Compare commits
18 Commits
3f58a2f099
...
0224fcc7ce
Author | SHA1 | Date |
---|---|---|
colin-foster-in-advantage | 0224fcc7ce | |
Lennart Poettering | d209e197f8 | |
Antonio Alvarez Feijoo | 9ed090230e | |
Luca Boccassi | 9bf6ffe166 | |
Lennart Poettering | 47c5ca237b | |
Lennart Poettering | 7f8a4f12df | |
Lennart Poettering | e412fc5e04 | |
Lennart Poettering | cc6baba720 | |
Lennart Poettering | 3ae48d071c | |
Antonio Alvarez Feijoo | 2ccacdd57c | |
Yu Watanabe | d99198819c | |
Tobias Zimmermann | f70e5620b6 | |
Zbigniew Jędrzejewski-Szmek | 3127c71bf4 | |
Zbigniew Jędrzejewski-Szmek | 2c06e40ae9 | |
Zbigniew Jędrzejewski-Szmek | 5ca9149464 | |
Colin Foster | b5171f0f48 | |
Colin Foster | b4e82f27c7 | |
Colin Foster | 857a9a6d74 |
|
@ -1438,6 +1438,11 @@ evdev:input:b0003v046DpC309*
|
||||||
KEYBOARD_KEY_c01b6=images # My Pictures (F11)
|
KEYBOARD_KEY_c01b6=images # My Pictures (F11)
|
||||||
KEYBOARD_KEY_c01b7=audio # My Music (F12)
|
KEYBOARD_KEY_c01b7=audio # My Music (F12)
|
||||||
|
|
||||||
|
# Logitech MX Keys for Mac
|
||||||
|
evdev:input:b0003v046Dp4092*
|
||||||
|
KEYBOARD_KEY_70035=102nd # '<' key
|
||||||
|
KEYBOARD_KEY_70064=grave # '^' key
|
||||||
|
|
||||||
###########################################################
|
###########################################################
|
||||||
# Maxdata
|
# Maxdata
|
||||||
###########################################################
|
###########################################################
|
||||||
|
|
|
@ -265,32 +265,11 @@
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
<refsect1>
|
<refsect1>
|
||||||
<title>Options</title>
|
<title>Unlocking</title>
|
||||||
|
|
||||||
<para>The following options are understood:</para>
|
<para>The following options are understood that may be used to unlock the device in preparation of the enrollment operations:</para>
|
||||||
|
|
||||||
<variablelist>
|
<variablelist>
|
||||||
<varlistentry>
|
|
||||||
<term><option>--password</option></term>
|
|
||||||
|
|
||||||
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
|
|
||||||
<command>cryptsetup luksAddKey</command>, however may be combined with
|
|
||||||
<option>--wipe-slot=</option> in one call, see below.</para>
|
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term><option>--recovery-key</option></term>
|
|
||||||
|
|
||||||
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
|
|
||||||
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
|
|
||||||
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term>
|
<term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term>
|
||||||
|
|
||||||
|
@ -328,7 +307,45 @@
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Simple Enrollment</title>
|
||||||
|
|
||||||
|
<para>The following options are understood that may be used to enroll simple user input based
|
||||||
|
unlocking:</para>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--password</option></term>
|
||||||
|
|
||||||
|
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
|
||||||
|
<command>cryptsetup luksAddKey</command>, however may be combined with
|
||||||
|
<option>--wipe-slot=</option> in one call, see below.</para>
|
||||||
|
|
||||||
|
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--recovery-key</option></term>
|
||||||
|
|
||||||
|
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
|
||||||
|
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
|
||||||
|
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>PKCS#11 Enrollment</title>
|
||||||
|
|
||||||
|
<para>The following option is understood that may be used to enroll PKCS#11 tokens:</para>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term>
|
<term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term>
|
||||||
|
|
||||||
|
@ -361,7 +378,15 @@
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>FIDO2 Enrollment</title>
|
||||||
|
|
||||||
|
<para>The following options are understood that may be used to enroll PKCS#11 tokens:</para>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
|
<term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
|
||||||
<listitem><para>Specify COSE algorithm used in credential generation. The default value is
|
<listitem><para>Specify COSE algorithm used in credential generation. The default value is
|
||||||
|
@ -461,7 +486,15 @@
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v249"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v249"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>TPM2 Enrollment</title>
|
||||||
|
|
||||||
|
<para>The following options are understood that may be used to enroll TPM2 devices:</para>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term>
|
<term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term>
|
||||||
|
|
||||||
|
@ -636,7 +669,15 @@
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
<refsect1>
|
||||||
|
<title>Other Options</title>
|
||||||
|
|
||||||
|
<para>The following additional options are understood:</para>
|
||||||
|
|
||||||
|
<variablelist>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term>
|
<term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term>
|
||||||
|
|
||||||
|
|
|
@ -2546,6 +2546,17 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>BOOTP=</varname></term>
|
||||||
|
<listitem>
|
||||||
|
<para>Takes a boolean. The DHCPv4 client can be configured to communicate with BOOP servers that
|
||||||
|
don't accept Option 53, DHCP Message Type. In this configuration, a BOOTP Request is sent without
|
||||||
|
any options by default. A BOOTP reply that contains Option 1: Subnet Mask is expected.</para>
|
||||||
|
|
||||||
|
<xi:include href="version-info.xml" xpointer="v257"/>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<!-- How to use the DHCP lease -->
|
<!-- How to use the DHCP lease -->
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
|
|
@ -38,19 +38,12 @@ __get_tpm2_devices() {
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
__get_block_devices() {
|
|
||||||
local i
|
|
||||||
for i in /dev/*; do
|
|
||||||
[ -b "$i" ] && printf '%s\n' "$i"
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
_systemd_cryptenroll() {
|
_systemd_cryptenroll() {
|
||||||
local comps
|
local comps
|
||||||
local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
|
local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
|
||||||
local -A OPTS=(
|
local -A OPTS=(
|
||||||
[STANDALONE]='-h --help --version
|
[STANDALONE]='-h --help --version
|
||||||
--password --recovery-key'
|
--password --recovery-key --list-devices'
|
||||||
[ARG]='--unlock-key-file
|
[ARG]='--unlock-key-file
|
||||||
--unlock-fido2-device
|
--unlock-fido2-device
|
||||||
--unlock-tpm2-device
|
--unlock-tpm2-device
|
||||||
|
@ -116,7 +109,7 @@ _systemd_cryptenroll() {
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
comps=$(__get_block_devices)
|
comps=$(systemd-cryptenroll --list-devices)
|
||||||
COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
|
COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
|
@ -3426,14 +3426,12 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
r = service_add_fd_store(s, fd, fdn, do_poll);
|
r = service_add_fd_store(s, TAKE_FD(fd), fdn, do_poll);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
log_unit_debug_errno(u, r,
|
log_unit_debug_errno(u, r,
|
||||||
"Failed to store deserialized fd '%s', ignoring: %m", fdn);
|
"Failed to store deserialized fd '%s', ignoring: %m", fdn);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
TAKE_FD(fd);
|
|
||||||
} else if (streq(key, "extra-fd")) {
|
} else if (streq(key, "extra-fd")) {
|
||||||
_cleanup_free_ char *fdv = NULL, *fdn = NULL;
|
_cleanup_free_ char *fdv = NULL, *fdn = NULL;
|
||||||
_cleanup_close_ int fd = -EBADF;
|
_cleanup_close_ int fd = -EBADF;
|
||||||
|
|
|
@ -193,7 +193,7 @@ static int help(void) {
|
||||||
"\n%3$sSimple Enrollment:%4$s\n"
|
"\n%3$sSimple Enrollment:%4$s\n"
|
||||||
" --password Enroll a user-supplied password\n"
|
" --password Enroll a user-supplied password\n"
|
||||||
" --recovery-key Enroll a recovery key\n"
|
" --recovery-key Enroll a recovery key\n"
|
||||||
"\n%3$sPKCS11 Enrollment:%4$s\n"
|
"\n%3$sPKCS#11 Enrollment:%4$s\n"
|
||||||
" --pkcs11-token-uri=URI\n"
|
" --pkcs11-token-uri=URI\n"
|
||||||
" Specify PKCS#11 security token URI\n"
|
" Specify PKCS#11 security token URI\n"
|
||||||
"\n%3$sFIDO2 Enrollment:%4$s\n"
|
"\n%3$sFIDO2 Enrollment:%4$s\n"
|
||||||
|
|
|
@ -14,19 +14,13 @@
|
||||||
|
|
||||||
#define DHCP_CLIENT_MIN_OPTIONS_SIZE 312
|
#define DHCP_CLIENT_MIN_OPTIONS_SIZE 312
|
||||||
|
|
||||||
int dhcp_message_init(
|
int bootp_message_init(
|
||||||
DHCPMessage *message,
|
DHCPMessage *message,
|
||||||
uint8_t op,
|
uint8_t op,
|
||||||
uint32_t xid,
|
uint32_t xid,
|
||||||
uint8_t type,
|
|
||||||
uint16_t arp_type,
|
uint16_t arp_type,
|
||||||
uint8_t hlen,
|
uint8_t hlen,
|
||||||
const uint8_t *chaddr,
|
const uint8_t *chaddr) {
|
||||||
size_t optlen,
|
|
||||||
size_t *optoffset) {
|
|
||||||
|
|
||||||
size_t offset = 0;
|
|
||||||
int r;
|
|
||||||
|
|
||||||
assert(IN_SET(op, BOOTREQUEST, BOOTREPLY));
|
assert(IN_SET(op, BOOTREQUEST, BOOTREPLY));
|
||||||
assert(chaddr || hlen == 0);
|
assert(chaddr || hlen == 0);
|
||||||
|
@ -51,6 +45,27 @@ int dhcp_message_init(
|
||||||
message->xid = htobe32(xid);
|
message->xid = htobe32(xid);
|
||||||
message->magic = htobe32(DHCP_MAGIC_COOKIE);
|
message->magic = htobe32(DHCP_MAGIC_COOKIE);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
int dhcp_message_init(
|
||||||
|
DHCPMessage *message,
|
||||||
|
uint8_t op,
|
||||||
|
uint32_t xid,
|
||||||
|
uint8_t type,
|
||||||
|
uint16_t arp_type,
|
||||||
|
uint8_t hlen,
|
||||||
|
const uint8_t *chaddr,
|
||||||
|
size_t optlen,
|
||||||
|
size_t *optoffset) {
|
||||||
|
|
||||||
|
size_t offset = 0;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
r = bootp_message_init(message, op, xid, arp_type, hlen, chaddr);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
r = dhcp_option_append(message, optlen, &offset, 0,
|
r = dhcp_option_append(message, optlen, &offset, 0,
|
||||||
SD_DHCP_OPTION_MESSAGE_TYPE, 1, &type);
|
SD_DHCP_OPTION_MESSAGE_TYPE, 1, &type);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
|
|
|
@ -6,6 +6,14 @@
|
||||||
|
|
||||||
#include "dhcp-protocol.h"
|
#include "dhcp-protocol.h"
|
||||||
|
|
||||||
|
int bootp_message_init(
|
||||||
|
DHCPMessage *message,
|
||||||
|
uint8_t op,
|
||||||
|
uint32_t xid,
|
||||||
|
uint16_t arp_type,
|
||||||
|
uint8_t hlen,
|
||||||
|
const uint8_t *chaddr);
|
||||||
|
|
||||||
int dhcp_message_init(
|
int dhcp_message_init(
|
||||||
DHCPMessage *message,
|
DHCPMessage *message,
|
||||||
uint8_t op,
|
uint8_t op,
|
||||||
|
|
|
@ -105,6 +105,7 @@ struct sd_dhcp_client {
|
||||||
int socket_priority;
|
int socket_priority;
|
||||||
bool socket_priority_set;
|
bool socket_priority_set;
|
||||||
bool ipv6_acquired;
|
bool ipv6_acquired;
|
||||||
|
bool bootp;
|
||||||
};
|
};
|
||||||
|
|
||||||
static const uint8_t default_req_opts[] = {
|
static const uint8_t default_req_opts[] = {
|
||||||
|
@ -656,6 +657,15 @@ int sd_dhcp_client_set_fallback_lease_lifetime(sd_dhcp_client *client, uint64_t
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int sd_dhcp_client_set_bootp(sd_dhcp_client *client, int bootp) {
|
||||||
|
assert_return(client, -EINVAL);
|
||||||
|
assert_return(!sd_dhcp_client_is_running(client), -EBUSY);
|
||||||
|
|
||||||
|
client->bootp = bootp;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
static void client_set_state(sd_dhcp_client *client, DHCPState state) {
|
static void client_set_state(sd_dhcp_client *client, DHCPState state) {
|
||||||
assert(client);
|
assert(client);
|
||||||
|
|
||||||
|
@ -792,10 +802,14 @@ static int client_message_init(
|
||||||
packet = malloc0(size);
|
packet = malloc0(size);
|
||||||
if (!packet)
|
if (!packet)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
if (client->bootp) {
|
||||||
r = dhcp_message_init(&packet->dhcp, BOOTREQUEST, client->xid, type,
|
optoffset = 0;
|
||||||
client->arp_type, client->hw_addr.length, client->hw_addr.bytes,
|
r = bootp_message_init(&packet->dhcp, BOOTREQUEST, client->xid, client->arp_type,
|
||||||
optlen, &optoffset);
|
client->hw_addr.length, client->hw_addr.bytes);
|
||||||
|
} else
|
||||||
|
r = dhcp_message_init(&packet->dhcp, BOOTREQUEST, client->xid, type,
|
||||||
|
client->arp_type, client->hw_addr.length, client->hw_addr.bytes,
|
||||||
|
optlen, &optoffset);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
@ -825,14 +839,16 @@ static int client_message_init(
|
||||||
if (client->request_broadcast || client->arp_type != ARPHRD_ETHER)
|
if (client->request_broadcast || client->arp_type != ARPHRD_ETHER)
|
||||||
packet->dhcp.flags = htobe16(0x8000);
|
packet->dhcp.flags = htobe16(0x8000);
|
||||||
|
|
||||||
/* Some DHCP servers will refuse to issue an DHCP lease if the Client
|
if (!client->bootp) {
|
||||||
Identifier option is not set */
|
/* Some DHCP servers will refuse to issue an DHCP lease if the Client
|
||||||
r = dhcp_option_append(&packet->dhcp, optlen, &optoffset, 0,
|
Identifier option is not set */
|
||||||
SD_DHCP_OPTION_CLIENT_IDENTIFIER,
|
r = dhcp_option_append(&packet->dhcp, optlen, &optoffset, 0,
|
||||||
client->client_id.size,
|
SD_DHCP_OPTION_CLIENT_IDENTIFIER,
|
||||||
client->client_id.raw);
|
client->client_id.size,
|
||||||
if (r < 0)
|
client->client_id.raw);
|
||||||
return r;
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
/* RFC2131 section 3.5:
|
/* RFC2131 section 3.5:
|
||||||
in its initial DHCPDISCOVER or DHCPREQUEST message, a
|
in its initial DHCPDISCOVER or DHCPREQUEST message, a
|
||||||
|
@ -1061,6 +1077,22 @@ static int client_send_discover(sd_dhcp_client *client) {
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
/* RFC1542 section 3.5:
|
||||||
|
if the client has no information to communicate to the server,
|
||||||
|
the octet immediately following the magic cookie SHOULD be set
|
||||||
|
to the "End" tag (255) and the remaining octets of the 'vend'
|
||||||
|
field SHOULD be set to zero.
|
||||||
|
*/
|
||||||
|
/* Use this RFC, along with the fact that some BOOTP servers require
|
||||||
|
a 64-byte vend field, to suggest that we always zero and send 64
|
||||||
|
bytes in the options field.
|
||||||
|
*/
|
||||||
|
if (client->bootp)
|
||||||
|
if (optoffset < 64 && optlen >= 64) {
|
||||||
|
memset(&discover->dhcp.options[optoffset], 0, optlen - optoffset);
|
||||||
|
optoffset = 64;
|
||||||
|
}
|
||||||
|
|
||||||
/* We currently ignore:
|
/* We currently ignore:
|
||||||
The client SHOULD wait a random time between one and ten seconds to
|
The client SHOULD wait a random time between one and ten seconds to
|
||||||
desynchronize the use of DHCP at startup.
|
desynchronize the use of DHCP at startup.
|
||||||
|
@ -1509,16 +1541,18 @@ static int client_parse_message(
|
||||||
}
|
}
|
||||||
|
|
||||||
r = dhcp_option_parse(message, len, dhcp_lease_parse_options, lease, &error_message);
|
r = dhcp_option_parse(message, len, dhcp_lease_parse_options, lease, &error_message);
|
||||||
if (r < 0)
|
if (r == -ENOMSG && client->bootp)
|
||||||
|
r = DHCP_ACK; /* BOOTP messages don't have a DHCP message type option */
|
||||||
|
else if (r < 0)
|
||||||
return log_dhcp_client_errno(client, r, "Failed to parse DHCP options, ignoring: %m");
|
return log_dhcp_client_errno(client, r, "Failed to parse DHCP options, ignoring: %m");
|
||||||
|
|
||||||
switch (client->state) {
|
switch (client->state) {
|
||||||
case DHCP_STATE_SELECTING:
|
case DHCP_STATE_SELECTING:
|
||||||
if (r == DHCP_ACK) {
|
if (r == DHCP_ACK) {
|
||||||
if (!client->rapid_commit)
|
if (!client->rapid_commit && !client->bootp)
|
||||||
return log_dhcp_client_errno(client, SYNTHETIC_ERRNO(ENOMSG),
|
return log_dhcp_client_errno(client, SYNTHETIC_ERRNO(ENOMSG),
|
||||||
"received unexpected ACK, ignoring.");
|
"received unexpected ACK, ignoring.");
|
||||||
if (!lease->rapid_commit)
|
if (!lease->rapid_commit && !client->bootp)
|
||||||
return log_dhcp_client_errno(client, SYNTHETIC_ERRNO(ENOMSG),
|
return log_dhcp_client_errno(client, SYNTHETIC_ERRNO(ENOMSG),
|
||||||
"received rapid ACK without Rapid Commit option, ignoring.");
|
"received rapid ACK without Rapid Commit option, ignoring.");
|
||||||
} else if (r == DHCP_OFFER) {
|
} else if (r == DHCP_OFFER) {
|
||||||
|
@ -1561,11 +1595,17 @@ static int client_parse_message(
|
||||||
lease->next_server = message->siaddr;
|
lease->next_server = message->siaddr;
|
||||||
lease->address = message->yiaddr;
|
lease->address = message->yiaddr;
|
||||||
|
|
||||||
|
if (client->bootp)
|
||||||
|
lease->lifetime = USEC_INFINITY;
|
||||||
|
|
||||||
|
if (lease->server_address == 0 && !client->bootp)
|
||||||
|
return log_dhcp_client_errno(client, SYNTHETIC_ERRNO(ENOMSG),
|
||||||
|
"received lease lacks server address, ignoring.");
|
||||||
|
|
||||||
if (lease->address == 0 ||
|
if (lease->address == 0 ||
|
||||||
lease->server_address == 0 ||
|
|
||||||
lease->lifetime == 0)
|
lease->lifetime == 0)
|
||||||
return log_dhcp_client_errno(client, SYNTHETIC_ERRNO(ENOMSG),
|
return log_dhcp_client_errno(client, SYNTHETIC_ERRNO(ENOMSG),
|
||||||
"received lease lacks address, server address or lease lifetime, ignoring.");
|
"received lease lacks address or lease lifetime, ignoring.");
|
||||||
|
|
||||||
r = dhcp_lease_set_default_subnet_mask(lease);
|
r = dhcp_lease_set_default_subnet_mask(lease);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
|
@ -1601,7 +1641,7 @@ static int client_handle_offer_or_rapid_ack(sd_dhcp_client *client, DHCPMessage
|
||||||
|
|
||||||
dhcp_lease_unref_and_replace(client->lease, lease);
|
dhcp_lease_unref_and_replace(client->lease, lease);
|
||||||
|
|
||||||
if (client->lease->rapid_commit) {
|
if (client->lease->rapid_commit || client->bootp) {
|
||||||
log_dhcp_client(client, "ACK");
|
log_dhcp_client(client, "ACK");
|
||||||
return SD_DHCP_CLIENT_EVENT_IP_ACQUIRE;
|
return SD_DHCP_CLIENT_EVENT_IP_ACQUIRE;
|
||||||
}
|
}
|
||||||
|
@ -2007,8 +2047,8 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, s
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return 0; /* invalid message, let's ignore it */
|
return 0; /* invalid message, let's ignore it */
|
||||||
|
|
||||||
if (client->lease->rapid_commit)
|
if (client->lease->rapid_commit || client->bootp)
|
||||||
/* got a successful rapid commit */
|
/* got a successful rapid commit or bootp reply */
|
||||||
return client_enter_bound(client, r);
|
return client_enter_bound(client, r);
|
||||||
|
|
||||||
return client_enter_requesting(client);
|
return client_enter_requesting(client);
|
||||||
|
@ -2225,7 +2265,7 @@ int sd_dhcp_client_send_release(sd_dhcp_client *client) {
|
||||||
size_t optoffset, optlen;
|
size_t optoffset, optlen;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if (!sd_dhcp_client_is_running(client) || !client->lease)
|
if (!sd_dhcp_client_is_running(client) || !client->lease || client->bootp)
|
||||||
return 0; /* do nothing */
|
return 0; /* do nothing */
|
||||||
|
|
||||||
r = client_message_init(client, &release, DHCP_RELEASE, &optlen, &optoffset);
|
r = client_message_init(client, &release, DHCP_RELEASE, &optlen, &optoffset);
|
||||||
|
|
|
@ -532,6 +532,145 @@ static void test_addr_acq(sd_event *e) {
|
||||||
xid = 0;
|
xid = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static uint8_t test_addr_bootp_reply[] = {
|
||||||
|
0x45, 0x00, 0x01, 0x48, 0x00, 0x00, 0x40, 0x00,
|
||||||
|
0xff, 0x11, 0x70, 0xa3, 0x0a, 0x00, 0x00, 0x02,
|
||||||
|
0xff, 0xff, 0xff, 0xff, 0x00, 0x43, 0x00, 0x44,
|
||||||
|
0x01, 0x2c, 0x2b, 0x91, 0x02, 0x01, 0x06, 0x00,
|
||||||
|
0x69, 0xd3, 0x79, 0x11, 0x17, 0x00, 0x80, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x0a, 0x46, 0x00, 0x02,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x50, 0x2d, 0xf4, 0x1f, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||||
|
0x63, 0x82, 0x53, 0x63, 0x01, 0x04, 0xff, 0x00,
|
||||||
|
0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||||
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||||
|
};
|
||||||
|
|
||||||
|
static int test_bootp_acquired(sd_dhcp_client *client, int event,
|
||||||
|
void *userdata) {
|
||||||
|
sd_event *e = userdata;
|
||||||
|
sd_dhcp_lease *lease;
|
||||||
|
struct in_addr addr;
|
||||||
|
|
||||||
|
assert_se(client);
|
||||||
|
assert_se(IN_SET(event, SD_DHCP_CLIENT_EVENT_IP_ACQUIRE, SD_DHCP_CLIENT_EVENT_SELECTING));
|
||||||
|
|
||||||
|
assert_se(sd_dhcp_client_get_lease(client, &lease) >= 0);
|
||||||
|
assert_se(lease);
|
||||||
|
|
||||||
|
assert_se(sd_dhcp_lease_get_address(lease, &addr) >= 0);
|
||||||
|
assert_se(memcmp(&addr.s_addr, &test_addr_bootp_reply[44],
|
||||||
|
sizeof(addr.s_addr)) == 0);
|
||||||
|
|
||||||
|
assert_se(sd_dhcp_lease_get_netmask(lease, &addr) >= 0);
|
||||||
|
assert_se(memcmp(&addr.s_addr, &test_addr_bootp_reply[270],
|
||||||
|
sizeof(addr.s_addr)) == 0);
|
||||||
|
|
||||||
|
if (verbose)
|
||||||
|
log_info(" BOOTP address acquired");
|
||||||
|
|
||||||
|
sd_event_exit(e, 0);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int test_bootp_recv_request(size_t size, DHCPMessage *request) {
|
||||||
|
uint16_t udp_check = 0;
|
||||||
|
int res;
|
||||||
|
|
||||||
|
xid = request->xid;
|
||||||
|
|
||||||
|
if (verbose)
|
||||||
|
log_info(" recv BOOTP Request 0x%08x", be32toh(xid));
|
||||||
|
|
||||||
|
callback_recv = NULL;
|
||||||
|
|
||||||
|
memcpy(&test_addr_bootp_reply[26], &udp_check, sizeof(udp_check));
|
||||||
|
memcpy(&test_addr_bootp_reply[32], &xid, sizeof(xid));
|
||||||
|
memcpy(&test_addr_bootp_reply[56], hw_addr.bytes, hw_addr.length);
|
||||||
|
|
||||||
|
res = write(test_fd[1], test_addr_bootp_reply,
|
||||||
|
sizeof(test_addr_bootp_reply));
|
||||||
|
assert_se(res == sizeof(test_addr_bootp_reply));
|
||||||
|
|
||||||
|
if (verbose)
|
||||||
|
log_info(" sent BOOTP Reply");
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
};
|
||||||
|
|
||||||
|
static void test_acquire_bootp(sd_event *e) {
|
||||||
|
sd_dhcp_client *client;
|
||||||
|
int res, r;
|
||||||
|
|
||||||
|
if (verbose)
|
||||||
|
log_info("* %s", __func__);
|
||||||
|
|
||||||
|
r = sd_dhcp_client_new(&client, false);
|
||||||
|
assert_se(r >= 0);
|
||||||
|
assert_se(client);
|
||||||
|
|
||||||
|
r = sd_dhcp_client_attach_event(client, e, 0);
|
||||||
|
assert_se(r >= 0);
|
||||||
|
|
||||||
|
r = sd_dhcp_client_set_bootp(client, true);
|
||||||
|
assert_se(r >= 0);
|
||||||
|
|
||||||
|
assert_se(sd_dhcp_client_set_ifindex(client, 42) >= 0);
|
||||||
|
assert_se(sd_dhcp_client_set_mac(client, hw_addr.bytes, bcast_addr.bytes, hw_addr.length, ARPHRD_ETHER) >= 0);
|
||||||
|
|
||||||
|
assert_se(sd_dhcp_client_set_callback(client, test_bootp_acquired, e) >= 0);
|
||||||
|
|
||||||
|
callback_recv = test_bootp_recv_request;
|
||||||
|
|
||||||
|
assert_se(sd_event_add_time_relative(e, NULL, CLOCK_BOOTTIME,
|
||||||
|
30 * USEC_PER_SEC, 0,
|
||||||
|
NULL, INT_TO_PTR(-ETIMEDOUT)) >= 0);
|
||||||
|
|
||||||
|
res = sd_dhcp_client_start(client);
|
||||||
|
assert_se(IN_SET(res, 0, -EINPROGRESS));
|
||||||
|
|
||||||
|
assert_se(sd_event_loop(e) >= 0);
|
||||||
|
|
||||||
|
assert_se(sd_dhcp_client_set_callback(client, NULL, NULL) >= 0);
|
||||||
|
assert_se(sd_dhcp_client_stop(client) >= 0);
|
||||||
|
sd_dhcp_client_unref(client);
|
||||||
|
|
||||||
|
test_fd[1] = safe_close(test_fd[1]);
|
||||||
|
|
||||||
|
callback_recv = NULL;
|
||||||
|
xid = 0;
|
||||||
|
}
|
||||||
|
|
||||||
int main(int argc, char *argv[]) {
|
int main(int argc, char *argv[]) {
|
||||||
_cleanup_(sd_event_unrefp) sd_event *e;
|
_cleanup_(sd_event_unrefp) sd_event *e;
|
||||||
|
|
||||||
|
@ -549,6 +688,10 @@ int main(int argc, char *argv[]) {
|
||||||
test_discover_message(e);
|
test_discover_message(e);
|
||||||
test_addr_acq(e);
|
test_addr_acq(e);
|
||||||
|
|
||||||
|
sd_event_unref(e);
|
||||||
|
assert_se(sd_event_new(&e) >= 0);
|
||||||
|
test_acquire_bootp(e);
|
||||||
|
|
||||||
#if HAVE_VALGRIND_VALGRIND_H
|
#if HAVE_VALGRIND_VALGRIND_H
|
||||||
/* Make sure the async_close thread has finished.
|
/* Make sure the async_close thread has finished.
|
||||||
* valgrind would report some of the phread_* structures
|
* valgrind would report some of the phread_* structures
|
||||||
|
|
|
@ -1477,6 +1477,10 @@ static int dhcp4_configure(Link *link) {
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_link_debug_errno(link, r, "DHCPv4 CLIENT: Failed to allocate DHCPv4 client: %m");
|
return log_link_debug_errno(link, r, "DHCPv4 CLIENT: Failed to allocate DHCPv4 client: %m");
|
||||||
|
|
||||||
|
r = sd_dhcp_client_set_bootp(link->dhcp_client, link->network->dhcp_send_bootp);
|
||||||
|
if (r < 0)
|
||||||
|
return log_link_debug_errno(link, r, "DHCPv4 CLIENT: Failed to set BOOTP flag: %m");
|
||||||
|
|
||||||
r = sd_dhcp_client_attach_event(link->dhcp_client, link->manager->event, 0);
|
r = sd_dhcp_client_attach_event(link->dhcp_client, link->manager->event, 0);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_link_debug_errno(link, r, "DHCPv4 CLIENT: Failed to attach event to DHCPv4 client: %m");
|
return log_link_debug_errno(link, r, "DHCPv4 CLIENT: Failed to attach event to DHCPv4 client: %m");
|
||||||
|
|
|
@ -244,6 +244,7 @@ DHCPv4.QuickAck, config_parse_bool,
|
||||||
DHCPv4.RequestOptions, config_parse_dhcp_request_options, AF_INET, 0
|
DHCPv4.RequestOptions, config_parse_dhcp_request_options, AF_INET, 0
|
||||||
DHCPv4.Anonymize, config_parse_bool, 0, offsetof(Network, dhcp_anonymize)
|
DHCPv4.Anonymize, config_parse_bool, 0, offsetof(Network, dhcp_anonymize)
|
||||||
DHCPv4.SendHostname, config_parse_dhcp_send_hostname, AF_INET, 0
|
DHCPv4.SendHostname, config_parse_dhcp_send_hostname, AF_INET, 0
|
||||||
|
DHCPv4.BOOTP, config_parse_bool, 0, offsetof(Network, dhcp_send_bootp)
|
||||||
DHCPv4.Hostname, config_parse_hostname, 0, offsetof(Network, dhcp_hostname)
|
DHCPv4.Hostname, config_parse_hostname, 0, offsetof(Network, dhcp_hostname)
|
||||||
DHCPv4.Label, config_parse_dhcp_label, 0, offsetof(Network, dhcp_label)
|
DHCPv4.Label, config_parse_dhcp_label, 0, offsetof(Network, dhcp_label)
|
||||||
DHCPv4.RequestBroadcast, config_parse_tristate, 0, offsetof(Network, dhcp_broadcast)
|
DHCPv4.RequestBroadcast, config_parse_tristate, 0, offsetof(Network, dhcp_broadcast)
|
||||||
|
|
|
@ -179,6 +179,7 @@ struct Network {
|
||||||
OrderedHashmap *dhcp_client_send_vendor_options;
|
OrderedHashmap *dhcp_client_send_vendor_options;
|
||||||
char *dhcp_netlabel;
|
char *dhcp_netlabel;
|
||||||
NFTSetContext dhcp_nft_set_context;
|
NFTSetContext dhcp_nft_set_context;
|
||||||
|
bool dhcp_send_bootp;
|
||||||
|
|
||||||
/* DHCPv6 Client support */
|
/* DHCPv6 Client support */
|
||||||
bool dhcp6_use_address;
|
bool dhcp6_use_address;
|
||||||
|
|
|
@ -392,7 +392,7 @@ int tpm2_make_pcr_json_array(uint32_t pcr_mask, sd_json_variant **ret);
|
||||||
int tpm2_parse_pcr_json_array(sd_json_variant *v, uint32_t *ret);
|
int tpm2_parse_pcr_json_array(sd_json_variant *v, uint32_t *ret);
|
||||||
|
|
||||||
int tpm2_make_luks2_json(int keyslot, uint32_t hash_pcr_mask, uint16_t pcr_bank, const struct iovec *pubkey, uint32_t pubkey_pcr_mask, uint16_t primary_alg, const struct iovec blobs[], size_t n_blobs, const struct iovec policy_hash[], size_t n_policy_hash, const struct iovec *salt, const struct iovec *srk, const struct iovec *pcrlock_nv, TPM2Flags flags, sd_json_variant **ret);
|
int tpm2_make_luks2_json(int keyslot, uint32_t hash_pcr_mask, uint16_t pcr_bank, const struct iovec *pubkey, uint32_t pubkey_pcr_mask, uint16_t primary_alg, const struct iovec blobs[], size_t n_blobs, const struct iovec policy_hash[], size_t n_policy_hash, const struct iovec *salt, const struct iovec *srk, const struct iovec *pcrlock_nv, TPM2Flags flags, sd_json_variant **ret);
|
||||||
int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *pcrlock_nv, TPM2Flags *ret_flags);
|
int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *ret_pcrlock_nv, TPM2Flags *ret_flags);
|
||||||
|
|
||||||
/* Default to PCR 7 only */
|
/* Default to PCR 7 only */
|
||||||
#define TPM2_PCR_INDEX_DEFAULT UINT32_C(7)
|
#define TPM2_PCR_INDEX_DEFAULT UINT32_C(7)
|
||||||
|
|
|
@ -147,6 +147,9 @@ int sd_dhcp_client_set_socket_priority(
|
||||||
int sd_dhcp_client_set_fallback_lease_lifetime(
|
int sd_dhcp_client_set_fallback_lease_lifetime(
|
||||||
sd_dhcp_client *client,
|
sd_dhcp_client *client,
|
||||||
uint64_t fallback_lease_lifetime);
|
uint64_t fallback_lease_lifetime);
|
||||||
|
int sd_dhcp_client_set_bootp(
|
||||||
|
sd_dhcp_client *client,
|
||||||
|
int bootp);
|
||||||
|
|
||||||
int sd_dhcp_client_add_option(sd_dhcp_client *client, sd_dhcp_option *v);
|
int sd_dhcp_client_add_option(sd_dhcp_client *client, sd_dhcp_option *v);
|
||||||
int sd_dhcp_client_add_vendor_option(sd_dhcp_client *client, sd_dhcp_option *v);
|
int sd_dhcp_client_add_vendor_option(sd_dhcp_client *client, sd_dhcp_option *v);
|
||||||
|
|
|
@ -23,6 +23,7 @@
|
||||||
#include "user-util.h"
|
#include "user-util.h"
|
||||||
#include "userdb.h"
|
#include "userdb.h"
|
||||||
#include "verbs.h"
|
#include "verbs.h"
|
||||||
|
#include "virt.h"
|
||||||
|
|
||||||
static enum {
|
static enum {
|
||||||
OUTPUT_CLASSIC,
|
OUTPUT_CLASSIC,
|
||||||
|
@ -139,10 +140,16 @@ static int show_user(UserRecord *ur, Table *table) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static bool test_show_mapped(void) {
|
||||||
|
/* Show mapped user range only in environments where user mapping is a thing. */
|
||||||
|
return running_in_userns() > 0;
|
||||||
|
}
|
||||||
|
|
||||||
static const struct {
|
static const struct {
|
||||||
uid_t first, last;
|
uid_t first, last;
|
||||||
const char *name;
|
const char *name;
|
||||||
UserDisposition disposition;
|
UserDisposition disposition;
|
||||||
|
bool (*test)(void);
|
||||||
} uid_range_table[] = {
|
} uid_range_table[] = {
|
||||||
{
|
{
|
||||||
.first = 1,
|
.first = 1,
|
||||||
|
@ -175,11 +182,12 @@ static const struct {
|
||||||
.last = MAP_UID_MAX,
|
.last = MAP_UID_MAX,
|
||||||
.name = "mapped",
|
.name = "mapped",
|
||||||
.disposition = USER_REGULAR,
|
.disposition = USER_REGULAR,
|
||||||
|
.test = test_show_mapped,
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
|
static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
|
||||||
int r;
|
int r, n_added = 0;
|
||||||
|
|
||||||
assert(table);
|
assert(table);
|
||||||
|
|
||||||
|
@ -192,6 +200,9 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
|
||||||
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
|
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
if (i->test && !i->test())
|
||||||
|
continue;
|
||||||
|
|
||||||
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
||||||
" begin ", i->name, " users ",
|
" begin ", i->name, " users ",
|
||||||
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
||||||
|
@ -249,9 +260,11 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
|
||||||
TABLE_INT, 1); /* sort after any other entry with the same UID */
|
TABLE_INT, 1); /* sort after any other entry with the same UID */
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return table_log_add_error(r);
|
return table_log_add_error(r);
|
||||||
|
|
||||||
|
n_added += 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
return ELEMENTSOF(uid_range_table) * 2;
|
return n_added;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int add_unavailable_uid(Table *table, uid_t start, uid_t end) {
|
static int add_unavailable_uid(Table *table, uid_t start, uid_t end) {
|
||||||
|
@ -565,16 +578,22 @@ static int show_group(GroupRecord *gr, Table *table) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
|
static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
|
||||||
int r;
|
int r, n_added = 0;
|
||||||
|
|
||||||
assert(table);
|
assert(table);
|
||||||
|
|
||||||
FOREACH_ELEMENT(i, uid_range_table) {
|
FOREACH_ELEMENT(i, uid_range_table) {
|
||||||
_cleanup_free_ char *name = NULL, *comment = NULL;
|
_cleanup_free_ char *name = NULL, *comment = NULL;
|
||||||
|
|
||||||
|
if (!FLAGS_SET(arg_disposition_mask, UINT64_C(1) << i->disposition))
|
||||||
|
continue;
|
||||||
|
|
||||||
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
|
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
if (i->test && !i->test())
|
||||||
|
continue;
|
||||||
|
|
||||||
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
||||||
" begin ", i->name, " groups ",
|
" begin ", i->name, " groups ",
|
||||||
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
||||||
|
@ -626,9 +645,11 @@ static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
|
||||||
TABLE_INT, 1); /* sort after any other entry with the same GID */
|
TABLE_INT, 1); /* sort after any other entry with the same GID */
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return table_log_add_error(r);
|
return table_log_add_error(r);
|
||||||
|
|
||||||
|
n_added += 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
return ELEMENTSOF(uid_range_table) * 2;
|
return n_added;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int add_unavailable_gid(Table *table, uid_t start, uid_t end) {
|
static int add_unavailable_gid(Table *table, uid_t start, uid_t end) {
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
{% if LINK_SHELL_EXTRA_DROPIN %}
|
{% if LINK_SHELL_EXTRA_DROPIN %}
|
||||||
L$ {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh
|
L$ {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
{% if LINK_SSH_PROXY_DROPIN %}
|
{% if LINK_SSH_PROXY_DROPIN %}
|
||||||
L$ {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf
|
L$ {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
# Copy systemd-stub provided metadata such as PCR signature and public key file
|
# Copy systemd-stub provided metadata such as PCR signature and public key file
|
||||||
# from initrd into /run/, so that it will survive the initrd stage
|
# from initrd into /run/, so that it will survive the initrd stage
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
{% if LINK_SSHD_USERDB_DROPIN %}
|
{% if LINK_SSHD_USERDB_DROPIN %}
|
||||||
L {{SSHDCONFDIR}}/20-systemd-userdb.conf - - - - {{LIBEXECDIR}}/sshd_config.d/20-systemd-userdb.conf
|
L {{SSHDCONFDIR}}/20-systemd-userdb.conf - - - - {{LIBEXECDIR}}/sshd_config.d/20-systemd-userdb.conf
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
d /etc/credstore 0700 root root
|
d /etc/credstore 0700 root root
|
||||||
d /etc/credstore.encrypted 0700 root root
|
d /etc/credstore.encrypted 0700 root root
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
L /etc/os-release - - - - ../usr/lib/os-release
|
L /etc/os-release - - - - ../usr/lib/os-release
|
||||||
L+ /etc/mtab - - - - ../proc/self/mounts
|
L+ /etc/mtab - - - - ../proc/self/mounts
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
Q /home 0755 - - -
|
Q /home 0755 - - -
|
||||||
q /srv 0755 - - -
|
q /srv 0755 - - -
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
# Set the NOCOW attribute for directories of journal files. This flag
|
# Set the NOCOW attribute for directories of journal files. This flag
|
||||||
# is inherited by their new files and sub-directories. Matters only
|
# is inherited by their new files and sub-directories. Matters only
|
||||||
|
|
|
@ -5,10 +5,11 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
# These files are considered legacy and are unnecessary on legacy-free
|
# The functionality provided by these files and directories has been replaced
|
||||||
# systems.
|
# by newer interfaces. Their use is discouraged on legacy-free systems. This
|
||||||
|
# configuration is provided to maintain backward compatibility.
|
||||||
|
|
||||||
d /run/lock 0755 root root -
|
d /run/lock 0755 root root -
|
||||||
L /var/lock - - - - ../run/lock
|
L /var/lock - - - - ../run/lock
|
||||||
|
@ -16,15 +17,15 @@ L /var/lock - - - - ../run/lock
|
||||||
L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
|
L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% if HAVE_SYSV_COMPAT %}
|
||||||
# /run/lock/subsys is used for serializing SysV service execution, and
|
# /run/lock/subsys is used for serializing SysV service execution, and
|
||||||
# hence without use on SysV-less systems.
|
# hence without use on SysV-less systems.
|
||||||
|
|
||||||
d /run/lock/subsys 0755 root root -
|
d /run/lock/subsys 0755 root root -
|
||||||
|
|
||||||
# /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the
|
# /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the
|
||||||
# kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and
|
# kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and
|
||||||
# 'quotacheck.mode=force'
|
# 'quotacheck.mode=force'
|
||||||
|
|
||||||
r! /forcefsck
|
r! /forcefsck
|
||||||
r! /fastboot
|
r! /fastboot
|
||||||
r! /forcequotacheck
|
r! /forcequotacheck
|
||||||
|
{% endif %}
|
||||||
|
|
|
@ -35,7 +35,7 @@ in_files = [
|
||||||
['20-systemd-stub.conf', 'ENABLE_EFI'],
|
['20-systemd-stub.conf', 'ENABLE_EFI'],
|
||||||
['20-systemd-userdb.conf', 'ENABLE_SSH_USERDB_CONFIG'],
|
['20-systemd-userdb.conf', 'ENABLE_SSH_USERDB_CONFIG'],
|
||||||
['etc.conf'],
|
['etc.conf'],
|
||||||
['legacy.conf', 'HAVE_SYSV_COMPAT'],
|
['legacy.conf'],
|
||||||
['static-nodes-permissions.conf'],
|
['static-nodes-permissions.conf'],
|
||||||
['systemd.conf'],
|
['systemd.conf'],
|
||||||
['var.conf'],
|
['var.conf'],
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
Q /var/lib/portables 0700
|
Q /var/lib/portables 0700
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
# Provision additional login messages from credentials, if they are set. Note
|
# Provision additional login messages from credentials, if they are set. Note
|
||||||
# that these lines are NOPs if the credentials are not set or if the files
|
# that these lines are NOPs if the credentials are not set or if the files
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
d$ /run/systemd/netif 0755 systemd-network systemd-network -
|
d$ /run/systemd/netif 0755 systemd-network systemd-network -
|
||||||
d$ /run/systemd/netif/links 0755 systemd-network systemd-network -
|
d$ /run/systemd/netif/links 0755 systemd-network systemd-network -
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
Q /var/lib/machines 0700 - - -
|
Q /var/lib/machines 0700 - - -
|
||||||
|
|
||||||
|
|
|
@ -5,6 +5,6 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf
|
L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
# Exclude namespace mountpoints created with PrivateTmp=yes
|
# Exclude namespace mountpoints created with PrivateTmp=yes
|
||||||
x /tmp/systemd-private-%b-*
|
x /tmp/systemd-private-%b-*
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
d /run/user 0755 root root -
|
d /run/user 0755 root root -
|
||||||
{% if ENABLE_UTMP %}
|
{% if ENABLE_UTMP %}
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
# Clear tmp directories separately, to make them easier to override
|
# Clear tmp directories separately, to make them easier to override
|
||||||
q /tmp 1777 root root 10d
|
q /tmp 1777 root root 10d
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
q /var 0755 - - -
|
q /var 0755 - - -
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details.
|
||||||
|
|
||||||
# Make sure these are created by default so that nobody else can
|
# Make sure these are created by default so that nobody else can
|
||||||
# or empty them at startup
|
# or empty them at startup
|
||||||
|
|
Loading…
Reference in New Issue