summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-08-24machined: validate machine names at more placesLennart Poettering
When enumerating machines from /run, and when accepting machine names for operations, be more strict and always validate. Note that these checks are strictly speaking unnecessary, since enumeration happens only on the trusted /run...
2015-08-24util: make machine_name_is_valid() a macro and move it to hostname-util.hLennart Poettering
As it turns out machine_name_is_valid() does the exact same thing as hostname_is_valid() these days, as it just invoked that and checked the name length was < 64. However, hostname_is_valid() checks the length against HOST_NAME_MAX anyway (which is 64 on Linux), hence any additional check is redundant. We hence replace machine_name_is_valid() by a macro that simply maps it to hostname_is_valid() but sets the allow_trailing_dot parameter to false. We also move this this call to hostname-util.h, to the same place as the hostname_is_valid() declaration.
2015-08-24util: make hostname_is_valid() easier to readLennart Poettering
Add more comments, and rename some parameters and variables to be more expressive.
2015-08-24machined: always look for leader PID firstLennart Poettering
When looking for the machine belonging to a PID, always look for the leader first, only then fall back to a cgroup check. We keep direct track of the leader PID, but only indirectly of the cgroup, hence prefer the PID.
2015-08-24machinectl: add new "machinectl shell" commandLennart Poettering
This makes use of machined's new OpenShell() command and allows opening a new interactive shell in any container.
2015-08-24machined: add new OpenShell() bus callLennart Poettering
This new bus call opens an interactive shell in a container. It works like the existing OpenLogin() call, but does not involve getty, and instead opens an arbitrary command line. This is similar to "systemd-run -t -M" but is controlled by a specific PolicyKit privilege.
2015-08-24core: open up more executable properties via the busLennart Poettering
This is preparation for a later commit that makes use of these properties for spawning an interactive shell in a container.
2015-08-24core: optionally create LOGIN_PROCESS or USER_PROCESS utmp entriesLennart Poettering
When generating utmp/wtmp entries, optionally add both LOGIN_PROCESS and INIT_PROCESS entries or even all three of LOGIN_PROCESS, INIT_PROCESS and USER_PROCESS entries, instead of just a single INIT_PROCESS entry. With this change systemd may be used to not only invoke a getty directly in a SysV-compliant way but alternatively also a login(1) implementation or even forego getty and login entirely, and invoke arbitrary shells in a way that they appear in who(1) or w(1). This is preparation for a later commit that adds a "machinectl shell" operation to invoke a shell in a container, in a way that is compatible with who(1) and w(1).
2015-08-24Merge pull request #1012 from gentoo-root/masterTom Gundersen
sd-device: fix enumeration of devices without subsystem
2015-08-24sd-bus: don't list activators as proper peersDavid Herrmann
If a connection passed KDBUS_HELLO_ACTIVATOR, it cannot do I/O on the bus. Hence, we should not treat it as proper peer. To actually query it, you have to explicitly ask for activators. This makes kdbus in-line with what dbus-daemon does.
2015-08-24Revert "sd-bus: include queried path in GetManagedObjects"David Herrmann
This reverts commit 92d16a53e385781a55d9231d9f8f89c1747ab0e4. As it turns out, this is not how ObjectManager is supposed to work. It is just a special behavior of BlueZ, but no-one else implements it this way. Revert the patch as discussed on github, and as such revert to the previous behavior (as described in the spec).
2015-08-22sd-device: fix enumeration of devices without subsystemMaxim Mikityanskiy
Prior to commit c32eb440bab953a0169cd207dfef5cad16dfb340, libudev's function udev_enumerate_scan_devices() had behaved differently. If parent match was added with udev_enumerate_add_match_parent(), udev_enumerate_scan_devices() did not return error if some child devices had no subsystem symlink in sysfs. An example of such devices is USB endpoints /sys/bus/usb/devices/*/ep_*. If there was a parent match against USB device, old implementation of udev_enumerate_scan_devices() did not treat ep_* device directories without subsystem symlink as error and just ignored them, but new implementation returns -ENOENT (also ignoring these devices) though correctly enumerates all other matching devices. To compare, you could look at 96df036fe3d25525a44f5efdb2fc8560e82e6cfd, in src/libudev/libudev-enumerate.c, function parent_add_child(): if (!match_subsystem(enumerate, udev_device_get_subsystem(dev))) goto nomatch; udev_device_get_subsystem() was returning NULL, match_subsystem() was returning false, and USB endpoint device was ignored. New parent_add_child() from src/libsystemd/sd-device/device-enumerator.c checks return value of sd_device_get_subsystem() and fails if subsystem was not found. Absence of subsystem symlink should not be really treated as error because all enumerations of children of USB devices will fail with -ENOENT. This new behavior also breaks system-config-printer. So restore old behavior and treat absence of subsystem symlink as no match.
2015-08-22Merge pull request #1010 from poettering/resolved-question-keyTom Gundersen
only maintain one question RR key per transaction and other fixes
2015-08-21resolved: always split up questions into per-RR transactionsLennart Poettering
We do so for Unicast DNS and LLMNR anyway, let's also do this for mDNS, and simplify things.
2015-08-21resolved: only maintain one question RR key per transactionLennart Poettering
Let's simplify things and only maintain a single RR key per transaction object, instead of a full DnsQuestion. Unicast DNS and LLMNR don't support multiple questions per packet anway, and Multicast DNS suggests coalescing questions beyond a single dns query, across the whole system.
2015-08-21resolved: add extra check for family when doing LLMNR TCP connectionsLennart Poettering
It shouldn't happen that we try to resolve IPv4 addresses via LLMNR on IPv6 and vice versa, but let's explicitly verify that we don't turn an IPv4 LLMNR lookup into an IPv6 TCP connection.
2015-08-21resolved: add reference to negative caching RFCLennart Poettering
2015-08-21remove unused variablesThomas Hindoe Paaboel Andersen
2015-08-21Merge pull request #1005 from poettering/resolved-refuse-compressionTom Gundersen
Don't do name compression when passing RRs across the bus
2015-08-21resolve-host: Minor wording improvementLennart Poettering
2015-08-21resolved: when passing RRs across the bus, make sure not to use name compressionLennart Poettering
We explicitly need to turn off name compression when marshalling or demarshalling RRs for bus transfer, since they otherwise refer to packet offsets that reference packets that are not transmitted themselves.
2015-08-21core: downgrade "Module inserted" message for kmod to DEBUGLennart Poettering
Closes #919.
2015-08-21Merge pull request #1002 from poettering/resolved-variousTom Gundersen
resolved: synthesize more RRs locally and other fixes
2015-08-21resolved: rework synthesizing logicLennart Poettering
With this change we'll now also generate synthesized RRs for the local LLMNR hostname (first label of system hostname), the local mDNS hostname (first label of system hostname suffixed with .local), the "gateway" hostname and all the reverse PTRs. This hence takes over part of what nss-myhostname already implemented. Local hostnames resolve to the set of local IP addresses. Since the addresses are possibly on different interfaces it is necessary to change the internal DnsAnswer object to track per-RR interface indexes, and to change the bus API to always return the interface per-address rather than per-reply. This change also patches the existing clients for resolved accordingly (nss-resolve + systemd-resolve-host). This also changes the routing logic for queries slightly: we now ensure that the local hostname is never resolved via LLMNR, thus making it trustable on the local system.
2015-08-21resolved: make DnsQuestion logic handle NULL arrays as empty arraysLennart Poettering
Following our usual logic of treating NULL arrays as empty arrays (for example, see strv.c) do the same for questions too.
2015-08-21resolved: minor typo comment fixLennart Poettering
2015-08-21dns-domain: add call for concatenating two domain namesLennart Poettering
This is specifically useful for appending the mDNS ".local" suffix to a single-label hostname in the most correct way. (used in later commit)
2015-08-21hostname-util: introduce new is_gateway_hostname() callLennart Poettering
This moves is_gateway() from nss-myhostname into the basic APIs, and makes it more like is_localhost(). Also, we rename it to is_gateway_hostname() to make it more expressive. Sharing this function in src/basic/ allows us to reuse the function for routing name requests in resolved (in a later commit).
2015-08-21network: Save DNS and NTP data for a DHCPv6 linkPatrik Flykt
Append DNS and NTP data obtained via DHCPv6 when the Link is saved.
2015-08-21network: Add function to serialize an IPv6 addressPatrik Flykt
2015-08-21test-dhcp6-client: Add tests for DNS and NTP optionsPatrik Flykt
Test option setting and getting in test_advertise_option(). Verify that the information provided in DHCPv6 Reply messages is also available in the Information and Solicit callbacks.
2015-08-21sd-dhcp6: Support deprecated SNTP Configuration OptionPatrik Flykt
Although the SNTP option specified in RFC 4075 has been deprecated, some servers are still sending NTP information with this option. Use the SNTP information provided only if the NTP option is not present. Update the test case as SNTP information is also requested.
2015-08-21sd-dhcp6: Add support for DHCPv6 NTP Server OptionPatrik Flykt
Support NTP server and multicast addresses and NTP server domain names as specified in RFC 5908.
2015-08-21sd-dhcp6: Add support for DHCPv6 DNS Domain Search List optionPatrik Flykt
Support DHCPv6 DNS search list option as specified in RFC 3646. This option contains a list of DNS search domains encoded without compression as specified in Section 8. of RFC 3315.
2015-08-21sd-dhcp6: Add support for DHCPv6 DNS Recursive Name Server optionPatrik Flykt
Support DHCPv6 DNS server option as specified in RFC 3646. This option contains a list of IPv6 DNS server addresses.
2015-08-21dhcp6-option: Add helper function for uncompressed domain namesPatrik Flykt
Add a helper function containing a modified version of dns_packet_read_name() that does not use DnsPacket to extract a string array of domain names from the provided option data. The domain names are stored uncompressed as defined in Section 8. of RFC 3315.
2015-08-21dhcp6-option: Add helper function for fetching IPv6 addressesPatrik Flykt
Add a helper function that extracts a block of IPv6 addresses from the provided option data.
2015-08-21sd-dhcp6-client: Save a DHCPv6 lease also with Information ReplyPatrik Flykt
As the lease structure contains interesting information, save it also for the Information Reply.
2015-08-21sd-dhcp6-client: Fix unreferencing DHCPv6 lease on client resetPatrik Flykt
When the DHCPv6 client is started by the library user or stopped for any reason, unref the DHCPv6 lease when resetting the DHCPv6 client data structure. This makes the DHCPv6 client always start from a clean state and not keep unnecessary an lease structure around when stopped. If this is not done, a previously existing lease information can be interpreted to be from another server when restarting DHCPv6.
2015-08-20timedatectl: when no timezone is set consider UTC the defaultLennart Poettering
This fixes #993, and ensures that the libc does not consider any old timezone information into account, that was set earlier.
2015-08-19Merge pull request #990 from owtaylor/issue-989David Herrmann
Issue 989 - logind: VT is not properly reset on session close
2015-08-19timedatectl: assert timezone is not null in setenv() call.Dimitri John Ledkov
setenv is declared as: extern int setenv (const char *__name, const char *__value, int __replace) __THROW __nonnull ((2)); And i->timezone can be NULL, if for example /etc/localtime is missing. Previously that worked, but now result in a libc dumping core, as seen with gcc 2.22, due to: https://sourceware.org/ml/glibc-cvs/2015-q2/msg00075.html
2015-08-18logind: get a fresh file descriptor to clean up a VTOwen W. Taylor
When the controlling process exits, any existing file descriptors for that FD will be marked as hung-up and ioctls on them will file with EIO. To work around this, open a new file descriptor for the VT we want to clean up. Thanks to Ray Strode for help in sorting out the problem and coming up with a fix! https://github.com/systemd/systemd/issues/989
2015-08-18logind: use open_terminal() instead of open()Owen W. Taylor
The open_terminal() function adds retries in case a terminal is in the process of being closed when we open it, and should generally be used to open a terminal. We especially need it for code that a subsequent commit adds that reopens the terminal at session shut-down time; such races would be more likely in that case. Found by Ray Strode.
2015-08-18journal: fix json output of unicode charactersDaniel Mack
2015-08-18journal: remove error check that never happensThomas Hindoe Paaboel Andersen
remove_directory will always return 0 so this can never happen. Besides that, d->path and d are freed so we would end up with a null pointer dereference anyway.
2015-08-17Merge pull request #977 from richardmaw-codethink/machinectl-userns-login-v2Lennart Poettering
Fix machinectl login with containers in user namespaces (v2)
2015-08-17Merge pull request #976 from elfring/Remove_unnecessary_checks2Lennart Poettering
Delete unnecessary checks before some function calls
2015-08-17Merge pull request #958 from stefwalter/fix-journalctl-f-regressionLennart Poettering
Regression: 'journalctl -f -t unmatched' doesn't block properly
2015-08-17namespace helpers: Allow entering a UID namespaceRichard Maw
To be able to use `systemd-run` or `machinectl login` on a container that is in a private user namespace, the sub-process must have entered the user namespace before connecting to the container's D-Bus, otherwise the UID and GID in the peer credentials are garbage. So we extend namespace_open and namespace_enter to support UID namespaces, and we enter the UID namespace in bus_container_connect_{socket,kernel}. namespace_open will degrade to a no-op if user namespaces are not enabled in the kernel. Special handling is required for the setns call in namespace_enter with a user namespace, since transitioning to your own namespace is forbidden, as it would result in re-entering your user namespace as root. Arguably it may be valid to check this at the call site, rather than inside namespace_enter, but it is less code to do it inside, and if the intention of calling namespace_enter is to *be* in the target namespace, rather than to transition to the target namespace, it is a reasonable approach. The check for whether the user namespace is the same must happen before entering namespaces, as we may not be able to access /proc during the intermediate transition stage. We can't instead attempt to enter the user namespace and then ignore the failure from it being the same namespace, since the error code is not distinct, and we can't compare namespaces while mid-transition.