picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Systemd/src/test
History
Lennart Poettering d3dcf4e3b9 fileio: beef up READ_FULL_FILE_CONNECT_SOCKET to allow setting sender socket name 
This beefs up the READ_FULL_FILE_CONNECT_SOCKET logic of
read_full_file_full() a bit: when used a sender socket name may be
specified. If specified as NULL behaviour is as before: the client
socket name is picked by the kernel. But if specified as non-NULL the
client can pick a socket name to use when connecting. This is useful to
communicate a minimal amount of metainformation from client to server,
outside of the transport payload.

Specifically, these beefs up the service credential logic to pass an
abstract AF_UNIX socket name as client socket name when connecting via
READ_FULL_FILE_CONNECT_SOCKET, that includes the requesting unit name
and the eventual credential name. This allows servers implementing the
trivial credential socket logic to distinguish clients: via a simple
getpeername() it can be determined which unit is requesting a
credential, and which credential specifically.

Example: with this patch in place, in a unit file "waldo.service" a
configuration line like the following:

    LoadCredential=foo:/run/quux/creds.sock

will result in a connection to the AF_UNIX socket /run/quux/creds.sock,
originating from an abstract namespace AF_UNIX socket:

    @$RANDOM/unit/waldo.service/foo

(The $RANDOM is replaced by some randomized string. This is included in
the socket name order to avoid namespace squatting issues: the abstract
socket namespace is open to unprivileged users after all, and care needs
to be taken not to use guessable names)

The services listening on the /run/quux/creds.sock socket may thus
easily retrieve the name of the unit the credential is requested for
plus the credential name, via a simpler getpeername(), discarding the
random preifx and the /unit/ string.

This logic uses "/" as separator between the fields, since both unit
names and credential names appear in the file system, and thus are
designed to use "/" as outer separators. Given that it's a good safe
choice to use as separators here, too avoid any conflicts.

This is a minimal patch only: the new logic is used only for the unit
file credential logic. For other places where we use
READ_FULL_FILE_CONNECT_SOCKET it is probably a good idea to use this
scheme too, but this should be done carefully in later patches, since
the socket names become API that way, and we should determine the right
amount of info to pass over.
2020-11-03 09:48:04 +01:00
..
generate-sym-test.py journal: properly mark two definitions that are deprecated with GCC attributes for that 2020-01-31 15:02:00 +01:00
meson.build Merge pull request #17399 from afq984/udev-escaped-string 2020-10-30 09:52:45 +09:00
test-acl-util.c test-acl-util: skip test if /tmp doesn't do ACLs 2020-09-12 08:12:36 +02:00
test-af-list.c
test-alloc-util.c Fix clang-11 issues 2020-07-26 11:32:06 +02:00
test-architecture.c
test-arphrd-list.c
test-ask-password-api.c shared/ask-password-api: show "(press TAB for no echo)" 2020-02-06 10:51:24 +01:00
test-async.c
test-barrier.c
test-bitmap.c tree-wide: define iterator inside of the macro 2020-09-08 12:14:05 +02:00
test-boot-timestamps.c test: Skip test-boot-timestamps on permission denied 2020-05-06 22:01:50 +02:00
test-bpf-devices.c tree-wide: avoid some loaded terms 2020-06-25 09:00:19 +02:00
test-bpf-firewall.c tests: move unit files to units/ subdirectory 2020-03-19 16:23:27 +01:00
test-btrfs.c tree-wide: fix spelling of lookup and setup verbs 2020-03-03 15:02:53 +01:00
test-bus-util.c
test-calendarspec.c basic/time-util: add function to format timestamps with different styles 2020-08-19 15:30:13 +01:00
test-cap-list.c basic/cap-list: reduce scope of variables 2020-07-10 16:55:24 +02:00
test-capability.c basic/missing_capability: clean up our defines and check that our fallback is up-to-date 2020-08-27 20:20:23 +02:00
test-cgroup-cpu.c
test-cgroup-mask.c cgroup: Reduce unit_get_ancestor_disable_mask use 2020-08-19 11:41:53 +02:00
test-cgroup-setup.c tests: various small fixes for strict systems 2020-04-26 20:18:48 +02:00
test-cgroup-unit-default.c tests: Fix description of test units 2020-06-02 18:59:47 +02:00
test-cgroup-util.c test-cgroup-util: Handle result=NULL as empty string 2020-07-29 15:36:38 +02:00
test-cgroup.c test-cgroup: skip if /sys/fs/cgroup unknown fs 2020-04-25 10:00:43 +02:00
test-chase-symlinks.c log: introduce log_parse_environment_cli() and log_setup_cli() 2020-06-24 16:49:26 +02:00
test-chown-rec.c
test-clock.c Fix clang-11 issues 2020-07-26 11:32:06 +02:00
test-condition.c Move {uid,gid}_is_*() from basic to shared 2020-09-25 17:18:56 +02:00
test-conf-files.c
test-conf-parser.c conf-parser: return mtime in config_parse() and friends 2020-06-02 19:32:20 +02:00
test-copy.c copy: optionally, reproduce hardlinks from source in destination 2020-09-09 20:21:29 +02:00
test-coredump-util.c Add parser and printer for coredump filter mask 2020-04-09 12:51:41 +02:00
test-cpu-set-util.c core: add support for setting CPUAffinity= to special "numa" value 2020-03-16 08:57:28 +01:00
test-daemon.c
test-date.c basic/time-util: add function to format timestamps with different styles 2020-08-19 15:30:13 +01:00
test-dev-setup.c nspawn,pid1: pass "inaccessible" nodes from cntr mgr to pid1 payload via /run/host 2020-08-20 10:17:52 +02:00
test-device-nodes.c
test-dlopen.c
test-dns-domain.c dns-domain: add helper that checks whether domain is dot suffixed 2020-09-29 12:09:16 +02:00
test-ellipsize.c
test-emergency-action.c
test-engine.c tests: move unit files to units/ subdirectory 2020-03-19 16:23:27 +01:00
test-env-file.c test: use pclose() for popen() 2020-09-14 22:32:52 +02:00
test-env-util.c Revert "basic/env-util: (mostly) follow POSIX for what variable names are allowed" 2020-10-23 15:07:07 +02:00
test-escape.c shared/escape: add new escape style with \n\t escaped 2020-04-09 09:58:10 +02:00
test-exec-util.c tests: various small fixes for strict systems 2020-04-26 20:18:48 +02:00
test-execute.c tests: add helper function to autodetect CI environments 2020-10-22 13:16:26 +02:00
test-exit-status.c
test-extract-word.c test-string-util,test-extract-word: add log headers 2020-09-04 12:59:25 +02:00
test-fd-util.c test-fd-util: add test case for close_all_fd() 2020-10-14 10:40:32 +02:00
test-fdset.c tree-wide: define iterator inside of the macro 2020-09-08 12:14:05 +02:00
test-fileio.c fileio: beef up READ_FULL_FILE_CONNECT_SOCKET to allow setting sender socket name 2020-11-03 09:48:04 +01:00
test-firewall-util.c
test-format-table.c format-table: add TABLE_STRV_WRAPPED 2020-10-22 13:20:40 +02:00
test-format-util.c
test-fs-util.c fs-util: drop chmod_and_chown_unsafe() which is unused now 2020-09-23 18:00:19 +02:00
test-fstab-util.c fstab,crypttab: allow escaping of commas 2020-09-25 13:36:34 +02:00
test-gcrypt-util.c
test-glob-util.c
test-hash.c
test-hashmap-ordered.awk
test-hashmap-plain.c tree-wide: define iterator inside of the macro 2020-09-08 12:14:05 +02:00
test-hashmap.c tree-wide: define iterator inside of the macro 2020-09-08 12:14:05 +02:00
test-hexdecoct.c
test-hostname-util.c Add %l as specifier for the hostname without any domain component 2020-05-07 17:36:44 +02:00
test-hostname.c
test-id128.c id128: introduce ID128_UUID_STRING_MAX for sizing UUID buffers 2019-12-10 11:56:18 +01:00
test-in-addr-util.c test-in-addr-util: add log headers 2020-09-10 00:46:44 +02:00
test-install-root.c tree-wide: define iterator inside of the macro 2020-09-08 12:14:05 +02:00
test-install.c tree-wide: define iterator inside of the macro 2020-09-08 12:14:05 +02:00
test-io-util.c
test-ip-protocol-list.c
test-ipcrm.c test-ipcrm: modernize, skip test on permission errors 2020-10-20 18:06:28 +02:00
test-job-type.c
test-journal-importer.c tests: move unit files to units/ subdirectory 2020-03-19 16:23:27 +01:00
test-json.c test-json: add function headers 2020-09-01 16:48:40 +02:00
test-libcrypt-util.c test-libcrypt-util: before doing anything check what methods are available 2020-09-15 11:52:30 +02:00
test-libmount.c
test-libudev.c tree-wide: assorted coccinelle fixes 2020-10-09 15:02:23 +02:00
test-list.c basic/list: add LIST_JOIN helper 2020-07-29 17:12:45 +01:00
test-load-fragment.c Revert "basic/env-util: (mostly) follow POSIX for what variable names are allowed" 2020-10-23 15:07:07 +02:00
test-local-addresses.c
test-locale-util.c locale-util: add support for touch emoji 2020-07-01 11:17:27 +02:00
test-log.c
test-loop-block.c test: add heavy load loopback block device test 2020-10-22 15:10:03 +02:00
test-loopback.c
test-mount-util.c
test-mountpoint-util.c test-mountpoint-util: run test in private mount namespace 2020-10-21 09:18:35 +02:00
test-namespace.c tree-wide: coccinelle fixes 2020-10-04 12:32:21 +02:00
test-netlink-manual.c
test-ns.c core: hide /run/credentials whenever namespacing is requested 2020-08-25 19:45:38 +02:00
test-nscd-flush.c
test-nss.c test-nss: do not assume all symbols are defined 2020-08-05 10:49:46 +02:00
test-offline-passwd.c Move offline-password.[ch] to shared and add test-offline-passwd 2020-07-18 14:14:19 +02:00
test-ordered-set.c test-ordered-set: add a case where we get 0 for duplicate entries 2020-07-23 15:47:21 +02:00
test-os-util.c
test-parse-util.c parse-util: add parse_loadavg_fixed_point 2020-10-07 16:17:24 -07:00
test-path-lookup.c test: Add test for setting generator paths via environment 2020-03-04 11:25:14 +01:00
test-path-util.c basic/path-util: enhance find_executable() for the fixed path case 2020-09-18 15:28:48 +02:00
test-path.c test-path: relax test in "ci" and "release" modes 2020-10-22 13:16:26 +02:00
test-pretty-print.c
test-prioq.c tree-wide: use _cleanup_set_free_ where appropriate 2020-05-06 17:08:17 +02:00
test-proc-cmdline.c tests: various small fixes for strict systems 2020-04-26 20:18:48 +02:00
test-process-util.c tree-wide: more repeated words 2020-07-07 12:08:22 +02:00
test-procfs-util.c tests: various small fixes for strict systems 2020-04-26 20:18:48 +02:00
test-psi-util.c shared: helpers to read pressure stats from cgroups 2020-10-07 16:17:24 -07:00
test-qrcode-util.c test: add a simple test for the qr printing code 2020-10-27 18:33:29 +01:00
test-random-util.c random-util: make use of GRND_INSECURE when it is defined 2020-05-10 11:15:16 +02:00
test-ratelimit.c
test-replace-var.c
test-rlimit-util.c
test-rm-rf.c rm-rf: add new flag REMOVE_CHMOD 2020-08-25 18:39:45 +02:00
test-sched-prio.c tests: move unit files to units/ subdirectory 2020-03-19 16:23:27 +01:00
test-sd-hwdb.c tree-wide: use the usual SPDX header for our own files 2020-10-29 10:47:20 +01:00
test-sd-path.c sd-path: handle case of missing runtime dir in test 2020-03-27 20:12:45 +01:00
test-seccomp.c test-seccomp: accept ENOSYS from sysctl(2) too 2020-09-24 17:02:20 +02:00
test-selinux.c
test-serialize.c
test-set-disable-mempool.c
test-set.c basic/set: add set_ensure_consume() 2020-06-24 10:38:15 +02:00
test-sigbus.c
test-signal-util.c
test-siphash24.c
test-sizeof.c test-sizeof: print pointer sizes 2020-09-04 18:45:44 +02:00
test-sleep.c test-sleep: add more logging, show secure boot mode 2020-07-29 11:12:13 +02:00
test-socket-netlink.c Use sockaddr_un_set_path() in socket_address_parse() 2020-09-10 00:46:44 +02:00
test-socket-util.c basic: convert ifname_valid_full() to take flags and allow numeric interfaces 2020-09-10 00:46:44 +02:00
test-specifier.c test-specifier: add a simple test which prints "global" specifiers 2020-05-07 17:36:44 +02:00
test-stat-util.c test: accept that char device 0/0 can now be created witout privileges 2020-08-17 19:28:32 +02:00
test-static-destruct.c
test-strbuf.c
test-string-util.c test-string-util: stop testing FOREACH_WORD 2020-09-09 09:34:55 +02:00
test-strip-tab-ansi.c
test-strv.c basic/strv: allow escaping the separator in strv_join() 2020-09-25 13:36:34 +02:00
test-strxcpyx.c
test-sysctl-util.c shared/sysctl-util: normalize repeated slashes or dots to a single value 2020-01-30 10:48:27 +01:00
test-systemd-tmpfiles.py
test-tables.c core: add ManagedOOM*= properties to configure systemd-oomd on the unit 2020-10-07 16:17:23 -07:00
test-terminal-util.c basic/terminal-util: rename our replacement highlight-yellow and test both the original and replacement 2020-07-30 14:43:02 +02:00
test-time-util.c basic/time-util: add function to format timestamps with different styles 2020-08-19 15:30:13 +01:00
test-tmpfiles.c
test-udev-util.c udev: test udev_rule_parse_value() 2020-10-29 20:19:29 +08:00
test-udev.c mount-util: switch most mount_verbose() code over to not follow symlinks 2020-09-23 18:57:36 +02:00
test-uid-range.c
test-umask-util.c
test-umount.c tests: various small fixes for strict systems 2020-04-26 20:18:48 +02:00
test-unaligned.c
test-unit-file.c tree-wide: define iterator inside of the macro 2020-09-08 12:14:05 +02:00
test-unit-name.c unit-name: fix a potential memory leak 2020-07-06 17:13:37 +02:00
test-user-record.c sysusers: look at login.defs when setting the default range to allocate users 2020-10-01 19:53:45 +02:00
test-user-util.c user-util: add mangle_gecos() call for turning strings into fields suitable as GECOS fields 2020-08-07 17:36:11 +02:00
test-utf8.c shared/utf8: add utf8_is_valid_n() 2020-09-01 16:48:40 +02:00
test-util.c test: add test that validates that PTR_TO_INT(INT_TO_PTR()) covers whole int range 2020-10-07 09:40:09 +02:00
test-varlink.c
test-verbs.c
test-watch-pid.c tests: move unit files to units/ subdirectory 2020-03-19 16:23:27 +01:00
test-watchdog.c
test-web-util.c
test-xattr-util.c
test-xdg-autostart.c xdg-autostart: ignore all empty entries in multi-string entries 2020-07-07 14:02:16 +02:00
test-xml.c