<structname>sd_journal</structname> objects might cause optional shared libraries to be dynamically
loaded via
<citerefentry project='man-pages'><refentrytitle>dlopen</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
- such as decompression libraries (xz, lz4, zstd) or cryptographic libraries (gcrypt).
+ such as decompression libraries (xz, lz4, zstd).
</para>
</refsect1>
install_tag: 'libsystemd',
install_dir : libdir,
pic : static_libsystemd_pic,
- dependencies : [libgcrypt_cflags,
- liblz4_cflags,
+ dependencies : [liblz4_cflags,
libm,
libucontext,
libxz_cflags,
'format-ifname.c',
'format-util.c',
'fs-util.c',
- 'gcrypt-util.c',
'glob-util.c',
'glyph-util.c',
'gunicode.c',
include_directories : basic_includes,
implicit_include_directories : false,
dependencies : [libbzip2_cflags,
- libgcrypt_cflags,
liblz4_cflags,
libxz_cflags,
libz_cflags,
#include "format-util.h"
#include "fileio.h"
#include "hashmap.h"
+#include "journal-authenticate.h"
#include "journal-compression-util.h"
#include "journal-remote.h"
#include "journal-remote-write.h"
log_setup();
+ journal_auth_init();
+
r = parse_config();
if (r < 0)
return r;
#include "format-table.h"
#include "format-util.h"
#include "hashmap.h"
+#include "journal-authenticate.h"
#include "journal-internal.h"
#include "journal-verify.h"
#include "journalctl.h"
assert(arg_action == ACTION_VERIFY);
+ journal_auth_init();
+
r = acquire_journal(&j);
if (r < 0)
return r;
sigbus_install();
+ journal_auth_init();
+
r = manager_new(&m);
if (r < 0)
return log_oom();
sd_journal_sources = files(
'sd-journal/audit-type.c',
'sd-journal/catalog.c',
- 'sd-journal/fsprg.c',
- 'sd-journal/journal-authenticate.c',
'sd-journal/journal-authenticate-internal.c',
'sd-journal/journal-file.c',
'sd-journal/journal-send.c',
/* SPDX-License-Identifier: LGPL-2.1-or-later */
-#include "journal-authenticate.h"
#include "journal-authenticate-internal.h"
#include "journal-file.h"
+static const JournalAuthOps *auth_ops = NULL;
+
+void journal_auth_set_ops(const JournalAuthOps *ops) {
+ assert(ops);
+ assert(!auth_ops || auth_ops == ops);
+
+ auth_ops = ops;
+}
+
void journal_file_auth_done(JournalFile *f) {
assert(f);
-#if HAVE_GCRYPT
- f->auth_context = journal_auth_free(f->auth_context);
-#endif
+ if (!auth_ops)
+ return;
+
+ assert(auth_ops->free);
+ f->auth_context = auth_ops->free(f->auth_context);
}
int journal_file_auth_load(JournalFile *f) {
assert(f);
-#if HAVE_GCRYPT
- return journal_auth_load(&f->auth_context);
-#else
- return -EOPNOTSUPP;
-#endif
+ if (!auth_ops)
+ return -EOPNOTSUPP;
+
+ if (f->auth_context)
+ return -EBUSY;
+
+ assert(auth_ops->load);
+ return auth_ops->load(&f->auth_context);
}
int journal_file_auth_load_key(JournalFile *f, const char *key) {
assert(f);
-#if HAVE_GCRYPT
- return journal_auth_load_key(&f->auth_context, key);
-#else
- return -EOPNOTSUPP;
-#endif
+ if (!auth_ops)
+ return -EOPNOTSUPP;
+
+ if (f->auth_context)
+ return -EBUSY;
+
+ assert(auth_ops->load_key);
+ return auth_ops->load_key(&f->auth_context, key);
}
int journal_file_auth_epoch_to_realtime_usec(JournalFile *f, uint64_t epoch, usec_t *ret_start, usec_t *ret_end) {
if (!JOURNAL_HEADER_SEALED(f->header))
return -EOPNOTSUPP;
-#if HAVE_GCRYPT
- return journal_auth_epoch_to_realtime_usec(f->auth_context, epoch, ret_start, ret_end);
-#else
- assert_not_reached();
-#endif
+ assert(auth_ops);
+ assert(auth_ops->epoch_to_realtime_usec);
+ return auth_ops->epoch_to_realtime_usec(f->auth_context, epoch, ret_start, ret_end);
}
int journal_file_auth_next_evolve_usec(JournalFile *f, usec_t *ret) {
if (!JOURNAL_HEADER_SEALED(f->header))
return -EOPNOTSUPP;
-#if HAVE_GCRYPT
- return journal_auth_next_evolve_usec(f->auth_context, ret);
-#else
- assert_not_reached();
-#endif
+ assert(auth_ops);
+ assert(auth_ops->next_evolve_usec);
+ return auth_ops->next_evolve_usec(f->auth_context, ret);
}
int journal_file_auth_seek(JournalFile *f, uint64_t goal) {
if (!JOURNAL_HEADER_SEALED(f->header))
return 0;
-#if HAVE_GCRYPT
- return journal_auth_seek(f->auth_context, goal);
-#else
- assert_not_reached();
-#endif
+ assert(auth_ops);
+ assert(auth_ops->seek);
+ return auth_ops->seek(f->auth_context, goal);
}
int journal_file_auth_start(JournalFile *f) {
if (!JOURNAL_HEADER_SEALED(f->header))
return 0;
-#if HAVE_GCRYPT
- return journal_auth_start(f->auth_context);
-#else
- assert_not_reached();
-#endif
+ assert(auth_ops);
+ assert(auth_ops->start);
+ return auth_ops->start(f->auth_context);
}
int journal_file_auth_end(JournalFile *f, uint8_t ret[static TAG_LENGTH]) {
if (!JOURNAL_HEADER_SEALED(f->header))
return -EOPNOTSUPP;
-#if HAVE_GCRYPT
- return journal_auth_end(f->auth_context, ret);
-#else
- assert_not_reached();
-#endif
+ assert(auth_ops);
+ assert(auth_ops->end);
+ return auth_ops->end(f->auth_context, ret);
}
int journal_file_auth_put_header(JournalFile *f) {
if (!JOURNAL_HEADER_SEALED(f->header))
return 0;
-#if HAVE_GCRYPT
- return journal_auth_put_header(f->auth_context, f);
-#else
- assert_not_reached();
-#endif
+ assert(auth_ops);
+ assert(auth_ops->put_header);
+ return auth_ops->put_header(f->auth_context, f);
}
int journal_file_auth_put_object(JournalFile *f, ObjectType type, Object *o, uint64_t p) {
if (!JOURNAL_HEADER_SEALED(f->header))
return 0;
-#if HAVE_GCRYPT
- return journal_auth_put_object(f->auth_context, f, type, o, p);
-#else
- assert_not_reached();
-#endif
+ assert(auth_ops);
+ assert(auth_ops->put_object);
+ return auth_ops->put_object(f->auth_context, f, type, o, p);
}
int journal_file_auth_append_tag(JournalFile *f) {
if (!journal_file_writable(f))
return 0;
-#if HAVE_GCRYPT
- return journal_auth_append_tag(f->auth_context, f);
-#else
- assert_not_reached();
-#endif
+ assert(auth_ops);
+ assert(auth_ops->append_tag);
+ return auth_ops->append_tag(f->auth_context, f);
}
int journal_file_auth_append_tag_first(JournalFile *f) {
if (!journal_file_writable(f))
return 0;
-#if HAVE_GCRYPT
- return journal_auth_append_tag_first(f->auth_context, f);
-#else
- assert_not_reached();
-#endif
+ assert(auth_ops);
+ assert(auth_ops->append_tag_first);
+ return auth_ops->append_tag_first(f->auth_context, f);
}
int journal_file_auth_append_tag_maybe(JournalFile *f, usec_t realtime) {
if (!journal_file_writable(f))
return 0;
-#if HAVE_GCRYPT
- return journal_auth_append_tag_maybe(f->auth_context, f, realtime);
-#else
- assert_not_reached();
-#endif
+ assert(auth_ops);
+ assert(auth_ops->append_tag_maybe);
+ return auth_ops->append_tag_maybe(f->auth_context, f, realtime);
}
#include "journal-def.h"
#include "sd-forward.h"
+typedef struct JournalAuthOps {
+ JournalAuthContext* (*free)(JournalAuthContext *c);
+ int (*load)(JournalAuthContext **ret);
+ int (*load_key)(JournalAuthContext **ret, const char *key);
+ int (*epoch_to_realtime_usec)(const JournalAuthContext *c, uint64_t epoch, usec_t *ret_start, usec_t *ret_end);
+ int (*next_evolve_usec)(const JournalAuthContext *c, usec_t *ret);
+ int (*seek)(JournalAuthContext *c, uint64_t goal);
+ int (*start)(JournalAuthContext *c);
+ int (*end)(JournalAuthContext *c, uint8_t ret[static TAG_LENGTH]);
+ int (*put_header)(JournalAuthContext *c, JournalFile *f);
+ int (*put_object)(JournalAuthContext *c, JournalFile *f, ObjectType type, Object *o, uint64_t p);
+ int (*append_tag)(JournalAuthContext *c, JournalFile *f);
+ int (*append_tag_first)(JournalAuthContext *c, JournalFile *f);
+ int (*append_tag_maybe)(JournalAuthContext *c, JournalFile *f, usec_t realtime);
+} JournalAuthOps;
+
+void journal_auth_set_ops(const JournalAuthOps *ops);
+
void journal_file_auth_done(JournalFile *f);
int journal_file_auth_load(JournalFile *f);
int journal_file_auth_load_key(JournalFile *f, const char *key);
+++ /dev/null
-/* SPDX-License-Identifier: LGPL-2.1-or-later */
-#pragma once
-
-#include "journal-authenticate-internal.h" /* IWYU pragma: export */
-#include "journal-def.h"
-#include "sd-forward.h"
-
-#if HAVE_GCRYPT
-
-JournalAuthContext* journal_auth_free(JournalAuthContext *c);
-int journal_auth_load(JournalAuthContext **ret);
-int journal_auth_load_key(JournalAuthContext **ret, const char *key);
-int journal_auth_epoch_to_realtime_usec(const JournalAuthContext *c, uint64_t epoch, usec_t *ret_start, usec_t *ret_end);
-int journal_auth_next_evolve_usec(const JournalAuthContext *c, usec_t *ret);
-int journal_auth_seek(JournalAuthContext *c, uint64_t goal);
-int journal_auth_start(JournalAuthContext *c);
-int journal_auth_end(JournalAuthContext *c, uint8_t ret[static TAG_LENGTH]);
-int journal_auth_put_header(JournalAuthContext *c, JournalFile *f);
-int journal_auth_put_object(JournalAuthContext *c, JournalFile *f, ObjectType type, Object *o, uint64_t p);
-int journal_auth_append_tag(JournalAuthContext *c, JournalFile *f);
-int journal_auth_append_tag_first(JournalAuthContext *c, JournalFile *f);
-int journal_auth_append_tag_maybe(JournalAuthContext *c, JournalFile *f, usec_t realtime);
-
-#endif
#include "chattr-util.h"
#include "fd-util.h"
#include "iovec-util.h"
+#include "journal-authenticate.h"
#include "journal-file-util.h"
#include "journal-verify.h"
#include "log.h"
const char *verification_key = NULL;
int max_iterations = 512;
+ journal_auth_init();
+
if (argc > 1) {
/* Don't limit the number of iterations when the verification key
* is provided on the command line, we want to do that only in CIs */
if (access("/etc/machine-id", F_OK) != 0)
return log_tests_skipped("/etc/machine-id not found");
+ journal_auth_init();
+
return EXIT_SUCCESS;
}
struct iovec fsprg_seed;
};
-JournalAuthContext* journal_auth_free(JournalAuthContext *c) {
+static JournalAuthContext* journal_auth_free(JournalAuthContext *c) {
if (!c)
return NULL;
DEFINE_TRIVIAL_CLEANUP_FUNC(FSSHeader*, fssheader_free);
-int journal_auth_load(JournalAuthContext **ret) {
+static int journal_auth_load(JournalAuthContext **ret) {
int r;
assert(ret);
return 0;
}
-int journal_auth_load_key(JournalAuthContext **ret, const char *key) {
+static int journal_auth_load_key(JournalAuthContext **ret, const char *key) {
int r;
assert(ret);
return 0;
}
-int journal_auth_epoch_to_realtime_usec(const JournalAuthContext *c, uint64_t epoch, usec_t *ret_start, usec_t *ret_end) {
+static int journal_auth_epoch_to_realtime_usec(const JournalAuthContext *c, uint64_t epoch, usec_t *ret_start, usec_t *ret_end) {
assert(c);
assert(c->fss_start_usec > 0);
assert(c->fss_interval_usec > 0);
return 0;
}
-int journal_auth_next_evolve_usec(const JournalAuthContext *c, usec_t *ret) {
+static int journal_auth_next_evolve_usec(const JournalAuthContext *c, usec_t *ret) {
assert(c);
uint64_t epoch = FSPRG_GetEpoch(c->fsprg_state.iov_base);
return journal_auth_epoch_to_realtime_usec(c, epoch, /* ret_start= */ NULL, ret);
}
-int journal_auth_seek(JournalAuthContext *c, uint64_t goal) {
+static int journal_auth_seek(JournalAuthContext *c, uint64_t goal) {
int r;
assert(c);
return 0;
}
-int journal_auth_start(JournalAuthContext *c) {
+static int journal_auth_start(JournalAuthContext *c) {
int r;
assert(c);
return 0;
}
-int journal_auth_end(JournalAuthContext *c, uint8_t ret[static TAG_LENGTH]) {
+static int journal_auth_end(JournalAuthContext *c, uint8_t ret[static TAG_LENGTH]) {
assert(c);
assert(ret);
return 0;
}
-int journal_auth_put_header(JournalAuthContext *c, JournalFile *f) {
+static int journal_auth_put_header(JournalAuthContext *c, JournalFile *f) {
int r;
assert(c);
return 0;
}
-int journal_auth_put_object(JournalAuthContext *c, JournalFile *f, ObjectType type, Object *o, uint64_t p) {
+static int journal_auth_put_object(JournalAuthContext *c, JournalFile *f, ObjectType type, Object *o, uint64_t p) {
int r;
assert(c);
return 0;
}
-int journal_auth_append_tag(JournalAuthContext *c, JournalFile *f) {
+static int journal_auth_append_tag(JournalAuthContext *c, JournalFile *f) {
int r;
assert(c);
return journal_auth_end(c, o->tag.tag);
}
-int journal_auth_append_tag_first(JournalAuthContext *c, JournalFile *f) {
+static int journal_auth_append_tag_first(JournalAuthContext *c, JournalFile *f) {
uint64_t p;
int r;
return journal_auth_append_tag(c, f);
}
-int journal_auth_append_tag_maybe(JournalAuthContext *c, JournalFile *f, usec_t realtime) {
+static int journal_auth_append_tag_maybe(JournalAuthContext *c, JournalFile *f, usec_t realtime) {
int r;
assert(c);
}
}
+static const JournalAuthOps journal_auth_ops = {
+ .free = journal_auth_free,
+ .load = journal_auth_load,
+ .load_key = journal_auth_load_key,
+ .epoch_to_realtime_usec = journal_auth_epoch_to_realtime_usec,
+ .next_evolve_usec = journal_auth_next_evolve_usec,
+ .seek = journal_auth_seek,
+ .start = journal_auth_start,
+ .end = journal_auth_end,
+ .put_header = journal_auth_put_header,
+ .put_object = journal_auth_put_object,
+ .append_tag = journal_auth_append_tag,
+ .append_tag_first = journal_auth_append_tag_first,
+ .append_tag_maybe = journal_auth_append_tag_maybe,
+};
+
+void journal_auth_init(void) {
+ journal_auth_set_ops(&journal_auth_ops);
+}
+
+#else
+
+void journal_auth_init(void) {
+}
+
#endif /* HAVE_GCRYPT */
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+#include "journal-authenticate-internal.h" /* IWYU pragma: export */
+#include "shared-forward.h"
+
+void journal_auth_init(void);
'firewall-util.c',
'fork-notify.c',
'format-table.c',
+ 'fsprg.c',
'fstab-util.c',
+ 'gcrypt-util.c',
'generator.c',
'geneve-util.c',
'gnutls-util.c',
'ioprio-util.c',
'ip-protocol-list.c',
'ipvlan-util.c',
+ 'journal-authenticate.c',
'journal-file-util.c',
'journal-importer.c',
'journal-util.c',
projects / thirdparty / systemd.git / commitdiff
