summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-01-28resolved: convert TLSA fields to stringZbigniew Jędrzejewski-Szmek
Example output: _443._tcp.fedoraproject.org IN TLSA 0 0 1 GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A= -- Cert. usage: CA constraint -- Selector: Full Certificate -- Matching type: SHA-256
2016-01-28resolved: OPENPGPKEY recordsZbigniew Jędrzejewski-Szmek
2016-01-28resolved: TLSA recordsZbigniew Jędrzejewski-Szmek
2016-01-28resolved: add alignment to base64Zbigniew Jędrzejewski-Szmek
We try to fit the lengthy key data into available space. If the other fields take less than half of the available columns, we use align everything in the remaining columns. Otherwise, we put everything after a newline, indented with 8 spaces. This is similar to dig and other tools do. $ COLUMNS=78 ./systemd-resolve -t any . . IN SOA a.root-servers.net nstld.verisign-grs.com 2016012701 1800 900 604800 86400 . IN RRSIG SOA RSASHA256 0 86400 20160206170000 20160127160000 54549 S1uhUoBAReAFi5wH/KczVDgwLb+B9Zp57dSYj9aX4XxBhKuzccIducpg0wWXhjCRAWuzY fQ/J2anm4+C4BLUTdlytPIemd42SUffQk2WGuuukI8e67nkrNF3WFtoeXQ4OchsyO24t2 rxi682Zo9ViqmXZ+MSsjWKt1jdem4noaY= . IN NS h.root-servers.net . IN NS k.root-servers.net . IN NS e.root-servers.net . IN NS c.root-servers.net . IN NS b.root-servers.net . IN NS g.root-servers.net . IN NS d.root-servers.net . IN NS f.root-servers.net . IN NS i.root-servers.net . IN NS j.root-servers.net . IN NS m.root-servers.net . IN NS a.root-servers.net . IN NS l.root-servers.net . IN RRSIG NS RSASHA256 0 518400 20160206170000 20160127160000 54549 rxhmTVKUgs72G3VzL+1JRuD0nGLIrPM+ISfmUx0eYUH5wZD5XMu2X+8PfkAsEQT1dziPs ac+zK1YZPbNgr3yGI5H/wEbK8S7DmlvO+/I9WKTLp/Zxn3yncvnTOdjFMZxkAqHbjVOm+ BFz7RjQuvCQlEJX4PQBFphgEnkiOnmMdI= . IN NSEC aaa ( NS SOA RRSIG NSEC DNSKEY ) . IN RRSIG NSEC RSASHA256 0 86400 20160206170000 20160127160000 54549 HY49/nGkUJJP1zLmH33MIKnkNH33jQ7bsAHE9itEjvC4wfAzgq8+Oh9fjYav1R1GDeJ2Z HOu3Z2uDRif10R8RsmZbxyZXJs7eHui9KcAMot1U4uKCCooC/5GImf+oUDbvaraUCMQRU D3mUzoa0BGWfxgZEDqZ55raVFT/olEgG8= . IN DNSKEY 257 3 RSASHA256 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0 O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0 NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL4 96M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1ap AzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6 dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ2 5AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1 ihz0= . IN DNSKEY 256 3 RSASHA256 AwEAAbr/RV0stAWYbmKOldjShp4AOQGOyY3ATI1NUpP4X1qBs 6lsXpc+1ABgv6zkg02IktjZrHnmD0HsElu3wqXMrT5KL1W7Sp mg0Pou9WZ8QttdTKXwrVXrASsaGI2z/pLBSnK8EdzqUrTVxY4 TEGZtxV519isM06CCMihxTn5cfFBF . IN RRSIG DNSKEY RSASHA256 0 172800 20160204235959 20160121000000 19036 XYewrVdYKRDfZptAATwT+W4zng04riExV36+z04kok09W0RmOtDlQrlrwHLlD2iN/zYpg EqGgDF5T2xlrQdNpn+PFHhypHM7NQAgLTrwmiw6mGbV0bsZN3rhFxHwW7QVUFAvo9eNVu INrjm+sArwxq3DnPkmA+3K4ikKD2iiT/jT91VYr9SHFqXXURccLjI+nmaE7m31hXcirX/ r5i3J+B4Fx4415IavSD72r7cmruocnCVjcp+ZAUKeMyW+RwigzevLz3oEcCZ4nrTpGLEj wFaVePYoP+rfdmfLfTdmkkm4APRJa2My3XOdGFlgNS1pW1pH4az5LapLE2vMO7p1aQ== -- Information acquired via protocol DNS in 14.4ms. -- Data is authenticated: no
2016-01-28resolved: emit full path to file we failed to writeZbigniew Jędrzejewski-Szmek
Otherwise it's unclear if it's /etc/resolv.conf or some other file that is meant.
2016-01-28basic: getauxval(AT_RANDOM) is apparently not necessarily alignedLennart Poettering
Let's make sure we read it in a way compatible with non-aligned memory. Fixes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812928
2016-01-28systemctl: don't make up unit states, and don't eat up errors to eagerlyLennart Poettering
When checking a unit's state, don't ignore errors too eagerly, but generate proper error messages. Also, don't synthesize an "unknown" state on error, but let the operation file. If a unit file isn't loaded treat this as "inactive" as that's effectively what it means.
2016-01-28systemctl: don't mangle unit names in check_unit_generic()Lennart Poettering
As it turns out all callers of check_unit_generic() already mangle unit names, or get the unit names directly from PID 1 (and hence arein normalized form anyway), hence there's no point in mangling then...
2016-01-28shared: meanor clean-ups for logs-show.cLennart Poettering
Some minor simplifications. Shouldn't change codepaths.
2016-01-28core: don't reset /dev/console if stdin/stdout/stderr as passed as fd in a ↵Lennart Poettering
transient service Otherwise we might end resetting /dev/console all the time when a transient service starts or stops. Fixes #2377 Fixes #2198 Fixes #2061
2016-01-27Merge pull request #2451 from zonque/pr-2162-rebasedLennart Poettering
utf8.[ch] et al: use char32_t and char16_t instead of int, int32_t, i…
2016-01-27utf8.[ch] et al: use char32_t and char16_t instead of int, int32_t, int16_tShawn Landden
rework C11 utf8.[ch] to use char32_t instead of uint32_t when referring to unicode chars, to make things more expressive. [ @zonque: * rebased to current master * use AC_CHECK_DECLS to detect availibility of char{16,32}_t * make utf8_encoded_to_unichar() return int ]
2016-01-27nss-resolve: also fall back to nss-dns if dbus doesn't workLennart Poettering
Fixes #1692
2016-01-27nss: block various signals while running NSS lookupsLennart Poettering
Let's make sure our poll() calls don't get interrupted where they shouldn't (SIGALRM, ...), but allow them to be interrupted where they should (SIGINT, ...). Fixes #1965
2016-01-27basic: don't append suffixes to unit name glob expressionsLennart Poettering
When the user specifies "foo*" as unit name glob expression, we shouldn't turn this into "foo*.service". Hence: only append a suffix if the specified string isn't a glob expression. Fixes: #2397
2016-01-27systemctl: piece-meal strv extension is expensiveLennart Poettering
If we have many entries to add to an strv we really should try to be smarter than constantly realloc()ing the strv array. Instead, grow it exponentially.
2016-01-27tests: don't abbreviate function names needlesslyLennart Poettering
THis is otherwise really hard to read...
2016-01-27machined: add early checks for unrealistically large image/pool sizesLennart Poettering
2016-01-27machined: when the pool limit is set to infinity don't resize backing ↵Lennart Poettering
loopback file An unlimited quota makes a lot of sense, but we really should try to propagate this onto the loopback file size, since an infinitely sized file makes no sense. Fixes: #2314 #2253
2016-01-27Merge pull request #1975 from ssahani/vxlan2Tom Gundersen
networkd: Add support to configure VXLAN Port
2016-01-26Merge pull request #2446 from keszybz/ask-passwordLennart Poettering
Ask password unicode fix
2016-01-26ask-password-api: only emit a star on valid unicode codepointZbigniew Jędrzejewski-Szmek
https://bugzilla.redhat.com/show_bug.cgi?id=1301984
2016-01-26test-ask-password-api: add a manual test for password readingZbigniew Jędrzejewski-Szmek
2016-01-26Merge pull request #2306 from walyong/exec_v01Lennart Poettering
[v1] core: resolve specifier in config_parse_exec()
2016-01-26resolve: fix compare function for EtcHostItemThomas Hindoe Paaboel Andersen
From dd0bc0f1
2016-01-26nss-resolve: fix gethostbyaddr h_aliasesSamu Kallio
Fix the comparison to include the first alias, which will otherwise be left as a bogus pointer.
2016-01-26Merge pull request #2440 from poettering/journal-fixTom Gundersen
journald: minor fixes
2016-01-26Merge pull request #2437 from poettering/dnssec19Tom Gundersen
nineteenth dnssec patch
2016-01-26Merge pull request #2441 from msekletar/killing-spree-excluded-log-v3Lennart Poettering
shutdown: complain if process excluded from killing spree runs of the same rootfs as PID1 (v3)
2016-01-26journald: add a couple of static asserts checking logging constantsLennart Poettering
Whenever we include a log level or facility in a journal string field, make sure the compiler checks for us that that's actually the right thing to do.
2016-01-26journald: fix LOG_AUTH facility in audit codeLennart Poettering
Fixes: #2304
2016-01-26update TODOLennart Poettering
This gets rid of the private DNSSEC TODO and moves it in the main TODO dump site, as the DNSSEC implementation is pretty complete now, and the remaining bits are low-priority.
2016-01-26resolved: prorize rtnl and sd-network event sourcesLennart Poettering
Lets make sure we always take notice of network changes before answering client requests. This way, calls like SetLinkDNS() become race-free as the specified interface index is guarantee to have been processed if it exists before we make changes to it.
2016-01-26resolved: fix the rcode to SUCCESS if we find at least one matching RR in a ↵Lennart Poettering
DNS response If we encounter NXDOMAIN, but find at least one matching RR in a response, then patch it to become SUCCESS. This should clean up handling of CNAME/DNAMEs, and makes sure broken servers and those conforming to RFC 6604 are treated the same way. The new behaviour opposes the logic suggested in RFC 6604, but given that some servers don't implement it correctly, and given that in some ways the CNAME/DNAME chains will be incomplete anyway, and given that DNSSEC generally only allows us to prove the first element of a CNAME/DNAME chain, this should simplify things for us.
2016-01-26resolved: allow configuration of routing domains in Domains=Lennart Poettering
2016-01-26resolved: teach resolved the difference between "routing" and "search" domainsLennart Poettering
Following the changes to expose the "routing" and "search" domain concepts in networkd, actually make resolved use them. It will now use routing domains exclusively for making DNS routing decisions, and use search domains additionally for extending single-label names.
2016-01-26util: introduce fputs_with_space() and make use of it at various placesLennart Poettering
The call combines outputing a string with prefixing it with a space, optionally. This is useful to shorten the logic for outputing lists of strings, that are space separated.
2016-01-26networkd: optinally use DHCP lease domain info for routing onlyLennart Poettering
This changes the UseDomains= setting of .network files to take an optional third value "route", in addition to the boolean values. If set, the passed domain information is used for routing rules only, but not for the search path logic.
2016-01-26networkd: rename a few Network object properties to be more like the ↵Lennart Poettering
configuration settings All booleans called dhcp_xyz are now called ".dhcp_use_xyz", to match their respective configuration file settings. This should clarify things a bit, in particular as there is a DHCP hostname that was previously called just ".hostname" because ".dhcp_hostname" was already existing as a bool. Since this confusion is removed now because the bool is called ".dhcp_use_hostname", the string field is now renamed to ".dhcp_hostname".
2016-01-26shared: normalize the root domain to "." rather than ""Lennart Poettering
Let's make sure the root domain is normalized to ".", rather than then empty string, so that there's actually something to see on screen. Normally, we don't append a trailing dot to normalized domain names, but do so in the one exception of the root domain, taking inspiration from UNIX file system paths.
2016-01-26dhcp: make host/domain name validity checks stricterLennart Poettering
Also don't permit host/domain names that reference the root domain, and unify the codepaths for this.
2016-01-26networkd: when filtering out duplicate domain names use DNS comparisonLennart Poettering
When we collect the domain names of the various links and other sources in one ordered set, make sure to use proper DNS name comparison to filter out duplicates.
2016-01-26networkd: use an OrderedSet instead of Set to collect link domainsLennart Poettering
For the search domain logic the order is highly relevant, hence make sure when collecting the various search domains to add them to an ordered set, so that the order between search domains of a specific link is retained.
2016-01-26networkctl: move strv_isempty() check into dump_list()Lennart Poettering
Previously, each invocation of dump_list() was prefixed with a call to strv_isempty() to suppress invocation of the function when the list is empty anyway. Move the check into the function itself, so that we can reduce the code a bit in size. (Also, prefix a couple of invocations we knowingly ignore return errors with a (void) cast).
2016-01-26networkd: rework Domains= settingLennart Poettering
Previously, .network files only knew a vaguely defined "Domains=" concept, for which the documentation declared it was the "DNS domain" for the network connection, without specifying what that means. With this the Domains setting is reworked, so that there are now "routing" domains and "search" domains. The former are to be used by resolved to route DNS request to specific network interfaces, the latter is to be used for searching single-label hostnames with (in addition to being used for routing). Both settings are configured in the "Domains=" setting. Normal domain names listed in it are now considered search domains (for compatibility with existing setups), while those prefixed with "~" are considered routing domains only. To route all lookups to a specific interface the routing domain "." may be used, referring to the root domain. An alternative syntax for this is the "*", as was already implemented before using the "wildcard" domain concept. This commit adds proper parsers for this new logic, and exposes this via the sd-network API. This information is not used by resolved yet, this will be added in a later commit.
2016-01-26Merge pull request #2424 from keszybz/journald-disk-usageLennart Poettering
Journald disk usage
2016-01-26journald: minor fixesLennart Poettering
This primarily contains some minor coding style fixups for 7a24f3bf2fb181243a1957a0cdd54cd919396793 and earlier changes. Specifically: * Don't log at log levels above LOG_DEBUG from "library" code like journal-file.c * Don't negate errno values before passing them to log_debug_errno(), as the call can handle this fine anyway * Cast some calls we knowingly ignore the return values of to (void) * Don't clobber function call-by-ref return values on failure * Don't mix function calls and variable declarations in one line There's also one more relevant change: when failing to enqueue a journal change fs event, we'll run it immediately.
2016-01-26shutdown: complain if process excluded from killing spree runs of the same ↵Michal Sekletar
rootfs as PID1
2016-01-26logind: update documentation for cf7d1a30e44Mantas Mikulėnas
2016-01-25Merge pull request #2392 from poettering/dnssec18Tom Gundersen
eightteenth dnssec patch