<varlistentry>
<term><command>show-session</command> <optional><replaceable>ID</replaceable>…</optional></term>
- <listitem><para>Show properties of one or more sessions or the
- manager itself. If no argument is specified, properties of the
- manager will be shown. If a session ID is specified,
- properties of the session are shown. By default, empty
- properties are suppressed. Use <option>--all</option> to show
- those too. To select specific properties to show, use
- <option>--property=</option>. This command is intended to be
- used whenever computer-parsable output is required. Use
- <command>session-status</command> if you are looking for
- formatted human-readable output.</para>
+ <listitem><para>Show properties of one or more sessions or the manager itself. If no argument is
+ specified, properties of the manager will be shown. If a session ID is specified, properties of
+ the session are shown. Specially, if the given ID is <literal>self</literal>, the session to which
+ the <command>loginctl</command> process belongs is used. If <literal>auto</literal>, the current
+ session is used as with <literal>self</literal> if exists, and falls back to the current user's
+ graphical session. By default, empty properties are suppressed. Use <option>--all</option> to show
+ those too. To select specific properties to show, use <option>--property=</option>. This command
+ is intended to be used whenever computer-parsable output is required. Use <command>session-status</command>
+ if you are looking for formatted human-readable output.</para>
<xi:include href="version-info.xml" xpointer="v233"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--kill-whom=</option></term>
- <listitem><para>When used with
- <command>kill-session</command>, choose which processes to
- kill. Must be one of <option>leader</option>, or
- <option>all</option> to select whether to kill only the leader
- process of the session or all processes of the session. If
- omitted, defaults to <option>all</option>.</para>
+ <listitem><para>When used with <command>kill-session</command>, choose which processes to kill.
+ Takes one of <literal>leader</literal> or <literal>all</literal>, to select whether to kill only
+ the leader process of the session or all processes of the session. If omitted, defaults to
+ <option>all</option>.</para>
<xi:include href="version-info.xml" xpointer="v252"/></listitem>
</varlistentry>
#define SO_PEERGROUPS 59
#endif
+#ifndef SO_PEERPIDFD
+#define SO_PEERPIDFD 77
+#endif
+
#ifndef SO_BINDTOIFINDEX
#define SO_BINDTOIFINDEX 62
#endif
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+#include <sys/wait.h>
+
+#ifndef P_PIDFD
+#define P_PIDFD 3
+#endif
#include "errno-util.h"
#include "fd-util.h"
#include "missing_syscall.h"
+#include "missing_wait.h"
#include "parse-util.h"
#include "pidref.h"
#include "process-util.h"
return pidref->pid == getpid_cached();
}
+int pidref_wait(const PidRef *pidref, siginfo_t *ret, int options) {
+ int r;
+
+ if (!pidref_is_set(pidref))
+ return -ESRCH;
+
+ if (pidref->pid == 1 || pidref->pid == getpid_cached())
+ return -ECHILD;
+
+ siginfo_t si = {};
+
+ if (pidref->fd >= 0) {
+ r = RET_NERRNO(waitid(P_PIDFD, pidref->fd, &si, options));
+ if (r >= 0) {
+ if (ret)
+ *ret = si;
+ return r;
+ }
+ if (r != -EINVAL) /* P_PIDFD was added in kernel 5.4 only */
+ return r;
+ }
+
+ r = RET_NERRNO(waitid(P_PID, pidref->pid, &si, options));
+ if (r >= 0 && ret)
+ *ret = si;
+ return r;
+}
+
+int pidref_wait_for_terminate(const PidRef *pidref, siginfo_t *ret) {
+ int r;
+
+ for (;;) {
+ r = pidref_wait(pidref, ret, WEXITED);
+ if (r != -EINTR)
+ return r;
+ }
+}
+
static void pidref_hash_func(const PidRef *pidref, struct siphash *state) {
siphash24_compress_typesafe(pidref->pid, state);
}
int pidref_kill(const PidRef *pidref, int sig);
int pidref_kill_and_sigcont(const PidRef *pidref, int sig);
-int pidref_sigqueue(const PidRef *pidfref, int sig, int value);
+int pidref_sigqueue(const PidRef *pidref, int sig, int value);
+
+int pidref_wait(const PidRef *pidref, siginfo_t *siginfo, int options);
+int pidref_wait_for_terminate(const PidRef *pidref, siginfo_t *ret);
+
+static inline void pidref_done_sigkill_wait(PidRef *pidref) {
+ if (!pidref_is_set(pidref))
+ return;
+
+ (void) pidref_kill(pidref, SIGKILL);
+ (void) pidref_wait_for_terminate(pidref, NULL);
+ pidref_done(pidref);
+}
int pidref_verify(const PidRef *pidref);
return 0;
}
+int pid_get_start_time(pid_t pid, uint64_t *ret) {
+ _cleanup_free_ char *line = NULL;
+ const char *p;
+ int r;
+
+ assert(pid >= 0);
+
+ p = procfs_file_alloca(pid, "stat");
+ r = read_one_line_file(p, &line);
+ if (r == -ENOENT)
+ return -ESRCH;
+ if (r < 0)
+ return r;
+
+ /* Let's skip the pid and comm fields. The latter is enclosed in () but does not escape any () in its
+ * value, so let's skip over it manually */
+
+ p = strrchr(line, ')');
+ if (!p)
+ return -EIO;
+
+ p++;
+
+ unsigned long llu;
+
+ if (sscanf(p, " "
+ "%*c " /* state */
+ "%*u " /* ppid */
+ "%*u " /* pgrp */
+ "%*u " /* session */
+ "%*u " /* tty_nr */
+ "%*u " /* tpgid */
+ "%*u " /* flags */
+ "%*u " /* minflt */
+ "%*u " /* cminflt */
+ "%*u " /* majflt */
+ "%*u " /* cmajflt */
+ "%*u " /* utime */
+ "%*u " /* stime */
+ "%*u " /* cutime */
+ "%*u " /* cstime */
+ "%*i " /* priority */
+ "%*i " /* nice */
+ "%*u " /* num_threads */
+ "%*u " /* itrealvalue */
+ "%lu ", /* starttime */
+ &llu) != 1)
+ return -EIO;
+
+ if (ret)
+ *ret = llu;
+
+ return 0;
+}
+
+int pidref_get_start_time(const PidRef *pid, uint64_t *ret) {
+ uint64_t t;
+ int r;
+
+ if (!pidref_is_set(pid))
+ return -ESRCH;
+
+ r = pid_get_start_time(pid->pid, ret ? &t : NULL);
+ if (r < 0)
+ return r;
+
+ r = pidref_verify(pid);
+ if (r < 0)
+ return r;
+
+ if (ret)
+ *ret = t;
+
+ return 0;
+}
+
int get_process_umask(pid_t pid, mode_t *ret) {
_cleanup_free_ char *m = NULL;
const char *p;
return 0;
}
+int pidref_safe_fork_full(
+ const char *name,
+ const int stdio_fds[3],
+ const int except_fds[],
+ size_t n_except_fds,
+ ForkFlags flags,
+ PidRef *ret_pid) {
+
+ pid_t pid;
+ int r, q;
+
+ assert(!FLAGS_SET(flags, FORK_WAIT));
+
+ r = safe_fork_full(name, stdio_fds, except_fds, n_except_fds, flags, &pid);
+ if (r < 0)
+ return r;
+
+ q = pidref_set_pid(ret_pid, pid);
+ if (q < 0) /* Let's not fail for this, no matter what, the process exists after all, and that's key */
+ *ret_pid = PIDREF_MAKE_FROM_PID(pid);
+
+ return r;
+}
+
int namespace_fork(
const char *outer_name,
const char *inner_name,
int get_process_root(pid_t pid, char **ret);
int get_process_environ(pid_t pid, char **ret);
int get_process_ppid(pid_t pid, pid_t *ret);
+int pid_get_start_time(pid_t pid, uint64_t *ret);
+int pidref_get_start_time(const PidRef* pid, uint64_t *ret);
int get_process_umask(pid_t pid, mode_t *ret);
int container_get_leader(const char *machine, pid_t *pid);
return safe_fork_full(name, NULL, NULL, 0, flags, ret_pid);
}
+int pidref_safe_fork_full(
+ const char *name,
+ const int stdio_fds[3],
+ const int except_fds[],
+ size_t n_except_fds,
+ ForkFlags flags,
+ PidRef *ret_pid);
+
+static inline int pidref_safe_fork(const char *name, ForkFlags flags, PidRef *ret_pid) {
+ return pidref_safe_fork_full(name, NULL, NULL, 0, flags, ret_pid);
+}
+
int namespace_fork(const char *outer_name, const char *inner_name, const int except_fds[], size_t n_except_fds, ForkFlags flags, int pidns_fd, int mntns_fd, int netns_fd, int userns_fd, int root_fd, pid_t *ret_pid);
int set_oom_score_adjust(int value);
return (int) n;
}
+int getpeerpidfd(int fd) {
+ socklen_t n = sizeof(int);
+ int pidfd = -EBADF;
+
+ assert(fd >= 0);
+
+ if (getsockopt(fd, SOL_SOCKET, SO_PEERPIDFD, &pidfd, &n) < 0)
+ return -errno;
+
+ if (n != sizeof(int))
+ return -EIO;
+
+ return pidfd;
+}
+
ssize_t send_many_fds_iov_sa(
int transport_fd,
int *fds_array, size_t n_fds_array,
int getpeercred(int fd, struct ucred *ucred);
int getpeersec(int fd, char **ret);
int getpeergroups(int fd, gid_t **ret);
+int getpeerpidfd(int fd);
ssize_t send_many_fds_iov_sa(
int transport_fd,
return p + strlen(needle);
}
-char *startswith_strv(const char *string, char **strv) {
- char *found = NULL;
-
- STRV_FOREACH(i, strv) {
- found = startswith(string, *i);
- if (found)
- break;
- }
-
- return found;
-}
-
bool version_is_valid(const char *s) {
if (isempty(s))
return false;
return strchr(haystack, 0);
for (const char *p = haystack; *p; p++)
- if (strncmp(p, needle, l) == 0)
+ if (strneq(p, needle, l))
f = p;
return (char*) f;
char *find_line_startswith(const char *haystack, const char *needle);
-char *startswith_strv(const char *string, char **strv);
-
-#define STARTSWITH_SET(p, ...) \
- startswith_strv(p, STRV_MAKE(__VA_ARGS__))
-
bool version_is_valid(const char *s);
bool version_is_valid_versionspec(const char *s);
return strv_consume(l, x);
}
+char* startswith_strv(const char *s, char * const *l) {
+ STRV_FOREACH(i, l) {
+ char *found = startswith(s, *i);
+ if (found)
+ return found;
+ }
+
+ return NULL;
+}
+
+char* endswith_strv(const char *s, char * const *l) {
+ STRV_FOREACH(i, l) {
+ char *found = endswith(s, *i);
+ if (found)
+ return found;
+ }
+
+ return NULL;
+}
+
char** strv_reverse(char **l) {
size_t n;
}
DEFINE_HASH_OPS_FULL(string_strv_hash_ops, char, string_hash_func, string_compare_func, free, char*, strv_free);
-
-char* strv_endswith(const char *s, char **l) {
- STRV_FOREACH(i, l) {
- char *e = endswith(s, *i);
- if (e)
- return (char*) e;
- }
-
- return NULL;
-}
strv_print_full(l, NULL);
}
+char* startswith_strv(const char *s, char * const *l);
+
+#define STARTSWITH_SET(p, ...) \
+ startswith_strv(p, STRV_MAKE(__VA_ARGS__))
+
+char* endswith_strv(const char *s, char * const *l);
+
+#define ENDSWITH_SET(p, ...) \
+ endswith_strv(p, STRV_MAKE(__VA_ARGS__))
+
#define strv_from_stdarg_alloca(first) \
({ \
char **_l; \
_x && strv_contains_case(STRV_MAKE(__VA_ARGS__), _x); \
})
-#define ENDSWITH_SET(p, ...) \
- ({ \
- const char *_p = (p); \
- char *_found = NULL; \
- STRV_FOREACH(_i, STRV_MAKE(__VA_ARGS__)) { \
- _found = endswith(_p, *_i); \
- if (_found) \
- break; \
- } \
- _found; \
- })
-
#define _FOREACH_STRING(uniq, x, y, ...) \
for (const char *x, * const*UNIQ_T(l, uniq) = STRV_MAKE_CONST(({ x = y; }), ##__VA_ARGS__); \
x; \
int _string_strv_ordered_hashmap_put(OrderedHashmap **h, const char *key, const char *value HASHMAP_DEBUG_PARAMS);
#define string_strv_hashmap_put(h, k, v) _string_strv_hashmap_put(h, k, v HASHMAP_DEBUG_SRC_ARGS)
#define string_strv_ordered_hashmap_put(h, k, v) _string_strv_ordered_hashmap_put(h, k, v HASHMAP_DEBUG_SRC_ARGS)
-
-char* strv_endswith(const char *s, char **l);
assert(!m->subscribed);
m->deserialized_subscribed = strv_free(m->deserialized_subscribed);
- bus_verify_polkit_async_registry_free(m->polkit_registry);
+ m->polkit_registry = hashmap_free(m->polkit_registry);
}
int bus_fdset_add_all(Manager *m, FDSet *fds) {
gid_t gid,
const char *tty,
char ***env, /* updated on success */
- const int fds[], size_t n_fds) {
+ const int fds[], size_t n_fds,
+ int exec_fd) {
#if HAVE_PAM
* those fds are open here that have been opened by PAM. */
(void) close_many(fds, n_fds);
+ /* Also close the 'exec_fd' in the child, since the service manager waits for the EOF induced
+ * by the execve() to wait for completion, and if we'd keep the fd open here in the child
+ * we'd never signal completion. */
+ exec_fd = safe_close(exec_fd);
+
/* Drop privileges - we don't need any to pam_close_session and this will make
* PR_SET_PDEATHSIG work in most cases. If this fails, ignore the error - but expect sd-pam
* threads to fail to exit normally */
* wins here. (See above.) */
/* All fds passed in the fds array will be closed in the pam child process. */
- r = setup_pam(context->pam_name, username, uid, gid, context->tty_path, &accum_env, params->fds, n_fds);
+ r = setup_pam(context->pam_name, username, uid, gid, context->tty_path, &accum_env, params->fds, n_fds, params->exec_fd);
if (r < 0) {
*exit_status = EXIT_PAM;
return log_exec_error_errno(context, params, r, "Failed to set up PAM session: %m");
#include <unistd.h>
#include "build.h"
+#include "bus-polkit.h"
#include "creds-util.h"
#include "dirent-util.h"
#include "escape.h"
{ "data", JSON_VARIANT_STRING, json_dispatch_unbase64_iovec, offsetof(MethodEncryptParameters, data), 0 },
{ "timestamp", _JSON_VARIANT_TYPE_INVALID, json_dispatch_uint64, offsetof(MethodEncryptParameters, timestamp), 0 },
{ "notAfter", _JSON_VARIANT_TYPE_INVALID, json_dispatch_uint64, offsetof(MethodEncryptParameters, not_after), 0 },
+ VARLINK_DISPATCH_POLKIT_FIELD,
{}
};
_cleanup_(method_encrypt_parameters_done) MethodEncryptParameters p = {
.not_after = UINT64_MAX,
};
_cleanup_(iovec_done) struct iovec output = {};
+ Hashmap **polkit_registry = ASSERT_PTR(userdata);
int r;
assert(link);
if (p.not_after != UINT64_MAX && p.not_after < p.timestamp)
return varlink_error_invalid_parameter_name(link, "notAfter");
+ r = varlink_verify_polkit_async(
+ link,
+ /* bus= */ NULL,
+ "io.systemd.credentials.encrypt",
+ /* details= */ NULL,
+ /* good_user= */ UID_INVALID,
+ polkit_registry);
+ if (r <= 0)
+ return r;
+
r = encrypt_credential_and_warn(
arg_with_key,
p.name,
static int vl_method_decrypt(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
static const JsonDispatch dispatch_table[] = {
- { "name", JSON_VARIANT_STRING, json_dispatch_const_string, offsetof(MethodDecryptParameters, name), 0 },
- { "blob", JSON_VARIANT_STRING, json_dispatch_unbase64_iovec, offsetof(MethodDecryptParameters, blob), 0 },
- { "timestamp", _JSON_VARIANT_TYPE_INVALID, json_dispatch_uint64, offsetof(MethodDecryptParameters, timestamp), 0 },
+ { "name", JSON_VARIANT_STRING, json_dispatch_const_string, offsetof(MethodDecryptParameters, name), 0 },
+ { "blob", JSON_VARIANT_STRING, json_dispatch_unbase64_iovec, offsetof(MethodDecryptParameters, blob), JSON_MANDATORY },
+ { "timestamp", _JSON_VARIANT_TYPE_INVALID, json_dispatch_uint64, offsetof(MethodDecryptParameters, timestamp), 0 },
+ VARLINK_DISPATCH_POLKIT_FIELD,
{}
};
_cleanup_(method_decrypt_parameters_done) MethodDecryptParameters p = {
.timestamp = UINT64_MAX,
};
_cleanup_(iovec_done_erase) struct iovec output = {};
+ Hashmap **polkit_registry = ASSERT_PTR(userdata);
int r;
assert(link);
if (p.name && !credential_name_valid(p.name))
return varlink_error_invalid_parameter_name(link, "name");
- if (!p.blob.iov_base)
- return varlink_error_invalid_parameter_name(link, "blob");
if (p.timestamp == UINT64_MAX)
p.timestamp = now(CLOCK_REALTIME);
+ r = varlink_verify_polkit_async(
+ link,
+ /* bus= */ NULL,
+ "io.systemd.credentials.decrypt",
+ /* details= */ NULL,
+ /* good_user= */ UID_INVALID,
+ polkit_registry);
+ if (r <= 0)
+ return r;
+
r = decrypt_credential_and_warn(
p.name,
p.timestamp,
if (arg_varlink) {
_cleanup_(varlink_server_unrefp) VarlinkServer *varlink_server = NULL;
+ _cleanup_(hashmap_freep) Hashmap *polkit_registry = NULL;
/* Invocation as Varlink service */
- r = varlink_server_new(&varlink_server, VARLINK_SERVER_ROOT_ONLY|VARLINK_SERVER_INHERIT_USERDATA);
+ r = varlink_server_new(&varlink_server, VARLINK_SERVER_ACCOUNT_UID|VARLINK_SERVER_INHERIT_USERDATA);
if (r < 0)
return log_error_errno(r, "Failed to allocate Varlink server: %m");
if (r < 0)
return log_error_errno(r, "Failed to bind Varlink methods: %m");
+ varlink_server_set_userdata(varlink_server, &polkit_registry);
+
r = varlink_server_loop_auto(varlink_server);
if (r < 0)
return log_error_errno(r, "Failed to run Varlink event loop: %m");
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?> <!--*-nxml-*-->
+<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "https://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+
+<!--
+ SPDX-License-Identifier: LGPL-2.1-or-later
+
+ This file is part of systemd.
+
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+-->
+
+<policyconfig>
+
+ <vendor>The systemd Project</vendor>
+ <vendor_url>https://systemd.io</vendor_url>
+
+ <action id="io.systemd.credentials.encrypt">
+ <description gettext-domain="systemd">Allow encryption and signing of system credentials.</description>
+ <message gettext-domain="systemd">Authentication is required for an application to encrypt and sign a system credential.</message>
+ <defaults>
+ <allow_any>auth_admin_keep</allow_any>
+ <allow_inactive>auth_admin_keep</allow_inactive>
+ <allow_active>auth_admin_keep</allow_active>
+ </defaults>
+ </action>
+
+ <action id="io.systemd.credentials.decrypt">
+ <description gettext-domain="systemd">Allow decryption of system credentials.</description>
+ <message gettext-domain="systemd">Authentication is required for an application to decrypto a system credential.</message>
+ <defaults>
+ <allow_any>auth_admin_keep</allow_any>
+ <allow_inactive>auth_admin_keep</allow_inactive>
+ <allow_active>auth_admin_keep</allow_active>
+ </defaults>
+ </action>
+</policyconfig>
install_emptydir(sysconfdir / 'credstore.encrypted',
install_mode : 'rwx------')
endif
+
+install_data('io.systemd.credentials.policy',
+ install_dir : polkitpolicydir)
return (sd_char*) s + l;
}
-sd_char* endswith(const sd_char *s, const sd_char *postfix) {
+sd_char* endswith(const sd_char *s, const sd_char *suffix) {
size_t sl, pl;
assert(s);
- assert(postfix);
+ assert(suffix);
sl = strlen(s);
- pl = strlen(postfix);
+ pl = strlen(suffix);
if (pl == 0)
return (sd_char*) s + sl;
if (sl < pl)
return NULL;
- if (strcmp(s + sl - pl, postfix) != 0)
+ if (!streq(s + sl - pl, suffix))
return NULL;
return (sd_char*) s + sl - pl;
}
-sd_char* endswith_no_case(const sd_char *s, const sd_char *postfix) {
+sd_char* endswith_no_case(const sd_char *s, const sd_char *suffix) {
size_t sl, pl;
assert(s);
- assert(postfix);
+ assert(suffix);
sl = strlen(s);
- pl = strlen(postfix);
+ pl = strlen(suffix);
if (pl == 0)
return (sd_char*) s + sl;
if (sl < pl)
return NULL;
- if (strcasecmp(s + sl - pl, postfix) != 0)
+ if (!strcaseeq(s + sl - pl, suffix))
return NULL;
return (sd_char*) s + sl - pl;
sd_char *startswith(const sd_char *s, const sd_char *prefix) _pure_;
sd_char *startswith_no_case(const sd_char *s, const sd_char *prefix) _pure_;
-sd_char *endswith(const sd_char *s, const sd_char *postfix) _pure_;
-sd_char *endswith_no_case(const sd_char *s, const sd_char *postfix) _pure_;
+sd_char *endswith(const sd_char *s, const sd_char *suffix) _pure_;
+sd_char *endswith_no_case(const sd_char *s, const sd_char *suffix) _pure_;
static inline bool isempty(const sd_char *a) {
return !a || a[0] == '\0';
(void) home_wait_for_worker(h);
m->bus = sd_bus_flush_close_unref(m->bus);
- m->polkit_registry = bus_verify_polkit_async_registry_free(m->polkit_registry);
+ m->polkit_registry = hashmap_free(m->polkit_registry);
m->device_monitor = sd_device_monitor_unref(m->device_monitor);
send_interface="org.freedesktop.home1.Manager"
send_member="LockAllHomes"/>
+ <allow send_destination="org.freedesktop.home1"
+ send_interface="org.freedesktop.home1.Manager"
+ send_member="DeactivateAllHomes"/>
+
<allow send_destination="org.freedesktop.home1"
send_interface="org.freedesktop.home1.Manager"
send_member="Rebalance"/>
assert(c);
context_reset(c, UINT64_MAX);
- bus_verify_polkit_async_registry_free(c->polkit_registry);
+ hashmap_free(c->polkit_registry);
}
static void context_read_etc_hostname(Context *c) {
hashmap_free(m->transfers);
- bus_verify_polkit_async_registry_free(m->polkit_registry);
+ hashmap_free(m->polkit_registry);
m->bus = sd_bus_flush_close_unref(m->bus);
sd_event_unref(m->event);
c->x11_cache = sd_bus_message_unref(c->x11_cache);
c->vc_cache = sd_bus_message_unref(c->vc_cache);
- c->polkit_registry = bus_verify_polkit_async_registry_free(c->polkit_registry);
+ c->polkit_registry = hashmap_free(c->polkit_registry);
};
X11Context *context_get_x11_context(Context *c) {
{ "IOWeight", u->user_record->io_weight },
};
- for (size_t i = 0; i < ELEMENTSOF(settings); i++)
- if (settings[i].value != UINT64_MAX) {
- r = sd_bus_message_append(m, "(sv)", settings[i].name, "t", settings[i].value);
- if (r < 0)
- return bus_log_create_error(r);
- }
+ FOREACH_ARRAY(st, settings, ELEMENTSOF(settings)) {
+ if (st->value == UINT64_MAX)
+ continue;
+
+ r = sd_bus_message_append(m, "(sv)", st->name, "t", st->value);
+ if (r < 0)
+ return bus_log_create_error(r);
+ }
r = sd_bus_message_close_container(m);
if (r < 0)
if (m->unlink_nologin)
(void) unlink_or_warn("/run/nologin");
- bus_verify_polkit_async_registry_free(m->polkit_registry);
+ hashmap_free(m->polkit_registry);
sd_bus_flush_close_unref(m->bus);
sd_event_unref(m->event);
class = getenv_harder(handle, "XDG_SESSION_CLASS", class_pam);
desktop = getenv_harder(handle, "XDG_SESSION_DESKTOP", desktop_pam);
- tty = strempty(tty);
-
- if (strchr(tty, ':')) {
+ if (tty && strchr(tty, ':')) {
/* A tty with a colon is usually an X11 display, placed there to show up in utmp. We rearrange things
* and don't pretend that an X display was a tty. */
if (isempty(display))
display = tty;
tty = NULL;
- } else if (streq(tty, "cron")) {
+ } else if (streq_ptr(tty, "cron")) {
/* cron is setting PAM_TTY to "cron" for some reason (the commit carries no information why, but
* probably because it wants to set it to something as pam_time/pam_access/… require PAM_TTY to be set
* (as they otherwise even try to update it!) — but cron doesn't actually allocate a TTY for its forked
class = "background";
tty = NULL;
- } else if (streq(tty, "ssh")) {
+ } else if (streq_ptr(tty, "ssh")) {
/* ssh has been setting PAM_TTY to "ssh" (for the same reason as cron does this, see above. For further
* details look for "PAM_TTY_KLUDGE" in the openssh sources). */
- type ="tty";
+ type = "tty";
class = "user";
tty = NULL; /* This one is particularly sad, as this means that ssh sessions — even though usually
* associated with a pty — won't be tracked by their tty in logind. This is because ssh
* much later (this is because it doesn't know yet if it needs one at all, as whether to
* register a pty or not is negotiated much later in the protocol). */
- } else
+ } else if (tty)
/* Chop off leading /dev prefix that some clients specify, but others do not. */
tty = skip_dev_prefix(tty);
sd_event_source_unref(m->nscd_cache_flush_event);
#endif
- bus_verify_polkit_async_registry_free(m->polkit_registry);
+ hashmap_free(m->polkit_registry);
manager_varlink_done(m);
static NetDev *netdev_free(NetDev *netdev) {
assert(netdev);
- netdev_detach_from_manager(netdev);
-
- free(netdev->filename);
-
- free(netdev->description);
- free(netdev->ifname);
- condition_free_list(netdev->conditions);
-
/* Invoke the per-kind done() destructor, but only if the state field is initialized. We conditionalize that
* because we parse .netdev files twice: once to determine the kind (with a short, minimal NetDev structure
* allocation, with no room for per-kind fields), and once to read the kind's properties (with a full,
NETDEV_VTABLE(netdev)->done)
NETDEV_VTABLE(netdev)->done(netdev);
+ netdev_detach_from_manager(netdev);
+
+ condition_free_list(netdev->conditions);
+ free(netdev->filename);
+ free(netdev->description);
+ free(netdev->ifname);
+
return mfree(netdev);
}
sd_device_monitor_unref(m->device_monitor);
manager_varlink_done(m);
-
- bus_verify_polkit_async_registry_free(m->polkit_registry);
+ hashmap_free(m->polkit_registry);
sd_bus_flush_close_unref(m->bus);
free(m->dynamic_timezone);
}
r = config_parse_mtu(unit, filename, line, section, section_line, lvalue, ltype, rvalue, &n->mtu, userdata);
- if (r < 0)
+ if (r <= 0)
return r;
TAKE_PTR(n);
sd_event_source_unref(m->mem_pressure_context_event_source);
sd_event_unref(m->event);
- bus_verify_polkit_async_registry_free(m->polkit_registry);
+ hashmap_free(m->polkit_registry);
sd_bus_flush_close_unref(m->bus);
hashmap_free(m->monitored_swap_cgroup_contexts);
* policies).
*
* Whenever we want to lock an encrypted object (for example FDE) against this policy, we'll use a
- * PolicyAuthorizeNV epxression that pins the NV index in the policy, and permits access to any
+ * PolicyAuthorizeNV expression that pins the NV index in the policy, and permits access to any
* policies matching the current NV index contents.
*
* We grant world-readable read access to the NV index. Write access is controlled by a PIN (which we
sd_event_source_unref(m->image_cache_defer_event);
- bus_verify_polkit_async_registry_free(m->polkit_registry);
+ hashmap_free(m->polkit_registry);
sd_bus_flush_close_unref(m->bus);
sd_event_unref(m->event);
return sd_bus_reply_method_error(req, &error);
}
+ case DNS_TRANSACTION_UPSTREAM_DNSSEC_FAILURE:
+ return reply_method_errorf(q, BUS_ERROR_DNSSEC_FAILED, "DNSSEC validation failed upstream: %s%s%s",
+ dns_ede_rcode_to_string(q->answer_ede_rcode),
+ isempty(q->answer_ede_msg) ? "" : ": ", q->answer_ede_msg);
+
case DNS_TRANSACTION_NULL:
case DNS_TRANSACTION_PENDING:
case DNS_TRANSACTION_VALIDATING:
#include "alloc-util.h"
#include "dns-domain.h"
+#include "escape.h"
#include "memory-util.h"
#include "resolved-dns-packet.h"
#include "set.h"
static const uint8_t rfc6975[] = {
- 0, 5, /* OPTION_CODE: DAU */
+ 0, DNS_EDNS_OPT_DAU, /* OPTION_CODE */
#if PREFER_OPENSSL || (HAVE_GCRYPT && GCRYPT_VERSION_NUMBER >= 0x010600)
0, 7, /* LIST_LENGTH */
#else
DNSSEC_ALGORITHM_ED25519,
#endif
- 0, 6, /* OPTION_CODE: DHU */
+ 0, DNS_EDNS_OPT_DHU, /* OPTION_CODE */
0, 3, /* LIST_LENGTH */
DNSSEC_DIGEST_SHA1,
DNSSEC_DIGEST_SHA256,
DNSSEC_DIGEST_SHA384,
- 0, 7, /* OPTION_CODE: N3U */
+ 0, DNS_EDNS_OPT_N3U, /* OPTION_CODE */
0, 1, /* LIST_LENGTH */
NSEC3_ALGORITHM_SHA1,
};
return false;
/* RFC 6975 DAU, DHU or N3U fields found. */
- if (IN_SET(option_code, 5, 6, 7))
+ if (IN_SET(option_code, DNS_EDNS_OPT_DAU, DNS_EDNS_OPT_DHU, DNS_EDNS_OPT_N3U))
found_dau_dhu_n3u = true;
p += option_length + 4U;
return dns_packet_compare_func(a, b) == 0;
}
+int dns_packet_ede_rcode(DnsPacket *p, char **ret_ede_msg) {
+ assert(p);
+
+ _cleanup_free_ char *msg = NULL, *msg_escaped = NULL;
+ int ede_rcode = _DNS_EDNS_OPT_MAX_DEFINED;
+ int r;
+ const uint8_t *d;
+ size_t l;
+
+ if (!p->opt)
+ return _DNS_EDE_RCODE_INVALID;
+
+ d = p->opt->opt.data;
+ l = p->opt->opt.data_size;
+
+ while (l > 0) {
+ uint16_t code, length;
+
+ if (l < 4U)
+ return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
+ "EDNS0 variable part has invalid size.");
+
+ code = unaligned_read_be16(d);
+ length = unaligned_read_be16(d + 2);
+
+ if (l < 4U + length)
+ return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
+ "Truncated option in EDNS0 variable part.");
+
+ if (code == DNS_EDNS_OPT_EXT_ERROR) {
+ if (length < 2U)
+ return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
+ "EDNS0 truncated EDE info code.");
+ ede_rcode = unaligned_read_be16(d + 4);
+ r = make_cstring((char *)d + 6, length - 2U, MAKE_CSTRING_ALLOW_TRAILING_NUL, &msg);
+ if (r < 0)
+ return log_debug_errno(r, "Invalid EDE text in opt");
+ else if (!utf8_is_valid(msg))
+ return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "Invalid EDE text in opt");
+ else if (ede_rcode < _DNS_EDNS_OPT_MAX_DEFINED) {
+ msg_escaped = cescape(msg);
+ if (!msg_escaped)
+ return -ENOMEM;
+ }
+ break;
+ }
+
+ d += 4U + length;
+ l -= 4U + length;
+ }
+
+ if (ret_ede_msg)
+ *ret_ede_msg = TAKE_PTR(msg_escaped);
+
+ return ede_rcode;
+}
+
+bool dns_ede_rcode_is_dnssec(int ede_rcode) {
+ return IN_SET(ede_rcode,
+ DNS_EDE_RCODE_UNSUPPORTED_DNSKEY_ALG,
+ DNS_EDE_RCODE_UNSUPPORTED_DS_DIGEST,
+ DNS_EDE_RCODE_DNSSEC_INDETERMINATE,
+ DNS_EDE_RCODE_DNSSEC_BOGUS,
+ DNS_EDE_RCODE_SIG_EXPIRED,
+ DNS_EDE_RCODE_SIG_NOT_YET_VALID,
+ DNS_EDE_RCODE_DNSKEY_MISSING,
+ DNS_EDE_RCODE_RRSIG_MISSING,
+ DNS_EDE_RCODE_NO_ZONE_KEY_BIT,
+ DNS_EDE_RCODE_NSEC_MISSING
+ );
+}
+
int dns_packet_has_nsid_request(DnsPacket *p) {
bool has_nsid = false;
const uint8_t *d;
return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
"Truncated option in EDNS0 variable part.");
- if (code == 3) {
+ if (code == DNS_EDNS_OPT_NSID) {
if (has_nsid)
return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG),
"Duplicate NSID option in EDNS0 variable part.");
return snprintf_ok(buf, DECIMAL_STR_MAX(int), "%i", i);
}
+static const char* const dns_ede_rcode_table[_DNS_EDE_RCODE_MAX_DEFINED] = {
+ [DNS_EDE_RCODE_OTHER] = "Other",
+ [DNS_EDE_RCODE_UNSUPPORTED_DNSKEY_ALG] = "Unsupported DNSKEY Algorithm",
+ [DNS_EDE_RCODE_UNSUPPORTED_DS_DIGEST] = "Unsupported DS Digest Type",
+ [DNS_EDE_RCODE_STALE_ANSWER] = "Stale Answer",
+ [DNS_EDE_RCODE_FORGED_ANSWER] = "Forged Answer",
+ [DNS_EDE_RCODE_DNSSEC_INDETERMINATE] = "DNSSEC Indeterminate",
+ [DNS_EDE_RCODE_DNSSEC_BOGUS] = "DNSSEC Bogus",
+ [DNS_EDE_RCODE_SIG_EXPIRED] = "Signature Expired",
+ [DNS_EDE_RCODE_SIG_NOT_YET_VALID] = "Signature Not Yet Valid",
+ [DNS_EDE_RCODE_DNSKEY_MISSING] = "DNSKEY Missing",
+ [DNS_EDE_RCODE_RRSIG_MISSING] = "RRSIG Missing",
+ [DNS_EDE_RCODE_NO_ZONE_KEY_BIT] = "No Zone Key Bit Set",
+ [DNS_EDE_RCODE_NSEC_MISSING] = "NSEC Missing",
+ [DNS_EDE_RCODE_CACHED_ERROR] = "Cached Error",
+ [DNS_EDE_RCODE_NOT_READY] = "Not Ready",
+ [DNS_EDE_RCODE_BLOCKED] = "Blocked",
+ [DNS_EDE_RCODE_CENSORED] = "Censored",
+ [DNS_EDE_RCODE_FILTERED] = "Filtered",
+ [DNS_EDE_RCODE_PROHIBITIED] = "Prohibited",
+ [DNS_EDE_RCODE_STALE_NXDOMAIN_ANSWER] = "Stale NXDOMAIN Answer",
+ [DNS_EDE_RCODE_NOT_AUTHORITATIVE] = "Not Authoritative",
+ [DNS_EDE_RCODE_NOT_SUPPORTED] = "Not Supported",
+ [DNS_EDE_RCODE_UNREACH_AUTHORITY] = "No Reachable Authority",
+ [DNS_EDE_RCODE_NET_ERROR] = "Network Error",
+ [DNS_EDE_RCODE_INVALID_DATA] = "Invalid Data",
+ [DNS_EDE_RCODE_SIG_NEVER] = "Signature Never Valid",
+ [DNS_EDE_RCODE_TOO_EARLY] = "Too Early",
+ [DNS_EDE_RCODE_UNSUPPORTED_NSEC3_ITER] = "Unsupported NSEC3 Iterations",
+ [DNS_EDE_RCODE_TRANSPORT_POLICY] = "Impossible Transport Policy",
+ [DNS_EDE_RCODE_SYNTHESIZED] = "Synthesized",
+};
+DEFINE_STRING_TABLE_LOOKUP_TO_STRING(dns_ede_rcode, int);
+
+const char *format_dns_ede_rcode(int i, char buf[static DECIMAL_STR_MAX(int)]) {
+ const char *p = dns_ede_rcode_to_string(i);
+ if (p)
+ return p;
+
+ return snprintf_ok(buf, DECIMAL_STR_MAX(int), "%i", i);
+}
+
static const char* const dns_protocol_table[_DNS_PROTOCOL_MAX] = {
[DNS_PROTOCOL_DNS] = "dns",
[DNS_PROTOCOL_MDNS] = "mdns",
bool dns_packet_equal(const DnsPacket *a, const DnsPacket *b);
+int dns_packet_ede_rcode(DnsPacket *p, char **ret_ede_msg);
+bool dns_ede_rcode_is_dnssec(int ede_rcode);
int dns_packet_has_nsid_request(DnsPacket *p);
/* https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6 */
_DNS_RCODE_MAX = 4095 /* 4 bit rcode in the header plus 8 bit rcode in OPT, makes 12 bit */
};
+/* https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-11 */
+enum {
+ DNS_EDNS_OPT_RESERVED = 0, /* RFC 6891 */
+ DNS_EDNS_OPT_LLQ = 1, /* RFC 8764 */
+ DNS_EDNS_OPT_UL = 2,
+ DNS_EDNS_OPT_NSID = 3, /* RFC 5001 */
+ /* DNS_EDNS_OPT_RESERVED = 4 */
+ DNS_EDNS_OPT_DAU = 5, /* RFC 6975 */
+ DNS_EDNS_OPT_DHU = 6, /* RFC 6975 */
+ DNS_EDNS_OPT_N3U = 7, /* RFC 6975 */
+ DNS_EDNS_OPT_CLIENT_SUBNET = 8, /* RFC 7871 */
+ DNS_EDNS_OPT_EXPIRE = 9, /* RFC 7314 */
+ DNS_EDNS_OPT_COOKIE = 10, /* RFC 7873 */
+ DNS_EDNS_OPT_TCP_KEEPALIVE = 11, /* RFC 7828 */
+ DNS_EDNS_OPT_PADDING = 12, /* RFC 7830 */
+ DNS_EDNS_OPT_CHAIN = 13, /* RFC 7901 */
+ DNS_EDNS_OPT_KEY_TAG = 14, /* RFC 8145 */
+ DNS_EDNS_OPT_EXT_ERROR = 15, /* RFC 8914 */
+ DNS_EDNS_OPT_CLIENT_TAG = 16,
+ DNS_EDNS_OPT_SERVER_TAG = 17,
+ _DNS_EDNS_OPT_MAX_DEFINED,
+ _DNS_EDNS_OPT_INVALID = -EINVAL
+};
+
+/* https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#extended-dns-error-codes */
+enum {
+ DNS_EDE_RCODE_OTHER = 0, /* RFC 8914, Section 4.1 */
+ DNS_EDE_RCODE_UNSUPPORTED_DNSKEY_ALG = 1, /* RFC 8914, Section 4.2 */
+ DNS_EDE_RCODE_UNSUPPORTED_DS_DIGEST = 2, /* RFC 8914, Section 4.3 */
+ DNS_EDE_RCODE_STALE_ANSWER = 3, /* RFC 8914, Section 4.4 */
+ DNS_EDE_RCODE_FORGED_ANSWER = 4, /* RFC 8914, Section 4.5 */
+ DNS_EDE_RCODE_DNSSEC_INDETERMINATE = 5, /* RFC 8914, Section 4.6 */
+ DNS_EDE_RCODE_DNSSEC_BOGUS = 6, /* RFC 8914, Section 4.7 */
+ DNS_EDE_RCODE_SIG_EXPIRED = 7, /* RFC 8914, Section 4.8 */
+ DNS_EDE_RCODE_SIG_NOT_YET_VALID = 8, /* RFC 8914, Section 4.9 */
+ DNS_EDE_RCODE_DNSKEY_MISSING = 9, /* RFC 8914, Section 4.10 */
+ DNS_EDE_RCODE_RRSIG_MISSING = 10, /* RFC 8914, Section 4.11 */
+ DNS_EDE_RCODE_NO_ZONE_KEY_BIT = 11, /* RFC 8914, Section 4.12 */
+ DNS_EDE_RCODE_NSEC_MISSING = 12, /* RFC 8914, Section 4.13 */
+ DNS_EDE_RCODE_CACHED_ERROR = 13, /* RFC 8914, Section 4.14 */
+ DNS_EDE_RCODE_NOT_READY = 14, /* RFC 8914, Section 4.15 */
+ DNS_EDE_RCODE_BLOCKED = 15, /* RFC 8914, Section 4.16 */
+ DNS_EDE_RCODE_CENSORED = 16, /* RFC 8914, Section 4.17 */
+ DNS_EDE_RCODE_FILTERED = 17, /* RFC 8914, Section 4.18 */
+ DNS_EDE_RCODE_PROHIBITIED = 18, /* RFC 8914, Section 4.19 */
+ DNS_EDE_RCODE_STALE_NXDOMAIN_ANSWER = 19, /* RFC 8914, Section 4.20 */
+ DNS_EDE_RCODE_NOT_AUTHORITATIVE = 20, /* RFC 8914, Section 4.21 */
+ DNS_EDE_RCODE_NOT_SUPPORTED = 21, /* RFC 8914, Section 4.22 */
+ DNS_EDE_RCODE_UNREACH_AUTHORITY = 22, /* RFC 8914, Section 4.23 */
+ DNS_EDE_RCODE_NET_ERROR = 23, /* RFC 8914, Section 4.24 */
+ DNS_EDE_RCODE_INVALID_DATA = 24, /* RFC 8914, Section 4.25 */
+ DNS_EDE_RCODE_SIG_NEVER = 25,
+ DNS_EDE_RCODE_TOO_EARLY = 26, /* RFC 9250 */
+ DNS_EDE_RCODE_UNSUPPORTED_NSEC3_ITER = 27, /* RFC 9276 */
+ DNS_EDE_RCODE_TRANSPORT_POLICY = 28,
+ DNS_EDE_RCODE_SYNTHESIZED = 29,
+ _DNS_EDE_RCODE_MAX_DEFINED,
+ _DNS_EDE_RCODE_INVALID = -EINVAL
+};
+
const char* dns_rcode_to_string(int i) _const_;
int dns_rcode_from_string(const char *s) _pure_;
const char *format_dns_rcode(int i, char buf[static DECIMAL_STR_MAX(int)]);
#define FORMAT_DNS_RCODE(i) format_dns_rcode(i, (char [DECIMAL_STR_MAX(int)]) {})
+const char* dns_ede_rcode_to_string(int i) _const_;
+const char *format_dns_ede_rcode(int i, char buf[static DECIMAL_STR_MAX(int)]);
+#define FORMAT_DNS_EDE_RCODE(i) format_dns_ede_rcode(i, (char [DECIMAL_STR_MAX(int)]) {})
+
const char* dns_protocol_to_string(DnsProtocol p) _const_;
DnsProtocol dns_protocol_from_string(const char *s) _pure_;
dns_answer_unref(q->reply_authoritative);
dns_answer_unref(q->reply_additional);
+ free(q->answer_ede_msg);
+
if (q->request_stream) {
/* Detach the stream from our query, in case something else keeps a reference to it. */
(void) set_remove(q->request_stream->queries, q);
!FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED))
continue;
+ char *answer_ede_msg = NULL;
+ if (t->answer_ede_msg) {
+ answer_ede_msg = strdup(t->answer_ede_msg);
+ if (!answer_ede_msg) {
+ log_oom();
+ goto fail;
+ }
+ }
+
DNS_ANSWER_REPLACE(q->answer, dns_answer_ref(t->answer));
q->answer_rcode = t->answer_rcode;
q->answer_dnssec_result = t->answer_dnssec_result;
+ q->answer_ede_rcode = t->answer_ede_rcode;
+ q->answer_ede_msg = answer_ede_msg;
q->answer_query_flags = t->answer_query_flags | dns_transaction_source_to_query_flags(t->answer_source);
q->answer_errno = t->answer_errno;
DNS_PACKET_REPLACE(q->answer_full_packet, dns_packet_ref(t->received));
DnsAnswer *answer;
int answer_rcode;
DnssecResult answer_dnssec_result;
+ int answer_ede_rcode;
+ char *answer_ede_msg;
uint64_t answer_query_flags;
DnsProtocol answer_protocol;
int answer_family;
dns_resource_key_unref(t->key);
dns_packet_unref(t->bypass);
+ free(t->answer_ede_msg);
+
return mfree(t);
}
.dns_udp_fd = -EBADF,
.answer_source = _DNS_TRANSACTION_SOURCE_INVALID,
.answer_dnssec_result = _DNSSEC_RESULT_INVALID,
+ .answer_ede_rcode = _DNS_EDE_RCODE_INVALID,
.answer_nsec_ttl = UINT32_MAX,
.key = dns_resource_key_ref(key),
.query_flags = query_flags,
"DNS_SERVER_FEATURE_LEVEL=%s", dns_server_feature_level_to_string(t->server->possible_feature_level));
}
+ if (state == DNS_TRANSACTION_UPSTREAM_DNSSEC_FAILURE) {
+ dns_resource_key_to_string(dns_transaction_key(t), key_str, sizeof key_str);
+
+ log_struct(LOG_NOTICE,
+ "MESSAGE_ID=" SD_MESSAGE_DNSSEC_FAILURE_STR,
+ LOG_MESSAGE("Upstream resolver reported failure for question %s: %s%s%s",
+ key_str, dns_ede_rcode_to_string(t->answer_ede_rcode),
+ isempty(t->answer_ede_msg) ? "" : ": ", t->answer_ede_msg),
+ "DNS_TRANSACTION=%" PRIu16, t->id,
+ "DNS_QUESTION=%s", key_str,
+ "DNS_EDE_RCODE=%s", dns_ede_rcode_to_string(t->answer_ede_rcode),
+ "DNS_SERVER=%s", strna(dns_server_string_full(t->server)),
+ "DNS_SERVER_FEATURE_LEVEL=%s", dns_server_feature_level_to_string(t->server->possible_feature_level));
+ }
+
/* Note that this call might invalidate the query. Callers
* should hence not attempt to access the query or transaction
* after calling this function. */
}
}
+ if (DNS_PACKET_TC(p)) {
+
+ /* Truncated packets for mDNS are not allowed. Give up immediately. */
+ if (t->scope->protocol == DNS_PROTOCOL_MDNS) {
+ dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
+ return;
+ }
+
+ /* Response was truncated, let's try again with good old TCP */
+ log_debug("Reply truncated, retrying via TCP.");
+ retry_with_tcp = true;
+
+ } else if (t->scope->protocol == DNS_PROTOCOL_DNS &&
+ DNS_PACKET_IS_FRAGMENTED(p)) {
+
+ /* Report the fragment size, so that we downgrade from LARGE to regular EDNS0 if needed */
+ if (t->server)
+ dns_server_packet_udp_fragmented(t->server, dns_packet_size_unfragmented(p));
+
+ if (t->current_feature_level > DNS_SERVER_FEATURE_LEVEL_UDP) {
+ /* Packet was fragmented. Let's retry with TCP to avoid fragmentation attack
+ * issues. (We don't do that on the lowest feature level however, since crappy DNS
+ * servers often do not implement TCP, hence falling back to TCP on fragmentation is
+ * counter-productive there.) */
+
+ log_debug("Reply fragmented, retrying via TCP. (Largest fragment size: %zu; Datagram size: %zu)",
+ p->fragsize, p->size);
+ retry_with_tcp = true;
+ }
+ }
+
+ if (retry_with_tcp) {
+ r = dns_transaction_emit_tcp(t);
+ if (r == -ESRCH) {
+ /* No servers found? Damn! */
+ dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS);
+ return;
+ }
+ if (r == -EOPNOTSUPP) {
+ /* Tried to ask for DNSSEC RRs, on a server that doesn't do DNSSEC */
+ dns_transaction_complete(t, DNS_TRANSACTION_RR_TYPE_UNSUPPORTED);
+ return;
+ }
+ if (r < 0) {
+ /* On LLMNR, if we cannot connect to the host,
+ * we immediately give up */
+ if (t->scope->protocol != DNS_PROTOCOL_DNS)
+ goto fail;
+
+ /* On DNS, couldn't send? Try immediately again, with a new server */
+ if (dns_transaction_limited_retry(t))
+ return;
+
+ /* No new server to try, give up */
+ dns_transaction_complete(t, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED);
+ }
+
+ return;
+ }
+
+ /* After the superficial checks, actually parse the message. */
+ r = dns_packet_extract(p);
+ if (r < 0) {
+ if (t->server) {
+ dns_server_packet_invalid(t->server, t->current_feature_level);
+
+ r = dns_transaction_maybe_restart(t);
+ if (r < 0)
+ goto fail;
+ if (r > 0) /* Transaction got restarted... */
+ return;
+ }
+
+ dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
+ return;
+ }
+
switch (t->scope->protocol) {
- case DNS_PROTOCOL_DNS:
+ case DNS_PROTOCOL_DNS: {
+ int ede_rcode;
+ _cleanup_free_ char *ede_msg = NULL;
+
assert(t->server);
+ ede_rcode = dns_packet_ede_rcode(p, &ede_msg);
+ if (ede_rcode < 0 && ede_rcode != -EINVAL)
+ log_debug_errno(ede_rcode, "Unable to extract EDE error code from packet, ignoring: %m");
+ else {
+ t->answer_ede_rcode = ede_rcode;
+ t->answer_ede_msg = TAKE_PTR(ede_msg);
+ }
+
if (!t->bypass &&
IN_SET(DNS_PACKET_RCODE(p), DNS_RCODE_FORMERR, DNS_RCODE_SERVFAIL, DNS_RCODE_NOTIMP)) {
+ /* If the server has replied with detailed error data, using a degraded feature set
+ * will likely not help anyone. Examine the detailed error to determine the best
+ * course of action. */
+ if (ede_rcode >= 0 && DNS_PACKET_RCODE(p) == DNS_RCODE_SERVFAIL) {
+ /* These codes are related to DNSSEC configuration errors. If accurate,
+ * this is the domain operator's problem, and retrying won't help. */
+ if (dns_ede_rcode_is_dnssec(ede_rcode)) {
+ log_debug("Server returned error: %s (%s%s%s). Lookup failed.",
+ FORMAT_DNS_RCODE(DNS_PACKET_RCODE(p)),
+ FORMAT_DNS_EDE_RCODE(ede_rcode),
+ isempty(t->answer_ede_msg) ? "" : ": ",
+ t->answer_ede_msg);
+ dns_transaction_complete(t, DNS_TRANSACTION_UPSTREAM_DNSSEC_FAILURE);
+ return;
+ }
+
+ /* These codes probably indicate a transient error. Let's try again. */
+ if (IN_SET(ede_rcode, DNS_EDE_RCODE_NOT_READY, DNS_EDE_RCODE_NET_ERROR)) {
+ log_debug("Server returned error: %s (%s%s%s), retrying transaction.",
+ FORMAT_DNS_RCODE(DNS_PACKET_RCODE(p)),
+ FORMAT_DNS_EDE_RCODE(ede_rcode),
+ isempty(t->answer_ede_msg) ? "" : ": ",
+ t->answer_ede_msg);
+ dns_transaction_retry(t, false);
+ return;
+ }
+
+ /* OK, the query failed, but we still shouldn't degrade the feature set for
+ * this server. */
+ log_debug("Server returned error: %s (%s%s%s)",
+ FORMAT_DNS_RCODE(DNS_PACKET_RCODE(p)),
+ FORMAT_DNS_EDE_RCODE(ede_rcode),
+ isempty(t->answer_ede_msg) ? "" : ": ", t->answer_ede_msg);
+ break;
+ } /* No EDE rcode, or EDE rcode we don't understand */
/* Request failed, immediately try again with reduced features */
if (DNS_PACKET_RCODE(p) == DNS_RCODE_REFUSED) {
/* This server refused our request? If so, try again, use a different server */
- log_debug("Server returned REFUSED, switching servers, and retrying.");
+ if (ede_rcode > 0)
+ log_debug("Server returned REFUSED (%s), switching servers, and retrying.",
+ FORMAT_DNS_EDE_RCODE(ede_rcode));
+ else
+ log_debug("Server returned REFUSED, switching servers, and retrying.");
if (dns_transaction_limited_retry(t))
return;
dns_server_packet_truncated(t->server, t->current_feature_level);
break;
+ }
case DNS_PROTOCOL_LLMNR:
case DNS_PROTOCOL_MDNS:
assert_not_reached();
}
- if (DNS_PACKET_TC(p)) {
-
- /* Truncated packets for mDNS are not allowed. Give up immediately. */
- if (t->scope->protocol == DNS_PROTOCOL_MDNS) {
- dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
- return;
- }
-
- /* Response was truncated, let's try again with good old TCP */
- log_debug("Reply truncated, retrying via TCP.");
- retry_with_tcp = true;
-
- } else if (t->scope->protocol == DNS_PROTOCOL_DNS &&
- DNS_PACKET_IS_FRAGMENTED(p)) {
-
- /* Report the fragment size, so that we downgrade from LARGE to regular EDNS0 if needed */
- if (t->server)
- dns_server_packet_udp_fragmented(t->server, dns_packet_size_unfragmented(p));
-
- if (t->current_feature_level > DNS_SERVER_FEATURE_LEVEL_UDP) {
- /* Packet was fragmented. Let's retry with TCP to avoid fragmentation attack
- * issues. (We don't do that on the lowest feature level however, since crappy DNS
- * servers often do not implement TCP, hence falling back to TCP on fragmentation is
- * counter-productive there.) */
-
- log_debug("Reply fragmented, retrying via TCP. (Largest fragment size: %zu; Datagram size: %zu)",
- p->fragsize, p->size);
- retry_with_tcp = true;
- }
- }
-
- if (retry_with_tcp) {
- r = dns_transaction_emit_tcp(t);
- if (r == -ESRCH) {
- /* No servers found? Damn! */
- dns_transaction_complete(t, DNS_TRANSACTION_NO_SERVERS);
- return;
- }
- if (r == -EOPNOTSUPP) {
- /* Tried to ask for DNSSEC RRs, on a server that doesn't do DNSSEC */
- dns_transaction_complete(t, DNS_TRANSACTION_RR_TYPE_UNSUPPORTED);
- return;
- }
- if (r < 0) {
- /* On LLMNR, if we cannot connect to the host,
- * we immediately give up */
- if (t->scope->protocol != DNS_PROTOCOL_DNS)
- goto fail;
-
- /* On DNS, couldn't send? Try immediately again, with a new server */
- if (dns_transaction_limited_retry(t))
- return;
-
- /* No new server to try, give up */
- dns_transaction_complete(t, DNS_TRANSACTION_ATTEMPTS_MAX_REACHED);
- }
-
- return;
- }
-
- /* After the superficial checks, actually parse the message. */
- r = dns_packet_extract(p);
- if (r < 0) {
- if (t->server) {
- dns_server_packet_invalid(t->server, t->current_feature_level);
-
- r = dns_transaction_maybe_restart(t);
- if (r < 0)
- goto fail;
- if (r > 0) /* Transaction got restarted... */
- return;
- }
-
- dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
- return;
- }
-
if (t->server) {
/* Report that we successfully received a valid packet with a good rcode after we initially got a bad
* rcode and subsequently downgraded the protocol */
DNS_TRANSACTION_PENDING,
DNS_TRANSACTION_VALIDATING,
DNS_TRANSACTION_RCODE_FAILURE,
+ DNS_TRANSACTION_UPSTREAM_DNSSEC_FAILURE,
DNS_TRANSACTION_SUCCESS,
DNS_TRANSACTION_NO_SERVERS,
DNS_TRANSACTION_TIMEOUT,
DnsAnswer *answer;
int answer_rcode;
+ int answer_ede_rcode;
+ char *answer_ede_msg;
DnssecResult answer_dnssec_result;
DnsTransactionSource answer_source;
uint32_t answer_nsec_ttl;
ordered_set_free(m->dns_extra_stub_listeners);
- bus_verify_polkit_async_registry_free(m->polkit_registry);
+ hashmap_free(m->polkit_registry);
sd_bus_flush_close_unref(m->bus);
#include "bus-message.h"
#include "bus-polkit.h"
#include "bus-util.h"
+#include "process-util.h"
#include "strv.h"
#include "user-util.h"
-static int check_good_user(sd_bus_message *m, uid_t good_user) {
+static int bus_message_check_good_user(sd_bus_message *m, uid_t good_user) {
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
uid_t sender_uid;
int r;
assert(m);
if (good_user == UID_INVALID)
- return 0;
+ return false;
r = sd_bus_query_sender_creds(m, SD_BUS_CREDS_EUID, &creds);
if (r < 0)
return r;
}
-static int bus_message_new_polkit_auth_call(
+static int bus_message_new_polkit_auth_call_for_bus(
sd_bus_message *m,
const char *action,
const char **details,
/* Tests non-interactively! */
- r = check_good_user(call, good_user);
+ r = bus_message_check_good_user(call, good_user);
if (r != 0)
return r;
_cleanup_(sd_bus_message_unrefp) sd_bus_message *request = NULL, *reply = NULL;
int authorized = false, challenge = false;
- r = bus_message_new_polkit_auth_call(call, action, details, /* interactive = */ false, &request);
+ r = bus_message_new_polkit_auth_call_for_bus(call, action, details, /* interactive = */ false, &request);
if (r < 0)
return r;
AsyncPolkitQueryAction *action;
+ sd_bus *bus;
sd_bus_message *request;
sd_bus_slot *slot;
+ Varlink *link;
Hashmap *registry;
sd_event_source *defer_event_source;
sd_bus_message_unref(q->request);
+ sd_bus_unref(q->bus);
+ varlink_unref(q->link);
+
async_polkit_query_action_free(q->action);
sd_event_source_disable_unref(q->defer_event_source);
DEFINE_PRIVATE_TRIVIAL_REF_UNREF_FUNC(AsyncPolkitQuery, async_polkit_query, async_polkit_query_free);
DEFINE_TRIVIAL_CLEANUP_FUNC(AsyncPolkitQuery*, async_polkit_query_unref);
+DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
+ async_polkit_query_hash_ops,
+ void,
+ trivial_hash_func,
+ trivial_compare_func,
+ AsyncPolkitQuery,
+ async_polkit_query_unref);
+
static int async_polkit_defer(sd_event_source *s, void *userdata) {
AsyncPolkitQuery *q = ASSERT_PTR(userdata);
if (!q->defer_event_source) {
r = sd_event_add_defer(
- sd_bus_get_event(sd_bus_message_get_bus(reply)),
+ sd_bus_get_event(q->bus),
&q->defer_event_source,
async_polkit_defer,
q);
if (r < 0)
return r;
- r = sd_bus_message_rewind(q->request, true);
- if (r < 0)
- return r;
+ if (q->request) {
+ r = sd_bus_message_rewind(q->request, true);
+ if (r < 0)
+ return r;
- r = sd_bus_enqueue_for_read(sd_bus_message_get_bus(q->request), q->request);
- if (r < 0)
- return r;
+ r = sd_bus_enqueue_for_read(q->bus, q->request);
+ if (r < 0)
+ return r;
+ }
+
+ if (q->link) {
+ r = varlink_dispatch_again(q->link);
+ if (r < 0)
+ return r;
+ }
return 1;
}
r = async_polkit_process_reply(reply, q);
if (r < 0) {
log_debug_errno(r, "Processing asynchronous PolicyKit reply failed, ignoring: %m");
- (void) sd_bus_reply_method_errno(q->request, r, NULL);
+ if (q->request)
+ (void) sd_bus_reply_method_errno(q->request, r, NULL);
+ if (q->link)
+ varlink_error_errno(q->link, r);
async_polkit_query_unref(q);
}
return r;
assert(q);
assert(action);
- assert(ret_error);
LIST_FOREACH(authorized, a, q->authorized_actions)
if (streq(a->action, action) && strv_equal(a->details, (char**) details))
- return 1;
+ return 1; /* Allow! */
if (q->error_action && streq(q->error_action->action, action))
return sd_bus_error_copy(ret_error, &q->error);
assert(registry);
assert(ret_error);
- r = check_good_user(call, good_user);
+ r = bus_message_check_good_user(call, good_user);
if (r != 0)
return r;
if (c > 0)
interactive = true;
- r = hashmap_ensure_allocated(registry, NULL);
- if (r < 0)
- return r;
-
- r = bus_message_new_polkit_auth_call(call, action, details, interactive, &pk);
+ r = bus_message_new_polkit_auth_call_for_bus(call, action, details, interactive, &pk);
if (r < 0)
return r;
*q = (AsyncPolkitQuery) {
.n_ref = 1,
.request = sd_bus_message_ref(call),
+ .bus = sd_bus_ref(sd_bus_message_get_bus(call)),
};
}
return -ENOMEM;
if (!q->registry) {
- r = hashmap_put(*registry, call, q);
+ r = hashmap_ensure_put(registry, &async_polkit_query_hash_ops, call, q);
if (r < 0)
return r;
return -EACCES;
}
-Hashmap *bus_verify_polkit_async_registry_free(Hashmap *registry) {
+static int varlink_check_good_user(Varlink *link, uid_t good_user) {
+ int r;
+
+ assert(link);
+
+ if (good_user == UID_INVALID)
+ return false;
+
+ uid_t peer_uid;
+ r = varlink_get_peer_uid(link, &peer_uid);
+ if (r < 0)
+ return r;
+
+ return good_user == peer_uid;
+}
+
+static int varlink_check_peer_privilege(Varlink *link) {
+ int r;
+
+ assert(link);
+
+ uid_t peer_uid;
+ r = varlink_get_peer_uid(link, &peer_uid);
+ if (r < 0)
+ return r;
+
+ uid_t our_uid = getuid();
+ return peer_uid == our_uid ||
+ (our_uid != 0 && peer_uid == 0);
+}
+
+#if ENABLE_POLKIT
+static int bus_message_new_polkit_auth_call_for_varlink(
+ sd_bus *bus,
+ Varlink *link,
+ const char *action,
+ const char **details,
+ bool interactive,
+ sd_bus_message **ret) {
+
+ _cleanup_(sd_bus_message_unrefp) sd_bus_message *c = NULL;
+ _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
+ int r;
+
+ assert(bus);
+ assert(link);
+ assert(action);
+ assert(ret);
+
+ r = varlink_get_peer_pidref(link, &pidref);
+ if (r < 0)
+ return r;
+ if (r == 0) /* if we couldn't get a pidfd this returns == 0 */
+ return log_debug_errno(SYNTHETIC_ERRNO(EPERM), "Failed to get peer pidfd, cannot securely authenticate.");
+
+ uid_t uid;
+ r = varlink_get_peer_uid(link, &uid);
+ if (r < 0)
+ return r;
+
+ r = sd_bus_message_new_method_call(
+ bus,
+ &c,
+ "org.freedesktop.PolicyKit1",
+ "/org/freedesktop/PolicyKit1/Authority",
+ "org.freedesktop.PolicyKit1.Authority",
+ "CheckAuthorization");
+ if (r < 0)
+ return r;
+
+ r = sd_bus_message_append(
+ c,
+ "(sa{sv})s",
+ "unix-process", 2,
+ "pidfd", "h", (uint32_t) pidref.fd,
+ "uid", "i", (int32_t) uid,
+ action);
+ if (r < 0)
+ return r;
+
+ r = bus_message_append_strv_key_value(c, details);
+ if (r < 0)
+ return r;
+
+ r = sd_bus_message_append(c, "us", interactive, NULL);
+ if (r < 0)
+ return r;
+
+ *ret = TAKE_PTR(c);
+ return 0;
+}
+
+static bool varlink_allow_interactive_authentication(Varlink *link) {
+ _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
+ int r;
+
+ assert(link);
+
+ /* We look for the allowInteractiveAuthentication field in the message currently being dispatched,
+ * always under the same name. */
+
+ r = varlink_get_current_parameters(link, &v);
+ if (r < 0)
+ return r;
+
+ JsonVariant *b;
+ b = json_variant_by_key(v, "allowInteractiveAuthentication");
+ if (b) {
+ if (json_variant_is_boolean(b))
+ return json_variant_boolean(b);
+
+ log_debug("Incoming 'allowInteractiveAuthentication' field is not a boolean, ignoring.");
+ }
+
+ return false;
+}
+#endif
+
+int varlink_verify_polkit_async(
+ Varlink *link,
+ sd_bus *bus,
+ const char *action,
+ const char **details,
+ uid_t good_user,
+ Hashmap **registry) {
+
+ int r;
+
+ assert(link);
+ assert(registry);
+
+ /* This is the same as bus_verify_polkit_async_full(), but authenticates the peer of a varlink
+ * connection rather than the sender of a bus message. */
+
+ r = varlink_check_good_user(link, good_user);
+ if (r != 0)
+ return r;
+
+ r = varlink_check_peer_privilege(link);
+ if (r != 0)
+ return r;
+
#if ENABLE_POLKIT
- return hashmap_free_with_destructor(registry, async_polkit_query_unref);
-#else
- assert(hashmap_isempty(registry));
- return hashmap_free(registry);
+ _cleanup_(async_polkit_query_unrefp) AsyncPolkitQuery *q = NULL;
+
+ q = async_polkit_query_ref(hashmap_get(*registry, link));
+ /* This is a repeated invocation of this function, hence let's check if we've already got
+ * a response from polkit for this action */
+ if (q) {
+ _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+ r = async_polkit_query_check_action(q, action, details, &error);
+ if (r < 0) {
+ /* Reply with a nice error */
+ if (sd_bus_error_has_name(&error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED))
+ return varlink_error(link, VARLINK_ERROR_INTERACTIVE_AUTHENTICATION_REQUIRED, NULL);
+
+ if (ERRNO_IS_NEG_PRIVILEGE(r))
+ return varlink_error(link, VARLINK_ERROR_PERMISSION_DENIED, NULL);
+
+ return r;
+ }
+ if (r > 0)
+ return r;
+ }
+
+ _cleanup_(sd_bus_unrefp) sd_bus *mybus = NULL;
+ if (!bus) {
+ r = sd_bus_open_system(&mybus);
+ if (r < 0)
+ return r;
+
+ r = sd_bus_attach_event(mybus, varlink_get_event(link), 0);
+ if (r < 0)
+ return r;
+
+ bus = mybus;
+ }
+
+ bool interactive = varlink_allow_interactive_authentication(link);
+
+ _cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL;
+ r = bus_message_new_polkit_auth_call_for_varlink(bus, link, action, details, interactive, &pk);
+ if (r < 0)
+ return r;
+
+ if (!q) {
+ q = new(AsyncPolkitQuery, 1);
+ if (!q)
+ return -ENOMEM;
+
+ *q = (AsyncPolkitQuery) {
+ .n_ref = 1,
+ .link = varlink_ref(link),
+ .bus = sd_bus_ref(bus),
+ };
+ }
+
+ assert(!q->action);
+ q->action = new(AsyncPolkitQueryAction, 1);
+ if (!q->action)
+ return -ENOMEM;
+
+ *q->action = (AsyncPolkitQueryAction) {
+ .action = strdup(action),
+ .details = strv_copy((char**) details),
+ };
+ if (!q->action->action || !q->action->details)
+ return -ENOMEM;
+
+ if (!q->registry) {
+ r = hashmap_ensure_put(registry, &async_polkit_query_hash_ops, link, q);
+ if (r < 0)
+ return r;
+
+ q->registry = *registry;
+ }
+
+ r = sd_bus_call_async(bus, &q->slot, pk, async_polkit_callback, q, 0);
+ if (r < 0)
+ return r;
+
+ TAKE_PTR(q);
+
+ return 0;
#endif
+
+ return -EACCES;
}
#include "hashmap.h"
#include "user-util.h"
+#include "varlink.h"
int bus_test_polkit(sd_bus_message *call, const char *action, const char **details, uid_t good_user, bool *_challenge, sd_bus_error *e);
return bus_verify_polkit_async_full(call, action, details, false, UID_INVALID, registry, ret_error);
}
-Hashmap *bus_verify_polkit_async_registry_free(Hashmap *registry);
+int varlink_verify_polkit_async(Varlink *link, sd_bus *bus, const char *action, const char **details, uid_t good_user, Hashmap **registry);
+
+/* A JsonDispatch initializer that makes sure the allowInteractiveAuthentication boolean field we want for
+ * polkit support in Varlink calls is ignored while regular dispatching (and does not result in errors
+ * regarding unexpected fields) */
+#define VARLINK_DISPATCH_POLKIT_FIELD { \
+ .name = "allowInteractiveAuthentication", \
+ .type = JSON_VARIANT_BOOLEAN, \
+ }
return 0;
}
- return 0;
+ return 1;
}
int config_parse_rlimit(
return r;
if (format_suffixes) {
- char *e = strv_endswith(name, format_suffixes);
+ char *e = endswith_strv(name, format_suffixes);
if (!e) /* Format suffix is required */
return -EINVAL;
return 0;
}
+static bool json_variant_is_sensitive_recursive(JsonVariant *v) {
+ if (!v)
+ return false;
+ if (json_variant_is_sensitive(v))
+ return true;
+ if (v == JSON_VARIANT_MAGIC_EMPTY_ARRAY ||
+ v == JSON_VARIANT_MAGIC_EMPTY_OBJECT)
+ return false;
+ if (!json_variant_is_regular(v))
+ return false;
+ if (!IN_SET(v->type, JSON_VARIANT_ARRAY, JSON_VARIANT_OBJECT))
+ return false;
+ if (v->is_reference)
+ return json_variant_is_sensitive_recursive(v->reference);
+
+ for (size_t i = 0; i < json_variant_elements(v); i++)
+ if (json_variant_is_sensitive_recursive(json_variant_by_index(v, i)))
+ return true;
+
+ return false;
+}
+
int json_variant_format(JsonVariant *v, JsonFormatFlags flags, char **ret) {
_cleanup_(memstream_done) MemStream m = {};
size_t sz;
if (flags & JSON_FORMAT_OFF)
return -ENOEXEC;
+ if ((flags & JSON_FORMAT_REFUSE_SENSITIVE))
+ if (json_variant_is_sensitive_recursive(v))
+ return -EPERM;
+
f = memstream_init(&m);
if (!f)
return -ENOMEM;
int json_variant_get_source(JsonVariant *v, const char **ret_source, unsigned *ret_line, unsigned *ret_column);
typedef enum JsonFormatFlags {
- JSON_FORMAT_NEWLINE = 1 << 0, /* suffix with newline */
- JSON_FORMAT_PRETTY = 1 << 1, /* add internal whitespace to appeal to human readers */
- JSON_FORMAT_PRETTY_AUTO = 1 << 2, /* same, but only if connected to a tty (and JSON_FORMAT_NEWLINE otherwise) */
- JSON_FORMAT_COLOR = 1 << 3, /* insert ANSI color sequences */
- JSON_FORMAT_COLOR_AUTO = 1 << 4, /* insert ANSI color sequences if colors_enabled() says so */
- JSON_FORMAT_SOURCE = 1 << 5, /* prefix with source filename/line/column */
- JSON_FORMAT_SSE = 1 << 6, /* prefix/suffix with W3C server-sent events */
- JSON_FORMAT_SEQ = 1 << 7, /* prefix/suffix with RFC 7464 application/json-seq */
- JSON_FORMAT_FLUSH = 1 << 8, /* call fflush() after dumping JSON */
- JSON_FORMAT_EMPTY_ARRAY = 1 << 9, /* output "[]" for empty input */
- JSON_FORMAT_OFF = 1 << 10, /* make json_variant_format() fail with -ENOEXEC */
+ JSON_FORMAT_NEWLINE = 1 << 0, /* suffix with newline */
+ JSON_FORMAT_PRETTY = 1 << 1, /* add internal whitespace to appeal to human readers */
+ JSON_FORMAT_PRETTY_AUTO = 1 << 2, /* same, but only if connected to a tty (and JSON_FORMAT_NEWLINE otherwise) */
+ JSON_FORMAT_COLOR = 1 << 3, /* insert ANSI color sequences */
+ JSON_FORMAT_COLOR_AUTO = 1 << 4, /* insert ANSI color sequences if colors_enabled() says so */
+ JSON_FORMAT_SOURCE = 1 << 5, /* prefix with source filename/line/column */
+ JSON_FORMAT_SSE = 1 << 6, /* prefix/suffix with W3C server-sent events */
+ JSON_FORMAT_SEQ = 1 << 7, /* prefix/suffix with RFC 7464 application/json-seq */
+ JSON_FORMAT_FLUSH = 1 << 8, /* call fflush() after dumping JSON */
+ JSON_FORMAT_EMPTY_ARRAY = 1 << 9, /* output "[]" for empty input */
+ JSON_FORMAT_OFF = 1 << 10, /* make json_variant_format() fail with -ENOEXEC */
+ JSON_FORMAT_REFUSE_SENSITIVE = 1 << 11, /* return EPERM if any node in the tree is marked as senstitive */
} JsonFormatFlags;
int json_variant_format(JsonVariant *v, JsonFormatFlags flags, char **ret);
JsonVariant *current;
VarlinkSymbol *current_method;
+ int peer_pidfd;
struct ucred ucred;
bool ucred_acquired:1;
.timeout = VARLINK_DEFAULT_TIMEOUT_USEC,
.af = -1,
+
+ .peer_pidfd = -EBADF,
};
*ret = v;
sigterm_wait(v->exec_pid);
v->exec_pid = 0;
}
+
+ v->peer_pidfd = safe_close(v->peer_pidfd);
}
static Varlink* varlink_destroy(Varlink *v) {
sz = e - begin + 1;
- varlink_log(v, "New incoming message: %s", begin); /* FIXME: should we output the whole message here before validation?
- * This may produce a non-printable journal entry if the message
- * is invalid. We may also expose privileged information. */
-
r = json_parse(begin, 0, &v->current, NULL, NULL);
if (r < 0) {
/* If we encounter a parse failure flush all data. We cannot possibly recover from this,
return r;
}
+int varlink_dispatch_again(Varlink *v) {
+ int r;
+
+ assert_return(v, -EINVAL);
+
+ /* If a method call handler could not process the method call just yet (for example because it needed
+ * some Polkit authentication first), then it can leave the call unanswered, do its thing, and then
+ * ask to be dispatched a second time, via this call. It will then be called again, for the same
+ * message */
+
+ if (v->state == VARLINK_DISCONNECTED)
+ return varlink_log_errno(v, SYNTHETIC_ERRNO(ENOTCONN), "Not connected.");
+ if (v->state != VARLINK_PENDING_METHOD)
+ return varlink_log_errno(v, SYNTHETIC_ERRNO(EBUSY), "Connection has no pending method.");
+
+ varlink_set_state(v, VARLINK_IDLE_SERVER);
+
+ r = sd_event_source_set_enabled(v->defer_event_source, SD_EVENT_ON);
+ if (r < 0)
+ return varlink_log_errno(v, r, "Failed to enable deferred event source: %m");
+
+ return 0;
+}
+
+int varlink_get_current_parameters(Varlink *v, JsonVariant **ret) {
+ JsonVariant *p;
+
+ assert_return(v, -EINVAL);
+
+ if (!v->current)
+ return -ENODATA;
+
+ p = json_variant_by_key(v->current, "parameters");
+ if (!p)
+ return -ENODATA;
+
+ if (ret)
+ *ret = json_variant_ref(p);
+
+ return 0;
+}
+
static void handle_revents(Varlink *v, int revents) {
assert(v);
static int varlink_format_json(Varlink *v, JsonVariant *m) {
_cleanup_(erase_and_freep) char *text = NULL;
+ bool sensitive = false;
int r;
assert(v);
assert(m);
- r = json_variant_format(m, 0, &text);
+ r = json_variant_format(m, JSON_FORMAT_REFUSE_SENSITIVE, &text);
+ if (r == -EPERM) {
+ sensitive = true;
+ r = json_variant_format(m, /* flags= */ 0, &text);
+ }
if (r < 0)
return r;
assert(text[r] == '\0');
if (v->output_buffer_size + r + 1 > VARLINK_BUFFER_MAX)
return -ENOBUFS;
- varlink_log(v, "Sending message: %s", text);
+ varlink_log(v, "Sending message: %s", sensitive ? "<sensitive data>" : text);
if (v->output_buffer_size == 0) {
v->output_buffer_index = 0;
}
- if (json_variant_is_sensitive(m))
+ if (sensitive)
v->output_buffer_sensitive = true; /* Propagate sensitive flag */
else
text = mfree(text); /* No point in the erase_and_free() destructor declared above */
return 0;
}
+static int varlink_acquire_pidfd(Varlink *v) {
+ assert(v);
+
+ if (v->peer_pidfd >= 0)
+ return 0;
+
+ v->peer_pidfd = getpeerpidfd(v->fd);
+ if (v->peer_pidfd < 0)
+ return v->peer_pidfd;
+
+ return 0;
+}
+
+int varlink_get_peer_pidref(Varlink *v, PidRef *ret) {
+ int r;
+
+ assert_return(v, -EINVAL);
+ assert_return(ret, -EINVAL);
+
+ /* Returns r > 0 if we acquired the pidref via SO_PEERPIDFD (i.e. if we can use it for
+ * authentication). Returns == 0 if we didn't, and the pidref should not be used for
+ * authentication. */
+
+ r = varlink_acquire_pidfd(v);
+ if (r < 0)
+ return r;
+
+ if (v->peer_pidfd < 0) {
+ pid_t pid;
+
+ r = varlink_get_peer_pid(v, &pid);
+ if (r < 0)
+ return r;
+
+ r = pidref_set_pid(ret, pid);
+ if (r < 0)
+ return r;
+
+ return 0; /* didn't get pidfd securely */
+ }
+
+ r = pidref_set_pidfd(ret, v->peer_pidfd);
+ if (r < 0)
+ return r;
+
+ return 1; /* got pidfd securely */
+}
+
int varlink_set_relative_timeout(Varlink *v, usec_t timeout) {
assert_return(v, -EINVAL);
assert_return(timeout > 0, -EINVAL);
#include "sd-event.h"
#include "json.h"
+#include "pidref.h"
#include "time-util.h"
#include "varlink-idl.h"
int varlink_notify(Varlink *v, JsonVariant *parameters);
int varlink_notifyb(Varlink *v, ...);
+/* Ask for the current message to be dispatched again */
+int varlink_dispatch_again(Varlink *v);
+
+/* Get the currently processed incoming message */
+int varlink_get_current_parameters(Varlink *v, JsonVariant **ret);
+
/* Parsing incoming data via json_dispatch() and generate a nice error on parse errors */
int varlink_dispatch(Varlink *v, JsonVariant *parameters, const JsonDispatch table[], void *userdata);
int varlink_get_peer_uid(Varlink *v, uid_t *ret);
int varlink_get_peer_pid(Varlink *v, pid_t *ret);
+int varlink_get_peer_pidref(Varlink *v, PidRef *ret);
int varlink_set_relative_timeout(Varlink *v, usec_t usec);
/* This one we invented, and use for generically propagating system errors (errno) to clients */
#define VARLINK_ERROR_SYSTEM "io.systemd.System"
+/* This one we invented and is a weaker version of "org.varlink.service.PermissionDenied", and indicates that if user would allow interactive auth, we might allow access */
+#define VARLINK_ERROR_INTERACTIVE_AUTHENTICATION_REQUIRED "io.systemd.InteractiveAuthenticationRequired"
+
/* These are errors defined in the Varlink spec */
#define VARLINK_ERROR_INTERFACE_NOT_FOUND "org.varlink.service.InterfaceNotFound"
#define VARLINK_ERROR_METHOD_NOT_FOUND "org.varlink.service.MethodNotFound"
assert_se(json_variant_has_type(w, json_variant_type(v)));
assert_se(json_variant_equal(v, w));
+ s = mfree(s);
+ r = json_variant_format(w, JSON_FORMAT_REFUSE_SENSITIVE, &s);
+ assert_se(r == -EPERM);
+ assert_se(!s);
+
+ s = mfree(s);
+ r = json_variant_format(w, JSON_FORMAT_PRETTY, &s);
+ assert_se(r >= 0);
+ assert_se(s);
+ assert_se((size_t) r == strlen(s));
+
s = mfree(s);
w = json_variant_unref(w);
assert_se(foobar.l == INT16_MIN);
}
+TEST(json_sensitive) {
+ _cleanup_(json_variant_unrefp) JsonVariant *a = NULL, *b = NULL, *v = NULL;
+ _cleanup_free_ char *s = NULL;
+ int r;
+
+ assert_se(json_build(&a, JSON_BUILD_STRV(STRV_MAKE("foo", "bar", "baz", "bar", "baz", "foo", "qux", "baz"))) >= 0);
+ assert_se(json_build(&b, JSON_BUILD_STRV(STRV_MAKE("foo", "bar", "baz", "qux"))) >= 0);
+
+ json_variant_sensitive(a);
+
+ assert_se(json_variant_format(a, JSON_FORMAT_REFUSE_SENSITIVE, &s) == -EPERM);
+ assert_se(!s);
+
+ r = json_variant_format(b, JSON_FORMAT_REFUSE_SENSITIVE, &s);
+ assert_se(r >= 0);
+ assert_se(s);
+ assert_se((size_t) r == strlen(s));
+ s = mfree(s);
+
+ assert_se(json_build(&v, JSON_BUILD_OBJECT(
+ JSON_BUILD_PAIR("c", JSON_BUILD_INTEGER(INT64_MIN)),
+ JSON_BUILD_PAIR("d", JSON_BUILD_STRING("-9223372036854775808")),
+ JSON_BUILD_PAIR("e", JSON_BUILD_EMPTY_OBJECT))) >= 0);
+ json_variant_dump(v, JSON_FORMAT_COLOR|JSON_FORMAT_PRETTY, NULL, NULL);
+
+ r = json_variant_format(v, JSON_FORMAT_REFUSE_SENSITIVE, &s);
+ assert_se(r >= 0);
+ assert_se(s);
+ assert_se((size_t) r == strlen(s));
+ s = mfree(s);
+ v = json_variant_unref(v);
+
+ assert_se(json_build(&v, JSON_BUILD_OBJECT(
+ JSON_BUILD_PAIR_VARIANT("b", b),
+ JSON_BUILD_PAIR("c", JSON_BUILD_INTEGER(INT64_MIN)),
+ JSON_BUILD_PAIR("d", JSON_BUILD_STRING("-9223372036854775808")),
+ JSON_BUILD_PAIR("e", JSON_BUILD_EMPTY_OBJECT))) >= 0);
+ json_variant_dump(v, JSON_FORMAT_COLOR|JSON_FORMAT_PRETTY, NULL, NULL);
+
+ r = json_variant_format(v, JSON_FORMAT_REFUSE_SENSITIVE, &s);
+ assert_se(r >= 0);
+ assert_se(s);
+ assert_se((size_t) r == strlen(s));
+ s = mfree(s);
+ v = json_variant_unref(v);
+
+ assert_se(json_build(&v, JSON_BUILD_OBJECT(
+ JSON_BUILD_PAIR_VARIANT("b", b),
+ JSON_BUILD_PAIR_VARIANT("a", a),
+ JSON_BUILD_PAIR("c", JSON_BUILD_INTEGER(INT64_MIN)),
+ JSON_BUILD_PAIR("d", JSON_BUILD_STRING("-9223372036854775808")),
+ JSON_BUILD_PAIR("e", JSON_BUILD_EMPTY_OBJECT))) >= 0);
+ json_variant_dump(v, JSON_FORMAT_COLOR|JSON_FORMAT_PRETTY, NULL, NULL);
+
+ assert_se(json_variant_format(v, JSON_FORMAT_REFUSE_SENSITIVE, &s) == -EPERM);
+ assert_se(!s);
+ v = json_variant_unref(v);
+
+ assert_se(json_build(&v, JSON_BUILD_OBJECT(
+ JSON_BUILD_PAIR_VARIANT("b", b),
+ JSON_BUILD_PAIR("c", JSON_BUILD_INTEGER(INT64_MIN)),
+ JSON_BUILD_PAIR_VARIANT("a", a),
+ JSON_BUILD_PAIR("d", JSON_BUILD_STRING("-9223372036854775808")),
+ JSON_BUILD_PAIR("e", JSON_BUILD_EMPTY_OBJECT))) >= 0);
+ json_variant_dump(v, JSON_FORMAT_COLOR|JSON_FORMAT_PRETTY, NULL, NULL);
+
+ assert_se(json_variant_format(v, JSON_FORMAT_REFUSE_SENSITIVE, &s) == -EPERM);
+ assert_se(!s);
+ v = json_variant_unref(v);
+
+ assert_se(json_build(&v, JSON_BUILD_OBJECT(
+ JSON_BUILD_PAIR_VARIANT("b", b),
+ JSON_BUILD_PAIR("c", JSON_BUILD_INTEGER(INT64_MIN)),
+ JSON_BUILD_PAIR("d", JSON_BUILD_STRING("-9223372036854775808")),
+ JSON_BUILD_PAIR_VARIANT("a", a),
+ JSON_BUILD_PAIR("e", JSON_BUILD_EMPTY_OBJECT))) >= 0);
+ json_variant_dump(v, JSON_FORMAT_COLOR|JSON_FORMAT_PRETTY, NULL, NULL);
+
+ assert_se(json_variant_format(v, JSON_FORMAT_REFUSE_SENSITIVE, &s) == -EPERM);
+ assert_se(!s);
+ v = json_variant_unref(v);
+
+ assert_se(json_build(&v, JSON_BUILD_OBJECT(
+ JSON_BUILD_PAIR_VARIANT("b", b),
+ JSON_BUILD_PAIR("c", JSON_BUILD_INTEGER(INT64_MIN)),
+ JSON_BUILD_PAIR("d", JSON_BUILD_STRING("-9223372036854775808")),
+ JSON_BUILD_PAIR("e", JSON_BUILD_EMPTY_OBJECT),
+ JSON_BUILD_PAIR_VARIANT("a", a))) >= 0);
+ json_variant_dump(v, JSON_FORMAT_COLOR|JSON_FORMAT_PRETTY, NULL, NULL);
+
+ assert_se(json_variant_format(v, JSON_FORMAT_REFUSE_SENSITIVE, &s) == -EPERM);
+ assert_se(!s);
+}
+
DEFINE_TEST_MAIN(LOG_DEBUG);
}
}
+TEST(pid_get_start_time) {
+ _cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
+
+ assert_se(pidref_set_self(&pidref) >= 0);
+
+ uint64_t start_time;
+ assert_se(pidref_get_start_time(&pidref, &start_time) >= 0);
+ log_info("our starttime: %" PRIu64, start_time);
+
+ _cleanup_(pidref_done_sigkill_wait) PidRef child = PIDREF_NULL;
+
+ assert_se(pidref_safe_fork("(stub)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS, &child) >= 0);
+
+ uint64_t start_time2;
+ assert_se(pidref_get_start_time(&child, &start_time2) >= 0);
+
+ log_info("child starttime: %" PRIu64, start_time2);
+
+ assert_se(start_time2 >= start_time);
+}
+
static int intro(void) {
log_show_color(true);
return EXIT_SUCCESS;
assert_se(streq_ptr(strv_find_first_field(STRV_MAKE("i", "k", "l", "m", "d", "c", "a", "b"), haystack), "j"));
}
-TEST(strv_endswith) {
- assert_se(streq_ptr(strv_endswith("waldo", STRV_MAKE("xxx", "yyy", "ldo", "zzz")), "ldo"));
- assert_se(streq_ptr(strv_endswith("waldo", STRV_MAKE("xxx", "yyy", "zzz")), NULL));
- assert_se(streq_ptr(strv_endswith("waldo", STRV_MAKE("waldo")), "waldo"));
- assert_se(streq_ptr(strv_endswith("waldo", STRV_MAKE("w", "o", "ldo")), "o"));
- assert_se(streq_ptr(strv_endswith("waldo", STRV_MAKE("knurz", "", "waldo")), ""));
+TEST(endswith_strv) {
+ assert_se(streq_ptr(endswith_strv("waldo", STRV_MAKE("xxx", "yyy", "ldo", "zzz")), "ldo"));
+ assert_se(streq_ptr(endswith_strv("waldo", STRV_MAKE("xxx", "yyy", "zzz")), NULL));
+ assert_se(streq_ptr(endswith_strv("waldo", STRV_MAKE("waldo")), "waldo"));
+ assert_se(streq_ptr(endswith_strv("waldo", STRV_MAKE("w", "o", "ldo")), "o"));
+ assert_se(streq_ptr(endswith_strv("waldo", STRV_MAKE("knurz", "", "waldo")), ""));
}
DEFINE_TEST_MAIN(LOG_INFO);
assert(c);
free(c->zone);
- bus_verify_polkit_async_registry_free(c->polkit_registry);
+ hashmap_free(c->polkit_registry);
sd_bus_message_unref(c->cache);
sd_bus_slot_unref(c->slot_job_removed);
sd_bus_flush_close_unref(m->bus);
- bus_verify_polkit_async_registry_free(m->polkit_registry);
+ hashmap_free(m->polkit_registry);
return mfree(m);
}
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include "generator.h"
+#include "parse-util.h"
#include "proc-cmdline.h"
#include "special.h"
#include "tpm2-util.h"
-#include "parse-util.h"
/* A small generator that enqueues tpm2.target as synchronization point if the TPM2 device hasn't shown up
* yet, but the firmware reports it to exist. This is supposed to deal with systems where the TPM2 driver
pages = glob.glob(source_glob)
pages = (p for p in pages
if Path(p).name not in {
+ 'standard-conf.xml',
'systemd.directives.xml',
'systemd.index.xml',
'directives-template.xml'})
[Socket]
ListenStream=/run/systemd/io.systemd.Credentials
FileDescriptorName=varlink
-SocketMode=0600
+SocketMode=0666
Accept=yes
[Install]