proxmox-mirrors/systemd
1
0
Fork 0
mirror of https://git.proxmox.com/git/systemd synced 2025-07-26 05:02:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

New upstream version 245.5

Browse Source
This commit is contained in:
Michael Biebl 2020-04-18 20:24:24 +02:00
parent 7d4b9ad6f6
commit d0648cfe4f
61 changed files with 4247 additions and 428 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
catalog/systemd.catalog.in
View File

@ -412,3 +412,26 @@ as the best process to terminate and has been forcibly terminated by the
kernel. kernel.
Note that the memory pressure might or might not have been caused by @UNIT@. Note that the memory pressure might or might not have been caused by @UNIT@.
-- b61fdac612e94b9182285b998843061f
Subject: Accepting user/group name @USER_GROUP_NAME@, which does not match strict user/group name rules.
Defined-By: systemd
Support: %SUPPORT_URL%
The user/group name @USER_GROUP_NAME@ has been specified, which is accepted
according the relaxed user/group name rules, but does not qualify under the
strict rules.
The strict user/group name rules written as regular expression are:
^[a-zA-Z_][a-zA-Z0-9_-]{0,30}$
The relaxed user/group name rules accept all names, except for the empty
string; names containing NUL bytes, control characters, colon or slash
characters; names not valid UTF-8; names with leading or trailing whitespace;
the strings "." or ".."; fully numeric strings, or strings beginning in a
hyphen and otherwise fully numeric.
For further details on strict and relaxed user/group name rules, see:
https://systemd.io/USER_NAMES

3
docs/USER_RECORD.md
View File

@ -205,7 +205,8 @@ object. The following fields are currently defined:
UNIX user name. This field is the only mandatory field, all others are UNIX user name. This field is the only mandatory field, all others are
optional. Corresponds with the `pw_name` field of of `struct passwd` and the optional. Corresponds with the `pw_name` field of of `struct passwd` and the
`sp_namp` field of `struct spwd` (i.e. the shadow user record stored in `sp_namp` field of `struct spwd` (i.e. the shadow user record stored in
`/etc/shadow`). `/etc/shadow`). See [User/Group Name Syntax](https://systemd.io/USER_NAMES) for
the (relaxed) rules the various systemd components enforce on user/group names.
`realm` → The "realm" a user is defined in. This concept allows distinguishing `realm` → The "realm" a user is defined in. This concept allows distinguishing
users with the same name that originate in different organizations or users with the same name that originate in different organizations or

3691
hwdb.d/20-bluetooth-vendor-product.hwdb
View File

File diff suppressed because it is too large Load Diff

11
man/coredumpctl.xml
View File

@ -217,6 +217,17 @@
will be used. </para></listitem> will be used. </para></listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><option>--file=<replaceable>GLOB</replaceable></option></term>
<listitem><para>Takes a file glob as an argument. If
specified, coredumpctl will operate on the specified journal
files matching <replaceable>GLOB</replaceable> instead of the
default runtime and system journal paths. May be specified
multiple times, in which case files will be suitably
interleaved.</para></listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><option>-D</option> <replaceable>DIR</replaceable></term> <term><option>-D</option> <replaceable>DIR</replaceable></term>
<term><option>--directory=</option><replaceable>DIR</replaceable></term> <term><option>--directory=</option><replaceable>DIR</replaceable></term>

5
man/homectl.xml
View File

@ -677,7 +677,10 @@
<listitem><para>Create a new home directory/user account of the specified name. Use the various <listitem><para>Create a new home directory/user account of the specified name. Use the various
user record property options (as documented above) to control various aspects of the home directory user record property options (as documented above) to control various aspects of the home directory
and its user accounts.</para></listitem> and its user accounts.</para>
<para>The specified user name should follow the strict syntax described on <ulink
url="https://systemd.io/USER_NAMES">User/Group Name Syntax</ulink>.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>

13
man/journalctl.xml
View File

@ -398,8 +398,8 @@
<varlistentry> <varlistentry>
<term><option>--output-fields=</option></term> <term><option>--output-fields=</option></term>
<listitem><para>A comma separated list of the fields which should be included in the output. This only has an <listitem><para>A comma separated list of the fields which should be included in the output. This has an
effect for the output modes which would normally show all fields (<option>verbose</option>, effect only for the output modes which would normally show all fields (<option>verbose</option>,
<option>export</option>, <option>json</option>, <option>json-pretty</option>, <option>json-sse</option> and <option>export</option>, <option>json</option>, <option>json-pretty</option>, <option>json-sse</option> and
<option>json-seq</option>). The <literal>__CURSOR</literal>, <literal>__REALTIME_TIMESTAMP</literal>, <option>json-seq</option>). The <literal>__CURSOR</literal>, <literal>__REALTIME_TIMESTAMP</literal>,
<literal>__MONOTONIC_TIMESTAMP</literal>, and <literal>_BOOT_ID</literal> fields are always <literal>__MONOTONIC_TIMESTAMP</literal>, and <literal>_BOOT_ID</literal> fields are always
@ -416,8 +416,13 @@
<varlistentry> <varlistentry>
<term><option>--no-hostname</option></term> <term><option>--no-hostname</option></term>
<listitem><para>Don't show the hostname field of log messages originating from the local host. This switch only <listitem><para>Don't show the hostname field of log messages originating from the local host. This
has an effect on the <option>short</option> family of output modes (see above).</para></listitem> switch has an effect only on the <option>short</option> family of output modes (see above).
</para>
<para>Note: this option does not remove occurrences of the hostname from log entries themselves, so
it does not prevent the hostname from being visible in the logs.</para>
</listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>

6
man/systemd-run.xml
View File

@ -146,8 +146,10 @@
<varlistentry> <varlistentry>
<term><option>--slice=</option></term> <term><option>--slice=</option></term>
<listitem><para>Make the new <filename>.service</filename> or <filename>.scope</filename> unit part of the <listitem><para>Make the new <filename>.service</filename> or <filename>.scope</filename> unit part
specified slice, instead of <filename>system.slice</filename>.</para> of the specified slice, instead of <filename>system.slice</filename> (when running in
<option>--system</option> mode) or the root slice (when running in <option>--user</option>
mode).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

15
man/systemd.exec.xml
View File

@ -217,12 +217,15 @@
is set, the default group of the user is used. This setting does not affect commands whose command line is is set, the default group of the user is used. This setting does not affect commands whose command line is
prefixed with <literal>+</literal>.</para> prefixed with <literal>+</literal>.</para>
<para>Note that restrictions on the user/group name syntax are enforced: the specified name must consist only <para>Note that this enforces only weak restrictions on the user/group name syntax, but will generate
of the characters a-z, A-Z, 0-9, <literal>_</literal> and <literal>-</literal>, except for the first character warnings in many cases where user/group names do not adhere to the following rules: the specified
which must be one of a-z, A-Z or <literal>_</literal> (i.e. numbers and <literal>-</literal> are not permitted name should consist only of the characters a-z, A-Z, 0-9, <literal>_</literal> and
as first character). The user/group name must have at least one character, and at most 31. These restrictions <literal>-</literal>, except for the first character which must be one of a-z, A-Z and
are enforced in order to avoid ambiguities and to ensure user/group names and unit files remain portable among <literal>_</literal> (i.e. digits and <literal>-</literal> are not permitted as first character). The
Linux systems.</para> user/group name must have at least one character, and at most 31. These restrictions are made in
order to avoid ambiguities and to ensure user/group names and unit files remain portable among Linux
systems. For further details on the names accepted and the names warned about see <ulink
url="https://systemd.io/USER_NAMES">User/Group Name Syntax</ulink>.</para>
<para>When used in conjunction with <varname>DynamicUser=</varname> the user/group name specified is <para>When used in conjunction with <varname>DynamicUser=</varname> the user/group name specified is
dynamically allocated at the time the service is started, and released at the time the service is dynamically allocated at the time the service is started, and released at the time the service is

8
man/systemd.service.xml
View File

@ -423,6 +423,9 @@
<varname>ExecStart=</varname>, or <varname>ExecStartPost=</varname> fail (and are not prefixed with <varname>ExecStart=</varname>, or <varname>ExecStartPost=</varname> fail (and are not prefixed with
<literal>-</literal>, see above) or time out before the service is fully up, execution continues with commands <literal>-</literal>, see above) or time out before the service is fully up, execution continues with commands
specified in <varname>ExecStopPost=</varname>, the commands in <varname>ExecStop=</varname> are skipped.</para> specified in <varname>ExecStopPost=</varname>, the commands in <varname>ExecStop=</varname> are skipped.</para>
<para>Note that the execution of <varname>ExecStartPost=</varname> is taken into account for the purpose of
<varname>Before=</varname>/<varname>After=</varname> ordering constraints.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -534,7 +537,10 @@
service, as well as the main process' exit code and status, set in the <varname>$SERVICE_RESULT</varname>, service, as well as the main process' exit code and status, set in the <varname>$SERVICE_RESULT</varname>,
<varname>$EXIT_CODE</varname> and <varname>$EXIT_STATUS</varname> environment variables, see <varname>$EXIT_CODE</varname> and <varname>$EXIT_STATUS</varname> environment variables, see
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
details.</para></listitem> details.</para>
<para>Note that the execution of <varname>ExecStopPost=</varname> is taken into account for the purpose of
<varname>Before=</varname>/<varname>After=</varname> ordering constraints.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>

2
man/systemd.unit.xml
View File

@ -750,7 +750,7 @@
type when precisely a unit has finished starting up. Most importantly, for service units start-up is type when precisely a unit has finished starting up. Most importantly, for service units start-up is
considered completed for the purpose of <varname>Before=</varname>/<varname>After=</varname> when all considered completed for the purpose of <varname>Before=</varname>/<varname>After=</varname> when all
its configured start-up commands have been invoked and they either failed or reported start-up its configured start-up commands have been invoked and they either failed or reported start-up
success.</para> success. Note that this does includes ExecStartPost (or ExecStopPost for the shutdown case).</para>
<para>Note that those settings are independent of and orthogonal to the requirement dependencies as <para>Note that those settings are independent of and orthogonal to the requirement dependencies as
configured by <varname>Requires=</varname>, <varname>Wants=</varname>, <varname>Requisite=</varname>, configured by <varname>Requires=</varname>, <varname>Wants=</varname>, <varname>Requisite=</varname>,

3
man/sysusers.d.xml
View File

@ -154,6 +154,9 @@ r - 500-900
A-Z or <literal>_</literal> (i.e. numbers and <literal>-</literal> are not permitted as first character). The A-Z or <literal>_</literal> (i.e. numbers and <literal>-</literal> are not permitted as first character). The
user/group name must have at least one character, and at most 31.</para> user/group name must have at least one character, and at most 31.</para>
<para>For further details about the syntax of user/group names, see <ulink
url="https://systemd.io/USER_NAMES">User/Group Name Syntax</ulink>.</para>
<para>It is strongly recommended to pick user and group names that are unlikely to clash with normal users <para>It is strongly recommended to pick user and group names that are unlikely to clash with normal users
created by the administrator. A good scheme to guarantee this is by prefixing all system and group names with the created by the administrator. A good scheme to guarantee this is by prefixing all system and group names with the
underscore, and avoiding too generic names.</para> underscore, and avoiding too generic names.</para>

5
src/analyze/analyze-verify.c
View File

@ -124,10 +124,13 @@ static int verify_socket(Unit *u) {
return 0; return 0;
} }
static int verify_executable(Unit *u, ExecCommand *exec) { int verify_executable(Unit *u, const ExecCommand *exec) {
if (!exec) if (!exec)
return 0; return 0;
if (exec->flags & EXEC_COMMAND_IGNORE_FAILURE)
return 0;
if (access(exec->path, X_OK) < 0) if (access(exec->path, X_OK) < 0)
return log_unit_error_errno(u, errno, "Command %s is not executable: %m", exec->path); return log_unit_error_errno(u, errno, "Command %s is not executable: %m", exec->path);

2
src/analyze/analyze-verify.h
View File

@ -3,6 +3,8 @@
#include <stdbool.h> #include <stdbool.h>
#include "execute.h"
#include "path-lookup.h" #include "path-lookup.h"
int verify_executable(Unit *u, const ExecCommand *exec);
int verify_units(char **filenames, UnitFileScope scope, bool check_man, bool run_generators); int verify_units(char **filenames, UnitFileScope scope, bool check_man, bool run_generators);

19
src/analyze/test-verify.c Normal file
View File

@ -0,0 +1,19 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
#include "analyze-verify.h"
#include "tests.h"
static void test_verify_nonexistent(void) {
/* Negative cases */
assert_se(verify_executable(NULL, &(ExecCommand) {.flags = EXEC_COMMAND_IGNORE_FAILURE, .path = (char*) "/non/existent"}) == 0);
assert_se(verify_executable(NULL, &(ExecCommand) {.path = (char*) "/non/existent"}) < 0);
/* Ordinary cases */
assert_se(verify_executable(NULL, &(ExecCommand) {.path = (char*) "/bin/echo"}) == 0);
assert_se(verify_executable(NULL, &(ExecCommand) {.flags = EXEC_COMMAND_IGNORE_FAILURE, .path = (char*) "/bin/echo"}) == 0);
}
int main(int argc, char *argv[]) {
test_setup_logging(LOG_DEBUG);
test_verify_nonexistent();
}

8
src/basic/capability-util.c
View File

@ -107,11 +107,13 @@ int capability_ambient_set_apply(uint64_t set, bool also_inherit) {
unsigned long i; unsigned long i;
int r; int r;
/* Add the capabilities to the ambient set (an possibly also the inheritable set) */
/* Check that we can use PR_CAP_AMBIENT or quit early. */ /* Check that we can use PR_CAP_AMBIENT or quit early. */
if (!ambient_capabilities_supported()) if (!ambient_capabilities_supported())
return 0; return (set & all_capabilities()) == 0 ?
0 : -EOPNOTSUPP; /* if actually no ambient caps are to be set, be silent,
/* Add the capabilities to the ambient set. */ * otherwise fail recognizably */
if (also_inherit) { if (also_inherit) {
caps = cap_get_proc(); caps = cap_get_proc();

48
src/basic/fileio.c
View File

@ -81,7 +81,7 @@ int write_string_stream_ts(
struct timespec *ts) { struct timespec *ts) {
bool needs_nl; bool needs_nl;
int r; int r, fd;
assert(f); assert(f);
assert(line); assert(line);
@ -89,6 +89,14 @@ int write_string_stream_ts(
if (ferror(f)) if (ferror(f))
return -EIO; return -EIO;
if (ts) {
/* If we shall set the timestamp we need the fd. But fmemopen() streams generally don't have
* an fd. Let's fail early in that case. */
fd = fileno(f);
if (fd < 0)
return -EBADF;
}
needs_nl = !(flags & WRITE_STRING_FILE_AVOID_NEWLINE) && !endswith(line, "\n"); needs_nl = !(flags & WRITE_STRING_FILE_AVOID_NEWLINE) && !endswith(line, "\n");
if (needs_nl && (flags & WRITE_STRING_FILE_DISABLE_BUFFER)) { if (needs_nl && (flags & WRITE_STRING_FILE_DISABLE_BUFFER)) {
@ -116,7 +124,7 @@ int write_string_stream_ts(
if (ts) { if (ts) {
struct timespec twice[2] = {*ts, *ts}; struct timespec twice[2] = {*ts, *ts};
if (futimens(fileno(f), twice) < 0) if (futimens(fd, twice) < 0)
return -errno; return -errno;
} }
@ -848,7 +856,7 @@ int fflush_and_check(FILE *f) {
} }
int fflush_sync_and_check(FILE *f) { int fflush_sync_and_check(FILE *f) {
int r; int r, fd;
assert(f); assert(f);
@ -856,10 +864,16 @@ int fflush_sync_and_check(FILE *f) {
if (r < 0) if (r < 0)
return r; return r;
if (fsync(fileno(f)) < 0) /* Not all file streams have an fd associated (think: fmemopen()), let's handle this gracefully and
* assume that in that case we need no explicit syncing */
fd = fileno(f);
if (fd < 0)
return 0;
if (fsync(fd) < 0)
return -errno; return -errno;
r = fsync_directory_of_file(fileno(f)); r = fsync_directory_of_file(fd);
if (r < 0) if (r < 0)
return r; return r;
@ -957,7 +971,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(FILE*, funlockfile);
int read_line_full(FILE *f, size_t limit, ReadLineFlags flags, char **ret) { int read_line_full(FILE *f, size_t limit, ReadLineFlags flags, char **ret) {
size_t n = 0, allocated = 0, count = 0; size_t n = 0, allocated = 0, count = 0;
_cleanup_free_ char *buffer = NULL; _cleanup_free_ char *buffer = NULL;
int r, tty = -1; int r;
assert(f); assert(f);
@ -1032,13 +1046,23 @@ int read_line_full(FILE *f, size_t limit, ReadLineFlags flags, char **ret) {
count++; count++;
if (eol != EOL_NONE) { if (eol != EOL_NONE) {
/* If we are on a tty, we can't wait for more input. But we expect only /* If we are on a tty, we can't shouldn't wait for more input, because that
* \n as the single EOL marker, so there is no need to wait. We check * generally means waiting for the user, interactively. In the case of a TTY
* this condition last to avoid isatty() check if not necessary. */ * we expect only \n as the single EOL marker, so we are in the lucky
* position that there is no need to wait. We check this condition last, to
* avoid isatty() check if not necessary. */
if (tty < 0) if ((flags & (READ_LINE_IS_A_TTY|READ_LINE_NOT_A_TTY)) == 0) {
tty = isatty(fileno(f)); int fd;
if (tty > 0)
fd = fileno(f);
if (fd < 0) /* Maybe an fmemopen() stream? Handle this gracefully,
* and don't call isatty() on an invalid fd */
flags |= READ_LINE_NOT_A_TTY;
else
flags |= isatty(fd) ? READ_LINE_IS_A_TTY : READ_LINE_NOT_A_TTY;
}
if (FLAGS_SET(flags, READ_LINE_IS_A_TTY))
break; break;
} }

4
src/basic/fileio.h
View File

@ -85,7 +85,9 @@ int read_timestamp_file(const char *fn, usec_t *ret);
int fputs_with_space(FILE *f, const char *s, const char *separator, bool *space); int fputs_with_space(FILE *f, const char *s, const char *separator, bool *space);
typedef enum ReadLineFlags { typedef enum ReadLineFlags {
READ_LINE_ONLY_NUL = 1 << 0, READ_LINE_ONLY_NUL = 1 << 0,
READ_LINE_IS_A_TTY = 1 << 1,
READ_LINE_NOT_A_TTY = 1 << 2,
} ReadLineFlags; } ReadLineFlags;
int read_line_full(FILE *f, size_t limit, ReadLineFlags flags, char **ret); int read_line_full(FILE *f, size_t limit, ReadLineFlags flags, char **ret);

5
src/basic/string-util.c
View File

@ -113,7 +113,7 @@ static size_t strcspn_escaped(const char *s, const char *reject) {
bool escaped = false; bool escaped = false;
int n; int n;
for (n=0; s[n]; n++) { for (n = 0; s[n] != '\0'; n++) {
if (escaped) if (escaped)
escaped = false; escaped = false;
else if (s[n] == '\\') else if (s[n] == '\\')
@ -122,8 +122,7 @@ static size_t strcspn_escaped(const char *s, const char *reject) {
break; break;
} }
/* if s ends in \, return index of previous char */ return n;
return n - escaped;
} }
/* Split a string into words. */ /* Split a string into words. */

32
src/basic/terminal-util.c
View File

@ -81,31 +81,34 @@ int chvt(int vt) {
int read_one_char(FILE *f, char *ret, usec_t t, bool *need_nl) { int read_one_char(FILE *f, char *ret, usec_t t, bool *need_nl) {
_cleanup_free_ char *line = NULL; _cleanup_free_ char *line = NULL;
struct termios old_termios; struct termios old_termios;
int r; int r, fd;
assert(f); assert(f);
assert(ret); assert(ret);
/* If this is a terminal, then switch canonical mode off, so that we can read a single character */ /* If this is a terminal, then switch canonical mode off, so that we can read a single
if (tcgetattr(fileno(f), &old_termios) >= 0) { * character. (Note that fmemopen() streams do not have an fd associated with them, let's handle that
* nicely.) */
fd = fileno(f);
if (fd >= 0 && tcgetattr(fd, &old_termios) >= 0) {
struct termios new_termios = old_termios; struct termios new_termios = old_termios;
new_termios.c_lflag &= ~ICANON; new_termios.c_lflag &= ~ICANON;
new_termios.c_cc[VMIN] = 1; new_termios.c_cc[VMIN] = 1;
new_termios.c_cc[VTIME] = 0; new_termios.c_cc[VTIME] = 0;
if (tcsetattr(fileno(f), TCSADRAIN, &new_termios) >= 0) { if (tcsetattr(fd, TCSADRAIN, &new_termios) >= 0) {
char c; char c;
if (t != USEC_INFINITY) { if (t != USEC_INFINITY) {
if (fd_wait_for_event(fileno(f), POLLIN, t) <= 0) { if (fd_wait_for_event(fd, POLLIN, t) <= 0) {
(void) tcsetattr(fileno(f), TCSADRAIN, &old_termios); (void) tcsetattr(fd, TCSADRAIN, &old_termios);
return -ETIMEDOUT; return -ETIMEDOUT;
} }
} }
r = safe_fgetc(f, &c); r = safe_fgetc(f, &c);
(void) tcsetattr(fileno(f), TCSADRAIN, &old_termios); (void) tcsetattr(fd, TCSADRAIN, &old_termios);
if (r < 0) if (r < 0)
return r; return r;
if (r == 0) if (r == 0)
@ -119,8 +122,13 @@ int read_one_char(FILE *f, char *ret, usec_t t, bool *need_nl) {
} }
} }
if (t != USEC_INFINITY) { if (t != USEC_INFINITY && fd > 0) {
if (fd_wait_for_event(fileno(f), POLLIN, t) <= 0) /* Let's wait the specified amount of time for input. When we have no fd we skip this, under
* the assumption that this is an fmemopen() stream or so where waiting doesn't make sense
* anyway, as the data is either already in the stream or cannot possible be placed there
* while we access the stream */
if (fd_wait_for_event(fd, POLLIN, t) <= 0)
return -ETIMEDOUT; return -ETIMEDOUT;
} }
@ -778,6 +786,9 @@ const char *default_term_for_tty(const char *tty) {
int fd_columns(int fd) { int fd_columns(int fd) {
struct winsize ws = {}; struct winsize ws = {};
if (fd < 0)
return -EBADF;
if (ioctl(fd, TIOCGWINSZ, &ws) < 0) if (ioctl(fd, TIOCGWINSZ, &ws) < 0)
return -errno; return -errno;
@ -812,6 +823,9 @@ unsigned columns(void) {
int fd_lines(int fd) { int fd_lines(int fd) {
struct winsize ws = {}; struct winsize ws = {};
if (fd < 0)
return -EBADF;
if (ioctl(fd, TIOCGWINSZ, &ws) < 0) if (ioctl(fd, TIOCGWINSZ, &ws) < 0)
return -errno; return -errno;

182
src/basic/user-util.c
View File

@ -10,6 +10,8 @@
#include <unistd.h> #include <unistd.h>
#include <utmp.h> #include <utmp.h>
#include "sd-messages.h"
#include "alloc-util.h" #include "alloc-util.h"
#include "errno-util.h" #include "errno-util.h"
#include "fd-util.h" #include "fd-util.h"
@ -18,6 +20,7 @@
#include "macro.h" #include "macro.h"
#include "parse-util.h" #include "parse-util.h"
#include "path-util.h" #include "path-util.h"
#include "path-util.h"
#include "random-util.h" #include "random-util.h"
#include "string-util.h" #include "string-util.h"
#include "strv.h" #include "strv.h"
@ -698,92 +701,125 @@ int take_etc_passwd_lock(const char *root) {
return fd; return fd;
} }
bool valid_user_group_name_full(const char *u, bool strict) { bool valid_user_group_name(const char *u, ValidUserFlags flags) {
const char *i; const char *i;
long sz;
bool warned = false;
/* Checks if the specified name is a valid user/group name. Also see POSIX IEEE Std 1003.1-2008, 2016 Edition, /* Checks if the specified name is a valid user/group name. There are two flavours of this call:
* 3.437. We are a bit stricter here however. Specifically we deviate from POSIX rules: * strict mode is the default which is POSIX plus some extra rules; and relaxed mode where we accept
* pretty much everything except the really worst offending names.
* *
* - We require that names fit into the appropriate utmp field * Whenever we synthesize users ourselves we should use the strict mode. But when we process users
* - We don't allow empty user names * created by other stuff, let's be more liberal. */
* - No dots in the first character
*
* If strict==true, additionally:
* - We don't allow any dots (this conflicts with chown syntax which permits dots as user/group name separator)
* - We don't allow a digit as the first character
*
* Note that other systems are even more restrictive, and don't permit underscores or uppercase characters.
*/
if (isempty(u)) if (isempty(u)) /* An empty user name is never valid */
return false; return false;
if (!(u[0] >= 'a' && u[0] <= 'z') && if (parse_uid(u, NULL) >= 0) /* Something that parses as numeric UID string is valid exactly when the
!(u[0] >= 'A' && u[0] <= 'Z') && * flag for it is set */
!(u[0] >= '0' && u[0] <= '9' && !strict) && return FLAGS_SET(flags, VALID_USER_ALLOW_NUMERIC);
u[0] != '_')
return false;
bool only_digits_seen = u[0] >= '0' && u[0] <= '9'; if (FLAGS_SET(flags, VALID_USER_RELAX)) {
if (only_digits_seen) { /* In relaxed mode we just check very superficially. Apparently SSSD and other stuff is
log_warning("User or group name \"%s\" starts with a digit, accepting for compatibility.", u); * extremely liberal (way too liberal if you ask me, even inserting "@" in user names, which
warned = true; * is bound to cause problems for example when used with an MTA), hence only filter the most
* obvious cases, or where things would result in an invalid entry if such a user name would
* show up in /etc/passwd (or equivalent getent output).
*
* Note that we stepped far out of POSIX territory here. It's not our fault though, but
* SSSD's, Samba's and everybody else who ignored POSIX on this. (I mean, I am happy to step
* outside of POSIX' bounds any day, but I must say in this case I probably wouldn't
* have...) */
if (startswith(u, " ") || endswith(u, " ")) /* At least expect whitespace padding is removed
* at front and back (accept in the middle, since
* that's apparently a thing on Windows). Note
* that this also blocks usernames consisting of
* whitespace only. */
return false;
if (!utf8_is_valid(u)) /* We want to synthesize JSON from this, hence insist on UTF-8 */
return false;
if (string_has_cc(u, NULL)) /* CC characters are just dangerous (and \n in particular is the
* record separator in /etc/passwd), so we can't allow that. */
return false;
if (strpbrk(u, ":/")) /* Colons are the field separator in /etc/passwd, we can't allow
* that. Slashes are special to file systems paths and user names
* typically show up in the file system as home directories, hence
* don't allow slashes. */
return false;
if (in_charset(u, "0123456789")) /* Don't allow fully numeric strings, they might be confused
* with with UIDs (note that this test is more broad than
* the parse_uid() test above, as it will cover more than
* the 32bit range, and it will detect 65535 (which is in
* invalid UID, even though in the unsigned 32 bit range) */
return false;
if (u[0] == '-' && in_charset(u + 1, "0123456789")) /* Don't allow negative fully numeric
* strings either. After all some people
* write 65535 as -1 (even though that's
* not even true on 32bit uid_t
* anyway) */
return false;
if (dot_or_dot_dot(u)) /* User names typically become home directory names, and these two are
* special in that context, don't allow that. */
return false;
/* Compare with strict result and warn if result doesn't match */
if (FLAGS_SET(flags, VALID_USER_WARN) && !valid_user_group_name(u, 0))
log_struct(LOG_NOTICE,
"MESSAGE=Accepting user/group name '%s', which does not match strict user/group name rules.", u,
"USER_GROUP_NAME=%s", u,
"MESSAGE_ID=" SD_MESSAGE_UNSAFE_USER_NAME_STR);
/* Note that we make no restrictions on the length in relaxed mode! */
} else {
long sz;
size_t l;
/* Also see POSIX IEEE Std 1003.1-2008, 2016 Edition, 3.437. We are a bit stricter here
* however. Specifically we deviate from POSIX rules:
*
* - We don't allow empty user names (see above)
* - We require that names fit into the appropriate utmp field
* - We don't allow any dots (this conflicts with chown syntax which permits dots as user/group name separator)
* - We don't allow dashes or digit as the first character
*
* Note that other systems are even more restrictive, and don't permit underscores or uppercase characters.
*/
if (!(u[0] >= 'a' && u[0] <= 'z') &&
!(u[0] >= 'A' && u[0] <= 'Z') &&
u[0] != '_')
return false;
for (i = u+1; *i; i++)
if (!(*i >= 'a' && *i <= 'z') &&
!(*i >= 'A' && *i <= 'Z') &&
!(*i >= '0' && *i <= '9') &&
!IN_SET(*i, '_', '-'))
return false;
l = i - u;
sz = sysconf(_SC_LOGIN_NAME_MAX);
assert_se(sz > 0);
if (l > (size_t) sz)
return false;
if (l > FILENAME_MAX)
return false;
if (l > UT_NAMESIZE - 1)
return false;
} }
for (i = u+1; *i; i++) {
if (((*i >= 'a' && *i <= 'z') ||
(*i >= 'A' && *i <= 'Z') ||
(*i >= '0' && *i <= '9') ||
IN_SET(*i, '_', '-'))) {
if (!(*i >= '0' && *i <= '9'))
only_digits_seen = false;
continue;
}
if (*i == '.' && !strict) {
if (!warned) {
log_warning("Bad user or group name \"%s\", accepting for compatibility.", u);
warned = true;
}
continue;
}
return false;
}
if (only_digits_seen)
return false;
sz = sysconf(_SC_LOGIN_NAME_MAX);
assert_se(sz > 0);
if ((size_t) (i-u) > (size_t) sz)
return false;
if ((size_t) (i-u) > UT_NAMESIZE - 1)
return false;
return true; return true;
} }
bool valid_user_group_name_or_id_full(const char *u, bool strict) {
/* Similar as above, but is also fine with numeric UID/GID specifications, as long as they are in the
* right range, and not the invalid user ids. */
if (isempty(u))
return false;
if (parse_uid(u, NULL) >= 0)
return true;
return valid_user_group_name_full(u, strict);
}
bool valid_gecos(const char *d) { bool valid_gecos(const char *d) {
if (!d) if (!d)

21
src/basic/user-util.h
View File

@ -97,20 +97,13 @@ static inline bool userns_supported(void) {
return access("/proc/self/uid_map", F_OK) >= 0; return access("/proc/self/uid_map", F_OK) >= 0;
} }
bool valid_user_group_name_full(const char *u, bool strict); typedef enum ValidUserFlags {
bool valid_user_group_name_or_id_full(const char *u, bool strict); VALID_USER_RELAX = 1 << 0,
static inline bool valid_user_group_name(const char *u) { VALID_USER_WARN = 1 << 1,
return valid_user_group_name_full(u, true); VALID_USER_ALLOW_NUMERIC = 1 << 2,
} } ValidUserFlags;
static inline bool valid_user_group_name_or_id(const char *u) {
return valid_user_group_name_or_id_full(u, true); bool valid_user_group_name(const char *u, ValidUserFlags flags);
}
static inline bool valid_user_group_name_compat(const char *u) {
return valid_user_group_name_full(u, false);
}
static inline bool valid_user_group_name_or_id_compat(const char *u) {
return valid_user_group_name_or_id_full(u, false);
}
bool valid_gecos(const char *d); bool valid_gecos(const char *d);
bool valid_home(const char *p); bool valid_home(const char *p);

13
src/basic/virt.c
View File

@ -462,13 +462,14 @@ int detect_container(void) {
goto finish; goto finish;
} }
/* "Official" way of detecting WSL https://github.com/Microsoft/WSL/issues/423#issuecomment-221627364 */ /* "Official" way of detecting WSL https://github.com/Microsoft/WSL/issues/423#issuecomment-221627364,
* ... and a working one, since the official one doesn't actually work ;(
*/
r = read_one_line_file("/proc/sys/kernel/osrelease", &o); r = read_one_line_file("/proc/sys/kernel/osrelease", &o);
if (r >= 0) { if (r >= 0 &&
if (strstr(o, "Microsoft") || strstr(o, "WSL")) { (strstr(o, "Microsoft") || strstr(o, "microsoft") || strstr(o, "WSL"))) {
r = VIRTUALIZATION_WSL; r = VIRTUALIZATION_WSL;
goto finish; goto finish;
}
} }
if (getpid_cached() == 1) { if (getpid_cached() == 1) {

7
src/core/dbus-execute.c
View File

@ -795,6 +795,7 @@ const sd_bus_vtable bus_exec_vtable[] = {
SD_BUS_PROPERTY("MountFlags", "t", bus_property_get_ulong, offsetof(ExecContext, mount_flags), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("MountFlags", "t", bus_property_get_ulong, offsetof(ExecContext, mount_flags), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("PrivateTmp", "b", bus_property_get_bool, offsetof(ExecContext, private_tmp), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("PrivateTmp", "b", bus_property_get_bool, offsetof(ExecContext, private_tmp), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("PrivateDevices", "b", bus_property_get_bool, offsetof(ExecContext, private_devices), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("PrivateDevices", "b", bus_property_get_bool, offsetof(ExecContext, private_devices), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("ProtectClock", "b", bus_property_get_bool, offsetof(ExecContext, protect_clock), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("ProtectKernelTunables", "b", bus_property_get_bool, offsetof(ExecContext, protect_kernel_tunables), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("ProtectKernelTunables", "b", bus_property_get_bool, offsetof(ExecContext, protect_kernel_tunables), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("ProtectKernelModules", "b", bus_property_get_bool, offsetof(ExecContext, protect_kernel_modules), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("ProtectKernelModules", "b", bus_property_get_bool, offsetof(ExecContext, protect_kernel_modules), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("ProtectKernelLogs", "b", bus_property_get_bool, offsetof(ExecContext, protect_kernel_logs), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("ProtectKernelLogs", "b", bus_property_get_bool, offsetof(ExecContext, protect_kernel_logs), SD_BUS_VTABLE_PROPERTY_CONST),
@ -1203,10 +1204,10 @@ int bus_exec_context_set_transient_property(
flags |= UNIT_PRIVATE; flags |= UNIT_PRIVATE;
if (streq(name, "User")) if (streq(name, "User"))
return bus_set_transient_user_compat(u, name, &c->user, message, flags, error); return bus_set_transient_user_relaxed(u, name, &c->user, message, flags, error);
if (streq(name, "Group")) if (streq(name, "Group"))
return bus_set_transient_user_compat(u, name, &c->group, message, flags, error); return bus_set_transient_user_relaxed(u, name, &c->group, message, flags, error);
if (streq(name, "TTYPath")) if (streq(name, "TTYPath"))
return bus_set_transient_path(u, name, &c->tty_path, message, flags, error); return bus_set_transient_path(u, name, &c->tty_path, message, flags, error);
@ -1391,7 +1392,7 @@ int bus_exec_context_set_transient_property(
return r; return r;
STRV_FOREACH(p, l) STRV_FOREACH(p, l)
if (!isempty(*p) && !valid_user_group_name_or_id_compat(*p)) if (!isempty(*p) && !valid_user_group_name(*p, VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX|VALID_USER_WARN))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
"Invalid supplementary group names"); "Invalid supplementary group names");

2
src/core/dbus-manager.c
View File

@ -1643,7 +1643,7 @@ static int method_lookup_dynamic_user_by_name(sd_bus_message *message, void *use
if (!MANAGER_IS_SYSTEM(m)) if (!MANAGER_IS_SYSTEM(m))
return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Dynamic users are only supported in the system instance."); return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Dynamic users are only supported in the system instance.");
if (!valid_user_group_name(name)) if (!valid_user_group_name(name, VALID_USER_RELAX))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "User name invalid: %s", name); return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "User name invalid: %s", name);
r = dynamic_user_lookup_name(m, name, &uid); r = dynamic_user_lookup_name(m, name, &uid);

4
src/core/dbus-socket.c
View File

@ -278,10 +278,10 @@ static int bus_socket_set_transient_property(
return bus_set_transient_fdname(u, name, &s->fdname, message, flags, error); return bus_set_transient_fdname(u, name, &s->fdname, message, flags, error);
if (streq(name, "SocketUser")) if (streq(name, "SocketUser"))
return bus_set_transient_user_compat(u, name, &s->user, message, flags, error); return bus_set_transient_user_relaxed(u, name, &s->user, message, flags, error);
if (streq(name, "SocketGroup")) if (streq(name, "SocketGroup"))
return bus_set_transient_user_compat(u, name, &s->group, message, flags, error); return bus_set_transient_user_relaxed(u, name, &s->group, message, flags, error);
if (streq(name, "BindIPv6Only")) if (streq(name, "BindIPv6Only"))
return bus_set_transient_bind_ipv6_only(u, name, &s->bind_ipv6_only, message, flags, error); return bus_set_transient_bind_ipv6_only(u, name, &s->bind_ipv6_only, message, flags, error);

7
src/core/dbus-util.c
View File

@ -30,7 +30,12 @@ int bus_property_get_triggered_unit(
BUS_DEFINE_SET_TRANSIENT(mode_t, "u", uint32_t, mode_t, "%040o"); BUS_DEFINE_SET_TRANSIENT(mode_t, "u", uint32_t, mode_t, "%040o");
BUS_DEFINE_SET_TRANSIENT(unsigned, "u", uint32_t, unsigned, "%" PRIu32); BUS_DEFINE_SET_TRANSIENT(unsigned, "u", uint32_t, unsigned, "%" PRIu32);
BUS_DEFINE_SET_TRANSIENT_STRING_WITH_CHECK(user_compat, valid_user_group_name_or_id_compat);
static inline bool valid_user_group_name_or_id_relaxed(const char *u) {
return valid_user_group_name(u, VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX);
}
BUS_DEFINE_SET_TRANSIENT_STRING_WITH_CHECK(user_relaxed, valid_user_group_name_or_id_relaxed);
BUS_DEFINE_SET_TRANSIENT_STRING_WITH_CHECK(path, path_is_absolute); BUS_DEFINE_SET_TRANSIENT_STRING_WITH_CHECK(path, path_is_absolute);
int bus_set_transient_string( int bus_set_transient_string(

2
src/core/dbus-util.h
View File

@ -236,7 +236,7 @@ int bus_property_get_triggered_unit(sd_bus *bus, const char *path, const char *i
int bus_set_transient_mode_t(Unit *u, const char *name, mode_t *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error); int bus_set_transient_mode_t(Unit *u, const char *name, mode_t *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
int bus_set_transient_unsigned(Unit *u, const char *name, unsigned *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error); int bus_set_transient_unsigned(Unit *u, const char *name, unsigned *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
int bus_set_transient_user_compat(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error); int bus_set_transient_user_relaxed(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
int bus_set_transient_path(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error); int bus_set_transient_path(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
int bus_set_transient_string(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error); int bus_set_transient_string(Unit *u, const char *name, char **p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);
int bus_set_transient_bool(Unit *u, const char *name, bool *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error); int bus_set_transient_bool(Unit *u, const char *name, bool *p, sd_bus_message *message, UnitWriteFlags flags, sd_bus_error *error);

2
src/core/dynamic-user.c
View File

@ -116,7 +116,7 @@ static int dynamic_user_acquire(Manager *m, const char *name, DynamicUser** ret)
return 0; return 0;
} }
if (!valid_user_group_name_or_id(name)) if (!valid_user_group_name(name, VALID_USER_ALLOW_NUMERIC))
return -EINVAL; return -EINVAL;
if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, storage_socket) < 0) if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, storage_socket) < 0)

60
src/core/execute.c
View File

@ -1577,7 +1577,7 @@ static int apply_protect_kernel_logs(const Unit *u, const ExecContext *c) {
return seccomp_protect_syslog(); return seccomp_protect_syslog();
} }
static int apply_protect_clock(const Unit *u, const ExecContext *c) { static int apply_protect_clock(const Unit *u, const ExecContext *c) {
assert(u); assert(u);
assert(c); assert(c);
@ -1646,6 +1646,41 @@ static int apply_lock_personality(const Unit* u, const ExecContext *c) {
#endif #endif
static int apply_protect_hostname(const Unit *u, const ExecContext *c, int *ret_exit_status) {
int r;
assert(u);
assert(c);
if (!c->protect_hostname)
return 0;
if (ns_type_supported(NAMESPACE_UTS)) {
if (unshare(CLONE_NEWUTS) < 0) {
if (!ERRNO_IS_NOT_SUPPORTED(errno) && !ERRNO_IS_PRIVILEGE(errno)) {
*ret_exit_status = EXIT_NAMESPACE;
return log_unit_error_errno(u, errno, "Failed to set up UTS namespacing: %m");
}
log_unit_warning(u, "ProtectHostname=yes is configured, but UTS namespace setup is prohibited (container manager?), ignoring namespace setup.");
}
} else
log_unit_warning(u, "ProtectHostname=yes is configured, but the kernel does not support UTS namespaces, ignoring namespace setup.");
#if HAVE_SECCOMP
if (skip_seccomp_unavailable(u, "ProtectHostname="))
return 0;
r = seccomp_protect_hostname();
if (r < 0) {
*ret_exit_status = EXIT_SECCOMP;
return log_unit_error_errno(u, r, "Failed to apply hostname restrictions: %m");
}
#endif
return 0;
}
static void do_idle_pipe_dance(int idle_pipe[static 4]) { static void do_idle_pipe_dance(int idle_pipe[static 4]) {
assert(idle_pipe); assert(idle_pipe);
@ -3588,25 +3623,10 @@ static int exec_child(
} }
} }
if (context->protect_hostname) { if (needs_sandboxing) {
if (ns_type_supported(NAMESPACE_UTS)) { r = apply_protect_hostname(unit, context, exit_status);
if (unshare(CLONE_NEWUTS) < 0) { if (r < 0)
if (!ERRNO_IS_NOT_SUPPORTED(errno) && !ERRNO_IS_PRIVILEGE(errno)) { return r;
*exit_status = EXIT_NAMESPACE;
return log_unit_error_errno(unit, errno, "Failed to set up UTS namespacing: %m");
}
log_unit_warning(unit, "ProtectHostname=yes is configured, but UTS namespace setup is prohibited (container manager?), ignoring namespace setup.");
}
} else
log_unit_warning(unit, "ProtectHostname=yes is configured, but the kernel does not support UTS namespaces, ignoring namespace setup.");
#if HAVE_SECCOMP
r = seccomp_protect_hostname();
if (r < 0) {
*exit_status = EXIT_SECCOMP;
return log_unit_error_errno(unit, r, "Failed to apply hostname restrictions: %m");
}
#endif
} }
/* Drop groups as early as possible. /* Drop groups as early as possible.

4
src/core/load-fragment.c
View File

@ -2068,7 +2068,7 @@ int config_parse_user_group_compat(
return -ENOEXEC; return -ENOEXEC;
} }
if (!valid_user_group_name_or_id_compat(k)) { if (!valid_user_group_name(k, VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX|VALID_USER_WARN)) {
log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k); log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
return -ENOEXEC; return -ENOEXEC;
} }
@ -2122,7 +2122,7 @@ int config_parse_user_group_strv_compat(
return -ENOEXEC; return -ENOEXEC;
} }
if (!valid_user_group_name_or_id_compat(k)) { if (!valid_user_group_name(k, VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX|VALID_USER_WARN)) {
log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k); log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid user/group name or numeric ID: %s", k);
return -ENOEXEC; return -ENOEXEC;
} }

2
src/core/unit.c
View File

@ -4278,7 +4278,7 @@ static int user_from_unit_name(Unit *u, char **ret) {
if (r < 0) if (r < 0)
return r; return r;
if (valid_user_group_name(n)) { if (valid_user_group_name(n, 0)) {
*ret = TAKE_PTR(n); *ret = TAKE_PTR(n);
return 0; return 0;
} }

18
src/coredump/coredumpctl.c
View File

@ -17,6 +17,7 @@
#include "def.h" #include "def.h"
#include "fd-util.h" #include "fd-util.h"
#include "fs-util.h" #include "fs-util.h"
#include "glob-util.h"
#include "journal-internal.h" #include "journal-internal.h"
#include "journal-util.h" #include "journal-util.h"
#include "log.h" #include "log.h"
@ -44,6 +45,7 @@ static usec_t arg_since = USEC_INFINITY, arg_until = USEC_INFINITY;
static const char* arg_field = NULL; static const char* arg_field = NULL;
static const char *arg_debugger = NULL; static const char *arg_debugger = NULL;
static const char *arg_directory = NULL; static const char *arg_directory = NULL;
static char **arg_file = NULL;
static PagerFlags arg_pager_flags = 0; static PagerFlags arg_pager_flags = 0;
static int arg_no_legend = false; static int arg_no_legend = false;
static int arg_one = false; static int arg_one = false;
@ -51,6 +53,8 @@ static const char* arg_output = NULL;
static bool arg_reverse = false; static bool arg_reverse = false;
static bool arg_quiet = false; static bool arg_quiet = false;
STATIC_DESTRUCTOR_REGISTER(arg_file, strv_freep);
static int add_match(sd_journal *j, const char *match) { static int add_match(sd_journal *j, const char *match) {
_cleanup_free_ char *p = NULL; _cleanup_free_ char *p = NULL;
const char* prefix, *pattern; const char* prefix, *pattern;
@ -111,6 +115,10 @@ static int acquire_journal(sd_journal **ret, char **matches) {
r = sd_journal_open_directory(&j, arg_directory, 0); r = sd_journal_open_directory(&j, arg_directory, 0);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to open journals in directory: %s: %m", arg_directory); return log_error_errno(r, "Failed to open journals in directory: %s: %m", arg_directory);
} else if (arg_file) {
r = sd_journal_open_files(&j, (const char**)arg_file, 0);
if (r < 0)
return log_error_errno(r, "Failed to open journal files: %m");
} else { } else {
r = sd_journal_open(&j, SD_JOURNAL_LOCAL_ONLY); r = sd_journal_open(&j, SD_JOURNAL_LOCAL_ONLY);
if (r < 0) if (r < 0)
@ -164,6 +172,7 @@ static int help(void) {
" -r --reverse Show the newest entries first\n" " -r --reverse Show the newest entries first\n"
" -F --field=FIELD List all values a certain field takes\n" " -F --field=FIELD List all values a certain field takes\n"
" -o --output=FILE Write output to FILE\n" " -o --output=FILE Write output to FILE\n"
" --file=PATH Use journal file\n"
" -D --directory=DIR Use journal files from directory\n\n" " -D --directory=DIR Use journal files from directory\n\n"
" -q --quiet Do not show info messages and privilege warning\n" " -q --quiet Do not show info messages and privilege warning\n"
"\nSee the %s for details.\n" "\nSee the %s for details.\n"
@ -182,6 +191,7 @@ static int parse_argv(int argc, char *argv[]) {
ARG_NO_PAGER, ARG_NO_PAGER,
ARG_NO_LEGEND, ARG_NO_LEGEND,
ARG_DEBUGGER, ARG_DEBUGGER,
ARG_FILE,
}; };
int c, r; int c, r;
@ -194,6 +204,7 @@ static int parse_argv(int argc, char *argv[]) {
{ "debugger", required_argument, NULL, ARG_DEBUGGER }, { "debugger", required_argument, NULL, ARG_DEBUGGER },
{ "output", required_argument, NULL, 'o' }, { "output", required_argument, NULL, 'o' },
{ "field", required_argument, NULL, 'F' }, { "field", required_argument, NULL, 'F' },
{ "file", required_argument, NULL, ARG_FILE },
{ "directory", required_argument, NULL, 'D' }, { "directory", required_argument, NULL, 'D' },
{ "reverse", no_argument, NULL, 'r' }, { "reverse", no_argument, NULL, 'r' },
{ "since", required_argument, NULL, 'S' }, { "since", required_argument, NULL, 'S' },
@ -225,6 +236,12 @@ static int parse_argv(int argc, char *argv[]) {
arg_debugger = optarg; arg_debugger = optarg;
break; break;
case ARG_FILE:
r = glob_extend(&arg_file, optarg);
if (r < 0)
return log_error_errno(r, "Failed to add paths: %m");
break;
case 'o': case 'o':
if (arg_output) if (arg_output)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
@ -1096,6 +1113,7 @@ static int run(int argc, char *argv[]) {
ansi_highlight_red(), ansi_highlight_red(),
units_active, units_active == 1 ? "unit is running" : "units are running", units_active, units_active == 1 ? "unit is running" : "units are running",
ansi_normal()); ansi_normal());
return r; return r;
} }

2
src/home/home-util.c
View File

@ -17,7 +17,7 @@ bool suitable_user_name(const char *name) {
* restrictive, so that we can change the rules server-side without having to update things * restrictive, so that we can change the rules server-side without having to update things
* client-side too. */ * client-side too. */
if (!valid_user_group_name(name)) if (!valid_user_group_name(name, 0))
return false; return false;
/* We generally rely on NSS to tell us which users not to care for, but let's filter out some /* We generally rely on NSS to tell us which users not to care for, but let's filter out some

6
src/home/homectl.c
View File

@ -540,7 +540,7 @@ static int inspect_home(int argc, char *argv[], void *userdata) {
r = parse_uid(*i, &uid); r = parse_uid(*i, &uid);
if (r < 0) { if (r < 0) {
if (!valid_user_group_name(*i)) { if (!valid_user_group_name(*i, 0)) {
log_error("Invalid user name '%s'.", *i); log_error("Invalid user name '%s'.", *i);
if (ret == 0) if (ret == 0)
ret = -EINVAL; ret = -EINVAL;
@ -1395,7 +1395,7 @@ static int create_home(int argc, char *argv[], void *userdata) {
if (argc >= 2) { if (argc >= 2) {
/* If a username was specified, use it */ /* If a username was specified, use it */
if (valid_user_group_name(argv[1])) if (valid_user_group_name(argv[1], 0))
r = json_variant_set_field_string(&arg_identity_extra, "userName", argv[1]); r = json_variant_set_field_string(&arg_identity_extra, "userName", argv[1]);
else { else {
_cleanup_free_ char *un = NULL, *rr = NULL; _cleanup_free_ char *un = NULL, *rr = NULL;
@ -3357,7 +3357,7 @@ static int parse_argv(int argc, char *argv[]) {
if (r == 0) if (r == 0)
break; break;
if (!valid_user_group_name(word)) if (!valid_user_group_name(word, 0))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid group name %s.", word); return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid group name %s.", word);
mo = json_variant_ref(json_variant_by_key(arg_identity_extra, "memberOf")); mo = json_variant_ref(json_variant_by_key(arg_identity_extra, "memberOf"));

6
src/home/homed-manager-bus.c
View File

@ -81,7 +81,7 @@ static int method_get_home_by_name(
r = sd_bus_message_read(message, "s", &user_name); r = sd_bus_message_read(message, "s", &user_name);
if (r < 0) if (r < 0)
return r; return r;
if (!valid_user_group_name(user_name)) if (!valid_user_group_name(user_name, 0))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "User name %s is not valid", user_name); return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "User name %s is not valid", user_name);
h = hashmap_get(m->homes_by_name, user_name); h = hashmap_get(m->homes_by_name, user_name);
@ -212,7 +212,7 @@ static int method_get_user_record_by_name(
r = sd_bus_message_read(message, "s", &user_name); r = sd_bus_message_read(message, "s", &user_name);
if (r < 0) if (r < 0)
return r; return r;
if (!valid_user_group_name(user_name)) if (!valid_user_group_name(user_name, 0))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "User name %s is not valid", user_name); return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "User name %s is not valid", user_name);
h = hashmap_get(m->homes_by_name, user_name); h = hashmap_get(m->homes_by_name, user_name);
@ -287,7 +287,7 @@ static int generic_home_method(
if (r < 0) if (r < 0)
return r; return r;
if (!valid_user_group_name(user_name)) if (!valid_user_group_name(user_name, 0))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "User name %s is not valid", user_name); return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "User name %s is not valid", user_name);
h = hashmap_get(m->homes_by_name, user_name); h = hashmap_get(m->homes_by_name, user_name);

7
src/home/pam_systemd_home.c
View File

@ -45,9 +45,12 @@ static int parse_argv(
else if (please_suspend) else if (please_suspend)
*please_suspend = k; *please_suspend = k;
} else if (streq(argv[i], "debug")) {
if (debug)
*debug = true;
} else if ((v = startswith(argv[i], "debug="))) { } else if ((v = startswith(argv[i], "debug="))) {
int k; int k;
k = parse_boolean(v); k = parse_boolean(v);
if (k < 0) if (k < 0)
pam_syslog(handle, LOG_WARNING, "Failed to parse debug= argument, ignoring: %s", v); pam_syslog(handle, LOG_WARNING, "Failed to parse debug= argument, ignoring: %s", v);
@ -88,7 +91,7 @@ static int acquire_user_record(
/* Let's bypass all IPC complexity for the two user names we know for sure we don't manage, and for /* Let's bypass all IPC complexity for the two user names we know for sure we don't manage, and for
* user names we don't consider valid. */ * user names we don't consider valid. */
if (STR_IN_SET(username, "root", NOBODY_USER_NAME) || !valid_user_group_name(username)) if (STR_IN_SET(username, "root", NOBODY_USER_NAME) || !valid_user_group_name(username, 0))
return PAM_USER_UNKNOWN; return PAM_USER_UNKNOWN;
/* Let's check if a previous run determined that this user is not managed by homed. If so, let's exit early */ /* Let's check if a previous run determined that this user is not managed by homed. If so, let's exit early */

2
src/journal-remote/journal-remote-main.c
View File

@ -786,7 +786,7 @@ static int help(void) {
" --listen-http=ADDR Listen for HTTP connections at ADDR\n" " --listen-http=ADDR Listen for HTTP connections at ADDR\n"
" --listen-https=ADDR Listen for HTTPS connections at ADDR\n" " --listen-https=ADDR Listen for HTTPS connections at ADDR\n"
" -o --output=FILE|DIR Write output to FILE or DIR/external-*.journal\n" " -o --output=FILE|DIR Write output to FILE or DIR/external-*.journal\n"
" --compress[=BOOL] XZ-compress the output journal (default: yes)\n" " --compress[=BOOL] Use compression in the output journal (default: yes)\n"
" --seal[=BOOL] Use event sealing (default: no)\n" " --seal[=BOOL] Use event sealing (default: no)\n"
" --key=FILENAME SSL key in PEM format (default:\n" " --key=FILENAME SSL key in PEM format (default:\n"
" \"" PRIV_KEY_FILE "\")\n" " \"" PRIV_KEY_FILE "\")\n"

2
src/libsystemd/sd-hwdb/hwdb-util.c
View File

@ -488,7 +488,7 @@ static int import_file(struct trie *trie, const char *filename, uint16_t file_pr
size_t len; size_t len;
char *pos; char *pos;
r = read_line(f, LONG_LINE_MAX, &line); r = read_line_full(f, LONG_LINE_MAX, READ_LINE_NOT_A_TTY, &line);
if (r < 0) if (r < 0)
return r; return r;
if (r == 0) if (r == 0)

7
src/login/logind-dbus.c
View File

@ -3170,6 +3170,12 @@ static int method_set_wall_message(
if (r < 0) if (r < 0)
return r; return r;
/* Short-circuit the operation if the desired state is already in place, to
* avoid an unnecessary polkit permission check. */
if (streq_ptr(m->wall_message, empty_to_null(wall_message)) &&
m->enable_wall_messages == enable_wall_messages)
goto done;
r = bus_verify_polkit_async(message, r = bus_verify_polkit_async(message,
CAP_SYS_ADMIN, CAP_SYS_ADMIN,
"org.freedesktop.login1.set-wall-message", "org.freedesktop.login1.set-wall-message",
@ -3189,6 +3195,7 @@ static int method_set_wall_message(
m->enable_wall_messages = enable_wall_messages; m->enable_wall_messages = enable_wall_messages;
done:
return sd_bus_reply_method_return(message, NULL); return sd_bus_reply_method_return(message, NULL);
} }

26
src/network/netdev/fou-tunnel.c
View File

@ -149,7 +149,10 @@ int config_parse_ip_protocol(
void *data, void *data,
void *userdata) { void *userdata) {
uint8_t *protocol = data; uint8_t *ret = data;
unsigned protocol;
/* linux/fou.h defines the netlink field as one byte, so we need to reject protocols numbers that
* don't fit in one byte. */
int r; int r;
assert(filename); assert(filename);
@ -158,19 +161,26 @@ int config_parse_ip_protocol(
assert(rvalue); assert(rvalue);
assert(data); assert(data);
assert_cc(IPPROTO_MAX-1 <= UINT8_MAX);
r = parse_ip_protocol(rvalue); r = parse_ip_protocol(rvalue);
if (r < 0) { if (r >= 0)
r = safe_atou8(rvalue, protocol); protocol = r;
else {
r = safe_atou(rvalue, &protocol);
if (r < 0) if (r < 0)
log_syntax(unit, LOG_ERR, filename, line, r, log_syntax(unit, LOG_ERR, filename, line, r,
"Failed to parse IP protocol '%s' for Foo over UDP tunnel, " "Failed to parse IP protocol '%s' for FooOverUDP tunnel, "
"ignoring assignment: %m", rvalue); "ignoring assignment: %m", rvalue);
return 0; return 0;
} }
*protocol = r; if (protocol > UINT8_MAX) {
log_syntax(unit, LOG_ERR, filename, line, 0,
"IP protocol '%s' for FooOverUDP tunnel out of range, "
"ignoring assignment: %m", rvalue);
return 0;
}
*ret = protocol;
return 0; return 0;
} }
@ -203,7 +213,7 @@ int config_parse_fou_tunnel_address(
r = in_addr_from_string_auto(rvalue, f, addr); r = in_addr_from_string_auto(rvalue, f, addr);
if (r < 0) if (r < 0)
log_syntax(unit, LOG_ERR, filename, line, r, log_syntax(unit, LOG_ERR, filename, line, r,
"Foo over UDP tunnel '%s' address is invalid, ignoring assignment: %s", "FooOverUDP tunnel '%s' address is invalid, ignoring assignment: %s",
lvalue, rvalue); lvalue, rvalue);
return 0; return 0;

6
src/nss-systemd/nss-systemd.c
View File

@ -95,7 +95,7 @@ enum nss_status _nss_systemd_getpwnam_r(
/* If the username is not valid, then we don't know it. Ideally libc would filter these for us /* If the username is not valid, then we don't know it. Ideally libc would filter these for us
* anyway. We don't generate EINVAL here, because it isn't really out business to complain about * anyway. We don't generate EINVAL here, because it isn't really out business to complain about
* invalid user names. */ * invalid user names. */
if (!valid_user_group_name(name)) if (!valid_user_group_name(name, VALID_USER_RELAX))
return NSS_STATUS_NOTFOUND; return NSS_STATUS_NOTFOUND;
/* Synthesize entries for the root and nobody users, in case they are missing in /etc/passwd */ /* Synthesize entries for the root and nobody users, in case they are missing in /etc/passwd */
@ -192,7 +192,7 @@ enum nss_status _nss_systemd_getgrnam_r(
assert(gr); assert(gr);
assert(errnop); assert(errnop);
if (!valid_user_group_name(name)) if (!valid_user_group_name(name, VALID_USER_RELAX))
return NSS_STATUS_NOTFOUND; return NSS_STATUS_NOTFOUND;
/* Synthesize records for root and nobody, in case they are missing from /etc/group */ /* Synthesize records for root and nobody, in case they are missing from /etc/group */
@ -559,7 +559,7 @@ enum nss_status _nss_systemd_initgroups_dyn(
assert(groupsp); assert(groupsp);
assert(errnop); assert(errnop);
if (!valid_user_group_name(user_name)) if (!valid_user_group_name(user_name, VALID_USER_RELAX))
return NSS_STATUS_NOTFOUND; return NSS_STATUS_NOTFOUND;
/* Don't allow extending these two special users, the same as we won't resolve them via getpwnam() */ /* Don't allow extending these two special users, the same as we won't resolve them via getpwnam() */

9
src/resolve/resolved-etc-hosts.c
View File

@ -37,6 +37,8 @@ void etc_hosts_free(EtcHosts *hosts) {
void manager_etc_hosts_flush(Manager *m) { void manager_etc_hosts_flush(Manager *m) {
etc_hosts_free(&m->etc_hosts); etc_hosts_free(&m->etc_hosts);
m->etc_hosts_mtime = USEC_INFINITY; m->etc_hosts_mtime = USEC_INFINITY;
m->etc_hosts_ino = 0;
m->etc_hosts_dev = 0;
} }
static int parse_line(EtcHosts *hosts, unsigned nr, const char *line) { static int parse_line(EtcHosts *hosts, unsigned nr, const char *line) {
@ -224,8 +226,9 @@ static int manager_etc_hosts_read(Manager *m) {
return 0; return 0;
} }
/* Did the mtime change? If not, there's no point in re-reading the file. */ /* Did the mtime or ino/dev change? If not, there's no point in re-reading the file. */
if (timespec_load(&st.st_mtim) == m->etc_hosts_mtime) if (timespec_load(&st.st_mtim) == m->etc_hosts_mtime &&
st.st_ino == m->etc_hosts_ino && st.st_dev == m->etc_hosts_dev)
return 0; return 0;
} }
@ -249,6 +252,8 @@ static int manager_etc_hosts_read(Manager *m) {
return r; return r;
m->etc_hosts_mtime = timespec_load(&st.st_mtim); m->etc_hosts_mtime = timespec_load(&st.st_mtim);
m->etc_hosts_ino = st.st_ino;
m->etc_hosts_dev = st.st_dev;
m->etc_hosts_last = ts; m->etc_hosts_last = ts;
return 1; return 1;

2
src/resolve/resolved-manager.c
View File

@ -591,6 +591,8 @@ int manager_new(Manager **ret) {
.need_builtin_fallbacks = true, .need_builtin_fallbacks = true,
.etc_hosts_last = USEC_INFINITY, .etc_hosts_last = USEC_INFINITY,
.etc_hosts_mtime = USEC_INFINITY, .etc_hosts_mtime = USEC_INFINITY,
.etc_hosts_ino = 0,
.etc_hosts_dev = 0,
.read_etc_hosts = true, .read_etc_hosts = true,
}; };

2
src/resolve/resolved-manager.h
View File

@ -127,6 +127,8 @@ struct Manager {
/* Data from /etc/hosts */ /* Data from /etc/hosts */
EtcHosts etc_hosts; EtcHosts etc_hosts;
usec_t etc_hosts_last, etc_hosts_mtime; usec_t etc_hosts_last, etc_hosts_mtime;
ino_t etc_hosts_ino;
dev_t etc_hosts_dev;
bool read_etc_hosts; bool read_etc_hosts;
/* Local DNS stub on 127.0.0.53:53 */ /* Local DNS stub on 127.0.0.53:53 */

42
src/resolve/resolved-resolv-conf.c
View File

@ -283,9 +283,9 @@ static int write_uplink_resolv_conf_contents(FILE *f, OrderedSet *dns, OrderedSe
"# This is a dynamic resolv.conf file for connecting local clients directly to\n" "# This is a dynamic resolv.conf file for connecting local clients directly to\n"
"# all known uplink DNS servers. This file lists all configured search domains.\n" "# all known uplink DNS servers. This file lists all configured search domains.\n"
"#\n" "#\n"
"# Third party programs must not access this file directly, but only through the\n" "# Third party programs should typically not access this file directly, but only\n"
"# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,\n" "# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a\n"
"# replace this symlink by a static file or a different symlink.\n" "# different way, replace this symlink by a static file or a different symlink.\n"
"#\n" "#\n"
"# See man:systemd-resolved.service(8) for details about the supported modes of\n" "# See man:systemd-resolved.service(8) for details about the supported modes of\n"
"# operation for /etc/resolv.conf.\n" "# operation for /etc/resolv.conf.\n"
@ -308,24 +308,24 @@ static int write_uplink_resolv_conf_contents(FILE *f, OrderedSet *dns, OrderedSe
} }
static int write_stub_resolv_conf_contents(FILE *f, OrderedSet *dns, OrderedSet *domains) { static int write_stub_resolv_conf_contents(FILE *f, OrderedSet *dns, OrderedSet *domains) {
fputs_unlocked("# This file is managed by man:systemd-resolved(8). Do not edit.\n" fputs("# This file is managed by man:systemd-resolved(8). Do not edit.\n"
"#\n" "#\n"
"# This is a dynamic resolv.conf file for connecting local clients to the\n" "# This is a dynamic resolv.conf file for connecting local clients to the\n"
"# internal DNS stub resolver of systemd-resolved. This file lists all\n" "# internal DNS stub resolver of systemd-resolved. This file lists all\n"
"# configured search domains.\n" "# configured search domains.\n"
"#\n" "#\n"
"# Run \"resolvectl status\" to see details about the uplink DNS servers\n" "# Run \"resolvectl status\" to see details about the uplink DNS servers\n"
"# currently in use.\n" "# currently in use.\n"
"#\n" "#\n"
"# Third party programs must not access this file directly, but only through the\n" "# Third party programs should typically not access this file directly, but only\n"
"# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,\n" "# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a\n"
"# replace this symlink by a static file or a different symlink.\n" "# different way, replace this symlink by a static file or a different symlink.\n"
"#\n" "#\n"
"# See man:systemd-resolved.service(8) for details about the supported modes of\n" "# See man:systemd-resolved.service(8) for details about the supported modes of\n"
"# operation for /etc/resolv.conf.\n" "# operation for /etc/resolv.conf.\n"
"\n" "\n"
"nameserver 127.0.0.53\n" "nameserver 127.0.0.53\n"
"options edns0\n", f); "options edns0\n", f);
if (!ordered_set_isempty(domains)) if (!ordered_set_isempty(domains))
write_resolv_conf_search(domains, f); write_resolv_conf_search(domains, f);

6
src/shared/conf-parser.c
View File

@ -294,7 +294,7 @@ int config_parse(const char *unit,
_cleanup_fclose_ FILE *ours = NULL; _cleanup_fclose_ FILE *ours = NULL;
unsigned line = 0, section_line = 0; unsigned line = 0, section_line = 0;
bool section_ignored = false, bom_seen = false; bool section_ignored = false, bom_seen = false;
int r; int r, fd;
assert(filename); assert(filename);
assert(lookup); assert(lookup);
@ -311,7 +311,9 @@ int config_parse(const char *unit,
} }
} }
fd_warn_permissions(filename, fileno(f)); fd = fileno(f);
if (fd >= 0) /* stream might not have an fd, let's be careful hence */
fd_warn_permissions(filename, fd);
for (;;) { for (;;) {
_cleanup_free_ char *buf = NULL; _cleanup_free_ char *buf = NULL;

4
src/shared/dissect-image.c
View File

@ -1188,6 +1188,8 @@ static int decrypt_partition(
if (r < 0) if (r < 0)
return log_debug_errno(r, "Failed to initialize dm-crypt: %m"); return log_debug_errno(r, "Failed to initialize dm-crypt: %m");
crypt_set_log_callback(cd, cryptsetup_log_glue, NULL);
r = crypt_load(cd, CRYPT_LUKS, NULL); r = crypt_load(cd, CRYPT_LUKS, NULL);
if (r < 0) if (r < 0)
return log_debug_errno(r, "Failed to load LUKS metadata: %m"); return log_debug_errno(r, "Failed to load LUKS metadata: %m");
@ -1246,6 +1248,8 @@ static int verity_partition(
if (r < 0) if (r < 0)
return r; return r;
crypt_set_log_callback(cd, cryptsetup_log_glue, NULL);
r = crypt_load(cd, CRYPT_VERITY, NULL); r = crypt_load(cd, CRYPT_VERITY, NULL);
if (r < 0) if (r < 0)
return r; return r;

10
src/shared/group-record.c
View File

@ -86,8 +86,8 @@ static int dispatch_per_machine(const char *name, JsonVariant *variant, JsonDisp
{ "matchMachineId", _JSON_VARIANT_TYPE_INVALID, NULL, 0, 0 }, { "matchMachineId", _JSON_VARIANT_TYPE_INVALID, NULL, 0, 0 },
{ "matchHostname", _JSON_VARIANT_TYPE_INVALID, NULL, 0, 0 }, { "matchHostname", _JSON_VARIANT_TYPE_INVALID, NULL, 0, 0 },
{ "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(GroupRecord, gid), 0 }, { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(GroupRecord, gid), 0 },
{ "members", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(GroupRecord, members), 0 }, { "members", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(GroupRecord, members), JSON_RELAX},
{ "administrators", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(GroupRecord, administrators), 0 }, { "administrators", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(GroupRecord, administrators), JSON_RELAX},
{}, {},
}; };
@ -190,14 +190,14 @@ int group_record_load(
UserRecordLoadFlags load_flags) { UserRecordLoadFlags load_flags) {
static const JsonDispatch group_dispatch_table[] = { static const JsonDispatch group_dispatch_table[] = {
{ "groupName", JSON_VARIANT_STRING, json_dispatch_user_group_name, offsetof(GroupRecord, group_name), 0 }, { "groupName", JSON_VARIANT_STRING, json_dispatch_user_group_name, offsetof(GroupRecord, group_name), JSON_RELAX},
{ "realm", JSON_VARIANT_STRING, json_dispatch_realm, offsetof(GroupRecord, realm), 0 }, { "realm", JSON_VARIANT_STRING, json_dispatch_realm, offsetof(GroupRecord, realm), 0 },
{ "disposition", JSON_VARIANT_STRING, json_dispatch_user_disposition, offsetof(GroupRecord, disposition), 0 }, { "disposition", JSON_VARIANT_STRING, json_dispatch_user_disposition, offsetof(GroupRecord, disposition), 0 },
{ "service", JSON_VARIANT_STRING, json_dispatch_string, offsetof(GroupRecord, service), JSON_SAFE }, { "service", JSON_VARIANT_STRING, json_dispatch_string, offsetof(GroupRecord, service), JSON_SAFE },
{ "lastChangeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(GroupRecord, last_change_usec), 0 }, { "lastChangeUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(GroupRecord, last_change_usec), 0 },
{ "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(GroupRecord, gid), 0 }, { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(GroupRecord, gid), 0 },
{ "members", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(GroupRecord, members), 0 }, { "members", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(GroupRecord, members), JSON_RELAX},
{ "administrators", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(GroupRecord, administrators), 0 }, { "administrators", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(GroupRecord, administrators), JSON_RELAX},
{ "privileged", JSON_VARIANT_OBJECT, dispatch_privileged, 0, 0 }, { "privileged", JSON_VARIANT_OBJECT, dispatch_privileged, 0, 0 },

2
src/shared/json.c
View File

@ -4107,7 +4107,7 @@ int json_dispatch_user_group_name(const char *name, JsonVariant *variant, JsonDi
return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name)); return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a string.", strna(name));
n = json_variant_string(variant); n = json_variant_string(variant);
if (!valid_user_group_name_compat(n)) if (!valid_user_group_name(n, FLAGS_SET(flags, JSON_RELAX) ? VALID_USER_RELAX : 0))
return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid user/group name.", strna(name)); return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid user/group name.", strna(name));
r = free_and_strdup(s, n); r = free_and_strdup(s, n);

1
src/shared/json.h
View File

@ -255,6 +255,7 @@ typedef enum JsonDispatchFlags {
JSON_MANDATORY = 1 << 1, /* Should existence of this property be mandatory? */ JSON_MANDATORY = 1 << 1, /* Should existence of this property be mandatory? */
JSON_LOG = 1 << 2, /* Should the parser log about errors? */ JSON_LOG = 1 << 2, /* Should the parser log about errors? */
JSON_SAFE = 1 << 3, /* Don't accept "unsafe" strings in json_dispatch_string() + json_dispatch_string() */ JSON_SAFE = 1 << 3, /* Don't accept "unsafe" strings in json_dispatch_string() + json_dispatch_string() */
JSON_RELAX = 1 << 4, /* Use relaxed user name checking in json_dispatch_user_group_name */
/* The following two may be passed into log_json() in addition to the three above */ /* The following two may be passed into log_json() in addition to the three above */
JSON_DEBUG = 1 << 4, /* Indicates that this log message is a debug message */ JSON_DEBUG = 1 << 4, /* Indicates that this log message is a debug message */

2
src/shared/sleep-config.c
View File

@ -223,7 +223,7 @@ static int calculate_swap_file_offset(const SwapEntry *swap, uint64_t *ret_offse
fd = open(swap->device, O_RDONLY|O_CLOEXEC|O_NOCTTY); fd = open(swap->device, O_RDONLY|O_CLOEXEC|O_NOCTTY);
if (fd < 0) if (fd < 0)
return log_error_errno(errno, "Failed to open %s: %m", swap->device); return log_error_errno(errno, "Failed to open swap file %s to determine on-disk offset: %m", swap->device);
if (fstat(fd, &sb) < 0) if (fstat(fd, &sb) < 0)
return log_error_errno(errno, "Failed to stat %s: %m", swap->device); return log_error_errno(errno, "Failed to stat %s: %m", swap->device);

8
src/shared/user-record.c
View File

@ -600,7 +600,7 @@ int json_dispatch_user_group_list(const char *name, JsonVariant *variant, JsonDi
if (!json_variant_is_string(e)) if (!json_variant_is_string(e))
return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string."); return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a string.");
if (!valid_user_group_name_compat(json_variant_string(e))) if (!valid_user_group_name(json_variant_string(e), FLAGS_SET(flags, JSON_RELAX) ? VALID_USER_RELAX : 0))
return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a valid user/group name: %s", json_variant_string(e)); return json_log(e, flags, SYNTHETIC_ERRNO(EINVAL), "JSON array element is not a valid user/group name: %s", json_variant_string(e));
r = strv_extend(&l, json_variant_string(e)); r = strv_extend(&l, json_variant_string(e));
@ -938,7 +938,7 @@ static int dispatch_per_machine(const char *name, JsonVariant *variant, JsonDisp
{ "imagePath", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, image_path), 0 }, { "imagePath", JSON_VARIANT_STRING, json_dispatch_path, offsetof(UserRecord, image_path), 0 },
{ "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 }, { "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 },
{ "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 }, { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 },
{ "memberOf", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(UserRecord, member_of), 0 }, { "memberOf", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(UserRecord, member_of), JSON_RELAX},
{ "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE }, { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
{ "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 }, { "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 },
{ "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 }, { "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 },
@ -1231,7 +1231,7 @@ int user_group_record_mangle(
int user_record_load(UserRecord *h, JsonVariant *v, UserRecordLoadFlags load_flags) { int user_record_load(UserRecord *h, JsonVariant *v, UserRecordLoadFlags load_flags) {
static const JsonDispatch user_dispatch_table[] = { static const JsonDispatch user_dispatch_table[] = {
{ "userName", JSON_VARIANT_STRING, json_dispatch_user_group_name, offsetof(UserRecord, user_name), 0 }, { "userName", JSON_VARIANT_STRING, json_dispatch_user_group_name, offsetof(UserRecord, user_name), JSON_RELAX},
{ "realm", JSON_VARIANT_STRING, json_dispatch_realm, offsetof(UserRecord, realm), 0 }, { "realm", JSON_VARIANT_STRING, json_dispatch_realm, offsetof(UserRecord, realm), 0 },
{ "realName", JSON_VARIANT_STRING, json_dispatch_gecos, offsetof(UserRecord, real_name), 0 }, { "realName", JSON_VARIANT_STRING, json_dispatch_gecos, offsetof(UserRecord, real_name), 0 },
{ "emailAddress", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, email_address), JSON_SAFE }, { "emailAddress", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, email_address), JSON_SAFE },
@ -1270,7 +1270,7 @@ int user_record_load(UserRecord *h, JsonVariant *v, UserRecordLoadFlags load_fla
{ "homeDirectory", JSON_VARIANT_STRING, json_dispatch_home_directory, offsetof(UserRecord, home_directory), 0 }, { "homeDirectory", JSON_VARIANT_STRING, json_dispatch_home_directory, offsetof(UserRecord, home_directory), 0 },
{ "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 }, { "uid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, uid), 0 },
{ "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 }, { "gid", JSON_VARIANT_UNSIGNED, json_dispatch_uid_gid, offsetof(UserRecord, gid), 0 },
{ "memberOf", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(UserRecord, member_of), 0 }, { "memberOf", JSON_VARIANT_ARRAY, json_dispatch_user_group_list, offsetof(UserRecord, member_of), JSON_RELAX},
{ "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE }, { "fileSystemType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, file_system_type), JSON_SAFE },
{ "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 }, { "partitionUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, partition_uuid), 0 },
{ "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 }, { "luksUuid", JSON_VARIANT_STRING, json_dispatch_id128, offsetof(UserRecord, luks_uuid), 0 },

8
src/shared/userdb.c
View File

@ -587,7 +587,7 @@ int userdb_by_name(const char *name, UserDBFlags flags, UserRecord **ret) {
_cleanup_(json_variant_unrefp) JsonVariant *query = NULL; _cleanup_(json_variant_unrefp) JsonVariant *query = NULL;
int r; int r;
if (!valid_user_group_name_compat(name)) if (!valid_user_group_name(name, VALID_USER_RELAX))
return -EINVAL; return -EINVAL;
r = json_build(&query, JSON_BUILD_OBJECT( r = json_build(&query, JSON_BUILD_OBJECT(
@ -795,7 +795,7 @@ int groupdb_by_name(const char *name, UserDBFlags flags, GroupRecord **ret) {
_cleanup_(json_variant_unrefp) JsonVariant *query = NULL; _cleanup_(json_variant_unrefp) JsonVariant *query = NULL;
int r; int r;
if (!valid_user_group_name_compat(name)) if (!valid_user_group_name(name, VALID_USER_RELAX))
return -EINVAL; return -EINVAL;
r = json_build(&query, JSON_BUILD_OBJECT( r = json_build(&query, JSON_BUILD_OBJECT(
@ -982,7 +982,7 @@ int membershipdb_by_user(const char *name, UserDBFlags flags, UserDBIterator **r
assert(ret); assert(ret);
if (!valid_user_group_name_compat(name)) if (!valid_user_group_name(name, VALID_USER_RELAX))
return -EINVAL; return -EINVAL;
r = json_build(&query, JSON_BUILD_OBJECT( r = json_build(&query, JSON_BUILD_OBJECT(
@ -1025,7 +1025,7 @@ int membershipdb_by_group(const char *name, UserDBFlags flags, UserDBIterator **
assert(ret); assert(ret);
if (!valid_user_group_name_compat(name)) if (!valid_user_group_name(name, VALID_USER_RELAX))
return -EINVAL; return -EINVAL;
r = json_build(&query, JSON_BUILD_OBJECT( r = json_build(&query, JSON_BUILD_OBJECT(

3
src/systemd/sd-messages.h
View File

@ -158,6 +158,9 @@ _SD_BEGIN_DECLARATIONS;
#define SD_MESSAGE_DNSSEC_DOWNGRADE SD_ID128_MAKE(36,db,2d,fa,5a,90,45,e1,bd,4a,f5,f9,3e,1c,f0,57) #define SD_MESSAGE_DNSSEC_DOWNGRADE SD_ID128_MAKE(36,db,2d,fa,5a,90,45,e1,bd,4a,f5,f9,3e,1c,f0,57)
#define SD_MESSAGE_DNSSEC_DOWNGRADE_STR SD_ID128_MAKE_STR(36,db,2d,fa,5a,90,45,e1,bd,4a,f5,f9,3e,1c,f0,57) #define SD_MESSAGE_DNSSEC_DOWNGRADE_STR SD_ID128_MAKE_STR(36,db,2d,fa,5a,90,45,e1,bd,4a,f5,f9,3e,1c,f0,57)
#define SD_MESSAGE_UNSAFE_USER_NAME SD_ID128_MAKE(b6,1f,da,c6,12,e9,4b,91,82,28,5b,99,88,43,06,1f)
#define SD_MESSAGE_UNSAFE_USER_NAME_STR SD_ID128_MAKE_STR(b6,1f,da,c6,12,e9,4b,91,82,28,5b,99,88,43,06,1f)
_SD_END_DECLARATIONS; _SD_END_DECLARATIONS;
#endif #endif

6
src/sysusers/sysusers.c
View File

@ -1445,7 +1445,7 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) {
if (r < 0) if (r < 0)
log_error_errno(r, "[%s:%u] Failed to replace specifiers: %s", fname, line, name); log_error_errno(r, "[%s:%u] Failed to replace specifiers: %s", fname, line, name);
if (!valid_user_group_name(resolved_name)) if (!valid_user_group_name(resolved_name, 0))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"[%s:%u] '%s' is not a valid user or group name.", "[%s:%u] '%s' is not a valid user or group name.",
fname, line, resolved_name); fname, line, resolved_name);
@ -1548,7 +1548,7 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) {
"[%s:%u] Lines of type 'm' require a group name in the third field.", "[%s:%u] Lines of type 'm' require a group name in the third field.",
fname, line); fname, line);
if (!valid_user_group_name(resolved_id)) if (!valid_user_group_name(resolved_id, 0))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"[%s:%u] '%s' is not a valid user or group name.", "[%s:%u] '%s' is not a valid user or group name.",
fname, line, resolved_id); fname, line, resolved_id);
@ -1589,7 +1589,7 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) {
if (split_pair(resolved_id, ":", &uid, &gid) == 0) { if (split_pair(resolved_id, ":", &uid, &gid) == 0) {
r = parse_gid(gid, &i->gid); r = parse_gid(gid, &i->gid);
if (r < 0) { if (r < 0) {
if (valid_user_group_name(gid)) if (valid_user_group_name(gid, 0))
i->group_name = TAKE_PTR(gid); i->group_name = TAKE_PTR(gid);
else else
return log_error_errno(r, "Failed to parse GID: '%s': %m", id); return log_error_errno(r, "Failed to parse GID: '%s': %m", id);

4
src/test/meson.build
View File

@ -1123,6 +1123,10 @@ tests += [
[], [],
[]], []],
[['src/analyze/test-verify.c', 'src/analyze/analyze-verify.c', 'src/analyze/analyze-verify.h'],
[libcore, libshared],
[]],
[['src/login/test-inhibit.c'], [['src/login/test-inhibit.c'],
[], [],
[], [],

6
src/test/test-strv.c
View File

@ -307,6 +307,12 @@ static void test_strv_split(void) {
l = strv_split_full(" 'one' \" two\t three \"' four five", NULL, SPLIT_QUOTES | SPLIT_RELAX); l = strv_split_full(" 'one' \" two\t three \"' four five", NULL, SPLIT_QUOTES | SPLIT_RELAX);
assert_se(l); assert_se(l);
assert_se(strv_equal(l, (char**) input_table_quoted)); assert_se(strv_equal(l, (char**) input_table_quoted));
strv_free_erase(l);
l = strv_split_full("\\", NULL, SPLIT_QUOTES | SPLIT_RELAX);
assert_se(l);
assert_se(strv_equal(l, STRV_MAKE("\\")));
} }
static void test_strv_split_empty(void) { static void test_strv_split_empty(void) {

255
src/test/test-user-util.c
View File

@ -63,144 +63,163 @@ static void test_uid_ptr(void) {
assert_se(PTR_TO_UID(UID_TO_PTR(1000)) == 1000); assert_se(PTR_TO_UID(UID_TO_PTR(1000)) == 1000);
} }
static void test_valid_user_group_name_compat(void) { static void test_valid_user_group_name_relaxed(void) {
log_info("/* %s */", __func__); log_info("/* %s */", __func__);
assert_se(!valid_user_group_name_compat(NULL)); assert_se(!valid_user_group_name(NULL, VALID_USER_RELAX));
assert_se(!valid_user_group_name_compat("")); assert_se(!valid_user_group_name("", VALID_USER_RELAX));
assert_se(!valid_user_group_name_compat("1")); assert_se(!valid_user_group_name("1", VALID_USER_RELAX));
assert_se(!valid_user_group_name_compat("65535")); assert_se(!valid_user_group_name("65535", VALID_USER_RELAX));
assert_se(!valid_user_group_name_compat("-1")); assert_se(!valid_user_group_name("-1", VALID_USER_RELAX));
assert_se(!valid_user_group_name_compat("-kkk")); assert_se(!valid_user_group_name("foo\nbar", VALID_USER_RELAX));
assert_se(!valid_user_group_name_compat("rööt")); assert_se(!valid_user_group_name("0123456789012345678901234567890123456789", VALID_USER_RELAX));
assert_se(!valid_user_group_name_compat(".")); assert_se(!valid_user_group_name("aaa:bbb", VALID_USER_RELAX|VALID_USER_ALLOW_NUMERIC));
assert_se(!valid_user_group_name_compat(".eff")); assert_se(!valid_user_group_name(".aaa:bbb", VALID_USER_RELAX|VALID_USER_ALLOW_NUMERIC));
assert_se(!valid_user_group_name_compat("foo\nbar")); assert_se(!valid_user_group_name(".", VALID_USER_RELAX));
assert_se(!valid_user_group_name_compat("0123456789012345678901234567890123456789")); assert_se(!valid_user_group_name("..", VALID_USER_RELAX));
assert_se(!valid_user_group_name_or_id_compat("aaa:bbb"));
assert_se(!valid_user_group_name_compat("."));
assert_se(!valid_user_group_name_compat(".1"));
assert_se(!valid_user_group_name_compat(".65535"));
assert_se(!valid_user_group_name_compat(".-1"));
assert_se(!valid_user_group_name_compat(".-kkk"));
assert_se(!valid_user_group_name_compat(".rööt"));
assert_se(!valid_user_group_name_or_id_compat(".aaa:bbb"));
assert_se(valid_user_group_name_compat("root")); assert_se(valid_user_group_name("root", VALID_USER_RELAX));
assert_se(valid_user_group_name_compat("lennart")); assert_se(valid_user_group_name("lennart", VALID_USER_RELAX));
assert_se(valid_user_group_name_compat("LENNART")); assert_se(valid_user_group_name("LENNART", VALID_USER_RELAX));
assert_se(valid_user_group_name_compat("_kkk")); assert_se(valid_user_group_name("_kkk", VALID_USER_RELAX));
assert_se(valid_user_group_name_compat("kkk-")); assert_se(valid_user_group_name("kkk-", VALID_USER_RELAX));
assert_se(valid_user_group_name_compat("kk-k")); assert_se(valid_user_group_name("kk-k", VALID_USER_RELAX));
assert_se(valid_user_group_name_compat("eff.eff")); assert_se(valid_user_group_name("eff.eff", VALID_USER_RELAX));
assert_se(valid_user_group_name_compat("eff.")); assert_se(valid_user_group_name("eff.", VALID_USER_RELAX));
assert_se(valid_user_group_name("-kkk", VALID_USER_RELAX));
assert_se(valid_user_group_name("rööt", VALID_USER_RELAX));
assert_se(valid_user_group_name(".eff", VALID_USER_RELAX));
assert_se(valid_user_group_name(".1", VALID_USER_RELAX));
assert_se(valid_user_group_name(".65535", VALID_USER_RELAX));
assert_se(valid_user_group_name(".-1", VALID_USER_RELAX));
assert_se(valid_user_group_name(".-kkk", VALID_USER_RELAX));
assert_se(valid_user_group_name(".rööt", VALID_USER_RELAX));
assert_se(valid_user_group_name("...", VALID_USER_RELAX));
assert_se(valid_user_group_name_compat("some5")); assert_se(valid_user_group_name("some5", VALID_USER_RELAX));
assert_se(valid_user_group_name_compat("5some")); assert_se(valid_user_group_name("5some", VALID_USER_RELAX));
assert_se(valid_user_group_name_compat("INNER5NUMBER")); assert_se(valid_user_group_name("INNER5NUMBER", VALID_USER_RELAX));
assert_se(valid_user_group_name("piff.paff@ad.domain.example", VALID_USER_RELAX));
assert_se(valid_user_group_name("Dāvis", VALID_USER_RELAX));
} }
static void test_valid_user_group_name(void) { static void test_valid_user_group_name(void) {
log_info("/* %s */", __func__); log_info("/* %s */", __func__);
assert_se(!valid_user_group_name(NULL)); assert_se(!valid_user_group_name(NULL, 0));
assert_se(!valid_user_group_name("")); assert_se(!valid_user_group_name("", 0));
assert_se(!valid_user_group_name("1")); assert_se(!valid_user_group_name("1", 0));
assert_se(!valid_user_group_name("65535")); assert_se(!valid_user_group_name("65535", 0));
assert_se(!valid_user_group_name("-1")); assert_se(!valid_user_group_name("-1", 0));
assert_se(!valid_user_group_name("-kkk")); assert_se(!valid_user_group_name("-kkk", 0));
assert_se(!valid_user_group_name("rööt")); assert_se(!valid_user_group_name("rööt", 0));
assert_se(!valid_user_group_name(".")); assert_se(!valid_user_group_name(".", 0));
assert_se(!valid_user_group_name(".eff")); assert_se(!valid_user_group_name(".eff", 0));
assert_se(!valid_user_group_name("foo\nbar")); assert_se(!valid_user_group_name("foo\nbar", 0));
assert_se(!valid_user_group_name("0123456789012345678901234567890123456789")); assert_se(!valid_user_group_name("0123456789012345678901234567890123456789", 0));
assert_se(!valid_user_group_name_or_id("aaa:bbb")); assert_se(!valid_user_group_name("aaa:bbb", VALID_USER_ALLOW_NUMERIC));
assert_se(!valid_user_group_name(".")); assert_se(!valid_user_group_name(".", 0));
assert_se(!valid_user_group_name(".1")); assert_se(!valid_user_group_name("..", 0));
assert_se(!valid_user_group_name(".65535")); assert_se(!valid_user_group_name("...", 0));
assert_se(!valid_user_group_name(".-1")); assert_se(!valid_user_group_name(".1", 0));
assert_se(!valid_user_group_name(".-kkk")); assert_se(!valid_user_group_name(".65535", 0));
assert_se(!valid_user_group_name(".rööt")); assert_se(!valid_user_group_name(".-1", 0));
assert_se(!valid_user_group_name_or_id(".aaa:bbb")); assert_se(!valid_user_group_name(".-kkk", 0));
assert_se(!valid_user_group_name(".rööt", 0));
assert_se(!valid_user_group_name(".aaa:bbb", VALID_USER_ALLOW_NUMERIC));
assert_se(valid_user_group_name("root")); assert_se(valid_user_group_name("root", 0));
assert_se(valid_user_group_name("lennart")); assert_se(valid_user_group_name("lennart", 0));
assert_se(valid_user_group_name("LENNART")); assert_se(valid_user_group_name("LENNART", 0));
assert_se(valid_user_group_name("_kkk")); assert_se(valid_user_group_name("_kkk", 0));
assert_se(valid_user_group_name("kkk-")); assert_se(valid_user_group_name("kkk-", 0));
assert_se(valid_user_group_name("kk-k")); assert_se(valid_user_group_name("kk-k", 0));
assert_se(!valid_user_group_name("eff.eff")); assert_se(!valid_user_group_name("eff.eff", 0));
assert_se(!valid_user_group_name("eff.")); assert_se(!valid_user_group_name("eff.", 0));
assert_se(valid_user_group_name("some5")); assert_se(valid_user_group_name("some5", 0));
assert_se(!valid_user_group_name("5some")); assert_se(!valid_user_group_name("5some", 0));
assert_se(valid_user_group_name("INNER5NUMBER")); assert_se(valid_user_group_name("INNER5NUMBER", 0));
assert_se(!valid_user_group_name("piff.paff@ad.domain.example", 0));
assert_se(!valid_user_group_name("Dāvis", 0));
} }
static void test_valid_user_group_name_or_id_compat(void) { static void test_valid_user_group_name_or_numeric_relaxed(void) {
log_info("/* %s */", __func__); log_info("/* %s */", __func__);
assert_se(!valid_user_group_name_or_id_compat(NULL)); assert_se(!valid_user_group_name(NULL, VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(!valid_user_group_name_or_id_compat("")); assert_se(!valid_user_group_name("", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(valid_user_group_name_or_id_compat("0")); assert_se(valid_user_group_name("0", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(valid_user_group_name_or_id_compat("1")); assert_se(valid_user_group_name("1", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(valid_user_group_name_or_id_compat("65534")); assert_se(valid_user_group_name("65534", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(!valid_user_group_name_or_id_compat("65535")); assert_se(!valid_user_group_name("65535", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(valid_user_group_name_or_id_compat("65536")); assert_se(valid_user_group_name("65536", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(!valid_user_group_name_or_id_compat("-1")); assert_se(!valid_user_group_name("-1", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(!valid_user_group_name_or_id_compat("-kkk")); assert_se(!valid_user_group_name("foo\nbar", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(!valid_user_group_name_or_id_compat("rööt")); assert_se(!valid_user_group_name("0123456789012345678901234567890123456789", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(!valid_user_group_name_or_id_compat(".")); assert_se(!valid_user_group_name("aaa:bbb", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(!valid_user_group_name_or_id_compat(".eff")); assert_se(!valid_user_group_name(".", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(valid_user_group_name_or_id_compat("eff.eff")); assert_se(!valid_user_group_name("..", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(valid_user_group_name_or_id_compat("eff."));
assert_se(!valid_user_group_name_or_id_compat("foo\nbar"));
assert_se(!valid_user_group_name_or_id_compat("0123456789012345678901234567890123456789"));
assert_se(!valid_user_group_name_or_id_compat("aaa:bbb"));
assert_se(valid_user_group_name_or_id_compat("root")); assert_se(valid_user_group_name("root", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(valid_user_group_name_or_id_compat("lennart")); assert_se(valid_user_group_name("lennart", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(valid_user_group_name_or_id_compat("LENNART")); assert_se(valid_user_group_name("LENNART", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(valid_user_group_name_or_id_compat("_kkk")); assert_se(valid_user_group_name("_kkk", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(valid_user_group_name_or_id_compat("kkk-")); assert_se(valid_user_group_name("kkk-", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(valid_user_group_name_or_id_compat("kk-k")); assert_se(valid_user_group_name("kk-k", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(valid_user_group_name("-kkk", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(valid_user_group_name("rööt", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(valid_user_group_name(".eff", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(valid_user_group_name("eff.eff", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(valid_user_group_name("eff.", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(valid_user_group_name("...", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(valid_user_group_name_or_id_compat("some5")); assert_se(valid_user_group_name("some5", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(valid_user_group_name_or_id_compat("5some")); assert_se(valid_user_group_name("5some", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(valid_user_group_name_or_id_compat("INNER5NUMBER")); assert_se(valid_user_group_name("INNER5NUMBER", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(valid_user_group_name("piff.paff@ad.domain.example", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
assert_se(valid_user_group_name("Dāvis", VALID_USER_ALLOW_NUMERIC|VALID_USER_RELAX));
} }
static void test_valid_user_group_name_or_id(void) { static void test_valid_user_group_name_or_numeric(void) {
log_info("/* %s */", __func__); log_info("/* %s */", __func__);
assert_se(!valid_user_group_name_or_id(NULL)); assert_se(!valid_user_group_name(NULL, VALID_USER_ALLOW_NUMERIC));
assert_se(!valid_user_group_name_or_id("")); assert_se(!valid_user_group_name("", VALID_USER_ALLOW_NUMERIC));
assert_se(valid_user_group_name_or_id("0")); assert_se(valid_user_group_name("0", VALID_USER_ALLOW_NUMERIC));
assert_se(valid_user_group_name_or_id("1")); assert_se(valid_user_group_name("1", VALID_USER_ALLOW_NUMERIC));
assert_se(valid_user_group_name_or_id("65534")); assert_se(valid_user_group_name("65534", VALID_USER_ALLOW_NUMERIC));
assert_se(!valid_user_group_name_or_id("65535")); assert_se(!valid_user_group_name("65535", VALID_USER_ALLOW_NUMERIC));
assert_se(valid_user_group_name_or_id("65536")); assert_se(valid_user_group_name("65536", VALID_USER_ALLOW_NUMERIC));
assert_se(!valid_user_group_name_or_id("-1")); assert_se(!valid_user_group_name("-1", VALID_USER_ALLOW_NUMERIC));
assert_se(!valid_user_group_name_or_id("-kkk")); assert_se(!valid_user_group_name("-kkk", VALID_USER_ALLOW_NUMERIC));
assert_se(!valid_user_group_name_or_id("rööt")); assert_se(!valid_user_group_name("rööt", VALID_USER_ALLOW_NUMERIC));
assert_se(!valid_user_group_name_or_id(".")); assert_se(!valid_user_group_name(".", VALID_USER_ALLOW_NUMERIC));
assert_se(!valid_user_group_name_or_id(".eff")); assert_se(!valid_user_group_name("..", VALID_USER_ALLOW_NUMERIC));
assert_se(!valid_user_group_name_or_id("eff.eff")); assert_se(!valid_user_group_name("...", VALID_USER_ALLOW_NUMERIC));
assert_se(!valid_user_group_name_or_id("eff.")); assert_se(!valid_user_group_name(".eff", VALID_USER_ALLOW_NUMERIC));
assert_se(!valid_user_group_name_or_id("foo\nbar")); assert_se(!valid_user_group_name("eff.eff", VALID_USER_ALLOW_NUMERIC));
assert_se(!valid_user_group_name_or_id("0123456789012345678901234567890123456789")); assert_se(!valid_user_group_name("eff.", VALID_USER_ALLOW_NUMERIC));
assert_se(!valid_user_group_name_or_id("aaa:bbb")); assert_se(!valid_user_group_name("foo\nbar", VALID_USER_ALLOW_NUMERIC));
assert_se(!valid_user_group_name("0123456789012345678901234567890123456789", VALID_USER_ALLOW_NUMERIC));
assert_se(!valid_user_group_name("aaa:bbb", VALID_USER_ALLOW_NUMERIC));
assert_se(valid_user_group_name_or_id("root")); assert_se(valid_user_group_name("root", VALID_USER_ALLOW_NUMERIC));
assert_se(valid_user_group_name_or_id("lennart")); assert_se(valid_user_group_name("lennart", VALID_USER_ALLOW_NUMERIC));
assert_se(valid_user_group_name_or_id("LENNART")); assert_se(valid_user_group_name("LENNART", VALID_USER_ALLOW_NUMERIC));
assert_se(valid_user_group_name_or_id("_kkk")); assert_se(valid_user_group_name("_kkk", VALID_USER_ALLOW_NUMERIC));
assert_se(valid_user_group_name_or_id("kkk-")); assert_se(valid_user_group_name("kkk-", VALID_USER_ALLOW_NUMERIC));
assert_se(valid_user_group_name_or_id("kk-k")); assert_se(valid_user_group_name("kk-k", VALID_USER_ALLOW_NUMERIC));
assert_se(valid_user_group_name_or_id("some5")); assert_se(valid_user_group_name("some5", VALID_USER_ALLOW_NUMERIC));
assert_se(!valid_user_group_name_or_id("5some")); assert_se(!valid_user_group_name("5some", VALID_USER_ALLOW_NUMERIC));
assert_se(valid_user_group_name_or_id("INNER5NUMBER")); assert_se(valid_user_group_name("INNER5NUMBER", VALID_USER_ALLOW_NUMERIC));
assert_se(!valid_user_group_name("piff.paff@ad.domain.example", VALID_USER_ALLOW_NUMERIC));
assert_se(!valid_user_group_name("Dāvis", VALID_USER_ALLOW_NUMERIC));
} }
static void test_valid_gecos(void) { static void test_valid_gecos(void) {
@ -355,10 +374,10 @@ int main(int argc, char *argv[]) {
test_parse_uid(); test_parse_uid();
test_uid_ptr(); test_uid_ptr();
test_valid_user_group_name_compat(); test_valid_user_group_name_relaxed();
test_valid_user_group_name(); test_valid_user_group_name();
test_valid_user_group_name_or_id_compat(); test_valid_user_group_name_or_numeric_relaxed();
test_valid_user_group_name_or_id(); test_valid_user_group_name_or_numeric();
test_valid_gecos(); test_valid_gecos();
test_valid_home(); test_valid_home();

2
src/udev/net/link-config.c
View File

@ -490,7 +490,7 @@ int link_config_apply(link_config_ctx *ctx, link_config *config,
if (config->alternative_names_policy) if (config->alternative_names_policy)
for (NamePolicy *p = config->alternative_names_policy; *p != _NAMEPOLICY_INVALID; p++) { for (NamePolicy *p = config->alternative_names_policy; *p != _NAMEPOLICY_INVALID; p++) {
const char *n; const char *n = NULL;
switch (*p) { switch (*p) {
case NAMEPOLICY_DATABASE: case NAMEPOLICY_DATABASE:

11
src/userdb/userdbctl.c
View File

@ -541,16 +541,15 @@ static int ssh_authorized_keys(int argc, char *argv[], void *userdata) {
_cleanup_(user_record_unrefp) UserRecord *ur = NULL; _cleanup_(user_record_unrefp) UserRecord *ur = NULL;
int r; int r;
if (!valid_user_group_name(argv[1]))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid user name '%s'.", argv[1]);
r = userdb_by_name(argv[1], arg_userdb_flags, &ur); r = userdb_by_name(argv[1], arg_userdb_flags, &ur);
if (r == -ESRCH) if (r == -ESRCH)
log_error_errno(r, "User %s does not exist.", argv[1]); return log_error_errno(r, "User %s does not exist.", argv[1]);
else if (r == -EHOSTDOWN) else if (r == -EHOSTDOWN)
log_error_errno(r, "Selected user database service is not available for this request."); return log_error_errno(r, "Selected user database service is not available for this request.");
else if (r == -EINVAL)
return log_error_errno(r, "Failed to find user %s: %m (Invalid user name?)", argv[1]);
else if (r < 0) else if (r < 0)
log_error_errno(r, "Failed to find user %s: %m", argv[1]); return log_error_errno(r, "Failed to find user %s: %m", argv[1]);
if (strv_isempty(ur->ssh_authorized_keys)) if (strv_isempty(ur->ssh_authorized_keys))
log_debug("User record for %s has no public SSH keys.", argv[1]); log_debug("User record for %s has no public SSH keys.", argv[1]);

1
test/TEST-47-ISSUE-14566/testsuite.sh
View File

@ -12,6 +12,7 @@ systemctl status issue_14566_test
leaked_pid=$(cat /leakedtestpid) leaked_pid=$(cat /leakedtestpid)
systemctl stop issue_14566_test systemctl stop issue_14566_test
sleep 1
# Leaked PID will still be around if we're buggy. # Leaked PID will still be around if we're buggy.
# I personally prefer to see 42. # I personally prefer to see 42.