Age | Commit message (Collapse) | Author |
|
We can user signer and synthesizing source information to check that the NSEC3 RRs we want to use are
actually reasonable and properly signed.
|
|
source and zone in each RR
Having this information available is useful when we need to check whether various RRs are suitable for proofs. This
information is stored in the RRs as number of labels to skip from the beginning of the owner name to reach the
synthesizing source/signer. Simple accessor calls are then added to retrieve the signer/source from the RR using this
information.
This also moves validation of a a number of RRSIG parameters into a new call dnssec_rrsig_prepare() that as side-effect
initializes the two numeric values.
|
|
When proving NODATA DS lookups we need to insist on looking at the parent zone's NSEC RR, not the child zone's.
When proving any other NODATA lookups we need to insist on looking at the child zone's NSEC RR, not the parent's.
|
|
unsupported digest algorithm
|
|
Add extra checks when validating with RRSIGs. This follows recommendations from:
http://www.george-barwood.pwp.blueyonder.co.uk/DnsServer/NotesOnDNSSSEC.htm
|
|
Fixes:
==1== by 0x23E44C: remove_marked_symlinks_fd (install.c:453)
==1== by 0x23E256: remove_marked_symlinks_fd (install.c:405)
==1== by 0x23E630: remove_marked_symlinks (install.c:494)
==1== by 0x2427A0: unit_file_disable (install.c:1876)
==1== by 0x18A633: method_disable_unit_files_generic (dbus-manager.c:1760)
==1== by 0x18A6CA: method_disable_unit_files (dbus-manager.c:1768)
==1== by 0x1D8146: method_callbacks_run (bus-objects.c:420)
==1== by 0x1DA9D8: object_find_and_run (bus-objects.c:1257)
==1== by 0x1DB01A: bus_process_object (bus-objects.c:1373)
==1==
==1== 228 (48 direct, 180 indirect) bytes in 2 blocks are definitely lost in loss record 8 of 14
==1== at 0x4C2BBCF: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1== by 0x4C2DE2F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1== by 0x23DA60: unit_file_changes_add (install.c:233)
==1== by 0x23DDB2: create_symlink (install.c:298)
==1== by 0x240C5C: install_info_symlink_wants (install.c:1328)
==1== by 0x240FC8: install_info_apply (install.c:1384)
==1== by 0x241211: install_context_apply (install.c:1439)
==1== by 0x242563: unit_file_enable (install.c:1830)
==1== by 0x18A06E: method_enable_unit_files_generic (dbus-manager.c:1650)
==1== by 0x18A141: method_enable_unit_files (dbus-manager.c:1660)
==1== by 0x1D8146: method_callbacks_run (bus-objects.c:420)
==1== by 0x1DA9D8: object_find_and_run (bus-objects.c:1257)
==1==
==1== 467 (144 direct, 323 indirect) bytes in 3 blocks are definitely lost in loss record 9 of 14
==1== at 0x4C2DD9F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1== by 0x23DA60: unit_file_changes_add (install.c:233)
==1== by 0x23DE97: create_symlink (install.c:320)
==1== by 0x242CFC: unit_file_set_default (install.c:1951)
==1== by 0x18A881: method_set_default_target (dbus-manager.c:1802)
==1== by 0x1D8146: method_callbacks_run (bus-objects.c:420)
==1== by 0x1DA9D8: object_find_and_run (bus-objects.c:1257)
==1== by 0x1DB01A: bus_process_object (bus-objects.c:1373)
==1== by 0x259143: process_message (sd-bus.c:2567)
==1== by 0x259326: process_running (sd-bus.c:2609)
==1== by 0x259BDC: bus_process_internal (sd-bus.c:2798)
==1== by 0x259CAD: sd_bus_process (sd-bus.c:2817)
==1==
==1== LEAK SUMMARY:
==1== definitely lost: 216 bytes in 6 blocks
==1== indirectly lost: 560 bytes in 14 blocks
==1== possibly lost: 0 bytes in 0 blocks
==1== still reachable: 65,536 bytes in 5 blocks
==1== suppressed: 0 bytes in 0 blocks
==1== Reachable blocks (those to which a pointer was found) are not shown.
==1== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==1==
|
|
Fix transient units memory leak
|
|
Fixes:
==1== HEAP SUMMARY:
==1== in use at exit: 67,182 bytes in 91 blocks
==1== total heap usage: 70,485 allocs, 70,394 frees, 42,184,635 bytes
allocated
==1==
==1== 5,742 (696 direct, 5,046 indirect) bytes in 29 blocks are
definitely lost in loss record 4 of 7
==1== at 0x4C2DD9F: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1== by 0x21ADDD: realloc_multiply (alloc-util.h:67)
==1== by 0x21BFB0: strv_push (strv.c:448)
==1== by 0x21C245: strv_consume (strv.c:520)
==1== by 0x21C33C: strv_extend (strv.c:559)
==1== by 0x278AD7: unit_write_drop_in (unit.c:3352)
==1== by 0x278EEB: unit_write_drop_in_private (unit.c:3403)
==1== by 0x190C21: bus_service_set_transient_property
(dbus-service.c:254)
==1== by 0x190DBC: bus_service_set_property (dbus-service.c:284)
==1== by 0x18F00E: bus_unit_set_properties (dbus-unit.c:1226)
==1== by 0x186F6A: transient_unit_from_message (dbus-manager.c:683)
==1== by 0x1872B7: method_start_transient_unit (dbus-manager.c:763)
==1==
==1== LEAK SUMMARY:
==1== definitely lost: 696 bytes in 29 blocks
==1== indirectly lost: 5,046 bytes in 58 blocks
==1== possibly lost: 0 bytes in 0 blocks
==1== still reachable: 61,440 bytes in 4 blocks
==1== suppressed: 0 bytes in 0 blocks
|
|
transaction: downgrade warnings about wanted units which are not found
|
|
Fourteenth DNSSEC PR
|
|
[v4] bus-util: print "systemctl --user" on user service manager
|
|
If a unit was pulled by a Wants= dependency but its unit file was not
present then we logged this as an error.
However Wants= might be used to configure a soft/optional dependency
on another unit, ie. start an optional service only if it's installed
otherwise simply skip it. In this case emitting an error doesn't look
appropriate.
But it's still an error if the optional dependency exists but its
activation fails for any reasons.
|
|
==1== HEAP SUMMARY:
==1== in use at exit: 61,728 bytes in 22 blocks
==1== total heap usage: 258,122 allocs, 258,100 frees, 78,219,628
bytes allocated
==1==
==1== 16 bytes in 1 blocks are definitely lost in loss record 1 of 6
==1== at 0x4C2BBCF: malloc (vg_replace_malloc.c:299)
==1== by 0x1E350E: memdup (alloc-util.c:34)
==1== by 0x135AFB: memdup_multiply (alloc-util.h:74)
==1== by 0x140F97: manager_set_default_rlimits (manager.c:2929)
==1== by 0x1303DA: manager_set_defaults (main.c:737)
==1== by 0x133A02: main (main.c:1718)
==1==
==1== 272 bytes in 17 blocks are definitely lost in loss record 2 of 6
==1== at 0x4C2BBCF: malloc (vg_replace_malloc.c:299)
==1== by 0x1E350E: memdup (alloc-util.c:34)
==1== by 0x135AFB: memdup_multiply (alloc-util.h:74)
==1== by 0x140F97: manager_set_default_rlimits (manager.c:2929)
==1== by 0x1303DA: manager_set_defaults (main.c:737)
==1== by 0x13480D: main (main.c:1828)
==1==
==1== LEAK SUMMARY:
==1== definitely lost: 288 bytes in 18 blocks
==1== indirectly lost: 0 bytes in 0 blocks
==1== possibly lost: 0 bytes in 0 blocks
==1== still reachable: 61,440 bytes in 4 blocks
==1== suppressed: 0 bytes in 0 blocks
==1== Reachable blocks (those to which a pointer was found) are not
shown.
==1== To see them, rerun with: --leak-check=full --show-leak-kinds=all
|
|
When a unit was started with "systemctl --user" and it failed, error
messages is printed as "systemctl status". But it should be "systemctl
--user status".
|
|
We frequently unescape DNS label follwed by IDNA undoing. We now have a function that does that in one step, hence use
it everywhere.
|
|
|
|
This way we become compatible with DNS names with embedded NUL bytes.
|
|
skip first label
|
|
In contrast to ascii_strcasecmp_nn() it takes two character buffers with their individual length. It will then compare
the buffers up the smaller size of the two buffers, and finally the length themselves.
|
|
ascii_strcasecmp_n()
This makes our code compatible with embedded NUL bytes, as we don't care about NUL bytes anymore.
|
|
|
|
|
|
Properly handle RRs that begin with an asterisk label. These are the unexpanded forms of wildcard domains and appear in
NSEC RRs for example. We need to make sure we handle the signatures of these RRs properly, since they mostly are
considered normal RRs, except that the RRSIG labels counter is one off for them, as the asterisk label is always
excluded of the signature.
|
|
Let's determine the source of synthesis once instead of for each RR in the RRset.
|
|
dns_name_startswith() is to dns_name_endswith() as startswith() is to endswith().
|
|
|
|
Closes: #2299
|
|
|
|
|
|
Add machine-id setting
|
|
Allow for overriding all other machine-ids which may be present on
the system using a kernel command line systemd.machine_id or
--machine-id= option.
This is especially useful for network booted systems where the
machine-id needs to be static, or for containers where a specific
machine-id is wanted.
|
|
|
|
sd-event: instrument sd_event_run() for profiling delays
|
|
Set SD_EVENT_PROFILE_DELAYS to activate accounting and periodic logging
of the distribution of delays between sd_event_run() calls.
Time spent in dispatching as well as time spent outside of
sd_event_run() is measured and accounted for. Every 5 seconds a
logarithmic histogram loop iteration delays since 5 seconds previous is
logged.
This is useful in identifying the frequency and magnitude of latencies
affecting the event loop, which should be kept to a minimum.
|
|
Also add a coccinelle receipt to help with such transitions.
|
|
capabilities: added support for ambient capabilities.
|
|
Fix miscalculated buffer size and uses of size-unlimited sprintf()
|
|
The ambient capability tests are only run if the kernel has support for
ambient capabilities.
|
|
This patch adds support for ambient capabilities in service files. The
idea with ambient capabilities is that the execed processes can run with
non-root user and get some inherited capabilities, without having any
need to add the capabilities to the executable file.
You need at least Linux 4.3 to use ambient capabilities. SecureBit
keep-caps is automatically added when you use ambient capabilities and
wish to change the user.
An example system service file might look like this:
[Unit]
Description=Service for testing caps
[Service]
ExecStart=/usr/bin/sleep 10000
User=nobody
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW
After starting the service it has these capabilities:
CapInh: 0000000000003000
CapPrm: 0000000000003000
CapEff: 0000000000003000
CapBnd: 0000003fffffffff
CapAmb: 0000000000003000
|
|
Change the capability bounding set parser and logic so that the bounding
set is kept as a positive set internally. This means that the set
reflects those capabilities that we want to keep instead of drop.
|
|
journal: normalize priority of logging sources
|
|
function.
Not sure if this results in an exploitable buffer overflow, probably not
since the the int value is likely sanitized somewhere earlier and it's
being put through a bit mask shortly before being used.
|
|
|
|
We wouldn't know how to validate them, since they are the signatures, and hence have no signatures.
|
|
Given how fragile DNS servers are with some DNS types, and given that we really should avoid confusing them with
known-weird lookups, refuse doing lookups for known-obsolete RR types.
|
|
current_feature_level
This is a follow-up for f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6.
|
|
its own
A suggested by Vito Caputo:
https://github.com/systemd/systemd/pull/2289#discussion-diff-49276220
|
|
|
|
DNSSEC
Move detection into a set of new functions, that check whether one specific server can do DNSSEC, whether a server and
a specific transaction can do DNSSEC, or whether a transaction and all its auxiliary transactions could do so.
Also, do these checks both before we acquire additional RRs for the validation (so that we can skip them if the server
doesn't do DNSSEC anyway), and after we acquired them all (to see if any of the lookups changed our opinion about the
servers).
THis also tightens the checks a bit: a server that lacks TCP support is considered incompatible with DNSSEC too.
|
|
This makes it easier to log information about a specific DnsServer object.
|