Compare commits
5 Commits
ce416f425c
...
a8cff0034c
Author | SHA1 | Date |
---|---|---|
Zbigniew Jędrzejewski-Szmek | a8cff0034c | |
Zbigniew Jędrzejewski-Szmek | c3b22a92a9 | |
Zbigniew Jędrzejewski-Szmek | fac2166359 | |
Zbigniew Jędrzejewski-Szmek | 3d58d7328a | |
Ciprian Hacman | 3dadb54f5f |
|
@ -165,7 +165,9 @@
|
||||||
<term><option>--key=</option></term>
|
<term><option>--key=</option></term>
|
||||||
|
|
||||||
<listitem><para>
|
<listitem><para>
|
||||||
Takes a path to a SSL key file in PEM format.
|
Takes a path to a SSL key file in PEM format, or <option>-</option>.
|
||||||
|
If <option>-</option> is set, then client certificate authentication checking
|
||||||
|
will be disabled.
|
||||||
Defaults to <filename>&CERTIFICATE_ROOT;/private/journal-upload.pem</filename>.
|
Defaults to <filename>&CERTIFICATE_ROOT;/private/journal-upload.pem</filename>.
|
||||||
</para></listitem>
|
</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
@ -174,7 +176,9 @@
|
||||||
<term><option>--cert=</option></term>
|
<term><option>--cert=</option></term>
|
||||||
|
|
||||||
<listitem><para>
|
<listitem><para>
|
||||||
Takes a path to a SSL certificate file in PEM format.
|
Takes a path to a SSL certificate file in PEM format, or <option>-</option>.
|
||||||
|
If <option>-</option> is set, then client certificate authentication checking
|
||||||
|
will be disabled.
|
||||||
Defaults to <filename>&CERTIFICATE_ROOT;/certs/journal-upload.pem</filename>.
|
Defaults to <filename>&CERTIFICATE_ROOT;/certs/journal-upload.pem</filename>.
|
||||||
</para></listitem>
|
</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
@ -183,9 +187,8 @@
|
||||||
<term><option>--trust=</option></term>
|
<term><option>--trust=</option></term>
|
||||||
|
|
||||||
<listitem><para>
|
<listitem><para>
|
||||||
Takes a path to a SSL CA certificate file in PEM format,
|
Takes a path to a SSL CA certificate file in PEM format, or <option>-</option>/<option>all</option>.
|
||||||
or <option>all</option>. If <option>all</option> is set,
|
If <option>-</option>/<option>all</option> is set, then certificate checking will be disabled.
|
||||||
then certificate checking will be disabled.
|
|
||||||
Defaults to <filename>&CERTIFICATE_ROOT;/ca/trusted.pem</filename>.
|
Defaults to <filename>&CERTIFICATE_ROOT;/ca/trusted.pem</filename>.
|
||||||
</para></listitem>
|
</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
|
@ -23,6 +23,7 @@
|
||||||
#include "main-func.h"
|
#include "main-func.h"
|
||||||
#include "mkdir.h"
|
#include "mkdir.h"
|
||||||
#include "parse-util.h"
|
#include "parse-util.h"
|
||||||
|
#include "path-util.h"
|
||||||
#include "pretty-print.h"
|
#include "pretty-print.h"
|
||||||
#include "process-util.h"
|
#include "process-util.h"
|
||||||
#include "rlimit-util.h"
|
#include "rlimit-util.h"
|
||||||
|
@ -240,14 +241,14 @@ int start_upload(Uploader *u,
|
||||||
"systemd-journal-upload " GIT_VERSION,
|
"systemd-journal-upload " GIT_VERSION,
|
||||||
LOG_WARNING, );
|
LOG_WARNING, );
|
||||||
|
|
||||||
if (arg_key || startswith(u->url, "https://")) {
|
if (!streq_ptr(arg_key, "-") && (arg_key || startswith(u->url, "https://"))) {
|
||||||
easy_setopt(curl, CURLOPT_SSLKEY, arg_key ?: PRIV_KEY_FILE,
|
easy_setopt(curl, CURLOPT_SSLKEY, arg_key ?: PRIV_KEY_FILE,
|
||||||
LOG_ERR, return -EXFULL);
|
LOG_ERR, return -EXFULL);
|
||||||
easy_setopt(curl, CURLOPT_SSLCERT, arg_cert ?: CERT_FILE,
|
easy_setopt(curl, CURLOPT_SSLCERT, arg_cert ?: CERT_FILE,
|
||||||
LOG_ERR, return -EXFULL);
|
LOG_ERR, return -EXFULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (streq_ptr(arg_trust, "all"))
|
if (STRPTR_IN_SET(arg_trust, "-", "all"))
|
||||||
easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0,
|
easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0,
|
||||||
LOG_ERR, return -EUCLEAN);
|
LOG_ERR, return -EUCLEAN);
|
||||||
else if (arg_trust || startswith(u->url, "https://"))
|
else if (arg_trust || startswith(u->url, "https://"))
|
||||||
|
@ -515,12 +516,52 @@ static int perform_upload(Uploader *u) {
|
||||||
return update_cursor_state(u);
|
return update_cursor_state(u);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int config_parse_path_or_ignore(
|
||||||
|
const char *unit,
|
||||||
|
const char *filename,
|
||||||
|
unsigned line,
|
||||||
|
const char *section,
|
||||||
|
unsigned section_line,
|
||||||
|
const char *lvalue,
|
||||||
|
int ltype,
|
||||||
|
const char *rvalue,
|
||||||
|
void *data,
|
||||||
|
void *userdata) {
|
||||||
|
|
||||||
|
_cleanup_free_ char *n = NULL;
|
||||||
|
bool fatal = ltype;
|
||||||
|
char **s = data;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
assert(filename);
|
||||||
|
assert(lvalue);
|
||||||
|
assert(rvalue);
|
||||||
|
assert(data);
|
||||||
|
|
||||||
|
if (isempty(rvalue))
|
||||||
|
goto finalize;
|
||||||
|
|
||||||
|
n = strdup(rvalue);
|
||||||
|
if (!n)
|
||||||
|
return log_oom();
|
||||||
|
|
||||||
|
if (streq(n, "-"))
|
||||||
|
goto finalize;
|
||||||
|
|
||||||
|
r = path_simplify_and_warn(n, PATH_CHECK_ABSOLUTE | (fatal ? PATH_CHECK_FATAL : 0), unit, filename, line, lvalue);
|
||||||
|
if (r < 0)
|
||||||
|
return fatal ? -ENOEXEC : 0;
|
||||||
|
|
||||||
|
finalize:
|
||||||
|
return free_and_replace(*s, n);
|
||||||
|
}
|
||||||
|
|
||||||
static int parse_config(void) {
|
static int parse_config(void) {
|
||||||
const ConfigTableItem items[] = {
|
const ConfigTableItem items[] = {
|
||||||
{ "Upload", "URL", config_parse_string, 0, &arg_url },
|
{ "Upload", "URL", config_parse_string, 0, &arg_url },
|
||||||
{ "Upload", "ServerKeyFile", config_parse_path, 0, &arg_key },
|
{ "Upload", "ServerKeyFile", config_parse_path_or_ignore, 0, &arg_key },
|
||||||
{ "Upload", "ServerCertificateFile", config_parse_path, 0, &arg_cert },
|
{ "Upload", "ServerCertificateFile", config_parse_path_or_ignore, 0, &arg_cert },
|
||||||
{ "Upload", "TrustedCertificateFile", config_parse_path, 0, &arg_trust },
|
{ "Upload", "TrustedCertificateFile", config_parse_path_or_ignore, 0, &arg_trust },
|
||||||
{}};
|
{}};
|
||||||
|
|
||||||
return config_parse_many_nulstr(PKGSYSCONFDIR "/journal-upload.conf",
|
return config_parse_many_nulstr(PKGSYSCONFDIR "/journal-upload.conf",
|
||||||
|
|
|
@ -149,7 +149,10 @@ int config_parse_ip_protocol(
|
||||||
void *data,
|
void *data,
|
||||||
void *userdata) {
|
void *userdata) {
|
||||||
|
|
||||||
uint8_t *protocol = data;
|
uint8_t *ret = data;
|
||||||
|
unsigned protocol;
|
||||||
|
/* linux/fou.h defines the netlink field as one byte, so we need to reject protocols numbers that
|
||||||
|
* don't fit in one byte. */
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
assert(filename);
|
assert(filename);
|
||||||
|
@ -158,19 +161,26 @@ int config_parse_ip_protocol(
|
||||||
assert(rvalue);
|
assert(rvalue);
|
||||||
assert(data);
|
assert(data);
|
||||||
|
|
||||||
assert_cc(IPPROTO_MAX-1 <= UINT8_MAX);
|
|
||||||
|
|
||||||
r = parse_ip_protocol(rvalue);
|
r = parse_ip_protocol(rvalue);
|
||||||
if (r < 0) {
|
if (r >= 0)
|
||||||
r = safe_atou8(rvalue, protocol);
|
protocol = r;
|
||||||
|
else {
|
||||||
|
r = safe_atou(rvalue, &protocol);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
log_syntax(unit, LOG_ERR, filename, line, r,
|
log_syntax(unit, LOG_ERR, filename, line, r,
|
||||||
"Failed to parse IP protocol '%s' for Foo over UDP tunnel, "
|
"Failed to parse IP protocol '%s' for FooOverUDP tunnel, "
|
||||||
"ignoring assignment: %m", rvalue);
|
"ignoring assignment: %m", rvalue);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
*protocol = r;
|
if (protocol > UINT8_MAX) {
|
||||||
|
log_syntax(unit, LOG_ERR, filename, line, 0,
|
||||||
|
"IP protocol '%s' for FooOverUDP tunnel out of range, "
|
||||||
|
"ignoring assignment: %m", rvalue);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
*ret = protocol;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -203,7 +213,7 @@ int config_parse_fou_tunnel_address(
|
||||||
r = in_addr_from_string_auto(rvalue, f, addr);
|
r = in_addr_from_string_auto(rvalue, f, addr);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
log_syntax(unit, LOG_ERR, filename, line, r,
|
log_syntax(unit, LOG_ERR, filename, line, r,
|
||||||
"Foo over UDP tunnel '%s' address is invalid, ignoring assignment: %s",
|
"FooOverUDP tunnel '%s' address is invalid, ignoring assignment: %s",
|
||||||
lvalue, rvalue);
|
lvalue, rvalue);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
Loading…
Reference in New Issue