Merge pull request #14365 from yuwata/networkctl-altname

network, udev: further alternative name support

man/rules/meson.build

@@ -271,6 +271,7 @@ manpages = [
  ['sd_bus_message_read_array', '3', [], ''],
  ['sd_bus_message_read_basic', '3', [], ''],
  ['sd_bus_message_rewind', '3', [], ''],
+ ['sd_bus_message_sensitive', '3', [], ''],
  ['sd_bus_message_set_destination',
   '3',
   ['sd_bus_message_get_destination',

man/sd_bus_message_sensitive.xml

@@ -0,0 +1,85 @@
+<?xml version='1.0'?> <!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!-- SPDX-License-Identifier: LGPL-2.1+ -->
+
+<refentry id="sd_bus_message_sensitive" xmlns:xi="http://www.w3.org/2001/XInclude">
+
+  <refentryinfo>
+    <title>sd_bus_message_sensitive</title>
+    <productname>systemd</productname>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>sd_bus_message_sensitive</refentrytitle>
+    <manvolnum>3</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>sd_bus_message_sensitive</refname>
+
+    <refpurpose>Mark a message object as containing sensitive data</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <funcsynopsis>
+      <funcsynopsisinfo>#include &lt;systemd/sd-bus.h&gt;</funcsynopsisinfo>
+
+      <funcprototype>
+        <funcdef>int <function>sd_bus_message_sensitive</function></funcdef>
+        <paramdef>sd_bus_message *<parameter>message</parameter></paramdef>
+      </funcprototype>
+    </funcsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para><function>sd_bus_message_sensitive()</function> marks an allocated bus message as containing
+    sensitive data. This ensures that the message data is carefully removed from memory (specifically,
+    overwritten with zero bytes) when released. It is recommended to mark all incoming and outgoing messages
+    like this that contain security credentials and similar data that should be dealt with carefully. Note
+    that it is not possible to unmark messages like this, it's a one way operation. If a message is already
+    marked sensitive and then marked sensitive a second time the message remains marked so and no further
+    operation is executed.</para>
+
+    <para>As a safety precaution all messages that are created as reply to messages that are marked sensitive
+    are also implicitly marked so.</para>
+  </refsect1>
+
+  <refsect1>
+    <title>Return Value</title>
+
+    <para>On success, theis functions return 0 or a positive integer. On failure, it returns a
+    negative errno-style error code.</para>
+
+    <refsect2>
+      <title>Errors</title>
+
+      <para>Returned errors may indicate the following problems:</para>
+
+      <variablelist>
+        <varlistentry>
+          <term><constant>-EINVAL</constant></term>
+
+          <listitem><para>The <parameter>message</parameter> parameter is
+          <constant>NULL</constant>.</para></listitem>
+        </varlistentry>
+
+      </variablelist>
+    </refsect2>
+  </refsect1>
+
+  <xi:include href="libsystemd-pkgconfig.xml" />
+
+  <refsect1>
+    <title>See Also</title>
+
+    <para>
+      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>sd_bus_message_new_method_call</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+    </para>
+  </refsect1>
+
+</refentry>

src/libsystemd/sd-netlink/netlink-types.c

@@ -593,6 +593,7 @@ static const NLType rtnl_link_types[] = {
         [IFLA_MIN_MTU]          = { .type = NETLINK_TYPE_U32 },
         [IFLA_MAX_MTU]          = { .type = NETLINK_TYPE_U32 },
         [IFLA_PROP_LIST]        = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_prop_list_type_system },
+        [IFLA_ALT_IFNAME]       = { .type = NETLINK_TYPE_STRING, .size = ALTIFNAMSIZ - 1 },
 };
 
 static const NLTypeSystem rtnl_link_type_system = {

src/libsystemd/sd-netlink/netlink-util.c

@@ -123,6 +123,35 @@ int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const
         return 0;
 }
 
+int rtnl_resolve_link_alternative_name(sd_netlink **rtnl, const char *name, int *ret) {
+        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL, *reply = NULL;
+        int r;
+
+        assert(rtnl);
+        assert(name);
+        assert(ret);
+
+        if (!*rtnl) {
+                r = sd_netlink_open(rtnl);
+                if (r < 0)
+                        return r;
+        }
+
+        r = sd_rtnl_message_new_link(*rtnl, &message, RTM_GETLINK, 0);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_message_append_string(message, IFLA_ALT_IFNAME, name);
+        if (r < 0)
+                return r;
+
+        r = sd_netlink_call(*rtnl, message, 0, &reply);
+        if (r < 0)
+                return r;
+
+        return sd_rtnl_message_link_get_ifindex(reply, ret);
+}
+
 int rtnl_message_new_synthetic_error(sd_netlink *rtnl, int error, uint32_t serial, sd_netlink_message **ret) {
         struct nlmsgerr *err;
         int r;

src/libsystemd/sd-netlink/netlink-util.h

@@ -50,6 +50,7 @@ static inline bool rtnl_message_type_is_qdisc(uint16_t type) {
 int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name);
 int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias, const struct ether_addr *mac, uint32_t mtu);
 int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names);
+int rtnl_resolve_link_alternative_name(sd_netlink **rtnl, const char *name, int *ret);
 
 int rtnl_log_parse_error(int r);
 int rtnl_log_create_error(int r);

src/network/networkctl.c

@@ -261,6 +261,7 @@ static int decode_netdev(sd_netlink_message *m, LinkInfo *info) {
 }
 
 static int decode_link(sd_netlink_message *m, LinkInfo *info, char **patterns) {
+        _cleanup_strv_free_ char **altnames = NULL;
         const char *name;
         int ifindex, r;
         uint16_t type;
@@ -283,13 +284,26 @@ static int decode_link(sd_netlink_message *m, LinkInfo *info, char **patterns) {
         if (r < 0)
                 return r;
 
+        r = sd_netlink_message_read_strv(m, IFLA_PROP_LIST, IFLA_ALT_IFNAME, &altnames);
+        if (r < 0 && !IN_SET(r, -EOPNOTSUPP, -ENODATA))
+                return r;
+
         if (patterns) {
                 char str[DECIMAL_STR_MAX(int)];
 
                 xsprintf(str, "%i", ifindex);
+                if (!strv_fnmatch(patterns, str, 0) && !strv_fnmatch(patterns, name, 0)) {
+                        bool match = false;
+                        char **p;
 
-                if (!strv_fnmatch(patterns, str, 0) && !strv_fnmatch(patterns, name, 0))
-                        return 0;
+                        STRV_FOREACH(p, altnames)
+                                if (strv_fnmatch(patterns, *p, 0)) {
+                                        match = true;
+                                        break;
+                                }
+                        if (!match)
+                                return 0;
+                }
         }
 
         r = sd_rtnl_message_link_get_type(m, &info->iftype);
@@ -298,6 +312,7 @@ static int decode_link(sd_netlink_message *m, LinkInfo *info, char **patterns) {
 
         strscpy(info->name, sizeof info->name, name);
         info->ifindex = ifindex;
+        info->alternative_names = TAKE_PTR(altnames);
 
         info->has_mac_address =
                 sd_netlink_message_read_ether_addr(m, IFLA_ADDRESS, &info->mac_address) >= 0 &&
@@ -306,7 +321,6 @@ static int decode_link(sd_netlink_message *m, LinkInfo *info, char **patterns) {
         (void) sd_netlink_message_read_u32(m, IFLA_MTU, &info->mtu);
         (void) sd_netlink_message_read_u32(m, IFLA_MIN_MTU, &info->min_mtu);
         (void) sd_netlink_message_read_u32(m, IFLA_MAX_MTU, &info->max_mtu);
-        (void) sd_netlink_message_read_strv(m, IFLA_PROP_LIST, IFLA_ALT_IFNAME, &info->alternative_names);
 
         info->has_rx_queues =
                 sd_netlink_message_read_u32(m, IFLA_NUM_RX_QUEUES, &info->rx_queues) >= 0 &&
@@ -1764,8 +1778,11 @@ static int link_delete(int argc, char *argv[], void *userdata) {
 
         for (i = 1; i < argc; i++) {
                 r = parse_ifindex_or_ifname(argv[i], &index);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to resolve interface %s", argv[i]);
+                if (r < 0) {
+                        r = rtnl_resolve_link_alternative_name(&rtnl, argv[i], &index);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to resolve interface %s", argv[i]);
+                }
 
                 r = set_put(indexes, INT_TO_PTR(index));
                 if (r < 0)
@@ -1808,6 +1825,7 @@ static int link_renew_one(sd_bus *bus, int index, const char *name) {
 
 static int link_renew(int argc, char *argv[], void *userdata) {
         _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
         int index, i, k = 0, r;
 
         r = sd_bus_open_system(&bus);
@@ -1816,8 +1834,11 @@ static int link_renew(int argc, char *argv[], void *userdata) {
 
         for (i = 1; i < argc; i++) {
                 r = parse_ifindex_or_ifname(argv[i], &index);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to resolve interface %s", argv[i]);
+                if (r < 0) {
+                        r = rtnl_resolve_link_alternative_name(&rtnl, argv[i], &index);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to resolve interface %s", argv[i]);
+                }
 
                 r = link_renew_one(bus, index, argv[i]);
                 if (r < 0 && k >= 0)
@@ -1852,6 +1873,7 @@ static int verb_reload(int argc, char *argv[], void *userdata) {
 static int verb_reconfigure(int argc, char *argv[], void *userdata) {
         _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
         _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
         _cleanup_set_free_ Set *indexes = NULL;
         int index, i, r;
         Iterator j;
@@ -1867,8 +1889,11 @@ static int verb_reconfigure(int argc, char *argv[], void *userdata) {
 
         for (i = 1; i < argc; i++) {
                 r = parse_ifindex_or_ifname(argv[i], &index);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to resolve interface %s", argv[i]);
+                if (r < 0) {
+                        r = rtnl_resolve_link_alternative_name(&rtnl, argv[i], &index);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to resolve interface %s", argv[i]);
+                }
 
                 r = set_put(indexes, INT_TO_PTR(index));
                 if (r < 0)

src/network/networkd-manager-bus.c

@@ -7,6 +7,7 @@
 #include "alloc-util.h"
 #include "bus-common-errors.h"
 #include "bus-util.h"
+#include "netlink-util.h"
 #include "networkd-link-bus.h"
 #include "networkd-link.h"
 #include "networkd-manager-bus.h"
@@ -66,8 +67,11 @@ static int method_get_link_by_name(sd_bus_message *message, void *userdata, sd_b
                 return r;
 
         index = if_nametoindex(name);
-        if (index <= 0)
-                return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_LINK, "Link %s not known", name);
+        if (index <= 0) {
+                r = rtnl_resolve_link_alternative_name(&manager->rtnl, name, &index);
+                if (r < 0)
+                        return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_LINK, "Link %s not known", name);
+        }
 
         link = hashmap_get(manager->links, INT_TO_PTR(index));
         if (!link)

src/shared/dropin.c

@@ -230,7 +230,6 @@ int unit_file_find_dropin_paths(
                 char ***ret) {
 
         _cleanup_strv_free_ char **dirs = NULL;
-        UnitType type = _UNIT_TYPE_INVALID;
         char *name, **p;
         Iterator i;
         int r;
@@ -240,22 +239,24 @@ int unit_file_find_dropin_paths(
         /* All the names in the unit are of the same type so just grab one. */
         name = (char*) set_first(names);
         if (name) {
+                UnitType type = _UNIT_TYPE_INVALID;
+
                 type = unit_name_to_type(name);
                 if (type < 0)
                         return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                                "Failed to to derive unit type from unit name: %s",
                                                name);
-        }
 
-        /* Special top level drop in for "<unit type>.<suffix>". Add this first as it's the most generic
-         * and should be able to be overridden by more specific drop-ins. */
-        STRV_FOREACH(p, lookup_path)
-                (void) unit_file_find_dirs(original_root,
-                                           unit_path_cache,
-                                           *p,
-                                           unit_type_to_string(type),
-                                           dir_suffix,
-                                           &dirs);
+                /* Special top level drop in for "<unit type>.<suffix>". Add this first as it's the most generic
+                 * and should be able to be overridden by more specific drop-ins. */
+                STRV_FOREACH(p, lookup_path)
+                        (void) unit_file_find_dirs(original_root,
+                                                   unit_path_cache,
+                                                   *p,
+                                                   unit_type_to_string(type),
+                                                   dir_suffix,
+                                                   &dirs);
+        }
 
         SET_FOREACH(name, names, i)
                 STRV_FOREACH(p, lookup_path)

src/udev/net/link-config.c

@@ -503,6 +503,7 @@ int link_config_apply(link_config_ctx *ctx, link_config *config,
                 strv_remove(altnames, new_name);
         strv_remove(altnames, old_name);
         strv_uniq(altnames);
+        strv_sort(altnames);
 
         r = rtnl_set_link_alternative_names(&ctx->rtnl, ifindex, altnames);
         if (r == -EOPNOTSUPP)

test/TEST-15-DROPIN/test-dropin.sh

@@ -419,9 +419,23 @@ EOF
     clear_services a b
 }
 
+test_invalid_dropins () {
+    echo "Testing invalid dropins..."
+    # Assertion failed on earlier versions, command exits unsuccessfully on later versions
+    systemctl cat nonexistent@.service || true
+    create_services a
+    systemctl daemon-reload
+    # Assertion failed on earlier versions, command exits unsuccessfully on later versions
+    systemctl cat a@.service || true
+    systemctl stop a
+    clear_services a
+    return 0
+}
+
 test_basic_dropins
 test_template_dropins
 test_alias_dropins
 test_masked_dropins
+test_invalid_dropins
 
 touch /testok