summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-01-25resolved: use dns_query_reset_answer() where we canLennart Poettering
2016-01-25update DNSSEC TODOLennart Poettering
2016-01-25resolved: properly propagate query candidate errorLennart Poettering
We already properly propagate errors from transactions to queries. Make sure that errors that happened during handling of query candidates are propagated to the query, too.
2016-01-25resolved: replace DNS_TRANSACTION_RESOURCES by DNS_TRANSACTION_ERRNOLennart Poettering
Whenever we encounter an OS error we did not expect, we so far put the transaction into DNS_TRANSACTION_RESOURCES state. Rename this state to DNS_TRANSACTION_ERRNO, and save + propagate the actual system error to the caller. This should make error messages triggered by system errors much more readable by the user.
2016-01-25resolved: log recognizably about DNSSEC downgradesLennart Poettering
If we downgrade from DNSSEC to non-DNSSEC mode, let's log about this in a recognizable way (i.e. with a message ID), after all, this is of major importance.
2016-01-25resolved: synthesize RRs for data from /etc/hostsLennart Poettering
This way the difference between lookups via NSS and our native bus API should become minimal.
2016-01-25resolved: when synthesizing RR responses, own the name fullyLennart Poettering
When we synthesize A/AAAA for domains like "localhost", then make sure we generate ENODATA if the user asks for RR types such a RP to be solved on the name. Previously, we'd pass the error back in that case that was generated from the usual lookup procedure.
2016-01-25resolved: properly handle LLMNR/TCP connection errorsLennart Poettering
The LLMNR spec suggests to do do reverse address lookups by doing direct LLMNR/TCP connections to the indicated address, instead of doing any LLMNR multicast queries. When we do this and the peer doesn't actually implement LLMNR this will result in a TCP connection error, which we need to handle. In contrast to most LLMNR lookups this will give us a quick response on whether we can find a suitable name. Report this as new transaction state, since this should mostly be treated like an NXDOMAIN rcode, except that it's not one.
2016-01-25core: normalize error handling a bit, in setup_pam()Lennart Poettering
Assign errno-style errors to a variable called "r" when they happen, the same way we do this in most other calls. It's bad enough that the error handling part of the function deals with two different error variables (pam_code and r) now, but before this fix it was even three!
2016-01-25resolved: fix rcode formatting string lengthLennart Poettering
Since we honour the edns rcode extension we need more than 4 bits to format it. To avoid further confusion, derive the right length from the type.
2016-01-25resolve: fix wording in resolver statistics outputLennart Poettering
Now that we count both negative and positive validation results, we shouldn't claim we just counted RRsets.
2016-01-25resolved: log each time we increase the DNSSEC verdict countersLennart Poettering
Also, don't consider RRs that aren't primary to the lookups we do as relevant to the lookups.
2016-01-25resolved: never store NSEC/NSEC3 RRs from the upper zone of a zone cut in cacheLennart Poettering
When using NSEC/NSEC3 RRs from the cache to derive existance of arbitrary RRs, we should not get confused by the fact that NSEC/NSEC3 RRs exist twice at zone cuts: once in the parent zone, and once in the child zone. For most RR types we should only consult the latter since that's where the beef is. However, for DS lookups we have to check the former. This change makes sure we never cache NSEC/NSEC3 RRs from any parent zone of a zone-cut. It also makes sure that when we look for a DS RR in the cache we never consider any cached NSEC RR, as those are now always from the child zone.
2016-01-25resolved: if we detect a message with incomplete DNSSEC data, consider this ↵Lennart Poettering
an invalid packet event
2016-01-25resolved: also collect statistics about negative DNSSEC proofsLennart Poettering
We already maintain statistics about positive DNSSEC proofs, and count them up by 1 for each validated RRset. Now, update the same counters each time we validated a negative query, so that the statistics are the combined result of all validation checks, both positive and negative.
2016-01-25resolve: use different bitmap checking rules when we find an exact NSEC3 ↵Lennart Poettering
match, or just a covering enclosure If we are looking for a DS RR we need to check the NSEC3 bitmap of the parent zone's NSEC3 RR, not the one from the child. For any other RR we need to look at the child's however, hence enforce this with the bitmaps. Note that not coverign checks only the lower zone's NSEC3 bitmaps matter, hence the existing check is fine.
2016-01-25resolve: minor strings improvementsLennart Poettering
2016-01-25resolve: rename "systemd-resolve-host" tool to simply "systemd-resolve"Lennart Poettering
The tool resolves way more than just hosts, hence give it a more generic name. This should be safe, as the tool is currently undocumented. Before we add documentation for it, let's get the name right. This also moves the C source into src/resolve/ (from src/resolve-host/), since the old name is a misnomer now. Also, since it links directly to many of the C files of resolved it really belongs into resolved's directory anyway.
2016-01-25resolved: get rid of unnecessary if checkLennart Poettering
DNS_ANSWER_FOREACH() can deal with NULL answers anyway, let's simplify our code here.
2016-01-25resolved: split out RR synthesis logic into its own C fileLennart Poettering
Also, while we are at it, set the "authenticated" bit for everything we synthesize
2016-01-25resolved: move dns_type_to_af() to dns-type.cLennart Poettering
2016-01-25resolve: generate a nice clean error when clients try to resolve a name when ↵Lennart Poettering
the network is down
2016-01-25resolved: when checking whether a link is relevant, check kernel operstateLennart Poettering
This mimics what networkd is doing to detect a carrier.
2016-01-25resolved: fix typoLennart Poettering
Noticed by @vcaputo
2016-01-25resolved: fix RR key reduction logicLennart Poettering
Fixes #2380.
2016-01-25logind,machined: bump TasksMax=Lennart Poettering
Issue #2388 suggests the current TasksMax= setting for user processes is to low. Bump it to 12K. Also, bump the container TasksMax= from 8K to 16K, so that it remains higher than the one for user processes. (Compare: the kernel default limit for processes system-wide is 32K). Fixes #2388
2016-01-25nspawn: fix memory leakMichal Sekletar
2016-01-24Merge pull request #2425 from yuwata/journal-remote-v4Zbigniew Jędrzejewski-Szmek
ZJS: remove unnecessary oom check after strdupa().
2016-01-24Merge pull request #2423 from keszybz/udevd-crash-in-cleanupDaniel Mack
udevd: do not clean up fds in main
2016-01-24journal-remote: fix broken --getter optionYu Watanabe
This commit fixes the following broken --getter option: when systemd-journal-remote is called with --getter option, it causes the error meesage "Zero sources specified" and the getter command will not be called.
2016-01-24journal-remote: output file name is determined by the remote hostnameYu Watanabe
When --url option is specified, e.g. --url='http://some.host:19531/entries' retrieved remote journal entries will be stored to /var/log/journal/remote/remote-some.host.journal
2016-01-24journal-remote: make --url option support arbitrary urlYu Watanabe
Currently, --url option supports the only form like http(s)://some.host:19531. This commit adds support to call systemd-journal-remote as follwos: systemd-journal-remote --url='http://some.host:19531' systemd-journal-remote --url='http://some.host:19531/' systemd-journal-remote --url='http://some.host:19531/entries' systemd-journal-remote --url='http://some.host:19531/entries?boot&follow' The first three example result the same and retrieve all entries. The last example retrieves only current boot entries and wait new events.
2016-01-23Merge pull request #2318 from vcaputo/coalesce-ftruncates-reduxZbigniew Jędrzejewski-Szmek
journal: coalesce ftruncate()s in 250ms windows
2016-01-23udevd: do not clean up fds in mainZbigniew Jędrzejewski-Szmek
fds will also be closed during manager cleanup in run, leading to an error when we try to close them again. It is now possible to "leak" the fds on error, but it's an unlikely event and we will exit immediately anyway. Fixes #2418.
2016-01-22Merge pull request #2410 from dobyrch/masterLennart Poettering
systemctl: Allow 'edit' and 'cat' on unloaded units
2016-01-22Merge pull request #2412 from fbuihuu/device-fixesLennart Poettering
Device fixes
2016-01-22device: make sure to not ignore re-plugged deviceFranck Bui
systemd automatically mounts device unless 'noauto' is part of the mount options. This can happen during boot if the device is plugged at that time or later when the system is already running (the latter case is not documented AFAICS). After the systemd booted, I plugged my USB device which had an entry in /etc/fstab with the default options and systemd automatically mounted it. However I noticed that if I unplugged and re-plugged the device the automatic mounting of the device didn't work anymore: systemd didn't notice that the device was re-plugged. This was due to the device unit which was not recycled by the GC during the unplug event because in the case of automounting, the mount unit still referenced it. When the device was re-plugged, the old device unit was reused but it still had the old sysfs path (amongst other useful information). Systemd was confused by the stalled sysfs path and decided to ignore the plug event. This patch fixes this issue by simply not doing the sanity checking on the sysfs path if the device is in unplugged state.
2016-01-22Merge pull request #2405 from zonque/sysusersDaniel Mack
sysusers: use GID_FMT and UID_FMT instead of %d
2016-01-22Merge pull request #2080 from ↵Daniel Mack
chaloulo/split-mode-host-remove-port-from-journal-filename journal-remote: split-mode=host, remove port from journal filename
2016-01-22systemd-activate: Add support for datagram socketsSusant Sahani
core: Add flexible way to provide socket type the socket type should be a diffrent argumet in make_socket_fd . In this way we can set the socket type like SOCK_STREAM SOCK_DGRAM in the address. journal-remote: modify make_socket_fd
2016-01-21systemctl: Allow 'edit' and 'cat' on unloaded unitsDouglas Christman
Don't fail if the unit has a LoadError; otherwise `systemctl edit` cannot be used to correct the error (e.g. multiple "ExecStart=" lines). Remove file changed warning so cat output isn't interspersed with log messages. Fixes #829
2016-01-21sysusers: use GID_FMT and UID_FMT instead of %dDaniel Mack
2016-01-21Merge pull request #1359 from jengelh/ueDaniel Mack
sysusers: help useless error message
2016-01-21Merge pull request #2071 from chaloulo/journal-upload-miss-logsDaniel Mack
journal-upload : Ignore journal event when already in uploading state.
2016-01-21Merge pull request #2401 from lnykryn/sysv-split-deps-v4Lennart Poettering
v4: sysv-generator: do not join dependencies on one line, split them
2016-01-21sysv-generator: do not join dependencies on one line, split themLukas Nykryn
If there is a lot of initscripts and dependencies between them we might end generating After= (and similar) lines which are longer then LINE_MAX and thus rejected by parser in systemd. Fixes #2099
2016-01-21Merge pull request #2371 from evverx/add-valgrind-helper-for-daemon-reexecDaniel Mack
core: add valgrind helper for daemon-reexec
2016-01-21Merge pull request #2391 from keszybz/coverityDaniel Mack
Coverity inspired fixes
2016-01-21Merge pull request #2341 from nmartensen/fstab-generator-fixesHarald Hoyer
Fstab-generator fixes
2016-01-21core: add valgrind helper for daemon-reexecEvgeny Vereshchagin
Inspired by https://github.com/systemd/systemd/issues/2187#issuecomment-165587140