summaryrefslogtreecommitdiffstats
path: root/src/userdb (follow)
Commit message (Collapse)AuthorAgeFilesLines
* tree-wide: make all our Varlink APIs introspectableLennart Poettering2023-10-061-0/+5
|
* meson: move declarations of userdbd and friendsYu Watanabe2023-07-311-8/+23
|
* userdbd: when we hit a flood of requests to start more workers, don't exitLennart Poettering2023-06-222-3/+39
| | | | | | | | | | | | Let's tweak what we do if we detect a flood of requests to start more workers: if none of the workers ever sticks (i.e. the worker count is zero) then let's just give up, as before. Otherwise, let's just not start more workers for a while, and do so again after a while. Thus spawning ofr workers will "cool off" for a while. Fixes: #27028
* userdbd: prefix parameters with their names moreLennart Poettering2023-06-221-2/+2
|
* userdbd: drastically raise ratelimit we apply on requests for more worker ↵Lennart Poettering2023-06-221-2/+2
| | | | | | | | | processes These requests might come in during lookup floods very quickly, since multiple worker processes might detect that things should be scaled up at the same time. Hence, let's substantially raise the limit so that it doesn't get hit in real-life scenarios and acts more like a safety net.
* socket: bump listen() backlog to INT_MAX everywhereLennart Poettering2023-06-131-1/+1
| | | | | | | This is a rework of #24764 by Cristian Rodríguez <crodriguez@owncloud.com>, which stalled. Instead of assigning -1 we'll use a macro defined to INT_MAX however.
* tree-wide: use _cleanup_set_free_ and friendsYu Watanabe2023-05-311-1/+1
| | | | Instead of _cleanup_(set_freep) or so.
* tree-wide: reset optind to 0 when GNU extensions in optstring are usedYu Watanabe2023-03-291-0/+4
| | | | | | | | | | Otherwise, if getopt() and friends are used before parse_argv(), then the GNU extensions may be ignored. This should not change any behavior at least now, as we usually use getopt_long() only once per invocation. But in the next commit, getopt_long() will be used for other arrays, hence this change will become necessary.
* userdbctl: flush stdout before running the chain commandFrantisek Sumsal2023-03-241-0/+1
| | | | | | | | | | | Otherwise it's quite difficult to capture the entire output: $ userdbctl ssh-authorized-keys dropinuser --chain /bin/echo hello ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA//dxI2xLg4MgxIKKZv1nqwTEIlE/fdakii2Fb75pG+ foo@bar.tld ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMlaqG2rTMje5CQnfjXJKmoSpEVJ2gWtx4jBvsQbmee2XbU/Qdq5+SRisssR9zVuxgg5NA5fv08MgjwJQMm+csc= hello@world.tld hello $ userdbctl ssh-authorized-keys dropinuser --chain /bin/echo hello | tee hello
* userdbctl: don't show legend when dumping JSON with servicesFrantisek Sumsal2023-03-241-1/+1
|
* userdbd: make static const what we can make soLennart Poettering2023-03-151-1/+1
|
* userdbd: rework to use sd_event_add_child() instead of manual SIGCHLDLennart Poettering2023-03-151-50/+32
| | | | | | | Let's modernize userdbd furzer, and use the common child handling we nowadays have in sd-event, instead of rolling our own. This also means we'll start using pidfds where we can.
* userdbd: make use of FORK_CLOSE_ALL_FDS + FORK_REOPEN_LOG where we canLennart Poettering2023-03-151-11/+6
|
* userdbd: modernize signal handlingLennart Poettering2023-03-153-16/+8
| | | | | | | | | Let's make use of SD_EVENT_SIGNAL_PROCMASK so that we don't have to mask the signals manually. Let's use sd_event_set_exit_signal() instead of rolling our own SIGTERM/SIGINT handling. Let's use "floating" event sources instead of keeping references on our own. Let's also debug log if we can't enable watchdog handling.
* userbd: manager doesn't actually use varlink, only workers doLennart Poettering2023-03-131-1/+0
|
* userdbd: hook up memory pressure and sigrtmin18Lennart Poettering2023-03-012-1/+10
|
* meson: Do not include headers in source listsJan Janssen2023-01-241-1/+0
| | | | | | Meson+ninja+compiler do this for us and are better at it. https://mesonbuild.com/FAQ.html#do-i-need-to-add-my-headers-to-the-sources-list-like-in-autotools
* tree-wide: use -EBADF for fd initializationZbigniew Jędrzejewski-Szmek2022-12-193-3/+3
| | | | | | | | | | | | | | | | -1 was used everywhere, but -EBADF or -EBADFD started being used in various places. Let's make things consistent in the new style. Note that there are two candidates: EBADF 9 Bad file descriptor EBADFD 77 File descriptor in bad state Since we're initializating the fd, we're just assigning a value that means "no fd yet", so it's just a bad file descriptor, and the first errno fits better. If instead we had a valid file descriptor that became invalid because of some operation or state change, the other errno would fit better. In some places, initialization is dropped if unnecessary.
* treewide: drop "RUN_" from "RUN_WITH_UMASK"Zbigniew Jędrzejewski-Szmek2022-12-131-1/+1
| | | | | | RUN_WITH_UMASK was initially conceived for spawning externals progs with the umask set. But nowadays we use it various syscalls and stuff that doesn't "run" anything, so the "RUN_" prefix has outlived its usefulness.
* basic: move version() to build.h+cZbigniew Jędrzejewski-Szmek2022-11-081-0/+1
|
* tree-wide: replace "plural(s)" by "plurals"Zbigniew Jędrzejewski-Szmek2022-10-171-2/+2
| | | | | | | | (s) is just ugly with a vibe of DOS. In most cases just using the normal plural form is more natural and gramatically correct. There are some log_debug() statements left, and texts in foreign licenses or headers. Those are not touched on purpose.
* shared/format-table: use enum instead of Table.empty_stringZbigniew Jędrzejewski-Szmek2022-09-221-2/+2
| | | | | | | | | | | | All users were setting this to some static string (usually "-"), so let's simplify things by not doing strdup, but instead limiting callers to a fixed set of values. In preparation for the next commit, the function is renamed from "empty" to "replacement", because it'll be used for more than empty fields. I didn't do the whole string-table setup, because it's all used internally in one file and this way we can immediately assert if an invalid value is passed in. Some callers were (void)ing the error, others were ignoring it, and others propagating. It's nicer to remove the boilerplate.
* uid-range: tie up number and array of uid range entriesYu Watanabe2022-09-161-29/+19
| | | | | | This renames UidRange -> UidRangeEntry, and reintroduces UidRange which contains the array of UidRangeEntry and its size. No fucntional changes, just refactoring.
* userdbctl: fix arrow directionYu Watanabe2022-09-161-4/+4
|
* userdbctl: do not show meaningless boundaries when no uid range availableYu Watanabe2022-09-161-4/+2
|
* tree-wide: use ASSERT_PTR moreDavid Tardon2022-09-131-4/+2
|
* userwork: use a better errno valueZbigniew Jędrzejewski-Szmek2022-06-021-1/+1
| | | | ESRCH is literally "No such process".
* various: add %m in messagesZbigniew Jędrzejewski-Szmek2022-06-021-1/+1
| | | | | Sometimes we want to suppress strerror() message because the are providing something better. But in those cases, it seems it was just forgotten.
* tree-wide: port various users over to connect_unix_path()Lennart Poettering2022-05-131-9/+3
| | | | Let's make use of our new helper, and thus allow longer paths.
* userdb: fix error handlingYu Watanabe2022-05-131-1/+1
|
* userdbctl: initialize parameter `n` for uid_range_load_userns()Thomas Weißschuh2022-05-061-2/+2
| | | | | | | uid_range_load_userns() dereferences the n parameter. Passing unitialized memory may lead to crashes, for example with version 251rc2-1 on ArchLinux.
* userdbctl: also show available UID range in current usernsLennart Poettering2022-04-011-14/+206
| | | | | | | | | | | | | Containers generally have a smaller UID range assigned than host systems. Let's visualize this in the user/group tables. We insert markers for unavailable regions. This way display is identical to status quo ante on host systems, but in containers unavailable ranges will be shown as that. And while we are at it, also hide well-known UID ranges when they are outside of userns uid_map range. This is mostly about the "container" range. It's pointless showing the cotnainer range (i.e. a range UID > 65535) if that range isn#t available in the container anyway.
* strv: make iterator in STRV_FOREACH() declaread in the loopYu Watanabe2022-03-191-17/+7
| | | | This also avoids multiple evaluations in STRV_FOREACH_BACKWARDS()
* time-util: add macros around timespec_store() that operates on compund ↵Lennart Poettering2022-03-181-2/+1
| | | | | | | | literal allocated timespec struct This way we can convert usec_t to timespec on-the-fly, without a buffer. No actual behaviour change just some shortening of code.
* meson: move files' closing brace to separate lineZbigniew Jędrzejewski-Szmek2022-03-031-1/+2
|
* meson: do not use split() in file listsZbigniew Jędrzejewski-Szmek2022-03-021-11/+6
| | | | | | | | | | | The approach to use '''…'''.split() instead of a list of strings was initially used when converting from automake because it allowed identical blocks of lines to be used for both, making the conversion easier. But over the years we have been using normal lists more and more, especially when there were just a few filenames listed. This converts the rest. No functional change.
* userdbctl: add a dash of color to users of different dispositionsLennart Poettering2022-02-161-4/+37
|
* userdbctl: show min/max UID boundaries in userdbctl outputLennart Poettering2022-02-161-12/+198
|
* Define FOREACH_DIRENT through FOREACH_DIRENT_ALLZbigniew Jędrzejewski-Szmek2021-12-151-1/+0
| | | | As in the previous commit, 'de' is used as the iterator variable name.
* tree-wide: use new RET_NERRNO() helper at various placesLennart Poettering2021-11-161-5/+1
|
* userdbctl: add support for chaining command lines in "authorized-keys" verbLennart Poettering2021-11-111-16/+79
|
* userwork: make sure to return correct errors when service is not specified ↵Lennart Poettering2021-11-081-4/+4
| | | | | | correctly Fixes: #21215 #21222
* userdbctl: always show summary after printing table (unless legend is off)Lennart Poettering2021-11-081-15/+46
| | | | | We do this in many (most?) other tools, do so here too. It's quite useful info to count users/groups/…
* userdbctl: add a switch for explicitly enabling/disabling multiplexer-based ↵Lennart Poettering2021-11-081-0/+11
| | | | | | lookups This is incredibly useful for debugging.
* userdbctl: make JSON output mode details configurable like in the other toolsLennart Poettering2021-11-081-20/+35
| | | | | Let's add --json= with the same parser as in the other tools, and honour it.
* userdbctl: explicitly handle ESRCH/ENOLINK from userdb_all()Lennart Poettering2021-11-081-49/+63
| | | | | | | Similar in style to previous commit, let's handle these two errors properly, i.e. as equivalent to no entries found. Let's debug log about them, to make things either to deal with when debugging (after all userdbctl to a large degree are debugging tools).
* userwork: properly handle ENOLINK error from lower-level userdb codeLennart Poettering2021-11-081-0/+12
| | | | | | | | | | | | | The lower-level userdb code will return ENOLINK if varlink lookups are disabled explicitly and we couldn#t find an answer any other way. Let's not propagate this to clients, since they don't have control over this feature anyway: we decide internally when to disable varlink lookups (e.g. if DropIn lookups are requested we disable them) and to the client side that should not be visible: if we can't find a record with the flags we pick then we should report then we can't find any, and that's it. Fixes: #21223
* Make pager_open() return voidZbigniew Jędrzejewski-Szmek2021-11-031-1/+1
|
* userdb: fix type to pass to connect()Yu Watanabe2021-10-161-1/+1
| | | | Fixes https://github.com/systemd/systemd/pull/20613#issuecomment-944621275.
* userdb: fix if-else to allow NameServiceSwitch lookupsDan Streetman2021-09-221-1/+1
| | | | Fixes: #20809. Bug introduced in 8fbb1941f1a8c3d9eda920891b2b51a67f2a2375
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-04 14:01:01 +0100