summaryrefslogtreecommitdiffstats
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* | | | | | | creds-util: automatically append NUL byte to decrypted credsLennart Poettering2024-01-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Both as safety net and as convenience feature of a string is contained in the credential
* | | | | | | creds: rename "tpm2-absent" encryption to "null" encryptionLennart Poettering2024-01-043-11/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is what it is after all: encryption with a NULL key. This is more descriptive, but also relevant since we want to use this kind of credentials in a different context soon: for carrying pcrlock data into a UKI. In that case we don#t want encryption, since the pcrlock data is intended to help unlocking secrets, hence should not be a secret itself. This only changes the code labels and the way this is labelled in the output. We retain compat with the old name.
* | | | | | | find-esp: adjust parameter indentating to our usual coding styleLennart Poettering2024-01-041-17/+23
| | | | | | |
* | | | | | | logind: use unlink_and_free() at once more placeLennart Poettering2024-01-041-5/+1
| | | | | | |
* | | | | | | json: drop redundant checkLennart Poettering2024-01-041-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The same check is done exactly one line later, because this is one of the things that json_variant_is_regular() checks. As per: https://github.com/systemd/systemd/pull/30578/commits/fa9a6db478e3f0f2753e4633af6d0d4881707c2b#r1441792019
* | | | | | | Merge pull request #30749 from poettering/tmpfiles-verb-fixLennart Poettering2024-01-041-11/+11
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | tmpfiles: correctly apply globbing when cleaning 'x' lines
| * | | | | | | tmpfiles: 'x' takes globs, hence clean it with globbingLennart Poettering2024-01-041-2/+2
| | | | | | | |
| * | | | | | | tmpfiles: always list tmpfiles line types in same orderLennart Poettering2024-01-041-9/+9
| | |_|/ / / / | |/| | | | | | | | | | | | | | | | | | | otherwise it just gets too confusing to follow.
* | | | | | | Merge pull request #30758 from YHNdnzj/vpick-not-ptrLennart Poettering2024-01-042-2/+2
|\ \ \ \ \ \ \ | |_|/ / / / / |/| | | | | | vpick: trivial follow-up
| * | | | | | shared/vpick: don't say "ptr" for TAKE_PICK_RESULT (struct)Mike Yuan2024-01-041-1/+1
| | | | | | |
| * | | | | | vpick-tool: sort includesMike Yuan2024-01-041-1/+1
| | |_|/ / / | |/| | | |
* / | | | | tmpfiles: add --purge switchLuca Boccassi2024-01-041-10/+65
|/ / / / / | | | | | | | | | | | | | | | | | | | | Any file/directory created by a tmpfiles.d will be deleted. Useful for purge/factory reset patterns.
* | | | | Merge pull request #30744 from poettering/logind-trivial-tweaksLennart Poettering2024-01-043-21/+22
|\ \ \ \ \ | | | | | | | | | | | | logind: 3 trivial cleanups
| * | | | | pam_systemd_home: minor coding style adjustmentLennart Poettering2024-01-041-2/+2
| | | | | |
| * | | | | homed: add some function parameter assert()sLennart Poettering2024-01-041-0/+4
| | | | | |
| * | | | | logind: cast various calls that return errors we ignore to (void)Lennart Poettering2024-01-041-19/+16
| | |/ / / | |/| | |
* | | | | logind: do TTY idle logic only for sessions marked as "tty"Lennart Poettering2024-01-041-12/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Otherwise things might be weird, because background sessions might become "idle", wich doesn#t really make much sense. This shouldn't change much in 99% of the cases, but slightly corrects behaviour as it ensures only "primary"/"foreground" sessions get the idle logic, i.e. where a user exists that could actually make it non-idle.
* | | | | logind: don't make idle action timer accuracy more coarse than timeoutLennart Poettering2024-01-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we allow the timer accuracy to grow larger then the timeout itself things are very confusing, because people might set a 1s time-out and we turn that into 30s. Hence, let's just cut off the 30s accuracy to the time-out itself, so that we stay close to what users configured.
* | | | | Merge pull request #30739 from poettering/pam-util-manyYu Watanabe2024-01-044-27/+46
|\ \ \ \ \ | | | | | | | | | | | | pam-util: add pam_get_item_many() to shorten some code
| * | | | | pam_systemd_home: port over to pam_get_item_many()Lennart Poettering2024-01-041-7/+6
| | | | | |
| * | | | | pam_systemd: move over to pam_get_item_many()Lennart Poettering2024-01-041-20/+12
| | | | | |
| * | | | | pam-util: add pam_get_item_many() helper that gets many PAM items at onceLennart Poettering2024-01-042-0/+28
| |/ / / / | | | | | | | | | | | | | | | Just to shorten a bit of code.
* | | | | homed: when empty username is passed to bus calls, operate on client's UIDLennart Poettering2024-01-041-16/+56
| | | | |
* | | | | homed: fix home_count_bad_authentication() countingLennart Poettering2024-01-041-11/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We want to cover not only regular bad password entries, but also bad recovery key entries. Hence let's move the list of errors into the function, and add more.
* | | | | homed: tone down log message about bad passwords a bitLennart Poettering2024-01-041-4/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We usually start out out authentication cycles with an "empty" password attempt, to give homed the chance to authenticated via any plugged in tokens. Hence frequently the first attempt will just fail, which is no reason to complain about.
* | | | | Merge pull request #30610 from YHNdnzj/logind-serialize-pidrefYu Watanabe2024-01-045-186/+276
|\ \ \ \ \ | | | | | | | | | | | | logind: serialize session leader pidfd to fdstore
| * | | | | logind-session: watch pidfd in session_set_leader_consumeMike Yuan2024-01-044-39/+38
| | | | | |
| * | | | | logind: serialize session leader pidfd to fdstoreMike Yuan2024-01-043-107/+207
| | | | | |
| * | | | | process-util: ensure pidref_is_alive only return ESRCH if not setMike Yuan2024-01-041-1/+3
| | | | | |
| * | | | | logind-session: use one_zero where appropriateMike Yuan2024-01-041-6/+6
| | | | | |
| * | | | | logind-session: be tolerant if we failed to remove leader from hashmapMike Yuan2024-01-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If something wrong happened before hashmap_put(), session_free() may be called through gc logic, and the assertion is triggered.
| * | | | | logind: use RET_GATHER more, return first errorMike Yuan2024-01-041-40/+29
| | | | | |
* | | | | | network/route: make the route section invalid when an invalid MTUBytes= is ↵Yu Watanabe2024-01-042-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | specified We usually set the invalid flag for a section if a setting in the section has an invalid value. Let's also do the same thing for MTUBytes= in [Route].
* | | | | | Merge pull request #30578 from bluca/polkit-varlinkLennart Poettering2024-01-0432-67/+838
|\ \ \ \ \ \ | | | | | | | | | | | | | | varlink: add glue to allow authenticating varlink connections via polkit
| * | | | | | varlink: avoid logging content of message if it contains sensitive dataLuca Boccassi2024-01-031-7/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is important now that creds are sent via varlink systemd-creds[463]: varlink-3: Sending message: {"parameters":{"data":"Zm9vYmFyCg=="}} systemd-creds[462]: varlink-3: New incoming message: {"method":"io.systemd.Credentials.Encrypt","parameters":{"data":"Zm9vYmFyCg=="}}
| * | | | | | json: add JSON_FORMAT_REFUSE_SENSITIVE to json_variant_format()Luca Boccassi2024-01-033-11/+143
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Returns -EPERM if any node in the variant is marked as sensitive, useful to avoid leaking data to log messages and so on
| * | | | | | creds: open up access to clients via PolkitLennart Poettering2024-01-033-6/+75
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use auth_admin_keep, so that users don't have to re-auth interactively again and again when encrypting/decrypting batches of credentials.
| * | | | | | bus-polkit: port polkit_registry to use value destructors in hash_opsLennart Poettering2024-01-0315-27/+23
| | | | | | |
| * | | | | | bus-polkit: add support for authenticating varlink peers via polkitLennart Poettering2024-01-033-22/+278
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This extends our current polkit logic, so that we can in a very similar fashion as we already can authenticate dbus peers authenticate varlink connection peers. polkit natively speaks dbus and can authentication dbus peers. To get the same level of support for varlink we'll use authentication by pidfd+uid. This requires polkit v124, and if that's not available it will fallback to authorizing root only as before. Co-authored-by: Luca Boccassi <bluca@debian.org>
| * | | | | | varlink: add two helpers for delayed processing of method callsLennart Poettering2024-01-022-0/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we want to do Polkit authentication we want to temporarily pause handling of a method call until we have the Polkit reply, and then start again. Let's add some glue to make that easy. This adds two helpers: varlink_dispatch_again() allows to ask for redispatching of the currently queued incoming message. Usecase is this: if we don't process a methd right away, we can come back later, and ask it to be processed again with this function, in which case our handlers will be called a 2nd time, exactly like on the first time. varlink_get_current_message() provides access to the currently processed method call. With this the polkit logic can look into the current message, do its thing, and then restart the method handling.
| * | | | | | varlink: add new helper varlink_get_peer_pidref() for getting PidRef of peerLennart Poettering2024-01-022-0/+55
| | | | | | |
| * | | | | | socket-util: add helper for getting peer pidfdLennart Poettering2024-01-023-0/+20
| | | | | | |
| * | | | | | process-util: add new pid{ref,}_get_start_time() helperLennart Poettering2024-01-023-0/+99
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This also adds a test case that test pidref_safe_fork(), pidref_wait() and related calls.
| * | | | | | process-util: add pidref_safe_fork() helperLennart Poettering2024-01-022-0/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This combines safe_fork() with pidref_set_pid(). Eventually we really should switch this to use CLONE_PIDFD, but as that is not wrapped by glibc yet, it's hard. But this is not crucial anyway, as a child we just forked off can always safely be referenced also by PID, given the reaping is under our own control. A simple test case is added in a follow-up commit.
| * | | | | | pidref: add helpers for waiting for pidref processesLennart Poettering2024-01-023-1/+60
| | | | | | | | | | | | | | | | | | | | | | | | | | | | A simple test case is added in a follow-up commit.
* | | | | | | homed: add missing bus call to homed access policyLennart Poettering2024-01-041-0/+4
| | | | | | |
* | | | | | | pam_systemd: drop unnecessary strempty() of 'tty' variableLennart Poettering2024-01-041-7/+5
| |_|_|/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This probably predates our introduction of streq_ptr(). Let's drop this now however, as we actually want this to be NULL, further down, and handle that just fine. In particular as all the special cases we have explicitly set this to NULL anyway. No real change in behaviour, just some normalization of handling.
* | | | | | execute: make sure Type=exec and PAMName= work togetherLennart Poettering2024-01-041-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If PAMName= is used we'll spawn a PAM session for the service, and leave a process around that closes the PAM session eventually. That process must close the "exec_fd" that we use to implement Type=exec. After all the logic relies on the fact that execve() will implicitly close the exec_fd, and the EOF seen on it is hence indication for the service manager that execve() has worked. But if we keep an fd open in the PAM service process, then this is not going to work. Hence close the fd explicitly so that it definitely doesn't stay pinned in the child.
* | | | | | Fix typo in verb_make_policy explanationAlberto Planas2024-01-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Alberto Planas <aplanas@suse.com>
* | | | | | Merge pull request #30725 from YHNdnzj/string-utilMike Yuan2024-01-048-59/+48
|\ \ \ \ \ \ | | | | | | | | | | | | | | string-util,strv: follow-ups