Age | Commit message (Collapse) | Author |
|
It seems that resources are properly deallocated by MHD_destroy_response,
even if enqueuing the request fails.
Also replace a trivial printf with alloca and fixup log message
(it'll now be something like "Connection from CN=some.host.name",
which seems clear enough.)
|
|
This chunk got lost in one of the rebases :(
|
|
new verb "poweroff"
There's really no point to send the reboot SIGINT from machinectl
directly, if machined can do that anyway. This saves code, and
makes machinectl network transparent for these verbs. And while we are
at it we can easily add a "poweroff" verb in addition to "reboot". Yay!
|
|
"leader"
|
|
Given that glibc searches for /dev/shm by just looking for any tmpfs we
should be more careful with providing tmpfs instances arbitrary code
might end up writing to.
|
|
|
|
|
|
indicating a failure state
(Subject to --no-legend)
|
|
|
|
|
|
After all, it is ultimately linked to libsystems.so anyway, thus belongs
there and shares very little with the rest of logind, hence let's move
this away.
|
|
peers
This is supposed to be an extension of SO_PEERCRED and SO_PEERSEC,
except for cgroup information.
|
|
|
|
Now --listen-http=-3 --listen-https=-4 can be used to spawn a µhttpd
server on those two ports, in http and https modes respectively.
As before, --listen-http=3 --listen-https=4 will launch µhttpd servers
on ports 3 and 4.
|
|
Most of the messages we send do not require a allocating and
freeing a buffer, to optimize this by using const strings.
Also, rename respond_error to mhd_respond*, since it is used
not only for errors.
Make use of information from printf to avoid one extra call to
strlen.
|
|
The whole tool is made dependent on µhttpd availability. It should be
easy to make the µhttpd parts conditional, but since transfer over
HTTP seems to be the primary use case, currently this is not done.
Current implementation uses nested epoll loops: sd-event is used for
the external event loop, and µhttpd uses epoll in its own
loop. Unfortunately µhttpd does not expose enough information to add
the descriptors it uses to the external event loop. This means that
starvation of other events is possible, if one of the inner µhttpd
loops is constantly busy. This means that µhttpd servers should not
be mixed with other sources.
The TLS authentication parts haven't been really tested properly, and
should not be take too seriously.
|
|
|
|
If --trust=ca.crt is used, only clients presenting certificates signed
by the ca will be allowed to proceed. No hostname matching is
performed, so any client wielding a signed certificate will be
authorized.
Error functions are moved from journal-gateway to microhttp-util and
made non-static, since now they are used in two source files.
|
|
Prefix "gnutls: " is added. Some semi-random mapping of gnutls levels
to syslog levels is done, but since gnutls levels seem to be used
rather loosely, most end up as debug.
|
|
A certificate authority certificate will be presented to clients,
causing them to present their client certificate, if it is signed by
this authority (default behaviour of most clients). No certificate
checking is actually performed.
|
|
Also improve logging to print out the parsed address on error.
|
|
|
|
In preparation for use elsewhere.
|
|
|
|
|
|
|
|
addition to the host
|
|
|
|
|
|
|
|
|
|
GCC optimizes strlen("string constant") to a constant, even with -O0.
Thus, replace patterns like sizeof("string constant")-1 with
strlen("string constant") where possible, for clarity. In particular,
for expressions intended to add up the lengths of components going into
a string, this often makes it clearer that the expression counts the
trailing '\0' exactly once, by putting the +1 for the '\0' at the end of
the expression, rather than hidden in a sizeof in the middle of the
expression.
|
|
|
|
Otherwise the sequence number of a broadcast may match the sequence number of a
pending unicast message and cause confusion.
|
|
|
|
Use RTM_SETLINK to update an existing link.
|
|
|
|
|
|
This will let journald forward logs as messages sent to all logged in
users (like wall).
Two options are added:
* ForwardToWall (default yes)
* MaxLevelWall (default emerg)
'ForwardToWall' is overridable by kernel command line option
'systemd.journald.forward_to_wall'.
This is used to emulate the traditional syslogd behaviour of sending
emergency messages to all logged in users.
|
|
utmp_wall() now takes an optional argument 'username_override' which
allows the caller to override the username shown on wall messages.
journald will use this to inform users that its wall messages comes from
'systemd-journald'.
|
|
It's kinda pointless to include a unix fd header field in messages if it
carries the value 0, but let's do this anyway...
|
|
own callback
|
|
This is very useful when debugging sd-bus to look at messages.
|
|
It's HAVE_SPLIT_USR not HAVE_SPLIT_USER
|
|
|
|
This makes it possible to initialize or cleanup an arbitrary filesystem
hierarchy in the same way that it would be during system boot.
|
|
This adds the same root argument to search_and_fopen that
conf_files_list already has. Tools that use those two functions as a
pair can now be easily modified to load configuration files from an
alternate root filesystem tree.
|
|
|
|
|
|
This makes it possible to initialize the /etc/machine-id file on an
arbitrary filesystem hierarchy. This helps systems that wish to run
this at image creation time in a subdirectory, or from initramfs before
pivot-root is called.
[tomegun: converted to using _cleanup_free_ macros]
|