| Age | Commit message (Collapse) | Author |
|---|
|
It shouldn't happen that we try to resolve IPv4 addresses via LLMNR on
IPv6 and vice versa, but let's explicitly verify that we don't turn an
IPv4 LLMNR lookup into an IPv6 TCP connection.
|
|
|
|
resolved: synthesize more RRs locally and other fixes
|
|
With this change we'll now also generate synthesized RRs for the local
LLMNR hostname (first label of system hostname), the local mDNS hostname
(first label of system hostname suffixed with .local), the "gateway"
hostname and all the reverse PTRs. This hence takes over part of what
nss-myhostname already implemented.
Local hostnames resolve to the set of local IP addresses. Since the
addresses are possibly on different interfaces it is necessary to change
the internal DnsAnswer object to track per-RR interface indexes, and to
change the bus API to always return the interface per-address rather than
per-reply. This change also patches the existing clients for resolved
accordingly (nss-resolve + systemd-resolve-host).
This also changes the routing logic for queries slightly: we now ensure
that the local hostname is never resolved via LLMNR, thus making it
trustable on the local system.
|
|
Following our usual logic of treating NULL arrays as empty arrays (for
example, see strv.c) do the same for questions too.
|
|
|
|
This is specifically useful for appending the mDNS ".local" suffix to a
single-label hostname in the most correct way. (used in later commit)
|
|
This moves is_gateway() from nss-myhostname into the basic APIs, and
makes it more like is_localhost(). Also, we rename it to
is_gateway_hostname() to make it more expressive.
Sharing this function in src/basic/ allows us to reuse the function for
routing name requests in resolved (in a later commit).
|
|
Append DNS and NTP data obtained via DHCPv6 when the Link is saved.
|
|
|
|
Test option setting and getting in test_advertise_option(). Verify
that the information provided in DHCPv6 Reply messages is also
available in the Information and Solicit callbacks.
|
|
Although the SNTP option specified in RFC 4075 has been deprecated, some
servers are still sending NTP information with this option. Use the SNTP
information provided only if the NTP option is not present.
Update the test case as SNTP information is also requested.
|
|
Support NTP server and multicast addresses and NTP server domain names
as specified in RFC 5908.
|
|
Support DHCPv6 DNS search list option as specified in RFC 3646. This
option contains a list of DNS search domains encoded without compression
as specified in Section 8. of RFC 3315.
|
|
Support DHCPv6 DNS server option as specified in RFC 3646. This option
contains a list of IPv6 DNS server addresses.
|
|
Add a helper function containing a modified version of dns_packet_read_name()
that does not use DnsPacket to extract a string array of domain names from
the provided option data. The domain names are stored uncompressed as defined
in Section 8. of RFC 3315.
|
|
Add a helper function that extracts a block of IPv6 addresses from
the provided option data.
|
|
As the lease structure contains interesting information, save it also
for the Information Reply.
|
|
When the DHCPv6 client is started by the library user or stopped for
any reason, unref the DHCPv6 lease when resetting the DHCPv6 client
data structure. This makes the DHCPv6 client always start from a clean
state and not keep unnecessary an lease structure around when stopped.
If this is not done, a previously existing lease information can be
interpreted to be from another server when restarting DHCPv6.
|
|
This fixes #993, and ensures that the libc does not consider any
old timezone information into account, that was set earlier.
|
|
Issue 989 - logind: VT is not properly reset on session close
|
|
setenv is declared as:
extern int setenv (const char *__name, const char *__value, int __replace)
__THROW __nonnull ((2));
And i->timezone can be NULL, if for example /etc/localtime is
missing. Previously that worked, but now result in a libc dumping
core, as seen with gcc 2.22, due to:
https://sourceware.org/ml/glibc-cvs/2015-q2/msg00075.html
|
|
When the controlling process exits, any existing file descriptors
for that FD will be marked as hung-up and ioctls on them will
file with EIO. To work around this, open a new file descriptor
for the VT we want to clean up.
Thanks to Ray Strode for help in sorting out the problem and
coming up with a fix!
https://github.com/systemd/systemd/issues/989
|
|
The open_terminal() function adds retries in case a terminal
is in the process of being closed when we open it, and should
generally be used to open a terminal. We especially need it
for code that a subsequent commit adds that reopens the terminal
at session shut-down time; such races would be more likely in
that case.
Found by Ray Strode.
|
|
|
|
remove_directory will always return 0 so this can never happen.
Besides that, d->path and d are freed so we would end up with
a null pointer dereference anyway.
|
|
Fix machinectl login with containers in user namespaces (v2)
|
|
Delete unnecessary checks before some function calls
|
|
Regression: 'journalctl -f -t unmatched' doesn't block properly
|
|
To be able to use `systemd-run` or `machinectl login` on a container
that is in a private user namespace, the sub-process must have entered
the user namespace before connecting to the container's D-Bus, otherwise
the UID and GID in the peer credentials are garbage.
So we extend namespace_open and namespace_enter to support UID namespaces,
and we enter the UID namespace in bus_container_connect_{socket,kernel}.
namespace_open will degrade to a no-op if user namespaces are not enabled
in the kernel.
Special handling is required for the setns call in namespace_enter with
a user namespace, since transitioning to your own namespace is forbidden,
as it would result in re-entering your user namespace as root.
Arguably it may be valid to check this at the call site, rather than
inside namespace_enter, but it is less code to do it inside, and if the
intention of calling namespace_enter is to *be* in the target namespace,
rather than to transition to the target namespace, it is a reasonable
approach.
The check for whether the user namespace is the same must happen before
entering namespaces, as we may not be able to access /proc during the
intermediate transition stage.
We can't instead attempt to enter the user namespace and then ignore
the failure from it being the same namespace, since the error code is
not distinct, and we can't compare namespaces while mid-transition.
|
|
The following functions return immediately if a null pointer was passed.
* calendar_spec_free
* link_address_free
* manager_free
* sd_bus_unref
* sd_journal_close
* udev_monitor_unref
* udev_unref
It is therefore not needed that a function caller repeats a corresponding check.
This issue was fixed by using the software Coccinelle 1.0.1.
|
|
tree-wide: generate EBADF when we get invalid fds
|
|
sd-bus: always fill in sd_bus_error paramters, on error
|
|
resolved: debugging improvements
|
|
Previously the following command:
$ journalctl -f -t unmatchedtag12345
... would block when called with criteria that did not match any
journal lines. Once log lines appeared that matched the criteria
they were displayed.
Commit 02ab86c732576a71179ce12e97d44c289833236d broke this
behavior and the journal was not followed, but the command
exits with '-- No entries --' displayed.
This commit fixes the issue.
More information downstream:
https://bugzilla.redhat.com/show_bug.cgi?id=1253649
|
|
The function "free" is documented in the way that no action shall occur for
a passed null pointer. It is therefore not needed that a function caller
repeats a corresponding check.
http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first
This issue was fixed by using the software Coccinelle 1.0.1.
|
|
The function "mfree" should be called instead of "free" at a specific
source code place.
|
|
|
|
Whenever one of our calls is invoked with a non-NULL, writable
sd_bus_error parameter, let's fill in some valid error on failure. We
previously only filled in remote errors, but never local errors, which is
hard to handle by users. Hence, let's clean this up to always fill in
the error.
This introduces a new bus_assert_return() macro that works like
assert_return() but optionally also initializes a bus_error struct.
Fixes #224.
Based on a patch by Umut Tezduyar.
|
|
Allow arbitrary file paths to be passed to nspawn (v3)
|
|
|
|
|
|
resolved: enable synthesizing of A, AAAA and PTR records for "localhost"
|
|
nss-myhostname: use LOOPBACK_IFINDEX instead of if_nametoindex("lo")
|
|
There's no reason to explicitly turn off bus activation for resolved
here. The reason this was done before was that the code was copied from
nss-resolve, which has a fallback to glibc's nss-dns if resolved is not
reachable. However, such a logic makes no sense for resolve-host since
such a fallback doesn't make sense here, which means we can actually
turn on activation. Let's do it hence.
|
|
sd-bus: do not connect to dbus-1 socket when kdbus is available
|
|
This is a follow-up to #907, and makes the same change for all our other
public APIs.
|
|
We should never allow leaking of "localhost" queries onto the network,
even if there's an explicit domain rotue set for this.
|
|
Let's make sure that clients querying resolved via the bus for A, AAAA
or PTR records for "localhost" get a synthesized, local reply, so that
we do not hit the network.
This makes part of nss-myhostname redundant, if used in conjunction.
However, given that nss-resolve shall be optional we need to keep this
code in both places for now.
|
|
Given that we already hardocde the loopback ifindex, following the
kernel's own logic, we can replace the invocation of
if_nametoindex("lo") with LOOPBACK_IFINDEX.
|
