These specifiers require NSS lookups to work, and we really shouldn't do
them from PID 1 hence. With this change they are now only supported for
user systemd instance, or when the configured user for a unit is root.
This uses --enable=all mode. Should be taken with a grain of salt
though. While many recommendations make sense we should probably keep
"int r" always on function scope, and many of the portability warnings
really don't matter to us because we only care for Linux/glibc.
We have lots of questions from people who assume that shell syntax works
here, so let's be very explicit what is allowed and what is not. A few
examples should also help.
bus: when connecting to a container's kdbus instance, enter namespace first
Previously we'd open the connection in the originating namespace, which
meant most peers of the bus would not be able to make sense of the
PID/UID/... identity of us since we didn't exist in the namespace they
run in. However they require this identity for privilege decisions,
hence disallowing access to anything from the host.
Instead, when connecting to a container, create a temporary subprocess,
make it join the container's namespace and then connect from there to
the kdbus instance. This is similar to how we do it for socket
conections already.
THis also unifies the namespacing code used by machinectl and the bus
APIs.
Lukasz Skalski [Fri, 13 Dec 2013 11:12:24 +0000 (12:12 +0100)]
libsystemd-bus: the same error codes for sd_bus_release_name() (for kdbus and dbus1)
Due to this patch, sd_bus_release_name() function
returns the same code errors for kdbus and dbus1
if we try release non-existing name or foreign
name.
event: when unreffing an event source from its own handler, detach fd from epoll
The pattern of unreffing an IO event source and then closing its fd is
frequently seen in even source callbacks. Previously this likely
resultet in us removing the fd from the epoll after it was closed which
is problematic, since while we were dispatching we always kept an extra
reference to event source objects because we might still need it later.
With this change a failing event source handler will not cause the
entire event loop to fail. Instead, we just disable the specific event
source, log a message at debug level and go on.
This also introduces a new concept of "exit code" which can be stored in
the event loop and is returned by sd_event_loop(). We also rename "quit"
to "exit" everywhere else.
Altogether this should make things more robus and keep errors local
while still providing a way to return event loop errors in a clear way.
Shawn Landden [Thu, 12 Dec 2013 18:00:03 +0000 (10:00 -0800)]
timedatectl: work with old timedated
Which does have TimeUSec. Should we specifically check for this method
instead of assuming time=0 means it doesn't exist?
Before:
shawn@debian-T61:~/git/systemd$ ./timedatectl
Local time: Wed 1969-12-31 16:00:00 PST
Universal time: Thu 1970-01-01 00:00:00 UTC
RTC time: n/a
Timezone: America/Los_Angeles (PST, -0800)
NTP enabled: n/a
NTP synchronized: no
RTC in local TZ: no
DST active: no
Last DST change: DST ended at
Sun 1969-10-26 01:59:59 PDT
Sun 1969-10-26 01:00:00 PST
Next DST change: DST begins (the clock jumps one hour forward) at
Sun 1970-04-26 01:59:59 PST
Sun 1970-04-26 03:00:00 PDT
After:
shawn@debian-T61:~/git/systemd$ ./timedatectl
Local time: Wed 2013-12-11 14:03:21 PST
Universal time: Wed 2013-12-11 22:03:21 UTC
RTC time: n/a
Timezone: America/Los_Angeles (PST, -0800)
NTP enabled: n/a
NTP synchronized: no
RTC in local TZ: no
DST active: no
Last DST change: DST ended at
Sun 2013-11-03 01:59:59 PDT
Sun 2013-11-03 01:00:00 PST
Next DST change: DST begins (the clock jumps one hour forward) at
Sun 2014-03-09 01:59:59 PST
Sun 2014-03-09 03:00:00 PDT
Patrik Flykt [Mon, 9 Dec 2013 21:43:29 +0000 (23:43 +0200)]
dhcp: Process DHCP Ack/Nak message
Process a DHCP Ack/Nak in much the same way as an DHCP Offer. Factor
out header verification and process options sent. Add notification
functionality with discrete values for the outcome of the DHCP Ack/
Nak processing.
Patrik Flykt [Mon, 9 Dec 2013 21:43:28 +0000 (23:43 +0200)]
dhcp: Add maximum message size option
Add maximum message size option to keep some DHCP server implementations
from sending too big messages. See ConnMan commit 0c5c862749c05193cf4c513628328c6db02b5222.
Patrik Flykt [Mon, 9 Dec 2013 21:43:27 +0000 (23:43 +0200)]
dhcp: Send DHCP Request to acquire an IP address
Create and send a DHCP Request message reusing already existing parts
of the code. This causes factoring out IP and UDP header creation and
moving next timeout calculation to be done every time in the timer
callback function independent of DHCP state. Also add an exponential
part to the timer calculation, bail out if there are errors while
resending the DHCP message for the sixth or more times.
Patrik Flykt [Mon, 9 Dec 2013 21:43:26 +0000 (23:43 +0200)]
dhcp: Handle received DHCP Offer message
Create a function for handling the full IP, UDP and DHCP packet
and tie it to the main loop. Verify IP and UDP headers and checksum.
Creat a new lease structure with using the values supplied in the
DHCP message. Free the lease structure when client is stopped.
Split out socket handling into a creation and a sending part. As a
result modify the test code.
Patrik Flykt [Mon, 9 Dec 2013 21:43:25 +0000 (23:43 +0200)]
dhcp: Add timeout and main loop support
Require a main loop to be set when creating a DHCP client. Set up
a timer to resend DHCP Discover messages and add a 0-2 second
delay to the timeout value. Move to state Selecting after successful
sending of a Discover message.
"Certain DHCP servers, such as that implemented in Mac OS X
(< 10.7) for its "Internet Sharing" feature, refuse to issue
a DHCP lease to clients that have not set a non-zero value
in their DISCOVER or REQUEST packets."
Patrik Flykt [Mon, 9 Dec 2013 21:43:21 +0000 (23:43 +0200)]
dhcp: Add test for discover DHCP packet creation
Set a fake MAC address and emulate raw packet sending. When the buffer
containing the Discover message is received, check selected IP and
UDP headers and compute IP header and UDP message checksums. Also
send the DHCP message for option parsing and expect a successful
outcome.
Patrik Flykt [Mon, 9 Dec 2013 21:43:19 +0000 (23:43 +0200)]
dhcp: Add DHCP discover sending
On starting the client, use the supplied interface mac address and create
a transaction id. Puzzle together an IP/UDP/DHCP Discover message, compute
checksums and send it out as a raw packet.
Create an additional function that constructs default options common to
all DHCP messages.
Patrik Flykt [Mon, 9 Dec 2013 21:43:18 +0000 (23:43 +0200)]
dhcp: Add function for sending a raw packet
Open a packet socket, create a link level header, send packet and
close socket. Adding it to a separate file makes testing of the
DHCP sending much easier, as the test program can supply any socket
to the DHCP client code.
Patrik Flykt [Mon, 9 Dec 2013 21:43:15 +0000 (23:43 +0200)]
dhcp: Add option append tests
Add checks for invalid lengths and parameters when using the option
appending function. Add also checks for adding options, see to it
that the resulting array is identical to the array of options added.
Patrik Flykt [Mon, 9 Dec 2013 21:43:14 +0000 (23:43 +0200)]
dhcp: Add tests for DHCP options, file and sname fields
Add a structure describing the DHCP file, sname and trailing options
fields. Create a messge holding these fields and call the internal
option parsing function.
In the test callback function verify that only regular options are
passed and figure out which part of the DHCP message is the one that
is being processed. As the test program knows the full contents of
the test options in the test structure, skip all non-regular fields
and verify that the option provided to the callback indeed is the
one expected. Check also if non-regular option fields are to be
ignored in the end of the option field as the callback is not called
again and the final check when the whole message has been processed
needs to be successful.
Add a boolean flag for pretty-printing, anticipate there will be a
nice option to toggle it in the future.
Patrik Flykt [Mon, 9 Dec 2013 21:43:11 +0000 (23:43 +0200)]
dhcp: Add option appending and parsing
Add functions to append and parse DHCP options. Not all options
are passed to the callback function, the ones not exposed are
pad, end, message type and overload. If indicated by the overload
option, file and sname fields will be examined for more options.
The option functions are internal to DHCP, add a new header files
for interal function prototypes.
Patrik Flykt [Mon, 9 Dec 2013 21:43:08 +0000 (23:43 +0200)]
dhcp: Add DHCP client initialization
Provide functionality for initializing a DHCP client struct, setting
interface index, last used address and additional options to request.
On initialization the most useful options are added by default.