Compare commits
28 Commits
f77d6ec953
...
47b04ef632
| Author | SHA1 | Date |
|---|---|---|
Zbigniew Jędrzejewski-Szmek
|
47b04ef632 | |
|
Lennart Poettering
|
004cfad218 | |
|
Zbigniew Jędrzejewski-Szmek
|
2c0e46735b | |
|
Lennart Poettering
|
895abf3fdd | |
|
Renaud Métrich
|
3e5f04bf64 | |
|
Zbigniew Jędrzejewski-Szmek
|
ceaf24d4d3 | |
|
Zbigniew Jędrzejewski-Szmek
|
5c0b738012 | |
|
Zbigniew Jędrzejewski-Szmek
|
e60775cb7b | |
|
Zbigniew Jędrzejewski-Szmek
|
4d7f51756a | |
|
Zbigniew Jędrzejewski-Szmek
|
ea9afe0064 | |
|
Zbigniew Jędrzejewski-Szmek
|
80ab31a435 | |
|
Christian Göttsche
|
63e00ccd8e | |
|
Christian Göttsche
|
45ae2f725e | |
|
Christian Göttsche
|
a3f5fd964b | |
|
Zbigniew Jędrzejewski-Szmek
|
8a35af80fc | |
|
Zbigniew Jędrzejewski-Szmek
|
e4126adf45 | |
|
Zbigniew Jędrzejewski-Szmek
|
1f25c71d9d | |
|
Susant Sahani
|
b7847e05f5 | |
|
Tobias Kaufmann
|
dbdc4098f6 | |
|
Tobias Kaufmann
|
57d4d284c9 | |
|
Zbigniew Jędrzejewski-Szmek
|
e12b6e1951 | |
|
Zbigniew Jędrzejewski-Szmek
|
77472d06a4 | |
|
Zbigniew Jędrzejewski-Szmek
|
f7dc8248d3 | |
|
Zbigniew Jędrzejewski-Szmek
|
4fcc9c4962 | |
|
Zbigniew Jędrzejewski-Szmek
|
c4651e3156 | |
|
Zbigniew Jędrzejewski-Szmek
|
52d3fbc83f | |
|
Zbigniew Jędrzejewski-Szmek
|
31be0e9e00 | |
|
Zbigniew Jędrzejewski-Szmek
|
8f796e40a5 |
3
TODO
3
TODO
|
|
@ -4,6 +4,9 @@ Bugfixes:
|
|||
manager or system manager can be always set. It would be better to reject
|
||||
them when parsing config.
|
||||
|
||||
* userdbctl: "Password OK: yes" is shown even when there are no passwords
|
||||
or the password is locked.
|
||||
|
||||
External:
|
||||
|
||||
* Fedora: add an rpmlint check that verifies that all unit files in the RPM are listed in %systemd_post macros.
|
||||
|
|
|
|||
|
|
@ -415,6 +415,7 @@ Most socket unit settings are available to transient units.
|
|||
✓ SocketMode=
|
||||
✓ DirectoryMode=
|
||||
✓ Accept=
|
||||
✓ FlushPending=
|
||||
✓ Writable=
|
||||
✓ MaxConnections=
|
||||
✓ MaxConnectionsPerSource=
|
||||
|
|
|
|||
|
|
@ -3950,6 +3950,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
|
|||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly u NRefused = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly u FlushPending = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
|
||||
readonly s FileDescriptorName = '...';
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
|
||||
readonly i SocketProtocol = ...;
|
||||
|
|
@ -5031,6 +5033,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
|
|||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="NRefused"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="FlushPending"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="FileDescriptorName"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="SocketProtocol"/>
|
||||
|
|
@ -5508,6 +5512,10 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
|
|||
meaning as they have for the corresponding field of service units (see above). In addition to that,
|
||||
the value <literal>service-failed-permanent</literal> indicates that the service of this socket failed
|
||||
continuously.</para>
|
||||
|
||||
<para><varname>FlushPending</varname> specifies whether to flush the socket
|
||||
just before entering the listening state. This setting only applies to sockets with
|
||||
<varname>Accept=</varname> set to <literal>no</literal>.</para>
|
||||
</refsect2>
|
||||
</refsect1>
|
||||
|
||||
|
|
|
|||
|
|
@ -427,6 +427,18 @@
|
|||
false, in read-only mode. Defaults to false.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>FlushPending=</varname></term>
|
||||
<listitem><para>Takes a boolean argument. May only be used when
|
||||
<option>Accept=no</option>. If yes, the socket's buffers are cleared after the
|
||||
triggered service exited. This causes any pending data to be
|
||||
flushed and any pending incoming connections to be rejected. If no, the
|
||||
socket's buffers won't be cleared, permitting the service to handle any
|
||||
pending connections after restart, which is the usually expected behaviour.
|
||||
Defaults to <option>no</option>.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>MaxConnections=</varname></term>
|
||||
<listitem><para>The maximum number of connections to
|
||||
|
|
|
|||
|
|
@ -59,7 +59,13 @@
|
|||
user friendly, human readable output is generated; if <literal>table</literal> a minimal, tabular
|
||||
output is generated; if <literal>json</literal> a JSON formatted output is generated. Defaults to
|
||||
<literal>friendly</literal> if a user/group is specified on the command line,
|
||||
<literal>table</literal> otherwise.</para></listitem>
|
||||
<literal>table</literal> otherwise.</para>
|
||||
|
||||
<para>Note that most output formats do not show all available information. In particular,
|
||||
<literal>classic</literal> and <literal>table</literal> show only the most important fields. Various
|
||||
modes also do not show password hashes. Use <literal>json</literal> to view all fields, including
|
||||
any authentication fields.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
|
|||
|
|
@ -161,28 +161,21 @@ int capability_ambient_set_apply(uint64_t set, bool also_inherit) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
int capability_bounding_set_drop(uint64_t keep, bool right_now) {
|
||||
_cleanup_cap_free_ cap_t before_cap = NULL, after_cap = NULL;
|
||||
int capability_gain_cap_setpcap(cap_t *ret_before_caps) {
|
||||
_cleanup_cap_free_ cap_t caps = NULL;
|
||||
cap_flag_value_t fv;
|
||||
int r;
|
||||
|
||||
/* If we are run as PID 1 we will lack CAP_SETPCAP by default
|
||||
* in the effective set (yes, the kernel drops that when
|
||||
* executing init!), so get it back temporarily so that we can
|
||||
* call PR_CAPBSET_DROP. */
|
||||
|
||||
before_cap = cap_get_proc();
|
||||
if (!before_cap)
|
||||
caps = cap_get_proc();
|
||||
if (!caps)
|
||||
return -errno;
|
||||
|
||||
if (cap_get_flag(before_cap, CAP_SETPCAP, CAP_EFFECTIVE, &fv) < 0)
|
||||
if (cap_get_flag(caps, CAP_SETPCAP, CAP_EFFECTIVE, &fv) < 0)
|
||||
return -errno;
|
||||
|
||||
if (fv != CAP_SET) {
|
||||
_cleanup_cap_free_ cap_t temp_cap = NULL;
|
||||
static const cap_value_t v = CAP_SETPCAP;
|
||||
|
||||
temp_cap = cap_dup(before_cap);
|
||||
temp_cap = cap_dup(caps);
|
||||
if (!temp_cap)
|
||||
return -errno;
|
||||
|
||||
|
|
@ -193,8 +186,27 @@ int capability_bounding_set_drop(uint64_t keep, bool right_now) {
|
|||
log_debug_errno(errno, "Can't acquire effective CAP_SETPCAP bit, ignoring: %m");
|
||||
|
||||
/* If we didn't manage to acquire the CAP_SETPCAP bit, we continue anyway, after all this just means
|
||||
* we'll fail later, when we actually intend to drop some capabilities. */
|
||||
* we'll fail later, when we actually intend to drop some capabilities or try to set securebits. */
|
||||
}
|
||||
if (ret_before_caps)
|
||||
/* Return the capabilities as they have been before setting CAP_SETPCAP */
|
||||
*ret_before_caps = TAKE_PTR(caps);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int capability_bounding_set_drop(uint64_t keep, bool right_now) {
|
||||
_cleanup_cap_free_ cap_t before_cap = NULL, after_cap = NULL;
|
||||
int r;
|
||||
|
||||
/* If we are run as PID 1 we will lack CAP_SETPCAP by default
|
||||
* in the effective set (yes, the kernel drops that when
|
||||
* executing init!), so get it back temporarily so that we can
|
||||
* call PR_CAPBSET_DROP. */
|
||||
|
||||
r = capability_gain_cap_setpcap(&before_cap);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
after_cap = cap_dup(before_cap);
|
||||
if (!after_cap)
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@
|
|||
|
||||
unsigned cap_last_cap(void);
|
||||
int have_effective_cap(int value);
|
||||
int capability_gain_cap_setpcap(cap_t *return_caps);
|
||||
int capability_bounding_set_drop(uint64_t keep, bool right_now);
|
||||
int capability_bounding_set_drop_usermode(uint64_t keep);
|
||||
|
||||
|
|
|
|||
|
|
@ -75,7 +75,7 @@ int cescape_char(char c, char *buf) {
|
|||
return buf - buf_old;
|
||||
}
|
||||
|
||||
char *cescape_length(const char *s, size_t n) {
|
||||
char* cescape_length(const char *s, size_t n) {
|
||||
const char *f;
|
||||
char *r, *t;
|
||||
|
||||
|
|
@ -96,7 +96,7 @@ char *cescape_length(const char *s, size_t n) {
|
|||
return r;
|
||||
}
|
||||
|
||||
char *cescape(const char *s) {
|
||||
char* cescape(const char *s) {
|
||||
assert(s);
|
||||
|
||||
return cescape_length(s, strlen(s));
|
||||
|
|
@ -360,7 +360,7 @@ int cunescape_length_with_prefix(const char *s, size_t length, const char *prefi
|
|||
return t - r;
|
||||
}
|
||||
|
||||
char *xescape_full(const char *s, const char *bad, size_t console_width, bool eight_bits) {
|
||||
char* xescape_full(const char *s, const char *bad, size_t console_width, bool eight_bits) {
|
||||
char *ans, *t, *prev, *prev2;
|
||||
const char *f;
|
||||
|
||||
|
|
@ -427,14 +427,14 @@ char *xescape_full(const char *s, const char *bad, size_t console_width, bool ei
|
|||
return ans;
|
||||
}
|
||||
|
||||
char *escape_non_printable_full(const char *str, size_t console_width, bool eight_bit) {
|
||||
char* escape_non_printable_full(const char *str, size_t console_width, bool eight_bit) {
|
||||
if (eight_bit)
|
||||
return xescape_full(str, "", console_width, true);
|
||||
else
|
||||
return utf8_escape_non_printable_full(str, console_width);
|
||||
}
|
||||
|
||||
char *octescape(const char *s, size_t len) {
|
||||
char* octescape(const char *s, size_t len) {
|
||||
char *r, *t;
|
||||
const char *f;
|
||||
|
||||
|
|
@ -462,7 +462,7 @@ char *octescape(const char *s, size_t len) {
|
|||
|
||||
}
|
||||
|
||||
static char *strcpy_backslash_escaped(char *t, const char *s, const char *bad, bool escape_tab_nl) {
|
||||
static char* strcpy_backslash_escaped(char *t, const char *s, const char *bad, bool escape_tab_nl) {
|
||||
assert(bad);
|
||||
|
||||
for (; *s; s++) {
|
||||
|
|
@ -481,7 +481,7 @@ static char *strcpy_backslash_escaped(char *t, const char *s, const char *bad, b
|
|||
return t;
|
||||
}
|
||||
|
||||
char *shell_escape(const char *s, const char *bad) {
|
||||
char* shell_escape(const char *s, const char *bad) {
|
||||
char *r, *t;
|
||||
|
||||
r = new(char, strlen(s)*2+1);
|
||||
|
|
|
|||
|
|
@ -43,8 +43,8 @@ typedef enum EscapeStyle {
|
|||
* syntax (a string enclosed in $'') instead of plain quotes. */
|
||||
} EscapeStyle;
|
||||
|
||||
char *cescape(const char *s);
|
||||
char *cescape_length(const char *s, size_t n);
|
||||
char* cescape(const char *s);
|
||||
char* cescape_length(const char *s, size_t n);
|
||||
int cescape_char(char c, char *buf);
|
||||
|
||||
int cunescape_length_with_prefix(const char *s, size_t length, const char *prefix, UnescapeFlags flags, char **ret);
|
||||
|
|
@ -56,12 +56,12 @@ static inline int cunescape(const char *s, UnescapeFlags flags, char **ret) {
|
|||
}
|
||||
int cunescape_one(const char *p, size_t length, char32_t *ret, bool *eight_bit, bool accept_nul);
|
||||
|
||||
char *xescape_full(const char *s, const char *bad, size_t console_width, bool eight_bits);
|
||||
static inline char *xescape(const char *s, const char *bad) {
|
||||
char* xescape_full(const char *s, const char *bad, size_t console_width, bool eight_bits);
|
||||
static inline char* xescape(const char *s, const char *bad) {
|
||||
return xescape_full(s, bad, SIZE_MAX, false);
|
||||
}
|
||||
char *octescape(const char *s, size_t len);
|
||||
char *escape_non_printable_full(const char *str, size_t console_width, bool eight_bit);
|
||||
char* octescape(const char *s, size_t len);
|
||||
char* escape_non_printable_full(const char *str, size_t console_width, bool eight_bit);
|
||||
|
||||
char *shell_escape(const char *s, const char *bad);
|
||||
char* shell_escape(const char *s, const char *bad);
|
||||
char* shell_maybe_quote(const char *s, EscapeStyle style);
|
||||
|
|
|
|||
|
|
@ -323,12 +323,12 @@ static void n_entries_dec(HashmapBase *h) {
|
|||
h->n_direct_entries--;
|
||||
}
|
||||
|
||||
static void *storage_ptr(HashmapBase *h) {
|
||||
static void* storage_ptr(HashmapBase *h) {
|
||||
return h->has_indirect ? h->indirect.storage
|
||||
: h->direct.storage;
|
||||
}
|
||||
|
||||
static uint8_t *hash_key(HashmapBase *h) {
|
||||
static uint8_t* hash_key(HashmapBase *h) {
|
||||
return h->has_indirect ? h->indirect.hash_key
|
||||
: shared_hash_key;
|
||||
}
|
||||
|
|
@ -371,16 +371,16 @@ static void get_hash_key(uint8_t hash_key[HASH_KEY_SIZE], bool reuse_is_ok) {
|
|||
memcpy(hash_key, current, sizeof(current));
|
||||
}
|
||||
|
||||
static struct hashmap_base_entry *bucket_at(HashmapBase *h, unsigned idx) {
|
||||
static struct hashmap_base_entry* bucket_at(HashmapBase *h, unsigned idx) {
|
||||
return (struct hashmap_base_entry*)
|
||||
((uint8_t*) storage_ptr(h) + idx * hashmap_type_info[h->type].entry_size);
|
||||
}
|
||||
|
||||
static struct plain_hashmap_entry *plain_bucket_at(Hashmap *h, unsigned idx) {
|
||||
static struct plain_hashmap_entry* plain_bucket_at(Hashmap *h, unsigned idx) {
|
||||
return (struct plain_hashmap_entry*) bucket_at(HASHMAP_BASE(h), idx);
|
||||
}
|
||||
|
||||
static struct ordered_hashmap_entry *ordered_bucket_at(OrderedHashmap *h, unsigned idx) {
|
||||
static struct ordered_hashmap_entry* ordered_bucket_at(OrderedHashmap *h, unsigned idx) {
|
||||
return (struct ordered_hashmap_entry*) bucket_at(HASHMAP_BASE(h), idx);
|
||||
}
|
||||
|
||||
|
|
@ -388,13 +388,13 @@ static struct set_entry *set_bucket_at(Set *h, unsigned idx) {
|
|||
return (struct set_entry*) bucket_at(HASHMAP_BASE(h), idx);
|
||||
}
|
||||
|
||||
static struct ordered_hashmap_entry *bucket_at_swap(struct swap_entries *swap, unsigned idx) {
|
||||
static struct ordered_hashmap_entry* bucket_at_swap(struct swap_entries *swap, unsigned idx) {
|
||||
return &swap->e[idx - _IDX_SWAP_BEGIN];
|
||||
}
|
||||
|
||||
/* Returns a pointer to the bucket at index idx.
|
||||
* Understands real indexes and swap indexes, hence "_virtual". */
|
||||
static struct hashmap_base_entry *bucket_at_virtual(HashmapBase *h, struct swap_entries *swap,
|
||||
static struct hashmap_base_entry* bucket_at_virtual(HashmapBase *h, struct swap_entries *swap,
|
||||
unsigned idx) {
|
||||
if (idx < _IDX_SWAP_BEGIN)
|
||||
return bucket_at(h, idx);
|
||||
|
|
@ -405,7 +405,7 @@ static struct hashmap_base_entry *bucket_at_virtual(HashmapBase *h, struct swap_
|
|||
assert_not_reached("Invalid index");
|
||||
}
|
||||
|
||||
static dib_raw_t *dib_raw_ptr(HashmapBase *h) {
|
||||
static dib_raw_t* dib_raw_ptr(HashmapBase *h) {
|
||||
return (dib_raw_t*)
|
||||
((uint8_t*) storage_ptr(h) + hashmap_type_info[h->type].entry_size * n_buckets(h));
|
||||
}
|
||||
|
|
@ -503,7 +503,7 @@ static unsigned prev_idx(HashmapBase *h, unsigned idx) {
|
|||
return (n_buckets(h) + idx - 1U) % n_buckets(h);
|
||||
}
|
||||
|
||||
static void *entry_value(HashmapBase *h, struct hashmap_base_entry *e) {
|
||||
static void* entry_value(HashmapBase *h, struct hashmap_base_entry *e) {
|
||||
switch (h->type) {
|
||||
|
||||
case HASHMAP_TYPE_PLAIN:
|
||||
|
|
@ -730,16 +730,12 @@ bool _hashmap_iterate(HashmapBase *h, Iterator *i, void **value, const void **ke
|
|||
return true;
|
||||
}
|
||||
|
||||
bool set_iterate(const Set *s, Iterator *i, void **value) {
|
||||
return _hashmap_iterate(HASHMAP_BASE((Set*) s), i, value, NULL);
|
||||
}
|
||||
|
||||
#define HASHMAP_FOREACH_IDX(idx, h, i) \
|
||||
for ((i) = ITERATOR_FIRST, (idx) = hashmap_iterate_entry((h), &(i)); \
|
||||
(idx != IDX_NIL); \
|
||||
(idx) = hashmap_iterate_entry((h), &(i)))
|
||||
|
||||
IteratedCache *_hashmap_iterated_cache_new(HashmapBase *h) {
|
||||
IteratedCache* _hashmap_iterated_cache_new(HashmapBase *h) {
|
||||
IteratedCache *cache;
|
||||
|
||||
assert(h);
|
||||
|
|
@ -768,7 +764,7 @@ static void reset_direct_storage(HashmapBase *h) {
|
|||
memset(p, DIB_RAW_INIT, sizeof(dib_raw_t) * hi->n_direct_buckets);
|
||||
}
|
||||
|
||||
static struct HashmapBase *hashmap_base_new(const struct hash_ops *hash_ops, enum HashmapType type HASHMAP_DEBUG_PARAMS) {
|
||||
static struct HashmapBase* hashmap_base_new(const struct hash_ops *hash_ops, enum HashmapType type HASHMAP_DEBUG_PARAMS) {
|
||||
HashmapBase *h;
|
||||
const struct hashmap_type_info *hi = &hashmap_type_info[type];
|
||||
bool up;
|
||||
|
|
@ -848,6 +844,16 @@ int _set_ensure_allocated(Set **s, const struct hash_ops *hash_ops HASHMAP_DEBU
|
|||
return hashmap_base_ensure_allocated((HashmapBase**)s, hash_ops, HASHMAP_TYPE_SET HASHMAP_DEBUG_PASS_ARGS);
|
||||
}
|
||||
|
||||
int _ordered_hashmap_ensure_put(OrderedHashmap **h, const struct hash_ops *hash_ops, const void *key, void *value HASHMAP_DEBUG_PARAMS) {
|
||||
int r;
|
||||
|
||||
r = _ordered_hashmap_ensure_allocated(h, hash_ops HASHMAP_DEBUG_PASS_ARGS);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
return ordered_hashmap_put(*h, key, value);
|
||||
}
|
||||
|
||||
static void hashmap_free_no_clear(HashmapBase *h) {
|
||||
assert(!h->has_indirect);
|
||||
assert(h->n_direct_entries == 0);
|
||||
|
|
@ -866,7 +872,7 @@ static void hashmap_free_no_clear(HashmapBase *h) {
|
|||
free(h);
|
||||
}
|
||||
|
||||
HashmapBase *_hashmap_free(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value) {
|
||||
HashmapBase* _hashmap_free(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value) {
|
||||
if (h) {
|
||||
_hashmap_clear(h, default_free_key, default_free_value);
|
||||
hashmap_free_no_clear(h);
|
||||
|
|
@ -1323,7 +1329,7 @@ int hashmap_update(Hashmap *h, const void *key, void *value) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
void *_hashmap_get(HashmapBase *h, const void *key) {
|
||||
void* _hashmap_get(HashmapBase *h, const void *key) {
|
||||
struct hashmap_base_entry *e;
|
||||
unsigned hash, idx;
|
||||
|
||||
|
|
@ -1339,7 +1345,7 @@ void *_hashmap_get(HashmapBase *h, const void *key) {
|
|||
return entry_value(h, e);
|
||||
}
|
||||
|
||||
void *hashmap_get2(Hashmap *h, const void *key, void **key2) {
|
||||
void* hashmap_get2(Hashmap *h, const void *key, void **key2) {
|
||||
struct plain_hashmap_entry *e;
|
||||
unsigned hash, idx;
|
||||
|
||||
|
|
@ -1368,7 +1374,7 @@ bool _hashmap_contains(HashmapBase *h, const void *key) {
|
|||
return bucket_scan(h, hash, key) != IDX_NIL;
|
||||
}
|
||||
|
||||
void *_hashmap_remove(HashmapBase *h, const void *key) {
|
||||
void* _hashmap_remove(HashmapBase *h, const void *key) {
|
||||
struct hashmap_base_entry *e;
|
||||
unsigned hash, idx;
|
||||
void *data;
|
||||
|
|
@ -1388,7 +1394,7 @@ void *_hashmap_remove(HashmapBase *h, const void *key) {
|
|||
return data;
|
||||
}
|
||||
|
||||
void *hashmap_remove2(Hashmap *h, const void *key, void **rkey) {
|
||||
void* hashmap_remove2(Hashmap *h, const void *key, void **rkey) {
|
||||
struct plain_hashmap_entry *e;
|
||||
unsigned hash, idx;
|
||||
void *data;
|
||||
|
|
@ -1506,7 +1512,7 @@ int hashmap_remove_and_replace(Hashmap *h, const void *old_key, const void *new_
|
|||
return 0;
|
||||
}
|
||||
|
||||
void *_hashmap_remove_value(HashmapBase *h, const void *key, void *value) {
|
||||
void* _hashmap_remove_value(HashmapBase *h, const void *key, void *value) {
|
||||
struct hashmap_base_entry *e;
|
||||
unsigned hash, idx;
|
||||
|
||||
|
|
@ -1536,7 +1542,7 @@ static unsigned find_first_entry(HashmapBase *h) {
|
|||
return hashmap_iterate_entry(h, &i);
|
||||
}
|
||||
|
||||
void *_hashmap_first_key_and_value(HashmapBase *h, bool remove, void **ret_key) {
|
||||
void* _hashmap_first_key_and_value(HashmapBase *h, bool remove, void **ret_key) {
|
||||
struct hashmap_base_entry *e;
|
||||
void *key, *data;
|
||||
unsigned idx;
|
||||
|
|
@ -1711,7 +1717,7 @@ int _hashmap_move_one(HashmapBase *h, HashmapBase *other, const void *key) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
HashmapBase *_hashmap_copy(HashmapBase *h HASHMAP_DEBUG_PARAMS) {
|
||||
HashmapBase* _hashmap_copy(HashmapBase *h HASHMAP_DEBUG_PARAMS) {
|
||||
HashmapBase *copy;
|
||||
int r;
|
||||
|
||||
|
|
@ -1739,7 +1745,7 @@ HashmapBase *_hashmap_copy(HashmapBase *h HASHMAP_DEBUG_PARAMS) {
|
|||
return copy;
|
||||
}
|
||||
|
||||
char **_hashmap_get_strv(HashmapBase *h) {
|
||||
char** _hashmap_get_strv(HashmapBase *h) {
|
||||
char **sv;
|
||||
Iterator i;
|
||||
unsigned idx, n;
|
||||
|
|
@ -1756,7 +1762,7 @@ char **_hashmap_get_strv(HashmapBase *h) {
|
|||
return sv;
|
||||
}
|
||||
|
||||
void *ordered_hashmap_next(OrderedHashmap *h, const void *key) {
|
||||
void* ordered_hashmap_next(OrderedHashmap *h, const void *key) {
|
||||
struct ordered_hashmap_entry *e;
|
||||
unsigned hash, idx;
|
||||
|
||||
|
|
@ -1961,7 +1967,7 @@ int iterated_cache_get(IteratedCache *cache, const void ***res_keys, const void
|
|||
return 0;
|
||||
}
|
||||
|
||||
IteratedCache *iterated_cache_free(IteratedCache *cache) {
|
||||
IteratedCache* iterated_cache_free(IteratedCache *cache) {
|
||||
if (cache) {
|
||||
free(cache->keys.ptr);
|
||||
free(cache->values.ptr);
|
||||
|
|
|
|||
|
|
@ -83,8 +83,8 @@ typedef struct {
|
|||
# define HASHMAP_DEBUG_PASS_ARGS
|
||||
#endif
|
||||
|
||||
Hashmap *_hashmap_new(const struct hash_ops *hash_ops HASHMAP_DEBUG_PARAMS);
|
||||
OrderedHashmap *_ordered_hashmap_new(const struct hash_ops *hash_ops HASHMAP_DEBUG_PARAMS);
|
||||
Hashmap* _hashmap_new(const struct hash_ops *hash_ops HASHMAP_DEBUG_PARAMS);
|
||||
OrderedHashmap* _ordered_hashmap_new(const struct hash_ops *hash_ops HASHMAP_DEBUG_PARAMS);
|
||||
#define hashmap_new(ops) _hashmap_new(ops HASHMAP_DEBUG_SRC_ARGS)
|
||||
#define ordered_hashmap_new(ops) _ordered_hashmap_new(ops HASHMAP_DEBUG_SRC_ARGS)
|
||||
|
||||
|
|
@ -96,39 +96,39 @@ OrderedHashmap *_ordered_hashmap_new(const struct hash_ops *hash_ops HASHMAP_DE
|
|||
0; \
|
||||
})
|
||||
|
||||
HashmapBase *_hashmap_free(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value);
|
||||
static inline Hashmap *hashmap_free(Hashmap *h) {
|
||||
HashmapBase* _hashmap_free(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value);
|
||||
static inline Hashmap* hashmap_free(Hashmap *h) {
|
||||
return (void*) _hashmap_free(HASHMAP_BASE(h), NULL, NULL);
|
||||
}
|
||||
static inline OrderedHashmap *ordered_hashmap_free(OrderedHashmap *h) {
|
||||
static inline OrderedHashmap* ordered_hashmap_free(OrderedHashmap *h) {
|
||||
return (void*) _hashmap_free(HASHMAP_BASE(h), NULL, NULL);
|
||||
}
|
||||
|
||||
static inline Hashmap *hashmap_free_free(Hashmap *h) {
|
||||
static inline Hashmap* hashmap_free_free(Hashmap *h) {
|
||||
return (void*) _hashmap_free(HASHMAP_BASE(h), NULL, free);
|
||||
}
|
||||
static inline OrderedHashmap *ordered_hashmap_free_free(OrderedHashmap *h) {
|
||||
static inline OrderedHashmap* ordered_hashmap_free_free(OrderedHashmap *h) {
|
||||
return (void*) _hashmap_free(HASHMAP_BASE(h), NULL, free);
|
||||
}
|
||||
|
||||
static inline Hashmap *hashmap_free_free_key(Hashmap *h) {
|
||||
static inline Hashmap* hashmap_free_free_key(Hashmap *h) {
|
||||
return (void*) _hashmap_free(HASHMAP_BASE(h), free, NULL);
|
||||
}
|
||||
static inline OrderedHashmap *ordered_hashmap_free_free_key(OrderedHashmap *h) {
|
||||
static inline OrderedHashmap* ordered_hashmap_free_free_key(OrderedHashmap *h) {
|
||||
return (void*) _hashmap_free(HASHMAP_BASE(h), free, NULL);
|
||||
}
|
||||
|
||||
static inline Hashmap *hashmap_free_free_free(Hashmap *h) {
|
||||
static inline Hashmap* hashmap_free_free_free(Hashmap *h) {
|
||||
return (void*) _hashmap_free(HASHMAP_BASE(h), free, free);
|
||||
}
|
||||
static inline OrderedHashmap *ordered_hashmap_free_free_free(OrderedHashmap *h) {
|
||||
static inline OrderedHashmap* ordered_hashmap_free_free_free(OrderedHashmap *h) {
|
||||
return (void*) _hashmap_free(HASHMAP_BASE(h), free, free);
|
||||
}
|
||||
|
||||
IteratedCache *iterated_cache_free(IteratedCache *cache);
|
||||
IteratedCache* iterated_cache_free(IteratedCache *cache);
|
||||
int iterated_cache_get(IteratedCache *cache, const void ***res_keys, const void ***res_values, unsigned *res_n_entries);
|
||||
|
||||
HashmapBase *_hashmap_copy(HashmapBase *h HASHMAP_DEBUG_PARAMS);
|
||||
HashmapBase* _hashmap_copy(HashmapBase *h HASHMAP_DEBUG_PARAMS);
|
||||
#define hashmap_copy(h) ((Hashmap*) _hashmap_copy(HASHMAP_BASE(h) HASHMAP_DEBUG_SRC_ARGS))
|
||||
#define ordered_hashmap_copy(h) ((OrderedHashmap*) _hashmap_copy(HASHMAP_BASE(h) HASHMAP_DEBUG_SRC_ARGS))
|
||||
|
||||
|
|
@ -137,11 +137,14 @@ int _ordered_hashmap_ensure_allocated(OrderedHashmap **h, const struct hash_ops
|
|||
#define hashmap_ensure_allocated(h, ops) _hashmap_ensure_allocated(h, ops HASHMAP_DEBUG_SRC_ARGS)
|
||||
#define ordered_hashmap_ensure_allocated(h, ops) _ordered_hashmap_ensure_allocated(h, ops HASHMAP_DEBUG_SRC_ARGS)
|
||||
|
||||
IteratedCache *_hashmap_iterated_cache_new(HashmapBase *h);
|
||||
static inline IteratedCache *hashmap_iterated_cache_new(Hashmap *h) {
|
||||
int _ordered_hashmap_ensure_put(OrderedHashmap **h, const struct hash_ops *hash_ops, const void *key, void *value HASHMAP_DEBUG_PARAMS);
|
||||
#define ordered_hashmap_ensure_put(s, ops, key, value) _ordered_hashmap_ensure_put(s, ops, key, value HASHMAP_DEBUG_SRC_ARGS)
|
||||
|
||||
IteratedCache* _hashmap_iterated_cache_new(HashmapBase *h);
|
||||
static inline IteratedCache* hashmap_iterated_cache_new(Hashmap *h) {
|
||||
return (IteratedCache*) _hashmap_iterated_cache_new(HASHMAP_BASE(h));
|
||||
}
|
||||
static inline IteratedCache *ordered_hashmap_iterated_cache_new(OrderedHashmap *h) {
|
||||
static inline IteratedCache* ordered_hashmap_iterated_cache_new(OrderedHashmap *h) {
|
||||
return (IteratedCache*) _hashmap_iterated_cache_new(HASHMAP_BASE(h));
|
||||
}
|
||||
|
||||
|
|
@ -163,7 +166,7 @@ static inline int ordered_hashmap_replace(OrderedHashmap *h, const void *key, vo
|
|||
return hashmap_replace(PLAIN_HASHMAP(h), key, value);
|
||||
}
|
||||
|
||||
void *_hashmap_get(HashmapBase *h, const void *key);
|
||||
void* _hashmap_get(HashmapBase *h, const void *key);
|
||||
static inline void *hashmap_get(Hashmap *h, const void *key) {
|
||||
return _hashmap_get(HASHMAP_BASE(h), key);
|
||||
}
|
||||
|
|
@ -171,7 +174,7 @@ static inline void *ordered_hashmap_get(OrderedHashmap *h, const void *key) {
|
|||
return _hashmap_get(HASHMAP_BASE(h), key);
|
||||
}
|
||||
|
||||
void *hashmap_get2(Hashmap *h, const void *key, void **rkey);
|
||||
void* hashmap_get2(Hashmap *h, const void *key, void **rkey);
|
||||
static inline void *ordered_hashmap_get2(OrderedHashmap *h, const void *key, void **rkey) {
|
||||
return hashmap_get2(PLAIN_HASHMAP(h), key, rkey);
|
||||
}
|
||||
|
|
@ -184,7 +187,7 @@ static inline bool ordered_hashmap_contains(OrderedHashmap *h, const void *key)
|
|||
return _hashmap_contains(HASHMAP_BASE(h), key);
|
||||
}
|
||||
|
||||
void *_hashmap_remove(HashmapBase *h, const void *key);
|
||||
void* _hashmap_remove(HashmapBase *h, const void *key);
|
||||
static inline void *hashmap_remove(Hashmap *h, const void *key) {
|
||||
return _hashmap_remove(HASHMAP_BASE(h), key);
|
||||
}
|
||||
|
|
@ -192,17 +195,17 @@ static inline void *ordered_hashmap_remove(OrderedHashmap *h, const void *key) {
|
|||
return _hashmap_remove(HASHMAP_BASE(h), key);
|
||||
}
|
||||
|
||||
void *hashmap_remove2(Hashmap *h, const void *key, void **rkey);
|
||||
void* hashmap_remove2(Hashmap *h, const void *key, void **rkey);
|
||||
static inline void *ordered_hashmap_remove2(OrderedHashmap *h, const void *key, void **rkey) {
|
||||
return hashmap_remove2(PLAIN_HASHMAP(h), key, rkey);
|
||||
}
|
||||
|
||||
void *_hashmap_remove_value(HashmapBase *h, const void *key, void *value);
|
||||
void* _hashmap_remove_value(HashmapBase *h, const void *key, void *value);
|
||||
static inline void *hashmap_remove_value(Hashmap *h, const void *key, void *value) {
|
||||
return _hashmap_remove_value(HASHMAP_BASE(h), key, value);
|
||||
}
|
||||
|
||||
static inline void *ordered_hashmap_remove_value(OrderedHashmap *h, const void *key, void *value) {
|
||||
static inline void* ordered_hashmap_remove_value(OrderedHashmap *h, const void *key, void *value) {
|
||||
return hashmap_remove_value(PLAIN_HASHMAP(h), key, value);
|
||||
}
|
||||
|
||||
|
|
@ -388,13 +391,13 @@ static inline void *ordered_hashmap_first_key(OrderedHashmap *h) {
|
|||
})
|
||||
|
||||
/* no hashmap_next */
|
||||
void *ordered_hashmap_next(OrderedHashmap *h, const void *key);
|
||||
void* ordered_hashmap_next(OrderedHashmap *h, const void *key);
|
||||
|
||||
char **_hashmap_get_strv(HashmapBase *h);
|
||||
static inline char **hashmap_get_strv(Hashmap *h) {
|
||||
char** _hashmap_get_strv(HashmapBase *h);
|
||||
static inline char** hashmap_get_strv(Hashmap *h) {
|
||||
return _hashmap_get_strv(HASHMAP_BASE(h));
|
||||
}
|
||||
static inline char **ordered_hashmap_get_strv(OrderedHashmap *h) {
|
||||
static inline char** ordered_hashmap_get_strv(OrderedHashmap *h) {
|
||||
return _hashmap_get_strv(HASHMAP_BASE(h));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
#include <unistd.h>
|
||||
|
||||
#include "btrfs-util.h"
|
||||
#include "fs-util.h"
|
||||
#include "label.h"
|
||||
#include "macro.h"
|
||||
#include "selinux-util.h"
|
||||
|
|
@ -45,6 +46,27 @@ int symlink_label(const char *old_path, const char *new_path) {
|
|||
return mac_smack_fix(new_path, 0);
|
||||
}
|
||||
|
||||
int symlink_atomic_label(const char *from, const char *to) {
|
||||
int r;
|
||||
|
||||
assert(from);
|
||||
assert(to);
|
||||
|
||||
r = mac_selinux_create_file_prepare(to, S_IFLNK);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (symlink_atomic(from, to) < 0)
|
||||
r = -errno;
|
||||
|
||||
mac_selinux_create_file_clear();
|
||||
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
return mac_smack_fix(to, 0);
|
||||
}
|
||||
|
||||
int mknod_label(const char *pathname, mode_t mode, dev_t dev) {
|
||||
int r;
|
||||
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ static inline int label_fix(const char *path, LabelFixFlags flags) {
|
|||
int mkdir_label(const char *path, mode_t mode);
|
||||
int mkdirat_label(int dirfd, const char *path, mode_t mode);
|
||||
int symlink_label(const char *old_path, const char *new_path);
|
||||
int symlink_atomic_label(const char *from, const char *to);
|
||||
int mknod_label(const char *pathname, mode_t mode, dev_t dev);
|
||||
|
||||
int btrfs_subvol_make_label(const char *path);
|
||||
|
|
|
|||
|
|
@ -4,6 +4,27 @@
|
|||
#include "ordered-set.h"
|
||||
#include "strv.h"
|
||||
|
||||
int _ordered_set_ensure_allocated(OrderedSet **s, const struct hash_ops *ops HASHMAP_DEBUG_PARAMS) {
|
||||
if (*s)
|
||||
return 0;
|
||||
|
||||
*s = _ordered_set_new(ops HASHMAP_DEBUG_PASS_ARGS);
|
||||
if (!*s)
|
||||
return -ENOMEM;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int _ordered_set_ensure_put(OrderedSet **s, const struct hash_ops *ops, void *p HASHMAP_DEBUG_PARAMS) {
|
||||
int r;
|
||||
|
||||
r = _ordered_set_ensure_allocated(s, ops HASHMAP_DEBUG_PASS_ARGS);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
return ordered_set_put(*s, p);
|
||||
}
|
||||
|
||||
int ordered_set_consume(OrderedSet *s, void *p) {
|
||||
int r;
|
||||
|
||||
|
|
|
|||
|
|
@ -7,20 +7,16 @@
|
|||
|
||||
typedef struct OrderedSet OrderedSet;
|
||||
|
||||
static inline OrderedSet* ordered_set_new(const struct hash_ops *ops) {
|
||||
return (OrderedSet*) ordered_hashmap_new(ops);
|
||||
static inline OrderedSet* _ordered_set_new(const struct hash_ops *ops HASHMAP_DEBUG_PARAMS) {
|
||||
return (OrderedSet*) _ordered_hashmap_new(ops HASHMAP_DEBUG_PASS_ARGS);
|
||||
}
|
||||
#define ordered_set_new(ops) _ordered_set_new(ops HASHMAP_DEBUG_SRC_ARGS)
|
||||
|
||||
static inline int ordered_set_ensure_allocated(OrderedSet **s, const struct hash_ops *ops) {
|
||||
if (*s)
|
||||
return 0;
|
||||
int _ordered_set_ensure_allocated(OrderedSet **s, const struct hash_ops *ops HASHMAP_DEBUG_PARAMS);
|
||||
#define ordered_set_ensure_allocated(s, ops) _ordered_set_ensure_allocated(s, ops HASHMAP_DEBUG_SRC_ARGS)
|
||||
|
||||
*s = ordered_set_new(ops);
|
||||
if (!*s)
|
||||
return -ENOMEM;
|
||||
|
||||
return 0;
|
||||
}
|
||||
int _ordered_set_ensure_put(OrderedSet **s, const struct hash_ops *ops, void *p HASHMAP_DEBUG_PARAMS);
|
||||
#define ordered_set_ensure_put(s, hash_ops, key) _ordered_set_ensure_put(s, hash_ops, key HASHMAP_DEBUG_SRC_ARGS)
|
||||
|
||||
static inline OrderedSet* ordered_set_free(OrderedSet *s) {
|
||||
return (OrderedSet*) ordered_hashmap_free((OrderedHashmap*) s);
|
||||
|
|
@ -58,7 +54,7 @@ static inline void* ordered_set_steal_first(OrderedSet *s) {
|
|||
return ordered_hashmap_steal_first((OrderedHashmap*) s);
|
||||
}
|
||||
|
||||
static inline char **ordered_set_get_strv(OrderedSet *s) {
|
||||
static inline char** ordered_set_get_strv(OrderedSet *s) {
|
||||
return _hashmap_get_strv(HASHMAP_BASE((OrderedHashmap*) s));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -13,14 +13,14 @@
|
|||
0; \
|
||||
})
|
||||
|
||||
Set *_set_new(const struct hash_ops *hash_ops HASHMAP_DEBUG_PARAMS);
|
||||
Set* _set_new(const struct hash_ops *hash_ops HASHMAP_DEBUG_PARAMS);
|
||||
#define set_new(ops) _set_new(ops HASHMAP_DEBUG_SRC_ARGS)
|
||||
|
||||
static inline Set *set_free(Set *s) {
|
||||
static inline Set* set_free(Set *s) {
|
||||
return (Set*) _hashmap_free(HASHMAP_BASE(s), NULL, NULL);
|
||||
}
|
||||
|
||||
static inline Set *set_free_free(Set *s) {
|
||||
static inline Set* set_free_free(Set *s) {
|
||||
return (Set*) _hashmap_free(HASHMAP_BASE(s), free, NULL);
|
||||
}
|
||||
|
||||
|
|
@ -77,7 +77,9 @@ static inline unsigned set_buckets(const Set *s) {
|
|||
return _hashmap_buckets(HASHMAP_BASE((Set *) s));
|
||||
}
|
||||
|
||||
bool set_iterate(const Set *s, Iterator *i, void **value);
|
||||
static inline bool set_iterate(const Set *s, Iterator *i, void **value) {
|
||||
return _hashmap_iterate(HASHMAP_BASE((Set*) s), i, value, NULL);
|
||||
}
|
||||
|
||||
static inline void set_clear(Set *s) {
|
||||
_hashmap_clear(HASHMAP_BASE(s), NULL, NULL);
|
||||
|
|
|
|||
|
|
@ -150,18 +150,22 @@ bool utf8_is_printable_newline(const char* str, size_t length, bool allow_newlin
|
|||
return true;
|
||||
}
|
||||
|
||||
char *utf8_is_valid(const char *str) {
|
||||
const char *p;
|
||||
char *utf8_is_valid_n(const char *str, size_t len_bytes) {
|
||||
/* Check if the string is composed of valid utf8 characters. If length len_bytes is given, stop after
|
||||
* len_bytes. Otherwise, stop at NUL. */
|
||||
|
||||
assert(str);
|
||||
|
||||
p = str;
|
||||
while (*p) {
|
||||
for (const char *p = str; len_bytes != (size_t) -1 ? (size_t) (p - str) < len_bytes : *p != '\0'; ) {
|
||||
int len;
|
||||
|
||||
len = utf8_encoded_valid_unichar(p, (size_t) -1);
|
||||
if (len < 0)
|
||||
return NULL;
|
||||
if (_unlikely_(*p == '\0') && len_bytes != (size_t) -1)
|
||||
return NULL; /* embedded NUL */
|
||||
|
||||
len = utf8_encoded_valid_unichar(p,
|
||||
len_bytes != (size_t) -1 ? len_bytes - (p - str) : (size_t) -1);
|
||||
if (_unlikely_(len < 0))
|
||||
return NULL; /* invalid character */
|
||||
|
||||
p += len;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,7 +14,10 @@
|
|||
|
||||
bool unichar_is_valid(char32_t c);
|
||||
|
||||
char *utf8_is_valid(const char *s) _pure_;
|
||||
char *utf8_is_valid_n(const char *str, size_t len_bytes) _pure_;
|
||||
static inline char *utf8_is_valid(const char *s) {
|
||||
return utf8_is_valid_n(s, (size_t) -1);
|
||||
}
|
||||
char *ascii_is_valid(const char *s) _pure_;
|
||||
char *ascii_is_valid_n(const char *str, size_t len);
|
||||
|
||||
|
|
|
|||
|
|
@ -291,7 +291,7 @@ int manager_varlink_init(Manager *m) {
|
|||
return log_error_errno(r, "Failed to register varlink methods: %m");
|
||||
|
||||
if (!MANAGER_IS_TEST_RUN(m)) {
|
||||
(void) mkdir_p("/run/systemd/userdb", 0755);
|
||||
(void) mkdir_p_label("/run/systemd/userdb", 0755);
|
||||
|
||||
r = varlink_server_listen_address(s, "/run/systemd/userdb/io.systemd.DynamicUser", 0666);
|
||||
if (r < 0)
|
||||
|
|
|
|||
|
|
@ -86,6 +86,7 @@ const sd_bus_vtable bus_socket_vtable[] = {
|
|||
SD_BUS_PROPERTY("SocketMode", "u", bus_property_get_mode, offsetof(Socket, socket_mode), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("DirectoryMode", "u", bus_property_get_mode, offsetof(Socket, directory_mode), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("Accept", "b", bus_property_get_bool, offsetof(Socket, accept), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("FlushPending", "b", bus_property_get_bool, offsetof(Socket, flush_pending), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("Writable", "b", bus_property_get_bool, offsetof(Socket, writable), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("KeepAlive", "b", bus_property_get_bool, offsetof(Socket, keep_alive), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
SD_BUS_PROPERTY("KeepAliveTimeUSec", "t", bus_property_get_usec, offsetof(Socket, keep_alive_time), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||
|
|
@ -179,6 +180,9 @@ static int bus_socket_set_transient_property(
|
|||
if (streq(name, "Accept"))
|
||||
return bus_set_transient_bool(u, name, &s->accept, message, flags, error);
|
||||
|
||||
if (streq(name, "FlushPending"))
|
||||
return bus_set_transient_bool(u, name, &s->flush_pending, message, flags, error);
|
||||
|
||||
if (streq(name, "Writable"))
|
||||
return bus_set_transient_bool(u, name, &s->writable, message, flags, error);
|
||||
|
||||
|
|
|
|||
|
|
@ -1077,26 +1077,42 @@ static int enforce_groups(gid_t gid, const gid_t *supplementary_gids, int ngids)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int set_securebits(int bits, int mask) {
|
||||
int current, applied;
|
||||
current = prctl(PR_GET_SECUREBITS);
|
||||
if (current < 0)
|
||||
return -errno;
|
||||
/* Clear all securebits defined in mask and set bits */
|
||||
applied = (current & ~mask) | bits;
|
||||
if (current == applied)
|
||||
return 0;
|
||||
if (prctl(PR_SET_SECUREBITS, applied) < 0)
|
||||
return -errno;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int enforce_user(const ExecContext *context, uid_t uid) {
|
||||
assert(context);
|
||||
int r;
|
||||
|
||||
if (!uid_is_valid(uid))
|
||||
return 0;
|
||||
|
||||
/* Sets (but doesn't look up) the uid and make sure we keep the
|
||||
* capabilities while doing so. */
|
||||
* capabilities while doing so. For setting secure bits the capability CAP_SETPCAP is
|
||||
* required, so we also need keep-caps in this case.
|
||||
*/
|
||||
|
||||
if (context->capability_ambient_set != 0) {
|
||||
if (context->capability_ambient_set != 0 || context->secure_bits != 0) {
|
||||
|
||||
/* First step: If we need to keep capabilities but
|
||||
* drop privileges we need to make sure we keep our
|
||||
* caps, while we drop privileges. */
|
||||
if (uid != 0) {
|
||||
int sb = context->secure_bits | 1<<SECURE_KEEP_CAPS;
|
||||
|
||||
if (prctl(PR_GET_SECUREBITS) != sb)
|
||||
if (prctl(PR_SET_SECUREBITS, sb) < 0)
|
||||
return -errno;
|
||||
/* Add KEEP_CAPS to the securebits */
|
||||
r = set_securebits(1<<SECURE_KEEP_CAPS, 0);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -4337,12 +4353,27 @@ static int exec_child(
|
|||
#endif
|
||||
|
||||
/* PR_GET_SECUREBITS is not privileged, while PR_SET_SECUREBITS is. So to suppress potential EPERMs
|
||||
* we'll try not to call PR_SET_SECUREBITS unless necessary. */
|
||||
if (prctl(PR_GET_SECUREBITS) != secure_bits)
|
||||
* we'll try not to call PR_SET_SECUREBITS unless necessary. Setting securebits requires
|
||||
* CAP_SETPCAP. */
|
||||
if (prctl(PR_GET_SECUREBITS) != secure_bits) {
|
||||
/* CAP_SETPCAP is required to set securebits. This capabilitiy is raised into the
|
||||
* effective set here.
|
||||
* The effective set is overwritten during execve with the following values:
|
||||
* - ambient set (for non-root processes)
|
||||
* - (inheritable | bounding) set for root processes)
|
||||
*
|
||||
* Hence there is no security impact to raise it in the effective set before execve
|
||||
*/
|
||||
r = capability_gain_cap_setpcap(NULL);
|
||||
if (r < 0) {
|
||||
*exit_status = EXIT_CAPABILITIES;
|
||||
return log_unit_error_errno(unit, r, "Failed to gain CAP_SETPCAP for setting secure bits");
|
||||
}
|
||||
if (prctl(PR_SET_SECUREBITS, secure_bits) < 0) {
|
||||
*exit_status = EXIT_SECUREBITS;
|
||||
return log_unit_error_errno(unit, errno, "Failed to set process secure bits: %m");
|
||||
}
|
||||
}
|
||||
|
||||
if (context_has_no_new_privileges(context))
|
||||
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
|
||||
|
|
|
|||
|
|
@ -391,6 +391,7 @@ Socket.SocketGroup, config_parse_user_group_compat, 0,
|
|||
Socket.SocketMode, config_parse_mode, 0, offsetof(Socket, socket_mode)
|
||||
Socket.DirectoryMode, config_parse_mode, 0, offsetof(Socket, directory_mode)
|
||||
Socket.Accept, config_parse_bool, 0, offsetof(Socket, accept)
|
||||
Socket.FlushPending, config_parse_bool, 0, offsetof(Socket, flush_pending)
|
||||
Socket.Writable, config_parse_bool, 0, offsetof(Socket, writable)
|
||||
Socket.MaxConnections, config_parse_unsigned, 0, offsetof(Socket, max_connections)
|
||||
Socket.MaxConnectionsPerSource, config_parse_unsigned, 0, offsetof(Socket, max_connections_per_source)
|
||||
|
|
|
|||
|
|
@ -63,6 +63,7 @@
|
|||
#include "ratelimit.h"
|
||||
#include "rlimit-util.h"
|
||||
#include "rm-rf.h"
|
||||
#include "selinux-util.h"
|
||||
#include "serialize.h"
|
||||
#include "signal-util.h"
|
||||
#include "socket-util.h"
|
||||
|
|
@ -963,9 +964,9 @@ static int manager_setup_notify(Manager *m) {
|
|||
(void) mkdir_parents_label(m->notify_socket, 0755);
|
||||
(void) sockaddr_un_unlink(&sa.un);
|
||||
|
||||
r = bind(fd, &sa.sa, sa_len);
|
||||
r = mac_selinux_bind(fd, &sa.sa, sa_len);
|
||||
if (r < 0)
|
||||
return log_error_errno(errno, "bind(%s) failed: %m", m->notify_socket);
|
||||
return log_error_errno(r, "bind(%s) failed: %m", m->notify_socket);
|
||||
|
||||
r = setsockopt_int(fd, SOL_SOCKET, SO_PASSCRED, true);
|
||||
if (r < 0)
|
||||
|
|
|
|||
|
|
@ -72,6 +72,7 @@ static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
|
|||
|
||||
static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
|
||||
static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
|
||||
static void flush_ports(Socket *s);
|
||||
|
||||
static void socket_init(Unit *u) {
|
||||
Socket *s = SOCKET(u);
|
||||
|
|
@ -669,6 +670,11 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
|
|||
prefix, s->n_connections,
|
||||
prefix, s->max_connections,
|
||||
prefix, s->max_connections_per_source);
|
||||
else
|
||||
fprintf(f,
|
||||
"%sFlushPending: %s\n",
|
||||
prefix, yes_no(s->flush_pending));
|
||||
|
||||
|
||||
if (s->priority >= 0)
|
||||
fprintf(f,
|
||||
|
|
@ -2201,6 +2207,11 @@ static void socket_enter_listening(Socket *s) {
|
|||
int r;
|
||||
assert(s);
|
||||
|
||||
if (!s->accept && s->flush_pending) {
|
||||
log_unit_debug(UNIT(s), "Flushing socket before listening.");
|
||||
flush_ports(s);
|
||||
}
|
||||
|
||||
r = socket_watch_fds(s);
|
||||
if (r < 0) {
|
||||
log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
|
||||
|
|
|
|||
|
|
@ -110,6 +110,7 @@ struct Socket {
|
|||
bool accept;
|
||||
bool remove_on_stop;
|
||||
bool writable;
|
||||
bool flush_pending;
|
||||
|
||||
int socket_protocol;
|
||||
|
||||
|
|
|
|||
|
|
@ -24,10 +24,10 @@
|
|||
#include "fileio-label.h"
|
||||
#include "fileio.h"
|
||||
#include "format-util.h"
|
||||
#include "fs-util.h"
|
||||
#include "id128-util.h"
|
||||
#include "io-util.h"
|
||||
#include "install.h"
|
||||
#include "label.h"
|
||||
#include "load-dropin.h"
|
||||
#include "load-fragment.h"
|
||||
#include "log.h"
|
||||
|
|
@ -5603,7 +5603,7 @@ static int unit_export_invocation_id(Unit *u) {
|
|||
if (r < 0)
|
||||
return log_unit_debug_errno(u, r, "Failed to get invocation path: %m");
|
||||
|
||||
r = symlink_atomic(u->invocation_id_string, p);
|
||||
r = symlink_atomic_label(u->invocation_id_string, p);
|
||||
if (r < 0)
|
||||
return log_unit_debug_errno(u, r, "Failed to create invocation ID symlink %s: %m", p);
|
||||
|
||||
|
|
|
|||
|
|
@ -6,13 +6,13 @@
|
|||
#include "env-util.h"
|
||||
#include "errno-util.h"
|
||||
#include "fd-util.h"
|
||||
#include "group-record-nss.h"
|
||||
#include "macro.h"
|
||||
#include "nss-systemd.h"
|
||||
#include "nss-util.h"
|
||||
#include "pthread-util.h"
|
||||
#include "signal-util.h"
|
||||
#include "strv.h"
|
||||
#include "user-record-nss.h"
|
||||
#include "user-util.h"
|
||||
#include "userdb-glue.h"
|
||||
#include "userdb.h"
|
||||
|
|
|
|||
|
|
@ -2,9 +2,9 @@
|
|||
|
||||
#include "env-util.h"
|
||||
#include "fd-util.h"
|
||||
#include "group-record-nss.h"
|
||||
#include "nss-systemd.h"
|
||||
#include "strv.h"
|
||||
#include "user-record-nss.h"
|
||||
#include "user-record.h"
|
||||
#include "userdb-glue.h"
|
||||
#include "userdb.h"
|
||||
|
|
|
|||
|
|
@ -1956,6 +1956,7 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons
|
|||
int r;
|
||||
|
||||
if (STR_IN_SET(field, "Accept",
|
||||
"FlushPending",
|
||||
"Writable",
|
||||
"KeepAlive",
|
||||
"NoDelay",
|
||||
|
|
|
|||
|
|
@ -1,219 +0,0 @@
|
|||
/* SPDX-License-Identifier: LGPL-2.1+ */
|
||||
|
||||
#include "errno-util.h"
|
||||
#include "group-record-nss.h"
|
||||
#include "libcrypt-util.h"
|
||||
#include "strv.h"
|
||||
|
||||
int nss_group_to_group_record(
|
||||
const struct group *grp,
|
||||
const struct sgrp *sgrp,
|
||||
GroupRecord **ret) {
|
||||
|
||||
_cleanup_(group_record_unrefp) GroupRecord *g = NULL;
|
||||
int r;
|
||||
|
||||
assert(grp);
|
||||
assert(ret);
|
||||
|
||||
if (isempty(grp->gr_name))
|
||||
return -EINVAL;
|
||||
|
||||
if (sgrp && !streq_ptr(sgrp->sg_namp, grp->gr_name))
|
||||
return -EINVAL;
|
||||
|
||||
g = group_record_new();
|
||||
if (!g)
|
||||
return -ENOMEM;
|
||||
|
||||
g->group_name = strdup(grp->gr_name);
|
||||
if (!g->group_name)
|
||||
return -ENOMEM;
|
||||
|
||||
g->members = strv_copy(grp->gr_mem);
|
||||
if (!g->members)
|
||||
return -ENOMEM;
|
||||
|
||||
g->gid = grp->gr_gid;
|
||||
|
||||
if (sgrp) {
|
||||
if (hashed_password_valid(sgrp->sg_passwd)) {
|
||||
g->hashed_password = strv_new(sgrp->sg_passwd);
|
||||
if (!g->hashed_password)
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
r = strv_extend_strv(&g->members, sgrp->sg_mem, 1);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
g->administrators = strv_copy(sgrp->sg_adm);
|
||||
if (!g->administrators)
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
r = json_build(&g->json, JSON_BUILD_OBJECT(
|
||||
JSON_BUILD_PAIR("groupName", JSON_BUILD_STRING(g->group_name)),
|
||||
JSON_BUILD_PAIR("gid", JSON_BUILD_UNSIGNED(g->gid)),
|
||||
JSON_BUILD_PAIR_CONDITION(!strv_isempty(g->members), "members", JSON_BUILD_STRV(g->members)),
|
||||
JSON_BUILD_PAIR_CONDITION(!strv_isempty(g->hashed_password), "privileged", JSON_BUILD_OBJECT(JSON_BUILD_PAIR("hashedPassword", JSON_BUILD_STRV(g->hashed_password)))),
|
||||
JSON_BUILD_PAIR_CONDITION(!strv_isempty(g->administrators), "administrators", JSON_BUILD_STRV(g->administrators))));
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
g->mask = USER_RECORD_REGULAR |
|
||||
(!strv_isempty(g->hashed_password) ? USER_RECORD_PRIVILEGED : 0);
|
||||
|
||||
*ret = TAKE_PTR(g);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int nss_sgrp_for_group(const struct group *grp, struct sgrp *ret_sgrp, char **ret_buffer) {
|
||||
size_t buflen = 4096;
|
||||
int r;
|
||||
|
||||
assert(grp);
|
||||
assert(ret_sgrp);
|
||||
assert(ret_buffer);
|
||||
|
||||
for (;;) {
|
||||
_cleanup_free_ char *buf = NULL;
|
||||
struct sgrp sgrp, *result;
|
||||
|
||||
buf = malloc(buflen);
|
||||
if (!buf)
|
||||
return -ENOMEM;
|
||||
|
||||
r = getsgnam_r(grp->gr_name, &sgrp, buf, buflen, &result);
|
||||
if (r == 0) {
|
||||
if (!result)
|
||||
return -ESRCH;
|
||||
|
||||
*ret_sgrp = *result;
|
||||
*ret_buffer = TAKE_PTR(buf);
|
||||
return 0;
|
||||
}
|
||||
if (r < 0)
|
||||
return -EIO; /* Weird, this should not return negative! */
|
||||
if (r != ERANGE)
|
||||
return -r;
|
||||
|
||||
if (buflen > SIZE_MAX / 2)
|
||||
return -ERANGE;
|
||||
|
||||
buflen *= 2;
|
||||
buf = mfree(buf);
|
||||
}
|
||||
}
|
||||
|
||||
int nss_group_record_by_name(
|
||||
const char *name,
|
||||
bool with_shadow,
|
||||
GroupRecord **ret) {
|
||||
|
||||
_cleanup_free_ char *buf = NULL, *sbuf = NULL;
|
||||
struct group grp, *result;
|
||||
bool incomplete = false;
|
||||
size_t buflen = 4096;
|
||||
struct sgrp sgrp, *sresult = NULL;
|
||||
int r;
|
||||
|
||||
assert(name);
|
||||
assert(ret);
|
||||
|
||||
for (;;) {
|
||||
buf = malloc(buflen);
|
||||
if (!buf)
|
||||
return -ENOMEM;
|
||||
|
||||
r = getgrnam_r(name, &grp, buf, buflen, &result);
|
||||
if (r == 0) {
|
||||
if (!result)
|
||||
return -ESRCH;
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
if (r < 0)
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "getgrnam_r() returned a negative value");
|
||||
if (r != ERANGE)
|
||||
return -r;
|
||||
if (buflen > SIZE_MAX / 2)
|
||||
return -ERANGE;
|
||||
|
||||
buflen *= 2;
|
||||
buf = mfree(buf);
|
||||
}
|
||||
|
||||
if (with_shadow) {
|
||||
r = nss_sgrp_for_group(result, &sgrp, &sbuf);
|
||||
if (r < 0) {
|
||||
log_debug_errno(r, "Failed to do shadow lookup for group %s, ignoring: %m", result->gr_name);
|
||||
incomplete = ERRNO_IS_PRIVILEGE(r);
|
||||
} else
|
||||
sresult = &sgrp;
|
||||
} else
|
||||
incomplete = true;
|
||||
|
||||
r = nss_group_to_group_record(result, sresult, ret);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
(*ret)->incomplete = incomplete;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int nss_group_record_by_gid(
|
||||
gid_t gid,
|
||||
bool with_shadow,
|
||||
GroupRecord **ret) {
|
||||
|
||||
_cleanup_free_ char *buf = NULL, *sbuf = NULL;
|
||||
struct group grp, *result;
|
||||
bool incomplete = false;
|
||||
size_t buflen = 4096;
|
||||
struct sgrp sgrp, *sresult = NULL;
|
||||
int r;
|
||||
|
||||
assert(ret);
|
||||
|
||||
for (;;) {
|
||||
buf = malloc(buflen);
|
||||
if (!buf)
|
||||
return -ENOMEM;
|
||||
|
||||
r = getgrgid_r(gid, &grp, buf, buflen, &result);
|
||||
if (r == 0) {
|
||||
if (!result)
|
||||
return -ESRCH;
|
||||
break;
|
||||
}
|
||||
|
||||
if (r < 0)
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "getgrgid_r() returned a negative value");
|
||||
if (r != ERANGE)
|
||||
return -r;
|
||||
if (buflen > SIZE_MAX / 2)
|
||||
return -ERANGE;
|
||||
|
||||
buflen *= 2;
|
||||
buf = mfree(buf);
|
||||
}
|
||||
|
||||
if (with_shadow) {
|
||||
r = nss_sgrp_for_group(result, &sgrp, &sbuf);
|
||||
if (r < 0) {
|
||||
log_debug_errno(r, "Failed to do shadow lookup for group %s, ignoring: %m", result->gr_name);
|
||||
incomplete = ERRNO_IS_PRIVILEGE(r);
|
||||
} else
|
||||
sresult = &sgrp;
|
||||
} else
|
||||
incomplete = true;
|
||||
|
||||
r = nss_group_to_group_record(result, sresult, ret);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
(*ret)->incomplete = incomplete;
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
/* SPDX-License-Identifier: LGPL-2.1+ */
|
||||
#pragma once
|
||||
|
||||
#include <grp.h>
|
||||
#include <gshadow.h>
|
||||
|
||||
#include "group-record.h"
|
||||
|
||||
/* Synthesize GroupRecord objects from NSS data */
|
||||
|
||||
int nss_group_to_group_record(const struct group *grp, const struct sgrp *sgrp, GroupRecord **ret);
|
||||
int nss_sgrp_for_group(const struct group *grp, struct sgrp *ret_sgrp, char **ret_buffer);
|
||||
|
||||
int nss_group_record_by_name(const char *name, bool with_shadow, GroupRecord **ret);
|
||||
int nss_group_record_by_gid(gid_t gid, bool with_shadow, GroupRecord **ret);
|
||||
|
|
@ -1,79 +0,0 @@
|
|||
/* SPDX-License-Identifier: LGPL-2.1+ */
|
||||
|
||||
#include "format-util.h"
|
||||
#include "group-record-show.h"
|
||||
#include "strv.h"
|
||||
#include "user-util.h"
|
||||
#include "userdb.h"
|
||||
|
||||
void group_record_show(GroupRecord *gr, bool show_full_user_info) {
|
||||
int r;
|
||||
|
||||
printf(" Group name: %s\n",
|
||||
group_record_group_name_and_realm(gr));
|
||||
|
||||
printf(" Disposition: %s\n", user_disposition_to_string(group_record_disposition(gr)));
|
||||
|
||||
if (gr->last_change_usec != USEC_INFINITY) {
|
||||
char buf[FORMAT_TIMESTAMP_MAX];
|
||||
printf(" Last Change: %s\n", format_timestamp(buf, sizeof(buf), gr->last_change_usec));
|
||||
}
|
||||
|
||||
if (gid_is_valid(gr->gid))
|
||||
printf(" GID: " GID_FMT "\n", gr->gid);
|
||||
|
||||
if (show_full_user_info) {
|
||||
_cleanup_(userdb_iterator_freep) UserDBIterator *iterator = NULL;
|
||||
|
||||
r = membershipdb_by_group(gr->group_name, 0, &iterator);
|
||||
if (r < 0) {
|
||||
errno = -r;
|
||||
printf(" Members: (can't acquire: %m)");
|
||||
} else {
|
||||
const char *prefix = " Members:";
|
||||
|
||||
for (;;) {
|
||||
_cleanup_free_ char *user = NULL;
|
||||
|
||||
r = membershipdb_iterator_get(iterator, &user, NULL);
|
||||
if (r == -ESRCH)
|
||||
break;
|
||||
if (r < 0) {
|
||||
errno = -r;
|
||||
printf("%s (can't iterate: %m\n", prefix);
|
||||
break;
|
||||
}
|
||||
|
||||
printf("%s %s\n", prefix, user);
|
||||
prefix = " ";
|
||||
}
|
||||
}
|
||||
} else {
|
||||
const char *prefix = " Members:";
|
||||
char **i;
|
||||
|
||||
STRV_FOREACH(i, gr->members) {
|
||||
printf("%s %s\n", prefix, *i);
|
||||
prefix = " ";
|
||||
}
|
||||
}
|
||||
|
||||
if (!strv_isempty(gr->administrators)) {
|
||||
const char *prefix = " Admins:";
|
||||
char **i;
|
||||
|
||||
STRV_FOREACH(i, gr->administrators) {
|
||||
printf("%s %s\n", prefix, *i);
|
||||
prefix = " ";
|
||||
}
|
||||
}
|
||||
|
||||
if (gr->description && !streq(gr->description, gr->group_name))
|
||||
printf(" Description: %s\n", gr->description);
|
||||
|
||||
if (!strv_isempty(gr->hashed_password))
|
||||
printf(" Passwords: %zu\n", strv_length(gr->hashed_password));
|
||||
|
||||
if (gr->service)
|
||||
printf(" Service: %s\n", gr->service);
|
||||
}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
/* SPDX-License-Identifier: LGPL-2.1+ */
|
||||
#pragma once
|
||||
|
||||
#include "group-record.h"
|
||||
|
||||
void group_record_show(GroupRecord *gr, bool show_full_user_info);
|
||||
|
|
@ -405,6 +405,9 @@ int json_variant_new_stringn(JsonVariant **ret, const char *s, size_t n) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
if (!utf8_is_valid_n(s, n)) /* JSON strings must be valid UTF-8 */
|
||||
return -EUCLEAN;
|
||||
|
||||
r = json_variant_new(&v, JSON_VARIANT_STRING, n + 1);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
|
@ -636,8 +639,12 @@ int json_variant_new_array_strv(JsonVariant **ret, char **l) {
|
|||
return r;
|
||||
|
||||
w->is_reference = true;
|
||||
} else
|
||||
} else {
|
||||
if (!utf8_is_valid_n(l[v->n_elements], k)) /* JSON strings must be valid UTF-8 */
|
||||
return -EUCLEAN;
|
||||
|
||||
memcpy(w->string, l[v->n_elements], k+1);
|
||||
}
|
||||
}
|
||||
|
||||
v->normalized = true;
|
||||
|
|
@ -1482,6 +1489,58 @@ static int print_source(FILE *f, JsonVariant *v, JsonFormatFlags flags, bool whi
|
|||
return 0;
|
||||
}
|
||||
|
||||
static void json_format_string(FILE *f, const char *q, JsonFormatFlags flags) {
|
||||
assert(q);
|
||||
|
||||
fputc('"', f);
|
||||
|
||||
if (flags & JSON_FORMAT_COLOR)
|
||||
fputs(ANSI_GREEN, f);
|
||||
|
||||
for (; *q; q++)
|
||||
switch (*q) {
|
||||
case '"':
|
||||
fputs("\\\"", f);
|
||||
break;
|
||||
|
||||
case '\\':
|
||||
fputs("\\\\", f);
|
||||
break;
|
||||
|
||||
case '\b':
|
||||
fputs("\\b", f);
|
||||
break;
|
||||
|
||||
case '\f':
|
||||
fputs("\\f", f);
|
||||
break;
|
||||
|
||||
case '\n':
|
||||
fputs("\\n", f);
|
||||
break;
|
||||
|
||||
case '\r':
|
||||
fputs("\\r", f);
|
||||
break;
|
||||
|
||||
case '\t':
|
||||
fputs("\\t", f);
|
||||
break;
|
||||
|
||||
default:
|
||||
if ((signed char) *q >= 0 && *q < ' ')
|
||||
fprintf(f, "\\u%04x", *q);
|
||||
else
|
||||
fputc(*q, f);
|
||||
break;
|
||||
}
|
||||
|
||||
if (flags & JSON_FORMAT_COLOR)
|
||||
fputs(ANSI_NORMAL, f);
|
||||
|
||||
fputc('"', f);
|
||||
}
|
||||
|
||||
static int json_format(FILE *f, JsonVariant *v, JsonFormatFlags flags, const char *prefix) {
|
||||
int r;
|
||||
|
||||
|
|
@ -1554,61 +1613,9 @@ static int json_format(FILE *f, JsonVariant *v, JsonFormatFlags flags, const cha
|
|||
fputs(ANSI_NORMAL, f);
|
||||
break;
|
||||
|
||||
case JSON_VARIANT_STRING: {
|
||||
const char *q;
|
||||
|
||||
fputc('"', f);
|
||||
|
||||
if (flags & JSON_FORMAT_COLOR)
|
||||
fputs(ANSI_GREEN, f);
|
||||
|
||||
for (q = json_variant_string(v); *q; q++) {
|
||||
|
||||
switch (*q) {
|
||||
|
||||
case '"':
|
||||
fputs("\\\"", f);
|
||||
break;
|
||||
|
||||
case '\\':
|
||||
fputs("\\\\", f);
|
||||
break;
|
||||
|
||||
case '\b':
|
||||
fputs("\\b", f);
|
||||
break;
|
||||
|
||||
case '\f':
|
||||
fputs("\\f", f);
|
||||
break;
|
||||
|
||||
case '\n':
|
||||
fputs("\\n", f);
|
||||
break;
|
||||
|
||||
case '\r':
|
||||
fputs("\\r", f);
|
||||
break;
|
||||
|
||||
case '\t':
|
||||
fputs("\\t", f);
|
||||
break;
|
||||
|
||||
default:
|
||||
if ((signed char) *q >= 0 && *q < ' ')
|
||||
fprintf(f, "\\u%04x", *q);
|
||||
else
|
||||
fputc(*q, f);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (flags & JSON_FORMAT_COLOR)
|
||||
fputs(ANSI_NORMAL, f);
|
||||
|
||||
fputc('"', f);
|
||||
case JSON_VARIANT_STRING:
|
||||
json_format_string(f, json_variant_string(v), flags);
|
||||
break;
|
||||
}
|
||||
|
||||
case JSON_VARIANT_ARRAY: {
|
||||
size_t i, n;
|
||||
|
|
|
|||
|
|
@ -74,13 +74,18 @@ int make_salt(char **ret) {
|
|||
#endif
|
||||
}
|
||||
|
||||
bool hashed_password_valid(const char *s) {
|
||||
|
||||
/* Returns true if the specified string is a 'valid' hashed UNIX password, i.e. if starts with '$' or
|
||||
* with '!$' (the latter being a valid, yet locked password). */
|
||||
|
||||
if (isempty(s))
|
||||
bool looks_like_hashed_password(const char *s) {
|
||||
/* Returns false if the specified string is certainly not a hashed UNIX password. crypt(5) lists
|
||||
* various hashing methods. We only reject (return false) strings which are documented to have
|
||||
* different meanings.
|
||||
*
|
||||
* In particular, we allow locked passwords, i.e. strings starting with "!", including just "!",
|
||||
* i.e. the locked empty password. See also fc58c0c7bf7e4f525b916e3e5be0de2307fef04e.
|
||||
*/
|
||||
if (!s)
|
||||
return false;
|
||||
|
||||
return STARTSWITH_SET(s, "$", "!$");
|
||||
s += strspn(s, "!"); /* Skip (possibly duplicated) locking prefix */
|
||||
|
||||
return !STR_IN_SET(s, "x", "*");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,4 +19,4 @@
|
|||
|
||||
int make_salt(char **ret);
|
||||
|
||||
bool hashed_password_valid(const char *s);
|
||||
bool looks_like_hashed_password(const char *s);
|
||||
|
|
|
|||
|
|
@ -113,10 +113,6 @@ shared_sources = files('''
|
|||
geneve-util.h
|
||||
gpt.c
|
||||
gpt.h
|
||||
group-record-nss.c
|
||||
group-record-nss.h
|
||||
group-record-show.c
|
||||
group-record-show.h
|
||||
group-record.c
|
||||
group-record.h
|
||||
id128-print.c
|
||||
|
|
|
|||
|
|
@ -6,10 +6,35 @@
|
|||
#include "strv.h"
|
||||
#include "user-record-nss.h"
|
||||
#include "user-util.h"
|
||||
#include "utf8.h"
|
||||
|
||||
#define SET_IF(field, condition, value, fallback) \
|
||||
field = (condition) ? (value) : (fallback)
|
||||
|
||||
static inline const char* utf8_only(const char *s) {
|
||||
return s && utf8_is_valid(s) ? s : NULL;
|
||||
}
|
||||
|
||||
static inline int strv_extend_strv_utf8_only(char ***dst, char **src, bool filter_duplicates) {
|
||||
_cleanup_free_ char **t = NULL;
|
||||
size_t l, j = 0;
|
||||
|
||||
/* First, do a shallow copy of s, filtering for only valid utf-8 strings */
|
||||
l = strv_length(src);
|
||||
t = new(char*, l + 1);
|
||||
if (!t)
|
||||
return -ENOMEM;
|
||||
|
||||
for (size_t i = 0; i < l; i++)
|
||||
if (utf8_is_valid(src[i]))
|
||||
t[j++] = src[i];
|
||||
if (j == 0)
|
||||
return 0;
|
||||
|
||||
t[j] = NULL;
|
||||
return strv_extend_strv(dst, t, filter_duplicates);
|
||||
}
|
||||
|
||||
int nss_passwd_to_user_record(
|
||||
const struct passwd *pwd,
|
||||
const struct spwd *spwd,
|
||||
|
|
@ -55,18 +80,19 @@ int nss_passwd_to_user_record(
|
|||
free_and_replace(hr->real_name, mangled);
|
||||
}
|
||||
|
||||
r = free_and_strdup(&hr->home_directory, empty_to_null(pwd->pw_dir));
|
||||
r = free_and_strdup(&hr->home_directory, utf8_only(empty_to_null(pwd->pw_dir)));
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = free_and_strdup(&hr->shell, empty_to_null(pwd->pw_shell));
|
||||
r = free_and_strdup(&hr->shell, utf8_only(empty_to_null(pwd->pw_shell)));
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
hr->uid = pwd->pw_uid;
|
||||
hr->gid = pwd->pw_gid;
|
||||
|
||||
if (spwd && hashed_password_valid(spwd->sp_pwdp)) {
|
||||
if (spwd &&
|
||||
looks_like_hashed_password(utf8_only(spwd->sp_pwdp))) { /* Ignore locked, disabled, and mojibake passwords */
|
||||
strv_free_erase(hr->hashed_password);
|
||||
hr->hashed_password = strv_new(spwd->sp_pwdp);
|
||||
if (!hr->hashed_password)
|
||||
|
|
@ -290,3 +316,216 @@ int nss_user_record_by_uid(
|
|||
(*ret)->incomplete = incomplete;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int nss_group_to_group_record(
|
||||
const struct group *grp,
|
||||
const struct sgrp *sgrp,
|
||||
GroupRecord **ret) {
|
||||
|
||||
_cleanup_(group_record_unrefp) GroupRecord *g = NULL;
|
||||
int r;
|
||||
|
||||
assert(grp);
|
||||
assert(ret);
|
||||
|
||||
if (isempty(grp->gr_name))
|
||||
return -EINVAL;
|
||||
|
||||
if (sgrp && !streq_ptr(sgrp->sg_namp, grp->gr_name))
|
||||
return -EINVAL;
|
||||
|
||||
g = group_record_new();
|
||||
if (!g)
|
||||
return -ENOMEM;
|
||||
|
||||
g->group_name = strdup(grp->gr_name);
|
||||
if (!g->group_name)
|
||||
return -ENOMEM;
|
||||
|
||||
r = strv_extend_strv_utf8_only(&g->members, grp->gr_mem, false);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
g->gid = grp->gr_gid;
|
||||
|
||||
if (sgrp) {
|
||||
if (looks_like_hashed_password(utf8_only(sgrp->sg_passwd))) {
|
||||
g->hashed_password = strv_new(sgrp->sg_passwd);
|
||||
if (!g->hashed_password)
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
r = strv_extend_strv_utf8_only(&g->members, sgrp->sg_mem, true);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = strv_extend_strv_utf8_only(&g->administrators, sgrp->sg_adm, false);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
r = json_build(&g->json, JSON_BUILD_OBJECT(
|
||||
JSON_BUILD_PAIR("groupName", JSON_BUILD_STRING(g->group_name)),
|
||||
JSON_BUILD_PAIR("gid", JSON_BUILD_UNSIGNED(g->gid)),
|
||||
JSON_BUILD_PAIR_CONDITION(!strv_isempty(g->members), "members", JSON_BUILD_STRV(g->members)),
|
||||
JSON_BUILD_PAIR_CONDITION(!strv_isempty(g->hashed_password), "privileged", JSON_BUILD_OBJECT(JSON_BUILD_PAIR("hashedPassword", JSON_BUILD_STRV(g->hashed_password)))),
|
||||
JSON_BUILD_PAIR_CONDITION(!strv_isempty(g->administrators), "administrators", JSON_BUILD_STRV(g->administrators))));
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
g->mask = USER_RECORD_REGULAR |
|
||||
(!strv_isempty(g->hashed_password) ? USER_RECORD_PRIVILEGED : 0);
|
||||
|
||||
*ret = TAKE_PTR(g);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int nss_sgrp_for_group(const struct group *grp, struct sgrp *ret_sgrp, char **ret_buffer) {
|
||||
size_t buflen = 4096;
|
||||
int r;
|
||||
|
||||
assert(grp);
|
||||
assert(ret_sgrp);
|
||||
assert(ret_buffer);
|
||||
|
||||
for (;;) {
|
||||
_cleanup_free_ char *buf = NULL;
|
||||
struct sgrp sgrp, *result;
|
||||
|
||||
buf = malloc(buflen);
|
||||
if (!buf)
|
||||
return -ENOMEM;
|
||||
|
||||
r = getsgnam_r(grp->gr_name, &sgrp, buf, buflen, &result);
|
||||
if (r == 0) {
|
||||
if (!result)
|
||||
return -ESRCH;
|
||||
|
||||
*ret_sgrp = *result;
|
||||
*ret_buffer = TAKE_PTR(buf);
|
||||
return 0;
|
||||
}
|
||||
if (r < 0)
|
||||
return -EIO; /* Weird, this should not return negative! */
|
||||
if (r != ERANGE)
|
||||
return -r;
|
||||
|
||||
if (buflen > SIZE_MAX / 2)
|
||||
return -ERANGE;
|
||||
|
||||
buflen *= 2;
|
||||
buf = mfree(buf);
|
||||
}
|
||||
}
|
||||
|
||||
int nss_group_record_by_name(
|
||||
const char *name,
|
||||
bool with_shadow,
|
||||
GroupRecord **ret) {
|
||||
|
||||
_cleanup_free_ char *buf = NULL, *sbuf = NULL;
|
||||
struct group grp, *result;
|
||||
bool incomplete = false;
|
||||
size_t buflen = 4096;
|
||||
struct sgrp sgrp, *sresult = NULL;
|
||||
int r;
|
||||
|
||||
assert(name);
|
||||
assert(ret);
|
||||
|
||||
for (;;) {
|
||||
buf = malloc(buflen);
|
||||
if (!buf)
|
||||
return -ENOMEM;
|
||||
|
||||
r = getgrnam_r(name, &grp, buf, buflen, &result);
|
||||
if (r == 0) {
|
||||
if (!result)
|
||||
return -ESRCH;
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
if (r < 0)
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "getgrnam_r() returned a negative value");
|
||||
if (r != ERANGE)
|
||||
return -r;
|
||||
if (buflen > SIZE_MAX / 2)
|
||||
return -ERANGE;
|
||||
|
||||
buflen *= 2;
|
||||
buf = mfree(buf);
|
||||
}
|
||||
|
||||
if (with_shadow) {
|
||||
r = nss_sgrp_for_group(result, &sgrp, &sbuf);
|
||||
if (r < 0) {
|
||||
log_debug_errno(r, "Failed to do shadow lookup for group %s, ignoring: %m", result->gr_name);
|
||||
incomplete = ERRNO_IS_PRIVILEGE(r);
|
||||
} else
|
||||
sresult = &sgrp;
|
||||
} else
|
||||
incomplete = true;
|
||||
|
||||
r = nss_group_to_group_record(result, sresult, ret);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
(*ret)->incomplete = incomplete;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int nss_group_record_by_gid(
|
||||
gid_t gid,
|
||||
bool with_shadow,
|
||||
GroupRecord **ret) {
|
||||
|
||||
_cleanup_free_ char *buf = NULL, *sbuf = NULL;
|
||||
struct group grp, *result;
|
||||
bool incomplete = false;
|
||||
size_t buflen = 4096;
|
||||
struct sgrp sgrp, *sresult = NULL;
|
||||
int r;
|
||||
|
||||
assert(ret);
|
||||
|
||||
for (;;) {
|
||||
buf = malloc(buflen);
|
||||
if (!buf)
|
||||
return -ENOMEM;
|
||||
|
||||
r = getgrgid_r(gid, &grp, buf, buflen, &result);
|
||||
if (r == 0) {
|
||||
if (!result)
|
||||
return -ESRCH;
|
||||
break;
|
||||
}
|
||||
|
||||
if (r < 0)
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "getgrgid_r() returned a negative value");
|
||||
if (r != ERANGE)
|
||||
return -r;
|
||||
if (buflen > SIZE_MAX / 2)
|
||||
return -ERANGE;
|
||||
|
||||
buflen *= 2;
|
||||
buf = mfree(buf);
|
||||
}
|
||||
|
||||
if (with_shadow) {
|
||||
r = nss_sgrp_for_group(result, &sgrp, &sbuf);
|
||||
if (r < 0) {
|
||||
log_debug_errno(r, "Failed to do shadow lookup for group %s, ignoring: %m", result->gr_name);
|
||||
incomplete = ERRNO_IS_PRIVILEGE(r);
|
||||
} else
|
||||
sresult = &sgrp;
|
||||
} else
|
||||
incomplete = true;
|
||||
|
||||
r = nss_group_to_group_record(result, sresult, ret);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
(*ret)->incomplete = incomplete;
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,15 +1,24 @@
|
|||
/* SPDX-License-Identifier: LGPL-2.1+ */
|
||||
#pragma once
|
||||
|
||||
#include <grp.h>
|
||||
#include <gshadow.h>
|
||||
#include <pwd.h>
|
||||
#include <shadow.h>
|
||||
|
||||
#include "group-record.h"
|
||||
#include "user-record.h"
|
||||
|
||||
/* Synthesizes a UserRecord object from NSS data */
|
||||
/* Synthesize UserRecord and GroupRecord objects from NSS data */
|
||||
|
||||
int nss_passwd_to_user_record(const struct passwd *pwd, const struct spwd *spwd, UserRecord **ret);
|
||||
int nss_spwd_for_passwd(const struct passwd *pwd, struct spwd *ret_spwd, char **ret_buffer);
|
||||
|
||||
int nss_user_record_by_name(const char *name, bool with_shadow, UserRecord **ret);
|
||||
int nss_user_record_by_uid(uid_t uid, bool with_shadow, UserRecord **ret);
|
||||
|
||||
int nss_group_to_group_record(const struct group *grp, const struct sgrp *sgrp, GroupRecord **ret);
|
||||
int nss_sgrp_for_group(const struct group *grp, struct sgrp *ret_sgrp, char **ret_buffer);
|
||||
|
||||
int nss_group_record_by_name(const char *name, bool with_shadow, GroupRecord **ret);
|
||||
int nss_group_record_by_gid(gid_t gid, bool with_shadow, GroupRecord **ret);
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
#include "format-util.h"
|
||||
#include "fs-util.h"
|
||||
#include "group-record.h"
|
||||
#include "process-util.h"
|
||||
#include "rlimit-util.h"
|
||||
#include "strv.h"
|
||||
|
|
@ -506,3 +505,75 @@ void user_record_show(UserRecord *hr, bool show_full_group_info) {
|
|||
if (hr->service)
|
||||
printf(" Service: %s\n", hr->service);
|
||||
}
|
||||
|
||||
void group_record_show(GroupRecord *gr, bool show_full_user_info) {
|
||||
int r;
|
||||
|
||||
printf(" Group name: %s\n",
|
||||
group_record_group_name_and_realm(gr));
|
||||
|
||||
printf(" Disposition: %s\n", user_disposition_to_string(group_record_disposition(gr)));
|
||||
|
||||
if (gr->last_change_usec != USEC_INFINITY) {
|
||||
char buf[FORMAT_TIMESTAMP_MAX];
|
||||
printf(" Last Change: %s\n", format_timestamp(buf, sizeof(buf), gr->last_change_usec));
|
||||
}
|
||||
|
||||
if (gid_is_valid(gr->gid))
|
||||
printf(" GID: " GID_FMT "\n", gr->gid);
|
||||
|
||||
if (show_full_user_info) {
|
||||
_cleanup_(userdb_iterator_freep) UserDBIterator *iterator = NULL;
|
||||
|
||||
r = membershipdb_by_group(gr->group_name, 0, &iterator);
|
||||
if (r < 0) {
|
||||
errno = -r;
|
||||
printf(" Members: (can't acquire: %m)");
|
||||
} else {
|
||||
const char *prefix = " Members:";
|
||||
|
||||
for (;;) {
|
||||
_cleanup_free_ char *user = NULL;
|
||||
|
||||
r = membershipdb_iterator_get(iterator, &user, NULL);
|
||||
if (r == -ESRCH)
|
||||
break;
|
||||
if (r < 0) {
|
||||
errno = -r;
|
||||
printf("%s (can't iterate: %m\n", prefix);
|
||||
break;
|
||||
}
|
||||
|
||||
printf("%s %s\n", prefix, user);
|
||||
prefix = " ";
|
||||
}
|
||||
}
|
||||
} else {
|
||||
const char *prefix = " Members:";
|
||||
char **i;
|
||||
|
||||
STRV_FOREACH(i, gr->members) {
|
||||
printf("%s %s\n", prefix, *i);
|
||||
prefix = " ";
|
||||
}
|
||||
}
|
||||
|
||||
if (!strv_isempty(gr->administrators)) {
|
||||
const char *prefix = " Admins:";
|
||||
char **i;
|
||||
|
||||
STRV_FOREACH(i, gr->administrators) {
|
||||
printf("%s %s\n", prefix, *i);
|
||||
prefix = " ";
|
||||
}
|
||||
}
|
||||
|
||||
if (gr->description && !streq(gr->description, gr->group_name))
|
||||
printf(" Description: %s\n", gr->description);
|
||||
|
||||
if (!strv_isempty(gr->hashed_password))
|
||||
printf(" Passwords: %zu\n", strv_length(gr->hashed_password));
|
||||
|
||||
if (gr->service)
|
||||
printf(" Service: %s\n", gr->service);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,7 +2,9 @@
|
|||
#pragma once
|
||||
|
||||
#include "user-record.h"
|
||||
#include "group-record.h"
|
||||
|
||||
const char *user_record_state_color(const char *state);
|
||||
|
||||
void user_record_show(UserRecord *hr, bool show_full_group_info);
|
||||
void group_record_show(GroupRecord *gr, bool show_full_user_info);
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@
|
|||
#include "dlfcn-util.h"
|
||||
#include "errno-util.h"
|
||||
#include "fd-util.h"
|
||||
#include "group-record-nss.h"
|
||||
#include "missing_syscall.h"
|
||||
#include "parse-util.h"
|
||||
#include "set.h"
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@
|
|||
#include "io-util.h"
|
||||
#include "list.h"
|
||||
#include "process-util.h"
|
||||
#include "selinux-util.h"
|
||||
#include "set.h"
|
||||
#include "socket-util.h"
|
||||
#include "string-table.h"
|
||||
|
|
@ -579,11 +580,17 @@ static int varlink_parse_message(Varlink *v) {
|
|||
|
||||
sz = e - begin + 1;
|
||||
|
||||
varlink_log(v, "New incoming message: %s", begin);
|
||||
varlink_log(v, "New incoming message: %s", begin); /* FIXME: should we output the whole message here before validation?
|
||||
* This may produce a non-printable journal entry if the message
|
||||
* is invalid. We may also expose privileged information. */
|
||||
|
||||
r = json_parse(begin, 0, &v->current, NULL, NULL);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r < 0) {
|
||||
/* If we encounter a parse failure flush all data. We cannot possibly recover from this,
|
||||
* hence drop all buffered data now. */
|
||||
v->input_buffer_index = v->input_buffer_size = v->input_buffer_unscanned = 0;
|
||||
return varlink_log_errno(v, r, "Failed to parse JSON: %m");
|
||||
}
|
||||
|
||||
v->input_buffer_size -= sz;
|
||||
|
||||
|
|
@ -2243,9 +2250,11 @@ int varlink_server_listen_address(VarlinkServer *s, const char *address, mode_t
|
|||
|
||||
(void) sockaddr_un_unlink(&sockaddr.un);
|
||||
|
||||
RUN_WITH_UMASK(~m & 0777)
|
||||
if (bind(fd, &sockaddr.sa, sockaddr_len) < 0)
|
||||
return -errno;
|
||||
RUN_WITH_UMASK(~m & 0777) {
|
||||
r = mac_selinux_bind(fd, &sockaddr.sa, sockaddr_len);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
if (listen(fd, SOMAXCONN) < 0)
|
||||
return -errno;
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
#include <math.h>
|
||||
|
||||
#include "alloc-util.h"
|
||||
#include "escape.h"
|
||||
#include "fd-util.h"
|
||||
#include "fileio.h"
|
||||
#include "json-internal.h"
|
||||
|
|
@ -17,6 +18,10 @@ static void test_tokenizer(const char *data, ...) {
|
|||
void *state = NULL;
|
||||
va_list ap;
|
||||
|
||||
_cleanup_free_ char *cdata;
|
||||
assert_se(cdata = cescape(data));
|
||||
log_info("/* %s data=\"%s\" */", __func__, cdata);
|
||||
|
||||
va_start(ap, data);
|
||||
|
||||
for (;;) {
|
||||
|
|
@ -82,6 +87,10 @@ static void test_variant(const char *data, Test test) {
|
|||
_cleanup_free_ char *s = NULL;
|
||||
int r;
|
||||
|
||||
_cleanup_free_ char *cdata;
|
||||
assert_se(cdata = cescape(data));
|
||||
log_info("/* %s data=\"%s\" */", __func__, cdata);
|
||||
|
||||
r = json_parse(data, 0, &v, NULL, NULL);
|
||||
assert_se(r == 0);
|
||||
assert_se(v);
|
||||
|
|
@ -140,6 +149,8 @@ static void test_1(JsonVariant *v) {
|
|||
JsonVariant *p, *q;
|
||||
unsigned i;
|
||||
|
||||
log_info("/* %s */", __func__);
|
||||
|
||||
/* 3 keys + 3 values */
|
||||
assert_se(json_variant_elements(v) == 6);
|
||||
|
||||
|
|
@ -173,6 +184,8 @@ static void test_1(JsonVariant *v) {
|
|||
static void test_2(JsonVariant *v) {
|
||||
JsonVariant *p, *q;
|
||||
|
||||
log_info("/* %s */", __func__);
|
||||
|
||||
/* 2 keys + 2 values */
|
||||
assert_se(json_variant_elements(v) == 4);
|
||||
|
||||
|
|
@ -216,13 +229,12 @@ static void test_2(JsonVariant *v) {
|
|||
}
|
||||
|
||||
static void test_zeroes(JsonVariant *v) {
|
||||
size_t i;
|
||||
|
||||
/* Make sure zero is how we expect it. */
|
||||
log_info("/* %s */", __func__);
|
||||
|
||||
assert_se(json_variant_elements(v) == 13);
|
||||
|
||||
for (i = 0; i < json_variant_elements(v); i++) {
|
||||
for (size_t i = 0; i < json_variant_elements(v); i++) {
|
||||
JsonVariant *w;
|
||||
size_t j;
|
||||
|
||||
|
|
@ -255,6 +267,8 @@ static void test_zeroes(JsonVariant *v) {
|
|||
}
|
||||
|
||||
static void test_build(void) {
|
||||
log_info("/* %s */", __func__);
|
||||
|
||||
_cleanup_(json_variant_unrefp) JsonVariant *a = NULL, *b = NULL;
|
||||
_cleanup_free_ char *s = NULL, *t = NULL;
|
||||
|
||||
|
|
@ -355,6 +369,8 @@ static void test_source(void) {
|
|||
"false, 7.5, {} ]\n"
|
||||
"}\n";
|
||||
|
||||
log_info("/* %s */", __func__);
|
||||
|
||||
_cleanup_fclose_ FILE *f = NULL;
|
||||
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
|
||||
|
||||
|
|
@ -376,15 +392,16 @@ static void test_source(void) {
|
|||
}
|
||||
|
||||
static void test_depth(void) {
|
||||
log_info("/* %s */", __func__);
|
||||
|
||||
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
|
||||
unsigned i;
|
||||
int r;
|
||||
|
||||
v = JSON_VARIANT_STRING_CONST("start");
|
||||
|
||||
/* Let's verify that the maximum depth checks work */
|
||||
|
||||
for (i = 0;; i++) {
|
||||
for (unsigned i = 0;; i++) {
|
||||
_cleanup_(json_variant_unrefp) JsonVariant *w = NULL;
|
||||
|
||||
assert_se(i <= UINT16_MAX);
|
||||
|
|
@ -415,6 +432,8 @@ static void test_depth(void) {
|
|||
}
|
||||
|
||||
static void test_normalize(void) {
|
||||
log_info("/* %s */", __func__);
|
||||
|
||||
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL, *w = NULL;
|
||||
_cleanup_free_ char *t = NULL;
|
||||
|
||||
|
|
@ -459,12 +478,13 @@ static void test_normalize(void) {
|
|||
}
|
||||
|
||||
static void test_bisect(void) {
|
||||
log_info("/* %s */", __func__);
|
||||
|
||||
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
|
||||
char c;
|
||||
|
||||
/* Tests the bisection logic in json_variant_by_key() */
|
||||
|
||||
for (c = 'z'; c >= 'a'; c--) {
|
||||
for (char c = 'z'; c >= 'a'; c--) {
|
||||
|
||||
if ((c % 3) == 0)
|
||||
continue;
|
||||
|
|
@ -484,7 +504,7 @@ static void test_bisect(void) {
|
|||
|
||||
json_variant_dump(v, JSON_FORMAT_COLOR|JSON_FORMAT_PRETTY, NULL, NULL);
|
||||
|
||||
for (c = 'a'; c <= 'z'; c++) {
|
||||
for (char c = 'a'; c <= 'z'; c++) {
|
||||
JsonVariant *k;
|
||||
const char *z;
|
||||
|
||||
|
|
@ -543,7 +563,7 @@ int main(int argc, char *argv[]) {
|
|||
|
||||
test_variant("{\"k\": \"v\", \"foo\": [1, 2, 3], \"bar\": {\"zap\": null}}", test_1);
|
||||
test_variant("{\"mutant\": [1, null, \"1\", {\"1\": [1, \"1\"]}], \"thisisaverylongproperty\": 1.27}", test_2);
|
||||
test_variant("{\"foo\" : \"\\uDBFF\\uDFFF\\\"\\uD9FF\\uDFFFFFF\\\"\\uDBFF\\uDFFF\\\"\\uD9FF\\uDFFF\\uDBFF\\uDFFFF\\uDBFF\\uDFFF\\uDBFF\\uDFFF\\uDBFF\\uDFFF\\uDBFF\\uDFFF\\\"\\uD9FF\\uDFFFFF\\\"\\uDBFF\\uDFFF\\\"\\uD9FF\\uDFFF\\uDBFF\\uDFFF\"}", NULL);
|
||||
test_variant("{\"foo\" : \"\\u0935\\u093f\\u0935\\u0947\\u0915\\u0916\\u094d\\u092f\\u093e\\u0924\\u093f\\u0930\\u0935\\u093f\\u092a\\u094d\\u0932\\u0935\\u093e\\u0020\\u0939\\u093e\\u0928\\u094b\\u092a\\u093e\\u092f\\u0903\\u0964\"}", NULL);
|
||||
|
||||
test_variant("[ 0, -0, 0.0, -0.0, 0.000, -0.000, 0e0, -0e0, 0e+0, -0e-0, 0e-0, -0e000, 0e+000 ]", test_zeroes);
|
||||
|
||||
|
|
|
|||
|
|
@ -18,6 +18,25 @@ static void test_utf8_is_printable(void) {
|
|||
assert_se(utf8_is_printable("\t", 1));
|
||||
}
|
||||
|
||||
static void test_utf8_n_is_valid(void) {
|
||||
log_info("/* %s */", __func__);
|
||||
|
||||
assert_se( utf8_is_valid_n("ascii is valid unicode", 21));
|
||||
assert_se( utf8_is_valid_n("ascii is valid unicode", 22));
|
||||
assert_se(!utf8_is_valid_n("ascii is valid unicode", 23));
|
||||
assert_se( utf8_is_valid_n("\342\204\242", 0));
|
||||
assert_se(!utf8_is_valid_n("\342\204\242", 1));
|
||||
assert_se(!utf8_is_valid_n("\342\204\242", 2));
|
||||
assert_se( utf8_is_valid_n("\342\204\242", 3));
|
||||
assert_se(!utf8_is_valid_n("\342\204\242", 4));
|
||||
assert_se( utf8_is_valid_n("<ZZ>", 0));
|
||||
assert_se( utf8_is_valid_n("<ZZ>", 1));
|
||||
assert_se( utf8_is_valid_n("<ZZ>", 2));
|
||||
assert_se( utf8_is_valid_n("<ZZ>", 3));
|
||||
assert_se( utf8_is_valid_n("<ZZ>", 4));
|
||||
assert_se(!utf8_is_valid_n("<ZZ>", 5));
|
||||
}
|
||||
|
||||
static void test_utf8_is_valid(void) {
|
||||
log_info("/* %s */", __func__);
|
||||
|
||||
|
|
@ -216,6 +235,7 @@ static void test_utf8_to_utf16(void) {
|
|||
}
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
test_utf8_n_is_valid();
|
||||
test_utf8_is_valid();
|
||||
test_utf8_is_printable();
|
||||
test_ascii_is_valid();
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@
|
|||
#include "fd-util.h"
|
||||
#include "format-table.h"
|
||||
#include "format-util.h"
|
||||
#include "group-record-show.h"
|
||||
#include "main-func.h"
|
||||
#include "pager.h"
|
||||
#include "parse-util.h"
|
||||
|
|
@ -687,7 +686,8 @@ static int parse_argv(int argc, char *argv[]) {
|
|||
else if (streq(optarg, "help")) {
|
||||
puts("classic\n"
|
||||
"friendly\n"
|
||||
"json");
|
||||
"json\n"
|
||||
"table");
|
||||
return 0;
|
||||
} else
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid --output= mode: %s", optarg);
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
|
||||
/* This service offers two Varlink services, both implementing io.systemd.UserDatabase:
|
||||
*
|
||||
* → io.systemd.NameServiceSwitch: this is a compatibility interface for glibc NSS: it response to
|
||||
* → io.systemd.NameServiceSwitch: this is a compatibility interface for glibc NSS: it responds to
|
||||
* name lookups by checking the classic NSS interfaces and responding that.
|
||||
*
|
||||
* → io.systemd.Multiplexer: this multiplexes lookup requests to all Varlink services that have a
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@
|
|||
|
||||
#include "env-util.h"
|
||||
#include "fd-util.h"
|
||||
#include "group-record-nss.h"
|
||||
#include "group-record.h"
|
||||
#include "io-util.h"
|
||||
#include "main-func.h"
|
||||
|
|
|
|||
Loading…
Reference in New Issue