Compare commits
7 Commits
51692fab56
...
9667e10b1a
Author | SHA1 | Date |
---|---|---|
Zbigniew Jędrzejewski-Szmek | 9667e10b1a | |
Lennart Poettering | ac6431dad9 | |
Topi Miettinen | 7a670b1dd9 | |
Yu Watanabe | e7bdadb5c6 | |
Yu Watanabe | f7581ed6e0 | |
Yu Watanabe | 4d016e965b | |
Yu Watanabe | b04c5e51da |
|
@ -271,6 +271,7 @@ manpages = [
|
|||
['sd_bus_message_read_array', '3', [], ''],
|
||||
['sd_bus_message_read_basic', '3', [], ''],
|
||||
['sd_bus_message_rewind', '3', [], ''],
|
||||
['sd_bus_message_sensitive', '3', [], ''],
|
||||
['sd_bus_message_set_destination',
|
||||
'3',
|
||||
['sd_bus_message_get_destination',
|
||||
|
|
|
@ -0,0 +1,85 @@
|
|||
<?xml version='1.0'?> <!--*-nxml-*-->
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
||||
<!-- SPDX-License-Identifier: LGPL-2.1+ -->
|
||||
|
||||
<refentry id="sd_bus_message_sensitive" xmlns:xi="http://www.w3.org/2001/XInclude">
|
||||
|
||||
<refentryinfo>
|
||||
<title>sd_bus_message_sensitive</title>
|
||||
<productname>systemd</productname>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>sd_bus_message_sensitive</refentrytitle>
|
||||
<manvolnum>3</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>sd_bus_message_sensitive</refname>
|
||||
|
||||
<refpurpose>Mark a message object as containing sensitive data</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<funcsynopsis>
|
||||
<funcsynopsisinfo>#include <systemd/sd-bus.h></funcsynopsisinfo>
|
||||
|
||||
<funcprototype>
|
||||
<funcdef>int <function>sd_bus_message_sensitive</function></funcdef>
|
||||
<paramdef>sd_bus_message *<parameter>message</parameter></paramdef>
|
||||
</funcprototype>
|
||||
</funcsynopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>Description</title>
|
||||
|
||||
<para><function>sd_bus_message_sensitive()</function> marks an allocated bus message as containing
|
||||
sensitive data. This ensures that the message data is carefully removed from memory (specifically,
|
||||
overwritten with zero bytes) when released. It is recommended to mark all incoming and outgoing messages
|
||||
like this that contain security credentials and similar data that should be dealt with carefully. Note
|
||||
that it is not possible to unmark messages like this, it's a one way operation. If a message is already
|
||||
marked sensitive and then marked sensitive a second time the message remains marked so and no further
|
||||
operation is executed.</para>
|
||||
|
||||
<para>As a safety precaution all messages that are created as reply to messages that are marked sensitive
|
||||
are also implicitly marked so.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>Return Value</title>
|
||||
|
||||
<para>On success, theis functions return 0 or a positive integer. On failure, it returns a
|
||||
negative errno-style error code.</para>
|
||||
|
||||
<refsect2>
|
||||
<title>Errors</title>
|
||||
|
||||
<para>Returned errors may indicate the following problems:</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><constant>-EINVAL</constant></term>
|
||||
|
||||
<listitem><para>The <parameter>message</parameter> parameter is
|
||||
<constant>NULL</constant>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
</refsect2>
|
||||
</refsect1>
|
||||
|
||||
<xi:include href="libsystemd-pkgconfig.xml" />
|
||||
|
||||
<refsect1>
|
||||
<title>See Also</title>
|
||||
|
||||
<para>
|
||||
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>sd_bus_message_new_method_call</refentrytitle><manvolnum>3</manvolnum></citerefentry>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
|
@ -593,6 +593,7 @@ static const NLType rtnl_link_types[] = {
|
|||
[IFLA_MIN_MTU] = { .type = NETLINK_TYPE_U32 },
|
||||
[IFLA_MAX_MTU] = { .type = NETLINK_TYPE_U32 },
|
||||
[IFLA_PROP_LIST] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_prop_list_type_system },
|
||||
[IFLA_ALT_IFNAME] = { .type = NETLINK_TYPE_STRING, .size = ALTIFNAMSIZ - 1 },
|
||||
};
|
||||
|
||||
static const NLTypeSystem rtnl_link_type_system = {
|
||||
|
|
|
@ -123,6 +123,35 @@ int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const
|
|||
return 0;
|
||||
}
|
||||
|
||||
int rtnl_resolve_link_alternative_name(sd_netlink **rtnl, const char *name, int *ret) {
|
||||
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL, *reply = NULL;
|
||||
int r;
|
||||
|
||||
assert(rtnl);
|
||||
assert(name);
|
||||
assert(ret);
|
||||
|
||||
if (!*rtnl) {
|
||||
r = sd_netlink_open(rtnl);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
r = sd_rtnl_message_new_link(*rtnl, &message, RTM_GETLINK, 0);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = sd_netlink_message_append_string(message, IFLA_ALT_IFNAME, name);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = sd_netlink_call(*rtnl, message, 0, &reply);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
return sd_rtnl_message_link_get_ifindex(reply, ret);
|
||||
}
|
||||
|
||||
int rtnl_message_new_synthetic_error(sd_netlink *rtnl, int error, uint32_t serial, sd_netlink_message **ret) {
|
||||
struct nlmsgerr *err;
|
||||
int r;
|
||||
|
|
|
@ -50,6 +50,7 @@ static inline bool rtnl_message_type_is_qdisc(uint16_t type) {
|
|||
int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name);
|
||||
int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias, const struct ether_addr *mac, uint32_t mtu);
|
||||
int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names);
|
||||
int rtnl_resolve_link_alternative_name(sd_netlink **rtnl, const char *name, int *ret);
|
||||
|
||||
int rtnl_log_parse_error(int r);
|
||||
int rtnl_log_create_error(int r);
|
||||
|
|
|
@ -261,6 +261,7 @@ static int decode_netdev(sd_netlink_message *m, LinkInfo *info) {
|
|||
}
|
||||
|
||||
static int decode_link(sd_netlink_message *m, LinkInfo *info, char **patterns) {
|
||||
_cleanup_strv_free_ char **altnames = NULL;
|
||||
const char *name;
|
||||
int ifindex, r;
|
||||
uint16_t type;
|
||||
|
@ -283,13 +284,26 @@ static int decode_link(sd_netlink_message *m, LinkInfo *info, char **patterns) {
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = sd_netlink_message_read_strv(m, IFLA_PROP_LIST, IFLA_ALT_IFNAME, &altnames);
|
||||
if (r < 0 && !IN_SET(r, -EOPNOTSUPP, -ENODATA))
|
||||
return r;
|
||||
|
||||
if (patterns) {
|
||||
char str[DECIMAL_STR_MAX(int)];
|
||||
|
||||
xsprintf(str, "%i", ifindex);
|
||||
if (!strv_fnmatch(patterns, str, 0) && !strv_fnmatch(patterns, name, 0)) {
|
||||
bool match = false;
|
||||
char **p;
|
||||
|
||||
if (!strv_fnmatch(patterns, str, 0) && !strv_fnmatch(patterns, name, 0))
|
||||
return 0;
|
||||
STRV_FOREACH(p, altnames)
|
||||
if (strv_fnmatch(patterns, *p, 0)) {
|
||||
match = true;
|
||||
break;
|
||||
}
|
||||
if (!match)
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
r = sd_rtnl_message_link_get_type(m, &info->iftype);
|
||||
|
@ -298,6 +312,7 @@ static int decode_link(sd_netlink_message *m, LinkInfo *info, char **patterns) {
|
|||
|
||||
strscpy(info->name, sizeof info->name, name);
|
||||
info->ifindex = ifindex;
|
||||
info->alternative_names = TAKE_PTR(altnames);
|
||||
|
||||
info->has_mac_address =
|
||||
sd_netlink_message_read_ether_addr(m, IFLA_ADDRESS, &info->mac_address) >= 0 &&
|
||||
|
@ -306,7 +321,6 @@ static int decode_link(sd_netlink_message *m, LinkInfo *info, char **patterns) {
|
|||
(void) sd_netlink_message_read_u32(m, IFLA_MTU, &info->mtu);
|
||||
(void) sd_netlink_message_read_u32(m, IFLA_MIN_MTU, &info->min_mtu);
|
||||
(void) sd_netlink_message_read_u32(m, IFLA_MAX_MTU, &info->max_mtu);
|
||||
(void) sd_netlink_message_read_strv(m, IFLA_PROP_LIST, IFLA_ALT_IFNAME, &info->alternative_names);
|
||||
|
||||
info->has_rx_queues =
|
||||
sd_netlink_message_read_u32(m, IFLA_NUM_RX_QUEUES, &info->rx_queues) >= 0 &&
|
||||
|
@ -1764,8 +1778,11 @@ static int link_delete(int argc, char *argv[], void *userdata) {
|
|||
|
||||
for (i = 1; i < argc; i++) {
|
||||
r = parse_ifindex_or_ifname(argv[i], &index);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to resolve interface %s", argv[i]);
|
||||
if (r < 0) {
|
||||
r = rtnl_resolve_link_alternative_name(&rtnl, argv[i], &index);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to resolve interface %s", argv[i]);
|
||||
}
|
||||
|
||||
r = set_put(indexes, INT_TO_PTR(index));
|
||||
if (r < 0)
|
||||
|
@ -1808,6 +1825,7 @@ static int link_renew_one(sd_bus *bus, int index, const char *name) {
|
|||
|
||||
static int link_renew(int argc, char *argv[], void *userdata) {
|
||||
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
|
||||
_cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
|
||||
int index, i, k = 0, r;
|
||||
|
||||
r = sd_bus_open_system(&bus);
|
||||
|
@ -1816,8 +1834,11 @@ static int link_renew(int argc, char *argv[], void *userdata) {
|
|||
|
||||
for (i = 1; i < argc; i++) {
|
||||
r = parse_ifindex_or_ifname(argv[i], &index);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to resolve interface %s", argv[i]);
|
||||
if (r < 0) {
|
||||
r = rtnl_resolve_link_alternative_name(&rtnl, argv[i], &index);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to resolve interface %s", argv[i]);
|
||||
}
|
||||
|
||||
r = link_renew_one(bus, index, argv[i]);
|
||||
if (r < 0 && k >= 0)
|
||||
|
@ -1852,6 +1873,7 @@ static int verb_reload(int argc, char *argv[], void *userdata) {
|
|||
static int verb_reconfigure(int argc, char *argv[], void *userdata) {
|
||||
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
||||
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
|
||||
_cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
|
||||
_cleanup_set_free_ Set *indexes = NULL;
|
||||
int index, i, r;
|
||||
Iterator j;
|
||||
|
@ -1867,8 +1889,11 @@ static int verb_reconfigure(int argc, char *argv[], void *userdata) {
|
|||
|
||||
for (i = 1; i < argc; i++) {
|
||||
r = parse_ifindex_or_ifname(argv[i], &index);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to resolve interface %s", argv[i]);
|
||||
if (r < 0) {
|
||||
r = rtnl_resolve_link_alternative_name(&rtnl, argv[i], &index);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to resolve interface %s", argv[i]);
|
||||
}
|
||||
|
||||
r = set_put(indexes, INT_TO_PTR(index));
|
||||
if (r < 0)
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
#include "alloc-util.h"
|
||||
#include "bus-common-errors.h"
|
||||
#include "bus-util.h"
|
||||
#include "netlink-util.h"
|
||||
#include "networkd-link-bus.h"
|
||||
#include "networkd-link.h"
|
||||
#include "networkd-manager-bus.h"
|
||||
|
@ -66,8 +67,11 @@ static int method_get_link_by_name(sd_bus_message *message, void *userdata, sd_b
|
|||
return r;
|
||||
|
||||
index = if_nametoindex(name);
|
||||
if (index <= 0)
|
||||
return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_LINK, "Link %s not known", name);
|
||||
if (index <= 0) {
|
||||
r = rtnl_resolve_link_alternative_name(&manager->rtnl, name, &index);
|
||||
if (r < 0)
|
||||
return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_LINK, "Link %s not known", name);
|
||||
}
|
||||
|
||||
link = hashmap_get(manager->links, INT_TO_PTR(index));
|
||||
if (!link)
|
||||
|
|
|
@ -230,7 +230,6 @@ int unit_file_find_dropin_paths(
|
|||
char ***ret) {
|
||||
|
||||
_cleanup_strv_free_ char **dirs = NULL;
|
||||
UnitType type = _UNIT_TYPE_INVALID;
|
||||
char *name, **p;
|
||||
Iterator i;
|
||||
int r;
|
||||
|
@ -240,22 +239,24 @@ int unit_file_find_dropin_paths(
|
|||
/* All the names in the unit are of the same type so just grab one. */
|
||||
name = (char*) set_first(names);
|
||||
if (name) {
|
||||
UnitType type = _UNIT_TYPE_INVALID;
|
||||
|
||||
type = unit_name_to_type(name);
|
||||
if (type < 0)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
"Failed to to derive unit type from unit name: %s",
|
||||
name);
|
||||
}
|
||||
|
||||
/* Special top level drop in for "<unit type>.<suffix>". Add this first as it's the most generic
|
||||
* and should be able to be overridden by more specific drop-ins. */
|
||||
STRV_FOREACH(p, lookup_path)
|
||||
(void) unit_file_find_dirs(original_root,
|
||||
unit_path_cache,
|
||||
*p,
|
||||
unit_type_to_string(type),
|
||||
dir_suffix,
|
||||
&dirs);
|
||||
/* Special top level drop in for "<unit type>.<suffix>". Add this first as it's the most generic
|
||||
* and should be able to be overridden by more specific drop-ins. */
|
||||
STRV_FOREACH(p, lookup_path)
|
||||
(void) unit_file_find_dirs(original_root,
|
||||
unit_path_cache,
|
||||
*p,
|
||||
unit_type_to_string(type),
|
||||
dir_suffix,
|
||||
&dirs);
|
||||
}
|
||||
|
||||
SET_FOREACH(name, names, i)
|
||||
STRV_FOREACH(p, lookup_path)
|
||||
|
|
|
@ -503,6 +503,7 @@ int link_config_apply(link_config_ctx *ctx, link_config *config,
|
|||
strv_remove(altnames, new_name);
|
||||
strv_remove(altnames, old_name);
|
||||
strv_uniq(altnames);
|
||||
strv_sort(altnames);
|
||||
|
||||
r = rtnl_set_link_alternative_names(&ctx->rtnl, ifindex, altnames);
|
||||
if (r == -EOPNOTSUPP)
|
||||
|
|
|
@ -419,9 +419,23 @@ EOF
|
|||
clear_services a b
|
||||
}
|
||||
|
||||
test_invalid_dropins () {
|
||||
echo "Testing invalid dropins..."
|
||||
# Assertion failed on earlier versions, command exits unsuccessfully on later versions
|
||||
systemctl cat nonexistent@.service || true
|
||||
create_services a
|
||||
systemctl daemon-reload
|
||||
# Assertion failed on earlier versions, command exits unsuccessfully on later versions
|
||||
systemctl cat a@.service || true
|
||||
systemctl stop a
|
||||
clear_services a
|
||||
return 0
|
||||
}
|
||||
|
||||
test_basic_dropins
|
||||
test_template_dropins
|
||||
test_alias_dropins
|
||||
test_masked_dropins
|
||||
test_invalid_dropins
|
||||
|
||||
touch /testok
|
||||
|
|
Loading…
Reference in New Issue