summaryrefslogtreecommitdiffstats
path: root/src/shared/specifier.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* shared: use strdup_to() in specifier functionsZbigniew Jędrzejewski-Szmek2024-03-201-41/+6
|
* specifier: use mempcpy() where we canLennart Poettering2023-12-181-2/+1
|
* specifier: avoid leaking memory on allocation errorFrantisek Sumsal2023-05-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ==8036==ERROR: LeakSanitizer: detected memory leaks Direct leak of 64 byte(s) in 1 object(s) allocated from: #0 0x4a10bc in __interceptor_realloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:85:3 #1 0x4deef1 in realloc (/build/fuzz-unit-file+0x4deef1) #2 0x7ffa35abfe23 in greedy_realloc /work/build/../../src/systemd/src/basic/alloc-util.c:70:13 #3 0x7ffa35aefad2 in parse_env_file_internal /work/build/../../src/systemd/src/basic/env-file.c:127:38 #4 0x7ffa35af08a6 in parse_env_file_fdv /work/build/../../src/systemd/src/basic/env-file.c:374:13 #5 0x7ffa35b6391e in parse_extension_release_atv /work/build/../../src/systemd/src/basic/os-util.c:323:16 #6 0x7ffa35b63c8a in parse_extension_release_sentinel /work/build/../../src/systemd/src/basic/os-util.c:360:13 #7 0x7ffa35a5e3f5 in parse_os_release_specifier /work/build/../../src/systemd/src/shared/specifier.c:292:13 #8 0x7ffa35a5e3f5 in specifier_os_id /work/build/../../src/systemd/src/shared/specifier.c:303:16 #9 0x7ffa35a5c7f5 in specifier_printf /work/build/../../src/systemd/src/shared/specifier.c:70:45 #10 0x7ffa3690b279 in unit_full_printf_full /work/build/../../src/systemd/src/core/unit-printf.c:264:16 #11 0x7ffa367de795 in config_parse_bus_name /work/build/../../src/systemd/src/core/load-fragment.c:2401:13 #12 0x7ffa358fe5ec in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:151:24 #13 0x7ffa358fe5ec in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:257:16 #14 0x7ffa358fd653 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:400:21 #15 0x4de828 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/core/fuzz-unit-file.c:72:16 #16 0x4df208 in NaloFuzzerTestOneInput (/build/fuzz-unit-file+0x4df208) #17 0x4fe213 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #18 0x4fd9fa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 #19 0x4ff0c9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 #20 0x4ffd95 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 #21 0x4ef0ff in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 #22 0x4ef9c8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 #23 0x4df485 in main (/build/fuzz-unit-file+0x4df485) #24 0x7ffa35232082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) DEDUP_TOKEN: __interceptor_realloc--realloc--greedy_realloc SUMMARY: AddressSanitizer: 64 byte(s) leaked in 1 allocation(s). Found by Nallocfuzz.
* specifier: use _cleanup_David Tardon2023-04-271-5/+4
|
* specifier: always convert missing machine-id file to EUNATCHYu Watanabe2023-04-041-13/+3
| | | | Then, use id128_get_machine().
* chase-symlinks: Rename chase_symlinks() to chase()Daan De Meyer2023-03-241-3/+3
| | | | | | | | | Chasing symlinks is a core function that's used in a lot of places so it deservers a less verbose names so let's rename it to chase() and chaseat(). We also slightly change the pattern used for the chaseat() helpers so we get chase_and_openat() and similar.
* basic: add RuntimeScope enumLennart Poettering2023-03-101-12/+12
| | | | | | | | | | | | In various tools and services we have a per-system and per-user concept. So far we sometimes used a boolean indicating whether we are in system mode, or a reversed boolean indicating whether we are in user mode, or the LookupScope enum used by the lookup path logic. Let's address that, in introduce a common enum for this, we can use all across the board. This is mostly just search/replace, no actual code changes.
* tree-wide: use -EBADF for fd initializationZbigniew Jędrzejewski-Szmek2022-12-191-1/+1
| | | | | | | | | | | | | | | | -1 was used everywhere, but -EBADF or -EBADFD started being used in various places. Let's make things consistent in the new style. Note that there are two candidates: EBADF 9 Bad file descriptor EBADFD 77 File descriptor in bad state Since we're initializating the fd, we're just assigning a value that means "no fd yet", so it's just a bad file descriptor, and the first errno fits better. If instead we had a valid file descriptor that became invalid because of some operation or state change, the other errno would fit better. In some places, initialization is dropped if unnecessary.
* sd-id128: make id128_read() or friends return -ENOPKG when the file contents ↵Yu Watanabe2022-12-121-1/+1
| | | | | | | | | is "uninitialized" Then, this drops ID128_PLAIN_OR_UNINIT. Also, this renames Id128Format -> Id128FormatFlag, and make it bitfield. Fixes #25634.
* shared: Add specifier_uint64()Daan De Meyer2022-09-221-0/+6
|
* shared: Add specifier_id128() and specifier_uuid()Daan De Meyer2022-09-221-14/+26
|
* tree-wide: host_name → hostnameZbigniew Jędrzejewski-Szmek2022-04-111-3/+3
| | | | | We use "hostname" exclusively in docs, and also in a big majority of the code. Let's use the same spelling in remaining places.
* shared/specifier: make sure we set the output variable even for void answersZbigniew Jędrzejewski-Szmek2022-04-111-1/+7
| | | | | | | This doesn't change anything for real uses, because we'd initialize the variable to NULL for _cleanup_ anyway, but let's follow our general pattern of always setting the output on "success". (Even if that success is an empty answer here.)
* Rename UnitFileScope to LookupScopeZbigniew Jędrzejewski-Szmek2022-03-291-13/+13
| | | | | | | | | As suggested in https://github.com/systemd/systemd/pull/22649/commits/8b3ad3983f5440eef812b34e5ed862ca59fdf7f7#r837345892 The define is generalized and moved to path-lookup.h, where it seems to fit better. This allows a recursive include to be removed and in general makes things simpler.
* shared/specifier: fix %u/%U/%g/%G when called as unprivileged userZbigniew Jędrzejewski-Szmek2022-03-291-8/+36
| | | | | | | | | | | | | | | | We would resolve those specifiers to the calling user/group. This is mostly OK when done in the manager, because the manager generally operates as root in system mode, and a non-root in user mode. It would still be wrong if called with --test though. But in systemctl, this would be generally wrong, since we can call 'systemctl --system' as a normal user, either for testing or even for actual operation with '--root=…'. When operating in --global mode, %u/%U/%g/%G should return an error. The information whether we're operating in system mode, user mode, or global mode is passed as the data pointer to specifier_group_name(), specifier_user_name(), specifier_group_id(), specifier_user_id(). We can't use userdata, because it's already used for other things.
* shared/specifier: provide proper error messages when specifiers fail to read ↵Zbigniew Jędrzejewski-Szmek2022-03-291-14/+19
| | | | | | | | | | | | | | | files ENOENT is easily confused with the file that we're working on not being present, e.g. when the file contains %o or something else that requires os-release to be present. Let's use -EUNATCH instead to reduce that chances of confusion if the context of the error is lost. And once we have pinpointed the reason, let's provide a proper error message: + build/systemctl --root=/tmp/systemctl-test.TO7Mcb enable some-some-link6@.socket /tmp/systemctl-test.TO7Mcb/etc/systemd/system/some-some-link6@.socket: Failed to resolve alias "target@A:%A.socket": Protocol driver not attached Failed to enable unit, cannot resolve specifiers in "target@A:%A.socket".
* shared/specifier: clarify and add test for missing dataZbigniew Jędrzejewski-Szmek2022-03-291-1/+3
| | | | | | In systemd.unit we document that unset fields resolve to "". But we didn't directly test this, so let's do that. Also, we return -ENOENT if the file is missing, which we didn't document or test.
* core: introduce %R specifier for pretty hostnameFrantisek Sumsal2022-03-101-0/+15
| | | | Resolves: #20054
* core: be a bit more defensive when resolving specifiersFrantisek Sumsal2022-03-101-0/+39
|
* core: add %y/%Y specifiers for the fragment path of the unitZbigniew Jędrzejewski-Szmek2022-01-211-0/+22
| | | | | | | | | | | | | | | | | | Fixes #6308: people want to be able to link a unit file via 'systemctl enable' from a git checkout or such and refer to other files in the same repo. The new specifiers make that easy. %y/%Y is used because other more obvious choices like %d/%D or %p/%P are not available because at least on of the two letters is already used. The new specifiers are only available in units. Technically it would be trivial to add then in [Install] too, but I don't see how they could be useful, so I didn't do that. I added both %y and %Y because both were requested in the issue, and because I think both could be useful, depending on the case. %Y to refer to other files in the same repo, and %y in the case where a single repo has multiple unit files, and e.g. each unit has some corresponding asset named after the unit file.
* shared/specifier: treat NULL the same as ""Zbigniew Jędrzejewski-Szmek2022-01-201-36/+20
| | | | | | We would busily allocate an empty string to concatenate all of it's zero characters to the output. Let's make things a bit simpler by letting the specifier functions return NULL to mean "nothing to append".
* basic: spit out chase_symlinks() from fs-util.[ch] → chase-symlinks.[ch]Lennart Poettering2021-10-051-0/+1
|
* tree-wide: make specifier expansion --root= awareLennart Poettering2021-06-241-40/+57
| | | | | | | | | | | | | | | | | | | | | | This fixes repart's, systemctl's, sysusers' and tmpfiles' specifier expansion to honour the root dir specified with --root=. This is relevant for specifiers such as %m, %o, … which are directly sourced from files on disk. This doesn't try to be overly smart: specifiers referring to runtime concepts (i.e. boot ID, architecture, hostname) rather than files on the medium are left as is. There's certainly a point to be made that they should fail in case --root= is specified, but I am not entirely convinced about that, and it's certainly something we can look into later if there's reason to. I wondered for a while how to hook this up best, but given that quite a large number of specifiers resolve to data from files on disks, and most of our tools needs this, I ultimately decided to make the root dir a first class parameter to specifier_printf(). Replaces: #16187 Fixes: #16183
* sysusers: add a generic specifier table for common casesLennart Poettering2021-05-261-0/+6
| | | | | | | This moves the definition of the specifier table consisting only of system and /tmp specifiers into generic code so that we can share it. This patch only adds one user of it for now. Follow-up patches will add more.
* alloc-util: simplify GREEDY_REALLOC() logic by relying on malloc_usable_size()Lennart Poettering2021-05-191-12/+5
| | | | | | | | | | | | | | | | | | | | | | | | We recently started making more use of malloc_usable_size() and rely on it (see the string_erase() story). Given that we don't really support sytems where malloc_usable_size() cannot be trusted beyond statistics anyway, let's go fully in and rework GREEDY_REALLOC() on top of it: instead of passing around and maintaining the currenly allocated size everywhere, let's just derive it automatically from malloc_usable_size(). I am mostly after this for the simplicity this brings. It also brings minor efficiency improvements I guess, but things become so much nicer to look at if we can avoid these allocation size variables everywhere. Note that the malloc_usable_size() man page says relying on it wasn't "good programming practice", but I think it does this for reasons that don't apply here: the greedy realloc logic specifically doesn't rely on the returned extra size, beyond the fact that it is equal or larger than what was requested. (This commit was supposed to be a quick patch btw, but apparently we use the greedy realloc stuff quite a bit across the codebase, so this ends up touching *a*lot* of code.)
* tree-wide: refuse too long strings earlier in specifier_printf()Yu Watanabe2021-05-121-3/+10
| | | | | | | | | | | | We usually call specifier_printf() and then check the validity of the result. In many cases, validity checkers, e.g. path_is_valid(), refuse too long strings. This makes specifier_printf() refuse such long results earlier. Moreover, unit_full_string() and description field in sysuser now refuse results longer than LONG_LINE_MAX. config_parse() already refuses the line longer than LONG_LINE_MAX. Hence, it should be ok to set the same value as the maximum length of the resolved string.
* specifier: rename variableYu Watanabe2021-05-121-12/+12
|
* specifier: use SD_ID128_STRING_MAXYu Watanabe2021-05-121-2/+2
|
* shared: add new IMAGE_VERSION=/IMAGE_ID= field to /etc/os-releaseLennart Poettering2021-03-311-0/+8
| | | | | | | | | | | | | | | | | | | | | | This specifes two new optional fields for /etc/os-release: IMAGE_VERSION= and IMAGE_ID= that are supposed to identify the image of the current booted system by name and version. This is inspired by the versioning stuff in https://github.com/systemd/mkosi/pull/683. In environments where pre-built images are installed and updated as a whole the existing os-release version/distro identifier are not sufficient to describe the system's version, as they describe only the distro an image is built from, but not the image itself, even if that image is deployed many times on many systems, and even if that image contains more resources than just the RPMs/DEBs. In particular, "mkosi" is a tool for building disk images based on distro RPMs with additional resources dropped in. The combination of all of these together with their versions should also carry an identifier and version, and that's what IMAGE_VERSION= and IMAGE_ID= is supposed to be.
* basic/os-util: make the sentinel implicitZbigniew Jędrzejewski-Szmek2021-02-221-1/+1
|
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* Add %l as specifier for the hostname without any domain componentZbigniew Jędrzejewski-Szmek2020-05-071-0/+11
| | | | | | | | | As described in #15603, it is a fairly common setup to use a fqdn as the configured hostname. But it is often convenient to use just the actual hostname, i.e. until the first dot. This adds support in tmpfiles, sysusers, and unit files for %l which expands to that. Fixes #15603.
* tree-wide: support a bunch of additional specifiersLennart Poettering2020-04-281-0/+48
|
* tree-wide: drop string.h when string-util.h or friends are includedYu Watanabe2019-11-031-1/+0
|
* headers: remove unneeded includes from util.hZbigniew Jędrzejewski-Szmek2019-03-271-0/+1
| | | | | This means we need to include many more headers in various files that simply included util.h before, but it seems cleaner to do it this way.
* Mark *data and *userdata params to specifier_printf() as constZbigniew Jędrzejewski-Szmek2018-12-121-14/+14
| | | | | | | It would be very wrong if any of the specfier printf calls modified any of the objects or data being printed. Let's mark all arguments as const (primarily to make it easier for the reader to see where modifications cannot occur).
* shared: add %g, %G specifiers for group / gid (#10368)Davide Cavalca2018-10-131-0/+18
|
* tree-wide: drop empty lines in commentsYu Watanabe2018-07-231-1/+0
|
* tree-wide: remove Lennart's copyright linesLennart Poettering2018-06-141-3/+0
| | | | | | | | | | | These lines are generally out-of-date, incomplete and unnecessary. With SPDX and git repository much more accurate and fine grained information about licensing and authorship is available, hence let's drop the per-file copyright notice. Of course, removing copyright lines of others is problematic, hence this commit only removes my own lines and leaves all others untouched. It might be nicer if sooner or later those could go away too, making git the only and accurate source of authorship information.
* tree-wide: drop 'This file is part of systemd' blurbLennart Poettering2018-06-141-2/+0
| | | | | | | | | | | | | | | | This part of the copyright blurb stems from the GPL use recommendations: https://www.gnu.org/licenses/gpl-howto.en.html The concept appears to originate in times where version control was per file, instead of per tree, and was a way to glue the files together. Ultimately, we nowadays don't live in that world anymore, and this information is entirely useless anyway, as people are very welcome to copy these files into any projects they like, and they shouldn't have to change bits that are part of our copyright header for that. hence, let's just get rid of this old cruft, and shorten our codebase a bit.
* core: introduce specifiers for /tmp and /var/tmpLennart Poettering2018-05-291-0/+35
| | | | | | | | | | | This corresponds nicely with the specifiers we already pass for /var/lib, /var/cache, /run and so on. This is particular useful to update the test-path service files to operate without guessable files, thus allowing multiple parallel test-path invocations to pass without issues (the idea is to set $TMPDIR early on in the test to some private directory, and then only use the new %T or %V specifier to refer to it).
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
| | | | | | | | | | Files which are installed as-is (any .service and other unit files, .conf files, .policy files, etc), are left as is. My assumption is that SPDX identifiers are not yet that well known, so it's better to retain the extended header to avoid any doubt. I also kept any copyright lines. We can probably remove them, but it'd nice to obtain explicit acks from all involved authors before doing that.
* shared/specifier: use realloc to free some memory after specifier expansionZbigniew Jędrzejewski-Szmek2018-03-281-2/+9
| | | | | | | | | | | This is a separate commit only because it actually *increases* memory allocations: ==3256== total heap usage: 100,120 allocs, 100,120 frees, 13,097,140 bytes allocated to ==4690== total heap usage: 100,121 allocs, 100,121 frees, 14,198,329 bytes allocated Essentially, we do a little more work to reduce the memory footprint a bit. For a test where we just allocate the memory and drop it soon afterwards, this is not beneficial, but it should still be useful for a long running program.
* shared/specifier: be less extravagant with memory allocationsZbigniew Jędrzejewski-Szmek2018-03-281-15/+5
| | | | | | | | | | | | | | | | | | | | ubsan times out because we do too many allocations: $ valgrind build/fuzz-unit-file test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6977-full ... test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6977-full... ok ==1757== ==1757== HEAP SUMMARY: ==1757== in use at exit: 0 bytes in 0 blocks ==1757== total heap usage: 199,997 allocs, 199,997 frees, 90,045,318,585 bytes allocated ... ==3256== total heap usage: 100,120 allocs, 100,120 frees, 13,097,140 bytes allocated https://oss-fuzz.com/v2/issue/4651449704251392/6977 should now be really fixed. e3c3d6761b3e7d was the first attempt, but even with this change, e3c3d6761b3e7d still makes sense.
* macro: introduce TAKE_PTR() macroLennart Poettering2018-03-221-2/+1
| | | | | | | | | | | | | | | | This macro will read a pointer of any type, return it, and set the pointer to NULL. This is useful as an explicit concept of passing ownership of a memory area between pointers. This takes inspiration from Rust: https://doc.rust-lang.org/std/option/enum.Option.html#method.take and was suggested by Alan Jenkins (@sourcejedi). It drops ~160 lines of code from our codebase, which makes me like it. Also, I think it clarifies passing of ownership, and thus helps readability a bit (at least for the initiated who know the new macro)
* shared: use _cleanup_ in specifier_printf (#7586)Zbigniew Jędrzejewski-Szmek2017-12-081-15/+10
| | | Follow-up for e62d316561.
* shared: fix a memory leakEvgeny Vereshchagin2017-12-061-2/+3
| | | | | | | | | | | | | | | | | | | ``` $ ./src/test/test-systemd-tmpfiles.py valgrind --leak-check=full --error-exitcode=1 ./build/systemd-tmpfiles ... Running valgrind --leak-check=full --error-exitcode=1 ./build/systemd-tmpfiles on 'w /unresolved/argument - - - - "%Y"' ... [<stdin>:1] Failed to substitute specifiers in argument: Invalid slot ... ==22602== 5 bytes in 1 blocks are definitely lost in loss record 1 of 2 ==22602== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==22602== by 0x4ECA7D4: malloc_multiply (alloc-util.h:74) ==22602== by 0x4ECA909: specifier_printf (specifier.c:59) ==22602== by 0x113490: specifier_expansion_from_arg (tmpfiles.c:1923) ==22602== by 0x1144E7: parse_line (tmpfiles.c:2159) ==22602== by 0x11551C: read_config_file (tmpfiles.c:2425) ==22602== by 0x115AB0: main (tmpfiles.c:2529) ```
* Fix typoZbigniew Jędrzejewski-Szmek2017-12-061-1/+1
|
* Fail on unknown (alphanumerical) specifiersZbigniew Jędrzejewski-Szmek2017-12-061-1/+8
| | | | | | | | | | | | | | | | | | | | | | | The code intentionally ignored unknown specifiers, treating them as text. This needs to change because otherwise we can never add a new specifier in a backwards compatible way. So just treat an unknown (potential) specifier as an error. In principle this is a break of backwards compatibility, but the previous behaviour was pretty much useless, since the expanded value could change every time we add new specifiers, which we do all the time. As a compromise for backwards compatibility, only fail on alphanumerical characters. This should cover the most cases where an unescaped percent character is used, like size=5% and such, which behave the same as before with this patch. OTOH, this means that we will not be able to use non-alphanumerical specifiers without breaking backwards compatibility again. I think that's an acceptable compromise. v2: - add NEWS entry v3: - only fail on alphanumerical
* specifier: unify specifier implementations for user-related specifiersLennart Poettering2017-11-291-0/+43
| | | | | | The code in install-printf.c and unit-printf.c for these is pretty much the same and very generic. Let's move this all over to the generic specifier.c, and share the implementations.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-13 21:16:51 +0100