summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-12-13journal: add dst_allocated_size parameter for compress_blobZbigniew Jędrzejewski-Szmek
compress_blob took src, src_size, dst and *dst_size, but dst_size wasn't used as an input parameter with the size of dst, but only as an output parameter. dst was implicitly assumed to be at least src_size-1. This code wasn't *wrong*, because the only real caller in journal-file.c got it right. But it was misleading, and the tests in test-compress.c got it wrong, and worked only because the output buffer happened to be the same size as input buffer. So add a seperate dst_allocated_size parameter to make it explicit what the size of the buffer is, and to allow test to proceed with different output buffer sizes.
2015-12-13journal: in some cases we have to decompress the full lz4 fieldZbigniew Jędrzejewski-Szmek
lz4 has to decompress a whole "sequence" at a time. When the compressed data is composed of a repeating pattern, the whole set of repeats has do be docompressed, and the output buffer has to be big enough. This is unfortunate, because potentially the slowdown is very big. We are only interested in the field name, but we might have to decompress the whole thing. But the full cost will be borne out only when the full entry is a repeating pattern. In practice this shouldn't happen (apart from tests and the like). Hopefully lz4 will be fixed to avoid this problem, or it will grow a new function which we can use [1], so this fix should be remporary. [1] https://groups.google.com/d/msg/lz4c/_3kkz5N6n00/oTahzqErCgAJ
2015-12-13journal: decompress_startswith can return an errorZbigniew Jędrzejewski-Szmek
The return value was used directly in an if, so an error was treated as success; we need to bail out instead. An error should not happen, unless we have a compression/decompression mismatch, so output a debug line.
2015-12-13journal: properly handle an unexpectedly missing fieldZbigniew Jędrzejewski-Szmek
parse_field() checks if the field has the expected format, and returns 0 if it doesn't. In that case, value and size are not set. Nevertheless, we would try to continue, and hit an assert in safe_atou64. This case shouldn't happen, unless sd_j_get_data is borked, so cleanly assert that we got the expected field. Also, oom is the only way that parse_field can fail, which we log already. Instead of outputting a debug statement and carrying on, treat oom as fatal.
2015-12-07udev: fix NULL deref when executing rulesZbigniew Jędrzejewski-Szmek
We quite obviously check whether event->dev_db is nonnull, and right after that call a function which asserts the same. Move the call under the same if. https://bugzilla.redhat.com/show_bug.cgi?id=1283971
2015-12-07libudev: simplify udev_device_ensure_usec_initialized a bitZbigniew Jędrzejewski-Szmek
2015-12-06Merge pull request #2100 from msekletar/nologin-labelLennart Poettering
user-sessions: make sure /run/nologin has correct SELinux label
2015-12-06Merge pull request #2107 from phomes/miscLennart Poettering
Misc cleanups
2015-12-06resolve: remove unused variableThomas Hindoe Paaboel Andersen
2015-12-06shared: include what we useThomas Hindoe Paaboel Andersen
The next step of a general cleanup of our includes. This one mostly adds missing includes but there are a few removals as well.
2015-12-04nspawn: set TasksMax in machined instead of nspawnAlban Crequy
https://github.com/systemd/systemd/issues/2016
2015-12-04login: make sure /run/nologin has correct SELinux labelMichal Sekletar
2015-12-04user-sessions: make sure /run/nologin has correct SELinux labelMichal Sekletar
2015-12-03resolved: update DNSSEC TODO list a bitLennart Poettering
2015-12-03resolved: add a concept of "authenticated" responsesLennart Poettering
This adds a new SD_RESOLVED_AUTHENTICATED flag for responses we return on the bus. When set, then the data has been authenticated. For now this mostly reflects the DNSSEC AD bit, if DNSSEC=trust is set. As soon as the client-side validation is complete it will be hooked up to this flag too. We also set this bit whenver we generated the data ourselves, for example, because it originates in our local LLMNR zone, or from the built-in trust anchor database. The "systemd-resolve-host" tool has been updated to show the flag state for the data it shows.
2015-12-03resolved: when synthesizing NODATA from cached NSEC bitmaps, honour CNAME/DNAMELennart Poettering
When an RR type is not set in an NSEC, then the CNAME/DNAME types might still be, hence check them too. Otherwise we might end up refusing resolving of CNAME'd RRs if we cached an NSEC before.
2015-12-03resolved: maintain a short TODO list for DNSSEC support in the dnssec C ↵Lennart Poettering
files for now
2015-12-03resolved: introduce a dnssec_mode setting per scopeLennart Poettering
The setting controls which kind of DNSSEC validation is done: none at all, trusting the AD bit, or client-side validation. For now, no validation is implemented, hence the setting doesn't do much yet, except of toggling the CD bit in the generated messages if full client-side validation is requested.
2015-12-03resolved: add a limit on the max DNSSEC RRSIG expiry skew we allowLennart Poettering
2015-12-03resolved: add a simple trust anchor database as additional RR sourceLennart Poettering
When doing DNSSEC lookups we need to know one or more DS or DNSKEY RRs as trust anchors to validate lookups. With this change we add a compiled-in trust anchor database, serving the root DS key as of today, retrieved from: https://data.iana.org/root-anchors/root-anchors.xml The interface is kept generic, so that additional DS or DNSKEY RRs may be served via the same interface, for example by provisioning them locally in external files to support "islands" of security. The trust anchor database becomes the fourth source of RRs we maintain, besides, the network, the local cache, and the local zone.
2015-12-03resolved: rework how we allow allow queries to be dispatched to scopesLennart Poettering
Previously, we'd never do any single-label or root domain lookups via DNS, thus leaving single-label lookups to LLMNR and the search path logic in order that single-label names don't leak too easily onto the internet. With this change we open things up a bit, and only prohibit A/AAAA lookups of single-label/root domains, but allow all other lookups. This should provide similar protection, but allow us to resolve DNSKEY+DS RRs for the top-level and root domains. (This also simplifies handling of the search domain detection, and gets rid of dns_scope_has_search_domains() in favour of dns_scope_get_search_domains()).
2015-12-03resolved: don't bother with picking a search domain when searching is disabledLennart Poettering
2015-12-03resolved: optionally, allocate DnsResourceKey objects on the stackLennart Poettering
Sometimes when looking up entries in hashmaps indexed by a DnsResourceKey it is helpful not having to allocate a full DnsResourceKey dynamically just to use it as search key. Instead, optionally allow allocation of a DnsResourceKey on the stack. Resource keys allocated like that of course are subject to other lifetime cycles than the usual Resource keys, hence initialize the reference counter to to (unsigned) -1. While we are at it, remove the prototype for dns_resource_key_new_dname() which was never implemented.
2015-12-03resolved: make expiration error recognizableLennart Poettering
2015-12-03resolved: refuse resolving of a number of domains listed in RFC6303Lennart Poettering
We already blacklisted a few domains, add more.
2015-12-03journal: silently skip failing large messages if journald is missingZbigniew Jędrzejewski-Szmek
We treated -ENOENT errors with silent failure, for small messages. Do the same for large messages.
2015-12-03journal: unbreak sd_journal_sendvZbigniew Jędrzejewski-Szmek
Borked since commit 3ee897d6c2401effbc82f5eef35fce405781d6c8 Author: Lennart Poettering <lennart@poettering.net> Date: Wed Sep 23 01:00:04 2015 +0200 tree-wide: port more code to use send_one_fd() and receive_one_fd() because here our fd is not connected and we need to specify the address.
2015-12-03test-journal-send: add tests for sendvZbigniew Jędrzejewski-Szmek
Also, check the return value of all calls. They are documented to return 0, even if journald is not listening.
2015-12-03journal: addition and multiplication do not commuteZbigniew Jędrzejewski-Szmek
2015-12-02test-journal-send: no need to set log levelZbigniew Jędrzejewski-Szmek
We only use the public api here, so don't include log.h.
2015-12-03resolved: support the RSASHA1_NSEC3_SHA1 pseudo-algorithmLennart Poettering
RSASHA1_NSEC3_SHA1 is an alias for RSASHA1, used to do NSEC3 feature negotiation. While verifying RRsets there's no difference, hence support it here.
2015-12-03resolved: synthesize NODATA cache results when we find matching NSEC RRsLennart Poettering
If we have a precisely matching NSEC RR for a name, we can use its type bit field to synthesize NODATA cache lookup results for all types not mentioned in there. This is useful for mDNS where NSEC RRs are used to indicate missing RRs for a specific type, but is beneficial in other cases too. To test this, consider these two lines: systemd-resolve-host -t NSEC nasa.gov systemd-resolve-host -t SRV nasa.gov The second line will not result in traffic as the first line already cached the NSEC field.
2015-12-03resolved: move algorithm/digest definitions into resolved-dns-rr.hLennart Poettering
After all, they are for flags and parameters of RRs and already relevant when dealing with RRs outside of the serialization concept.
2015-12-03resolved: don't accept expired RRSIGsLennart Poettering
2015-12-02resolved: add basic DNSSEC supportLennart Poettering
This adds most basic operation for doing DNSSEC validation on the client side. However, it does not actually add the verification logic to the resolver. Specifically, this patch only includes: - Verifying DNSKEY RRs against a DS RRs - Verifying RRSets against a combination of RRSIG and DNSKEY RRs - Matching up RRSIG RRs and DNSKEY RRs - Matching up RR keys and RRSIG RRs - Calculating the DNSSEC key tag from a DNSKEY RR All currently used DNSSEC combinations of SHA and RSA are implemented. Support for MD5 hashing and DSA or EC cyphers are not. MD5 and DSA are probably obsolete, and shouldn't be added. EC should probably be added eventually, if it actually is deployed on the Internet.
2015-12-02resolved: port ResolveRecord() bus call implementation to ↵Lennart Poettering
dns_resource_record_to_wire_format() Now that we have dns_resource_record_to_wire_format() we can generate the RR serialization we return to bus clients in ResolveRecord() with it. We pass the RR data along in the original form, not the DNSSEC canonical form, since that would mean we'd lose RR name casing, which is however important to keep for DNS-SD services and similar.
2015-12-02resolved: add code to generate the wire format for a single RRLennart Poettering
This adds dns_resource_record_to_wire_format() that generates the raw wire-format of a single DnsResourceRecord object, and caches it in the object, optionally in DNSSEC canonical form. This call is used later to generate the RR serialization of RRs to verify. This adds four new fields to DnsResourceRecord objects: - wire_format points to the buffer with the wire-format version of the RR - wire_format_size stores the size of that buffer - wire_format_rdata_offset specifies the index into the buffer where the RDATA of the RR begins (i.e. the size of the key part of the RR). - wire_format_canonical is a boolean that stores whether the cached wire format is in DNSSEC canonical form or not. Note that this patch adds a mode where a DnsPacket is allocated on the stack (instead of on the heap), so that it is cheaper to reuse the DnsPacket object for generating this wire format. After all we reuse the DnsPacket object for this, since it comes with all the dynamic memory management, and serialization calls we need anyway.
2015-12-02resolved: add code to map DNSSEC digest types to strings and backLennart Poettering
2015-12-02resolved: store DNSKEY fields flags+protocol as-isLennart Poettering
When verifying signatures we need to be able to verify the original data we got for an RR set, and that means we cannot simply drop flags bits or consider RRs invalid too eagerly. Hence, instead of parsing the DNSKEY flags store them as-is. Similar, accept the protocol field as it is, and don't consider it a parsing error if it is not 3. Of course, this means that the DNSKEY handling code later on needs to check explicit for protocol != 3.
2015-12-02resolved: add RFC 5702 defined DNSSEC algorithms to tableLennart Poettering
2015-12-02util-lib: update dns_name_to_wire_format() to optionally generate DNSSEC ↵Lennart Poettering
canonical names We'll need this later when putting together RR serializations to checksum.
2015-12-02resolved: make sure DNS_ANSWER_FOREACH() can be nestedLennart Poettering
Change the iterator counter so that a different varable is used for each invocation of the macro, so that it may be nested.
2015-12-02resolved: simplify dns_packet_append_string()Lennart Poettering
It essentially does the same as dns_packet_append_raw_string(), hence make it a wrapper around it.
2015-12-02hostnamed: SMBIOS 3.0 knows the "tablet" form factor, add support for itLennart Poettering
2015-12-02Merge pull request #2073 from poettering/dns-label-fixesLennart Poettering
Dns label fixes + unrelated selinux clean-up
2015-12-02lz4: fix size check which had no chance of working on big-endianZbigniew Jędrzejewski-Szmek
2015-12-02tests: fix newlines in skip messageZbigniew Jędrzejewski-Szmek
2015-12-02tests: turn check if manager cannot be intialized into macroZbigniew Jędrzejewski-Szmek
We need to check the same thing in multiple tests. Use a shared macro to make it easier to update the list of errnos. Change the errno code for "unitialized cgroup fs" for ENOMEDIUM. Exec format error looks like something more serious. This fixes test-execute invocation in mock.
2015-12-01basic/virt: add missing includes to compile on ppc64Zbigniew Jędrzejewski-Szmek
2015-12-01basic: re-sort includesThomas Hindoe Paaboel Andersen
My previous patch to only include what we use accidentially placed the added inlcudes in non-sorted order.