Compare commits

...

18 Commits

Author SHA1 Message Date
colin-foster-in-advantage 0224fcc7ce
Merge b5171f0f48 into d209e197f8 2024-11-22 07:40:25 -08:00
Lennart Poettering d209e197f8
userdbctl: two trivial fixlets (#35296)
Fixes: #35294
2024-11-22 16:06:01 +01:00
Antonio Alvarez Feijoo 9ed090230e tpm2-util: fix parameter name 2024-11-22 16:04:16 +01:00
Luca Boccassi 9bf6ffe166
man: split cryptenroll man page into sections (#35297) 2024-11-22 12:01:07 +00:00
Lennart Poettering 47c5ca237b userdbctl: respect selected disposition also when showing gid boundaries
Follow-up for: ad5de3222f
2024-11-22 11:28:30 +01:00
Lennart Poettering 7f8a4f12df userdbctl: fix counting
Fixes: #35294
2024-11-22 11:28:28 +01:00
Lennart Poettering e412fc5e04 userbdctl: show 'mapped' user range only inside of userns
Outside of userns the concept makes no sense, there cannot be users
mapped from further outside.
2024-11-22 11:28:17 +01:00
Lennart Poettering cc6baba720 cryptenroll: it's called PKCS#11, not PKCS11
In the --help text we really should use the official spelling, just like
in the man page.
2024-11-22 10:42:37 +01:00
Lennart Poettering 3ae48d071c man: add enrollment type sections to cryptenroll man page
We have the same sections in the --help text, hence we even more so
should have them in the man page.
2024-11-22 10:42:37 +01:00
Antonio Alvarez Feijoo 2ccacdd57c bash-completion: add --list-devices to systemd-cryptenroll
And also use it to list suitable block devices.
2024-11-22 10:38:19 +01:00
Yu Watanabe d99198819c core/service: service_add_fd_store() consumes passed fd
Without this change, the fd is closed twice on failure.

Fixes a bug introduced by dff9808a62.

Fixes #35288.
2024-11-22 04:15:51 +01:00
Tobias Zimmermann f70e5620b6 hwdb: Add quirk for Logitech MX Keys for Mac
The KEY_102ND and KEY_GRAVE keys are switched on the
Logitech MX Keys for Mac, so switch them back
2024-11-21 21:16:07 +01:00
Zbigniew Jędrzejewski-Szmek 3127c71bf4
Keep tmpfiles/legacy.conf even if SysVInit support is dropped (#35278) 2024-11-21 21:13:50 +01:00
Zbigniew Jędrzejewski-Szmek 2c06e40ae9 tmpfiles: add period at end of the sentence
The license that is immediately above is properly punctuated and it looks
sloppy when our line below isn't.
2024-11-21 18:35:18 +01:00
Zbigniew Jędrzejewski-Szmek 5ca9149464 tmpfiles: narrow scope of HAVE_SYSV_COMPAT condition for legacy.conf
That file contains a bunch of entries of which only some are related to SysV.
The rest are just "traditional APIs" that need to stay. In particular,
/var/lock a.k.a. /run/lock is used by many programs (LVM, iscsi, alsactl).
Similarly, the README about /var/log is something that should stay as long as
we have people migrating from older systems or using the copiuos documentation
that mentions /var/log/messages.txt on the Internet.

/var/lock/subsys is only used by sysvinit, and our code to support /forcefsck,
/fastboot, and /forcequotacheck is conditionalized on HAVE_SYSV_COMPAT, so
conditionalize those here on HAVE_SYSV_COMPAT too.
2024-11-21 18:32:46 +01:00
Colin Foster b5171f0f48 networkd: add ability to use BOOTP
Add the following network option to enable BOOTP:

[DHCPv4]
Bootp=yes

This will allow a two message request / reply sequence that doesn't
require DHCP message types.
2024-11-09 09:40:40 -06:00
Colin Foster b4e82f27c7 test-dhcp-client: add test for bootp clients
Verify that BOOTP replies are successfully handled by the sd-dhcp-client
when configured for BOOTP.
2024-11-09 09:40:40 -06:00
Colin Foster 857a9a6d74 sd-dhcp-client: add ability to support bootp
BOOTP can be used to sign a static IP to clients. Instead of using the
four message exchange, and Option 53 (DHCP Message Type) there is only a
two message exchange.

Add the support for this exchange.
2024-11-09 09:40:40 -06:00
36 changed files with 379 additions and 94 deletions

View File

@ -1438,6 +1438,11 @@ evdev:input:b0003v046DpC309*
KEYBOARD_KEY_c01b6=images # My Pictures (F11)
KEYBOARD_KEY_c01b7=audio # My Music (F12)
# Logitech MX Keys for Mac
evdev:input:b0003v046Dp4092*
KEYBOARD_KEY_70035=102nd # '<' key
KEYBOARD_KEY_70064=grave # '^' key
###########################################################
# Maxdata
###########################################################

View File

@ -265,32 +265,11 @@
</refsect1>
<refsect1>
<title>Options</title>
<title>Unlocking</title>
<para>The following options are understood:</para>
<para>The following options are understood that may be used to unlock the device in preparation of the enrollment operations:</para>
<variablelist>
<varlistentry>
<term><option>--password</option></term>
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
<command>cryptsetup luksAddKey</command>, however may be combined with
<option>--wipe-slot=</option> in one call, see below.</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--recovery-key</option></term>
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term>
@ -328,7 +307,45 @@
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Simple Enrollment</title>
<para>The following options are understood that may be used to enroll simple user input based
unlocking:</para>
<variablelist>
<varlistentry>
<term><option>--password</option></term>
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
<command>cryptsetup luksAddKey</command>, however may be combined with
<option>--wipe-slot=</option> in one call, see below.</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--recovery-key</option></term>
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>PKCS#11 Enrollment</title>
<para>The following option is understood that may be used to enroll PKCS#11 tokens:</para>
<variablelist>
<varlistentry>
<term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term>
@ -361,7 +378,15 @@
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>FIDO2 Enrollment</title>
<para>The following options are understood that may be used to enroll PKCS#11 tokens:</para>
<variablelist>
<varlistentry>
<term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
<listitem><para>Specify COSE algorithm used in credential generation. The default value is
@ -461,7 +486,15 @@
<xi:include href="version-info.xml" xpointer="v249"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>TPM2 Enrollment</title>
<para>The following options are understood that may be used to enroll TPM2 devices:</para>
<variablelist>
<varlistentry>
<term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term>
@ -636,7 +669,15 @@
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Other Options</title>
<para>The following additional options are understood:</para>
<variablelist>
<varlistentry>
<term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term>

View File

@ -2546,6 +2546,17 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>BOOTP=</varname></term>
<listitem>
<para>Takes a boolean. The DHCPv4 client can be configured to communicate with BOOP servers that
don't accept Option 53, DHCP Message Type. In this configuration, a BOOTP Request is sent without
any options by default. A BOOTP reply that contains Option 1: Subnet Mask is expected.</para>
<xi:include href="version-info.xml" xpointer="v257"/>
</listitem>
</varlistentry>
<!-- How to use the DHCP lease -->
<varlistentry>

View File

@ -38,19 +38,12 @@ __get_tpm2_devices() {
done
}
__get_block_devices() {
local i
for i in /dev/*; do
[ -b "$i" ] && printf '%s\n' "$i"
done
}
_systemd_cryptenroll() {
local comps
local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
local -A OPTS=(
[STANDALONE]='-h --help --version
--password --recovery-key'
--password --recovery-key --list-devices'
[ARG]='--unlock-key-file
--unlock-fido2-device
--unlock-tpm2-device
@ -116,7 +109,7 @@ _systemd_cryptenroll() {
return 0
fi
comps=$(__get_block_devices)
comps=$(systemd-cryptenroll --list-devices)
COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
return 0
}

View File

@ -3426,14 +3426,12 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
return 0;
}
r = service_add_fd_store(s, fd, fdn, do_poll);
r = service_add_fd_store(s, TAKE_FD(fd), fdn, do_poll);
if (r < 0) {
log_unit_debug_errno(u, r,
"Failed to store deserialized fd '%s', ignoring: %m", fdn);
return 0;
}
TAKE_FD(fd);
} else if (streq(key, "extra-fd")) {
_cleanup_free_ char *fdv = NULL, *fdn = NULL;
_cleanup_close_ int fd = -EBADF;

View File

@ -193,7 +193,7 @@ static int help(void) {
"\n%3$sSimple Enrollment:%4$s\n"
" --password Enroll a user-supplied password\n"
" --recovery-key Enroll a recovery key\n"
"\n%3$sPKCS11 Enrollment:%4$s\n"
"\n%3$sPKCS#11 Enrollment:%4$s\n"
" --pkcs11-token-uri=URI\n"
" Specify PKCS#11 security token URI\n"
"\n%3$sFIDO2 Enrollment:%4$s\n"

View File

@ -14,19 +14,13 @@
#define DHCP_CLIENT_MIN_OPTIONS_SIZE 312
int dhcp_message_init(
int bootp_message_init(
DHCPMessage *message,
uint8_t op,
uint32_t xid,
uint8_t type,
uint16_t arp_type,
uint8_t hlen,
const uint8_t *chaddr,
size_t optlen,
size_t *optoffset) {
size_t offset = 0;
int r;
const uint8_t *chaddr) {
assert(IN_SET(op, BOOTREQUEST, BOOTREPLY));
assert(chaddr || hlen == 0);
@ -51,6 +45,27 @@ int dhcp_message_init(
message->xid = htobe32(xid);
message->magic = htobe32(DHCP_MAGIC_COOKIE);
return 0;
}
int dhcp_message_init(
DHCPMessage *message,
uint8_t op,
uint32_t xid,
uint8_t type,
uint16_t arp_type,
uint8_t hlen,
const uint8_t *chaddr,
size_t optlen,
size_t *optoffset) {
size_t offset = 0;
int r;
r = bootp_message_init(message, op, xid, arp_type, hlen, chaddr);
if (r < 0)
return r;
r = dhcp_option_append(message, optlen, &offset, 0,
SD_DHCP_OPTION_MESSAGE_TYPE, 1, &type);
if (r < 0)

View File

@ -6,6 +6,14 @@
#include "dhcp-protocol.h"
int bootp_message_init(
DHCPMessage *message,
uint8_t op,
uint32_t xid,
uint16_t arp_type,
uint8_t hlen,
const uint8_t *chaddr);
int dhcp_message_init(
DHCPMessage *message,
uint8_t op,

View File

@ -105,6 +105,7 @@ struct sd_dhcp_client {
int socket_priority;
bool socket_priority_set;
bool ipv6_acquired;
bool bootp;
};
static const uint8_t default_req_opts[] = {
@ -656,6 +657,15 @@ int sd_dhcp_client_set_fallback_lease_lifetime(sd_dhcp_client *client, uint64_t
return 0;
}
int sd_dhcp_client_set_bootp(sd_dhcp_client *client, int bootp) {
assert_return(client, -EINVAL);
assert_return(!sd_dhcp_client_is_running(client), -EBUSY);
client->bootp = bootp;
return 0;
}
static void client_set_state(sd_dhcp_client *client, DHCPState state) {
assert(client);
@ -792,7 +802,11 @@ static int client_message_init(
packet = malloc0(size);
if (!packet)
return -ENOMEM;
if (client->bootp) {
optoffset = 0;
r = bootp_message_init(&packet->dhcp, BOOTREQUEST, client->xid, client->arp_type,
client->hw_addr.length, client->hw_addr.bytes);
} else
r = dhcp_message_init(&packet->dhcp, BOOTREQUEST, client->xid, type,
client->arp_type, client->hw_addr.length, client->hw_addr.bytes,
optlen, &optoffset);
@ -825,6 +839,7 @@ static int client_message_init(
if (client->request_broadcast || client->arp_type != ARPHRD_ETHER)
packet->dhcp.flags = htobe16(0x8000);
if (!client->bootp) {
/* Some DHCP servers will refuse to issue an DHCP lease if the Client
Identifier option is not set */
r = dhcp_option_append(&packet->dhcp, optlen, &optoffset, 0,
@ -833,6 +848,7 @@ static int client_message_init(
client->client_id.raw);
if (r < 0)
return r;
}
/* RFC2131 section 3.5:
in its initial DHCPDISCOVER or DHCPREQUEST message, a
@ -1061,6 +1077,22 @@ static int client_send_discover(sd_dhcp_client *client) {
if (r < 0)
return r;
/* RFC1542 section 3.5:
if the client has no information to communicate to the server,
the octet immediately following the magic cookie SHOULD be set
to the "End" tag (255) and the remaining octets of the 'vend'
field SHOULD be set to zero.
*/
/* Use this RFC, along with the fact that some BOOTP servers require
a 64-byte vend field, to suggest that we always zero and send 64
bytes in the options field.
*/
if (client->bootp)
if (optoffset < 64 && optlen >= 64) {
memset(&discover->dhcp.options[optoffset], 0, optlen - optoffset);
optoffset = 64;
}
/* We currently ignore:
The client SHOULD wait a random time between one and ten seconds to
desynchronize the use of DHCP at startup.
@ -1509,16 +1541,18 @@ static int client_parse_message(
}
r = dhcp_option_parse(message, len, dhcp_lease_parse_options, lease, &error_message);
if (r < 0)
if (r == -ENOMSG && client->bootp)
r = DHCP_ACK; /* BOOTP messages don't have a DHCP message type option */
else if (r < 0)
return log_dhcp_client_errno(client, r, "Failed to parse DHCP options, ignoring: %m");
switch (client->state) {
case DHCP_STATE_SELECTING:
if (r == DHCP_ACK) {
if (!client->rapid_commit)
if (!client->rapid_commit && !client->bootp)
return log_dhcp_client_errno(client, SYNTHETIC_ERRNO(ENOMSG),
"received unexpected ACK, ignoring.");
if (!lease->rapid_commit)
if (!lease->rapid_commit && !client->bootp)
return log_dhcp_client_errno(client, SYNTHETIC_ERRNO(ENOMSG),
"received rapid ACK without Rapid Commit option, ignoring.");
} else if (r == DHCP_OFFER) {
@ -1561,11 +1595,17 @@ static int client_parse_message(
lease->next_server = message->siaddr;
lease->address = message->yiaddr;
if (client->bootp)
lease->lifetime = USEC_INFINITY;
if (lease->server_address == 0 && !client->bootp)
return log_dhcp_client_errno(client, SYNTHETIC_ERRNO(ENOMSG),
"received lease lacks server address, ignoring.");
if (lease->address == 0 ||
lease->server_address == 0 ||
lease->lifetime == 0)
return log_dhcp_client_errno(client, SYNTHETIC_ERRNO(ENOMSG),
"received lease lacks address, server address or lease lifetime, ignoring.");
"received lease lacks address or lease lifetime, ignoring.");
r = dhcp_lease_set_default_subnet_mask(lease);
if (r < 0)
@ -1601,7 +1641,7 @@ static int client_handle_offer_or_rapid_ack(sd_dhcp_client *client, DHCPMessage
dhcp_lease_unref_and_replace(client->lease, lease);
if (client->lease->rapid_commit) {
if (client->lease->rapid_commit || client->bootp) {
log_dhcp_client(client, "ACK");
return SD_DHCP_CLIENT_EVENT_IP_ACQUIRE;
}
@ -2007,8 +2047,8 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, s
if (r < 0)
return 0; /* invalid message, let's ignore it */
if (client->lease->rapid_commit)
/* got a successful rapid commit */
if (client->lease->rapid_commit || client->bootp)
/* got a successful rapid commit or bootp reply */
return client_enter_bound(client, r);
return client_enter_requesting(client);
@ -2225,7 +2265,7 @@ int sd_dhcp_client_send_release(sd_dhcp_client *client) {
size_t optoffset, optlen;
int r;
if (!sd_dhcp_client_is_running(client) || !client->lease)
if (!sd_dhcp_client_is_running(client) || !client->lease || client->bootp)
return 0; /* do nothing */
r = client_message_init(client, &release, DHCP_RELEASE, &optlen, &optoffset);

View File

@ -532,6 +532,145 @@ static void test_addr_acq(sd_event *e) {
xid = 0;
}
static uint8_t test_addr_bootp_reply[] = {
0x45, 0x00, 0x01, 0x48, 0x00, 0x00, 0x40, 0x00,
0xff, 0x11, 0x70, 0xa3, 0x0a, 0x00, 0x00, 0x02,
0xff, 0xff, 0xff, 0xff, 0x00, 0x43, 0x00, 0x44,
0x01, 0x2c, 0x2b, 0x91, 0x02, 0x01, 0x06, 0x00,
0x69, 0xd3, 0x79, 0x11, 0x17, 0x00, 0x80, 0x00,
0x00, 0x00, 0x00, 0x00, 0x0a, 0x46, 0x00, 0x02,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x50, 0x2d, 0xf4, 0x1f, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x63, 0x82, 0x53, 0x63, 0x01, 0x04, 0xff, 0x00,
0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
};
static int test_bootp_acquired(sd_dhcp_client *client, int event,
void *userdata) {
sd_event *e = userdata;
sd_dhcp_lease *lease;
struct in_addr addr;
assert_se(client);
assert_se(IN_SET(event, SD_DHCP_CLIENT_EVENT_IP_ACQUIRE, SD_DHCP_CLIENT_EVENT_SELECTING));
assert_se(sd_dhcp_client_get_lease(client, &lease) >= 0);
assert_se(lease);
assert_se(sd_dhcp_lease_get_address(lease, &addr) >= 0);
assert_se(memcmp(&addr.s_addr, &test_addr_bootp_reply[44],
sizeof(addr.s_addr)) == 0);
assert_se(sd_dhcp_lease_get_netmask(lease, &addr) >= 0);
assert_se(memcmp(&addr.s_addr, &test_addr_bootp_reply[270],
sizeof(addr.s_addr)) == 0);
if (verbose)
log_info(" BOOTP address acquired");
sd_event_exit(e, 0);
return 0;
}
static int test_bootp_recv_request(size_t size, DHCPMessage *request) {
uint16_t udp_check = 0;
int res;
xid = request->xid;
if (verbose)
log_info(" recv BOOTP Request 0x%08x", be32toh(xid));
callback_recv = NULL;
memcpy(&test_addr_bootp_reply[26], &udp_check, sizeof(udp_check));
memcpy(&test_addr_bootp_reply[32], &xid, sizeof(xid));
memcpy(&test_addr_bootp_reply[56], hw_addr.bytes, hw_addr.length);
res = write(test_fd[1], test_addr_bootp_reply,
sizeof(test_addr_bootp_reply));
assert_se(res == sizeof(test_addr_bootp_reply));
if (verbose)
log_info(" sent BOOTP Reply");
return 0;
};
static void test_acquire_bootp(sd_event *e) {
sd_dhcp_client *client;
int res, r;
if (verbose)
log_info("* %s", __func__);
r = sd_dhcp_client_new(&client, false);
assert_se(r >= 0);
assert_se(client);
r = sd_dhcp_client_attach_event(client, e, 0);
assert_se(r >= 0);
r = sd_dhcp_client_set_bootp(client, true);
assert_se(r >= 0);
assert_se(sd_dhcp_client_set_ifindex(client, 42) >= 0);
assert_se(sd_dhcp_client_set_mac(client, hw_addr.bytes, bcast_addr.bytes, hw_addr.length, ARPHRD_ETHER) >= 0);
assert_se(sd_dhcp_client_set_callback(client, test_bootp_acquired, e) >= 0);
callback_recv = test_bootp_recv_request;
assert_se(sd_event_add_time_relative(e, NULL, CLOCK_BOOTTIME,
30 * USEC_PER_SEC, 0,
NULL, INT_TO_PTR(-ETIMEDOUT)) >= 0);
res = sd_dhcp_client_start(client);
assert_se(IN_SET(res, 0, -EINPROGRESS));
assert_se(sd_event_loop(e) >= 0);
assert_se(sd_dhcp_client_set_callback(client, NULL, NULL) >= 0);
assert_se(sd_dhcp_client_stop(client) >= 0);
sd_dhcp_client_unref(client);
test_fd[1] = safe_close(test_fd[1]);
callback_recv = NULL;
xid = 0;
}
int main(int argc, char *argv[]) {
_cleanup_(sd_event_unrefp) sd_event *e;
@ -549,6 +688,10 @@ int main(int argc, char *argv[]) {
test_discover_message(e);
test_addr_acq(e);
sd_event_unref(e);
assert_se(sd_event_new(&e) >= 0);
test_acquire_bootp(e);
#if HAVE_VALGRIND_VALGRIND_H
/* Make sure the async_close thread has finished.
* valgrind would report some of the phread_* structures

View File

@ -1477,6 +1477,10 @@ static int dhcp4_configure(Link *link) {
if (r < 0)
return log_link_debug_errno(link, r, "DHCPv4 CLIENT: Failed to allocate DHCPv4 client: %m");
r = sd_dhcp_client_set_bootp(link->dhcp_client, link->network->dhcp_send_bootp);
if (r < 0)
return log_link_debug_errno(link, r, "DHCPv4 CLIENT: Failed to set BOOTP flag: %m");
r = sd_dhcp_client_attach_event(link->dhcp_client, link->manager->event, 0);
if (r < 0)
return log_link_debug_errno(link, r, "DHCPv4 CLIENT: Failed to attach event to DHCPv4 client: %m");

View File

@ -244,6 +244,7 @@ DHCPv4.QuickAck, config_parse_bool,
DHCPv4.RequestOptions, config_parse_dhcp_request_options, AF_INET, 0
DHCPv4.Anonymize, config_parse_bool, 0, offsetof(Network, dhcp_anonymize)
DHCPv4.SendHostname, config_parse_dhcp_send_hostname, AF_INET, 0
DHCPv4.BOOTP, config_parse_bool, 0, offsetof(Network, dhcp_send_bootp)
DHCPv4.Hostname, config_parse_hostname, 0, offsetof(Network, dhcp_hostname)
DHCPv4.Label, config_parse_dhcp_label, 0, offsetof(Network, dhcp_label)
DHCPv4.RequestBroadcast, config_parse_tristate, 0, offsetof(Network, dhcp_broadcast)

View File

@ -179,6 +179,7 @@ struct Network {
OrderedHashmap *dhcp_client_send_vendor_options;
char *dhcp_netlabel;
NFTSetContext dhcp_nft_set_context;
bool dhcp_send_bootp;
/* DHCPv6 Client support */
bool dhcp6_use_address;

View File

@ -392,7 +392,7 @@ int tpm2_make_pcr_json_array(uint32_t pcr_mask, sd_json_variant **ret);
int tpm2_parse_pcr_json_array(sd_json_variant *v, uint32_t *ret);
int tpm2_make_luks2_json(int keyslot, uint32_t hash_pcr_mask, uint16_t pcr_bank, const struct iovec *pubkey, uint32_t pubkey_pcr_mask, uint16_t primary_alg, const struct iovec blobs[], size_t n_blobs, const struct iovec policy_hash[], size_t n_policy_hash, const struct iovec *salt, const struct iovec *srk, const struct iovec *pcrlock_nv, TPM2Flags flags, sd_json_variant **ret);
int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *pcrlock_nv, TPM2Flags *ret_flags);
int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *ret_pcrlock_nv, TPM2Flags *ret_flags);
/* Default to PCR 7 only */
#define TPM2_PCR_INDEX_DEFAULT UINT32_C(7)

View File

@ -147,6 +147,9 @@ int sd_dhcp_client_set_socket_priority(
int sd_dhcp_client_set_fallback_lease_lifetime(
sd_dhcp_client *client,
uint64_t fallback_lease_lifetime);
int sd_dhcp_client_set_bootp(
sd_dhcp_client *client,
int bootp);
int sd_dhcp_client_add_option(sd_dhcp_client *client, sd_dhcp_option *v);
int sd_dhcp_client_add_vendor_option(sd_dhcp_client *client, sd_dhcp_option *v);

View File

@ -23,6 +23,7 @@
#include "user-util.h"
#include "userdb.h"
#include "verbs.h"
#include "virt.h"
static enum {
OUTPUT_CLASSIC,
@ -139,10 +140,16 @@ static int show_user(UserRecord *ur, Table *table) {
return 0;
}
static bool test_show_mapped(void) {
/* Show mapped user range only in environments where user mapping is a thing. */
return running_in_userns() > 0;
}
static const struct {
uid_t first, last;
const char *name;
UserDisposition disposition;
bool (*test)(void);
} uid_range_table[] = {
{
.first = 1,
@ -175,11 +182,12 @@ static const struct {
.last = MAP_UID_MAX,
.name = "mapped",
.disposition = USER_REGULAR,
.test = test_show_mapped,
},
};
static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
int r;
int r, n_added = 0;
assert(table);
@ -192,6 +200,9 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
continue;
if (i->test && !i->test())
continue;
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
" begin ", i->name, " users ",
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
@ -249,9 +260,11 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
TABLE_INT, 1); /* sort after any other entry with the same UID */
if (r < 0)
return table_log_add_error(r);
n_added += 2;
}
return ELEMENTSOF(uid_range_table) * 2;
return n_added;
}
static int add_unavailable_uid(Table *table, uid_t start, uid_t end) {
@ -565,16 +578,22 @@ static int show_group(GroupRecord *gr, Table *table) {
}
static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
int r;
int r, n_added = 0;
assert(table);
FOREACH_ELEMENT(i, uid_range_table) {
_cleanup_free_ char *name = NULL, *comment = NULL;
if (!FLAGS_SET(arg_disposition_mask, UINT64_C(1) << i->disposition))
continue;
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
continue;
if (i->test && !i->test())
continue;
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
" begin ", i->name, " groups ",
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
@ -626,9 +645,11 @@ static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
TABLE_INT, 1); /* sort after any other entry with the same GID */
if (r < 0)
return table_log_add_error(r);
n_added += 2;
}
return ELEMENTSOF(uid_range_table) * 2;
return n_added;
}
static int add_unavailable_gid(Table *table, uid_t start, uid_t end) {

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
{% if LINK_SHELL_EXTRA_DROPIN %}
L$ {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
{% if LINK_SSH_PROXY_DROPIN %}
L$ {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
# Copy systemd-stub provided metadata such as PCR signature and public key file
# from initrd into /run/, so that it will survive the initrd stage

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
{% if LINK_SSHD_USERDB_DROPIN %}
L {{SSHDCONFDIR}}/20-systemd-userdb.conf - - - - {{LIBEXECDIR}}/sshd_config.d/20-systemd-userdb.conf

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
d /etc/credstore 0700 root root
d /etc/credstore.encrypted 0700 root root

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
L /etc/os-release - - - - ../usr/lib/os-release
L+ /etc/mtab - - - - ../proc/self/mounts

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
Q /home 0755 - - -
q /srv 0755 - - -

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
# Set the NOCOW attribute for directories of journal files. This flag
# is inherited by their new files and sub-directories. Matters only

View File

@ -5,10 +5,11 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
# These files are considered legacy and are unnecessary on legacy-free
# systems.
# The functionality provided by these files and directories has been replaced
# by newer interfaces. Their use is discouraged on legacy-free systems. This
# configuration is provided to maintain backward compatibility.
d /run/lock 0755 root root -
L /var/lock - - - - ../run/lock
@ -16,15 +17,15 @@ L /var/lock - - - - ../run/lock
L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
{% endif %}
{% if HAVE_SYSV_COMPAT %}
# /run/lock/subsys is used for serializing SysV service execution, and
# hence without use on SysV-less systems.
d /run/lock/subsys 0755 root root -
# /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the
# kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and
# 'quotacheck.mode=force'
r! /forcefsck
r! /fastboot
r! /forcequotacheck
{% endif %}

View File

@ -35,7 +35,7 @@ in_files = [
['20-systemd-stub.conf', 'ENABLE_EFI'],
['20-systemd-userdb.conf', 'ENABLE_SSH_USERDB_CONFIG'],
['etc.conf'],
['legacy.conf', 'HAVE_SYSV_COMPAT'],
['legacy.conf'],
['static-nodes-permissions.conf'],
['systemd.conf'],
['var.conf'],

View File

@ -1,4 +1,4 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
Q /var/lib/portables 0700

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
# Provision additional login messages from credentials, if they are set. Note
# that these lines are NOPs if the credentials are not set or if the files

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
d$ /run/systemd/netif 0755 systemd-network systemd-network -
d$ /run/systemd/netif/links 0755 systemd-network systemd-network -

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
Q /var/lib/machines 0700 - - -

View File

@ -5,6 +5,6 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
# Exclude namespace mountpoints created with PrivateTmp=yes
x /tmp/systemd-private-%b-*

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
d /run/user 0755 root root -
{% if ENABLE_UTMP %}

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
# Clear tmp directories separately, to make them easier to override
q /tmp 1777 root root 10d

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
q /var 0755 - - -

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
# Make sure these are created by default so that nobody else can
# or empty them at startup