From c08478583e1c685dbf4e218d83236df52be70ddf Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Fri, 19 Nov 2021 20:18:21 +0100 Subject: [PATCH] New upstream version 249.7 --- .github/workflows/build_test.yml | 3 + .github/workflows/cifuzz.yml | 61 +- .github/workflows/mkosi.yml | 5 + .github/workflows/unit_tests.yml | 4 + .semaphore/semaphore.yml | 5 + docs/CODING_STYLE.md | 2 +- docs/PREDICTABLE_INTERFACE_NAMES.md | 2 +- man/sd_bus_add_object.xml | 2 +- man/systemctl.xml | 4 +- man/systemd.network.xml | 1 + src/basic/mountpoint-util.c | 1 + src/binfmt/binfmt.c | 2 +- src/core/cgroup.c | 5 +- src/core/manager.h | 2 +- src/hostname/hostnamectl.c | 2 +- src/journal/journald-stream.c | 7 +- src/libsystemd/sd-bus/bus-socket.c | 4 +- src/libsystemd/sd-bus/sd-bus.c | 39 +- src/libsystemd/sd-event/event-source.h | 5 + src/libsystemd/sd-event/sd-event.c | 40 +- src/libsystemd/sd-resolve/sd-resolve.c | 6 +- src/locale/test-keymap-util.c | 2 +- src/login/logind-core.c | 4 +- src/oom/test-oomd-util.c | 6 + src/shared/creds-util.c | 954 +++++++++++++++++++++++++ src/shared/openssl-util.c | 7 +- src/shared/openssl-util.h | 1 + src/shared/user-record-show.c | 2 +- src/shared/varlink.c | 10 +- src/udev/dmi_memory_id/dmi_memory_id.c | 2 +- 30 files changed, 1085 insertions(+), 105 deletions(-) create mode 100644 src/shared/creds-util.c diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml index 486016abc..fa86236c2 100644 --- a/.github/workflows/build_test.yml +++ b/.github/workflows/build_test.yml @@ -14,6 +14,9 @@ on: jobs: build: runs-on: ubuntu-20.04 + concurrency: + group: ${{ github.workflow }}-${{ matrix.env.COMPILER }}-${{ matrix.env.COMPILER_VERSION }}-${{ github.ref }} + cancel-in-progress: true strategy: fail-fast: false matrix: diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml index 14d81a67f..8ab2a4cf5 100644 --- a/.github/workflows/cifuzz.yml +++ b/.github/workflows/cifuzz.yml @@ -16,32 +16,35 @@ on: branches: - main jobs: - Fuzzing: - runs-on: ubuntu-latest - if: github.repository == 'systemd/systemd' - strategy: - fail-fast: false - matrix: - sanitizer: [address, undefined, memory] - steps: - - name: Build Fuzzers (${{ matrix.sanitizer }}) - id: build - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master - with: - oss-fuzz-project-name: 'systemd' - dry-run: false - allowed-broken-targets-percentage: 0 - sanitizer: ${{ matrix.sanitizer }} - - name: Run Fuzzers (${{ matrix.sanitizer }}) - uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master - with: - oss-fuzz-project-name: 'systemd' - fuzz-seconds: 600 - dry-run: false - sanitizer: ${{ matrix.sanitizer }} - - name: Upload Crash - uses: actions/upload-artifact@v1 - if: failure() && steps.build.outcome == 'success' - with: - name: ${{ matrix.sanitizer }}-artifacts - path: ./out/artifacts + Fuzzing: + runs-on: ubuntu-latest + if: github.repository == 'systemd/systemd' + concurrency: + group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }} + cancel-in-progress: true + strategy: + fail-fast: false + matrix: + sanitizer: [address, undefined, memory] + steps: + - name: Build Fuzzers (${{ matrix.sanitizer }}) + id: build + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + with: + oss-fuzz-project-name: 'systemd' + dry-run: false + allowed-broken-targets-percentage: 0 + sanitizer: ${{ matrix.sanitizer }} + - name: Run Fuzzers (${{ matrix.sanitizer }}) + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: 'systemd' + fuzz-seconds: 600 + dry-run: false + sanitizer: ${{ matrix.sanitizer }} + - name: Upload Crash + uses: actions/upload-artifact@v1 + if: failure() && steps.build.outcome == 'success' + with: + name: ${{ matrix.sanitizer }}-artifacts + path: ./out/artifacts diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml index babdf7ae6..489eb0188 100644 --- a/.github/workflows/mkosi.yml +++ b/.github/workflows/mkosi.yml @@ -6,13 +6,18 @@ on: push: branches: - main + - v[0-9]+-stable pull_request: branches: - main + - v[0-9]+-stable jobs: ci: runs-on: ubuntu-20.04 + concurrency: + group: ${{ github.workflow }}-${{ matrix.distro }}-${{ github.ref }} + cancel-in-progress: true strategy: fail-fast: false matrix: diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml index ca1e6e0c3..4a19a6a1c 100644 --- a/.github/workflows/unit_tests.yml +++ b/.github/workflows/unit_tests.yml @@ -6,10 +6,14 @@ on: pull_request: branches: - main + - v[0-9]+-stable jobs: build: runs-on: ubuntu-20.04 + concurrency: + group: ${{ github.workflow }}-${{ matrix.run_phase }}-${{ github.ref }} + cancel-in-progress: true strategy: fail-fast: false matrix: diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index 06f162007..7fc38a553 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -25,3 +25,8 @@ blocks: - checkout --use-cache - .semaphore/semaphore-runner.sh SETUP - .semaphore/semaphore-runner.sh RUN + env_vars: + # Pin the debian systemd repo to a specific revision, to work around + # missing systemd/systemd#20056 in pre-v250 stable branches + - name: BRANCH + value: e138f8573a14f8f094bd6c9582bc26ed62c1347f diff --git a/docs/CODING_STYLE.md b/docs/CODING_STYLE.md index 54150e1ee..05fbb2ac9 100644 --- a/docs/CODING_STYLE.md +++ b/docs/CODING_STYLE.md @@ -287,7 +287,7 @@ layout: default with a more brutal `assert()`. We are more forgiving to public users than for ourselves! Note that `assert()` and `assert_return()` really only should be used for detecting programming errors, not for runtime errors. `assert()` and - `assert_return()` by usage of `_likely_()` inform the compiler that he should + `assert_return()` by usage of `_likely_()` inform the compiler that it should not expect these checks to fail, and they inform fellow programmers about the expected validity and range of parameters. diff --git a/docs/PREDICTABLE_INTERFACE_NAMES.md b/docs/PREDICTABLE_INTERFACE_NAMES.md index 07529e7a7..890bd3935 100644 --- a/docs/PREDICTABLE_INTERFACE_NAMES.md +++ b/docs/PREDICTABLE_INTERFACE_NAMES.md @@ -53,7 +53,7 @@ With this new scheme you now get: * The same on all distributions that adopted systemd/udev * It's easy to opt out of the scheme (see below) -Does this have any drawbacks? Yes, it does. Previously it was practically guaranteed that hosts equipped with a single ethernet card only had a single `eth0` interface. With this new scheme in place, an administrator now has to check first what the local interface name is before he can invoke commands on it where previously he had a good chance that `eth0` was the right name. +Does this have any drawbacks? Yes, it does. Previously it was practically guaranteed that hosts equipped with a single ethernet card only had a single `eth0` interface. With this new scheme in place, an administrator now has to check first what the local interface name is before they can invoke commands on it, where previously they had a good chance that `eth0` was the right name. ## I don't like this, how do I disable this? diff --git a/man/sd_bus_add_object.xml b/man/sd_bus_add_object.xml index 31a3344bb..54683e4f1 100644 --- a/man/sd_bus_add_object.xml +++ b/man/sd_bus_add_object.xml @@ -508,7 +508,7 @@ SD_BUS_VTABLE_METHOD_NO_REPLY - Mark his vtable entry as a method that will not return a reply using the + Mark this vtable entry as a method that will not return a reply using the org.freedesktop.DBus.Method.NoReply annotation in introspection data. diff --git a/man/systemctl.xml b/man/systemctl.xml index b6be21ed8..1c1490952 100644 --- a/man/systemctl.xml +++ b/man/systemctl.xml @@ -1660,8 +1660,8 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err completion is implemented for property names. For the manager itself, - systemctl show will show all available - properties. Those properties are documented in + systemctl show + will show all available properties, most of which are derived or closely match the options described in systemd-system.conf5. diff --git a/man/systemd.network.xml b/man/systemd.network.xml index 9de9816ce..7ca217b0c 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -132,6 +132,7 @@ + diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c index e7a5a9955..7e57d9a22 100644 --- a/src/basic/mountpoint-util.c +++ b/src/basic/mountpoint-util.c @@ -424,6 +424,7 @@ bool fstype_is_ro(const char *fstype) { return STR_IN_SET(fstype, "DM_verity_hash", "iso9660", + "erofs", "squashfs"); } diff --git a/src/binfmt/binfmt.c b/src/binfmt/binfmt.c index 29530bb69..981218f52 100644 --- a/src/binfmt/binfmt.c +++ b/src/binfmt/binfmt.c @@ -189,7 +189,7 @@ static int run(int argc, char *argv[]) { r = parse_argv(argc, argv); if (r <= 0) - return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; + return r; log_setup(); diff --git a/src/core/cgroup.c b/src/core/cgroup.c index 51936b7d1..79e10ca3c 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -2188,8 +2188,11 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { z = unit_attach_pid_to_cgroup_via_bus(u, pid, suffix_path); if (z < 0) log_unit_info_errno(u, z, "Couldn't move process "PID_FMT" to requested cgroup '%s' (directly or via the system bus): %m", pid, empty_to_root(p)); - else + else { + if (ret >= 0) + ret++; /* Count successful additions */ continue; /* When the bus thing worked via the bus we are fully done for this PID. */ + } } if (ret >= 0) diff --git a/src/core/manager.h b/src/core/manager.h index b3e7c68e6..14a80b396 100644 --- a/src/core/manager.h +++ b/src/core/manager.h @@ -195,7 +195,7 @@ struct Manager { sd_event *event; - /* This maps PIDs we care about to units that are interested in. We allow multiple units to he interested in + /* This maps PIDs we care about to units that are interested in. We allow multiple units to be interested in * the same PID and multiple PIDs to be relevant to the same unit. Since in most cases only a single unit will * be interested in the same PID we use a somewhat special encoding here: the first unit interested in a PID is * stored directly in the hashmap, keyed by the PID unmodified. If there are other units interested too they'll diff --git a/src/hostname/hostnamectl.c b/src/hostname/hostnamectl.c index 283038c7c..2eca5feac 100644 --- a/src/hostname/hostnamectl.c +++ b/src/hostname/hostnamectl.c @@ -442,7 +442,7 @@ static int set_hostname(int argc, char **argv, void *userdata) { * dot if there is one. If it was not valid, then it will be made fully valid by truncating, dropping * multiple dots, and dropping weird chars. Note that we clean the name up only if we also are * supposed to set the pretty name. If the pretty name is not being set we assume the user knows what - * he does and pass the name as-is. */ + * they are doing and pass the name as-is. */ h = strdup(hostname); if (!h) return log_oom(); diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c index c6720b6b1..ee0fd27f2 100644 --- a/src/journal/journald-stream.c +++ b/src/journal/journald-stream.c @@ -108,7 +108,6 @@ StdoutStream* stdout_stream_free(StdoutStream *s) { return NULL; if (s->server) { - if (s->context) client_context_release(s->server, s->context); @@ -122,11 +121,7 @@ StdoutStream* stdout_stream_free(StdoutStream *s) { (void) server_start_or_stop_idle_timer(s->server); /* Maybe we are idle now? */ } - if (s->event_source) { - sd_event_source_set_enabled(s->event_source, SD_EVENT_OFF); - s->event_source = sd_event_source_unref(s->event_source); - } - + sd_event_source_disable_unref(s->event_source); safe_close(s->fd); free(s->label); free(s->identifier); diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c index 378774fe8..09eb49c37 100644 --- a/src/libsystemd/sd-bus/bus-socket.c +++ b/src/libsystemd/sd-bus/bus-socket.c @@ -300,8 +300,8 @@ static int verify_external_token(sd_bus *b, const char *p, size_t l) { uid_t u; int r; - /* We don't do any real authentication here. Instead, we if - * the owner of this bus wanted authentication he should have + /* We don't do any real authentication here. Instead, if + * the owner of this bus wanted authentication they should have * checked SO_PEERCRED before even creating the bus object. */ if (!b->anonymous_auth && !b->ucred_valid) diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c index a32e2f5e2..ab8d4e4a6 100644 --- a/src/libsystemd/sd-bus/sd-bus.c +++ b/src/libsystemd/sd-bus/sd-bus.c @@ -62,7 +62,6 @@ static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec); static void bus_detach_io_events(sd_bus *b); -static void bus_detach_inotify_event(sd_bus *b); static thread_local sd_bus *default_system_bus = NULL; static thread_local sd_bus *default_user_bus = NULL; @@ -139,7 +138,7 @@ void bus_close_io_fds(sd_bus *b) { void bus_close_inotify_fd(sd_bus *b) { assert(b); - bus_detach_inotify_event(b); + b->inotify_event_source = sd_event_source_disable_unref(b->inotify_event_source); b->inotify_fd = safe_close(b->inotify_fd); b->inotify_watches = mfree(b->inotify_watches); @@ -3275,7 +3274,7 @@ static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec) { return e; if (need_more) - /* The caller really needs some more data, he doesn't + /* The caller really needs some more data, they don't * care about what's already read, or any timeouts * except its own. */ e |= POLLIN; @@ -3738,15 +3737,8 @@ int bus_attach_io_events(sd_bus *bus) { static void bus_detach_io_events(sd_bus *bus) { assert(bus); - if (bus->input_io_event_source) { - sd_event_source_set_enabled(bus->input_io_event_source, SD_EVENT_OFF); - bus->input_io_event_source = sd_event_source_unref(bus->input_io_event_source); - } - - if (bus->output_io_event_source) { - sd_event_source_set_enabled(bus->output_io_event_source, SD_EVENT_OFF); - bus->output_io_event_source = sd_event_source_unref(bus->output_io_event_source); - } + bus->input_io_event_source = sd_event_source_disable_unref(bus->input_io_event_source); + bus->output_io_event_source = sd_event_source_disable_unref(bus->output_io_event_source); } int bus_attach_inotify_event(sd_bus *bus) { @@ -3778,15 +3770,6 @@ int bus_attach_inotify_event(sd_bus *bus) { return 0; } -static void bus_detach_inotify_event(sd_bus *bus) { - assert(bus); - - if (bus->inotify_event_source) { - sd_event_source_set_enabled(bus->inotify_event_source, SD_EVENT_OFF); - bus->inotify_event_source = sd_event_source_unref(bus->inotify_event_source); - } -} - _public_ int sd_bus_attach_event(sd_bus *bus, sd_event *event, int priority) { int r; @@ -3851,17 +3834,9 @@ _public_ int sd_bus_detach_event(sd_bus *bus) { return 0; bus_detach_io_events(bus); - bus_detach_inotify_event(bus); - - if (bus->time_event_source) { - sd_event_source_set_enabled(bus->time_event_source, SD_EVENT_OFF); - bus->time_event_source = sd_event_source_unref(bus->time_event_source); - } - - if (bus->quit_event_source) { - sd_event_source_set_enabled(bus->quit_event_source, SD_EVENT_OFF); - bus->quit_event_source = sd_event_source_unref(bus->quit_event_source); - } + bus->inotify_event_source = sd_event_source_disable_unref(bus->inotify_event_source); + bus->time_event_source = sd_event_source_disable_unref(bus->time_event_source); + bus->quit_event_source = sd_event_source_disable_unref(bus->quit_event_source); bus->event = sd_event_unref(bus->event); return 1; diff --git a/src/libsystemd/sd-event/event-source.h b/src/libsystemd/sd-event/event-source.h index d2dc21470..7a0f14ecc 100644 --- a/src/libsystemd/sd-event/event-source.h +++ b/src/libsystemd/sd-event/event-source.h @@ -214,6 +214,11 @@ struct inotify_data { * the events locally if they can't be coalesced). */ unsigned n_pending; + /* If this counter is non-zero, don't GC the inotify data object even if not used to watch any inode + * anymore. This is useful to pin the object for a bit longer, after the last event source needing it + * is gone. */ + unsigned n_busy; + /* A linked list of all inotify objects with data already read, that still need processing. We keep this list * to make it efficient to figure out what inotify objects to process data on next. */ LIST_FIELDS(struct inotify_data, buffered); diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c index 99c0acfa5..3b4d93854 100644 --- a/src/libsystemd/sd-event/sd-event.c +++ b/src/libsystemd/sd-event/sd-event.c @@ -1820,6 +1820,29 @@ static void event_free_inode_data( free(d); } +static void event_gc_inotify_data( + sd_event *e, + struct inotify_data *d) { + + assert(e); + + /* GCs the inotify data object if we don't need it anymore. That's the case if we don't want to watch + * any inode with it anymore, which in turn happens if no event source of this priority is interested + * in any inode any longer. That said, we maintain an extra busy counter: if non-zero we'll delay GC + * (under the expectation that the GC is called again once the counter is decremented). */ + + if (!d) + return; + + if (!hashmap_isempty(d->inodes)) + return; + + if (d->n_busy > 0) + return; + + event_free_inotify_data(e, d); +} + static void event_gc_inode_data( sd_event *e, struct inode_data *d) { @@ -1837,8 +1860,7 @@ static void event_gc_inode_data( inotify_data = d->inotify_data; event_free_inode_data(e, d); - if (inotify_data && hashmap_isempty(inotify_data->inodes)) - event_free_inotify_data(e, inotify_data); + event_gc_inotify_data(e, inotify_data); } static int event_make_inode_data( @@ -3556,13 +3578,23 @@ static int source_dispatch(sd_event_source *s) { sz = offsetof(struct inotify_event, name) + d->buffer.ev.len; assert(d->buffer_filled >= sz); + /* If the inotify callback destroys the event source then this likely means we don't need to + * watch the inode anymore, and thus also won't need the inotify object anymore. But if we'd + * free it immediately, then we couldn't drop the event from the inotify event queue without + * memory corruption anymore, as below. Hence, let's not free it immediately, but mark it + * "busy" with a counter (which will ensure it's not GC'ed away prematurely). Let's then + * explicitly GC it after we are done dropping the inotify event from the buffer. */ + d->n_busy++; r = s->inotify.callback(s, &d->buffer.ev, s->userdata); + d->n_busy--; - /* When no event is pending anymore on this inotify object, then let's drop the event from the - * buffer. */ + /* When no event is pending anymore on this inotify object, then let's drop the event from + * the inotify event queue buffer. */ if (d->n_pending == 0) event_inotify_data_drop(e, d, sz); + /* Now we don't want to access 'd' anymore, it's OK to GC now. */ + event_gc_inotify_data(e, d); break; } diff --git a/src/libsystemd/sd-resolve/sd-resolve.c b/src/libsystemd/sd-resolve/sd-resolve.c index ee973c069..073b658d3 100644 --- a/src/libsystemd/sd-resolve/sd-resolve.c +++ b/src/libsystemd/sd-resolve/sd-resolve.c @@ -1285,11 +1285,7 @@ _public_ int sd_resolve_detach_event(sd_resolve *resolve) { if (!resolve->event) return 0; - if (resolve->event_source) { - sd_event_source_set_enabled(resolve->event_source, SD_EVENT_OFF); - resolve->event_source = sd_event_source_unref(resolve->event_source); - } - + resolve->event_source = sd_event_source_disable_unref(resolve->event_source); resolve->event = sd_event_unref(resolve->event); return 1; } diff --git a/src/locale/test-keymap-util.c b/src/locale/test-keymap-util.c index a5d40af44..f726e8e52 100644 --- a/src/locale/test-keymap-util.c +++ b/src/locale/test-keymap-util.c @@ -196,11 +196,11 @@ int main(int argc, char **argv) { test_find_language_fallback(); test_find_converted_keymap(); - test_find_legacy_keymap(); assert_se(get_testdata_dir("test-keymap-util/kbd-model-map", &map) >= 0); assert_se(setenv("SYSTEMD_KBD_MODEL_MAP", map, 1) == 0); + test_find_legacy_keymap(); test_vconsole_convert_to_x11(); test_x11_convert_to_vconsole(); diff --git a/src/login/logind-core.c b/src/login/logind-core.c index 22031f485..e08929e52 100644 --- a/src/login/logind-core.c +++ b/src/login/logind-core.c @@ -707,7 +707,9 @@ int manager_read_utmp(Manager *m) { errno = 0; u = getutxent(); if (!u) { - if (errno != 0) + if (errno == ENOENT) + log_debug_errno(errno, _PATH_UTMPX " does not exist, ignoring."); + else if (errno != 0) log_warning_errno(errno, "Failed to read " _PATH_UTMPX ", ignoring: %m"); return 0; } diff --git a/src/oom/test-oomd-util.c b/src/oom/test-oomd-util.c index 776c65820..29f2c54ab 100644 --- a/src/oom/test-oomd-util.c +++ b/src/oom/test-oomd-util.c @@ -90,6 +90,7 @@ static void test_oomd_cgroup_context_acquire_and_insert(void) { _cleanup_free_ char *cgroup = NULL; ManagedOOMPreference root_pref; OomdCGroupContext *c1, *c2; + CGroupMask mask; bool test_xattrs; int root_xattrs, r; @@ -102,6 +103,11 @@ static void test_oomd_cgroup_context_acquire_and_insert(void) { if (cg_all_unified() <= 0) return (void) log_tests_skipped("cgroups are not running in unified mode"); + assert_se(cg_mask_supported(&mask) >= 0); + + if (!FLAGS_SET(mask, CGROUP_MASK_MEMORY)) + return (void) log_tests_skipped("cgroup memory controller is not available"); + assert_se(cg_pid_get_path(NULL, 0, &cgroup) >= 0); /* If we don't have permissions to set xattrs we're likely in a userns or missing capabilities diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c new file mode 100644 index 000000000..b764198b7 --- /dev/null +++ b/src/shared/creds-util.c @@ -0,0 +1,954 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ + +#include + +#if HAVE_OPENSSL +#include +#endif + +#include "sd-id128.h" + +#include "blockdev-util.h" +#include "chattr-util.h" +#include "creds-util.h" +#include "env-util.h" +#include "fd-util.h" +#include "fileio.h" +#include "fs-util.h" +#include "io-util.h" +#include "memory-util.h" +#include "mkdir.h" +#include "openssl-util.h" +#include "path-util.h" +#include "random-util.h" +#include "sparse-endian.h" +#include "stat-util.h" +#include "tpm2-util.h" +#include "virt.h" + +bool credential_name_valid(const char *s) { + /* We want that credential names are both valid in filenames (since that's our primary way to pass + * them around) and as fdnames (which is how we might want to pass them around eventually) */ + return filename_is_valid(s) && fdname_is_valid(s); +} + +int get_credentials_dir(const char **ret) { + const char *e; + + assert(ret); + + e = secure_getenv("CREDENTIALS_DIRECTORY"); + if (!e) + return -ENXIO; + + if (!path_is_absolute(e) || !path_is_normalized(e)) + return -EINVAL; + + *ret = e; + return 0; +} + +int read_credential(const char *name, void **ret, size_t *ret_size) { + _cleanup_free_ char *fn = NULL; + const char *d; + int r; + + assert(ret); + + if (!credential_name_valid(name)) + return -EINVAL; + + r = get_credentials_dir(&d); + if (r < 0) + return r; + + fn = path_join(d, name); + if (!fn) + return -ENOMEM; + + return read_full_file_full( + AT_FDCWD, fn, + UINT64_MAX, SIZE_MAX, + READ_FULL_FILE_SECURE, + NULL, + (char**) ret, ret_size); +} + +#if HAVE_OPENSSL + +#define CREDENTIAL_HOST_SECRET_SIZE 4096 + +static const sd_id128_t credential_app_id = + SD_ID128_MAKE(d3,ac,ec,ba,0d,ad,4c,df,b8,c9,38,15,28,93,6c,58); + +struct credential_host_secret_format { + /* The hashed machine ID of the machine this belongs to. Why? We want to ensure that each machine + * gets its own secret, even if people forget to flush out this secret file. Hence we bind it to the + * machine ID, for which there's hopefully a better chance it will be flushed out. We use a hashed + * machine ID instead of the literal one, because it's trivial to, and it might be a good idea not + * being able to directly associate a secret key file with a host. */ + sd_id128_t machine_id; + + /* The actual secret key */ + uint8_t data[CREDENTIAL_HOST_SECRET_SIZE]; +} _packed_; + +static int make_credential_host_secret( + int dfd, + const sd_id128_t machine_id, + const char *fn, + void **ret_data, + size_t *ret_size) { + + struct credential_host_secret_format buf; + _cleanup_free_ char *t = NULL; + _cleanup_close_ int fd = -1; + int r; + + assert(dfd >= 0); + assert(fn); + + fd = openat(dfd, ".", O_CLOEXEC|O_WRONLY|O_TMPFILE, 0400); + if (fd < 0) { + log_debug_errno(errno, "Failed to create temporary credential file with O_TMPFILE, proceeding without: %m"); + + if (asprintf(&t, "credential.secret.%016" PRIx64, random_u64()) < 0) + return -ENOMEM; + + fd = openat(dfd, t, O_CLOEXEC|O_WRONLY|O_CREAT|O_EXCL|O_NOFOLLOW, 0400); + if (fd < 0) + return -errno; + } + + r = chattr_secret(fd, 0); + if (r < 0) + log_debug_errno(r, "Failed to set file attributes for secrets file, ignoring: %m"); + + buf = (struct credential_host_secret_format) { + .machine_id = machine_id, + }; + + r = genuine_random_bytes(buf.data, sizeof(buf.data), RANDOM_BLOCK); + if (r < 0) + goto finish; + + r = loop_write(fd, &buf, sizeof(buf), false); + if (r < 0) + goto finish; + + if (fsync(fd) < 0) { + r = -errno; + goto finish; + } + + if (t) { + r = rename_noreplace(dfd, t, dfd, fn); + if (r < 0) + goto finish; + + t = mfree(t); + } else if (linkat(fd, "", dfd, fn, AT_EMPTY_PATH) < 0) { + r = -errno; + goto finish; + } + + if (fsync(dfd) < 0) { + r = -errno; + goto finish; + } + + if (ret_data) { + void *copy; + + copy = memdup(buf.data, sizeof(buf.data)); + if (!copy) { + r = -ENOMEM; + goto finish; + } + + *ret_data = copy; + } + + if (ret_size) + *ret_size = sizeof(buf.data); + + r = 0; + +finish: + if (t && unlinkat(dfd, t, 0) < 0) + log_debug_errno(errno, "Failed to remove temporary credential key: %m"); + + explicit_bzero_safe(&buf, sizeof(buf)); + return r; +} + +int get_credential_host_secret(CredentialSecretFlags flags, void **ret, size_t *ret_size) { + _cleanup_free_ char *efn = NULL, *ep = NULL; + _cleanup_close_ int dfd = -1; + sd_id128_t machine_id; + const char *e, *fn, *p; + int r; + + r = sd_id128_get_machine_app_specific(credential_app_id, &machine_id); + if (r < 0) + return r; + + e = secure_getenv("SYSTEMD_CREDENTIAL_SECRET"); + if (e) { + if (!path_is_normalized(e)) + return -EINVAL; + if (!path_is_absolute(e)) + return -EINVAL; + + r = path_extract_directory(e, &ep); + if (r < 0) + return r; + + r = path_extract_filename(e, &efn); + if (r < 0) + return r; + + p = ep; + fn = efn; + } else { + p = "/var/lib/systemd"; + fn = "credential.secret"; + } + + (void) mkdir_p(p, 0755); + dfd = open(p, O_CLOEXEC|O_DIRECTORY|O_RDONLY); + if (dfd < 0) + return -errno; + + if (FLAGS_SET(flags, CREDENTIAL_SECRET_FAIL_ON_TEMPORARY_FS)) { + r = fd_is_temporary_fs(dfd); + if (r < 0) + return r; + if (r > 0) + return -ENOMEDIUM; + } + + for (unsigned attempt = 0;; attempt++) { + _cleanup_(erase_and_freep) struct credential_host_secret_format *f = NULL; + _cleanup_close_ int fd = -1; + size_t l = 0; + ssize_t n = 0; + struct stat st; + + if (attempt >= 3) /* Somebody is playing games with us */ + return -EIO; + + fd = openat(dfd, fn, O_CLOEXEC|O_RDONLY|O_NOCTTY|O_NOFOLLOW); + if (fd < 0) { + if (errno != ENOENT || !FLAGS_SET(flags, CREDENTIAL_SECRET_GENERATE)) + return -errno; + + r = make_credential_host_secret(dfd, machine_id, fn, ret, ret_size); + if (r == -EEXIST) { + log_debug_errno(r, "Credential secret was created while we were creating it. Trying to read new secret."); + continue; + } + if (r < 0) + return r; + + return 0; + } + + if (fstat(fd, &st) < 0) + return -errno; + + r = stat_verify_regular(&st); + if (r < 0) + return r; + if (st.st_nlink == 0) /* Deleted by now, try again */ + continue; + if (st.st_nlink > 1) + return -EPERM; /* Our deletion check won't work if hardlinked somewhere else */ + if ((st.st_mode & 07777) != 0400) /* Don't use file if not 0400 access mode */ + return -EPERM; + if (st.st_size > 16*1024*1024) + return -E2BIG; + l = st.st_size; + if (l < offsetof(struct credential_host_secret_format, data) + 1) + return -EINVAL; + + f = malloc(l+1); + if (!f) + return -ENOMEM; + + n = read(fd, f, l+1); + if (n < 0) + return -errno; + if ((size_t) n != l) /* What? The size changed? */ + return -EIO; + + if (sd_id128_equal(machine_id, f->machine_id)) { + size_t sz; + + if (FLAGS_SET(flags, CREDENTIAL_SECRET_WARN_NOT_ENCRYPTED)) { + r = fd_is_encrypted(fd); + if (r < 0) + log_debug_errno(r, "Failed to determine if credential secret file '%s/%s' is encrypted.", p, fn); + else if (r == 0) + log_warning("Credential secret file '%s/%s' is not located on encrypted media, using anyway.", p, fn); + } + + sz = l - offsetof(struct credential_host_secret_format, data); + assert(sz > 0); + + if (ret) { + void *copy; + + assert(sz <= sizeof(f->data)); /* Ensure we don't read past f->data bounds */ + + copy = memdup(f->data, sz); + if (!copy) + return -ENOMEM; + + *ret = copy; + } + + if (ret_size) + *ret_size = sz; + + return 0; + } + + /* Hmm, this secret is from somewhere else. Let's delete the file. Let's first acquire a lock + * to ensure we are the only ones accessing the file while we delete it. */ + + if (flock(fd, LOCK_EX) < 0) + return -errno; + + /* Before we delete it check that the file is still linked into the file system */ + if (fstat(fd, &st) < 0) + return -errno; + if (st.st_nlink == 0) /* Already deleted by now? */ + continue; + if (st.st_nlink != 1) /* Safety check, someone is playing games with us */ + return -EPERM; + + if (unlinkat(dfd, fn, 0) < 0) + return -errno; + + /* And now try again */ + } +} + +/* Construction is like this: + * + * A symmetric encryption key is derived from: + * + * 1. Either the "host" key (a key stored in /var/lib/credential.secret) + * + * 2. A key generated by letting the TPM2 calculate an HMAC hash of some nonce we pass to it, keyed + * by a key derived from its internal seed key. + * + * 3. The concatenation of the above. + * + * The above is hashed with SHA256 which is then used as encryption key for AES256-GCM. The encrypted + * credential is a short (unencrypted) header describing which of the three keys to use, the IV to use for + * AES256-GCM and some more meta information (sizes of certain objects) that is strictly speaking redundant, + * but kinda nice to have since we can have a more generic parser. If the TPM2 key is used this is followed + * by another (unencrypted) header, with information about the TPM2 policy used (specifically: the PCR mask + * to bind against, and a hash of the resulting policy — the latter being redundant, but speeding up things a + * bit, since we can more quickly refuse PCR state), followed by a sealed/exported TPM2 HMAC key. This is + * then followed by the encrypted data, which begins with a metadata header (which contains validity + * timestamps as well as the credential name), followed by the actual credential payload. The file ends in + * the AES256-GCM tag. To make things simple, the AES256-GCM AAD covers the main and the TPM2 header in + * full. This means the whole file is either protected by AAD, or is ciphertext, or is the tag. No + * unprotected data is included. + */ + +struct _packed_ encrypted_credential_header { + sd_id128_t id; + le32_t key_size; + le32_t block_size; + le32_t iv_size; + le32_t tag_size; + uint8_t iv[]; + /* Followed by NUL bytes until next 8 byte boundary */ +}; + +struct _packed_ tpm2_credential_header { + le64_t pcr_mask; /* Note that the spec for PC Clients only mandates 24 PCRs, and that's what systems + * generally have. But keep the door open for more. */ + le16_t pcr_bank; /* For now, either TPM2_ALG_SHA256 or TPM2_ALG_SHA1 */ + le16_t primary_alg; /* Primary key algorithm (either TPM2_ALG_RSA or TPM2_ALG_ECC for now) */ + le32_t blob_size; + le32_t policy_hash_size; + uint8_t policy_hash_and_blob[]; + /* Followed by NUL bytes until next 8 byte boundary */ +}; + +struct _packed_ metadata_credential_header { + le64_t timestamp; + le64_t not_after; + le32_t name_size; + char name[]; + /* Followed by NUL bytes until next 8 byte boundary */ +}; + +/* Some generic limit for parts of the encrypted credential for which we don't know the right size ahead of + * time, but where we are really sure it won't be larger than this. Should be larger than any possible IV, + * padding, tag size and so on. This is purely used for early filtering out of invalid sizes. */ +#define CREDENTIAL_FIELD_SIZE_MAX (16U*1024U) + +static int sha256_hash_host_and_tpm2_key( + const void *host_key, + size_t host_key_size, + const void *tpm2_key, + size_t tpm2_key_size, + uint8_t ret[static SHA256_DIGEST_LENGTH]) { + + _cleanup_(EVP_MD_CTX_freep) EVP_MD_CTX *md = NULL; + unsigned l; + + assert(host_key_size == 0 || host_key); + assert(tpm2_key_size == 0 || tpm2_key); + assert(ret); + + /* Combines the host key and the TPM2 HMAC hash into a SHA256 hash value we'll use as symmetric encryption key. */ + + md = EVP_MD_CTX_new(); + if (!md) + return log_oom(); + + if (EVP_DigestInit_ex(md, EVP_sha256(), NULL) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initial SHA256 context."); + + if (host_key && EVP_DigestUpdate(md, host_key, host_key_size) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to hash host key."); + + if (tpm2_key && EVP_DigestUpdate(md, tpm2_key, tpm2_key_size) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to hash TPM2 key."); + + assert(EVP_MD_CTX_size(md) == SHA256_DIGEST_LENGTH); + + if (EVP_DigestFinal_ex(md, ret, &l) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to finalize SHA256 hash."); + + assert(l == SHA256_DIGEST_LENGTH); + return 0; +} + +int encrypt_credential_and_warn( + sd_id128_t with_key, + const char *name, + usec_t timestamp, + usec_t not_after, + const char *tpm2_device, + uint32_t tpm2_pcr_mask, + const void *input, + size_t input_size, + void **ret, + size_t *ret_size) { + + _cleanup_(EVP_CIPHER_CTX_freep) EVP_CIPHER_CTX *context = NULL; + _cleanup_(erase_and_freep) void *host_key = NULL, *tpm2_key = NULL; + size_t host_key_size = 0, tpm2_key_size = 0, tpm2_blob_size = 0, tpm2_policy_hash_size = 0, output_size, p, ml; + _cleanup_free_ void *tpm2_blob = NULL, *tpm2_policy_hash = NULL, *iv = NULL, *output = NULL; + _cleanup_free_ struct metadata_credential_header *m = NULL; + uint16_t tpm2_pcr_bank = 0, tpm2_primary_alg = 0; + struct encrypted_credential_header *h; + int ksz, bsz, ivsz, tsz, added, r; + uint8_t md[SHA256_DIGEST_LENGTH]; + const EVP_CIPHER *cc; +#if HAVE_TPM2 + bool try_tpm2 = false; +#endif + sd_id128_t id; + + assert(input || input_size == 0); + assert(ret); + assert(ret_size); + + if (name && !credential_name_valid(name)) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid credential name: %s", name); + + if (not_after != USEC_INFINITY && timestamp != USEC_INFINITY && not_after < timestamp) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Credential is invalidated before it is valid (" USEC_FMT " < " USEC_FMT ").", not_after, timestamp); + + if (DEBUG_LOGGING) { + char buf[FORMAT_TIMESTAMP_MAX]; + + if (name) + log_debug("Including credential name '%s' in encrypted credential.", name); + if (timestamp != USEC_INFINITY) + log_debug("Including timestamp '%s' in encrypted credential.", format_timestamp(buf, sizeof(buf), timestamp)); + if (not_after != USEC_INFINITY) + log_debug("Including not-after timestamp '%s' in encrypted credential.", format_timestamp(buf, sizeof(buf), not_after)); + } + + if (sd_id128_is_null(with_key) || + sd_id128_in_set(with_key, CRED_AES256_GCM_BY_HOST, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC)) { + + r = get_credential_host_secret( + CREDENTIAL_SECRET_GENERATE| + CREDENTIAL_SECRET_WARN_NOT_ENCRYPTED| + (sd_id128_is_null(with_key) ? CREDENTIAL_SECRET_FAIL_ON_TEMPORARY_FS : 0), + &host_key, + &host_key_size); + if (r == -ENOMEDIUM && sd_id128_is_null(with_key)) + log_debug_errno(r, "Credential host secret location on temporary file system, not using."); + else if (r < 0) + return log_error_errno(r, "Failed to determine local credential host secret: %m"); + } + +#if HAVE_TPM2 + if (sd_id128_is_null(with_key)) { + /* If automatic mode is selected and we are running in a container, let's not try TPM2. OTOH + * if user picks TPM2 explicitly, let's always honour the request and try. */ + + r = detect_container(); + if (r < 0) + log_debug_errno(r, "Failed to determine whether we are running in a container, ignoring: %m"); + else if (r > 0) + log_debug("Running in container, not attempting to use TPM2."); + + try_tpm2 = r <= 0; + } + + if (try_tpm2 || + sd_id128_in_set(with_key, CRED_AES256_GCM_BY_TPM2_HMAC, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC)) { + + r = tpm2_seal(tpm2_device, + tpm2_pcr_mask, + &tpm2_key, + &tpm2_key_size, + &tpm2_blob, + &tpm2_blob_size, + &tpm2_policy_hash, + &tpm2_policy_hash_size, + &tpm2_pcr_bank, + &tpm2_primary_alg); + if (r < 0) { + if (!sd_id128_is_null(with_key)) + return r; + + log_debug_errno(r, "TPM2 sealing didn't work, not using: %m"); + } + + assert(tpm2_blob_size <= CREDENTIAL_FIELD_SIZE_MAX); + assert(tpm2_policy_hash_size <= CREDENTIAL_FIELD_SIZE_MAX); + } +#endif + + if (sd_id128_is_null(with_key)) { + /* Let's settle the key type in auto mode now. */ + + if (host_key && tpm2_key) + id = CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC; + else if (tpm2_key) + id = CRED_AES256_GCM_BY_TPM2_HMAC; + else if (host_key) + id = CRED_AES256_GCM_BY_HOST; + else + return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), + "TPM2 not available and host key located on temporary file system, no encryption key available."); + } else + id = with_key; + + /* Let's now take the host key and the TPM2 key and hash it together, to use as encryption key for the data */ + r = sha256_hash_host_and_tpm2_key(host_key, host_key_size, tpm2_key, tpm2_key_size, md); + if (r < 0) + return r; + + assert_se(cc = EVP_aes_256_gcm()); + + ksz = EVP_CIPHER_key_length(cc); + assert(ksz == sizeof(md)); + + bsz = EVP_CIPHER_block_size(cc); + assert(bsz > 0); + assert((size_t) bsz <= CREDENTIAL_FIELD_SIZE_MAX); + + ivsz = EVP_CIPHER_iv_length(cc); + if (ivsz > 0) { + assert((size_t) ivsz <= CREDENTIAL_FIELD_SIZE_MAX); + + iv = malloc(ivsz); + if (!iv) + return log_oom(); + + r = genuine_random_bytes(iv, ivsz, RANDOM_BLOCK); + if (r < 0) + return log_error_errno(r, "Failed to acquired randomized IV: %m"); + } + + tsz = 16; /* FIXME: On OpenSSL 3 there is EVP_CIPHER_CTX_get_tag_length(), until then let's hardcode this */ + + context = EVP_CIPHER_CTX_new(); + if (!context) + return log_error_errno(SYNTHETIC_ERRNO(ENOMEM), "Failed to allocate encryption object: %s", + ERR_error_string(ERR_get_error(), NULL)); + + if (EVP_EncryptInit_ex(context, cc, NULL, md, iv) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initialize encryption context: %s", + ERR_error_string(ERR_get_error(), NULL)); + + /* Just an upper estimate */ + output_size = + ALIGN8(offsetof(struct encrypted_credential_header, iv) + ivsz) + + ALIGN8(tpm2_key ? offsetof(struct tpm2_credential_header, policy_hash_and_blob) + tpm2_blob_size + tpm2_policy_hash_size : 0) + + ALIGN8(offsetof(struct metadata_credential_header, name) + strlen_ptr(name)) + + input_size + 2U * (size_t) bsz + + tsz; + + output = malloc0(output_size); + if (!output) + return log_oom(); + + h = (struct encrypted_credential_header*) output; + h->id = id; + h->block_size = htole32(bsz); + h->key_size = htole32(ksz); + h->tag_size = htole32(tsz); + h->iv_size = htole32(ivsz); + memcpy(h->iv, iv, ivsz); + + p = ALIGN8(offsetof(struct encrypted_credential_header, iv) + ivsz); + + if (tpm2_key) { + struct tpm2_credential_header *t; + + t = (struct tpm2_credential_header*) ((uint8_t*) output + p); + t->pcr_mask = htole64(tpm2_pcr_mask); + t->pcr_bank = htole16(tpm2_pcr_bank); + t->primary_alg = htole16(tpm2_primary_alg); + t->blob_size = htole32(tpm2_blob_size); + t->policy_hash_size = htole32(tpm2_policy_hash_size); + memcpy(t->policy_hash_and_blob, tpm2_blob, tpm2_blob_size); + memcpy(t->policy_hash_and_blob + tpm2_blob_size, tpm2_policy_hash, tpm2_policy_hash_size); + + p += ALIGN8(offsetof(struct tpm2_credential_header, policy_hash_and_blob) + tpm2_blob_size + tpm2_policy_hash_size); + } + + /* Pass the encrypted + TPM2 header as AAD */ + if (EVP_EncryptUpdate(context, NULL, &added, output, p) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to write AAD data: %s", + ERR_error_string(ERR_get_error(), NULL)); + + /* Now construct the metadata header */ + ml = strlen_ptr(name); + m = malloc0(ALIGN8(offsetof(struct metadata_credential_header, name) + ml)); + if (!m) + return log_oom(); + + m->timestamp = htole64(timestamp); + m->not_after = htole64(not_after); + m->name_size = htole32(ml); + memcpy_safe(m->name, name, ml); + + /* And encrypt the metadata header */ + if (EVP_EncryptUpdate(context, (uint8_t*) output + p, &added, (const unsigned char*) m, ALIGN8(offsetof(struct metadata_credential_header, name) + ml)) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to encrypt metadata header: %s", + ERR_error_string(ERR_get_error(), NULL)); + + assert(added >= 0); + assert((size_t) added <= output_size - p); + p += added; + + /* Then encrypt the plaintext */ + if (EVP_EncryptUpdate(context, (uint8_t*) output + p, &added, input, input_size) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to encrypt data: %s", + ERR_error_string(ERR_get_error(), NULL)); + + assert(added >= 0); + assert((size_t) added <= output_size - p); + p += added; + + /* Finalize */ + if (EVP_EncryptFinal_ex(context, (uint8_t*) output + p, &added) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to finalize data encryption: %s", + ERR_error_string(ERR_get_error(), NULL)); + + assert(added >= 0); + assert((size_t) added <= output_size - p); + p += added; + + assert(p <= output_size - tsz); + + /* Append tag */ + if (EVP_CIPHER_CTX_ctrl(context, EVP_CTRL_GCM_GET_TAG, tsz, (uint8_t*) output + p) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to get tag: %s", + ERR_error_string(ERR_get_error(), NULL)); + + p += tsz; + assert(p <= output_size); + + if (DEBUG_LOGGING && input_size > 0) { + size_t base64_size; + + base64_size = DIV_ROUND_UP(p * 4, 3); /* Include base64 size increase in debug output */ + assert(base64_size >= input_size); + log_debug("Input of %zu bytes grew to output of %zu bytes (+%2zu%%).", input_size, base64_size, base64_size * 100 / input_size - 100); + } + + *ret = TAKE_PTR(output); + *ret_size = p; + + return 0; +} + +int decrypt_credential_and_warn( + const char *validate_name, + usec_t validate_timestamp, + const char *tpm2_device, + const void *input, + size_t input_size, + void **ret, + size_t *ret_size) { + + _cleanup_(erase_and_freep) void *host_key = NULL, *tpm2_key = NULL, *plaintext = NULL; + _cleanup_(EVP_CIPHER_CTX_freep) EVP_CIPHER_CTX *context = NULL; + size_t host_key_size = 0, tpm2_key_size = 0, plaintext_size, p, hs; + struct encrypted_credential_header *h; + struct metadata_credential_header *m; + uint8_t md[SHA256_DIGEST_LENGTH]; + bool with_tpm2, with_host_key; + const EVP_CIPHER *cc; + int r, added; + + assert(input || input_size == 0); + assert(ret); + assert(ret_size); + + h = (struct encrypted_credential_header*) input; + + /* The ID must fit in, for the current and all future formats */ + if (input_size < sizeof(h->id)) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Encrypted file too short."); + + with_host_key = sd_id128_in_set(h->id, CRED_AES256_GCM_BY_HOST, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC); + with_tpm2 = sd_id128_in_set(h->id, CRED_AES256_GCM_BY_TPM2_HMAC, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC); + + if (!with_host_key && !with_tpm2) + return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Unknown encryption format, or corrupted data: %m"); + + /* Now we know the minimum header size */ + if (input_size < offsetof(struct encrypted_credential_header, iv)) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Encrypted file too short."); + + /* Verify some basic header values */ + if (le32toh(h->key_size) != sizeof(md)) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected key size in header."); + if (le32toh(h->block_size) <= 0 || le32toh(h->block_size) > CREDENTIAL_FIELD_SIZE_MAX) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected block size in header."); + if (le32toh(h->iv_size) > CREDENTIAL_FIELD_SIZE_MAX) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "IV size too large."); + if (le32toh(h->tag_size) != 16) /* FIXME: On OpenSSL 3, let's verify via EVP_CIPHER_CTX_get_tag_length() */ + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected tag size in header."); + + /* Ensure we have space for the full header now (we don't know the size of the name hence this is a + * lower limit only) */ + if (input_size < + ALIGN8(offsetof(struct encrypted_credential_header, iv) + le32toh(h->iv_size)) + + ALIGN8((with_tpm2 ? offsetof(struct tpm2_credential_header, policy_hash_and_blob) : 0)) + + ALIGN8(offsetof(struct metadata_credential_header, name)) + + le32toh(h->tag_size)) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Encrypted file too short."); + + p = ALIGN8(offsetof(struct encrypted_credential_header, iv) + le32toh(h->iv_size)); + + if (with_tpm2) { +#if HAVE_TPM2 + struct tpm2_credential_header* t = (struct tpm2_credential_header*) ((uint8_t*) input + p); + + if (le64toh(t->pcr_mask) >= (UINT64_C(1) << TPM2_PCRS_MAX)) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 PCR mask out of range."); + if (!tpm2_pcr_bank_to_string(le16toh(t->pcr_bank))) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 PCR bank invalid or not supported"); + if (!tpm2_primary_alg_to_string(le16toh(t->primary_alg))) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 primary key algorithm invalid or not supported."); + if (le32toh(t->blob_size) > CREDENTIAL_FIELD_SIZE_MAX) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected TPM2 blob size."); + if (le32toh(t->policy_hash_size) > CREDENTIAL_FIELD_SIZE_MAX) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected TPM2 policy hash size."); + + /* Ensure we have space for the full TPM2 header now (still don't know the name, and its size + * though, hence still just a lower limit test only) */ + if (input_size < + ALIGN8(offsetof(struct encrypted_credential_header, iv) + le32toh(h->iv_size)) + + ALIGN8(offsetof(struct tpm2_credential_header, policy_hash_and_blob) + le32toh(t->blob_size) + le32toh(t->policy_hash_size)) + + ALIGN8(offsetof(struct metadata_credential_header, name)) + + le32toh(h->tag_size)) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Encrypted file too short."); + + r = tpm2_unseal(tpm2_device, + le64toh(t->pcr_mask), + le16toh(t->pcr_bank), + le16toh(t->primary_alg), + t->policy_hash_and_blob, + le32toh(t->blob_size), + t->policy_hash_and_blob + le32toh(t->blob_size), + le32toh(t->policy_hash_size), + &tpm2_key, + &tpm2_key_size); + if (r < 0) + return r; + + p += ALIGN8(offsetof(struct tpm2_credential_header, policy_hash_and_blob) + + le32toh(t->blob_size) + + le32toh(t->policy_hash_size)); +#else + return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Credential requires TPM2 support, but TPM2 support not available."); +#endif + } + + if (with_host_key) { + r = get_credential_host_secret( + 0, + &host_key, + &host_key_size); + if (r < 0) + return log_error_errno(r, "Failed to determine local credential key: %m"); + } + + sha256_hash_host_and_tpm2_key(host_key, host_key_size, tpm2_key, tpm2_key_size, md); + + assert_se(cc = EVP_aes_256_gcm()); + + /* Make sure cipher expectations match the header */ + if (EVP_CIPHER_key_length(cc) != (int) le32toh(h->key_size)) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected key size in header."); + if (EVP_CIPHER_block_size(cc) != (int) le32toh(h->block_size)) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected block size in header."); + + context = EVP_CIPHER_CTX_new(); + if (!context) + return log_error_errno(SYNTHETIC_ERRNO(ENOMEM), "Failed to allocate decryption object: %s", + ERR_error_string(ERR_get_error(), NULL)); + + if (EVP_DecryptInit_ex(context, cc, NULL, NULL, NULL) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initialize decryption context: %s", + ERR_error_string(ERR_get_error(), NULL)); + + if (EVP_CIPHER_CTX_ctrl(context, EVP_CTRL_GCM_SET_IVLEN, le32toh(h->iv_size), NULL) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to set IV size on decryption context: %s", + ERR_error_string(ERR_get_error(), NULL)); + + if (EVP_DecryptInit_ex(context, NULL, NULL, md, h->iv) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to set IV and key: %s", + ERR_error_string(ERR_get_error(), NULL)); + + if (EVP_DecryptUpdate(context, NULL, &added, input, p) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to write AAD data: %s", + ERR_error_string(ERR_get_error(), NULL)); + + plaintext = malloc(input_size - p - le32toh(h->tag_size)); + if (!plaintext) + return -ENOMEM; + + if (EVP_DecryptUpdate( + context, + plaintext, + &added, + (uint8_t*) input + p, + input_size - p - le32toh(h->tag_size)) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to decrypt data: %s", + ERR_error_string(ERR_get_error(), NULL)); + + assert(added >= 0); + assert((size_t) added <= input_size - p - le32toh(h->tag_size)); + plaintext_size = added; + + if (EVP_CIPHER_CTX_ctrl(context, EVP_CTRL_GCM_SET_TAG, le32toh(h->tag_size), (uint8_t*) input + input_size - le32toh(h->tag_size)) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to set tag: %s", + ERR_error_string(ERR_get_error(), NULL)); + + if (EVP_DecryptFinal_ex(context, (uint8_t*) plaintext + plaintext_size, &added) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Decryption failed (incorrect key?): %s", + ERR_error_string(ERR_get_error(), NULL)); + + plaintext_size += added; + + if (plaintext_size < ALIGN8(offsetof(struct metadata_credential_header, name))) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Metadata header incomplete."); + + m = plaintext; + + if (le64toh(m->timestamp) != USEC_INFINITY && + le64toh(m->not_after) != USEC_INFINITY && + le64toh(m->timestamp) >= le64toh(m->not_after)) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Timestamps of credential are not in order, refusing."); + + if (le32toh(m->name_size) > CREDENTIAL_NAME_MAX) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Embedded credential name too long, refusing."); + + hs = ALIGN8(offsetof(struct metadata_credential_header, name) + le32toh(m->name_size)); + if (plaintext_size < hs) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Metadata header incomplete."); + + if (le32toh(m->name_size) > 0) { + _cleanup_free_ char *embedded_name = NULL; + + if (memchr(m->name, 0, le32toh(m->name_size))) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Embedded credential name contains NUL byte, refusing."); + + embedded_name = memdup_suffix0(m->name, le32toh(m->name_size)); + if (!embedded_name) + return log_oom(); + + if (!credential_name_valid(embedded_name)) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Embedded credential name is not valid, refusing."); + + if (validate_name && !streq(embedded_name, validate_name)) { + + r = getenv_bool_secure("SYSTEMD_CREDENTIAL_VALIDATE_NAME"); + if (r < 0 && r != -ENXIO) + log_debug_errno(r, "Failed to parse $SYSTEMD_CREDENTIAL_VALIDATE_NAME: %m"); + if (r != 0) + return log_error_errno(SYNTHETIC_ERRNO(EREMOTE), "Embedded credential name '%s' does not match filename '%s', refusing.", embedded_name, validate_name); + + log_debug("Embedded credential name '%s' does not match expected name '%s', but configured to use credential anyway.", embedded_name, validate_name); + } + } + + if (validate_timestamp != USEC_INFINITY) { + if (le64toh(m->timestamp) != USEC_INFINITY && le64toh(m->timestamp) > validate_timestamp) + log_debug("Credential timestamp is from the future, assuming clock skew."); + + if (le64toh(m->not_after) != USEC_INFINITY && le64toh(m->not_after) < validate_timestamp) { + + r = getenv_bool_secure("SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER"); + if (r < 0 && r != -ENXIO) + log_debug_errno(r, "Failed to parse $SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER: %m"); + if (r != 0) + return log_error_errno(SYNTHETIC_ERRNO(ESTALE), "Credential's time passed, refusing to use."); + + log_debug("Credential not-after timestamp has passed, but configured to use credential anyway."); + } + } + + if (ret) { + char *without_metadata; + + without_metadata = memdup((uint8_t*) plaintext + hs, plaintext_size - hs); + if (!without_metadata) + return log_oom(); + + *ret = without_metadata; + } + + if (ret_size) + *ret_size = plaintext_size - hs; + + return 0; +} + +#else + +int get_credential_host_secret(CredentialSecretFlags flags, void **ret, size_t *ret_size) { + return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Support for encrypted credentials not available."); +} + +int encrypt_credential_and_warn(sd_id128_t with_key, const char *name, usec_t timestamp, usec_t not_after, const char *tpm2_device, uint32_t tpm2_pcr_mask, const void *input, size_t input_size, void **ret, size_t *ret_size) { + return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Support for encrypted credentials not available."); +} + +int decrypt_credential_and_warn(const char *validate_name, usec_t validate_timestamp, const char *tpm2_device, const void *input, size_t input_size, void **ret, size_t *ret_size) { + return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Support for encrypted credentials not available."); +} + +#endif diff --git a/src/shared/openssl-util.c b/src/shared/openssl-util.c index bb47ae5e8..bd728e6c7 100644 --- a/src/shared/openssl-util.c +++ b/src/shared/openssl-util.c @@ -46,7 +46,6 @@ int rsa_pkey_to_suitable_key_size( size_t *ret_suitable_key_size) { size_t suitable_key_size; - const RSA *rsa; int bits; assert_se(pkey); @@ -58,11 +57,7 @@ int rsa_pkey_to_suitable_key_size( if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "X.509 certificate does not refer to RSA key."); - rsa = EVP_PKEY_get0_RSA(pkey); - if (!rsa) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to acquire RSA public key from X.509 certificate."); - - bits = RSA_bits(rsa); + bits = EVP_PKEY_bits(pkey); log_debug("Bits in RSA key: %i", bits); /* We use PKCS#1 padding for the RSA cleartext, hence let's leave some extra space for it, hence only diff --git a/src/shared/openssl-util.h b/src/shared/openssl-util.h index e6c2bd931..ce8207414 100644 --- a/src/shared/openssl-util.h +++ b/src/shared/openssl-util.h @@ -11,6 +11,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509*, X509_free, NULL); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509_NAME*, X509_NAME_free, NULL); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY_CTX*, EVP_PKEY_CTX_free, NULL); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_CIPHER_CTX*, EVP_CIPHER_CTX_free, NULL); +DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_MD_CTX*, EVP_MD_CTX_free, NULL); int rsa_encrypt_bytes(EVP_PKEY *pkey, const void *decrypted_key, size_t decrypted_key_size, void **ret_encrypt_key, size_t *ret_encrypt_key_size); diff --git a/src/shared/user-record-show.c b/src/shared/user-record-show.c index 29790282b..54ff949ff 100644 --- a/src/shared/user-record-show.c +++ b/src/shared/user-record-show.c @@ -280,7 +280,7 @@ void user_record_show(UserRecord *hr, bool show_full_group_info) { printf(" IO Weight: %" PRIu64 "\n", hr->io_weight); if (hr->access_mode != MODE_INVALID) - printf(" Access Mode: 0%03oo\n", user_record_access_mode(hr)); + printf(" Access Mode: 0%03o\n", user_record_access_mode(hr)); if (storage == USER_LUKS) { printf("LUKS Discard: online=%s offline=%s\n", yes_no(user_record_luks_discard(hr)), yes_no(user_record_luks_offline_discard(hr))); diff --git a/src/shared/varlink.c b/src/shared/varlink.c index a57475b5b..ec062f3da 100644 --- a/src/shared/varlink.c +++ b/src/shared/varlink.c @@ -2364,14 +2364,8 @@ int varlink_server_detach_event(VarlinkServer *s) { assert_return(s, -EINVAL); - LIST_FOREACH(sockets, ss, s->sockets) { - - if (!ss->event_source) - continue; - - (void) sd_event_source_set_enabled(ss->event_source, SD_EVENT_OFF); - ss->event_source = sd_event_source_unref(ss->event_source); - } + LIST_FOREACH(sockets, ss, s->sockets) + ss->event_source = sd_event_source_disable_unref(ss->event_source); sd_event_unref(s->event); return 0; diff --git a/src/udev/dmi_memory_id/dmi_memory_id.c b/src/udev/dmi_memory_id/dmi_memory_id.c index 64eba0d31..00e46f8b9 100644 --- a/src/udev/dmi_memory_id/dmi_memory_id.c +++ b/src/udev/dmi_memory_id/dmi_memory_id.c @@ -539,7 +539,7 @@ static void dmi_table_decode(const uint8_t *buf, size_t len, uint16_t num) { /* If a short entry is found (less than 4 bytes), not only it * is invalid, but we cannot reliably locate the next entry. - * Better stop at this point, and let the user know his/her + * Better stop at this point, and let the user know their * table is broken. */ if (h.length < 4) break;