summaryrefslogtreecommitdiff
path: root/src/test
AgeCommit message (Collapse)Author
2015-12-28shared: relax restrictions on valid domain name characters a bitLennart Poettering
Previously, we'd not allow control characters to be embedded in domain names, even when escaped. Since cloudflare uses \000 however to implement its synthethic minimally covering NSEC RRs, we should allow them, as long as they are properly escaped.
2015-12-27shared: fix handling of suffix "." in dns_name_compare_func()Lennart Poettering
All our other domain name handling functions make no destinction between domain names that end in a dot plus a NUL, or those just ending in a NUL. Make sure dns_name_compare_func() and dns_label_unescape_suffix() do the same.
2015-12-26resolved: tighten search for NSEC3 RRs a bitLennart Poettering
Be stricter when searching suitable NSEC3 RRs for proof: generalize the check we use to find suitable NSEC3 RRs, in nsec3_is_good(), and add additional checks, such as checking whether all NSEC3 RRs use the same parameters, have the same suffix and so on.
2015-12-26resolved: properly implement RRSIG validation of wildcarded RRsetsLennart Poettering
Note that this is still not complete, one additional step is still missing: when we verified that a wildcard RRset is properly signed, we still need to do an NSEC/NSEC3 proof that no more specific RRset exists.
2015-12-08Merge pull request #2115 from dvdhrm/rbtreeTom Gundersen
basic: add RB-Tree implementation
2015-12-07basic: add RB-Tree implementationDavid Herrmann
This adds an self-standing RB-Tree implementation to src/basic/. This will be needed for NSEC RR lookups, since we need "close lookups", which hashmaps (not even ordered-hashmaps) can give us in reasonable time.
2015-12-07tests: add test-rlimit-utilEvgeny Vereshchagin
2015-12-02util-lib: update dns_name_to_wire_format() to optionally generate DNSSEC ↵Lennart Poettering
canonical names We'll need this later when putting together RR serializations to checksum.
2015-12-02Merge pull request #2073 from poettering/dns-label-fixesLennart Poettering
Dns label fixes + unrelated selinux clean-up
2015-12-02tests: fix newlines in skip messageZbigniew Jędrzejewski-Szmek
2015-12-02tests: turn check if manager cannot be intialized into macroZbigniew Jędrzejewski-Szmek
We need to check the same thing in multiple tests. Use a shared macro to make it easier to update the list of errnos. Change the errno code for "unitialized cgroup fs" for ENOMEDIUM. Exec format error looks like something more serious. This fixes test-execute invocation in mock.
2015-12-01Merge pull request #2074 from keszybz/test-acl-util-fixTom Gundersen
test-acl-util: fix two issues from review
2015-11-30test-acl-util: fix two issues from reviewZbigniew Jędrzejewski-Szmek
https://github.com/systemd/systemd/pull/2063
2015-11-30dns-domain: change error codes when dealing with too short buffers to ENOBUFSLennart Poettering
Some calls used ENOBUFS to indicate too-short result buffers, others used ENOSPC. Let's unify this on ENOBUFS.
2015-11-30dns-domain: check resulting domain name length in dns_name_to_wire_format()Lennart Poettering
Let's better be safe than sorry.
2015-11-30dns-domain: make sure dns_name_to_wire_format() may properly encode the root ↵Lennart Poettering
domain The root domain consists of zero labels, and we should be able to encode that.
2015-11-30dns-domain: don't accept overly long hostnamesLennart Poettering
Make sure dns_name_normalize(), dns_name_concat(), dns_name_is_valid() do not accept/generate invalidly long hostnames, i.e. longer than 253 characters.
2015-11-30dns-domain: be more strict when encoding/decoding labelsLennart Poettering
Labels of zero length are not OK, refuse them early on. The concept of a "zero-length label" doesn't exist, a zero-length full domain name however does (representing the root domain). See RFC 2181, Section 11.
2015-11-30Merge pull request #2053 from poettering/selinux-fixDavid Herrmann
Two unrelated fixes
2015-11-28test-acl-util: add new testZbigniew Jędrzejewski-Szmek
For now, only add_acls_for_user is tested. When run under root, it actually sets the acls. When run under non-root, it sets the acls for the user, which does nothing, but at least calls the functions.
2015-11-27selinux: split up mac_selinux_have() from mac_selinux_use()Lennart Poettering
Let's distuingish the cases where our code takes an active role in selinux management, or just passively reports whatever selinux properties are set. mac_selinux_have() now checks whether selinux is around for the passive stuff, and mac_selinux_use() for the active stuff. The latter checks the former, plus also checks UID == 0, under the assumption that only when we run priviliged selinux management really makes sense. Fixes: #1941
2015-11-27tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easyLennart Poettering
GLIB has recently started to officially support the gcc cleanup attribute in its public API, hence let's do the same for our APIs. With this patch we'll define an xyz_unrefp() call for each public xyz_unref() call, to make it easy to use inside a __attribute__((cleanup())) expression. Then, all code is ported over to make use of this. The new calls are also documented in the man pages, with examples how to use them (well, I only added docs where the _unref() call itself already had docs, and the examples, only cover sd_bus_unrefp() and sd_event_unrefp()). This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we tend to call our destructors these days. Note that this defines no public macro that wraps gcc's attribute and makes it easier to use. While I think it's our duty in the library to make our stuff easy to use, I figure it's not our duty to make gcc's own features easy to use on its own. Most likely, client code which wants to make use of this should define its own: #define _cleanup_(function) __attribute__((cleanup(function))) Or similar, to make the gcc feature easier to use. Making this logic public has the benefit that we can remove three header files whose only purpose was to define these functions internally. See #2008.
2015-11-27core: fix rlimit parsingEvgeny Vereshchagin
* refuse limits if soft > hard * print an actual value instead of (null) see https://github.com/systemd/systemd/pull/1994#issuecomment-159999123
2015-11-26Merge pull request #2031 from poettering/resolved-search-domainsTom Gundersen
resolved. Fully implement search domains for single-label names
2015-11-26Merge pull request #1994 from karelzak/rlimitsLennart Poettering
core: support <soft:hard> ranges for RLIMIT options
2015-11-25dns-domain: rework dns_label_escape() to not imply memory allocationLennart Poettering
The new dns_label_escape() call now operates on a buffer passed in, similar to dns_label_unescape(). This should make decoding a bit faster, and nicer.
2015-11-25dns-domain: change dns_srv_type_is_valid() return value to boolLennart Poettering
For similar reasons as dns_name_is_root() got changed in the previous commit.
2015-11-25dns-domain: simplify dns_name_is_root() and dns_name_is_single_label()Lennart Poettering
Let's change the return value to bool. If we encounter an error while parsing, return "false" instead of the actual parsing error, after all the specified hostname does not qualify for what the function is supposed to test. Dealing with the additional error codes was always cumbersome, and easily misused, like for example in the DHCP code. Let's also rename the functions from dns_name_root() to dns_name_is_root(), to indicate that this function checks something and returns a bool. Similar for dns_name_is_signal_label().
2015-11-25core: support <soft:hard> ranges for RLIMIT optionsKarel Zak
The new parser supports: <value> - specify both limits to the same value <soft:hard> - specify both limits the size or time specific suffixes are supported, for example LimitRTTIME=1sec LimitAS=4G:16G The patch introduces parse_rlimit_range() and rlim type (size, sec, usec, etc.) specific parsers. No code is duplicated now. The patch also sync docs for DefaultLimitXXX= and LimitXXX=. References: https://github.com/systemd/systemd/issues/1769
2015-11-24resolved: implement client-side DNAME resolutionLennart Poettering
Most servers apparently always implicitly convert DNAME to CNAME, but some servers don't, hence implement this properly, as this is required by edns0.
2015-11-23dns-domain: add calls to join/split SRV/DNS-SD service domainsLennart Poettering
This adds dns_service_join() and dns_service_split() which may be used to concatenate a DNS-SD service name, am SRV service type string, and a domain name into a full resolvable DNS domain name string. If the service name is specified as NULL, only the type and domain are appended, to implement classic, non-DNS-SD SRV lookups. The reverse is dns_service_split() which takes the full name, and split it into the three components again.
2015-11-23dns-domain: add code for verifying validity of DNS-SD service names and typesLennart Poettering
2015-11-19test: remove wrong endianess conversion in test-siphash24Martin Pitt
Commit 933f9caee changed the returned result of siphash24_finalize() from little-endian to native. Follow suit in test-siphash24 and drop the endianess conversion there as well, so that this succeeds on big-endian machines again. Fixes #1946.
2015-11-19Merge pull request #1931 from bengal/dhcp-fqdn-v2Tom Gundersen
libsystemd-network: add support for "Client FQDN" DHCP option (v2)
2015-11-17test: calendarspec sub-second testsHristo Venev
2015-11-17dns-domain: add dns_name_to_wire_format()Beniamino Galvani
The function converts a domain name string to the wire format described in RFC 1035 Section 3.1.
2015-11-17tree-wide: group include of libudev.h with sd-*Thomas Hindoe Paaboel Andersen
2015-11-17Merge pull request #1923 from zonque/siphashLennart Poettering
siphash24: let siphash24_finalize() and siphash24() return the result…
2015-11-16siphash24: let siphash24_finalize() and siphash24() return the result directlyDaniel Mack
Rather than passing a pointer to return the result, return it directly from the function calls. Also, return the result in native endianess, and let the callers care about the conversion. For hash tables and bloom filters, we don't care, but in order to keep MAC addresses and DHCP client IDs stable, we explicitly convert to LE.
2015-11-16tree-wide: sort includesThomas Hindoe Paaboel Andersen
Sort the includes accoding to the new coding style.
2015-11-16siphash42: add tests with unaligned input pointersMartin Pitt
Add test case for calling siphash24 with unaligned input pointers, as we commonly get with calling it on the result on basename() or similar. This provides a test for PR #1916, rescued from the superseded PR #1911. Thanks to Steve Langasek for the test!
2015-11-16Merge pull request #1916 from zonque/alignTom Gundersen
siphash: alignment
2015-11-16siphash24: change result argument to uint64_tMartin Pitt
Change the "out" parameter from uint8_t[8] to uint64_t. On architectures which enforce pointer alignment this fixes crashes when we previously cast an unaligned array to uint64_t*, and on others this should at least improve performance as the compiler now aligns these properly. This also simplifies the code in most cases by getting rid of typecasts. The only place which we can't change is struct duid's en.id, as that is _packed_ and public API, so we can't enforce alignment of the "id" field and have to use memcpy instead.
2015-11-16basic: add unaligned macros for little endianDaniel Mack
Also add test code for that.
2015-11-16core: enable TasksMax= for all services by default, and set it to 512Lennart Poettering
Also, enable TasksAccounting= for all services by default, too. See: http://lists.freedesktop.org/archives/systemd-devel/2015-November/035006.html
2015-11-13Merge pull request #1879 from poettering/networkd-forwardTom Gundersen
stop managing per-interface IP forwarding settings
2015-11-13Merge pull request #1869 from poettering/kill-overridableMichal Schmidt
Remove support for RequiresOverridable= and RequisiteOverridable=
2015-11-13util-lib: optionally, when writing a string to a file, verify string on failureLennart Poettering
With this change, the idiom: r = write_string_file(p, buf, 0); if (r < 0) { if (verify_one_line_file(p, buf) > 0) r = 0; } gets reduced to: r = write_string_file(p, buf, WRITE_STRING_FILE_VERIFY_ON_FAILURE); i.e. when writing the string fails and the new flag WRITE_STRING_FILE_VERIFY_ON_FAILURE is specified we'll not return a failure immediately, but check the contents of the file. If it matches what we wanted to write we suppress the error and exit cleanly.
2015-11-12core: drop "override" flag when building transactionsLennart Poettering
Now that we don't have RequiresOverridable= and RequisiteOverridable= dependencies anymore, we can get rid of tracking the "override" boolean for jobs in the job engine, as it serves no purpose anymore. While we are at it, fix some error messages we print when invoking functions that take the override parameter.
2015-11-12core: simplify handling of %u, %U, %s and %h unit file specifiersLennart Poettering
Previously, the %u, %U, %s and %h specifiers would resolve to the user name, numeric user ID, shell and home directory of the user configured in the User= setting of a unit file, or the user of the manager instance if no User= setting was configured. That at least was the theory. In real-life this was not ever actually useful: - For the systemd --user instance it made no sense to ever set User=, since the instance runs in user context after all, and hence the privileges to change user IDs don't even exist. The four specifiers were actually not useful at all in this case. - For the systemd --system instance we did not allow any resolving that would require NSS. Hence, %s and %h were not supported, unless User=root was set, in which case they would be hardcoded to /bin/sh and /root, to avoid NSS. Then, %u would actually resolve to whatever was set with User=, but %U would only resolve to the numeric UID of that setting if the User= was specified in numeric form, or happened to be root (in which case 0 was hardcoded as mapping). Two of the specifiers are entirely useless in this case, one is realistically also useless, and one is pretty pointless. - Resolving of these settings would only happen if User= was actually set *before* the specifiers where resolved. This behaviour was undocumented and is really ugly, as specifiers should actually be considered something that applies to the whole file equally, independently of order... With this change, %u, %U, %s and %h are drastically simplified: they now always refer to the user that is running the service instance, and the user configured in the unit file is irrelevant. For the system instance of systemd this means they always resolve to "root", "0", "/bin/sh" and "/root", thus avoiding NSS. For the user instance, to the data for the specific user. The new behaviour is identical to the old behaviour in all --user cases and for all units that have no User= set (or set to "0" or "root").