summaryrefslogtreecommitdiffstats
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* terminal-util: introduce isatty_safe that rejects EBADFMike Yuan2023-12-222-0/+14
|
* terminal-util: use RET_GATHER moreMike Yuan2023-12-221-18/+13
|
* test: fix check for device in test-executeLuca Boccassi2023-12-221-1/+1
| | | | | | The unit actually uses /dev/kmsg, not /dev/kvm Follow-up for ae7482b994e6a9bc8e
* Merge pull request #30550 from yuwata/network-nexthop-cleanups-3Luca Boccassi2023-12-226-55/+133
|\ | | | | network: several cleanups for nexthop (part3)
| * network/nexthop: check if nexthop is really configured without IDYu Watanabe2023-12-201-0/+10
| |
| * network/nexthop: cache requested nexthop IDsYu Watanabe2023-12-205-20/+49
| |
| * network/nexthop: drop conflicting [NextHop] sectionsYu Watanabe2023-12-204-13/+42
| |
| * network/nexthop: check if on-link is not enabled for group or blackhole nexthopYu Watanabe2023-12-201-5/+19
| |
| * network/nexthop: fix wrong verificationYu Watanabe2023-12-201-1/+1
| | | | | | | | This checks the nexthop is not a blackhole, gateway is unrelated.
| * network/nexthop: add several assertions related to nexthop IDYu Watanabe2023-12-201-6/+12
| |
| * network/nexthop: drop dead codeYu Watanabe2023-12-201-11/+1
| | | | | | | | Follow-up for a533473a48ff05e84e7af3d4049dbf458b6c0f94.
* | systemctl: swap cached_id_map and cached_name_mapYu Watanabe2023-12-221-5/+5
| | | | | | | | | | | | | | | | These are unused or used in the same order. So, this patch does not change any behavior, just for naming consistency with the function prototype. Closes #30570.
* | networkd: add basic Varlink interfaceLennart Poettering2023-12-229-3/+140
| | | | | | | | | | | | | | | | | | | | Let's get networkd onto Varlink. This only adds the most basic of operations. I'd love to see networkd do Varlink for all its basic operations so that networkctl can use that, and work correctly before D-Bus is up. Right now, many of networkctls calls simply don't work before D-Bus, and I'd like to see that improved.
* | service: don't try to determine selinux label for socket activation if ↵Lennart Poettering2023-12-223-33/+63
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | RootImage= is used We cannot determine the SELinux label ahead of time if RootImage= is used, since we'd have to mount the image then, hence don't, and handle this cleanly, and gracefully. While we are at it, stop "reaching over" so much from the socket code to the service code, and instead provide function that most of the hard work in service.c that socket.c just calls. While we are at it, add debug logging and stuff. I noticed the issue when also noticing #30560, but that one is harder to fix, hence I avoided it for now.
* | Merge pull request #30553 from yuwata/network-post-event-sourceYu Watanabe2023-12-225-26/+34
|\ \ | | | | | | network: merge two post event sources
| * | network: merge two post event sourcesYu Watanabe2023-12-203-8/+5
| | | | | | | | | | | | No functional change, just refactoring.
| * | network: split out manager_clean_all() from manager_dirty_handler()Yu Watanabe2023-12-203-18/+29
| |/ | | | | | | | | | | And rename manager_dirty_handler() to manager_post_handler(). No functional change, just refactoring.
* | Merge pull request #30541 from yuwata/network-address-emptyYu Watanabe2023-12-221-2/+8
|\ \ | | | | | | network/address: make Address= in [Network] support an empty string
| * | network/address: make Address= in [Network] support an empty stringYu Watanabe2023-12-201-2/+8
| |/ | | | | | | Closes #30485.
* | Merge pull request #30284 from YHNdnzj/fstab-wantedby-defaultdepsLennart Poettering2023-12-211-25/+44
|\ \ | | | | | | fstab-generator: disable default deps if x-systemd.{wanted,required}-by= is used
| * | fstab-generator: disable default deps if x-systemd.{wanted,required}-by= is usedMike Yuan2023-12-111-25/+44
| | | | | | | | | | | | Fixes #30273
* | | Merge pull request #28658 from H5117/enroll_with_ecLennart Poettering2023-12-217-147/+583
|\ \ \ | | | | | | | | cryptsetup: Add support for EC keys in PKCS#11 tokens
| * | | TEST-24-CRYPTSETUP: add test for PKCS#11 tokensVladimir Stoiakin2023-12-201-0/+6
| | | | | | | | | | | | | | | | Introduces new dependencies on SoftHSM, OpenSC and GnuTLS for the test.
| * | | cryptsetup: convert a EC point to compressed format if required by a tokenVladimir Stoiakin2023-12-192-1/+232
| | | |
| * | | cryptsetup: Add support for EC keys in PKCS#11 tokensVladimir Stoiakin2023-12-192-101/+265
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since EC keys doesn't support encryption directly, we use ECDH protocol. We generate a pair of EC keys in the same EC group, then derive a shared secret using the generated private key and the public key in the token. The derived shared secret is used as a volume key. The generated public key is stored in the LUKS2 JSON token header area. The generated private key is erased. To unlock a volume, we derive the shared secret with the stored public key and a private key in the token. Co-authored-by: MkfsSion <mkfssion@mkfssion.com>
| * | | cryptenroll, homectl: deduplicate generation of LUKS2 volume keysVladimir Stoiakin2023-12-194-50/+85
| | | |
* | | | Merge pull request #30547 from poettering/uid0Lennart Poettering2023-12-2118-47/+1085
|\ \ \ \ | | | | | | | | | | add new "uid0" command as alternative multi-call interface for systemd-run, as sudo replacement
| * | | | man: try to improve wording on --slice-inherit docsLennart Poettering2023-12-211-1/+1
| | | | |
| * | | | run/uid0: tint the terminal background color (and add new --background= switch)Lennart Poettering2023-12-211-1/+57
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds a new --background= switch that allows specifiying a background color for the terminal while the tool runs. It also teaches the tool when invoked as uid0 to tint the terminal in a reddish hue when operating as root, and in a yellowish hue when operating as any other user. This should highlight nicely when the user is operating with elevated privileges, or changed privileges.
| * | | | color-util: add helper to convert RGB → HSVLennart Poettering2023-12-214-0/+104
| | | | | | | | | | | | | | | | | | | | We already have HSV → RGB, add the opposite operation.
| * | | | color-util: split out HSV color conversion into color-util.[ch]Lennart Poettering2023-12-214-34/+50
| | | | |
| * | | | ptyfwd: optionally, change ANSI background color of forwarded terminalsLennart Poettering2023-12-212-3/+274
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As the bytes flow through our terminal forwarder we can color the background of the terminal with a color of our choices, if that's desired. This will later allow us to color the background of the uid0 tool when running as root with a slightly alarming red color. This does two things: 1. When an ANSI sequence is seen that resets the background color, it is extended to immediately set the color to our choice. 2. When a newline is seen it is immeidately extended to set the background color again and clear the current line till the end. Net effect: all lines written while we forward the ttys will be shown with the background color of choice.
| * | | | terminal-util: add helper that determines terminal default bg colorLennart Poettering2023-12-213-0/+221
| | | | |
| * | | | terminal-util: add helper for disabling terminal echo in termios structLennart Poettering2023-12-213-4/+12
| | | | |
| * | | | run: optionally set the "ignore-failure" flag for ExecStart= linesLennart Poettering2023-12-211-2/+11
| | | | |
| * | | | run: when invoked as "uid0", expose some sudo-like behaviourLennart Poettering2023-12-213-2/+304
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This turns "systemd-run" into a multi-call binary. When invoked under the name "uid0", then it behaves a bit more like traditional "sudo". This mostly means defaults appropriuate for that, for example a PAM stack, interactivity and more. Fixes: #29199
| * | | | env-util: add strv_env_assignf() helperLennart Poettering2023-12-213-0/+51
| | | | |
* | | | | Drop /dev test in test-mountpoint-utilDaan De Meyer2023-12-211-5/+0
| | | | | | | | | | | | | | | | | | | | | | | | | Even /dev isn't always guaranteed to be a mount point, so let's drop this part of the test.
* | | | | Merge pull request #30568 from poettering/creds-varlinkYu Watanabe2023-12-215-0/+224
|\ \ \ \ \ | | | | | | | | | | | | creds: add varlink interface to encrypt/decrypt credentials
| * | | | | creds: add varlink API for encrypting/decrypting credentialsLennart Poettering2023-12-215-0/+224
| | | | | |
| * | | | | varlink: add helper varlink_error_invalid_parameter_name()Lennart Poettering2023-12-214-7/+14
| |/ / / /
* | | | | Merge pull request #30566 from poettering/varlink-inval-paramYu Watanabe2023-12-214-10/+15
|\ \ \ \ \ | | | | | | | | | | | | add a new helper varlink_error_invalid_parameter_name(), and make more use of the existing varlink_error_invalid_parameter()
| * | | | | varlink: make use of varlink_error_invalid_parameter() helper where appropriateLennart Poettering2023-12-211-3/+1
| | | | | |
| * | | | | varlink: add helper varlink_error_invalid_parameter_name()Lennart Poettering2023-12-214-7/+14
| |/ / / /
* / / / / polkit: simplify bus_verify_polkit_async() + drop auth-by-cap dbus featureLennart Poettering2023-12-2129-450/+365
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This simplifies bus_verify_polkit_async() and related calls quite a bit: 1. This removes any support for authentication-by-Linux-capability. This is ultimately a kdbus leftover: with classic AF_UNIX transports we cannot authenticate by capabilities securely (because we cannot acquire it from the peer without races), hence we never actually did. Since the necessary kernel work didn't materialize in the last 10y, and is unlikely to be added, let's just kill this context. We cannot quite remove the caps stuff from sd-bus for API compat, but for our polkit logic let's kill it. 2. The "good_uid" and "interactive" params are only necessary in very few cases, hence let's move them to a new call bus_verify_polkit_async_full() and make bus_verify_polkit_async() a wrapper around it without those two parameters. This also fixes a bunch of wrong uses of the "interactive" bool. The bool makes no sense today as the ALLOW_INTERACTIVE_AUTHORIZATION field in the D-Bus message header replaces it fully. We only need it to implement method calls we introduced prior to that header field becoming available in D-Bus. And it should only be used on such old method calls, and otherwise always be set to false. This does not change behaviour in any way. Just simplifies stuff. Fixes: #21586
* | | | Merge pull request #30567 from yuwata/hashmap_isemptyYu Watanabe2023-12-2114-27/+28
|\ \ \ \ | | | | | | | | | | tree-wide: use hashmap_isempty() and friends
| * | | | sd-journal: use FOREACH_ARRAY() at one more placeYu Watanabe2023-12-211-2/+2
| | | | |
| * | | | tree-wide: use hashmap_isempty() and friendsYu Watanabe2023-12-2113-25/+26
| | | | |
* | | | | Merge pull request #30564 from poettering/varlink-log-tweaksYu Watanabe2023-12-211-29/+28
|\ \ \ \ \ | | | | | | | | | | | | varlink: minor fixes & tweaks
| * | | | | varlink: check state rather than flags to determine whether it makes sense ↵Lennart Poettering2023-12-211-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | to reply We already checked the flags before, and updated the state accordingly, hence let's only look at the state afterwards. This allows us to use the same expressions for all cases where we want to reply automatically to clients.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-04 03:41:32 +0100