cf3bdcfeba48ffef71f1f59e092c4fb9275dcb3a |
|
10-Feb-2016 |
Lennart Poettering <lennart@poettering.net> |
nss-mymachines: never resolve unmapped UIDs/GIDs
Don't ever permit successful user or group lookups if no UID/GID mapping is
actually applied. THis way, we can be sure that nss-mymachines cannot be used
to insert invalid cache entries into nscd's cache.
https://bugzilla.redhat.com/show_bug.cgi?id=1285339 |
b26fa1a2fbcfee7d03b0c8fd15ec3aa64ae70b9f |
|
10-Feb-2016 |
Daniel Mack <daniel@zonque.org> |
tree-wide: remove Emacs lines from all files
This should be handled fine now by .dir-locals.el, so need to carry that
stuff in every file. |
0c5eb0562abec6f845f07c30b2ad2515900ec1e5 |
|
27-Jan-2016 |
Lennart Poettering <lennart@poettering.net> |
nss: block various signals while running NSS lookups
Let's make sure our poll() calls don't get interrupted where they shouldn't (SIGALRM, ...), but allow them to be
interrupted where they should (SIGINT, ...).
Fixes #1965 |
d6ce77dbc2b4f5c91e3969726aac2a6b70bdea23 |
|
28-Nov-2015 |
Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> |
nss-mymachines: link less
This reduces libraries reported by ldd by liblzma,
liblz4, libgcrypt, libgpg-error, libacl, libidn, libseccomp. |
4afd3348c7506dd1d36305b7bcb9feb8952b9d6b |
|
27-Nov-2015 |
Lennart Poettering <lennart@poettering.net> |
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008. |
cb31827d62066a04b02111df3052949fda4b6888 |
|
23-Nov-2015 |
Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> |
nss-mymachines: do not allow overlong machine names
https://github.com/systemd/systemd/issues/2002 |
b5efdb8af40ea759a1ea584c1bc44ecc81dd00ce |
|
27-Oct-2015 |
Lennart Poettering <lennart@poettering.net> |
util-lib: split out allocation calls into alloc-util.[ch] |
b1d4f8e154bf61b5de1b27461ef8e9c8c5e838a1 |
|
26-Oct-2015 |
Lennart Poettering <lennart@poettering.net> |
util-lib: split out user/group/uid/gid calls into user-util.[ch] |
07630cea1f3a845c09309f197ac7c4f11edd3b62 |
|
24-Oct-2015 |
Lennart Poettering <lennart@poettering.net> |
util-lib: split our string related calls from util.[ch] into its own file string-util.[ch]
There are more than enough calls doing string manipulations to deserve
its own files, hence do something about it.
This patch also sorts the #include blocks of all files that needed to be
updated, according to the sorting suggestions from CODING_STYLE. Since
pretty much every file needs our string manipulation functions this
effectively means that most files have sorted #include blocks now.
Also touches a few unrelated include files. |
c077529ba6852192c464772ce907670850210dfe |
|
22-Sep-2015 |
Lennart Poettering <lennart@poettering.net> |
util: drop UID_IS_INVALID() in favour of uid_is_valid()
No need to keep both functions, settle on uid_is_valid() for everything. |
25300b5a1fcf54674a69d0f4ab08925be00b0227 |
|
24-Aug-2015 |
Lennart Poettering <lennart@poettering.net> |
util: make machine_name_is_valid() a macro and move it to hostname-util.h
As it turns out machine_name_is_valid() does the exact same thing as
hostname_is_valid() these days, as it just invoked that and checked the
name length was < 64. However, hostname_is_valid() checks the length
against HOST_NAME_MAX anyway (which is 64 on Linux), hence any
additional check is redundant.
We hence replace machine_name_is_valid() by a macro that simply maps it
to hostname_is_valid() but sets the allow_trailing_dot parameter to
false. We also move this this call to hostname-util.h, to the same place
as the hostname_is_valid() declaration. |
c01ff965b48bb9693dcd77cbc748b5d8676766b0 |
|
09-Jul-2015 |
Lennart Poettering <lennart@poettering.net> |
nss-mymachines: map userns users of containers to real user names
Given a container "foo", that maps user id $UID to container user, using
user namespaces, this NSS module extenstion will now map the $UID to a
name "vu-foo-$TUID" for the translated UID $UID.
Similar, userns groups are mapped to "vg-foo-$TGID" for translated GIDs
of $GID.
This simple change should make userns users more discoverable. Also,
given that many tools like "adduser" check NSS before allocating a UID,
should lower the chance of UID range conflicts between tools. |
03976f7b4a84b8b1492a549a3470b2bba8f37008 |
|
03-Jul-2015 |
Lennart Poettering <lennart@poettering.net> |
sd-bus: introduce new sd_bus_flush_close_unref() call
sd_bus_flush_close_unref() is a call that simply combines sd_bus_flush()
(which writes all unwritten messages out) + sd_bus_close() (which
terminates the connection, releasing all unread messages) +
sd_bus_unref() (which frees the connection).
The combination of this call is used pretty frequently in systemd tools
right before exiting, and should also be relevant for most external
clients, and is hence useful to cover in a call of its own.
Previously the combination of the three calls was already done in the
_cleanup_bus_close_unref_ macro, but this was only available internally.
Also see #327 |
66a16e7e9fc501d371b57cbe2ae5d130fe930c6d |
|
19-Sep-2014 |
Thomas Hindoe Paaboel Andersen <phomes@gmail.com> |
nss: remove dead code
c > 0 is already guaranteed from earlier checks.
We go from
ms = ALIGN(l+1) +
sizeof(char*) +
(c > 0 ? c : 1) * ALIGN(alen) +
(c > 0 ? c+1 : 2) * sizeof(char*);
to
ms = ALIGN(l+1) +
sizeof(char*) +
c * ALIGN(alen) +
(c+1) * sizeof(char*);
to
ms = ALIGN(l+1) + c * ALIGN(alen) + (c+2) * sizeof(char*);
Found by coverity. Fixes: CID#1237570 and CID#1237610 |
3a6fb33c54bc64398e0af1c9d7c74a6b614a849d |
|
04-Aug-2014 |
Lennart Poettering <lennart@poettering.net> |
machined: fix address API signatures |
249968612f16a71df909d6e73785c18a9ff36a65 |
|
04-Aug-2014 |
Lennart Poettering <lennart@poettering.net> |
bus: always explicitly close bus from main programs
Since b5eca3a2059f9399d1dc52cbcf9698674c4b1cf0 we don't attempt to GC
busses anymore when unsent messages remain that keep their reference,
when they otherwise are not referenced anymore. This means that if we
explicitly want connections to go away, we need to close them.
With this change we will no do so explicitly wherver we connect to the
bus from a main program (and thus know when the bus connection should go
away), or when we create a private bus connection, that really should go
away after our use.
This fixes connection leaks in the NSS and PAM modules. |
e70df46b9721a3d025e7a0b4ffb5893cbde5e55d |
|
01-Aug-2014 |
Lennart Poettering <lennart@poettering.net> |
nss: always explicitly reset all error variables
glibc appears to be broken if we don't explicitly reset all error
variables, let's work around that.
https://bugzilla.redhat.com/show_bug.cgi?id=1125975 |
0dd25fb9f005d8ab7ac4bc10a609d00569f8c56a |
|
18-Jul-2014 |
Lennart Poettering <lennart@poettering.net> |
change type for address family to "int"
Let's settle on a single type for all address family values, even if
UNIX is very inconsitent on the precise type otherwise. Given that
socket() is the primary entrypoint for the sockets API, and that uses
"int", and "int" is relatively simple and generic, we settle on "int"
for this. |
9d485985338a46b8cb1acdf1af6c1eb2e88acfee |
|
18-Jul-2014 |
Lennart Poettering <lennart@poettering.net> |
shared: rename PROTO_ADDRESS_SIZE() to FAMILY_ADDRESS_SIZE()
We mostly use "family" to refer to AF_INET, AF_INET6, etc, let's use
this terminology here, too |
634af5665fda8776d22624d947c8de830e30a874 |
|
17-Jul-2014 |
Lennart Poettering <lennart@poettering.net> |
sd-login: always use "indices" as plural of "index"
So far both "indexes" and "indices" was used. Let's clean this up, and
stick to indices, since it appears to be used more frequently. |
555bd6e95bf2b469306d9cd86e126c0122d0895b |
|
16-Jul-2014 |
Lennart Poettering <lennart@poettering.net> |
nss: various minor fixes to nss-myhostname + nss-mymachines |
cabb0bc6b1a4ec57e108dc99364687d7c4f9670f |
|
11-Jul-2014 |
Lennart Poettering <lennart@poettering.net> |
nss-mymachines: add new NSS module for automatically resolving addresses of all local containers |