Compare commits
14 Commits
25f9288e31
...
faf1bb8244
| Author | SHA1 | Date |
|---|---|---|
Lennart Poettering
|
faf1bb8244 | |
|
Lennart Poettering
|
fbcb630045 | |
|
Zbigniew Jędrzejewski-Szmek
|
cbfc32819a | |
|
Zbigniew Jędrzejewski-Szmek
|
321c911fc2 | |
|
Yu Watanabe
|
08de195825 | |
|
Lennart Poettering
|
09a6b4f34f | |
|
Lennart Poettering
|
e6376b6a41 | |
|
Lennart Poettering
|
9120aa820b | |
|
Lennart Poettering
|
9c5253ffec | |
|
Lennart Poettering
|
dca81e2851 | |
|
Lennart Poettering
|
8d46418e93 | |
|
Lennart Poettering
|
1798f5afe3 | |
|
Lennart Poettering
|
42e6680976 | |
|
Lennart Poettering
|
d9608d40bc |
|
|
@ -86,3 +86,11 @@ static inline bool ERRNO_IS_RESOURCE(int r) {
|
|||
ENFILE,
|
||||
ENOMEM);
|
||||
}
|
||||
|
||||
/* Three different errors for "operation/system call/ioctl not supported" */
|
||||
static inline bool ERRNO_IS_NOT_SUPPORTED(int r) {
|
||||
return IN_SET(abs(r),
|
||||
EOPNOTSUPP,
|
||||
ENOTTY,
|
||||
ENOSYS);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -228,7 +228,7 @@ static int parse_one_option(const char *option) {
|
|||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to parse %s: %m", option);
|
||||
|
||||
} else if (!streq(option, "none"))
|
||||
} else
|
||||
log_warning("Encountered unknown /etc/crypttab option '%s', ignoring.", option);
|
||||
|
||||
return 0;
|
||||
|
|
@ -253,10 +253,10 @@ static int parse_options(const char *options) {
|
|||
}
|
||||
|
||||
/* sanity-check options */
|
||||
if (arg_type != NULL && !streq(arg_type, CRYPT_PLAIN)) {
|
||||
if (arg_offset)
|
||||
if (arg_type && !streq(arg_type, CRYPT_PLAIN)) {
|
||||
if (arg_offset != 0)
|
||||
log_warning("offset= ignored with type %s", arg_type);
|
||||
if (arg_skip)
|
||||
if (arg_skip != 0)
|
||||
log_warning("skip= ignored with type %s", arg_type);
|
||||
}
|
||||
|
||||
|
|
@ -462,11 +462,13 @@ static int attach_tcrypt(
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int attach_luks_or_plain(struct crypt_device *cd,
|
||||
static int attach_luks_or_plain(
|
||||
struct crypt_device *cd,
|
||||
const char *name,
|
||||
const char *key_file,
|
||||
char **passwords,
|
||||
uint32_t flags) {
|
||||
|
||||
int r = 0;
|
||||
bool pass_volume_key = false;
|
||||
|
||||
|
|
@ -538,6 +540,7 @@ static int attach_luks_or_plain(struct crypt_device *cd,
|
|||
}
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to activate with key file '%s': %m", key_file);
|
||||
|
||||
} else {
|
||||
char **p;
|
||||
|
||||
|
|
@ -632,25 +635,21 @@ static int run(int argc, char *argv[]) {
|
|||
if (argc < 4)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "attach requires at least two arguments.");
|
||||
|
||||
if (argc >= 5 &&
|
||||
argv[4][0] &&
|
||||
!streq(argv[4], "-") &&
|
||||
!streq(argv[4], "none")) {
|
||||
|
||||
if (!path_is_absolute(argv[4]))
|
||||
log_warning("Password file path '%s' is not absolute. Ignoring.", argv[4]);
|
||||
else
|
||||
if (argc >= 5 && !STR_IN_SET(argv[4], "", "-", "none")) {
|
||||
if (path_is_absolute(argv[4]))
|
||||
key_file = argv[4];
|
||||
else
|
||||
log_warning("Password file path '%s' is not absolute. Ignoring.", argv[4]);
|
||||
}
|
||||
|
||||
if (argc >= 6 && argv[5][0] && !streq(argv[5], "-")) {
|
||||
if (argc >= 6 && !STR_IN_SET(argv[5], "", "-", "none")) {
|
||||
r = parse_options(argv[5]);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
/* A delicious drop of snake oil */
|
||||
mlockall(MCL_FUTURE);
|
||||
(void) mlockall(MCL_FUTURE);
|
||||
|
||||
if (arg_header) {
|
||||
log_debug("LUKS header: %s", arg_header);
|
||||
|
|
@ -723,11 +722,7 @@ static int run(int argc, char *argv[]) {
|
|||
if (streq_ptr(arg_type, CRYPT_TCRYPT))
|
||||
r = attach_tcrypt(cd, argv[2], key_file, passwords, flags);
|
||||
else
|
||||
r = attach_luks_or_plain(cd,
|
||||
argv[2],
|
||||
key_file,
|
||||
passwords,
|
||||
flags);
|
||||
r = attach_luks_or_plain(cd, argv[2], key_file, passwords, flags);
|
||||
if (r >= 0)
|
||||
break;
|
||||
if (r != -EAGAIN)
|
||||
|
|
|
|||
|
|
@ -36,6 +36,8 @@
|
|||
#include "strv.h"
|
||||
#include "terminal-util.h"
|
||||
|
||||
#define LOGIN_SLOW_BUS_CALL_TIMEOUT_USEC (2*USEC_PER_MINUTE)
|
||||
|
||||
static int parse_argv(
|
||||
pam_handle_t *handle,
|
||||
int argc, const char **argv,
|
||||
|
|
@ -50,28 +52,30 @@ static int parse_argv(
|
|||
assert(argc == 0 || argv);
|
||||
|
||||
for (i = 0; i < (unsigned) argc; i++) {
|
||||
if (startswith(argv[i], "class=")) {
|
||||
const char *p;
|
||||
|
||||
if ((p = startswith(argv[i], "class="))) {
|
||||
if (class)
|
||||
*class = argv[i] + 6;
|
||||
*class = p;
|
||||
|
||||
} else if (startswith(argv[i], "type=")) {
|
||||
} else if ((p = startswith(argv[i], "type="))) {
|
||||
if (type)
|
||||
*type = argv[i] + 5;
|
||||
*type = p;
|
||||
|
||||
} else if (startswith(argv[i], "desktop=")) {
|
||||
} else if ((p = startswith(argv[i], "desktop="))) {
|
||||
if (desktop)
|
||||
*desktop = argv[i] + 8;
|
||||
*desktop = p;
|
||||
|
||||
} else if (streq(argv[i], "debug")) {
|
||||
if (debug)
|
||||
*debug = true;
|
||||
|
||||
} else if (startswith(argv[i], "debug=")) {
|
||||
} else if ((p = startswith(argv[i], "debug="))) {
|
||||
int k;
|
||||
|
||||
k = parse_boolean(argv[i] + 6);
|
||||
k = parse_boolean(p);
|
||||
if (k < 0)
|
||||
pam_syslog(handle, LOG_WARNING, "Failed to parse debug= argument, ignoring.");
|
||||
pam_syslog(handle, LOG_WARNING, "Failed to parse debug= argument, ignoring: %s", p);
|
||||
else if (debug)
|
||||
*debug = k;
|
||||
|
||||
|
|
@ -97,7 +101,7 @@ static int get_user_data(
|
|||
|
||||
r = pam_get_user(handle, &username, NULL);
|
||||
if (r != PAM_SUCCESS) {
|
||||
pam_syslog(handle, LOG_ERR, "Failed to get user name.");
|
||||
pam_syslog(handle, LOG_ERR, "Failed to get user name: %s", pam_strerror(handle, r));
|
||||
return r;
|
||||
}
|
||||
|
||||
|
|
@ -383,7 +387,7 @@ static int update_environment(pam_handle_t *handle, const char *key, const char
|
|||
|
||||
r = pam_misc_setenv(handle, key, value, 0);
|
||||
if (r != PAM_SUCCESS)
|
||||
pam_syslog(handle, LOG_ERR, "Failed to set environment variable %s.", key);
|
||||
pam_syslog(handle, LOG_ERR, "Failed to set environment variable %s: %s", key, pam_strerror(handle, r));
|
||||
|
||||
return r;
|
||||
}
|
||||
|
|
@ -391,6 +395,7 @@ static int update_environment(pam_handle_t *handle, const char *key, const char
|
|||
static bool validate_runtime_directory(pam_handle_t *handle, const char *path, uid_t uid) {
|
||||
struct stat st;
|
||||
|
||||
assert(handle);
|
||||
assert(path);
|
||||
|
||||
/* Just some extra paranoia: let's not set $XDG_RUNTIME_DIR if the directory we'd set it to isn't actually set
|
||||
|
|
@ -459,10 +464,8 @@ _public_ PAM_EXTERN int pam_sm_open_session(
|
|||
pam_syslog(handle, LOG_DEBUG, "pam-systemd initializing");
|
||||
|
||||
r = get_user_data(handle, &username, &pw);
|
||||
if (r != PAM_SUCCESS) {
|
||||
pam_syslog(handle, LOG_ERR, "Failed to get user data.");
|
||||
if (r != PAM_SUCCESS)
|
||||
return r;
|
||||
}
|
||||
|
||||
/* Make sure we don't enter a loop by talking to
|
||||
* systemd-logind when it is actually waiting for the
|
||||
|
|
@ -470,7 +473,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
|
|||
* "systemd-user" we simply set XDG_RUNTIME_DIR and
|
||||
* leave. */
|
||||
|
||||
pam_get_item(handle, PAM_SERVICE, (const void**) &service);
|
||||
(void) pam_get_item(handle, PAM_SERVICE, (const void**) &service);
|
||||
if (streq_ptr(service, "systemd-user")) {
|
||||
char rt[STRLEN("/run/user/") + DECIMAL_STR_MAX(uid_t)];
|
||||
|
||||
|
|
@ -478,7 +481,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
|
|||
if (validate_runtime_directory(handle, rt, pw->pw_uid)) {
|
||||
r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", rt, 0);
|
||||
if (r != PAM_SUCCESS) {
|
||||
pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
|
||||
pam_syslog(handle, LOG_ERR, "Failed to set runtime dir: %s", pam_strerror(handle, r));
|
||||
return r;
|
||||
}
|
||||
}
|
||||
|
|
@ -492,10 +495,10 @@ _public_ PAM_EXTERN int pam_sm_open_session(
|
|||
|
||||
/* Otherwise, we ask logind to create a session for us */
|
||||
|
||||
pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
|
||||
pam_get_item(handle, PAM_TTY, (const void**) &tty);
|
||||
pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
|
||||
pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);
|
||||
(void) pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
|
||||
(void) pam_get_item(handle, PAM_TTY, (const void**) &tty);
|
||||
(void) pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
|
||||
(void) pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);
|
||||
|
||||
seat = getenv_harder(handle, "XDG_SEAT", NULL);
|
||||
cvtnr = getenv_harder(handle, "XDG_VTNR", NULL);
|
||||
|
|
@ -652,7 +655,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
|
|||
return PAM_SYSTEM_ERR;
|
||||
}
|
||||
|
||||
r = sd_bus_call(bus, m, 0, &error, &reply);
|
||||
r = sd_bus_call(bus, m, LOGIN_SLOW_BUS_CALL_TIMEOUT_USEC, &error, &reply);
|
||||
if (r < 0) {
|
||||
if (sd_bus_error_has_name(&error, BUS_ERROR_SESSION_BUSY)) {
|
||||
if (debug)
|
||||
|
|
@ -660,7 +663,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
|
|||
return PAM_SUCCESS;
|
||||
} else {
|
||||
pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error, r));
|
||||
return PAM_SYSTEM_ERR;
|
||||
return PAM_SESSION_ERR;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -737,7 +740,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
|
|||
|
||||
r = pam_set_data(handle, "systemd.existing", INT_TO_PTR(!!existing), NULL);
|
||||
if (r != PAM_SUCCESS) {
|
||||
pam_syslog(handle, LOG_ERR, "Failed to install existing flag.");
|
||||
pam_syslog(handle, LOG_ERR, "Failed to install existing flag: %s", pam_strerror(handle, r));
|
||||
return r;
|
||||
}
|
||||
|
||||
|
|
@ -750,7 +753,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
|
|||
|
||||
r = pam_set_data(handle, "systemd.session-fd", FD_TO_PTR(session_fd), NULL);
|
||||
if (r != PAM_SUCCESS) {
|
||||
pam_syslog(handle, LOG_ERR, "Failed to install session fd.");
|
||||
pam_syslog(handle, LOG_ERR, "Failed to install session fd: %s", pam_strerror(handle, r));
|
||||
safe_close(session_fd);
|
||||
return r;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -168,7 +168,12 @@ static int ask_password_keyring(const char *keyname, AskPasswordFlags flags, cha
|
|||
return -EUNATCH;
|
||||
|
||||
r = lookup_key(keyname, &serial);
|
||||
if (r == -ENOSYS) /* when retrieving the distinction doesn't matter */
|
||||
if (ERRNO_IS_NOT_SUPPORTED(r) || r == -EPERM) /* when retrieving the distinction between "kernel or
|
||||
* container manager don't support or allow this" and
|
||||
* "no matching key known" doesn't matter. Note that we
|
||||
* propagate EACCESS here (even if EPERM not) since
|
||||
* that is used if the keyring is available but we lack
|
||||
* access to the key. */
|
||||
return -ENOKEY;
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
|
|
|||
|
|
@ -1014,7 +1014,9 @@ void udev_event_execute_run(UdevEvent *event, usec_t timeout_usec) {
|
|||
|
||||
log_device_debug(event->dev, "Running command \"%s\"", command);
|
||||
r = udev_event_spawn(event, timeout_usec, false, command, NULL, 0);
|
||||
if (r > 0) /* returned value is positive when program fails */
|
||||
if (r < 0)
|
||||
log_device_warning_errno(event->dev, r, "Failed to execute '%s', ignoring: %m", command);
|
||||
else if (r > 0) /* returned value is positive when program fails */
|
||||
log_device_debug(event->dev, "Command \"%s\" returned %d (error), ignoring.", command, r);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1665,10 +1665,13 @@ static int udev_rule_apply_token_to_event(
|
|||
log_rule_debug(dev, rules, "Running PROGRAM '%s'", buf);
|
||||
|
||||
r = udev_event_spawn(event, timeout_usec, true, buf, result, sizeof(result));
|
||||
if (r != 0) {
|
||||
if (r < 0)
|
||||
return log_rule_error_errno(dev, rules, r, "Failed to execute '%s': %m", buf);
|
||||
if (r > 0)
|
||||
log_rule_warning_errno(dev, rules, r, "Failed to execute '%s', ignoring: %m", buf);
|
||||
else /* returned value is positive when program fails */
|
||||
log_rule_debug(dev, rules, "Command \"%s\" returned %d (error), ignoring", buf, r);
|
||||
return token->op == OP_NOMATCH;
|
||||
}
|
||||
|
||||
delete_trailing_chars(result, "\n");
|
||||
count = util_replace_chars(result, UDEV_ALLOWED_CHARS_INPUT);
|
||||
|
|
@ -1732,9 +1735,10 @@ static int udev_rule_apply_token_to_event(
|
|||
log_rule_debug(dev, rules, "Importing properties from results of '%s'", buf);
|
||||
|
||||
r = udev_event_spawn(event, timeout_usec, true, buf, result, sizeof result);
|
||||
if (r != 0) {
|
||||
if (r < 0)
|
||||
return log_rule_error_errno(dev, rules, r, "Failed to execute '%s': %m", buf);
|
||||
if (r > 0) {
|
||||
log_rule_warning_errno(dev, rules, r, "Failed to execute '%s', ignoring: %m", buf);
|
||||
else /* returned value is positive when program fails */
|
||||
log_rule_debug(dev, rules, "Command \"%s\" returned %d (error), ignoring", buf, r);
|
||||
return token->op == OP_NOMATCH;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue