summaryrefslogtreecommitdiffstats
path: root/src/userdb/userwork.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* tree-wide: make all our Varlink APIs introspectableLennart Poettering2023-10-061-0/+5
|
* tree-wide: use -EBADF for fd initializationZbigniew Jędrzejewski-Szmek2022-12-191-1/+1
| | | | | | | | | | | | | | | | -1 was used everywhere, but -EBADF or -EBADFD started being used in various places. Let's make things consistent in the new style. Note that there are two candidates: EBADF 9 Bad file descriptor EBADFD 77 File descriptor in bad state Since we're initializating the fd, we're just assigning a value that means "no fd yet", so it's just a bad file descriptor, and the first errno fits better. If instead we had a valid file descriptor that became invalid because of some operation or state change, the other errno would fit better. In some places, initialization is dropped if unnecessary.
* userwork: use a better errno valueZbigniew Jędrzejewski-Szmek2022-06-021-1/+1
| | | | ESRCH is literally "No such process".
* various: add %m in messagesZbigniew Jędrzejewski-Szmek2022-06-021-1/+1
| | | | | Sometimes we want to suppress strerror() message because the are providing something better. But in those cases, it seems it was just forgotten.
* tree-wide: use new RET_NERRNO() helper at various placesLennart Poettering2021-11-161-5/+1
|
* userwork: make sure to return correct errors when service is not specified ↵Lennart Poettering2021-11-081-4/+4
| | | | | | correctly Fixes: #21215 #21222
* userwork: properly handle ENOLINK error from lower-level userdb codeLennart Poettering2021-11-081-0/+12
| | | | | | | | | | | | | The lower-level userdb code will return ENOLINK if varlink lookups are disabled explicitly and we couldn#t find an answer any other way. Let's not propagate this to clients, since they don't have control over this feature anyway: we decide internally when to disable varlink lookups (e.g. if DropIn lookups are requested we disable them) and to the client side that should not be visible: if we can't find a record with the flags we pick then we should report then we can't find any, and that's it. Fixes: #21223
* userdb: fix if-else to allow NameServiceSwitch lookupsDan Streetman2021-09-221-1/+1
| | | | Fixes: #20809. Bug introduced in 8fbb1941f1a8c3d9eda920891b2b51a67f2a2375
* tree-wide: port everything over to new sd-id128 compund literal blissLennart Poettering2021-08-201-3/+2
|
* tree-wide: add FORMAT_TIMESPAN()Zbigniew Jędrzejewski-Szmek2021-07-091-4/+2
|
* userdb: make most loading of JSON user record data "permissive"Lennart Poettering2021-06-011-2/+2
| | | | | | | | | | | | | We want user records to be extensible, hence we shouldn't complain about fields we can't parse. In particular we want them to be extensible for our own future extensions. Some code already turned the permissive flag when parsing the JSON data, but most did not. Fix that. A few select cases remain where the bit is not set: where we just gnerated the JSON data ourselves, and thus can be reasonably sure that if we can't parse it it's our immediate programming error and not just us processing a user record from some other tool or a newer version of ourselves.
* userdbd: also listen on a varlink socket io.systemd.DropInLennart Poettering2021-05-101-0/+2
| | | | | Let's explicitly support looking things up via dropin as a varlink service.
* userdb: shorten code a bitYu Watanabe2021-05-091-5/+2
| | | | Hopefully fixes CID#1452937.
* userdbd: simplify logic for generating NSS listingsLennart Poettering2021-05-071-325/+116
| | | | | | | | | | | | | | So far we basically had two ways to iterate through NSS records: one via the varlink IPC and one via the userdb.[ch] infra, with slightly different implementations. Let's clean this up, and always use userdb.[ch] also when resolving via userdbd. The different codepaths for the NameServiceSwitch and the Multiplexer varlink service now differ only in the different flags passed to the userdb lookup. Behaviour shouldn't change by this. This is mostly refactoring, reducing redundant codepaths.
* tree-wide: enable colorized logging for daemons when run in consoleYu Watanabe2021-01-311-1/+1
| | | | It may be useful when debugging daemons.
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* shared: merge {user,group}-record-nss.{c,h}Zbigniew Jędrzejewski-Szmek2020-09-011-1/+0
| | | | | They both are both short and contain similar parts and various helper will be shared between both parts of the code so it's easier to use a single file.
* Merge pull request #16112 from poettering/nss-systemd-block-fixLennart Poettering2020-06-241-3/+2
|\ | | | | rework nss-systemd recursion lock
| * userdb: replace recursion lockLennart Poettering2020-06-231-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously we'd used the existance of a specific AF_UNIX socket in the abstract namespace as lock for disabling lookup recursions. (for breaking out of the loop: userdb synthesized from nss → nss synthesized from userdb → userdb synthesized from nss → …) I did it like that because it promised to work the same both in static and in dynmically linked environments and is accessible easily from any programming language. However, it has a weakness regarding reuse attacks: the socket is securely hashed (siphash) from the thread ID in combination with the AT_RANDOM secret. Thus it should not be guessable from an attacker in advance. That's only true if a thread takes the lock only once and keeps it forever. However, if a thread takes and releases it multiple times an attacker might monitor that and quickly take the lock after the first iteration for follow-up iterations. It's not a big issue given that userdb (as the primary user for this) never released the lock and we never made the concept a public interface, and it was only included in one release so far, but it's something that deserves fixing. (moreover it's a local DoS only, only permitting to disable native userdb lookups) With this rework the libnss_systemd.so.2 module will now export two additional symbols. These symbols are not used by glibc, but can be used by arbitrary programs: one can be used to disable nss-systemd, the other to check if it is currently disabled. The lock is per-thread. It's slightly less pretty, since it requires people to manually link against C code via dlopen()/dlsym(), but it should work safely without the aforementioned weakness.
* | tree-wide: port to fd_wait_for_event()Lennart Poettering2020-06-101-10/+5
| | | | | | | | | | | | | | | | Prompted by the discussion on #16110, let's migrate more code to fd_wait_for_event(). This only leaves 7 places where we call into poll()/poll() directly in our entire codebase. (one of which is fd_wait_for_event() itself)
* | tree-wide: check POLLNVAL everywhereLennart Poettering2020-06-101-0/+2
|/ | | | | | | | | | | | | poll() sets POLLNVAL inside of the poll structures if an invalid fd is passed. So far we generally didn't check for that, thus not taking notice of the error. Given that this specific kind of error is generally indication of a programming error, and given that our code is embedded into our projects via NSS or because people link against our library, let's explicitly check for this and convert it to EBADF. (I ran into a busy loop because of this missing check when some of my test code accidentally closed an fd it shouldn't close, so this is a real thing)
* userwork: remove trailing comma in messageZbigniew Jędrzejewski-Szmek2020-05-271-1/+1
|
* userwork: fix typos in commentZbigniew Jędrzejewski-Szmek2020-05-261-3/+5
|
* userdb: when doing client-side NSS look-ups optionally avoid shadow look-upsLennart Poettering2020-04-091-5/+5
|
* userwork: fix signal worker sends to manager requesting more workersLennart Poettering2020-03-301-1/+1
| | | | | | | | | That's what you get for changing these signals around, after checking everything works, not before. Bad, Lennart, bad! Fixes: #15085
* userdbd: add new service that can merge userdb queries from multiple clientsLennart Poettering2020-01-151-0/+778