systemd - systemd

	Commit message (Collapse)	Author	Age	Files	Lines
*	libcrypt-util: fix wrong errno value assignment	Yu Watanabe	2024-05-10	1	-1/+1
\| \| \| \|	Follow-up for 9de324c3c919f20fd49e1d25579f5a66cac0eaa0.
*	various: use strdup_to() in various obvious cases	Zbigniew Jędrzejewski-Szmek	2024-03-20	1	-7/+2
\| \| \| \| \|	strdup_to() returns 0 on success and here we convert obvious blocks which either return -ENOMEM or 0.
*	Simplify random number selection	Jason A. Donenfeld	2022-05-31	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	We currently have a convoluted and complex selection of which random numbers to use. We can simplify this down to two functions that cover all of our use cases: 1) Randomness for crypto: this one needs to wait until the RNG is initialized. So it uses getrandom(0). If that's not available, it polls on /dev/random, and then reads from /dev/urandom. This function returns whether or not it was successful, as before. 2) Randomness for other things: this one uses getrandom(GRND_INSECURE). If it's not available it uses getrandom(GRND_NONBLOCK). And if that would block, then it falls back to /dev/urandom. And if /dev/urandom isn't available, it uses the fallback code. It never fails and doesn't return a value. These two cases match all the uses of randomness inside of systemd. I would prefer to make both of these return void, and get rid of the fallback code, and simply assert in the incredibly unlikely case that /dev/urandom doesn't exist. But Luca disagrees, so this commit attempts to instead keep case (1) returning a return value, which all the callers already check, and fix the fallback code in (2) to be less bad than before. For the less bad fallback code for (2), we now use auxval and some timestamps, together with various counters representing the invocation, hash it all together and provide the output. Provided that AT_RANDOM is secure, this construction is probably okay too, though notably it doesn't have any forward secrecy. Fortunately, it's only used by random_bytes() and not by crypto_random_bytes().
*	strv: make iterator in STRV_FOREACH() declaread in the loop	Yu Watanabe	2022-03-19	1	-1/+0
\| \| \| \|	This also avoids multiple evaluations in STRV_FOREACH_BACKWARDS()
*	license: LGPL-2.1+ -> LGPL-2.1-or-later	Yu Watanabe	2020-11-09	1	-1/+1
\|
*	libcrypt-util: use build-time check for crypt_preferred_method	Luca Boccassi	2020-09-28	1	-0/+4
\| \| \| \| \| \| \|	After https://github.com/systemd/systemd/pull/16981 only the presence of crypt_gensalt_ra is checked, but there are cases where that function is available but crypt_preferred_method is not, and they are used in the same ifdef. Add a check for the latter as well.
*	shared/libcrypt-util: do not refuse passwords if some other hash is unsupported	Zbigniew Jędrzejewski-Szmek	2020-09-15	1	-2/+6
\|
*	shared/libcrypt-util: add fallback for crypt_ra()	Zbigniew Jędrzejewski-Szmek	2020-09-15	1	-1/+44
\| \| \| \| \|	Following the style in missing_syscall.h, we use a non-conflicting name for the function and use a macro to map to the real name to the replacement.
*	Check for crypt_gensalt_ra() instead of relying on libxcrypt presence	Zbigniew Jędrzejewski-Szmek	2020-09-15	1	-5/+4
\| \| \| \| \| \| \|	Since the loop to check various xcrypt functions is already in place, adding one more is cheap. And it is nicer to check for the function directly. People like to backport things, so we might get lucky even without having libxcrypt.
*	shared/libcrypt-util: include fewer headers	Zbigniew Jędrzejewski-Szmek	2020-09-15	1	-0/+15
\| \| \| \|	Now that we wrap crypt_r/ra uses, we can include the header only in libcrypt-util.c.
*	Make test_password_{one,many} also use crypt_ra()	Zbigniew Jędrzejewski-Szmek	2020-09-15	1	-9/+5
\|
*	Move test_password_{one,many} to libcrypt-util.c	Zbigniew Jędrzejewski-Szmek	2020-09-15	1	-0/+32
\| \| \| \| \|	They are only used under src/home/, but I want to add tests in test-libcrypt-util.c. And the functions are almost trivial, so I think it is OK to move them to shared.
*	shared/libcrypt-util: use libcrypt_ra()	Zbigniew Jędrzejewski-Szmek	2020-09-15	1	-5/+8
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This lets the libc/xcrypt allocate as much storage area as it needs. Should fix #16965: testsuite-46.sh[74]: ==74==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f3e972e1080 at pc 0x7f3e9be8deed bp 0x7ffce4f28530 sp 0x7ffce4f27ce0 testsuite-46.sh[74]: WRITE of size 131232 at 0x7f3e972e1080 thread T0 testsuite-46.sh[74]: #0 0x7f3e9be8deec (/usr/lib/clang/10.0.1/lib/linux/libclang_rt.asan-x86_64.so+0x9feec) testsuite-46.sh[74]: #1 0x559cd05a6412 in user_record_make_hashed_password /systemd-meson-build/../build/src/home/user-record-util.c:818:21 testsuite-46.sh[74]: #2 0x559cd058fb03 in create_home /systemd-meson-build/../build/src/home/homectl.c:1112:29 testsuite-46.sh[74]: #3 0x7f3e9b5b3058 in dispatch_verb /systemd-meson-build/../build/src/shared/verbs.c:103:24 testsuite-46.sh[74]: #4 0x559cd058c101 in run /systemd-meson-build/../build/src/home/homectl.c:3325:16 testsuite-46.sh[74]: #5 0x559cd058c00a in main /systemd-meson-build/../build/src/home/homectl.c:3328:1 testsuite-46.sh[74]: #6 0x7f3e9a88b151 in __libc_start_main (/usr/lib/libc.so.6+0x28151) testsuite-46.sh[74]: #7 0x559cd0583e7d in _start (/usr/bin/homectl+0x24e7d) testsuite-46.sh[74]: Address 0x7f3e972e1080 is located in stack of thread T0 at offset 32896 in frame testsuite-46.sh[74]: #0 0x559cd05a60df in user_record_make_hashed_password /systemd-meson-build/../build/src/home/user-record-util.c:789 testsuite-46.sh[74]: This frame has 6 object(s): testsuite-46.sh[74]: [32, 40) 'priv' (line 790) testsuite-46.sh[74]: [64, 72) 'np' (line 791) testsuite-46.sh[74]: [96, 104) 'salt' (line 809) testsuite-46.sh[74]: [128, 32896) 'cd' (line 810) testsuite-46.sh[74]: [33152, 33168) '.compoundliteral' <== Memory access at offset 32896 partially underflows this variable testsuite-46.sh[74]: [33184, 33192) 'new_array' (line 832) <== Memory access at offset 32896 partially underflows this variable testsuite-46.sh[74]: HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork testsuite-46.sh[74]: (longjmp and C++ exceptions are supported) testsuite-46.sh[74]: SUMMARY: AddressSanitizer: stack-buffer-overflow (/usr/lib/clang/10.0.1/lib/linux/libclang_rt.asan-x86_64.so+0x9feec) It seems 'struct crypt_data' is 32896 bytes, but libclang_rt wants more, at least 33168?
*	Add a helper function that does make_salt+crypt_r	Zbigniew Jędrzejewski-Szmek	2020-09-15	1	-0/+25
\| \| \| \|	No functional change.
*	shared/{user,group}-record-nss: adjust filtering of "valid" passwords	Zbigniew Jędrzejewski-Szmek	2020-08-31	1	-7/+12
\| \| \| \| \| \| \| \| \| \| \| \|	We would reject various passwords that glibc accepts, for example "" or any descrypted password. Accounts with empty password are definitely useful, for example for testing or in scenarios where a password is not needed. Also, using weak encryption methods is probably not a good idea, it's not the job of our nss helpers to decide that: they should just faithfully forward whatever data is there. Also rename the function to make it more obvious that the returned answer is not in any way certain.
*	libcrypt-util: add superficial validator for UNIX hashed password strings	Lennart Poettering	2020-01-15	1	-0/+11
\|
*	shared: split out crypt() specific helpers into its own .c/.h in src/shared/	Lennart Poettering	2020-01-15	1	-0/+75
	This way we can use libxcrypt specific functionality such as crypt_gensalt() and thus take benefit of the newer algorithms libxcrypt implements. (Also adds support for a new env var $SYSTEMD_CRYPT_PREFIX which may be used to select the hash algorithm to use for libxcrypt.) Also, let's move the weird crypt.h inclusion into libcrypt.h so that there's a single place for it.