| Age | Commit message (Collapse) | Author |
|---|
|
64 bit offset is now accepted, which is nice. The old function is
deprecated, and generates a compile time warning when used. We only
use an offset of 0, so we really don't care. Adapt to use the new
function, but fall back to the old one on older versions.
|
|
src/journal-remote/journal-remote.c:590:13: warning: Value MHD_HTTP_METHOD_NOT_ACCEPTABLE is deprecated, use MHD_HTTP_NOT_ACCEPTABLE
return mhd_respond(connection, MHD_HTTP_METHOD_NOT_ACCEPTABLE,
^
The new define was added in 0.9.38. Instead of requiring the new
libmicrohttpd version, provide the fallback, it is trivial.
|
|
|
|
Little change in practice, because the program will exit soon
afterwards, but the standard style of closing all fds is now followed.
Also gets rid of gcc warning about fd_ctrl and fd_uevent being
unitialized.
|
|
|
|
manager_{start,stop}_{slice,scope,unit} functions had an optional job
output parameter. But all callers specified job, so make the parameter
mandatory, add asserts. Also extract common job variable handling to
a helper function to avoid duplication.
Avoids gcc warning about job being unitialized.
|
|
We requested various fields using SD_BUS_CREDS_AUGMENT but at least
sd_bus_creds_get_tty can fail with ENXIO, not setting the output variable.
|
|
|
|
Merge separate two error handling statements into two nested ifs.
This looks cleaner, and avoids a gcc warning about *prefix being
uninitialized.
While at it, fix identation of logging statements elsewhere in the
file.
|
|
If the initial allocation succeeded, there is no way to
fail, so cleanup function is not necessary.
|
|
The code is correct, assuming that the kernel does not feed
us garbled data. Let's initialize those variables to avoid the
warning anyway.
|
|
Setting of dst_id was based on interplay of two booleans,
making the logic hard to follow (for humans and compilers alike).
gcc was confused and emmitted a warning about an uninitialized
variable. Rework the code to make it obvious that dst_id is
set properly.
|
|
|
|
|
|
Not every byte sequence is valid utf8. We allow escaping of non-utf8
sequences in strings by using octal and hexadecimal escape sequences
(\123 and \0xAB) for bytes at or above 128. Users of cunescape_one
could infer whether such use occured when they received an answer
between 128 and 256 in *ret (a non-ascii one byte character). But this
is subtle and misleading: the comments were wrong, because ascii is a
subset of unicode, so c != 0 did not mean non-unicode, but rather
ascii-subset-of-unicode-or-raw-byte. This was all rather confusing, so
make the "single byte" condition explicit.
I'm not convinced that allowing non-utf8 sequences to be produced is
useful in all cases where we allow it (e.g. in config files), but that
behaviour is unchanged, just made more explicit.
This also fixes an (invalid) gcc warning about unitialized variable
(*ret_unicode) in callers of cunescape_one.
|
|
gcc complains that dirs might be unitialized. It cannot, but
we just checked that name has one of three values above, so
no need to check again.
|
|
|
|
sd_event_now() is a public function, so we must check all
arguments for validity. Update man page and add tests.
Sample debug message:
Assertion 'IN_SET(clock, CLOCK_REALTIME, CLOCK_REALTIME_ALARM, CLOCK_MONOTONIC, CLOCK_BOOTTIME, CLOCK_BOOTTIME_ALARM)' failed at src/libsystemd/sd-event/sd-event.c:2719, function sd_event_now(). Ignoring.
|
|
Go over the entries in the map and check that they make sense.
Tests are added. In the future we might want to do additional
checks, e.g. verifying that the error names are in the expected
format.
|
|
errno_from_name used an unusual return convention where 0 meant
"not found". This tripped up config_parse_syscall_errno(),
which would treat that as success. Return -EINVAL instead,
and adjust bus_error_name_to_errno() for the new convention.
Also remove a goto which was used as a simple if and clean
up surroudning code a bit.
|
|
This is not particularly intrusive because it happens in simple
utility functions. It helps gcc understand that error codes
are negative.
This gets a rid of most of the remaining warnings.
|
|
Fix broken SYSTEMD_USER_WANTS in udev rules.
|
|
How to reproduce
$ systemctl set-default multi-user # https://github.com/systemd/systemd/issues/2298
$ systemctl preset-all
Failed to execute operation: Too many levels of symbolic links
$ systemctl poweroff
Fixes:
==1==
==1== HEAP SUMMARY:
==1== in use at exit: 65,645 bytes in 7 blocks
==1== total heap usage: 40,539 allocs, 40,532 frees, 30,147,547 bytes allocated
==1==
==1== 109 (24 direct, 85 indirect) bytes in 1 blocks are definitely lost in loss record 2 of 7
==1== at 0x4C2BBCF: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1== by 0x4C2DE2F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1== by 0x23DA71: unit_file_changes_add (install.c:233)
==1== by 0x23E45D: remove_marked_symlinks_fd (install.c:453)
==1== by 0x23E267: remove_marked_symlinks_fd (install.c:405)
==1== by 0x23E641: remove_marked_symlinks (install.c:494)
==1== by 0x243A91: execute_preset (install.c:2190)
==1== by 0x244343: unit_file_preset_all (install.c:2351)
==1== by 0x18AAA2: method_preset_all_unit_files (dbus-manager.c:1846)
==1== by 0x1D8157: method_callbacks_run (bus-objects.c:420)
==1== by 0x1DA9E9: object_find_and_run (bus-objects.c:1257)
==1== by 0x1DB02B: bus_process_object (bus-objects.c:1373)
==1==
==1== LEAK SUMMARY:
==1== definitely lost: 24 bytes in 1 blocks
==1== indirectly lost: 85 bytes in 1 blocks
==1== possibly lost: 0 bytes in 0 blocks
==1== still reachable: 65,536 bytes in 5 blocks
==1== suppressed: 0 bytes in 0 blocks
==1== Reachable blocks (those to which a pointer was found) are not shown.
==1== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==1==
==1== For counts of detected and suppressed errors, rerun with: -v
==1== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
|
|
|
|
If we have a signed DNAME RR response, there's no need to insist on a signature for a CNAME RR response, after all it
is unlikely to be signed, given the implicit synthethis of CNAME through DNAME RRs.
|
|
The functionality of SYSTEMD_USER_WANTS that attaches dependencies to device
units from udev rules was broken since commit b2c23da8. I guess it was due to
a mass replace s/SYSTEMD_USER/MANAGER_USER/.
|
|
|
|
Quite often we read the same RR key multiple times from the same message. Try to replace them by a single object when
we notice this. Do so again when we add things to the cache.
This should reduce memory consumption a tiny bit.
|
|
If the networkd configuration changes during runtime, make sure to flush all caches when we switch from a less trusted
to a more trusted mode.
|
|
restart transaction
In some cases we learn something about a server's feature level through its responses. If we notice that after doing
basic checking of a response, and after collecting all auxiliary DNSSEC info the feature level of the server is lower
than where we started, restart the whole transaction.
This is useful to deal with servers that response rubbish when talked to with too high feature levels.
|
|
feature level
Let's make sure we first check if the OPT was lost in the reply, before we accept a reply as successful and use it for
verifying the current feature level.
|
|
transactions
When we restart a DNS transaction, remove all connections to any auxiliary DNSSEC transactions, after all we might
acquire completely different data this time, requiring different auxiliary DNSSEC transactions.
|
|
downgrade what we verified
If we receive a reply that lacks the OPT RR, then this is reason to downgrade what was verified before, as it's
apparently no longer true, and the previous OPT RR we saw was only superficially OK.
Similar, if we realize that RRSIGs are not augmented, then also downgrade the feature level that was verified, as
DNSSEC is after all not supported. This check is in particular necessary, as we might notice the fact that RRSIG is not
augmented only very late, when verifying the root domain.
Also, when verifying a successful response, actually take in consideration that it might have been reported already
that RRSIG or OPT are missing in the response.
|
|
reason to
This adds logic to downgrade the feature level more aggressively when we have reason to. Specifically:
- When we get a response packet that lacks an OPT RR for a query that had it. If so, downgrade immediately to UDP mode,
i.e. don't generate EDNS0 packets anymore.
- When we get a response which we are sure should be signed, but lacks RRSIG RRs, we downgrade to EDNS0 mode, i.e.
below DO mode, since DO is apparently not really supported.
This should increase compatibility with servers that generate non-sensical responses if they messages with OPT RRs and
suchlike, for example the situation described here:
https://open.nlnetlabs.nl/pipermail/dnssec-trigger/2014-November/000376.html
This also changes the downgrade code to explain in a debug log message why a specific downgrade happened.
|
|
This validates OPT RRs more rigorously, before honouring them: if we any of the following condition holds, we'll ignore
them:
a) Multiple OPT RRs in the same message
b) OPT RR not owned by the root domain
c) OPT RR in the wrong section (Belkin routers do this)
d) OPT RR contain rfc6975 algorithm data (Belkin routers do this)
e) OPT version is not 0
f) OPT payload doesn't add up with the lengths
Note that d) may be an indication that the server just blindly copied OPT data from the response into the reply.
RFC6975 data is only supposed to be included in queries, and we do so. It's not supposed to be included in responses
(and the RFC is very clear on that). Hence if we get it back in a reply, then the server probably just copied the OPT
RR.
|
|
|
|
This new test case tries to resolve a couple of known domains, to verify the validation results. It talks to resolved
via the bus, thus comprehensively testing the whole shebang.
Of course, it requires network connectivity and a DNSSEC capable DNS server, hence this is a manual test.
|
|
This fills in the last few gaps:
- When checking if a domain is non-existing, also check that no wildcard for it exists
- Ensure we don't base "covering" tests on NSEC RRs from a parent zone
- Refuse to accept expanded wildcard NSEC RRs for absence proofs.
|
|
wildcard domains
|
|
empty non-terminals generally lack NSEC RRs, which means we can deduce their existance only from the fact that there
are other RRs that contain them in their suffix. Specifically, the NSEC proof for NODATA on ENTs works by sending the
NSEC whose next name is a suffix of the queried name to the client. Use this information properly.
|
|
This should clarify that this is not regular signature-based validation, but validation through DS RR fingerprints.
|
|
We can user signer and synthesizing source information to check that the NSEC3 RRs we want to use are
actually reasonable and properly signed.
|
|
source and zone in each RR
Having this information available is useful when we need to check whether various RRs are suitable for proofs. This
information is stored in the RRs as number of labels to skip from the beginning of the owner name to reach the
synthesizing source/signer. Simple accessor calls are then added to retrieve the signer/source from the RR using this
information.
This also moves validation of a a number of RRSIG parameters into a new call dnssec_rrsig_prepare() that as side-effect
initializes the two numeric values.
|
|
When proving NODATA DS lookups we need to insist on looking at the parent zone's NSEC RR, not the child zone's.
When proving any other NODATA lookups we need to insist on looking at the child zone's NSEC RR, not the parent's.
|
|
unsupported digest algorithm
|
|
Add extra checks when validating with RRSIGs. This follows recommendations from:
http://www.george-barwood.pwp.blueyonder.co.uk/DnsServer/NotesOnDNSSSEC.htm
|
|
Fixes:
==1== by 0x23E44C: remove_marked_symlinks_fd (install.c:453)
==1== by 0x23E256: remove_marked_symlinks_fd (install.c:405)
==1== by 0x23E630: remove_marked_symlinks (install.c:494)
==1== by 0x2427A0: unit_file_disable (install.c:1876)
==1== by 0x18A633: method_disable_unit_files_generic (dbus-manager.c:1760)
==1== by 0x18A6CA: method_disable_unit_files (dbus-manager.c:1768)
==1== by 0x1D8146: method_callbacks_run (bus-objects.c:420)
==1== by 0x1DA9D8: object_find_and_run (bus-objects.c:1257)
==1== by 0x1DB01A: bus_process_object (bus-objects.c:1373)
==1==
==1== 228 (48 direct, 180 indirect) bytes in 2 blocks are definitely lost in loss record 8 of 14
==1== at 0x4C2BBCF: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1== by 0x4C2DE2F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1== by 0x23DA60: unit_file_changes_add (install.c:233)
==1== by 0x23DDB2: create_symlink (install.c:298)
==1== by 0x240C5C: install_info_symlink_wants (install.c:1328)
==1== by 0x240FC8: install_info_apply (install.c:1384)
==1== by 0x241211: install_context_apply (install.c:1439)
==1== by 0x242563: unit_file_enable (install.c:1830)
==1== by 0x18A06E: method_enable_unit_files_generic (dbus-manager.c:1650)
==1== by 0x18A141: method_enable_unit_files (dbus-manager.c:1660)
==1== by 0x1D8146: method_callbacks_run (bus-objects.c:420)
==1== by 0x1DA9D8: object_find_and_run (bus-objects.c:1257)
==1==
==1== 467 (144 direct, 323 indirect) bytes in 3 blocks are definitely lost in loss record 9 of 14
==1== at 0x4C2DD9F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1== by 0x23DA60: unit_file_changes_add (install.c:233)
==1== by 0x23DE97: create_symlink (install.c:320)
==1== by 0x242CFC: unit_file_set_default (install.c:1951)
==1== by 0x18A881: method_set_default_target (dbus-manager.c:1802)
==1== by 0x1D8146: method_callbacks_run (bus-objects.c:420)
==1== by 0x1DA9D8: object_find_and_run (bus-objects.c:1257)
==1== by 0x1DB01A: bus_process_object (bus-objects.c:1373)
==1== by 0x259143: process_message (sd-bus.c:2567)
==1== by 0x259326: process_running (sd-bus.c:2609)
==1== by 0x259BDC: bus_process_internal (sd-bus.c:2798)
==1== by 0x259CAD: sd_bus_process (sd-bus.c:2817)
==1==
==1== LEAK SUMMARY:
==1== definitely lost: 216 bytes in 6 blocks
==1== indirectly lost: 560 bytes in 14 blocks
==1== possibly lost: 0 bytes in 0 blocks
==1== still reachable: 65,536 bytes in 5 blocks
==1== suppressed: 0 bytes in 0 blocks
==1== Reachable blocks (those to which a pointer was found) are not shown.
==1== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==1==
|
|
According to bootup(7) and the behavior when /usr is specified in /etc/fstab, the /sysroot/usr mount should be before initrd-fs.target, not before initrd-root-fs.target.
|
|
This small addition fixes the issues #1982 and #2242.
IPv6PrivacyExtension now works as expected even when a RA is received.
|
|
Fix transient units memory leak
|
