Compare commits

...

15 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek 6882c934dd
Merge 8da8996181 into 9bf6ffe166 2024-11-22 13:01:34 +01:00
Luca Boccassi 9bf6ffe166
man: split cryptenroll man page into sections (#35297) 2024-11-22 12:01:07 +00:00
Lennart Poettering cc6baba720 cryptenroll: it's called PKCS#11, not PKCS11
In the --help text we really should use the official spelling, just like
in the man page.
2024-11-22 10:42:37 +01:00
Lennart Poettering 3ae48d071c man: add enrollment type sections to cryptenroll man page
We have the same sections in the --help text, hence we even more so
should have them in the man page.
2024-11-22 10:42:37 +01:00
Antonio Alvarez Feijoo 2ccacdd57c bash-completion: add --list-devices to systemd-cryptenroll
And also use it to list suitable block devices.
2024-11-22 10:38:19 +01:00
Zbigniew Jędrzejewski-Szmek 8da8996181 gpt-auto-generator: improve log message
We said "exiting", but then the program continues to do other operations
and log additional messages.
2024-11-20 15:05:16 +01:00
Zbigniew Jędrzejewski-Szmek fb1ad8c2df shared/exec-util: fix logging of the args of an executed program
The debug logs has lots of "About to execute /some/path (null)". This
occurs when the args array is empty. Instead, only print "(null)" if
we failed with oom.

Having strv_skip() return NULL makes this pleasant to write without repeating
strv_isempty() a few times.
2024-11-20 15:05:16 +01:00
Zbigniew Jędrzejewski-Szmek 7a5997bad1 test-execve: minor simplification 2024-11-20 15:05:16 +01:00
Zbigniew Jędrzejewski-Szmek 64e225d4c3 various: handle the positive condition after strv_skip() first 2024-11-20 15:05:16 +01:00
Zbigniew Jędrzejewski-Szmek d9cb7338f9 busctl: use RET_GATHER 2024-11-20 15:05:16 +01:00
Zbigniew Jędrzejewski-Szmek 654fa34796 busctl: use STRV_FOREACH in the usual fashion
Also put positive branch first, do not use 'i' as a char** variable name.
2024-11-20 15:05:16 +01:00
Zbigniew Jędrzejewski-Szmek 0638a45ec9 analyze: use STRV_FOREACH in consistent fashion
Also put positive condition first.
2024-11-20 15:05:16 +01:00
Zbigniew Jędrzejewski-Szmek e97f1ad4c9 basic/strv: return NULL from strv_skip
strv_skip was written to carefully return the original array, but this turns
out to be an unnecessary complication. After the previous patch, no caller
cares about the distinction between NULL and { NULL }, but various callers need
to wrap the process the returned value with strv_isempty(), sometimes more than
once. Let's always return NULL for an empty result to allow callers to be
simplified.
2024-11-20 15:05:16 +01:00
Zbigniew Jędrzejewski-Szmek 48e5aec4a3 homectl: split out inspect_home() and authenticate_home()
mangle_user_list() was doing a microoptimization of avoiding of copying of a
single string by constructing the strv object manually. This seems like more
trouble than it's worth, considering that this is called once in the program's
life.

Rework the code to have inspect_home() and authenticate_home() that handle a
single home name and call them in a loop from the outer function.
2024-11-20 14:58:56 +01:00
Zbigniew Jędrzejewski-Szmek 907a3b128c vconsole-setup: reword error messages
I was looking at some logs, and — without context —
"Setting source virtual console failed" doesn't make sense. It's a source
internally in vconsole-setup because we configure it and then use it to copy
the settings to other consoles. But at the point this message is emitted it's
not yet a source of anything. Also, "setting" sounds like we'd like to assign
it somewhere, which is even more confusing. Reword the messages to be more
down-to-earth and meaningful without looking at the code.
2024-11-19 17:18:14 +01:00
22 changed files with 334 additions and 346 deletions

View File

@ -265,32 +265,11 @@
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>Options</title> <title>Unlocking</title>
<para>The following options are understood:</para> <para>The following options are understood that may be used to unlock the device in preparation of the enrollment operations:</para>
<variablelist> <variablelist>
<varlistentry>
<term><option>--password</option></term>
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
<command>cryptsetup luksAddKey</command>, however may be combined with
<option>--wipe-slot=</option> in one call, see below.</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--recovery-key</option></term>
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term> <term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term>
@ -328,7 +307,45 @@
<xi:include href="version-info.xml" xpointer="v256"/></listitem> <xi:include href="version-info.xml" xpointer="v256"/></listitem>
</varlistentry> </varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Simple Enrollment</title>
<para>The following options are understood that may be used to enroll simple user input based
unlocking:</para>
<variablelist>
<varlistentry>
<term><option>--password</option></term>
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
<command>cryptsetup luksAddKey</command>, however may be combined with
<option>--wipe-slot=</option> in one call, see below.</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--recovery-key</option></term>
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>PKCS#11 Enrollment</title>
<para>The following option is understood that may be used to enroll PKCS#11 tokens:</para>
<variablelist>
<varlistentry> <varlistentry>
<term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term> <term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term>
@ -361,7 +378,15 @@
<xi:include href="version-info.xml" xpointer="v248"/></listitem> <xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry> </varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>FIDO2 Enrollment</title>
<para>The following options are understood that may be used to enroll PKCS#11 tokens:</para>
<variablelist>
<varlistentry> <varlistentry>
<term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term> <term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
<listitem><para>Specify COSE algorithm used in credential generation. The default value is <listitem><para>Specify COSE algorithm used in credential generation. The default value is
@ -461,7 +486,15 @@
<xi:include href="version-info.xml" xpointer="v249"/></listitem> <xi:include href="version-info.xml" xpointer="v249"/></listitem>
</varlistentry> </varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>TPM2 Enrollment</title>
<para>The following options are understood that may be used to enroll TPM2 devices:</para>
<variablelist>
<varlistentry> <varlistentry>
<term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term> <term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term>
@ -636,7 +669,15 @@
<xi:include href="version-info.xml" xpointer="v255"/></listitem> <xi:include href="version-info.xml" xpointer="v255"/></listitem>
</varlistentry> </varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Other Options</title>
<para>The following additional options are understood:</para>
<variablelist>
<varlistentry> <varlistentry>
<term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term> <term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term>

View File

@ -38,19 +38,12 @@ __get_tpm2_devices() {
done done
} }
__get_block_devices() {
local i
for i in /dev/*; do
[ -b "$i" ] && printf '%s\n' "$i"
done
}
_systemd_cryptenroll() { _systemd_cryptenroll() {
local comps local comps
local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
local -A OPTS=( local -A OPTS=(
[STANDALONE]='-h --help --version [STANDALONE]='-h --help --version
--password --recovery-key' --password --recovery-key --list-devices'
[ARG]='--unlock-key-file [ARG]='--unlock-key-file
--unlock-fido2-device --unlock-fido2-device
--unlock-tpm2-device --unlock-tpm2-device
@ -116,7 +109,7 @@ _systemd_cryptenroll() {
return 0 return 0
fi fi
comps=$(__get_block_devices) comps=$(systemd-cryptenroll --list-devices)
COMPREPLY=( $(compgen -W '$comps' -- "$cur") ) COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
return 0 return 0
} }

View File

@ -47,30 +47,25 @@ int verb_architectures(int argc, char *argv[], void *userdata) {
(void) table_hide_column_from_display(table, (size_t) 0); (void) table_hide_column_from_display(table, (size_t) 0);
if (strv_isempty(strv_skip(argv, 1))) char **args = strv_skip(argv, 1);
for (Architecture a = 0; a < _ARCHITECTURE_MAX; a++) { if (args) {
r = add_arch(table, a); STRV_FOREACH(arg, args) {
if (r < 0)
return r;
}
else {
STRV_FOREACH(as, strv_skip(argv, 1)) {
Architecture a; Architecture a;
if (streq(*as, "native")) if (streq(*arg, "native"))
a = native_architecture(); a = native_architecture();
else if (streq(*as, "uname")) else if (streq(*arg, "uname"))
a = uname_architecture(); a = uname_architecture();
else if (streq(*as, "secondary")) { else if (streq(*arg, "secondary")) {
#ifdef ARCHITECTURE_SECONDARY #ifdef ARCHITECTURE_SECONDARY
a = ARCHITECTURE_SECONDARY; a = ARCHITECTURE_SECONDARY;
#else #else
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "No secondary architecture."); return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "No secondary architecture.");
#endif #endif
} else } else
a = architecture_from_string(*as); a = architecture_from_string(*arg);
if (a < 0) if (a < 0)
return log_error_errno(a, "Architecture \"%s\" not known.", *as); return log_error_errno(a, "Architecture \"%s\" not known.", *arg);
r = add_arch(table, a); r = add_arch(table, a);
if (r < 0) if (r < 0)
@ -78,7 +73,12 @@ int verb_architectures(int argc, char *argv[], void *userdata) {
} }
(void) table_set_sort(table, (size_t) 0); (void) table_set_sort(table, (size_t) 0);
} } else
for (Architecture a = 0; a < _ARCHITECTURE_MAX; a++) {
r = add_arch(table, a);
if (r < 0)
return r;
}
r = table_print_with_pager(table, arg_json_format_flags, arg_pager_flags, arg_legend); r = table_print_with_pager(table, arg_json_format_flags, arg_pager_flags, arg_legend);
if (r < 0) if (r < 0)

View File

@ -9,12 +9,11 @@
#include "strv.h" #include "strv.h"
int verb_cat_config(int argc, char *argv[], void *userdata) { int verb_cat_config(int argc, char *argv[], void *userdata) {
char **list;
int r; int r;
pager_open(arg_pager_flags); pager_open(arg_pager_flags);
list = strv_skip(argv, 1); char **list = strv_skip(argv, 1);
STRV_FOREACH(arg, list) { STRV_FOREACH(arg, list) {
const char *t = NULL; const char *t = NULL;

View File

@ -17,7 +17,24 @@ int verb_exit_status(int argc, char *argv[], void *userdata) {
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to right-align status: %m"); return log_error_errno(r, "Failed to right-align status: %m");
if (strv_isempty(strv_skip(argv, 1))) char **args = strv_skip(argv, 1);
if (args)
STRV_FOREACH(arg, args) {
int status;
status = exit_status_from_string(*arg);
if (status < 0)
return log_error_errno(status, "Invalid exit status \"%s\".", *arg);
assert(status >= 0 && (size_t) status < ELEMENTSOF(exit_status_mappings));
r = table_add_many(table,
TABLE_STRING, exit_status_mappings[status].name ?: "-",
TABLE_INT, status,
TABLE_STRING, exit_status_class(status) ?: "-");
if (r < 0)
return table_log_add_error(r);
}
else
for (size_t i = 0; i < ELEMENTSOF(exit_status_mappings); i++) { for (size_t i = 0; i < ELEMENTSOF(exit_status_mappings); i++) {
if (!exit_status_mappings[i].name) if (!exit_status_mappings[i].name)
continue; continue;
@ -29,22 +46,6 @@ int verb_exit_status(int argc, char *argv[], void *userdata) {
if (r < 0) if (r < 0)
return table_log_add_error(r); return table_log_add_error(r);
} }
else
for (int i = 1; i < argc; i++) {
int status;
status = exit_status_from_string(argv[i]);
if (status < 0)
return log_error_errno(status, "Invalid exit status \"%s\".", argv[i]);
assert(status >= 0 && (size_t) status < ELEMENTSOF(exit_status_mappings));
r = table_add_many(table,
TABLE_STRING, exit_status_mappings[status].name ?: "-",
TABLE_INT, status,
TABLE_STRING, exit_status_class(status) ?: "-");
if (r < 0)
return table_log_add_error(r);
}
r = table_print_with_pager(table, arg_json_format_flags, arg_pager_flags, arg_legend); r = table_print_with_pager(table, arg_json_format_flags, arg_pager_flags, arg_legend);
if (r < 0) if (r < 0)

View File

@ -106,15 +106,30 @@ static void dump_filesystem_set(const FilesystemSet *set) {
} }
int verb_filesystems(int argc, char *argv[], void *userdata) { int verb_filesystems(int argc, char *argv[], void *userdata) {
bool first = true;
#if ! HAVE_LIBBPF #if ! HAVE_LIBBPF
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Not compiled with libbpf support, sorry."); return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Not compiled with libbpf support, sorry.");
#endif #endif
pager_open(arg_pager_flags); pager_open(arg_pager_flags);
if (strv_isempty(strv_skip(argv, 1))) { char **args = strv_skip(argv, 1);
if (args)
STRV_FOREACH(name, args) {
if (name != args)
puts("");
const FilesystemSet *set = filesystem_set_find(*name);
if (!set) {
/* make sure the error appears below normal output */
fflush(stdout);
return log_error_errno(SYNTHETIC_ERRNO(ENOENT),
"Filesystem set \"%s\" not found.", *name);
}
dump_filesystem_set(set);
}
else {
_cleanup_set_free_ Set *kernel = NULL, *known = NULL; _cleanup_set_free_ Set *kernel = NULL, *known = NULL;
int k; int k;
@ -126,27 +141,24 @@ int verb_filesystems(int argc, char *argv[], void *userdata) {
for (FilesystemGroups i = 0; i < _FILESYSTEM_SET_MAX; i++) { for (FilesystemGroups i = 0; i < _FILESYSTEM_SET_MAX; i++) {
const FilesystemSet *set = filesystem_sets + i; const FilesystemSet *set = filesystem_sets + i;
if (!first) if (i > 0)
puts(""); puts("");
dump_filesystem_set(set); dump_filesystem_set(set);
filesystem_set_remove(kernel, set); filesystem_set_remove(kernel, set);
if (i != FILESYSTEM_SET_KNOWN) if (i != FILESYSTEM_SET_KNOWN)
filesystem_set_remove(known, set); filesystem_set_remove(known, set);
first = false;
} }
if (arg_quiet) /* Let's not show the extra stuff in quiet mode */ if (arg_quiet) /* Let's not show the extra stuff in quiet mode */
return 0; return 0;
if (!set_isempty(known)) { if (!set_isempty(known)) {
_cleanup_free_ char **l = NULL;
printf("\n" printf("\n"
"# %sUngrouped filesystems%s (known but not included in any of the groups except @known):\n", "# %sUngrouped filesystems%s (known but not included in any of the groups except @known):\n",
ansi_highlight(), ansi_normal()); ansi_highlight(), ansi_normal());
l = set_get_strv(known); _cleanup_free_ char **l = set_get_strv(known);
if (!l) if (!l)
return log_oom(); return log_oom();
@ -197,25 +209,7 @@ int verb_filesystems(int argc, char *argv[], void *userdata) {
STRV_FOREACH(filesystem, l) STRV_FOREACH(filesystem, l)
printf("# %s\n", *filesystem); printf("# %s\n", *filesystem);
} }
} else }
STRV_FOREACH(name, strv_skip(argv, 1)) {
const FilesystemSet *set;
if (!first)
puts("");
set = filesystem_set_find(*name);
if (!set) {
/* make sure the error appears below normal output */
fflush(stdout);
return log_error_errno(SYNTHETIC_ERRNO(ENOENT),
"Filesystem set \"%s\" not found.", *name);
}
dump_filesystem_set(set);
first = false;
}
return EXIT_SUCCESS; return EXIT_SUCCESS;
} }

View File

@ -35,11 +35,12 @@ int verb_malloc(int argc, char *argv[], void *userdata) {
char **services = STRV_MAKE("org.freedesktop.systemd1"); char **services = STRV_MAKE("org.freedesktop.systemd1");
int r; int r;
if (!strv_isempty(strv_skip(argv, 1))) { char **args = strv_skip(argv, 1);
services = strv_skip(argv, 1); if (args) {
STRV_FOREACH(service, services) STRV_FOREACH(service, args)
if (!service_name_is_valid(*service)) if (!service_name_is_valid(*service))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "D-Bus service name '%s' is not valid.", *service); return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "D-Bus service name '%s' is not valid.", *service);
services = args;
} }
r = acquire_bus(&bus, NULL); r = acquire_bus(&bus, NULL);

View File

@ -114,19 +114,14 @@ int verb_pcrs(int argc, char *argv[], void *userdata) {
if (!alg) /* hide hash column if we couldn't acquire it */ if (!alg) /* hide hash column if we couldn't acquire it */
(void) table_set_display(table, 0, 1); (void) table_set_display(table, 0, 1);
if (strv_isempty(strv_skip(argv, 1))) char **args = strv_skip(argv, 1);
for (uint32_t pi = 0; pi < _TPM2_PCR_INDEX_MAX_DEFINED; pi++) { if (args) {
r = add_pcr_to_table(table, alg, pi); STRV_FOREACH(arg, args) {
if (r < 0)
return r;
}
else {
for (int i = 1; i < argc; i++) {
int pi; int pi;
pi = tpm2_pcr_index_from_string(argv[i]); pi = tpm2_pcr_index_from_string(*arg);
if (pi < 0) if (pi < 0)
return log_error_errno(pi, "PCR index \"%s\" not known.", argv[i]); return log_error_errno(pi, "PCR index \"%s\" not known.", *arg);
r = add_pcr_to_table(table, alg, pi); r = add_pcr_to_table(table, alg, pi);
if (r < 0) if (r < 0)
@ -134,7 +129,12 @@ int verb_pcrs(int argc, char *argv[], void *userdata) {
} }
(void) table_set_sort(table, (size_t) 0); (void) table_set_sort(table, (size_t) 0);
} } else
for (uint32_t pi = 0; pi < _TPM2_PCR_INDEX_MAX_DEFINED; pi++) {
r = add_pcr_to_table(table, alg, pi);
if (r < 0)
return r;
}
r = table_print_with_pager(table, arg_json_format_flags, arg_pager_flags, /* show_header= */true); r = table_print_with_pager(table, arg_json_format_flags, arg_pager_flags, /* show_header= */true);
if (r < 0) if (r < 0)

View File

@ -103,12 +103,30 @@ static void dump_syscall_filter(const SyscallFilterSet *set) {
} }
int verb_syscall_filters(int argc, char *argv[], void *userdata) { int verb_syscall_filters(int argc, char *argv[], void *userdata) {
bool first = true;
int r; int r;
pager_open(arg_pager_flags); pager_open(arg_pager_flags);
if (strv_isempty(strv_skip(argv, 1))) { char **args = strv_skip(argv, 1);
if (args)
STRV_FOREACH(name, args) {
const SyscallFilterSet *set;
if (name != args)
puts("");
set = syscall_filter_set_find(*name);
if (!set) {
/* make sure the error appears below normal output */
fflush(stdout);
return log_error_errno(SYNTHETIC_ERRNO(ENOENT),
"Filter set \"%s\" not found.", *name);
}
dump_syscall_filter(set);
}
else {
_cleanup_set_free_ Set *kernel = NULL, *known = NULL; _cleanup_set_free_ Set *kernel = NULL, *known = NULL;
int k = 0; /* explicit initialization to appease gcc */ int k = 0; /* explicit initialization to appease gcc */
@ -121,27 +139,24 @@ int verb_syscall_filters(int argc, char *argv[], void *userdata) {
for (int i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) { for (int i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) {
const SyscallFilterSet *set = syscall_filter_sets + i; const SyscallFilterSet *set = syscall_filter_sets + i;
if (!first) if (i > 0)
puts(""); puts("");
dump_syscall_filter(set); dump_syscall_filter(set);
syscall_set_remove(kernel, set); syscall_set_remove(kernel, set);
if (i != SYSCALL_FILTER_SET_KNOWN) if (i != SYSCALL_FILTER_SET_KNOWN)
syscall_set_remove(known, set); syscall_set_remove(known, set);
first = false;
} }
if (arg_quiet) /* Let's not show the extra stuff in quiet mode */ if (arg_quiet) /* Let's not show the extra stuff in quiet mode */
return 0; return 0;
if (!set_isempty(known)) { if (!set_isempty(known)) {
_cleanup_free_ char **l = NULL;
printf("\n" printf("\n"
"# %sUngrouped System Calls%s (known but not included in any of the groups except @known):\n", "# %sUngrouped System Calls%s (known but not included in any of the groups except @known):\n",
ansi_highlight(), ansi_normal()); ansi_highlight(), ansi_normal());
l = set_get_strv(known); _cleanup_free_ char **l = set_get_strv(known);
if (!l) if (!l)
return log_oom(); return log_oom();
@ -157,13 +172,11 @@ int verb_syscall_filters(int argc, char *argv[], void *userdata) {
if (!arg_quiet) if (!arg_quiet)
log_notice_errno(k, "# Not showing unlisted system calls, couldn't retrieve kernel system call list: %m"); log_notice_errno(k, "# Not showing unlisted system calls, couldn't retrieve kernel system call list: %m");
} else if (!set_isempty(kernel)) { } else if (!set_isempty(kernel)) {
_cleanup_free_ char **l = NULL;
printf("\n" printf("\n"
"# %sUnlisted System Calls%s (supported by the local kernel, but not included in any of the groups listed above):\n", "# %sUnlisted System Calls%s (supported by the local kernel, but not included in any of the groups listed above):\n",
ansi_highlight(), ansi_normal()); ansi_highlight(), ansi_normal());
l = set_get_strv(kernel); _cleanup_free_ char **l = set_get_strv(kernel);
if (!l) if (!l)
return log_oom(); return log_oom();
@ -172,25 +185,7 @@ int verb_syscall_filters(int argc, char *argv[], void *userdata) {
STRV_FOREACH(syscall, l) STRV_FOREACH(syscall, l)
printf("# %s\n", *syscall); printf("# %s\n", *syscall);
} }
} else }
STRV_FOREACH(name, strv_skip(argv, 1)) {
const SyscallFilterSet *set;
if (!first)
puts("");
set = syscall_filter_set_find(*name);
if (!set) {
/* make sure the error appears below normal output */
fflush(stdout);
return log_error_errno(SYNTHETIC_ERRNO(ENOENT),
"Filter set \"%s\" not found.", *name);
}
dump_syscall_filter(set);
first = false;
}
return EXIT_SUCCESS; return EXIT_SUCCESS;
} }

View File

@ -75,11 +75,12 @@ static int test_timestamp_one(const char *p) {
int verb_timestamp(int argc, char *argv[], void *userdata) { int verb_timestamp(int argc, char *argv[], void *userdata) {
int r = 0; int r = 0;
STRV_FOREACH(p, strv_skip(argv, 1)) { char **args = strv_skip(argv, 1);
RET_GATHER(r, test_timestamp_one(*p)); STRV_FOREACH(arg, args) {
if (arg != args)
puts("");
if (p[1]) RET_GATHER(r, test_timestamp_one(*arg));
putchar('\n');
} }
return r; return r;

View File

@ -956,14 +956,16 @@ bool strv_fnmatch_full(
} }
char** strv_skip(char **l, size_t n) { char** strv_skip(char **l, size_t n) {
while (n > 0) { while (n > 0) {
if (strv_isempty(l)) if (strv_isempty(l))
return l; return NULL;
l++, n--; l++, n--;
} }
/* To simplify callers, always return NULL instead of a zero-item array. */
if (strv_isempty(l))
return NULL;
return l; return l;
} }

View File

@ -547,9 +547,21 @@ static int tree(int argc, char **argv, void *userdata) {
if (r < 0) if (r < 0)
return r; return r;
if (argc <= 1) { char **args = strv_skip(argv, 1);
if (args)
STRV_FOREACH(arg, args) {
if (arg != args)
puts("");
if (args[1]) {
pager_open(arg_pager_flags);
printf("Service %s%s%s:\n", ansi_highlight(), *arg, ansi_normal());
}
RET_GATHER(r, tree_one(bus, *arg));
}
else {
_cleanup_strv_free_ char **names = NULL; _cleanup_strv_free_ char **names = NULL;
bool not_first = false;
r = sd_bus_list_names(bus, &names, NULL); r = sd_bus_list_names(bus, &names, NULL);
if (r < 0) if (r < 0)
@ -557,42 +569,21 @@ static int tree(int argc, char **argv, void *userdata) {
pager_open(arg_pager_flags); pager_open(arg_pager_flags);
STRV_FOREACH(i, names) { STRV_FOREACH(name, names) {
int q; if (!arg_unique && (*name)[0] == ':')
if (!arg_unique && (*i)[0] == ':')
continue; continue;
if (!arg_acquired && (*i)[0] == ':') if (!arg_acquired && (*name)[0] == ':')
continue; continue;
if (not_first) if (name != names)
printf("\n"); puts("");
printf("Service %s%s%s:\n", ansi_highlight(), *i, ansi_normal()); printf("Service %s%s%s:\n", ansi_highlight(), *name, ansi_normal());
q = tree_one(bus, *i); RET_GATHER(r, tree_one(bus, *name));
if (q < 0 && r >= 0)
r = q;
not_first = true;
}
} else
STRV_FOREACH(i, strv_skip(argv, 1)) {
int q;
if (i > argv+1)
printf("\n");
if (argv[2]) {
pager_open(arg_pager_flags);
printf("Service %s%s%s:\n", ansi_highlight(), *i, ansi_normal());
}
q = tree_one(bus, *i);
if (q < 0 && r >= 0)
r = q;
} }
}
return r; return r;
} }

View File

@ -193,7 +193,7 @@ static int help(void) {
"\n%3$sSimple Enrollment:%4$s\n" "\n%3$sSimple Enrollment:%4$s\n"
" --password Enroll a user-supplied password\n" " --password Enroll a user-supplied password\n"
" --recovery-key Enroll a recovery key\n" " --recovery-key Enroll a recovery key\n"
"\n%3$sPKCS11 Enrollment:%4$s\n" "\n%3$sPKCS#11 Enrollment:%4$s\n"
" --pkcs11-token-uri=URI\n" " --pkcs11-token-uri=URI\n"
" Specify PKCS#11 security token URI\n" " Specify PKCS#11 security token URI\n"
"\n%3$sFIDO2 Enrollment:%4$s\n" "\n%3$sFIDO2 Enrollment:%4$s\n"

View File

@ -663,8 +663,9 @@ static int add_root_mount(void) {
r = efi_loader_get_device_part_uuid(NULL); r = efi_loader_get_device_part_uuid(NULL);
if (r == -ENOENT) { if (r == -ENOENT) {
log_notice("EFI loader partition unknown, exiting.\n" log_notice("EFI loader partition unknown, not processing %s.\n"
"(The boot loader did not set EFI variable LoaderDevicePartUUID.)"); "(The boot loader did not set EFI variable LoaderDevicePartUUID.)",
in_initrd() ? "/sysroot" : "/");
return 0; return 0;
} else if (r < 0) } else if (r < 0)
return log_error_errno(r, "Failed to read loader partition UUID: %m"); return log_error_errno(r, "Failed to read loader partition UUID: %m");

View File

@ -691,122 +691,110 @@ static void dump_home_record(UserRecord *hr) {
} }
} }
static char **mangle_user_list(char **list, char ***ret_allocated) { static int inspect_home(sd_bus *bus, const char *name) {
_cleanup_free_ char *myself = NULL; _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
char **l; _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
_cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
_cleanup_(user_record_unrefp) UserRecord *hr = NULL;
const char *json;
int incomplete;
uid_t uid;
int r;
if (!strv_isempty(list)) { r = parse_uid(name, &uid);
*ret_allocated = NULL; if (r < 0) {
return list; if (!valid_user_group_name(name, 0))
} return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid user name '%s'.", name);
myself = getusername_malloc(); r = bus_call_method(bus, bus_mgr, "GetUserRecordByName", &error, &reply, "s", name);
if (!myself) } else
return NULL; r = bus_call_method(bus, bus_mgr, "GetUserRecordByUID", &error, &reply, "u", (uint32_t) uid);
if (r < 0)
return log_error_errno(r, "Failed to inspect home: %s", bus_error_message(&error, r));
l = new(char*, 2); r = sd_bus_message_read(reply, "sbo", &json, &incomplete, NULL);
if (!l) if (r < 0)
return NULL; return bus_log_parse_error(r);
l[0] = TAKE_PTR(myself); r = sd_json_parse(json, SD_JSON_PARSE_SENSITIVE, &v, NULL, NULL);
l[1] = NULL; if (r < 0)
return log_error_errno(r, "Failed to parse JSON identity: %m");
*ret_allocated = l; hr = user_record_new();
return l; if (!hr)
return log_oom();
r = user_record_load(hr, v, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_LOG|USER_RECORD_PERMISSIVE);
if (r < 0)
return r;
hr->incomplete = incomplete;
dump_home_record(hr);
return 0;
} }
static int inspect_home(int argc, char *argv[], void *userdata) { static int inspect_homes(int argc, char *argv[], void *userdata) {
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
_cleanup_strv_free_ char **mangled_list = NULL; int r;
int r, ret = 0;
char **items;
pager_open(arg_pager_flags);
r = acquire_bus(&bus); r = acquire_bus(&bus);
if (r < 0) if (r < 0)
return r; return r;
items = mangle_user_list(strv_skip(argv, 1), &mangled_list); pager_open(arg_pager_flags);
if (!items)
return log_oom();
STRV_FOREACH(i, items) { char **args = strv_skip(argv, 1);
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; if (args) {
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; _cleanup_free_ char *myself = getusername_malloc();
_cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL; if (!myself)
_cleanup_(user_record_unrefp) UserRecord *hr = NULL;
const char *json;
int incomplete;
uid_t uid;
r = parse_uid(*i, &uid);
if (r < 0) {
if (!valid_user_group_name(*i, 0)) {
log_error("Invalid user name '%s'.", *i);
if (ret == 0)
ret = -EINVAL;
continue;
}
r = bus_call_method(bus, bus_mgr, "GetUserRecordByName", &error, &reply, "s", *i);
} else
r = bus_call_method(bus, bus_mgr, "GetUserRecordByUID", &error, &reply, "u", (uint32_t) uid);
if (r < 0) {
log_error_errno(r, "Failed to inspect home: %s", bus_error_message(&error, r));
if (ret == 0)
ret = r;
continue;
}
r = sd_bus_message_read(reply, "sbo", &json, &incomplete, NULL);
if (r < 0) {
bus_log_parse_error(r);
if (ret == 0)
ret = r;
continue;
}
r = sd_json_parse(json, SD_JSON_PARSE_SENSITIVE, &v, NULL, NULL);
if (r < 0) {
log_error_errno(r, "Failed to parse JSON identity: %m");
if (ret == 0)
ret = r;
continue;
}
hr = user_record_new();
if (!hr)
return log_oom(); return log_oom();
r = user_record_load(hr, v, USER_RECORD_LOAD_REFUSE_SECRET|USER_RECORD_LOG|USER_RECORD_PERMISSIVE); return inspect_home(bus, myself);
if (r < 0) { } else {
if (ret == 0) STRV_FOREACH(arg, args)
ret = r; RET_GATHER(r, inspect_home(bus, *arg));
continue; return r;
}
hr->incomplete = incomplete;
dump_home_record(hr);
} }
return ret;
} }
static int authenticate_home(int argc, char *argv[], void *userdata) { static int authenticate_home(sd_bus *bus, const char *name) {
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; _cleanup_(user_record_unrefp) UserRecord *secret = NULL;
_cleanup_strv_free_ char **mangled_list = NULL; int r;
int r, ret = 0;
char **items;
items = mangle_user_list(strv_skip(argv, 1), &mangled_list); r = acquire_passed_secrets(name, &secret);
if (!items) if (r < 0)
return log_oom(); return r;
for (;;) {
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
_cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
r = bus_message_new_method_call(bus, &m, bus_mgr, "AuthenticateHome");
if (r < 0)
return bus_log_create_error(r);
r = sd_bus_message_append(m, "s", name);
if (r < 0)
return bus_log_create_error(r);
r = bus_message_append_secret(m, secret);
if (r < 0)
return bus_log_create_error(r);
r = sd_bus_call(bus, m, HOME_SLOW_BUS_CALL_TIMEOUT_USEC, &error, NULL);
if (r < 0) {
r = handle_generic_user_record_error(name, secret, &error, r, false);
if (r >= 0)
continue;
}
return r;
}
}
static int authenticate_homes(int argc, char *argv[], void *userdata) {
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
int r;
r = acquire_bus(&bus); r = acquire_bus(&bus);
if (r < 0) if (r < 0)
@ -814,44 +802,19 @@ static int authenticate_home(int argc, char *argv[], void *userdata) {
(void) polkit_agent_open_if_enabled(arg_transport, arg_ask_password); (void) polkit_agent_open_if_enabled(arg_transport, arg_ask_password);
STRV_FOREACH(i, items) { char **args = strv_skip(argv, 1);
_cleanup_(user_record_unrefp) UserRecord *secret = NULL; if (args) {
_cleanup_free_ char *myself = getusername_malloc();
if (!myself)
return log_oom();
r = acquire_passed_secrets(*i, &secret); return authenticate_home(bus, myself);
if (r < 0) } else {
return r; STRV_FOREACH(arg, args)
RET_GATHER(r, authenticate_home(bus, *arg));
for (;;) { return r;
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
_cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
r = bus_message_new_method_call(bus, &m, bus_mgr, "AuthenticateHome");
if (r < 0)
return bus_log_create_error(r);
r = sd_bus_message_append(m, "s", *i);
if (r < 0)
return bus_log_create_error(r);
r = bus_message_append_secret(m, secret);
if (r < 0)
return bus_log_create_error(r);
r = sd_bus_call(bus, m, HOME_SLOW_BUS_CALL_TIMEOUT_USEC, &error, NULL);
if (r < 0) {
r = handle_generic_user_record_error(*i, secret, &error, r, false);
if (r < 0) {
if (ret == 0)
ret = r;
break;
}
} else
break;
}
} }
return ret;
} }
static int update_last_change(sd_json_variant **v, bool with_password, bool override) { static int update_last_change(sd_json_variant **v, bool with_password, bool override) {
@ -4727,8 +4690,8 @@ static int run(int argc, char *argv[]) {
{ "list", VERB_ANY, 1, VERB_DEFAULT, list_homes }, { "list", VERB_ANY, 1, VERB_DEFAULT, list_homes },
{ "activate", 2, VERB_ANY, 0, activate_home }, { "activate", 2, VERB_ANY, 0, activate_home },
{ "deactivate", 2, VERB_ANY, 0, deactivate_home }, { "deactivate", 2, VERB_ANY, 0, deactivate_home },
{ "inspect", VERB_ANY, VERB_ANY, 0, inspect_home }, { "inspect", VERB_ANY, VERB_ANY, 0, inspect_homes },
{ "authenticate", VERB_ANY, VERB_ANY, 0, authenticate_home }, { "authenticate", VERB_ANY, VERB_ANY, 0, authenticate_homes },
{ "create", VERB_ANY, 2, 0, create_home }, { "create", VERB_ANY, 2, 0, create_home },
{ "remove", 2, VERB_ANY, 0, remove_home }, { "remove", 2, VERB_ANY, 0, remove_home },
{ "update", VERB_ANY, 2, 0, update_home }, { "update", VERB_ANY, 2, 0, update_home },

View File

@ -133,17 +133,7 @@ static int verb_show(int argc, char **argv, void *userdata) {
int r; int r;
argv = strv_skip(argv, 1); argv = strv_skip(argv, 1);
if (strv_isempty(argv)) { if (argv)
if (!sd_id128_is_null(arg_app))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"'show --app-specific=' can only be used with explicit UUID input.");
for (const GptPartitionType *e = gpt_partition_type_table; e->name; e++) {
r = show_one(&table, e->name, e->uuid, e == gpt_partition_type_table);
if (r < 0)
return r;
}
} else
STRV_FOREACH(p, argv) { STRV_FOREACH(p, argv) {
sd_id128_t uuid; sd_id128_t uuid;
const char *id = NULL; const char *id = NULL;
@ -171,6 +161,17 @@ static int verb_show(int argc, char **argv, void *userdata) {
if (r < 0) if (r < 0)
return r; return r;
} }
else {
if (!sd_id128_is_null(arg_app))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"'show --app-specific=' can only be used with explicit UUID input.");
for (const GptPartitionType *e = gpt_partition_type_table; e->name; e++) {
r = show_one(&table, e->name, e->uuid, e == gpt_partition_type_table);
if (r < 0)
return r;
}
}
if (table) { if (table) {
r = table_print_with_pager(table, arg_json_format_flags, arg_pager_flags, arg_legend); r = table_print_with_pager(table, arg_json_format_flags, arg_pager_flags, arg_legend);

View File

@ -152,11 +152,13 @@ static int do_execute(
} }
if (DEBUG_LOGGING) { if (DEBUG_LOGGING) {
_cleanup_free_ char *args = NULL; _cleanup_free_ char *s = NULL;
if (argv)
args = quote_command_line(strv_skip(argv, 1), SHELL_ESCAPE_EMPTY);
log_debug("About to execute %s%s%s", t, argv ? " " : "", argv ? strnull(args) : ""); char **args = strv_skip(argv, 1);
if (args)
s = quote_command_line(args, SHELL_ESCAPE_EMPTY);
log_debug("About to execute %s%s%s", t, args ? " " : "", args ? strnull(s) : "");
} }
if (FLAGS_SET(flags, EXEC_DIR_WARN_WORLD_WRITABLE)) { if (FLAGS_SET(flags, EXEC_DIR_WARN_WORLD_WRITABLE)) {

View File

@ -172,14 +172,14 @@ int verb_list_dependencies(int argc, char *argv[], void *userdata) {
return r; return r;
patterns = strv_skip(argv, 1); patterns = strv_skip(argv, 1);
if (strv_isempty(patterns)) { if (patterns) {
units = strv_new(SPECIAL_DEFAULT_TARGET);
if (!units)
return log_oom();
} else {
r = expand_unit_names(bus, patterns, NULL, &units, NULL); r = expand_unit_names(bus, patterns, NULL, &units, NULL);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to expand names: %m"); return log_error_errno(r, "Failed to expand names: %m");
} else {
units = strv_new(SPECIAL_DEFAULT_TARGET);
if (!units)
return log_oom();
} }
pager_open(arg_pager_flags); pager_open(arg_pager_flags);

View File

@ -20,15 +20,13 @@
*/ */
static int run(int argc, char **argv) { static int run(int argc, char **argv) {
_cleanup_close_ int fd = -EBADF;
char **args = strv_skip(argv, 1);
int r; int r;
test_setup_logging(LOG_DEBUG); test_setup_logging(LOG_DEBUG);
args = !strv_isempty(args) ? args : STRV_MAKE("/bin/true"); char **args = strv_skip(argv, 1) ?: STRV_MAKE("/bin/true");
fd = open(args[0], O_RDONLY | O_CLOEXEC); _cleanup_close_ int fd = open(args[0], O_RDONLY | O_CLOEXEC);
if (fd < 0) if (fd < 0)
return log_error_errno(errno, "open(%s) failed: %m", args[0]); return log_error_errno(errno, "open(%s) failed: %m", args[0]);

View File

@ -1004,17 +1004,21 @@ TEST(strv_skip) {
test_strv_skip_one(STRV_MAKE("foo", "bar", "baz"), 0, STRV_MAKE("foo", "bar", "baz")); test_strv_skip_one(STRV_MAKE("foo", "bar", "baz"), 0, STRV_MAKE("foo", "bar", "baz"));
test_strv_skip_one(STRV_MAKE("foo", "bar", "baz"), 1, STRV_MAKE("bar", "baz")); test_strv_skip_one(STRV_MAKE("foo", "bar", "baz"), 1, STRV_MAKE("bar", "baz"));
test_strv_skip_one(STRV_MAKE("foo", "bar", "baz"), 2, STRV_MAKE("baz")); test_strv_skip_one(STRV_MAKE("foo", "bar", "baz"), 2, STRV_MAKE("baz"));
test_strv_skip_one(STRV_MAKE("foo", "bar", "baz"), 3, STRV_MAKE(NULL)); test_strv_skip_one(STRV_MAKE("foo", "bar", "baz"), 3, NULL);
test_strv_skip_one(STRV_MAKE("foo", "bar", "baz"), 4, STRV_MAKE(NULL)); test_strv_skip_one(STRV_MAKE("foo", "bar", "baz"), 4, NULL);
test_strv_skip_one(STRV_MAKE("foo", "bar", "baz"), 55, STRV_MAKE(NULL)); test_strv_skip_one(STRV_MAKE("foo", "bar", "baz"), 55, NULL);
test_strv_skip_one(STRV_MAKE("quux"), 0, STRV_MAKE("quux")); test_strv_skip_one(STRV_MAKE("quux"), 0, STRV_MAKE("quux"));
test_strv_skip_one(STRV_MAKE("quux"), 1, STRV_MAKE(NULL)); test_strv_skip_one(STRV_MAKE("quux"), 1, NULL);
test_strv_skip_one(STRV_MAKE("quux"), 55, STRV_MAKE(NULL)); test_strv_skip_one(STRV_MAKE("quux"), 55, NULL);
test_strv_skip_one(STRV_MAKE(NULL), 0, STRV_MAKE(NULL)); test_strv_skip_one(STRV_MAKE(NULL), 0, NULL);
test_strv_skip_one(STRV_MAKE(NULL), 1, STRV_MAKE(NULL)); test_strv_skip_one(STRV_MAKE(NULL), 1, NULL);
test_strv_skip_one(STRV_MAKE(NULL), 55, STRV_MAKE(NULL)); test_strv_skip_one(STRV_MAKE(NULL), 55, NULL);
test_strv_skip_one(NULL, 0, NULL);
test_strv_skip_one(NULL, 1, NULL);
test_strv_skip_one(NULL, 55, NULL);
} }
TEST(strv_extend_n) { TEST(strv_extend_n) {

View File

@ -35,7 +35,10 @@ static int builtin_kmod(UdevEvent *event, int argc, char *argv[]) {
"%s: expected: load [module…]", argv[0]); "%s: expected: load [module…]", argv[0]);
char **modules = strv_skip(argv, 2); char **modules = strv_skip(argv, 2);
if (strv_isempty(modules)) { if (modules)
STRV_FOREACH(module, modules)
(void) module_load_and_warn(ctx, *module, /* verbose = */ false);
else {
const char *modalias; const char *modalias;
r = sd_device_get_property_value(dev, "MODALIAS", &modalias); r = sd_device_get_property_value(dev, "MODALIAS", &modalias);
@ -43,9 +46,7 @@ static int builtin_kmod(UdevEvent *event, int argc, char *argv[]) {
return log_device_warning_errno(dev, r, "Failed to read property \"MODALIAS\": %m"); return log_device_warning_errno(dev, r, "Failed to read property \"MODALIAS\": %m");
(void) module_load_and_warn(ctx, modalias, /* verbose = */ false); (void) module_load_and_warn(ctx, modalias, /* verbose = */ false);
} else }
STRV_FOREACH(module, modules)
(void) module_load_and_warn(ctx, *module, /* verbose = */ false);
return 0; return 0;
} }

View File

@ -630,7 +630,7 @@ static int run(int argc, char **argv) {
} else { } else {
fd = find_source_vc(&vc, &idx); fd = find_source_vc(&vc, &idx);
if (fd < 0 && fd != -EBUSY) if (fd < 0 && fd != -EBUSY)
return log_error_errno(fd, "No usable source console found: %m"); return log_error_errno(fd, "No virtual console that can be configured found: %m");
} }
utf8 = is_locale_utf8(); utf8 = is_locale_utf8();
@ -640,7 +640,7 @@ static int run(int argc, char **argv) {
/* We found only busy VCs, which might happen during the boot process when the boot splash is /* We found only busy VCs, which might happen during the boot process when the boot splash is
* displayed on the only allocated VC. In this case we don't interfere and avoid initializing * displayed on the only allocated VC. In this case we don't interfere and avoid initializing
* the VC partially as some operations are likely to fail. */ * the VC partially as some operations are likely to fail. */
log_notice("All allocated VCs are currently busy, skipping initialization of font and keyboard settings."); log_notice("All allocated virtual consoles are busy, will not configure key mapping and font.");
return EXIT_SUCCESS; return EXIT_SUCCESS;
} }
@ -664,7 +664,7 @@ static int run(int argc, char **argv) {
setup_remaining_vcs(fd, idx, utf8); setup_remaining_vcs(fd, idx, utf8);
else else
log_full(r == EX_OSERR ? LOG_NOTICE : LOG_WARNING, log_full(r == EX_OSERR ? LOG_NOTICE : LOG_WARNING,
"Setting source virtual console failed, ignoring remaining ones."); "Configuration of first virtual console failed, ignoring remaining ones.");
} }
return IN_SET(r, 0, EX_OSERR) && keyboard_ok ? EXIT_SUCCESS : EXIT_FAILURE; return IN_SET(r, 0, EX_OSERR) && keyboard_ok ? EXIT_SUCCESS : EXIT_FAILURE;