FIDO2: ask and record whether user verification was used to lock the volume
Some tokens support authorization via fingerprint or other biometric
ID. Add support for "user verification" to cryptenroll and cryptsetup.
Disable by default, as it is still quite uncommon.
FIDO2: ask and record whether user presence was used to lock the volume
In some cases user presence might not be required to get _a_
secret out of a FIDO2 device, but it might be required to
the get actual secret that was used to lock the volume.
Record whether we used it in the LUKS header JSON metadata.
Let the cryptenroll user ask for the feature, but bail out if it is
required by the token and the user disabled it.
Enabled by default.
Closes: https://github.com/systemd/systemd/issues/19246
Some FIDO2 devices allow the user to choose whether to use a PIN or not
and will HMAC with a different secret depending on the choice.
Some other devices (or some device-specific configuration) can instead
make it mandatory.
Allow the cryptenroll user to choose whether to use a PIN or not, but
fail immediately if it is a hard requirement.
Record the choice in the JSON-encoded LUKS header metadata so that the
right set of options can be used on unlock.
cryptsetup: add 'headless' parameter to skip password/pin query
On headless setups, in case other methods fail, asking for a password/pin
is not useful as there are no users on the terminal, and generates
unwanted noise. Add a parameter to /etc/crypttab to skip it.
Yu Watanabe [Fri, 7 May 2021 19:13:12 +0000 (04:13 +0900)]
string-util: fix build error on aarch64
This fixes the following error:
```
In file included from ../src/basic/af-list.h:6,
from ../src/basic/af-list.c:7:
../src/basic/string-util.h: In function 'char_is_cc':
../src/basic/string-util.h:133:19: error: comparison is always true due to limited range of data type [-Werror=type-limits]
133 | return (p >= 0 && p < ' ') || p == 127;
| ^~
cc1: all warnings being treated as errors
```
userdbd: reverse which path is a socket and which a symlink
userdbd listens on "two" sockets, that are actually the same: one is a
real AF_UNIX socket in the fs, and the other is a symlink to it.
So far, when userdbd was started from the command line it would make one
a symlink and the other a real socket, but when invoked via unit files
they'd be swapped, i.e. the other would be a symlink and the one a real
socket.
Let's bring this in line.
Since the "io.systemd.Multiplexer" is our main interface, let's make it
the one exposed as socket, and then make "io.systemd.NameServiceSwitch"
a symlink to it. Or in other words, let's adjust the C code to match the
unit file.
When we are queried for membership lists on a system that has exactly
zero, then we'll return ESRCH immediately instead of at EOF. Which is
OK, but we need to handle this in various places, and not get confused
by it.
user-util: add generic definition for special password hash values in /etc/passwd + /etc/shadow
Let's add three defines for the 3 special cases of passwords.
Some of our tools used different values for the "locked"/"invalid" case,
let's settle on using "!*" which means the password is both locked *and*
invalid.
Other tools like to use "!!" for this case, which however is less than
ideal I think, since the this could also be a considered an entry with
an empty password, that can be enabled again by unlocking it twice.
howl [Tue, 4 May 2021 09:20:23 +0000 (11:20 +0200)]
Unify pn81H3 and cvrLenovoideapadD330-10IGM
D330-10IGM has been added due the fact that 81H3 and 81MD product name belongs to the same product version. So the fact is that now that we know 81MD has the same transformation matrix that the 81H3 we can just use the product version and get rid the product name.
Signed-off-by: David Santamaría Rogado <howl.nsp@gmail.com>
If ":" was the last char in the string, we would call access() on ".../drivers/", which
would pass. It probably doesn't matter, but let's reject this anyway.
Not only we would duplicate unknown input on the stack, we would do it
over and over. So let's first check that the input has reasonable length,
but also allocate just one fixed size buffer.
The ID_FFADO environment variable comes from external FFADO project.
Now we have comprehensive and self-contained rules instead of it.
Let's remove it.
hwdb: ieee1394-unit-function: add entry for AV/C device with vendor unique command set
In IEC 61883-1:1998, we can see some values for AV/C device with vendor
unique command set in IEC 61883-1:1998. Current udev rule handles it
for video. However it brings an issue that the functions in AV/C device
are not distinguished just by the content of configuration ROM.
In former commit, hardware database was added to describe function type
of unit in the node, then udev rules are added to utilize the database.
However, we have an request to obsolete existent udev rules by putting
enough entries to the database. It should be done carefully.
This commit adds entry into hardware database just for backward
compatibility. The entry can match to some node and unit unexpectedly.
Therefore this commit modifies existent entries to invalidate the effect
from added entry.
hwdb: ieee1394-unit-function: add entry for AV/C device with generic AV/C command set
Typical node of AV/C device has standard content of configuration ROM.
This is defined in documentation of 1394 Trading Association.
* Configuration ROM for AV/C Devices 1.0 (Dec. 12, 2000, 1394 Trading
Association, TA Document 1999027)
However, it brings an issue that the functions in AV/C device are not
distinguished just by the content of configuration ROM.
In former commit, hardware database was added to describe function type
of unit in the node, then udev rules are added to utilize the database.
However, we have an request to obsolete existent udev rules by putting
enough entries to the database. It should be done carefully.
This commit adds entry into hardware database just for backward
compatibility. The entry can match to some node and unit unexpectedly.
Therefore this commit modifies existent entries to invalidate the effect
from added entry.
hwdb: ieee1394-unit-function: remove entry for Cool Stream iSweet
IIDC specification describes configuration ROM without model field, thus
it's not possible to match any entry with vendor ID and model ID.
Current entry for Cool Stream iSweet can match any node and unit of
IIDC.
This commit removes the entry. I note that this model uses Texus
Instruments MC680-DCC as all-in-one chipset for video function in
IEEE 1394 bus.
hwdb: ieee1394-unit-function: add entries for Point Grey cameras
Point Grey Research, inc. shipped cameras to support IIDC, however some
of them are necessarily compliant to IIDC specification in terms of the
value of software version field in unit directory of configuration ROM.
Instrumentation & Industrial Digital Camera (IIDC) specifications are
defined by 1394 Trading Association for camera device in IEEE 1394 bus.
IIDC2 specifications are defined by joint working group between Japan
Industrial Imaging Association (JIIA) and 1394 Trade Association as
bus-independent specification.
This commit adds entries for the specifications to remove existent udev
rules. Supported specifications are listed below:
* 1394-based Digital Camera Specification Version 1.04 (Aug. 9, 1996,
1394 Trading Association)
* 1394-based Digital Camera Specification Version 1.20 (Jul. 23, 1998,
1394 Trading Association)
* IIDC Digital Camera Control Specification Ver.1.30 (Jul. 25, 2000,
1394 Trading Association)
* IIDC Digital Camera Control Specification Ver.1.31 (Feb. 2, 2004,
1394 Trading Association, TA Document 2003017)
* IIDC Digital Camera Control Specification Ver.1.32 (Jul. 24, 2008,
1394 Trading Association, Document number 2007009)
* IIDC2 Digital Camera Control Specification Ver.1.0.0 (Jan 26th, 2012,
1394 Trading Association, TS2011001)
* IIDC2 Digital Camera Control Specification Ver.1.1.0 (May 19th, 2015,
1394 Trading Association, TS2015001)
hwdb: ieee1394-unit-function: add entries for Digital Everywhere FloppyDTV and FireDTV
Linux kernel has firedtv kernel module as driver for Digital Everywhere
FloppyDTV and FireDTV. Although this driver works without any help of
userspace application, it's better to add entries to hardware database
for developer's convenience.
Zbigniew Jędrzejewski-Szmek points that current entries are against the
convention of indentation. It should be indented by one space instead of
two.
This commit fixes current entries according to it.
Reported-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> Fixes: 1b6d9a05b14a ("hwdb: add database entries for models with ASICs in BeBoB solution") Fixes: 0db0564e957f ("hwdb: add database entries for models with Fireworks board module") Fixes: 38338b302cb0 ("hwdb: add database entries for models with OXFW970/971 ASICs") Fixes: c0d8b61f9385 ("hwdb: add database entries for models based on DICE ASICs with TCAT specification") Fixes: a774b5099bce ("hwdb: add database entries for models based on DICE ASICs specialized to M-Audio") Fixes: ff1cb7b9393a ("hwdb: add database entries for models based on DICE ASICs specialized to Weiss Engineering") Fixes: 6f44dddbe20a ("hwdb: add database entries for models based on DICE ASICs specialized by Loud Technologies") Fixes: 49ed0aad525b ("hwdb: add database entries for models based on DICE ASICs specialized by Harman Music Group") Fixes: effbb4024b8b ("hwdb: add database entries for models based on DICE ASICs specialized by Solid State Logic") Fixes: 4aaa093b5fb6 ("hwdb: add database entries for models of Digidesign Digi 00x family") Fixes: c489e7f9d3c4 ("hwdb: add database entries for Tascam FireWire series") Fixes: 650b8967a57b ("hwdb: add database entries for MOTU FireWire series") Fixes: 51e9242b9b91 ("hwdb: add database entries for RME Fireface series") Fixes: a90a6a9ae9f8 ("hwdb: add database entries for Yamaha mLAN 2nd generation") Fixes: 41f2d0d393a4 ("hwdb: add database entries for Yamaha mLAN 3rd generation") Fixes: 1d2ee962922f ("hwdb: add database entries for Focusrite Liquid Mix series") Fixes: 0c20543835d6 ("hwdb: add database entries for TC Electronic PowerCore FireWire series") Fixes: 8b4b76dc5021 ("hwdb: add database entry for node with single unit with video function") Fixes: 12dd2404bee8 ("hwdb: add database entries for node with multiple units") Fixes: dece0357e1c8 ("hwdb: add database entries for node with single unit for multiple functions") Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
hwdb: fix parser to execute test for ieee1394-unit-function with no argument
When given no arguments, hwdb parser script seeks test target files by
glob pattern. Although I added a new file for IEEE 1394 unit functions,
the file is excluded as test target due to the pattern.
This commit fixes it.
Fixes: 7713f3fc6a2 ("hwdb: add parser grammar for IEEE 1394 unit function list") Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
The function returns non-negative UnitNameFlags on success, and negative
errno on error. In the past we kept the return type as int because of those
negative return values. But nowadays _UNIT_NAME_INVALID == -EINVAL. And if
we tried to actually return something that doesn't fit in the return type,
the compiler would throw an error. By changing to the "real" return type,
we allow the debugger to use symbolic representation for the variables.
I think quoting is more useful than not quoting. Without, arguments with
whitespace cannot be split correctly.
Unlike in coredump, "normal" quoting is used in those two cases. This output is
mostly for informational purposes, so the more readable quoting seems apropriate.
Before we wouldn't use any quoting, making it impossible to figure how the
command line was split into arguments. We could use "normal" quotes, but this
has the disadvantage that the commandline *looks* like it could be pasted into
the terminal and executed, but this is not true: various non-printable
characters cannot be expressed in this quoting style. (This is not visible in
this example). Thus, "POSIX quotes" are used, which should allow any command
line to be expressed acurrately and pasted directly into a shell prompt to
reexecute.
I wonder if we should another field in the coredump entry that simply shows the
original cmdline with embedded NULs, in the original /proc/*/cmdline
format. This would allow clients to format the data as they see fit. But I
think we'd want to keep the serialized form anyway, for backwards compatibility.
basic/process-util: add mode where posix shell escape is used for quoting
The new flag is not used, except in tests, so no functional change yet.
This way, the command as shown can be copied-and-pasted into the shell
in more cases. For simple cases, shell quoting with "" is enough. But
$'' is needed when there are control characters in the command.
Significant time was spent in the getpid() measurement code, which is not very
important. So let's optimize this a bit by running the slower version less
times, and only running both tests a lesser amount of times unless slow tests
are enabled.
This gives the better accuracy then before in slow mode, and still reasonable
accuracy in fast mode without a noticable slowdown.
test-process-util: add more debug logging but hide most of it by default
It makes little sense to always print the stuff that is fully deterministic
and verified by asserts. It can be opted-in with $SYSTEMD_LOG_LEVEL when
developing the tests or debugging a failure.
Since the new functionality is controlled by an option, this causes no change
in output yet, except tests.
The login in the old branch of !(flags & PROCESS_CMDLINE_QUOTE) is essentially
unmodified. But there is an important difference in behaviour: instead of
unconditionally reading the whole virtual file, we now read only 'max_columns'
bytes. This makes out code to write process lists quite a bit more efficient
when there are processes with long command lines.
basic/escape: allow truncation mode where "…" is always appended
So far we would append "…" or "..." when the string was wider than the specified
output width. But let's add a mode where the caller knows that the string being
passed is already truncated.
The condition for jumping back in utf8_escape_non_printable_full() was
off-by-one. But we only jumped to that label after doing a check with a
stronger condition, so I think it didn't matter. Now it matters because we'd
output the forced ellipsis one column too early.
basic/escape: escape control characters, but not utf-8, in shell quoting
The comment in the code said that so far this didn't matter, but I want to use
shell quoting in more places where this will make a difference. So control
characters are now escaped. Normal utf-8 characters are passed through, it
is 2021 after all and pretty much everyone is (or should be) using utf-8.
While touching the code, change 'char *r' → 'char *buf', in line with modern
style.
basic/escape: always escape newlines in shell_escape()
shell_escape() is mostly used for mount paths and similar, where we assume
no newlines are present in the string. But if any were ever present, we
should escape them. So let's simplify the code by making this unconditional.
"systemd-testsuite" gets in the way when grepping for "testsuite-*.sh".
Also, the name doesn't matter for anything, so let's just use something
very short to save space.
meson: don't fail if latest tag's commit is signed
Today this is v248 with 938bdfc0fa737d86eb3ecc70506e11e5f740e0dc, which,
if you don't know about the github webflow key fails to configure with
meson.build:724:8: ERROR: String "gpg: Signature made Tue 30 Mar 2021 22:59:02 CEST\ngpg: using RSA key 4AEE18F83AFDEB23\ngpg: Can't check signature: No public key\n1617137942\n" cannot be converted to int
or, if you do, with
meson.build:724:8: ERROR: String 'gpg: Signature made Tue 30 Mar 2021 22:59:02 CEST\ngpg: using RSA key 4AEE18F83AFDEB23\ngpg: Good signature from "GitHub (web-flow commit signing) <noreply@github.com>" [unknown]\ngpg: WARNING: This key is not certified with a trusted signature!\ngpg: There is no indication that the signature belongs to the owner.\nPrimary key fingerprint: 5DE3 E050 9C47 EA3C F04A 42D3 4AEE 18F8 3AFD EB23\n1617137942\n' cannot be converted to int
basic/unit-file: fix detection of instance aliases
We had the following scenario:
under /etc/systemd/system/
- foo@.service
- bar@tty12.service → foo@tty12.service
- multi-user.target.wants/foo@tty12.service
Existing code did not "know" that foo@tty12.service has alias bar@tty12.service:
$ systemctl show -P Names foo@tty12.service
foo@tty12.service
Since multi-user.target is always loaded, we would load foo@tty12.service.
When trying to load bar@tty12.service, it would (correctly) detect that
bar@tty12.service is an alias for foo@tty12.service, and try to merge the
bar@tty12.service unit into the foo@tty12.service. This would fail, because
foo@tty12.service was already loaded, and only about-to-be-loaded units can
be merged.
With the patch we consider bar@tty12.service an alias of foo@tty12.service
immediately, so the issue does not occur:
$ systemctl show -P Names foo@tty12.service
foo@tty12.service bar@tty12.service
Fixes #19409.
This turned in a bigger rewrite. The logic add "the main name and all aliases"
was implemented twice, slightly different in both cases. I split that part out
to a new function. The result about the same length, but hopefully a bit easier
to read.
Logging output is also improved a bit. Some left-over debug logs have been
removed or cleaned up.
This is a fairly big change, but (with the addition in the following commit),
we have pretty good coverage of this logic.
projects / thirdparty / systemd.git / log
