summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-01-17resolved: be stricter when using NSEC3Lennart Poettering
We can user signer and synthesizing source information to check that the NSEC3 RRs we want to use are actually reasonable and properly signed.
2016-01-17resolved: when validating an RRset, store information about the synthesizing ↵Lennart Poettering
source and zone in each RR Having this information available is useful when we need to check whether various RRs are suitable for proofs. This information is stored in the RRs as number of labels to skip from the beginning of the owner name to reach the synthesizing source/signer. Simple accessor calls are then added to retrieve the signer/source from the RR using this information. This also moves validation of a a number of RRSIG parameters into a new call dnssec_rrsig_prepare() that as side-effect initializes the two numeric values.
2016-01-17resolved: do not use NSEC RRs from the wrong zone for proofsLennart Poettering
When proving NODATA DS lookups we need to insist on looking at the parent zone's NSEC RR, not the child zone's. When proving any other NODATA lookups we need to insist on looking at the child zone's NSEC RR, not the parent's.
2016-01-17resolved: ignore DS RRs without generating an error if they use an ↵Lennart Poettering
unsupported digest algorithm
2016-01-17resolved: some RR types may appear only or not at all in a zone apexLennart Poettering
Add extra checks when validating with RRSIGs. This follows recommendations from: http://www.george-barwood.pwp.blueyonder.co.uk/DnsServer/NotesOnDNSSSEC.htm
2016-01-17core: fix memory leak on set-default, enable, disable etcEvgeny Vereshchagin
Fixes: ==1== by 0x23E44C: remove_marked_symlinks_fd (install.c:453) ==1== by 0x23E256: remove_marked_symlinks_fd (install.c:405) ==1== by 0x23E630: remove_marked_symlinks (install.c:494) ==1== by 0x2427A0: unit_file_disable (install.c:1876) ==1== by 0x18A633: method_disable_unit_files_generic (dbus-manager.c:1760) ==1== by 0x18A6CA: method_disable_unit_files (dbus-manager.c:1768) ==1== by 0x1D8146: method_callbacks_run (bus-objects.c:420) ==1== by 0x1DA9D8: object_find_and_run (bus-objects.c:1257) ==1== by 0x1DB01A: bus_process_object (bus-objects.c:1373) ==1== ==1== 228 (48 direct, 180 indirect) bytes in 2 blocks are definitely lost in loss record 8 of 14 ==1== at 0x4C2BBCF: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x4C2DE2F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x23DA60: unit_file_changes_add (install.c:233) ==1== by 0x23DDB2: create_symlink (install.c:298) ==1== by 0x240C5C: install_info_symlink_wants (install.c:1328) ==1== by 0x240FC8: install_info_apply (install.c:1384) ==1== by 0x241211: install_context_apply (install.c:1439) ==1== by 0x242563: unit_file_enable (install.c:1830) ==1== by 0x18A06E: method_enable_unit_files_generic (dbus-manager.c:1650) ==1== by 0x18A141: method_enable_unit_files (dbus-manager.c:1660) ==1== by 0x1D8146: method_callbacks_run (bus-objects.c:420) ==1== by 0x1DA9D8: object_find_and_run (bus-objects.c:1257) ==1== ==1== 467 (144 direct, 323 indirect) bytes in 3 blocks are definitely lost in loss record 9 of 14 ==1== at 0x4C2DD9F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x23DA60: unit_file_changes_add (install.c:233) ==1== by 0x23DE97: create_symlink (install.c:320) ==1== by 0x242CFC: unit_file_set_default (install.c:1951) ==1== by 0x18A881: method_set_default_target (dbus-manager.c:1802) ==1== by 0x1D8146: method_callbacks_run (bus-objects.c:420) ==1== by 0x1DA9D8: object_find_and_run (bus-objects.c:1257) ==1== by 0x1DB01A: bus_process_object (bus-objects.c:1373) ==1== by 0x259143: process_message (sd-bus.c:2567) ==1== by 0x259326: process_running (sd-bus.c:2609) ==1== by 0x259BDC: bus_process_internal (sd-bus.c:2798) ==1== by 0x259CAD: sd_bus_process (sd-bus.c:2817) ==1== ==1== LEAK SUMMARY: ==1== definitely lost: 216 bytes in 6 blocks ==1== indirectly lost: 560 bytes in 14 blocks ==1== possibly lost: 0 bytes in 0 blocks ==1== still reachable: 65,536 bytes in 5 blocks ==1== suppressed: 0 bytes in 0 blocks ==1== Reachable blocks (those to which a pointer was found) are not shown. ==1== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==1==
2016-01-15Merge pull request #2328 from evverx/fix-transient-units-memeory-leakDaniel Mack
Fix transient units memory leak
2016-01-15core: fix memory leak in transient unitsEvgeny Vereshchagin
Fixes: ==1== HEAP SUMMARY: ==1== in use at exit: 67,182 bytes in 91 blocks ==1== total heap usage: 70,485 allocs, 70,394 frees, 42,184,635 bytes allocated ==1== ==1== 5,742 (696 direct, 5,046 indirect) bytes in 29 blocks are definitely lost in loss record 4 of 7 ==1== at 0x4C2DD9F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==1== by 0x21ADDD: realloc_multiply (alloc-util.h:67) ==1== by 0x21BFB0: strv_push (strv.c:448) ==1== by 0x21C245: strv_consume (strv.c:520) ==1== by 0x21C33C: strv_extend (strv.c:559) ==1== by 0x278AD7: unit_write_drop_in (unit.c:3352) ==1== by 0x278EEB: unit_write_drop_in_private (unit.c:3403) ==1== by 0x190C21: bus_service_set_transient_property (dbus-service.c:254) ==1== by 0x190DBC: bus_service_set_property (dbus-service.c:284) ==1== by 0x18F00E: bus_unit_set_properties (dbus-unit.c:1226) ==1== by 0x186F6A: transient_unit_from_message (dbus-manager.c:683) ==1== by 0x1872B7: method_start_transient_unit (dbus-manager.c:763) ==1== ==1== LEAK SUMMARY: ==1== definitely lost: 696 bytes in 29 blocks ==1== indirectly lost: 5,046 bytes in 58 blocks ==1== possibly lost: 0 bytes in 0 blocks ==1== still reachable: 61,440 bytes in 4 blocks ==1== suppressed: 0 bytes in 0 blocks
2016-01-14Merge pull request #2322 from fbuihuu/downgrade-warn-for-not-found-unitZbigniew Jędrzejewski-Szmek
transaction: downgrade warnings about wanted units which are not found
2016-01-14Merge pull request #2316 from poettering/dnssec14Tom Gundersen
Fourteenth DNSSEC PR
2016-01-14Merge pull request #2319 from walyong/log_msg_v04Lennart Poettering
[v4] bus-util: print "systemctl --user" on user service manager
2016-01-14transaction: downgrade warnings about wanted unit which are not foundFranck Bui
If a unit was pulled by a Wants= dependency but its unit file was not present then we logged this as an error. However Wants= might be used to configure a soft/optional dependency on another unit, ie. start an optional service only if it's installed otherwise simply skip it. In this case emitting an error doesn't look appropriate. But it's still an error if the optional dependency exists but its activation fails for any reasons.
2016-01-14core: fix memory leak on reloadEvgeny Vereshchagin
==1== HEAP SUMMARY: ==1== in use at exit: 61,728 bytes in 22 blocks ==1== total heap usage: 258,122 allocs, 258,100 frees, 78,219,628 bytes allocated ==1== ==1== 16 bytes in 1 blocks are definitely lost in loss record 1 of 6 ==1== at 0x4C2BBCF: malloc (vg_replace_malloc.c:299) ==1== by 0x1E350E: memdup (alloc-util.c:34) ==1== by 0x135AFB: memdup_multiply (alloc-util.h:74) ==1== by 0x140F97: manager_set_default_rlimits (manager.c:2929) ==1== by 0x1303DA: manager_set_defaults (main.c:737) ==1== by 0x133A02: main (main.c:1718) ==1== ==1== 272 bytes in 17 blocks are definitely lost in loss record 2 of 6 ==1== at 0x4C2BBCF: malloc (vg_replace_malloc.c:299) ==1== by 0x1E350E: memdup (alloc-util.c:34) ==1== by 0x135AFB: memdup_multiply (alloc-util.h:74) ==1== by 0x140F97: manager_set_default_rlimits (manager.c:2929) ==1== by 0x1303DA: manager_set_defaults (main.c:737) ==1== by 0x13480D: main (main.c:1828) ==1== ==1== LEAK SUMMARY: ==1== definitely lost: 288 bytes in 18 blocks ==1== indirectly lost: 0 bytes in 0 blocks ==1== possibly lost: 0 bytes in 0 blocks ==1== still reachable: 61,440 bytes in 4 blocks ==1== suppressed: 0 bytes in 0 blocks ==1== Reachable blocks (those to which a pointer was found) are not shown. ==1== To see them, rerun with: --leak-check=full --show-leak-kinds=all
2016-01-14bus-util: print "systemctl --user" on user service managerWaLyong Cho
When a unit was started with "systemctl --user" and it failed, error messages is printed as "systemctl status". But it should be "systemctl --user status".
2016-01-13shared: reuse dns_label_unescape_undo_idna() in more placesLennart Poettering
We frequently unescape DNS label follwed by IDNA undoing. We now have a function that does that in one step, hence use it everywhere.
2016-01-13shared: simplify string concatenation with strjoin()Lennart Poettering
2016-01-13shared: port dns_name_compare_func() to make use of ascii_strcasecmp_nn()Lennart Poettering
This way we become compatible with DNS names with embedded NUL bytes.
2016-01-13shared: simplify dns_name_is_single_label() by using dns_name_parent() to ↵Lennart Poettering
skip first label
2016-01-13basic: add ascii_strcasecmp_nn() callLennart Poettering
In contrast to ascii_strcasecmp_nn() it takes two character buffers with their individual length. It will then compare the buffers up the smaller size of the two buffers, and finally the length themselves.
2016-01-13shared: replace a few invocations of strcasecmp() for DNS labels with ↵Lennart Poettering
ascii_strcasecmp_n() This makes our code compatible with embedded NUL bytes, as we don't care about NUL bytes anymore.
2016-01-13resolved: implement the full NSEC and NSEC3 postive wildcard proofsLennart Poettering
2016-01-13resolved: refuse validating wildcard RRs for SOA, NSEC3, DNAMELennart Poettering
2016-01-13resolved: properly handles RRs in domains beginning in an asterisk labelLennart Poettering
Properly handle RRs that begin with an asterisk label. These are the unexpanded forms of wildcard domains and appear in NSEC RRs for example. We need to make sure we handle the signatures of these RRs properly, since they mostly are considered normal RRs, except that the RRSIG labels counter is one off for them, as the asterisk label is always excluded of the signature.
2016-01-13resolved: optimize dnssec_verify_rrset() a bitLennart Poettering
Let's determine the source of synthesis once instead of for each RR in the RRset.
2016-01-13shared: add new dns_name_startswith() callLennart Poettering
dns_name_startswith() is to dns_name_endswith() as startswith() is to endswith().
2016-01-13basic: add new ascii_strcasecmp_n() callLennart Poettering
2016-01-13systemctl: improve wording of "systemctl enable" messagesLennart Poettering
Closes: #2299
2016-01-13resolved: allocate bounded strings on stack instead of heap, if we canLennart Poettering
2016-01-13resolved: consider inverted RRSIG validity intervals expiredLennart Poettering
2016-01-12Merge pull request #490 from pyssling/masterLennart Poettering
Add machine-id setting
2016-01-12core: Add machine-id settingNils Carlson
Allow for overriding all other machine-ids which may be present on the system using a kernel command line systemd.machine_id or --machine-id= option. This is especially useful for network booted systems where the machine-id needs to be static, or for containers where a specific machine-id is wanted.
2016-01-12sd-event: minor fixups to delays profiling changesVito Caputo
2016-01-12Merge pull request #2147 from vcaputo/sd-event-measure-latenciesLennart Poettering
sd-event: instrument sd_event_run() for profiling delays
2016-01-12sd-event: instrument sd_event_run() for profiling delaysVito Caputo
Set SD_EVENT_PROFILE_DELAYS to activate accounting and periodic logging of the distribution of delays between sd_event_run() calls. Time spent in dispatching as well as time spent outside of sd_event_run() is measured and accounted for. Every 5 seconds a logarithmic histogram loop iteration delays since 5 seconds previous is logged. This is useful in identifying the frequency and magnitude of latencies affecting the event loop, which should be kept to a minimum.
2016-01-12tree-wide: use xsprintf() where applicableDaniel Mack
Also add a coccinelle receipt to help with such transitions.
2016-01-12Merge pull request #2265 from ipuustin/ambientLennart Poettering
capabilities: added support for ambient capabilities.
2016-01-12Merge pull request #2303 from aadamowski/fix-miscalculated-bufferDaniel Mack
Fix miscalculated buffer size and uses of size-unlimited sprintf()
2016-01-12tests: test ambient capabilities.Ismo Puustinen
The ambient capability tests are only run if the kernel has support for ambient capabilities.
2016-01-12capabilities: added support for ambient capabilities.Ismo Puustinen
This patch adds support for ambient capabilities in service files. The idea with ambient capabilities is that the execed processes can run with non-root user and get some inherited capabilities, without having any need to add the capabilities to the executable file. You need at least Linux 4.3 to use ambient capabilities. SecureBit keep-caps is automatically added when you use ambient capabilities and wish to change the user. An example system service file might look like this: [Unit] Description=Service for testing caps [Service] ExecStart=/usr/bin/sleep 10000 User=nobody AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW After starting the service it has these capabilities: CapInh: 0000000000003000 CapPrm: 0000000000003000 CapEff: 0000000000003000 CapBnd: 0000003fffffffff CapAmb: 0000000000003000
2016-01-12capabilities: keep bounding set in non-inverted format.Ismo Puustinen
Change the capability bounding set parser and logic so that the bounding set is kept as a positive set internally. This means that the set reflects those capabilities that we want to keep instead of drop.
2016-01-12Merge pull request #2290 from vcaputo/normalize-log-source-prioritiesLennart Poettering
journal: normalize priority of logging sources
2016-01-11Fix miscalculated buffer size and uses of size-unlimited sprintf()Aleksander Adamowski
function. Not sure if this results in an exploitable buffer overflow, probably not since the the int value is likely sanitized somewhere earlier and it's being put through a bit mask shortly before being used.
2016-01-11resolved: improve query RR type error wording a bitLennart Poettering
2016-01-11resolved: don#t allow explicit queries for RRSIG RRsLennart Poettering
We wouldn't know how to validate them, since they are the signatures, and hence have no signatures.
2016-01-11resolved: refuse doing queries for known-obsolete RR typesLennart Poettering
Given how fragile DNS servers are with some DNS types, and given that we really should avoid confusing them with known-weird lookups, refuse doing lookups for known-obsolete RR types.
2016-01-11resolved: rename DnsTransaction's current_features field to ↵Lennart Poettering
current_feature_level This is a follow-up for f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6.
2016-01-11resolved: split out resetting of DNS server counters into a function call of ↵Lennart Poettering
its own A suggested by Vito Caputo: https://github.com/systemd/systemd/pull/2289#discussion-diff-49276220
2016-01-11resolved: accept rightfully unsigned NSEC responsesLennart Poettering
2016-01-11resolved: rework how and when we detect whether our chosen DNS server knows ↵Lennart Poettering
DNSSEC Move detection into a set of new functions, that check whether one specific server can do DNSSEC, whether a server and a specific transaction can do DNSSEC, or whether a transaction and all its auxiliary transactions could do so. Also, do these checks both before we acquire additional RRs for the validation (so that we can skip them if the server doesn't do DNSSEC anyway), and after we acquired them all (to see if any of the lookups changed our opinion about the servers). THis also tightens the checks a bit: a server that lacks TCP support is considered incompatible with DNSSEC too.
2016-01-11resolved: cache formatted server string in DnsServer structureLennart Poettering
This makes it easier to log information about a specific DnsServer object.