Compare commits

..

No commits in common. "faf1bb8244067f5dab4932e0071dfeebd046c08a" and "25f9288e31a586460c13d49edea9edafdca2a972" have entirely different histories.

6 changed files with 57 additions and 74 deletions

View File

@ -86,11 +86,3 @@ static inline bool ERRNO_IS_RESOURCE(int r) {
ENFILE, ENFILE,
ENOMEM); ENOMEM);
} }
/* Three different errors for "operation/system call/ioctl not supported" */
static inline bool ERRNO_IS_NOT_SUPPORTED(int r) {
return IN_SET(abs(r),
EOPNOTSUPP,
ENOTTY,
ENOSYS);
}

View File

@ -228,7 +228,7 @@ static int parse_one_option(const char *option) {
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to parse %s: %m", option); return log_error_errno(r, "Failed to parse %s: %m", option);
} else } else if (!streq(option, "none"))
log_warning("Encountered unknown /etc/crypttab option '%s', ignoring.", option); log_warning("Encountered unknown /etc/crypttab option '%s', ignoring.", option);
return 0; return 0;
@ -253,10 +253,10 @@ static int parse_options(const char *options) {
} }
/* sanity-check options */ /* sanity-check options */
if (arg_type && !streq(arg_type, CRYPT_PLAIN)) { if (arg_type != NULL && !streq(arg_type, CRYPT_PLAIN)) {
if (arg_offset != 0) if (arg_offset)
log_warning("offset= ignored with type %s", arg_type); log_warning("offset= ignored with type %s", arg_type);
if (arg_skip != 0) if (arg_skip)
log_warning("skip= ignored with type %s", arg_type); log_warning("skip= ignored with type %s", arg_type);
} }
@ -462,13 +462,11 @@ static int attach_tcrypt(
return 0; return 0;
} }
static int attach_luks_or_plain( static int attach_luks_or_plain(struct crypt_device *cd,
struct crypt_device *cd,
const char *name, const char *name,
const char *key_file, const char *key_file,
char **passwords, char **passwords,
uint32_t flags) { uint32_t flags) {
int r = 0; int r = 0;
bool pass_volume_key = false; bool pass_volume_key = false;
@ -540,7 +538,6 @@ static int attach_luks_or_plain(
} }
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to activate with key file '%s': %m", key_file); return log_error_errno(r, "Failed to activate with key file '%s': %m", key_file);
} else { } else {
char **p; char **p;
@ -635,21 +632,25 @@ static int run(int argc, char *argv[]) {
if (argc < 4) if (argc < 4)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "attach requires at least two arguments."); return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "attach requires at least two arguments.");
if (argc >= 5 && !STR_IN_SET(argv[4], "", "-", "none")) { if (argc >= 5 &&
if (path_is_absolute(argv[4])) argv[4][0] &&
key_file = argv[4]; !streq(argv[4], "-") &&
else !streq(argv[4], "none")) {
if (!path_is_absolute(argv[4]))
log_warning("Password file path '%s' is not absolute. Ignoring.", argv[4]); log_warning("Password file path '%s' is not absolute. Ignoring.", argv[4]);
else
key_file = argv[4];
} }
if (argc >= 6 && !STR_IN_SET(argv[5], "", "-", "none")) { if (argc >= 6 && argv[5][0] && !streq(argv[5], "-")) {
r = parse_options(argv[5]); r = parse_options(argv[5]);
if (r < 0) if (r < 0)
return r; return r;
} }
/* A delicious drop of snake oil */ /* A delicious drop of snake oil */
(void) mlockall(MCL_FUTURE); mlockall(MCL_FUTURE);
if (arg_header) { if (arg_header) {
log_debug("LUKS header: %s", arg_header); log_debug("LUKS header: %s", arg_header);
@ -722,7 +723,11 @@ static int run(int argc, char *argv[]) {
if (streq_ptr(arg_type, CRYPT_TCRYPT)) if (streq_ptr(arg_type, CRYPT_TCRYPT))
r = attach_tcrypt(cd, argv[2], key_file, passwords, flags); r = attach_tcrypt(cd, argv[2], key_file, passwords, flags);
else else
r = attach_luks_or_plain(cd, argv[2], key_file, passwords, flags); r = attach_luks_or_plain(cd,
argv[2],
key_file,
passwords,
flags);
if (r >= 0) if (r >= 0)
break; break;
if (r != -EAGAIN) if (r != -EAGAIN)

View File

@ -36,8 +36,6 @@
#include "strv.h" #include "strv.h"
#include "terminal-util.h" #include "terminal-util.h"
#define LOGIN_SLOW_BUS_CALL_TIMEOUT_USEC (2*USEC_PER_MINUTE)
static int parse_argv( static int parse_argv(
pam_handle_t *handle, pam_handle_t *handle,
int argc, const char **argv, int argc, const char **argv,
@ -52,30 +50,28 @@ static int parse_argv(
assert(argc == 0 || argv); assert(argc == 0 || argv);
for (i = 0; i < (unsigned) argc; i++) { for (i = 0; i < (unsigned) argc; i++) {
const char *p; if (startswith(argv[i], "class=")) {
if ((p = startswith(argv[i], "class="))) {
if (class) if (class)
*class = p; *class = argv[i] + 6;
} else if ((p = startswith(argv[i], "type="))) { } else if (startswith(argv[i], "type=")) {
if (type) if (type)
*type = p; *type = argv[i] + 5;
} else if ((p = startswith(argv[i], "desktop="))) { } else if (startswith(argv[i], "desktop=")) {
if (desktop) if (desktop)
*desktop = p; *desktop = argv[i] + 8;
} else if (streq(argv[i], "debug")) { } else if (streq(argv[i], "debug")) {
if (debug) if (debug)
*debug = true; *debug = true;
} else if ((p = startswith(argv[i], "debug="))) { } else if (startswith(argv[i], "debug=")) {
int k; int k;
k = parse_boolean(p); k = parse_boolean(argv[i] + 6);
if (k < 0) if (k < 0)
pam_syslog(handle, LOG_WARNING, "Failed to parse debug= argument, ignoring: %s", p); pam_syslog(handle, LOG_WARNING, "Failed to parse debug= argument, ignoring.");
else if (debug) else if (debug)
*debug = k; *debug = k;
@ -101,7 +97,7 @@ static int get_user_data(
r = pam_get_user(handle, &username, NULL); r = pam_get_user(handle, &username, NULL);
if (r != PAM_SUCCESS) { if (r != PAM_SUCCESS) {
pam_syslog(handle, LOG_ERR, "Failed to get user name: %s", pam_strerror(handle, r)); pam_syslog(handle, LOG_ERR, "Failed to get user name.");
return r; return r;
} }
@ -387,7 +383,7 @@ static int update_environment(pam_handle_t *handle, const char *key, const char
r = pam_misc_setenv(handle, key, value, 0); r = pam_misc_setenv(handle, key, value, 0);
if (r != PAM_SUCCESS) if (r != PAM_SUCCESS)
pam_syslog(handle, LOG_ERR, "Failed to set environment variable %s: %s", key, pam_strerror(handle, r)); pam_syslog(handle, LOG_ERR, "Failed to set environment variable %s.", key);
return r; return r;
} }
@ -395,7 +391,6 @@ static int update_environment(pam_handle_t *handle, const char *key, const char
static bool validate_runtime_directory(pam_handle_t *handle, const char *path, uid_t uid) { static bool validate_runtime_directory(pam_handle_t *handle, const char *path, uid_t uid) {
struct stat st; struct stat st;
assert(handle);
assert(path); assert(path);
/* Just some extra paranoia: let's not set $XDG_RUNTIME_DIR if the directory we'd set it to isn't actually set /* Just some extra paranoia: let's not set $XDG_RUNTIME_DIR if the directory we'd set it to isn't actually set
@ -464,8 +459,10 @@ _public_ PAM_EXTERN int pam_sm_open_session(
pam_syslog(handle, LOG_DEBUG, "pam-systemd initializing"); pam_syslog(handle, LOG_DEBUG, "pam-systemd initializing");
r = get_user_data(handle, &username, &pw); r = get_user_data(handle, &username, &pw);
if (r != PAM_SUCCESS) if (r != PAM_SUCCESS) {
pam_syslog(handle, LOG_ERR, "Failed to get user data.");
return r; return r;
}
/* Make sure we don't enter a loop by talking to /* Make sure we don't enter a loop by talking to
* systemd-logind when it is actually waiting for the * systemd-logind when it is actually waiting for the
@ -473,7 +470,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
* "systemd-user" we simply set XDG_RUNTIME_DIR and * "systemd-user" we simply set XDG_RUNTIME_DIR and
* leave. */ * leave. */
(void) pam_get_item(handle, PAM_SERVICE, (const void**) &service); pam_get_item(handle, PAM_SERVICE, (const void**) &service);
if (streq_ptr(service, "systemd-user")) { if (streq_ptr(service, "systemd-user")) {
char rt[STRLEN("/run/user/") + DECIMAL_STR_MAX(uid_t)]; char rt[STRLEN("/run/user/") + DECIMAL_STR_MAX(uid_t)];
@ -481,7 +478,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
if (validate_runtime_directory(handle, rt, pw->pw_uid)) { if (validate_runtime_directory(handle, rt, pw->pw_uid)) {
r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", rt, 0); r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", rt, 0);
if (r != PAM_SUCCESS) { if (r != PAM_SUCCESS) {
pam_syslog(handle, LOG_ERR, "Failed to set runtime dir: %s", pam_strerror(handle, r)); pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
return r; return r;
} }
} }
@ -495,10 +492,10 @@ _public_ PAM_EXTERN int pam_sm_open_session(
/* Otherwise, we ask logind to create a session for us */ /* Otherwise, we ask logind to create a session for us */
(void) pam_get_item(handle, PAM_XDISPLAY, (const void**) &display); pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
(void) pam_get_item(handle, PAM_TTY, (const void**) &tty); pam_get_item(handle, PAM_TTY, (const void**) &tty);
(void) pam_get_item(handle, PAM_RUSER, (const void**) &remote_user); pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
(void) pam_get_item(handle, PAM_RHOST, (const void**) &remote_host); pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);
seat = getenv_harder(handle, "XDG_SEAT", NULL); seat = getenv_harder(handle, "XDG_SEAT", NULL);
cvtnr = getenv_harder(handle, "XDG_VTNR", NULL); cvtnr = getenv_harder(handle, "XDG_VTNR", NULL);
@ -655,7 +652,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
return PAM_SYSTEM_ERR; return PAM_SYSTEM_ERR;
} }
r = sd_bus_call(bus, m, LOGIN_SLOW_BUS_CALL_TIMEOUT_USEC, &error, &reply); r = sd_bus_call(bus, m, 0, &error, &reply);
if (r < 0) { if (r < 0) {
if (sd_bus_error_has_name(&error, BUS_ERROR_SESSION_BUSY)) { if (sd_bus_error_has_name(&error, BUS_ERROR_SESSION_BUSY)) {
if (debug) if (debug)
@ -663,7 +660,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
return PAM_SUCCESS; return PAM_SUCCESS;
} else { } else {
pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error, r)); pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error, r));
return PAM_SESSION_ERR; return PAM_SYSTEM_ERR;
} }
} }
@ -740,7 +737,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
r = pam_set_data(handle, "systemd.existing", INT_TO_PTR(!!existing), NULL); r = pam_set_data(handle, "systemd.existing", INT_TO_PTR(!!existing), NULL);
if (r != PAM_SUCCESS) { if (r != PAM_SUCCESS) {
pam_syslog(handle, LOG_ERR, "Failed to install existing flag: %s", pam_strerror(handle, r)); pam_syslog(handle, LOG_ERR, "Failed to install existing flag.");
return r; return r;
} }
@ -753,7 +750,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
r = pam_set_data(handle, "systemd.session-fd", FD_TO_PTR(session_fd), NULL); r = pam_set_data(handle, "systemd.session-fd", FD_TO_PTR(session_fd), NULL);
if (r != PAM_SUCCESS) { if (r != PAM_SUCCESS) {
pam_syslog(handle, LOG_ERR, "Failed to install session fd: %s", pam_strerror(handle, r)); pam_syslog(handle, LOG_ERR, "Failed to install session fd.");
safe_close(session_fd); safe_close(session_fd);
return r; return r;
} }

View File

@ -168,12 +168,7 @@ static int ask_password_keyring(const char *keyname, AskPasswordFlags flags, cha
return -EUNATCH; return -EUNATCH;
r = lookup_key(keyname, &serial); r = lookup_key(keyname, &serial);
if (ERRNO_IS_NOT_SUPPORTED(r) || r == -EPERM) /* when retrieving the distinction between "kernel or if (r == -ENOSYS) /* when retrieving the distinction doesn't matter */
* container manager don't support or allow this" and
* "no matching key known" doesn't matter. Note that we
* propagate EACCESS here (even if EPERM not) since
* that is used if the keyring is available but we lack
* access to the key. */
return -ENOKEY; return -ENOKEY;
if (r < 0) if (r < 0)
return r; return r;

View File

@ -1014,9 +1014,7 @@ void udev_event_execute_run(UdevEvent *event, usec_t timeout_usec) {
log_device_debug(event->dev, "Running command \"%s\"", command); log_device_debug(event->dev, "Running command \"%s\"", command);
r = udev_event_spawn(event, timeout_usec, false, command, NULL, 0); r = udev_event_spawn(event, timeout_usec, false, command, NULL, 0);
if (r < 0) if (r > 0) /* returned value is positive when program fails */
log_device_warning_errno(event->dev, r, "Failed to execute '%s', ignoring: %m", command);
else if (r > 0) /* returned value is positive when program fails */
log_device_debug(event->dev, "Command \"%s\" returned %d (error), ignoring.", command, r); log_device_debug(event->dev, "Command \"%s\" returned %d (error), ignoring.", command, r);
} }
} }

View File

@ -1665,13 +1665,10 @@ static int udev_rule_apply_token_to_event(
log_rule_debug(dev, rules, "Running PROGRAM '%s'", buf); log_rule_debug(dev, rules, "Running PROGRAM '%s'", buf);
r = udev_event_spawn(event, timeout_usec, true, buf, result, sizeof(result)); r = udev_event_spawn(event, timeout_usec, true, buf, result, sizeof(result));
if (r != 0) {
if (r < 0) if (r < 0)
log_rule_warning_errno(dev, rules, r, "Failed to execute '%s', ignoring: %m", buf); return log_rule_error_errno(dev, rules, r, "Failed to execute '%s': %m", buf);
else /* returned value is positive when program fails */ if (r > 0)
log_rule_debug(dev, rules, "Command \"%s\" returned %d (error), ignoring", buf, r);
return token->op == OP_NOMATCH; return token->op == OP_NOMATCH;
}
delete_trailing_chars(result, "\n"); delete_trailing_chars(result, "\n");
count = util_replace_chars(result, UDEV_ALLOWED_CHARS_INPUT); count = util_replace_chars(result, UDEV_ALLOWED_CHARS_INPUT);
@ -1735,10 +1732,9 @@ static int udev_rule_apply_token_to_event(
log_rule_debug(dev, rules, "Importing properties from results of '%s'", buf); log_rule_debug(dev, rules, "Importing properties from results of '%s'", buf);
r = udev_event_spawn(event, timeout_usec, true, buf, result, sizeof result); r = udev_event_spawn(event, timeout_usec, true, buf, result, sizeof result);
if (r != 0) {
if (r < 0) if (r < 0)
log_rule_warning_errno(dev, rules, r, "Failed to execute '%s', ignoring: %m", buf); return log_rule_error_errno(dev, rules, r, "Failed to execute '%s': %m", buf);
else /* returned value is positive when program fails */ if (r > 0) {
log_rule_debug(dev, rules, "Command \"%s\" returned %d (error), ignoring", buf, r); log_rule_debug(dev, rules, "Command \"%s\" returned %d (error), ignoring", buf, r);
return token->op == OP_NOMATCH; return token->op == OP_NOMATCH;
} }