summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-04-04*.localdomain != localhostDavid R. Hedges
".localdomain" is not a reserved suffix (or prefix). I'm not aware of any product expecting *.localdomain to resolve to localhost, however I am aware of at least one product that defaults to ".localdomain" as its DNS suffix provided via DHCP (pfSense). This leads to unexpected results when attempting to access a host that's offline (or a host that's online, when nsswitch.conf is [mis-]configured to have myhostname ahead of DNS). Operate on: localhost (and localhost.) *.localhost (and *.localhost.) localhost.localdomain (and localhost.localdomain.) *.localhost.localdomain (and *.localhost.localdomain.) We should not cover: *.localdomain (nor *.localdomain.) localdomain (nor localdomain.)
2016-02-18Merge pull request #2644 from 0xAX/check-alloc-overflow-macroZbigniew Jędrzejewski-Szmek
alloc-util: extract overflow check into inline function
2016-02-19alloc-util: cleanupsAlexander Kuleshov
This patch contains a set of little cleanups for alloc-util.h: 1. The malloc_multiply(), realloc_multiply() and memdup_multiply() functions check allocation related parameters on overflow. Let's move them to the separate size_multiply_overflow() function for simplicity, code duplication prevention and possible reuse in future. 2. use SIZE_MAX from stdlib instead of ((size_t) - 1) to be more clear. 3. The 'a'/'b' variables are renamed to 'size' and 'need' to be more clear.'
2016-02-18core: revert "core: resolve specifier in config_parse_exec()"Evgeny Vereshchagin
This reverts commit cb48dfca6a8bc15d9081651001a16bf51e03838a. Exec*-settings resolve specifiers twice: %%U -> config_parse_exec [cb48dfca6a8] -> %U -> service_spawn -> 0 Fixes #2637
2016-02-17tests: add test for https://github.com/systemd/systemd/issues/2637Evgeny Vereshchagin
+ perl -e 'exit(!(qq{0} eq qq{\x25U}))' exec-spec-interpolation.service: Main process exited, code=exited, status=1/FAILURE exec-spec-interpolation.service: Unit entered failed state. exec-spec-interpolation.service: Failed with result 'exit-code'. PID: 11270 Start Timestamp: Wed 2016-02-17 22:21:31 UTC Exit Timestamp: Wed 2016-02-17 22:21:31 UTC Exit Code: exited Exit Status: 1 Assertion 'service->main_exec_status.status == status_expected' failed at src/test/test-execute.c:65, function check(). Aborting.
2016-02-17Merge pull request #2640 from keszybz/dnssec-work-3Lennart Poettering
resolve: dumping of binary packets
2016-02-16test-resolve-tables: verify that dns type/class length is within limitsZbigniew Jędrzejewski-Szmek
DNS_TYPE_STRING_MAX causes a problem with the table autogeneration code, change to _DNS_TYPE_STRING_MAX.
2016-02-16Use provided buffer in dns_resource_key_to_stringZbigniew Jędrzejewski-Szmek
When the buffer is allocated on the stack we do not have to check for failure everywhere. This is especially useful in debug statements, because we can put dns_resource_key_to_string() call in the debug statement, and we do not need a seperate if (log_level >= LOG_DEBUG) for the conversion. dns_resource_key_to_string() is changed not to provide any whitespace padding. Most callers were stripping the whitespace with strstrip(), and it did not look to well anyway. systemd-resolve output is not column aligned anymore. The result of the conversion is not stored in DnsTransaction object anymore. It is used only for debugging, so it seems fine to generate it when needed. Various debug statements are extended to provide more information.
2016-02-16Replace DNS_RESOURCE_KEY_NAME with a version which always returns "." for rootZbigniew Jędrzejewski-Szmek
This fixes formatting of root domain in debug messages: Old: systemd-resolved[10049]: Requesting DS to validate transaction 19313 (., DNSKEY with key tag: 19036). New: systemd-resolved[10049]: Requesting DS to validate transaction 19313 (, DNSKEY with key tag: 19036).
2016-02-16systemd-resolved: split out inner loopZbigniew Jędrzejewski-Szmek
With two nested loops and a switch statements, it's quite hard to understand what break and continue mean.
2016-02-16systemd-resolve: allow whole packets to be dumped in binary formZbigniew Jędrzejewski-Szmek
2016-02-16systemd-resolve: allow keys to be dumped in binary formZbigniew Jędrzejewski-Szmek
$ systemd-resolve --raw --openpgp zbyszek@fedoraproject.org | pgpdump /dev/stdin
2016-02-16systemd-resolve: reword --help outputZbigniew Jędrzejewski-Szmek
The output didn't specify if the default for --cname/--search/--legend and other options was yes or no. Change the description to be explicit about that. Also make the --help output and man page closer.
2016-02-16Merge pull request #2623 from poettering/networkd-fixesZbigniew Jędrzejewski-Szmek
Networkd, resolved, build-sys fixes
2016-02-16Merge pull request #2626 from poettering/fionread-fixLennart Poettering
networkd: FIONREAD is not reliable on some sockets
2016-02-16Merge pull request #2636 from 0xAX/not-edit-errno-manuallyLennart Poettering
main: no need to set errno manually
2016-02-16resolved: make sure to normalize all domain names returned via the busLennart Poettering
Most domain names we deal with are normalized anyway (since we read them that way from DNS packets), but some might not (because they are synthesized from unnormalized configuration or so), hence make sure to normalize all names before passing them out to clients, to be fully deterministic. Note that internally we are process normalized and non-normalized names the same way, and while comparing them ignore the differences due to unnormalized names. However, that internal implementation detail really shouldn't spill out the clients, hence make sure to clean it all up.
2016-02-16udev: fix cg_unified() return code checkingLennart Poettering
Fixes fall-out from 8b3aa503c171acdb9ec63484a8c50e2680d31e79. Fixes: #2635
2016-02-16core: fix assertion checkLennart Poettering
Fixes: #2632
2016-02-16resolve: print a noisy warning if we show crypto keys that could not be ↵Lennart Poettering
authenticated Doing DNS retrieval on non-authenticated crypt keys is useless, hence warn loudly about it.
2016-02-16networkd: rework idle detection logic of networkdLennart Poettering
This patch makes networkd stay around as long as there is more than just a loopback interface around, or the loopback device isn't fully probed yet, or the loopback device has a .network file attached. In essence, this means networkd stays around now continously as it should, unless it is running in some (container?) environment that really has no interface except a loopback device. Fixes #2577.
2016-02-16build-sys: fix type detectionLennart Poettering
Before this patch existence of char16_t, char32_t, key_serial_t was checked with AC_CHECK_DECLS() which doesn't actually work for types. Correct this to use AC_CHECK_TYPES() instead. Also, while we are at it, change the check for memfd_create() to use AC_CHECK_DECLS() instead of AC_CHECK_FUNCS(). This is a better choice, since a couple of syscalls are defined by glibc but not exported in the header files (pivot_root() for example), and we hence should probably be more picky with memfd_create() too, which glibc might decide to expose one day, but not necessarily in the headers too.
2016-02-16resolved: turn on DNSSEC by default, unless configured otherwiseLennart Poettering
Let's make sure DNSSEC gets more testing, by defaulting DNSSEC to "allow-downgrade" mode. Since distros should probably not ship DNSSEC enabled by default add a configure switch to disable this again. DNSSEC in "allow-downgrade" mode should mostly work without affecting user experience. There's one exception: some captive portal systems rewrite DNS in order to redirect HTTP traffic to the captive portal. If these systems implement DNS servers that are otherwise DNSSEC-capable (which in fact is pretty unlikely, but still...), then this will result in the captive portal being inaccessible. To fix this support in NetworkManager (or any other network management solution that does captive portal detection) is required, which simply turns off DNSSEC during the captive portal detection, and resets it back to the default (i.e. on) after captive portal authentication is complete.
2016-02-16main: no need to set errno manuallyAlexander Kuleshov
If we are not PID 1 and started as init, we executing systemctl with execv(). Here no need to set errno manually, because in a failure case, because the execv() anyway will set errno depends on a error.
2016-02-16Merge pull request #2630 from keszybz/systemctl-m-hLennart Poettering
systemctl: fix style to avoid modification of array passed by caller
2016-02-16networkd: FIONREAD is not reliable on some socketsLennart Poettering
Fixes: #2457
2016-02-15systemctl: fix style to avoid modification of array passed by callerZbigniew Jędrzejewski-Szmek
Followup for 4524439edb7d.
2016-02-16Merge pull request #2628 from benjarobin/fix-pull-req-2611Lennart Poettering
time-util: Rename and fix call of deserialize_timestamp_value()
2016-02-15time-util: Rename and fix call of deserialize_timestamp_value()Benjamin Robin
The deserialize_timestamp_value() is renamed timestamp_deserialize() to be more consistent with dual_timestamp_deserialize() And add the NULL check back on realtime and monotonic
2016-02-15Merge pull request #2622 from keszybz/systemctl-m-hLennart Poettering
systemctl: include -M or -H arguments in the hint
2016-02-15systemctl: include -M or -H arguments in the hintZbigniew Jędrzejewski-Szmek
https://github.com/systemd/systemd/issues/2431 Some newlines are added, but the output will still exceed 80 columns in many cases. The fallback for oom conditions is changed from "n/a" to something "<service>", and a similar pattern is used for the new code. This way we have a realistic fallback for oom, which seems nicer than making the whole function return an error code which would then have to be propagated. $ systemctl -M fedora-rawhide restart systemd-networkd.service Job for systemd-networkd.service failed because start of the service was attempted too often. See "systemctl -M fedora-rawhide status systemd-networkd.service" and "journalctl -M fedora-rawhide -xe" for details. To force a start use "systemctl -M fedora-rawhide reset-failed systemd-networkd.service" followed by "systemctl -M fedora-rawhide start systemd-networkd.service" again.
2016-02-15Merge pull request #2611 from 0xAX/deserialize-clkidLennart Poettering
time-util: introduce deserialize_timestamp_value()
2016-02-16logind: use deserialize_timestamp_value()Alexander Kuleshov
which is introduced in the ebf30a086d commit.
2016-02-16machine: use deserialize_timestamp_value()Alexander Kuleshov
which is introduced in the ebf30a086dfa commit.
2016-02-16time-util: introduce deserialize_timestamp_value()Alexander Kuleshov
The time-util.c provides dual_timestamp_deserialize() function to convert value to usec_t and set it as value of ts->monotonic and ts->realtime. There are some places in code which do the same but only for one clockid_t (realtime or monotonic), when dual_timestamp_deserialize() sets value of both. This patch introduces the deserialize_timestamp_value() which converts a given value to usec_t and write it to a given timestamp.
2016-02-15dhcp: assert the success of sd_event_now()Beniamino Galvani
The function must never fail.
2016-02-15Merge pull request #2618 from zonque/busproxy-removalLennart Poettering
remove bus-proxyd
2016-02-15Merge pull request #2596 from keszybz/move-activate-to-binLennart Poettering
Move activate to bin, extend --fdnames functionality
2016-02-15missing.h: define IFLA_EXT_MASKRabin Vincent
We already define IFLA_PROMISCUITY and some other of these masks in order to allow building with older headers. Define IFLA_EXT_MASK too, which was added in the same kernel version as IFLA_PROMISCUITY (v3.10).
2016-02-13Merge pull request #2608 from poettering/resolved-prop-fixZbigniew Jędrzejewski-Szmek
bus property name fix in resolved
2016-02-13busctl: when formatting message contents, make sure to print all whitespacesLennart Poettering
Previously we'd miss a necessary whitespace at the end of arrays, if more data was following.
2016-02-13resolved: extend ResolveHostname() bus call so that it can parse IP addressesLennart Poettering
If the hostname passed to ResolveHostname() is actually an IP address that is correctly formatted as string parse it as such, avoid any DNS traffic and return the data in parsed form. This is useful for clients which can simply call the bus function now without caring about the precise formatting of specified hostnames. This mimics getaddrinfo()'s behaviour with the AI_NUMERICHOST flag set. Note that this logic is only implemented for ResolveHostname(), but not for calls such as ResolveRecord(), for which only DNS domain names may be used as input. The "authenticated" flag is set for look-ups of this type, after all no untrusted network traffic is involved.
2016-02-13resolved: rename "SearchDomains" property in the Manager interface to "Domains"Lennart Poettering
Another property name fuck-up. The property contains both search and routing domains and hence should be exposed as "Domains" rather than "SearchDomains". The counterpart in the Link object was correctly named, and the SetLinkDomains() and SetDomains() setter calls too, hence let's get this right, too. (Yepp, a minor API break actually, but given that this was so far not documented, and only 3 days public let's fix this now)
2016-02-13resolved: fix definition of SD_RESOLVED_FLAGS_MAKELennart Poettering
2016-02-13resolved: drop references to two bus error codes no longer usedLennart Poettering
2016-02-13service: remove unnecessary checkAlexander Kuleshov
We call dual_timestamp_serialize() only if the s->watchdog_timestamp is set. But the dual_timestamp_serialize() already checks a given dual timestamp by the call of the dual_timestamp_is_set(). So we can remove this check safely.
2016-02-13resolved: fix DNSSECSupported Link object property nameLennart Poettering
By mistake the "DNSSECSupported" bus property of the Link object got named "DNSSECSupport". Internally, it's named correctly, and the counterpart on the "Manager" object got named correctly too. Technically this rename is an API break, but given that the interface is not documented or widely announced yet, and just 3 days in a published release, let's just fix this, and hope nobody notices.
2016-02-13activate: allow multiple, possibly invalid, fd namesZbigniew Jędrzejewski-Szmek
Previous code only allowed a single name to be passed, and duplicated it over all descriptors. For the sake of testing, allow different names and in arbitrary number. If just one is given, duplicate it to match the number of sockets. This matches previuos behaviour. Since this is a testing tool, it seems useful to allow passing invalid names to test application behaviour with invalid names. Hence, only warn. When warning, escape the name.
2016-02-13basic/strv: fix strv_join for first empty argumentZbigniew Jędrzejewski-Szmek
Empty strings were ignored in strv_join, but only if they were at the beginning of the string. Empty strings after at least one non-empty item were treated normally. Previously: {"x"} → "x" {"x", ""} → "x" {"x", "", ""} → "x::" {""} → "" {"", ""} → "" {"", "", ""} → "" {"", "x"} → "x" {"", "x", ""} → "x:" Now: {"x"} → "x" {"x", ""} → "x" {"x", "", ""} → "x::" {""} → "" {"", ""} → ":" {"", "", ""} → "::" {"", "x"} → ":x" {"", "x", ""} → ":x:"
2016-02-13Merge pull request #2603 from poettering/drop-compat-libsZbigniew Jędrzejewski-Szmek
Some spring cleaning