Compare commits
14 Commits
25f9288e31
...
faf1bb8244
Author | SHA1 | Date |
---|---|---|
Lennart Poettering | faf1bb8244 | |
Lennart Poettering | fbcb630045 | |
Zbigniew Jędrzejewski-Szmek | cbfc32819a | |
Zbigniew Jędrzejewski-Szmek | 321c911fc2 | |
Yu Watanabe | 08de195825 | |
Lennart Poettering | 09a6b4f34f | |
Lennart Poettering | e6376b6a41 | |
Lennart Poettering | 9120aa820b | |
Lennart Poettering | 9c5253ffec | |
Lennart Poettering | dca81e2851 | |
Lennart Poettering | 8d46418e93 | |
Lennart Poettering | 1798f5afe3 | |
Lennart Poettering | 42e6680976 | |
Lennart Poettering | d9608d40bc |
|
@ -86,3 +86,11 @@ static inline bool ERRNO_IS_RESOURCE(int r) {
|
||||||
ENFILE,
|
ENFILE,
|
||||||
ENOMEM);
|
ENOMEM);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Three different errors for "operation/system call/ioctl not supported" */
|
||||||
|
static inline bool ERRNO_IS_NOT_SUPPORTED(int r) {
|
||||||
|
return IN_SET(abs(r),
|
||||||
|
EOPNOTSUPP,
|
||||||
|
ENOTTY,
|
||||||
|
ENOSYS);
|
||||||
|
}
|
||||||
|
|
|
@ -228,7 +228,7 @@ static int parse_one_option(const char *option) {
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to parse %s: %m", option);
|
return log_error_errno(r, "Failed to parse %s: %m", option);
|
||||||
|
|
||||||
} else if (!streq(option, "none"))
|
} else
|
||||||
log_warning("Encountered unknown /etc/crypttab option '%s', ignoring.", option);
|
log_warning("Encountered unknown /etc/crypttab option '%s', ignoring.", option);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -253,10 +253,10 @@ static int parse_options(const char *options) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/* sanity-check options */
|
/* sanity-check options */
|
||||||
if (arg_type != NULL && !streq(arg_type, CRYPT_PLAIN)) {
|
if (arg_type && !streq(arg_type, CRYPT_PLAIN)) {
|
||||||
if (arg_offset)
|
if (arg_offset != 0)
|
||||||
log_warning("offset= ignored with type %s", arg_type);
|
log_warning("offset= ignored with type %s", arg_type);
|
||||||
if (arg_skip)
|
if (arg_skip != 0)
|
||||||
log_warning("skip= ignored with type %s", arg_type);
|
log_warning("skip= ignored with type %s", arg_type);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -462,11 +462,13 @@ static int attach_tcrypt(
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int attach_luks_or_plain(struct crypt_device *cd,
|
static int attach_luks_or_plain(
|
||||||
const char *name,
|
struct crypt_device *cd,
|
||||||
const char *key_file,
|
const char *name,
|
||||||
char **passwords,
|
const char *key_file,
|
||||||
uint32_t flags) {
|
char **passwords,
|
||||||
|
uint32_t flags) {
|
||||||
|
|
||||||
int r = 0;
|
int r = 0;
|
||||||
bool pass_volume_key = false;
|
bool pass_volume_key = false;
|
||||||
|
|
||||||
|
@ -538,6 +540,7 @@ static int attach_luks_or_plain(struct crypt_device *cd,
|
||||||
}
|
}
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to activate with key file '%s': %m", key_file);
|
return log_error_errno(r, "Failed to activate with key file '%s': %m", key_file);
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
char **p;
|
char **p;
|
||||||
|
|
||||||
|
@ -632,25 +635,21 @@ static int run(int argc, char *argv[]) {
|
||||||
if (argc < 4)
|
if (argc < 4)
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "attach requires at least two arguments.");
|
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "attach requires at least two arguments.");
|
||||||
|
|
||||||
if (argc >= 5 &&
|
if (argc >= 5 && !STR_IN_SET(argv[4], "", "-", "none")) {
|
||||||
argv[4][0] &&
|
if (path_is_absolute(argv[4]))
|
||||||
!streq(argv[4], "-") &&
|
|
||||||
!streq(argv[4], "none")) {
|
|
||||||
|
|
||||||
if (!path_is_absolute(argv[4]))
|
|
||||||
log_warning("Password file path '%s' is not absolute. Ignoring.", argv[4]);
|
|
||||||
else
|
|
||||||
key_file = argv[4];
|
key_file = argv[4];
|
||||||
|
else
|
||||||
|
log_warning("Password file path '%s' is not absolute. Ignoring.", argv[4]);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (argc >= 6 && argv[5][0] && !streq(argv[5], "-")) {
|
if (argc >= 6 && !STR_IN_SET(argv[5], "", "-", "none")) {
|
||||||
r = parse_options(argv[5]);
|
r = parse_options(argv[5]);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* A delicious drop of snake oil */
|
/* A delicious drop of snake oil */
|
||||||
mlockall(MCL_FUTURE);
|
(void) mlockall(MCL_FUTURE);
|
||||||
|
|
||||||
if (arg_header) {
|
if (arg_header) {
|
||||||
log_debug("LUKS header: %s", arg_header);
|
log_debug("LUKS header: %s", arg_header);
|
||||||
|
@ -723,11 +722,7 @@ static int run(int argc, char *argv[]) {
|
||||||
if (streq_ptr(arg_type, CRYPT_TCRYPT))
|
if (streq_ptr(arg_type, CRYPT_TCRYPT))
|
||||||
r = attach_tcrypt(cd, argv[2], key_file, passwords, flags);
|
r = attach_tcrypt(cd, argv[2], key_file, passwords, flags);
|
||||||
else
|
else
|
||||||
r = attach_luks_or_plain(cd,
|
r = attach_luks_or_plain(cd, argv[2], key_file, passwords, flags);
|
||||||
argv[2],
|
|
||||||
key_file,
|
|
||||||
passwords,
|
|
||||||
flags);
|
|
||||||
if (r >= 0)
|
if (r >= 0)
|
||||||
break;
|
break;
|
||||||
if (r != -EAGAIN)
|
if (r != -EAGAIN)
|
||||||
|
|
|
@ -36,6 +36,8 @@
|
||||||
#include "strv.h"
|
#include "strv.h"
|
||||||
#include "terminal-util.h"
|
#include "terminal-util.h"
|
||||||
|
|
||||||
|
#define LOGIN_SLOW_BUS_CALL_TIMEOUT_USEC (2*USEC_PER_MINUTE)
|
||||||
|
|
||||||
static int parse_argv(
|
static int parse_argv(
|
||||||
pam_handle_t *handle,
|
pam_handle_t *handle,
|
||||||
int argc, const char **argv,
|
int argc, const char **argv,
|
||||||
|
@ -50,28 +52,30 @@ static int parse_argv(
|
||||||
assert(argc == 0 || argv);
|
assert(argc == 0 || argv);
|
||||||
|
|
||||||
for (i = 0; i < (unsigned) argc; i++) {
|
for (i = 0; i < (unsigned) argc; i++) {
|
||||||
if (startswith(argv[i], "class=")) {
|
const char *p;
|
||||||
|
|
||||||
|
if ((p = startswith(argv[i], "class="))) {
|
||||||
if (class)
|
if (class)
|
||||||
*class = argv[i] + 6;
|
*class = p;
|
||||||
|
|
||||||
} else if (startswith(argv[i], "type=")) {
|
} else if ((p = startswith(argv[i], "type="))) {
|
||||||
if (type)
|
if (type)
|
||||||
*type = argv[i] + 5;
|
*type = p;
|
||||||
|
|
||||||
} else if (startswith(argv[i], "desktop=")) {
|
} else if ((p = startswith(argv[i], "desktop="))) {
|
||||||
if (desktop)
|
if (desktop)
|
||||||
*desktop = argv[i] + 8;
|
*desktop = p;
|
||||||
|
|
||||||
} else if (streq(argv[i], "debug")) {
|
} else if (streq(argv[i], "debug")) {
|
||||||
if (debug)
|
if (debug)
|
||||||
*debug = true;
|
*debug = true;
|
||||||
|
|
||||||
} else if (startswith(argv[i], "debug=")) {
|
} else if ((p = startswith(argv[i], "debug="))) {
|
||||||
int k;
|
int k;
|
||||||
|
|
||||||
k = parse_boolean(argv[i] + 6);
|
k = parse_boolean(p);
|
||||||
if (k < 0)
|
if (k < 0)
|
||||||
pam_syslog(handle, LOG_WARNING, "Failed to parse debug= argument, ignoring.");
|
pam_syslog(handle, LOG_WARNING, "Failed to parse debug= argument, ignoring: %s", p);
|
||||||
else if (debug)
|
else if (debug)
|
||||||
*debug = k;
|
*debug = k;
|
||||||
|
|
||||||
|
@ -97,7 +101,7 @@ static int get_user_data(
|
||||||
|
|
||||||
r = pam_get_user(handle, &username, NULL);
|
r = pam_get_user(handle, &username, NULL);
|
||||||
if (r != PAM_SUCCESS) {
|
if (r != PAM_SUCCESS) {
|
||||||
pam_syslog(handle, LOG_ERR, "Failed to get user name.");
|
pam_syslog(handle, LOG_ERR, "Failed to get user name: %s", pam_strerror(handle, r));
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -383,7 +387,7 @@ static int update_environment(pam_handle_t *handle, const char *key, const char
|
||||||
|
|
||||||
r = pam_misc_setenv(handle, key, value, 0);
|
r = pam_misc_setenv(handle, key, value, 0);
|
||||||
if (r != PAM_SUCCESS)
|
if (r != PAM_SUCCESS)
|
||||||
pam_syslog(handle, LOG_ERR, "Failed to set environment variable %s.", key);
|
pam_syslog(handle, LOG_ERR, "Failed to set environment variable %s: %s", key, pam_strerror(handle, r));
|
||||||
|
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
@ -391,6 +395,7 @@ static int update_environment(pam_handle_t *handle, const char *key, const char
|
||||||
static bool validate_runtime_directory(pam_handle_t *handle, const char *path, uid_t uid) {
|
static bool validate_runtime_directory(pam_handle_t *handle, const char *path, uid_t uid) {
|
||||||
struct stat st;
|
struct stat st;
|
||||||
|
|
||||||
|
assert(handle);
|
||||||
assert(path);
|
assert(path);
|
||||||
|
|
||||||
/* Just some extra paranoia: let's not set $XDG_RUNTIME_DIR if the directory we'd set it to isn't actually set
|
/* Just some extra paranoia: let's not set $XDG_RUNTIME_DIR if the directory we'd set it to isn't actually set
|
||||||
|
@ -459,10 +464,8 @@ _public_ PAM_EXTERN int pam_sm_open_session(
|
||||||
pam_syslog(handle, LOG_DEBUG, "pam-systemd initializing");
|
pam_syslog(handle, LOG_DEBUG, "pam-systemd initializing");
|
||||||
|
|
||||||
r = get_user_data(handle, &username, &pw);
|
r = get_user_data(handle, &username, &pw);
|
||||||
if (r != PAM_SUCCESS) {
|
if (r != PAM_SUCCESS)
|
||||||
pam_syslog(handle, LOG_ERR, "Failed to get user data.");
|
|
||||||
return r;
|
return r;
|
||||||
}
|
|
||||||
|
|
||||||
/* Make sure we don't enter a loop by talking to
|
/* Make sure we don't enter a loop by talking to
|
||||||
* systemd-logind when it is actually waiting for the
|
* systemd-logind when it is actually waiting for the
|
||||||
|
@ -470,7 +473,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
|
||||||
* "systemd-user" we simply set XDG_RUNTIME_DIR and
|
* "systemd-user" we simply set XDG_RUNTIME_DIR and
|
||||||
* leave. */
|
* leave. */
|
||||||
|
|
||||||
pam_get_item(handle, PAM_SERVICE, (const void**) &service);
|
(void) pam_get_item(handle, PAM_SERVICE, (const void**) &service);
|
||||||
if (streq_ptr(service, "systemd-user")) {
|
if (streq_ptr(service, "systemd-user")) {
|
||||||
char rt[STRLEN("/run/user/") + DECIMAL_STR_MAX(uid_t)];
|
char rt[STRLEN("/run/user/") + DECIMAL_STR_MAX(uid_t)];
|
||||||
|
|
||||||
|
@ -478,7 +481,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
|
||||||
if (validate_runtime_directory(handle, rt, pw->pw_uid)) {
|
if (validate_runtime_directory(handle, rt, pw->pw_uid)) {
|
||||||
r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", rt, 0);
|
r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", rt, 0);
|
||||||
if (r != PAM_SUCCESS) {
|
if (r != PAM_SUCCESS) {
|
||||||
pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
|
pam_syslog(handle, LOG_ERR, "Failed to set runtime dir: %s", pam_strerror(handle, r));
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -492,10 +495,10 @@ _public_ PAM_EXTERN int pam_sm_open_session(
|
||||||
|
|
||||||
/* Otherwise, we ask logind to create a session for us */
|
/* Otherwise, we ask logind to create a session for us */
|
||||||
|
|
||||||
pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
|
(void) pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
|
||||||
pam_get_item(handle, PAM_TTY, (const void**) &tty);
|
(void) pam_get_item(handle, PAM_TTY, (const void**) &tty);
|
||||||
pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
|
(void) pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
|
||||||
pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);
|
(void) pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);
|
||||||
|
|
||||||
seat = getenv_harder(handle, "XDG_SEAT", NULL);
|
seat = getenv_harder(handle, "XDG_SEAT", NULL);
|
||||||
cvtnr = getenv_harder(handle, "XDG_VTNR", NULL);
|
cvtnr = getenv_harder(handle, "XDG_VTNR", NULL);
|
||||||
|
@ -652,7 +655,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
|
||||||
return PAM_SYSTEM_ERR;
|
return PAM_SYSTEM_ERR;
|
||||||
}
|
}
|
||||||
|
|
||||||
r = sd_bus_call(bus, m, 0, &error, &reply);
|
r = sd_bus_call(bus, m, LOGIN_SLOW_BUS_CALL_TIMEOUT_USEC, &error, &reply);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
if (sd_bus_error_has_name(&error, BUS_ERROR_SESSION_BUSY)) {
|
if (sd_bus_error_has_name(&error, BUS_ERROR_SESSION_BUSY)) {
|
||||||
if (debug)
|
if (debug)
|
||||||
|
@ -660,7 +663,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
|
||||||
return PAM_SUCCESS;
|
return PAM_SUCCESS;
|
||||||
} else {
|
} else {
|
||||||
pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error, r));
|
pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error, r));
|
||||||
return PAM_SYSTEM_ERR;
|
return PAM_SESSION_ERR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -737,7 +740,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
|
||||||
|
|
||||||
r = pam_set_data(handle, "systemd.existing", INT_TO_PTR(!!existing), NULL);
|
r = pam_set_data(handle, "systemd.existing", INT_TO_PTR(!!existing), NULL);
|
||||||
if (r != PAM_SUCCESS) {
|
if (r != PAM_SUCCESS) {
|
||||||
pam_syslog(handle, LOG_ERR, "Failed to install existing flag.");
|
pam_syslog(handle, LOG_ERR, "Failed to install existing flag: %s", pam_strerror(handle, r));
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -750,7 +753,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
|
||||||
|
|
||||||
r = pam_set_data(handle, "systemd.session-fd", FD_TO_PTR(session_fd), NULL);
|
r = pam_set_data(handle, "systemd.session-fd", FD_TO_PTR(session_fd), NULL);
|
||||||
if (r != PAM_SUCCESS) {
|
if (r != PAM_SUCCESS) {
|
||||||
pam_syslog(handle, LOG_ERR, "Failed to install session fd.");
|
pam_syslog(handle, LOG_ERR, "Failed to install session fd: %s", pam_strerror(handle, r));
|
||||||
safe_close(session_fd);
|
safe_close(session_fd);
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
|
@ -168,7 +168,12 @@ static int ask_password_keyring(const char *keyname, AskPasswordFlags flags, cha
|
||||||
return -EUNATCH;
|
return -EUNATCH;
|
||||||
|
|
||||||
r = lookup_key(keyname, &serial);
|
r = lookup_key(keyname, &serial);
|
||||||
if (r == -ENOSYS) /* when retrieving the distinction doesn't matter */
|
if (ERRNO_IS_NOT_SUPPORTED(r) || r == -EPERM) /* when retrieving the distinction between "kernel or
|
||||||
|
* container manager don't support or allow this" and
|
||||||
|
* "no matching key known" doesn't matter. Note that we
|
||||||
|
* propagate EACCESS here (even if EPERM not) since
|
||||||
|
* that is used if the keyring is available but we lack
|
||||||
|
* access to the key. */
|
||||||
return -ENOKEY;
|
return -ENOKEY;
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
|
@ -1014,7 +1014,9 @@ void udev_event_execute_run(UdevEvent *event, usec_t timeout_usec) {
|
||||||
|
|
||||||
log_device_debug(event->dev, "Running command \"%s\"", command);
|
log_device_debug(event->dev, "Running command \"%s\"", command);
|
||||||
r = udev_event_spawn(event, timeout_usec, false, command, NULL, 0);
|
r = udev_event_spawn(event, timeout_usec, false, command, NULL, 0);
|
||||||
if (r > 0) /* returned value is positive when program fails */
|
if (r < 0)
|
||||||
|
log_device_warning_errno(event->dev, r, "Failed to execute '%s', ignoring: %m", command);
|
||||||
|
else if (r > 0) /* returned value is positive when program fails */
|
||||||
log_device_debug(event->dev, "Command \"%s\" returned %d (error), ignoring.", command, r);
|
log_device_debug(event->dev, "Command \"%s\" returned %d (error), ignoring.", command, r);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1665,10 +1665,13 @@ static int udev_rule_apply_token_to_event(
|
||||||
log_rule_debug(dev, rules, "Running PROGRAM '%s'", buf);
|
log_rule_debug(dev, rules, "Running PROGRAM '%s'", buf);
|
||||||
|
|
||||||
r = udev_event_spawn(event, timeout_usec, true, buf, result, sizeof(result));
|
r = udev_event_spawn(event, timeout_usec, true, buf, result, sizeof(result));
|
||||||
if (r < 0)
|
if (r != 0) {
|
||||||
return log_rule_error_errno(dev, rules, r, "Failed to execute '%s': %m", buf);
|
if (r < 0)
|
||||||
if (r > 0)
|
log_rule_warning_errno(dev, rules, r, "Failed to execute '%s', ignoring: %m", buf);
|
||||||
|
else /* returned value is positive when program fails */
|
||||||
|
log_rule_debug(dev, rules, "Command \"%s\" returned %d (error), ignoring", buf, r);
|
||||||
return token->op == OP_NOMATCH;
|
return token->op == OP_NOMATCH;
|
||||||
|
}
|
||||||
|
|
||||||
delete_trailing_chars(result, "\n");
|
delete_trailing_chars(result, "\n");
|
||||||
count = util_replace_chars(result, UDEV_ALLOWED_CHARS_INPUT);
|
count = util_replace_chars(result, UDEV_ALLOWED_CHARS_INPUT);
|
||||||
|
@ -1732,10 +1735,11 @@ static int udev_rule_apply_token_to_event(
|
||||||
log_rule_debug(dev, rules, "Importing properties from results of '%s'", buf);
|
log_rule_debug(dev, rules, "Importing properties from results of '%s'", buf);
|
||||||
|
|
||||||
r = udev_event_spawn(event, timeout_usec, true, buf, result, sizeof result);
|
r = udev_event_spawn(event, timeout_usec, true, buf, result, sizeof result);
|
||||||
if (r < 0)
|
if (r != 0) {
|
||||||
return log_rule_error_errno(dev, rules, r, "Failed to execute '%s': %m", buf);
|
if (r < 0)
|
||||||
if (r > 0) {
|
log_rule_warning_errno(dev, rules, r, "Failed to execute '%s', ignoring: %m", buf);
|
||||||
log_rule_debug(dev, rules, "Command \"%s\" returned %d (error), ignoring", buf, r);
|
else /* returned value is positive when program fails */
|
||||||
|
log_rule_debug(dev, rules, "Command \"%s\" returned %d (error), ignoring", buf, r);
|
||||||
return token->op == OP_NOMATCH;
|
return token->op == OP_NOMATCH;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue