mirror of
https://github.com/systemd/systemd
synced 2025-12-26 19:04:45 +01:00
Compare commits
6 Commits
32c7f02bb4
...
62ea0ed08d
| Author | SHA1 | Date | |
|---|---|---|---|
|
62ea0ed08d | ||
|
|
402506cea5 | ||
|
|
da2268f9d7 | ||
|
|
fea909c1b9 | ||
|
|
dcbe4a6860 | ||
|
|
cb3714d100 |
@ -23,10 +23,7 @@
|
||||
#include "format-util.h"
|
||||
#include "io-util.h"
|
||||
#include "log.h"
|
||||
#include "macro.h"
|
||||
#include "memory-util.h"
|
||||
#include "missing_socket.h"
|
||||
#include "missing_network.h"
|
||||
#include "parse-util.h"
|
||||
#include "path-util.h"
|
||||
#include "process-util.h"
|
||||
@ -1267,72 +1264,6 @@ int socket_set_recvpktinfo(int fd, int af, bool b) {
|
||||
}
|
||||
}
|
||||
|
||||
int socket_set_recverr(int fd, int af, bool b) {
|
||||
int r;
|
||||
|
||||
if (af == AF_UNSPEC) {
|
||||
r = socket_get_family(fd, &af);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
switch (af) {
|
||||
|
||||
case AF_INET:
|
||||
return setsockopt_int(fd, IPPROTO_IP, IP_RECVERR, b);
|
||||
|
||||
case AF_INET6:
|
||||
return setsockopt_int(fd, IPPROTO_IPV6, IPV6_RECVERR, b);
|
||||
|
||||
default:
|
||||
return -EAFNOSUPPORT;
|
||||
}
|
||||
}
|
||||
|
||||
int socket_set_recvttl(int fd, int af, bool b) {
|
||||
int r;
|
||||
|
||||
if (af == AF_UNSPEC) {
|
||||
r = socket_get_family(fd, &af);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
switch (af) {
|
||||
|
||||
case AF_INET:
|
||||
return setsockopt_int(fd, IPPROTO_IP, IP_RECVTTL, b);
|
||||
|
||||
case AF_INET6:
|
||||
return setsockopt_int(fd, IPPROTO_IPV6, IPV6_RECVHOPLIMIT, b);
|
||||
|
||||
default:
|
||||
return -EAFNOSUPPORT;
|
||||
}
|
||||
}
|
||||
|
||||
int socket_set_ttl(int fd, int af, int ttl) {
|
||||
int r;
|
||||
|
||||
if (af == AF_UNSPEC) {
|
||||
r = socket_get_family(fd, &af);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
switch (af) {
|
||||
|
||||
case AF_INET:
|
||||
return setsockopt_int(fd, IPPROTO_IP, IP_TTL, ttl);
|
||||
|
||||
case AF_INET6:
|
||||
return setsockopt_int(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, ttl);
|
||||
|
||||
default:
|
||||
return -EAFNOSUPPORT;
|
||||
}
|
||||
}
|
||||
|
||||
int socket_set_unicast_if(int fd, int af, int ifi) {
|
||||
be32_t ifindex_be = htobe32(ifi);
|
||||
int r;
|
||||
@ -1362,7 +1293,7 @@ int socket_set_unicast_if(int fd, int af, int ifi) {
|
||||
}
|
||||
}
|
||||
|
||||
int socket_set_freebind(int fd, int af, bool b) {
|
||||
int socket_set_option(int fd, int af, int opt_ipv4, int opt_ipv6, int val) {
|
||||
int r;
|
||||
|
||||
if (af == AF_UNSPEC) {
|
||||
@ -1374,32 +1305,10 @@ int socket_set_freebind(int fd, int af, bool b) {
|
||||
switch (af) {
|
||||
|
||||
case AF_INET:
|
||||
return setsockopt_int(fd, IPPROTO_IP, IP_FREEBIND, b);
|
||||
return setsockopt_int(fd, IPPROTO_IP, opt_ipv4, val);
|
||||
|
||||
case AF_INET6:
|
||||
return setsockopt_int(fd, IPPROTO_IPV6, IPV6_FREEBIND, b);
|
||||
|
||||
default:
|
||||
return -EAFNOSUPPORT;
|
||||
}
|
||||
}
|
||||
|
||||
int socket_set_transparent(int fd, int af, bool b) {
|
||||
int r;
|
||||
|
||||
if (af == AF_UNSPEC) {
|
||||
r = socket_get_family(fd, &af);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
switch (af) {
|
||||
|
||||
case AF_INET:
|
||||
return setsockopt_int(fd, IPPROTO_IP, IP_TRANSPARENT, b);
|
||||
|
||||
case AF_INET6:
|
||||
return setsockopt_int(fd, IPPROTO_IPV6, IPV6_TRANSPARENT, b);
|
||||
return setsockopt_int(fd, IPPROTO_IPV6, opt_ipv6, val);
|
||||
|
||||
default:
|
||||
return -EAFNOSUPPORT;
|
||||
|
||||
@ -15,6 +15,7 @@
|
||||
#include <sys/un.h>
|
||||
|
||||
#include "macro.h"
|
||||
#include "missing_network.h"
|
||||
#include "missing_socket.h"
|
||||
#include "sparse-endian.h"
|
||||
|
||||
@ -264,9 +265,20 @@ ssize_t recvmsg_safe(int sockfd, struct msghdr *msg, int flags);
|
||||
|
||||
int socket_get_family(int fd, int *ret);
|
||||
int socket_set_recvpktinfo(int fd, int af, bool b);
|
||||
int socket_set_recverr(int fd, int af, bool b);
|
||||
int socket_set_recvttl(int fd, int af, bool b);
|
||||
int socket_set_ttl(int fd, int af, int ttl);
|
||||
int socket_set_unicast_if(int fd, int af, int ifi);
|
||||
int socket_set_freebind(int fd, int af, bool b);
|
||||
int socket_set_transparent(int fd, int af, bool b);
|
||||
int socket_set_option(int fd, int af, int opt_ipv4, int opt_ipv6, int val);
|
||||
static inline int socket_set_recverr(int fd, int af, bool b) {
|
||||
return socket_set_option(fd, af, IP_RECVERR, IPV6_RECVERR, b);
|
||||
}
|
||||
static inline int socket_set_recvttl(int fd, int af, bool b) {
|
||||
return socket_set_option(fd, af, IP_RECVTTL, IPV6_RECVHOPLIMIT, b);
|
||||
}
|
||||
static inline int socket_set_ttl(int fd, int af, int ttl) {
|
||||
return socket_set_option(fd, af, IP_TTL, IPV6_UNICAST_HOPS, ttl);
|
||||
}
|
||||
static inline int socket_set_freebind(int fd, int af, bool b) {
|
||||
return socket_set_option(fd, af, IP_FREEBIND, IPV6_FREEBIND, b);
|
||||
}
|
||||
static inline int socket_set_transparent(int fd, int af, bool b) {
|
||||
return socket_set_option(fd, af, IP_TRANSPARENT, IPV6_TRANSPARENT, b);
|
||||
}
|
||||
|
||||
@ -855,6 +855,7 @@ static void remove_and_erasep(const char **p) {
|
||||
|
||||
static int run(int argc, char *argv[]) {
|
||||
_cleanup_(crypt_freep) struct crypt_device *cd = NULL;
|
||||
const char *verb;
|
||||
int r;
|
||||
|
||||
if (argc <= 1)
|
||||
@ -870,39 +871,44 @@ static int run(int argc, char *argv[]) {
|
||||
|
||||
umask(0022);
|
||||
|
||||
if (streq(argv[1], "attach")) {
|
||||
verb = argv[1];
|
||||
|
||||
if (streq(verb, "attach")) {
|
||||
_cleanup_(remove_and_erasep) const char *destroy_key_file = NULL;
|
||||
_cleanup_(erase_and_freep) void *key_data = NULL;
|
||||
const char *volume, *source, *key_file, *options;
|
||||
crypt_status_info status;
|
||||
size_t key_data_size = 0;
|
||||
uint32_t flags = 0;
|
||||
unsigned tries;
|
||||
usec_t until;
|
||||
crypt_status_info status;
|
||||
_cleanup_(remove_and_erasep) const char *destroy_key_file = NULL;
|
||||
const char *key_file = NULL;
|
||||
_cleanup_(erase_and_freep) void *key_data = NULL;
|
||||
size_t key_data_size = 0;
|
||||
|
||||
/* Arguments: systemd-cryptsetup attach VOLUME SOURCE-DEVICE [PASSWORD] [OPTIONS] */
|
||||
|
||||
if (argc < 4)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "attach requires at least two arguments.");
|
||||
|
||||
if (!filename_is_valid(argv[2]))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Volume name '%s' is not valid.", argv[2]);
|
||||
volume = argv[2];
|
||||
source = argv[3];
|
||||
key_file = argc >= 5 && !STR_IN_SET(argv[4], "", "-", "none") ? argv[4] : NULL;
|
||||
options = argc >= 6 && !STR_IN_SET(argv[5], "", "-", "none") ? argv[5] : NULL;
|
||||
|
||||
if (argc >= 5 && !STR_IN_SET(argv[4], "", "-", "none")) {
|
||||
if (path_is_absolute(argv[4]))
|
||||
key_file = argv[4];
|
||||
else
|
||||
log_warning("Password file path '%s' is not absolute. Ignoring.", argv[4]);
|
||||
if (!filename_is_valid(volume))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Volume name '%s' is not valid.", volume);
|
||||
|
||||
if (key_file && !path_is_absolute(key_file)) {
|
||||
log_warning("Password file path '%s' is not absolute. Ignoring.", key_file);
|
||||
key_file = NULL;
|
||||
}
|
||||
|
||||
if (argc >= 6 && !STR_IN_SET(argv[5], "", "-", "none")) {
|
||||
r = parse_options(argv[5]);
|
||||
if (options) {
|
||||
r = parse_options(options);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
log_debug("%s %s ← %s type=%s cipher=%s", __func__,
|
||||
argv[2], argv[3], strempty(arg_type), strempty(arg_cipher));
|
||||
volume, source, strempty(arg_type), strempty(arg_cipher));
|
||||
|
||||
/* A delicious drop of snake oil */
|
||||
(void) mlockall(MCL_FUTURE);
|
||||
@ -911,14 +917,14 @@ static int run(int argc, char *argv[]) {
|
||||
_cleanup_free_ char *bindname = NULL;
|
||||
const char *fn;
|
||||
|
||||
bindname = make_bindname(argv[2]);
|
||||
bindname = make_bindname(volume);
|
||||
if (!bindname)
|
||||
return log_oom();
|
||||
|
||||
/* If a key file is not explicitly specified, search for a key in a well defined
|
||||
* search path, and load it. */
|
||||
|
||||
fn = strjoina(argv[2], ".key");
|
||||
fn = strjoina(volume, ".key");
|
||||
r = find_key_file(
|
||||
fn,
|
||||
STRV_MAKE("/etc/cryptsetup-keys.d", "/run/cryptsetup-keys.d"),
|
||||
@ -927,7 +933,7 @@ static int run(int argc, char *argv[]) {
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r > 0)
|
||||
log_debug("Automatically discovered key for volume '%s'.", argv[2]);
|
||||
log_debug("Automatically discovered key for volume '%s'.", volume);
|
||||
} else if (arg_keyfile_erase)
|
||||
destroy_key_file = key_file; /* let's get this baby erased when we leave */
|
||||
|
||||
@ -935,15 +941,15 @@ static int run(int argc, char *argv[]) {
|
||||
log_debug("LUKS header: %s", arg_header);
|
||||
r = crypt_init(&cd, arg_header);
|
||||
} else
|
||||
r = crypt_init(&cd, argv[3]);
|
||||
r = crypt_init(&cd, source);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "crypt_init() failed: %m");
|
||||
|
||||
cryptsetup_enable_logging(cd);
|
||||
|
||||
status = crypt_status(cd, argv[2]);
|
||||
status = crypt_status(cd, volume);
|
||||
if (IN_SET(status, CRYPT_ACTIVE, CRYPT_BUSY)) {
|
||||
log_info("Volume %s already active.", argv[2]);
|
||||
log_info("Volume %s already active.", volume);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -971,16 +977,16 @@ static int run(int argc, char *argv[]) {
|
||||
return log_error_errno(r, "Failed to load LUKS superblock on device %s: %m", crypt_get_device_name(cd));
|
||||
|
||||
if (arg_header) {
|
||||
r = crypt_set_data_device(cd, argv[3]);
|
||||
r = crypt_set_data_device(cd, source);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to set LUKS data device %s: %m", argv[3]);
|
||||
return log_error_errno(r, "Failed to set LUKS data device %s: %m", source);
|
||||
}
|
||||
|
||||
/* Tokens are available in LUKS2 only, but it is ok to call (and fail) with LUKS1. */
|
||||
if (!key_file && !key_data) {
|
||||
r = crypt_activate_by_token(cd, argv[2], CRYPT_ANY_TOKEN, NULL, flags);
|
||||
r = crypt_activate_by_token(cd, volume, CRYPT_ANY_TOKEN, NULL, flags);
|
||||
if (r >= 0) {
|
||||
log_debug("Volume %s activated with LUKS token id %i.", argv[2], r);
|
||||
log_debug("Volume %s activated with LUKS token id %i.", volume, r);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -1024,7 +1030,7 @@ static int run(int argc, char *argv[]) {
|
||||
/* Ask the user for a passphrase only as last resort, if we have
|
||||
* nothing else to check for */
|
||||
|
||||
r = get_password(argv[2], argv[3], until, tries == 0 && !arg_verify, &passwords);
|
||||
r = get_password(volume, source, until, tries == 0 && !arg_verify, &passwords);
|
||||
if (r == -EAGAIN)
|
||||
continue;
|
||||
if (r < 0)
|
||||
@ -1033,9 +1039,9 @@ static int run(int argc, char *argv[]) {
|
||||
}
|
||||
|
||||
if (streq_ptr(arg_type, CRYPT_TCRYPT))
|
||||
r = attach_tcrypt(cd, argv[2], key_file, key_data, key_data_size, passwords, flags);
|
||||
r = attach_tcrypt(cd, volume, key_file, key_data, key_data_size, passwords, flags);
|
||||
else
|
||||
r = attach_luks_or_plain_or_bitlk(cd, argv[2], key_file, key_data, key_data_size, passwords, flags, until);
|
||||
r = attach_luks_or_plain_or_bitlk(cd, volume, key_file, key_data, key_data_size, passwords, flags, until);
|
||||
if (r >= 0)
|
||||
break;
|
||||
if (r != -EAGAIN)
|
||||
@ -1052,14 +1058,17 @@ static int run(int argc, char *argv[]) {
|
||||
if (arg_tries != 0 && tries >= arg_tries)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EPERM), "Too many attempts to activate; giving up.");
|
||||
|
||||
} else if (streq(argv[1], "detach")) {
|
||||
} else if (streq(verb, "detach")) {
|
||||
const char *volume;
|
||||
|
||||
if (!filename_is_valid(argv[2]))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Volume name '%s' is not valid.", argv[2]);
|
||||
volume = argv[2];
|
||||
|
||||
r = crypt_init_by_name(&cd, argv[2]);
|
||||
if (!filename_is_valid(volume))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Volume name '%s' is not valid.", volume);
|
||||
|
||||
r = crypt_init_by_name(&cd, volume);
|
||||
if (r == -ENODEV) {
|
||||
log_info("Volume %s already inactive.", argv[2]);
|
||||
log_info("Volume %s already inactive.", volume);
|
||||
return 0;
|
||||
}
|
||||
if (r < 0)
|
||||
@ -1067,12 +1076,12 @@ static int run(int argc, char *argv[]) {
|
||||
|
||||
cryptsetup_enable_logging(cd);
|
||||
|
||||
r = crypt_deactivate(cd, argv[2]);
|
||||
r = crypt_deactivate(cd, volume);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to deactivate: %m");
|
||||
|
||||
} else
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unknown verb %s.", argv[1]);
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unknown verb %s.", verb);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -460,8 +460,12 @@ int dissect_image(
|
||||
DissectedImage **ret) {
|
||||
|
||||
#if HAVE_BLKID
|
||||
sd_id128_t root_uuid = SD_ID128_NULL, root_verity_uuid = SD_ID128_NULL,
|
||||
usr_uuid = SD_ID128_NULL, usr_verity_uuid = SD_ID128_NULL;
|
||||
#ifdef GPT_ROOT_NATIVE
|
||||
sd_id128_t root_uuid = SD_ID128_NULL, root_verity_uuid = SD_ID128_NULL;
|
||||
#endif
|
||||
#ifdef GPT_USR_NATIVE
|
||||
sd_id128_t usr_uuid = SD_ID128_NULL, usr_verity_uuid = SD_ID128_NULL;
|
||||
#endif
|
||||
bool is_gpt, is_mbr, generic_rw, multiple_generic = false;
|
||||
_cleanup_(sd_device_unrefp) sd_device *d = NULL;
|
||||
_cleanup_(dissected_image_unrefp) DissectedImage *m = NULL;
|
||||
@ -504,13 +508,19 @@ int dissect_image(
|
||||
|
||||
/* If the verity data declares it's for the /usr partition, then search for that, in all
|
||||
* other cases assume it's for the root partition. */
|
||||
#ifdef GPT_USR_NATIVE
|
||||
if (verity->designator == PARTITION_USR) {
|
||||
usr_uuid = fsuuid;
|
||||
usr_verity_uuid = vuuid;
|
||||
} else {
|
||||
#endif
|
||||
#ifdef GPT_ROOT_NATIVE
|
||||
root_uuid = fsuuid;
|
||||
root_verity_uuid = vuuid;
|
||||
#endif
|
||||
#ifdef GPT_USR_NATIVE
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
if (fstat(fd, &st) < 0)
|
||||
|
||||
@ -743,12 +743,12 @@ int dns_name_reverse(int family, const union in_addr_union *a, char **ret) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
int dns_name_address(const char *p, int *family, union in_addr_union *address) {
|
||||
int dns_name_address(const char *p, int *ret_family, union in_addr_union *ret_address) {
|
||||
int r;
|
||||
|
||||
assert(p);
|
||||
assert(family);
|
||||
assert(address);
|
||||
assert(ret_family);
|
||||
assert(ret_address);
|
||||
|
||||
r = dns_name_endswith(p, "in-addr.arpa");
|
||||
if (r < 0)
|
||||
@ -777,11 +777,11 @@ int dns_name_address(const char *p, int *family, union in_addr_union *address) {
|
||||
if (r <= 0)
|
||||
return r;
|
||||
|
||||
*family = AF_INET;
|
||||
address->in.s_addr = htobe32(((uint32_t) a[3] << 24) |
|
||||
((uint32_t) a[2] << 16) |
|
||||
((uint32_t) a[1] << 8) |
|
||||
(uint32_t) a[0]);
|
||||
*ret_family = AF_INET;
|
||||
ret_address->in.s_addr = htobe32(((uint32_t) a[3] << 24) |
|
||||
((uint32_t) a[2] << 16) |
|
||||
((uint32_t) a[1] << 8) |
|
||||
(uint32_t) a[0]);
|
||||
|
||||
return 1;
|
||||
}
|
||||
@ -822,11 +822,14 @@ int dns_name_address(const char *p, int *family, union in_addr_union *address) {
|
||||
if (r <= 0)
|
||||
return r;
|
||||
|
||||
*family = AF_INET6;
|
||||
address->in6 = a;
|
||||
*ret_family = AF_INET6;
|
||||
ret_address->in6 = a;
|
||||
return 1;
|
||||
}
|
||||
|
||||
*ret_family = AF_UNSPEC;
|
||||
*ret_address = IN_ADDR_NULL;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -1308,18 +1311,19 @@ int dns_name_apply_idna(const char *name, char **ret) {
|
||||
if (r != IDN2_OK) {
|
||||
log_debug("idn2_to_unicode_8z8z(\"%s\") failed: %d/%s",
|
||||
t, r, sym_idn2_strerror(r));
|
||||
*ret = NULL;
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!streq_ptr(name, s)) {
|
||||
log_debug("idn2 roundtrip failed: \"%s\" → \"%s\" → \"%s\", ignoring.",
|
||||
name, t, s);
|
||||
*ret = NULL;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
*ret = TAKE_PTR(t);
|
||||
|
||||
return 1; /* *ret has been written */
|
||||
}
|
||||
|
||||
@ -1329,6 +1333,7 @@ int dns_name_apply_idna(const char *name, char **ret) {
|
||||
return 0;
|
||||
if (IN_SET(r, IDN2_TOO_BIG_DOMAIN, IDN2_TOO_BIG_LABEL))
|
||||
return -ENOSPC;
|
||||
|
||||
return -EINVAL;
|
||||
#elif HAVE_LIBIDN
|
||||
_cleanup_free_ char *buf = NULL;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user