk test.service unit. Tested using multiple variable names on a single line, with an empty setting to clear the current list of variables, with non-existing variables. Tested using `systemd-run -p PassEnvironment=VARNAME` to confirm it works with transient units. Confirmed that `systemctl show` will display the PassEnvironment settings. Checked that man pages are generated correctly. No regressions in `make check`.