| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Both as safety net and as convenience feature of a string is contained
in the credential
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This is what it is after all: encryption with a NULL key. This is more
descriptive, but also relevant since we want to use this kind of
credentials in a different context soon: for carrying pcrlock data into
a UKI. In that case we don#t want encryption, since the pcrlock data is
intended to help unlocking secrets, hence should not be a secret itself.
This only changes the code labels and the way this is labelled in the
output. We retain compat with the old name.
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The same check is done exactly one line later, because this is one of
the things that json_variant_is_regular() checks.
As per: https://github.com/systemd/systemd/pull/30578/commits/fa9a6db478e3f0f2753e4633af6d0d4881707c2b#r1441792019
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
tmpfiles: correctly apply globbing when cleaning 'x' lines
|
| | | | | | | | |
|
| | |_|/ / / /
| |/| | | | |
| | | | | | |
| | | | | | | |
otherwise it just gets too confusing to follow.
|
|\ \ \ \ \ \ \
| |_|/ / / / /
|/| | | | | | |
vpick: trivial follow-up
|
| | | | | | | |
|
| | |_|/ / /
| |/| | | | |
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | | |
Any file/directory created by a tmpfiles.d will be deleted. Useful for
purge/factory reset patterns.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
logind: 3 trivial cleanups
|
| | | | | | |
|
| | | | | | |
|
| | |/ / /
| |/| | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Otherwise things might be weird, because background sessions might
become "idle", wich doesn#t really make much sense.
This shouldn't change much in 99% of the cases, but slightly corrects
behaviour as it ensures only "primary"/"foreground" sessions get the
idle logic, i.e. where a user exists that could actually make it
non-idle.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If we allow the timer accuracy to grow larger then the timeout itself
things are very confusing, because people might set a 1s time-out and we
turn that into 30s.
Hence, let's just cut off the 30s accuracy to the time-out itself, so
that we stay close to what users configured.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
pam-util: add pam_get_item_many() to shorten some code
|
| | | | | | |
|
| | | | | | |
|
| |/ / / /
| | | | |
| | | | |
| | | | | |
Just to shorten a bit of code.
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We want to cover not only regular bad password entries, but also bad
recovery key entries. Hence let's move the list of errors into the
function, and add more.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We usually start out out authentication cycles with an "empty" password
attempt, to give homed the chance to authenticated via any plugged in
tokens. Hence frequently the first attempt will just fail, which is no
reason to complain about.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
logind: serialize session leader pidfd to fdstore
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
If something wrong happened before hashmap_put(), session_free()
may be called through gc logic, and the assertion is triggered.
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
specified
We usually set the invalid flag for a section if a setting in the section has
an invalid value. Let's also do the same thing for MTUBytes= in [Route].
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
varlink: add glue to allow authenticating varlink connections via polkit
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This is important now that creds are sent via varlink
systemd-creds[463]: varlink-3: Sending message: {"parameters":{"data":"Zm9vYmFyCg=="}}
systemd-creds[462]: varlink-3: New incoming message: {"method":"io.systemd.Credentials.Encrypt","parameters":{"data":"Zm9vYmFyCg=="}}
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Returns -EPERM if any node in the variant is marked as sensitive,
useful to avoid leaking data to log messages and so on
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Use auth_admin_keep, so that users don't have to re-auth interactively
again and again when encrypting/decrypting batches of credentials.
|
| | | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This extends our current polkit logic, so that we can in a very similar
fashion as we already can authenticate dbus peers authenticate varlink
connection peers.
polkit natively speaks dbus and can authentication dbus peers. To get
the same level of support for varlink we'll use authentication by
pidfd+uid. This requires polkit v124, and if that's not available it
will fallback to authorizing root only as before.
Co-authored-by: Luca Boccassi <bluca@debian.org>
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
When we want to do Polkit authentication we want to temporarily pause
handling of a method call until we have the Polkit reply, and then start
again. Let's add some glue to make that easy. This adds two helpers:
varlink_dispatch_again() allows to ask for redispatching of the
currently queued incoming message. Usecase is this: if we don't process
a methd right away, we can come back later, and ask it to be processed
again with this function, in which case our handlers will be called a
2nd time, exactly like on the first time.
varlink_get_current_message() provides access to the currently processed
method call.
With this the polkit logic can look into the current message, do its
thing, and then restart the method handling.
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This also adds a test case that test pidref_safe_fork(), pidref_wait()
and related calls.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This combines safe_fork() with pidref_set_pid().
Eventually we really should switch this to use CLONE_PIDFD, but as that
is not wrapped by glibc yet, it's hard. But this is not crucial anyway,
as a child we just forked off can always safely be referenced also by
PID, given the reaping is under our own control.
A simple test case is added in a follow-up commit.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
A simple test case is added in a follow-up commit.
|
| | | | | | | |
|
| |_|_|/ / /
|/| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This probably predates our introduction of streq_ptr(). Let's drop this
now however, as we actually want this to be NULL, further down, and
handle that just fine. In particular as all the special cases we have
explicitly set this to NULL anyway.
No real change in behaviour, just some normalization of handling.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
If PAMName= is used we'll spawn a PAM session for the service, and leave
a process around that closes the PAM session eventually. That process
must close the "exec_fd" that we use to implement Type=exec. After all
the logic relies on the fact that execve() will implicitly close the
exec_fd, and the EOF seen on it is hence indication for the service
manager that execve() has worked. But if we keep an fd open in the PAM
service process, then this is not going to work.
Hence close the fd explicitly so that it definitely doesn't stay pinned
in the child.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Alberto Planas <aplanas@suse.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
string-util,strv: follow-ups
|