summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-01-19Merge pull request #2357 from keszybz/warnings-2Lennart Poettering
Remove gcc warnings v2
2016-01-19resolved: don't forget about lost OPT and RRSIG when downgrading a feature levelLennart Poettering
Certain Belkin routers appear to implement a broken DNS cache for A RRs and some others, but implement a pass-thru for AAAA RRs. This has the effect that we quickly recognize the broken logic of the router when we do an A lookup, but for AAAA everything works fine until we actually try to validate the request. Given that the validation will necessarily fail ultimately let's make sure we remember even when downgrading a feature level that OPT or RRSIG was missing.
2016-01-18update DNSSEC TODOLennart Poettering
2016-01-18resolved: don't try to print error strings, where errno isn't setLennart Poettering
2016-01-18resolved: when restarting a transaction pick a new IDLennart Poettering
When we restart a transaction because of an incompatible server, pick a new transaction ID. This should increase compatibility with DNS servers that don't like if they get different requests with the same transaction ID.
2016-01-18resolved: enforce maximum limit on DNS transactionsLennart Poettering
given that DNSSEC lookups may result in quite a number of auxiliary transactions, let's better be safe than sorry and also enforce a limit on the number of total transactions, not just on the number of queries.
2016-01-18resolved: add DNAME test case to the complex DNSSEC testLennart Poettering
2016-01-18resolved: fix how we detect whether auxiliary DNSSEC transactions are readyLennart Poettering
Previously, when getting notified about a completed auxiliary DNSSEC transaction we'd immediately act on it, and possibly abort the main transaction. This is problematic, as DNS transactions that already completed at the time we started using them will never get the notification event, and hence never be acted on in the same way. Hence, introduce a new call dns_transaction_dnssec_ready() that checks the state of auxiliary DNSSEC transactions, and returns 1 when we are ready for the actual DNSSEC validation step. Then, make sure this is invoked when the auxiliary transactions are first acquired (and thus possibly reused) as well when the notifications explained above take place. This fixes problems particularly when doing combined A and AAAA lookups where the auxiliary DNSSEC transactions get reused between them, and where we got confused if we reused an auxiliary DNSSEC transaction from one when it already got completed from the other.
2016-01-18resolved: end log messages in a full stopLennart Poettering
2016-01-18resolved: never consider following a CNAME/DNAME chain for a CNAME/DNAME lookupLennart Poettering
Let's avoid thinking that a CNAME/DNAME chain traversal could be a good idea if QTYPE is already CNAME/DNAME. (Also, let's bail out early when trying to see if some RR is a suitable CNAME/DNAME for some other RR).
2016-01-18resolved: when following a CNAME, turn off search domainsLennart Poettering
If the first step was done via a search domain, make sure the subsequent steps are not.
2016-01-18resolved: properly reset old collected data when following a CNAME redirectLennart Poettering
2016-01-18resolved: beef up complex dnssec test to also use ResolveAddress() and do ↵Lennart Poettering
IDNA checks
2016-01-18resolved: rework IDNA logicLennart Poettering
Move IDNA logic out of the normal domain name processing, and into the bus frontend calls. Previously whenever comparing two domain names we'd implicitly do IDNA conversion so that "pöttering.de" and "xn--pttering-n4a.de" would be considered equal. This is problematic not only for DNSSEC, but actually also against he IDNA specs. Moreover it creates problems when encoding DNS-SD services in classic DNS. There, the specification suggests using UTF8 encoding for the actual service name, but apply IDNA encoding to the domain suffix. With this change IDNA conversion is done only: - When the user passes a non-ASCII hostname when resolving a host name using ResolveHostname() - When the user passes a non-ASCII domain suffix when resolving a service using ResolveService() No IDNA encoding is done anymore: - When the user does raw ResolveRecord() RR resolving - On the service part of a DNS-SD service name Previously, IDNA encoding was done when serializing names into packets, at a point where information whether something is a label that needs IDNA encoding or not was not available, but at a point whether it was known whether to generate a classic DNS packet (where IDNA applies), or an mDNS/LLMNR packet (where IDNA does not apply, and UTF8 is used instead for all host names). With this change each DnsQuery object will now maintain two copies of the DnsQuestion to ask: one encoded in IDNA for use with classic DNS, and one encoded in UTF8 for use with LLMNR and MulticastDNS.
2016-01-18resolved: minor optimization for dns_question_is_equal()Lennart Poettering
If the poinetrs are equal, we don't have to do a deep comparison. This is similar to a similar optimization we already have in place for RRs and keys.
2016-01-18resolved: be slightly stricter when validating DnsQuestionLennart Poettering
Also verify whether the DNS RR types are actually suitable for a question.
2016-01-18resolved: make key argument of dns_question_contains() constLennart Poettering
2016-01-18resolved add dns_name_apply_idna() to convert a domain name into its IDNA ↵Lennart Poettering
equivalent
2016-01-18Merge pull request #2326 from poettering/dnssec15Tom Gundersen
Fifteenth batch of DNSSEC patches
2016-01-18journal-remote: update to 64bit µhttp api, provide fallbackZbigniew Jędrzejewski-Szmek
64 bit offset is now accepted, which is nice. The old function is deprecated, and generates a compile time warning when used. We only use an offset of 0, so we really don't care. Adapt to use the new function, but fall back to the old one on older versions.
2016-01-18journal-remote: fix warning about deprecated µhttpd macroZbigniew Jędrzejewski-Szmek
src/journal-remote/journal-remote.c:590:13: warning: Value MHD_HTTP_METHOD_NOT_ACCEPTABLE is deprecated, use MHD_HTTP_NOT_ACCEPTABLE return mhd_respond(connection, MHD_HTTP_METHOD_NOT_ACCEPTABLE, ^ The new define was added in 0.9.38. Instead of requiring the new libmicrohttpd version, provide the fallback, it is trivial.
2016-01-18resolve: fix return value from dns_packet_append_rr()Zbigniew Jędrzejewski-Szmek
2016-01-18udevd: initialize fds to -1 and close them before exitingZbigniew Jędrzejewski-Szmek
Little change in practice, because the program will exit soon afterwards, but the standard style of closing all fds is now followed. Also gets rid of gcc warning about fd_ctrl and fd_uevent being unitialized.
2016-01-18journald: do not free uninitialized pointer in error pathZbigniew Jędrzejewski-Szmek
2016-01-18logind: simplify job variable handlingZbigniew Jędrzejewski-Szmek
manager_{start,stop}_{slice,scope,unit} functions had an optional job output parameter. But all callers specified job, so make the parameter mandatory, add asserts. Also extract common job variable handling to a helper function to avoid duplication. Avoids gcc warning about job being unitialized.
2016-01-18logind: do not use an uninitialized variableZbigniew Jędrzejewski-Szmek
We requested various fields using SD_BUS_CREDS_AUGMENT but at least sd_bus_creds_get_tty can fail with ENXIO, not setting the output variable.
2016-01-18sd-event: fix theoretical leak on error in event_make_signal_dataZbigniew Jędrzejewski-Szmek
2016-01-18sd-ndisc: simplify if stmt and reindent log messagesZbigniew Jędrzejewski-Szmek
Merge separate two error handling statements into two nested ifs. This looks cleaner, and avoids a gcc warning about *prefix being uninitialized. While at it, fix identation of logging statements elsewhere in the file.
2016-01-18sd-ndisc: simplify ndisc_prefix_newZbigniew Jędrzejewski-Szmek
If the initial allocation succeeded, there is no way to fail, so cleanup function is not necessary.
2016-01-18sd-device: initialize variables to avoid warningZbigniew Jędrzejewski-Szmek
The code is correct, assuming that the kernel does not feed us garbled data. Let's initialize those variables to avoid the warning anyway.
2016-01-18bus-kernel: reword assignment of dst_id in bus_message_setup_kmsgZbigniew Jędrzejewski-Szmek
Setting of dst_id was based on interplay of two booleans, making the logic hard to follow (for humans and compilers alike). gcc was confused and emmitted a warning about an uninitialized variable. Rework the code to make it obvious that dst_id is set properly.
2016-01-18sd-netlink: remove unused tableZbigniew Jędrzejewski-Szmek
2016-01-18basic: add missing word in commentZbigniew Jędrzejewski-Szmek
2016-01-18basic/escape: merge utf8 and non-utf8 paths in cunescape_oneZbigniew Jędrzejewski-Szmek
Not every byte sequence is valid utf8. We allow escaping of non-utf8 sequences in strings by using octal and hexadecimal escape sequences (\123 and \0xAB) for bytes at or above 128. Users of cunescape_one could infer whether such use occured when they received an answer between 128 and 256 in *ret (a non-ascii one byte character). But this is subtle and misleading: the comments were wrong, because ascii is a subset of unicode, so c != 0 did not mean non-unicode, but rather ascii-subset-of-unicode-or-raw-byte. This was all rather confusing, so make the "single byte" condition explicit. I'm not convinced that allowing non-utf8 sequences to be produced is useful in all cases where we allow it (e.g. in config files), but that behaviour is unchanged, just made more explicit. This also fixes an (invalid) gcc warning about unitialized variable (*ret_unicode) in callers of cunescape_one.
2016-01-18core/dbus-execute: do not needlessly compare strings againZbigniew Jędrzejewski-Szmek
gcc complains that dirs might be unitialized. It cannot, but we just checked that name has one of three values above, so no need to check again.
2016-01-18test-bus-error: add tests for setting error == 0Zbigniew Jędrzejewski-Szmek
2016-01-18sd-event: check clock argument to sd_event_now()Zbigniew Jędrzejewski-Szmek
sd_event_now() is a public function, so we must check all arguments for validity. Update man page and add tests. Sample debug message: Assertion 'IN_SET(clock, CLOCK_REALTIME, CLOCK_REALTIME_ALARM, CLOCK_MONOTONIC, CLOCK_BOOTTIME, CLOCK_BOOTTIME_ALARM)' failed at src/libsystemd/sd-event/sd-event.c:2719, function sd_event_now(). Ignoring.
2016-01-18bus-error: verify additional error maps during installationZbigniew Jędrzejewski-Szmek
Go over the entries in the map and check that they make sense. Tests are added. In the future we might want to do additional checks, e.g. verifying that the error names are in the expected format.
2016-01-18basic,bus-error: return negative error from errno_from_nameZbigniew Jędrzejewski-Szmek
errno_from_name used an unusual return convention where 0 meant "not found". This tripped up config_parse_syscall_errno(), which would treat that as success. Return -EINVAL instead, and adjust bus_error_name_to_errno() for the new convention. Also remove a goto which was used as a simple if and clean up surroudning code a bit.
2016-01-18Use negative_errno() to assert errno is positive after a few system callsZbigniew Jędrzejewski-Szmek
This is not particularly intrusive because it happens in simple utility functions. It helps gcc understand that error codes are negative. This gets a rid of most of the remaining warnings.
2016-01-18Merge pull request #2347 from aroig/gh/fix-udev-user-wantsDaniel Mack
Fix broken SYSTEMD_USER_WANTS in udev rules.
2016-01-18core: fix memory leak on failed preset-allEvgeny Vereshchagin
How to reproduce $ systemctl set-default multi-user # https://github.com/systemd/systemd/issues/2298 $ systemctl preset-all Failed to execute operation: Too many levels of symbolic links $ systemctl poweroff Fixes: ==1== ==1== HEAP SUMMARY: ==1== in use at exit: 65,645 bytes in 7 blocks ==1== total heap usage: 40,539 allocs, 40,532 frees, 30,147,547 bytes allocated ==1== ==1== 109 (24 direct, 85 indirect) bytes in 1 blocks are definitely lost in loss record 2 of 7 ==1== at 0x4C2BBCF: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4C2DE2F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x23DA71: unit_file_changes_add (install.c:233) ==1== by 0x23E45D: remove_marked_symlinks_fd (install.c:453) ==1== by 0x23E267: remove_marked_symlinks_fd (install.c:405) ==1== by 0x23E641: remove_marked_symlinks (install.c:494) ==1== by 0x243A91: execute_preset (install.c:2190) ==1== by 0x244343: unit_file_preset_all (install.c:2351) ==1== by 0x18AAA2: method_preset_all_unit_files (dbus-manager.c:1846) ==1== by 0x1D8157: method_callbacks_run (bus-objects.c:420) ==1== by 0x1DA9E9: object_find_and_run (bus-objects.c:1257) ==1== by 0x1DB02B: bus_process_object (bus-objects.c:1373) ==1== ==1== LEAK SUMMARY: ==1== definitely lost: 24 bytes in 1 blocks ==1== indirectly lost: 85 bytes in 1 blocks ==1== possibly lost: 0 bytes in 0 blocks ==1== still reachable: 65,536 bytes in 5 blocks ==1== suppressed: 0 bytes in 0 blocks ==1== Reachable blocks (those to which a pointer was found) are not shown. ==1== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==1== ==1== For counts of detected and suppressed errors, rerun with: -v ==1== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
2016-01-17resolved: fix logging about DNAME redirectionLennart Poettering
2016-01-17resolved: when we find a DNAME RR, don't insist in a signed CNAME RRLennart Poettering
If we have a signed DNAME RR response, there's no need to insist on a signature for a CNAME RR response, after all it is unlikely to be signed, given the implicit synthethis of CNAME through DNAME RRs.
2016-01-17Fix broken SYSTEMD_USER_WANTS in udev rules.Abdo Roig-Maranges
The functionality of SYSTEMD_USER_WANTS that attaches dependencies to device units from udev rules was broken since commit b2c23da8. I guess it was due to a mass replace s/SYSTEMD_USER/MANAGER_USER/.
2016-01-17resolved: update DNSSEC TODOLennart Poettering
2016-01-17resolved: try to reduce number or DnsResourceKeys we keep around by merging themLennart Poettering
Quite often we read the same RR key multiple times from the same message. Try to replace them by a single object when we notice this. Do so again when we add things to the cache. This should reduce memory consumption a tiny bit.
2016-01-17resolved: when switching between DNSSEC modes, possibly flush cachesLennart Poettering
If the networkd configuration changes during runtime, make sure to flush all caches when we switch from a less trusted to a more trusted mode.
2016-01-17resolved: when the server feature level changes between query and response ↵Lennart Poettering
restart transaction In some cases we learn something about a server's feature level through its responses. If we notice that after doing basic checking of a response, and after collecting all auxiliary DNSSEC info the feature level of the server is lower than where we started, restart the whole transaction. This is useful to deal with servers that response rubbish when talked to with too high feature levels.
2016-01-17resolved: check OPT RR before accepting a reply for verification of server ↵Lennart Poettering
feature level Let's make sure we first check if the OPT was lost in the reply, before we accept a reply as successful and use it for verifying the current feature level.