summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-08-25Merge pull request #1022 from poettering/machinectl-shellTom Gundersen
Add new "machinectl shell" command for su(1)-like behaviour
2015-08-25Merge pull request #1029 from jsynacek/unprivileged-wall-message-v2Lennart Poettering
logind/systemctl: introduce SetWallMessage and --message
2015-08-25resolved: allow dns_cache_put() without a questionDaniel Mack
Currently, dns_cache_put() does a number of things: 1) It unconditionally removes all keys contained in the passed question before adding keys from the newly arrived answers. 2) It puts positive entries into the cache for all RRs contained in the answer. 3) It creates negative entries in the cache for all keys in the question that are not answered. Allow passing q = NULL in the parameters and skip 1) and 3), so we can use that function for mDNS responses. In this case, the question is irrelevant, we are interested in all answers we got.
2015-08-25sd-network: make LLMNR specific config parser genericDaniel Mack
Rename the enum, the lookup functions and the parser for LLMNRSupport so the type can be reused for mDNS.
2015-08-25resolved: move assertionDaniel Mack
Make a scope with invalid protocol state fail as soon as possible.
2015-08-25resolved: use switch-case statements for protocol detailsDaniel Mack
With more protocols to come, switch repetitive if-else blocks with a switch-case statements.
2015-08-25logind/systemctl: introduce SetWallMessage and --messageJan Synacek
Enable unprivileged users to set wall message on a shutdown operation. When the message is set via the --message option, it is logged together with the default shutdown message. $ systemctl reboot --message "Applied kernel updates." $ journalctl -b -1 ... systemd-logind[27]: System is rebooting. (Applied kernel updates.) ...
2015-08-25resolved: remove runtime check for previously asserted conditionDaniel Mack
2015-08-24resolved: change error code when trying to resolve direct LLMNR PTR RRsLennart Poettering
If we try to resoolve an LLMNR PTR RR we shall connect via TCP directly to the specified IP address. We already refuse to do this if the address to resolve is of a different address family as the transaction's scope. The error returned was EAFNOSUPPORT. Let's change this to ESRCH which is how we indicate "not server available" when connecting for LLMNR or DNS, since that's what this really is: we have no server we could connect to in this address family. This allows us to ensure that no server errors are always handled the same way.
2015-08-24resolve-host: support parsing numeric interface namesLennart Poettering
If the user specifies an interface by its ifindex we should handle this nicely. Hence let's try to parse the ifindex as a number before we try to resolve it as an interface name.
2015-08-24resolved: remove duplicate handling of "no servers" query resultLennart Poettering
So far we handled immediate "no server" query results differently from "no server" results we ran into during operation: the former would cause the dns_query_go() call to fail with ESRCH, the later would result in the query completion callback to be called. Remove the duplicate codepaths, by always going through the completion callback. This allows us to remove quite a number of lines for handling the ESRCH. This commit should not alter behaviour at all.
2015-08-24resolved: replace transaction list by hashmapLennart Poettering
Right now we keep track of ongoing transactions in a linked listed for each scope. Replace this by a hashmap that is indexed by the RR key. Given that all ongoing transactions will be placed in pretty much the same scopes usually this should optimize behaviour. We used to require a list here, since we wanted to do "superset" query checks, but this became obsolete since transactions are now single-key instead of multi-key.
2015-08-24machinectl: extend the "shell" syntax to take user@container namesLennart Poettering
In order to make "machinectl shell" more similar to ssh, allow the following syntax to connect to a container under a specific username: machinectl shell lennart@fedora Also beefs up related man page documentation.
2015-08-24machinectl: make machine name parameters for "shell" and "login" optionalLennart Poettering
If no machine name is specified, imply that we connect to ".host", i.e. the local host.
2015-08-24machined: beef up PolicyKit actionsLennart Poettering
Introduce separate actions for creating login or shell sessions for the local host or a local container. By default allow local unprivileged clients to create new login sessions (which is safe, since getty will ask for username and authentication). Also, imply login privs from shell privs, as well as shell and login privs from manage privs.
2015-08-24systemctl: properly handle empty control group paths in "status"Lennart Poettering
When showing the status of the "-.slice" slice root unit (whose reported cgroup path is ""), we suppressed the cgroup tree so far, because skipped it for all unit with an empty cgroup path. Let's fix that, and properly handle the empty cgroup path.
2015-08-24machined: userns is only supported for container-class machinesLennart Poettering
We do not support userns for VM machines or for the host itself.
2015-08-24machinectl: don't show ".host" pseudo-machine in list by defaultLennart Poettering
Let's hide all machines whose name begins with "." by default, thus hiding the ".host" pseudo-machine, unless --all is specified. This takes inspiration from the ".host" image handling in "machinectl list-images" which also hides all images whose name starts with ".".
2015-08-24machined: introduce pseudo-machine ".host" refererring to the host systemLennart Poettering
Some of the operations machined/machinectl implement are also very useful when applied to the host system (such as machinectl login, machinectl shell or machinectl status), hence introduce a pseudo-machine by the name of ".host" in machined that refers to the host system, and may be used top execute operations on the host system with. This copies the pseudo-image ".host" machined already implements for image related commands. (This commit also adds a PK privilege for opening a PTY in a container, which was previously not accessible for non-root.)
2015-08-24machined: validate machine names at more placesLennart Poettering
When enumerating machines from /run, and when accepting machine names for operations, be more strict and always validate. Note that these checks are strictly speaking unnecessary, since enumeration happens only on the trusted /run...
2015-08-24util: make machine_name_is_valid() a macro and move it to hostname-util.hLennart Poettering
As it turns out machine_name_is_valid() does the exact same thing as hostname_is_valid() these days, as it just invoked that and checked the name length was < 64. However, hostname_is_valid() checks the length against HOST_NAME_MAX anyway (which is 64 on Linux), hence any additional check is redundant. We hence replace machine_name_is_valid() by a macro that simply maps it to hostname_is_valid() but sets the allow_trailing_dot parameter to false. We also move this this call to hostname-util.h, to the same place as the hostname_is_valid() declaration.
2015-08-24util: make hostname_is_valid() easier to readLennart Poettering
Add more comments, and rename some parameters and variables to be more expressive.
2015-08-24machined: always look for leader PID firstLennart Poettering
When looking for the machine belonging to a PID, always look for the leader first, only then fall back to a cgroup check. We keep direct track of the leader PID, but only indirectly of the cgroup, hence prefer the PID.
2015-08-24machinectl: add new "machinectl shell" commandLennart Poettering
This makes use of machined's new OpenShell() command and allows opening a new interactive shell in any container.
2015-08-24machined: add new OpenShell() bus callLennart Poettering
This new bus call opens an interactive shell in a container. It works like the existing OpenLogin() call, but does not involve getty, and instead opens an arbitrary command line. This is similar to "systemd-run -t -M" but is controlled by a specific PolicyKit privilege.
2015-08-24core: open up more executable properties via the busLennart Poettering
This is preparation for a later commit that makes use of these properties for spawning an interactive shell in a container.
2015-08-24core: optionally create LOGIN_PROCESS or USER_PROCESS utmp entriesLennart Poettering
When generating utmp/wtmp entries, optionally add both LOGIN_PROCESS and INIT_PROCESS entries or even all three of LOGIN_PROCESS, INIT_PROCESS and USER_PROCESS entries, instead of just a single INIT_PROCESS entry. With this change systemd may be used to not only invoke a getty directly in a SysV-compliant way but alternatively also a login(1) implementation or even forego getty and login entirely, and invoke arbitrary shells in a way that they appear in who(1) or w(1). This is preparation for a later commit that adds a "machinectl shell" operation to invoke a shell in a container, in a way that is compatible with who(1) and w(1).
2015-08-24Merge pull request #1012 from gentoo-root/masterTom Gundersen
sd-device: fix enumeration of devices without subsystem
2015-08-24sd-bus: don't list activators as proper peersDavid Herrmann
If a connection passed KDBUS_HELLO_ACTIVATOR, it cannot do I/O on the bus. Hence, we should not treat it as proper peer. To actually query it, you have to explicitly ask for activators. This makes kdbus in-line with what dbus-daemon does.
2015-08-24Revert "sd-bus: include queried path in GetManagedObjects"David Herrmann
This reverts commit 92d16a53e385781a55d9231d9f8f89c1747ab0e4. As it turns out, this is not how ObjectManager is supposed to work. It is just a special behavior of BlueZ, but no-one else implements it this way. Revert the patch as discussed on github, and as such revert to the previous behavior (as described in the spec).
2015-08-22sd-device: fix enumeration of devices without subsystemMaxim Mikityanskiy
Prior to commit c32eb440bab953a0169cd207dfef5cad16dfb340, libudev's function udev_enumerate_scan_devices() had behaved differently. If parent match was added with udev_enumerate_add_match_parent(), udev_enumerate_scan_devices() did not return error if some child devices had no subsystem symlink in sysfs. An example of such devices is USB endpoints /sys/bus/usb/devices/*/ep_*. If there was a parent match against USB device, old implementation of udev_enumerate_scan_devices() did not treat ep_* device directories without subsystem symlink as error and just ignored them, but new implementation returns -ENOENT (also ignoring these devices) though correctly enumerates all other matching devices. To compare, you could look at 96df036fe3d25525a44f5efdb2fc8560e82e6cfd, in src/libudev/libudev-enumerate.c, function parent_add_child(): if (!match_subsystem(enumerate, udev_device_get_subsystem(dev))) goto nomatch; udev_device_get_subsystem() was returning NULL, match_subsystem() was returning false, and USB endpoint device was ignored. New parent_add_child() from src/libsystemd/sd-device/device-enumerator.c checks return value of sd_device_get_subsystem() and fails if subsystem was not found. Absence of subsystem symlink should not be really treated as error because all enumerations of children of USB devices will fail with -ENOENT. This new behavior also breaks system-config-printer. So restore old behavior and treat absence of subsystem symlink as no match.
2015-08-22Merge pull request #1010 from poettering/resolved-question-keyTom Gundersen
only maintain one question RR key per transaction and other fixes
2015-08-21resolved: always split up questions into per-RR transactionsLennart Poettering
We do so for Unicast DNS and LLMNR anyway, let's also do this for mDNS, and simplify things.
2015-08-21resolved: only maintain one question RR key per transactionLennart Poettering
Let's simplify things and only maintain a single RR key per transaction object, instead of a full DnsQuestion. Unicast DNS and LLMNR don't support multiple questions per packet anway, and Multicast DNS suggests coalescing questions beyond a single dns query, across the whole system.
2015-08-21resolved: add extra check for family when doing LLMNR TCP connectionsLennart Poettering
It shouldn't happen that we try to resolve IPv4 addresses via LLMNR on IPv6 and vice versa, but let's explicitly verify that we don't turn an IPv4 LLMNR lookup into an IPv6 TCP connection.
2015-08-21resolved: add reference to negative caching RFCLennart Poettering
2015-08-21remove unused variablesThomas Hindoe Paaboel Andersen
2015-08-21Merge pull request #1005 from poettering/resolved-refuse-compressionTom Gundersen
Don't do name compression when passing RRs across the bus
2015-08-21resolve-host: Minor wording improvementLennart Poettering
2015-08-21resolved: when passing RRs across the bus, make sure not to use name compressionLennart Poettering
We explicitly need to turn off name compression when marshalling or demarshalling RRs for bus transfer, since they otherwise refer to packet offsets that reference packets that are not transmitted themselves.
2015-08-21core: downgrade "Module inserted" message for kmod to DEBUGLennart Poettering
Closes #919.
2015-08-21Merge pull request #1002 from poettering/resolved-variousTom Gundersen
resolved: synthesize more RRs locally and other fixes
2015-08-21resolved: rework synthesizing logicLennart Poettering
With this change we'll now also generate synthesized RRs for the local LLMNR hostname (first label of system hostname), the local mDNS hostname (first label of system hostname suffixed with .local), the "gateway" hostname and all the reverse PTRs. This hence takes over part of what nss-myhostname already implemented. Local hostnames resolve to the set of local IP addresses. Since the addresses are possibly on different interfaces it is necessary to change the internal DnsAnswer object to track per-RR interface indexes, and to change the bus API to always return the interface per-address rather than per-reply. This change also patches the existing clients for resolved accordingly (nss-resolve + systemd-resolve-host). This also changes the routing logic for queries slightly: we now ensure that the local hostname is never resolved via LLMNR, thus making it trustable on the local system.
2015-08-21resolved: make DnsQuestion logic handle NULL arrays as empty arraysLennart Poettering
Following our usual logic of treating NULL arrays as empty arrays (for example, see strv.c) do the same for questions too.
2015-08-21resolved: minor typo comment fixLennart Poettering
2015-08-21dns-domain: add call for concatenating two domain namesLennart Poettering
This is specifically useful for appending the mDNS ".local" suffix to a single-label hostname in the most correct way. (used in later commit)
2015-08-21hostname-util: introduce new is_gateway_hostname() callLennart Poettering
This moves is_gateway() from nss-myhostname into the basic APIs, and makes it more like is_localhost(). Also, we rename it to is_gateway_hostname() to make it more expressive. Sharing this function in src/basic/ allows us to reuse the function for routing name requests in resolved (in a later commit).
2015-08-21network: Save DNS and NTP data for a DHCPv6 linkPatrik Flykt
Append DNS and NTP data obtained via DHCPv6 when the Link is saved.
2015-08-21network: Add function to serialize an IPv6 addressPatrik Flykt
2015-08-21test-dhcp6-client: Add tests for DNS and NTP optionsPatrik Flykt
Test option setting and getting in test_advertise_option(). Verify that the information provided in DHCPv6 Reply messages is also available in the Information and Solicit callbacks.