Compare commits

...

7 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek 9667e10b1a
Merge pull request #14365 from yuwata/networkctl-altname
network, udev: further alternative name support
2019-12-18 12:44:34 +01:00
Lennart Poettering ac6431dad9 man: add man page for sd_bus_message_sensitive() 2019-12-18 09:10:34 +01:00
Topi Miettinen 7a670b1dd9 shared/dropin: fix assert for invalid drop-in
Don't try to show top level drop-in for non-existent units or when trying to
instantiate non-instantiated units:

$ systemctl cat nonexistent@.service
Assertion 'name' failed at src/shared/dropin.c:143, function unit_file_find_dirs(). Aborting.
$ systemctl cat systemd-journald@.service
Assertion 'name' failed at src/shared/dropin.c:143, function unit_file_find_dirs(). Aborting.
2019-12-18 08:43:40 +01:00
Yu Watanabe e7bdadb5c6 network: support alternative name to get bus path for the link 2019-12-18 00:05:50 +09:00
Yu Watanabe f7581ed6e0 networkctl: support alternative name to specify interface 2019-12-18 00:05:50 +09:00
Yu Watanabe 4d016e965b udev: sort alternative names
Kernel preserves the order of alternative names. So, for user
visibility, let's sort the alternative names.
2019-12-18 00:05:50 +09:00
Yu Watanabe b04c5e51da sd-netlink: introduce rtnl_resolve_link_alternative_names() 2019-12-18 00:05:50 +09:00
10 changed files with 184 additions and 22 deletions

View File

@ -271,6 +271,7 @@ manpages = [
['sd_bus_message_read_array', '3', [], ''],
['sd_bus_message_read_basic', '3', [], ''],
['sd_bus_message_rewind', '3', [], ''],
['sd_bus_message_sensitive', '3', [], ''],
['sd_bus_message_set_destination',
'3',
['sd_bus_message_get_destination',

View File

@ -0,0 +1,85 @@
<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1+ -->
<refentry id="sd_bus_message_sensitive" xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>sd_bus_message_sensitive</title>
<productname>systemd</productname>
</refentryinfo>
<refmeta>
<refentrytitle>sd_bus_message_sensitive</refentrytitle>
<manvolnum>3</manvolnum>
</refmeta>
<refnamediv>
<refname>sd_bus_message_sensitive</refname>
<refpurpose>Mark a message object as containing sensitive data</refpurpose>
</refnamediv>
<refsynopsisdiv>
<funcsynopsis>
<funcsynopsisinfo>#include &lt;systemd/sd-bus.h&gt;</funcsynopsisinfo>
<funcprototype>
<funcdef>int <function>sd_bus_message_sensitive</function></funcdef>
<paramdef>sd_bus_message *<parameter>message</parameter></paramdef>
</funcprototype>
</funcsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para><function>sd_bus_message_sensitive()</function> marks an allocated bus message as containing
sensitive data. This ensures that the message data is carefully removed from memory (specifically,
overwritten with zero bytes) when released. It is recommended to mark all incoming and outgoing messages
like this that contain security credentials and similar data that should be dealt with carefully. Note
that it is not possible to unmark messages like this, it's a one way operation. If a message is already
marked sensitive and then marked sensitive a second time the message remains marked so and no further
operation is executed.</para>
<para>As a safety precaution all messages that are created as reply to messages that are marked sensitive
are also implicitly marked so.</para>
</refsect1>
<refsect1>
<title>Return Value</title>
<para>On success, theis functions return 0 or a positive integer. On failure, it returns a
negative errno-style error code.</para>
<refsect2>
<title>Errors</title>
<para>Returned errors may indicate the following problems:</para>
<variablelist>
<varlistentry>
<term><constant>-EINVAL</constant></term>
<listitem><para>The <parameter>message</parameter> parameter is
<constant>NULL</constant>.</para></listitem>
</varlistentry>
</variablelist>
</refsect2>
</refsect1>
<xi:include href="libsystemd-pkgconfig.xml" />
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd_bus_message_new_method_call</refentrytitle><manvolnum>3</manvolnum></citerefentry>
</para>
</refsect1>
</refentry>

View File

@ -593,6 +593,7 @@ static const NLType rtnl_link_types[] = {
[IFLA_MIN_MTU] = { .type = NETLINK_TYPE_U32 },
[IFLA_MAX_MTU] = { .type = NETLINK_TYPE_U32 },
[IFLA_PROP_LIST] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_prop_list_type_system },
[IFLA_ALT_IFNAME] = { .type = NETLINK_TYPE_STRING, .size = ALTIFNAMSIZ - 1 },
};
static const NLTypeSystem rtnl_link_type_system = {

View File

@ -123,6 +123,35 @@ int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const
return 0;
}
int rtnl_resolve_link_alternative_name(sd_netlink **rtnl, const char *name, int *ret) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL, *reply = NULL;
int r;
assert(rtnl);
assert(name);
assert(ret);
if (!*rtnl) {
r = sd_netlink_open(rtnl);
if (r < 0)
return r;
}
r = sd_rtnl_message_new_link(*rtnl, &message, RTM_GETLINK, 0);
if (r < 0)
return r;
r = sd_netlink_message_append_string(message, IFLA_ALT_IFNAME, name);
if (r < 0)
return r;
r = sd_netlink_call(*rtnl, message, 0, &reply);
if (r < 0)
return r;
return sd_rtnl_message_link_get_ifindex(reply, ret);
}
int rtnl_message_new_synthetic_error(sd_netlink *rtnl, int error, uint32_t serial, sd_netlink_message **ret) {
struct nlmsgerr *err;
int r;

View File

@ -50,6 +50,7 @@ static inline bool rtnl_message_type_is_qdisc(uint16_t type) {
int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name);
int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias, const struct ether_addr *mac, uint32_t mtu);
int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names);
int rtnl_resolve_link_alternative_name(sd_netlink **rtnl, const char *name, int *ret);
int rtnl_log_parse_error(int r);
int rtnl_log_create_error(int r);

View File

@ -261,6 +261,7 @@ static int decode_netdev(sd_netlink_message *m, LinkInfo *info) {
}
static int decode_link(sd_netlink_message *m, LinkInfo *info, char **patterns) {
_cleanup_strv_free_ char **altnames = NULL;
const char *name;
int ifindex, r;
uint16_t type;
@ -283,13 +284,26 @@ static int decode_link(sd_netlink_message *m, LinkInfo *info, char **patterns) {
if (r < 0)
return r;
r = sd_netlink_message_read_strv(m, IFLA_PROP_LIST, IFLA_ALT_IFNAME, &altnames);
if (r < 0 && !IN_SET(r, -EOPNOTSUPP, -ENODATA))
return r;
if (patterns) {
char str[DECIMAL_STR_MAX(int)];
xsprintf(str, "%i", ifindex);
if (!strv_fnmatch(patterns, str, 0) && !strv_fnmatch(patterns, name, 0)) {
bool match = false;
char **p;
if (!strv_fnmatch(patterns, str, 0) && !strv_fnmatch(patterns, name, 0))
return 0;
STRV_FOREACH(p, altnames)
if (strv_fnmatch(patterns, *p, 0)) {
match = true;
break;
}
if (!match)
return 0;
}
}
r = sd_rtnl_message_link_get_type(m, &info->iftype);
@ -298,6 +312,7 @@ static int decode_link(sd_netlink_message *m, LinkInfo *info, char **patterns) {
strscpy(info->name, sizeof info->name, name);
info->ifindex = ifindex;
info->alternative_names = TAKE_PTR(altnames);
info->has_mac_address =
sd_netlink_message_read_ether_addr(m, IFLA_ADDRESS, &info->mac_address) >= 0 &&
@ -306,7 +321,6 @@ static int decode_link(sd_netlink_message *m, LinkInfo *info, char **patterns) {
(void) sd_netlink_message_read_u32(m, IFLA_MTU, &info->mtu);
(void) sd_netlink_message_read_u32(m, IFLA_MIN_MTU, &info->min_mtu);
(void) sd_netlink_message_read_u32(m, IFLA_MAX_MTU, &info->max_mtu);
(void) sd_netlink_message_read_strv(m, IFLA_PROP_LIST, IFLA_ALT_IFNAME, &info->alternative_names);
info->has_rx_queues =
sd_netlink_message_read_u32(m, IFLA_NUM_RX_QUEUES, &info->rx_queues) >= 0 &&
@ -1764,8 +1778,11 @@ static int link_delete(int argc, char *argv[], void *userdata) {
for (i = 1; i < argc; i++) {
r = parse_ifindex_or_ifname(argv[i], &index);
if (r < 0)
return log_error_errno(r, "Failed to resolve interface %s", argv[i]);
if (r < 0) {
r = rtnl_resolve_link_alternative_name(&rtnl, argv[i], &index);
if (r < 0)
return log_error_errno(r, "Failed to resolve interface %s", argv[i]);
}
r = set_put(indexes, INT_TO_PTR(index));
if (r < 0)
@ -1808,6 +1825,7 @@ static int link_renew_one(sd_bus *bus, int index, const char *name) {
static int link_renew(int argc, char *argv[], void *userdata) {
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
_cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
int index, i, k = 0, r;
r = sd_bus_open_system(&bus);
@ -1816,8 +1834,11 @@ static int link_renew(int argc, char *argv[], void *userdata) {
for (i = 1; i < argc; i++) {
r = parse_ifindex_or_ifname(argv[i], &index);
if (r < 0)
return log_error_errno(r, "Failed to resolve interface %s", argv[i]);
if (r < 0) {
r = rtnl_resolve_link_alternative_name(&rtnl, argv[i], &index);
if (r < 0)
return log_error_errno(r, "Failed to resolve interface %s", argv[i]);
}
r = link_renew_one(bus, index, argv[i]);
if (r < 0 && k >= 0)
@ -1852,6 +1873,7 @@ static int verb_reload(int argc, char *argv[], void *userdata) {
static int verb_reconfigure(int argc, char *argv[], void *userdata) {
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
_cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
_cleanup_set_free_ Set *indexes = NULL;
int index, i, r;
Iterator j;
@ -1867,8 +1889,11 @@ static int verb_reconfigure(int argc, char *argv[], void *userdata) {
for (i = 1; i < argc; i++) {
r = parse_ifindex_or_ifname(argv[i], &index);
if (r < 0)
return log_error_errno(r, "Failed to resolve interface %s", argv[i]);
if (r < 0) {
r = rtnl_resolve_link_alternative_name(&rtnl, argv[i], &index);
if (r < 0)
return log_error_errno(r, "Failed to resolve interface %s", argv[i]);
}
r = set_put(indexes, INT_TO_PTR(index));
if (r < 0)

View File

@ -7,6 +7,7 @@
#include "alloc-util.h"
#include "bus-common-errors.h"
#include "bus-util.h"
#include "netlink-util.h"
#include "networkd-link-bus.h"
#include "networkd-link.h"
#include "networkd-manager-bus.h"
@ -66,8 +67,11 @@ static int method_get_link_by_name(sd_bus_message *message, void *userdata, sd_b
return r;
index = if_nametoindex(name);
if (index <= 0)
return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_LINK, "Link %s not known", name);
if (index <= 0) {
r = rtnl_resolve_link_alternative_name(&manager->rtnl, name, &index);
if (r < 0)
return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_LINK, "Link %s not known", name);
}
link = hashmap_get(manager->links, INT_TO_PTR(index));
if (!link)

View File

@ -230,7 +230,6 @@ int unit_file_find_dropin_paths(
char ***ret) {
_cleanup_strv_free_ char **dirs = NULL;
UnitType type = _UNIT_TYPE_INVALID;
char *name, **p;
Iterator i;
int r;
@ -240,22 +239,24 @@ int unit_file_find_dropin_paths(
/* All the names in the unit are of the same type so just grab one. */
name = (char*) set_first(names);
if (name) {
UnitType type = _UNIT_TYPE_INVALID;
type = unit_name_to_type(name);
if (type < 0)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Failed to to derive unit type from unit name: %s",
name);
}
/* Special top level drop in for "<unit type>.<suffix>". Add this first as it's the most generic
* and should be able to be overridden by more specific drop-ins. */
STRV_FOREACH(p, lookup_path)
(void) unit_file_find_dirs(original_root,
unit_path_cache,
*p,
unit_type_to_string(type),
dir_suffix,
&dirs);
/* Special top level drop in for "<unit type>.<suffix>". Add this first as it's the most generic
* and should be able to be overridden by more specific drop-ins. */
STRV_FOREACH(p, lookup_path)
(void) unit_file_find_dirs(original_root,
unit_path_cache,
*p,
unit_type_to_string(type),
dir_suffix,
&dirs);
}
SET_FOREACH(name, names, i)
STRV_FOREACH(p, lookup_path)

View File

@ -503,6 +503,7 @@ int link_config_apply(link_config_ctx *ctx, link_config *config,
strv_remove(altnames, new_name);
strv_remove(altnames, old_name);
strv_uniq(altnames);
strv_sort(altnames);
r = rtnl_set_link_alternative_names(&ctx->rtnl, ifindex, altnames);
if (r == -EOPNOTSUPP)

View File

@ -419,9 +419,23 @@ EOF
clear_services a b
}
test_invalid_dropins () {
echo "Testing invalid dropins..."
# Assertion failed on earlier versions, command exits unsuccessfully on later versions
systemctl cat nonexistent@.service || true
create_services a
systemctl daemon-reload
# Assertion failed on earlier versions, command exits unsuccessfully on later versions
systemctl cat a@.service || true
systemctl stop a
clear_services a
return 0
}
test_basic_dropins
test_template_dropins
test_alias_dropins
test_masked_dropins
test_invalid_dropins
touch /testok