conf-parser: restrict .include usage
Disallow recursive .include, and make it unavailable in anything but unit files.
This commit is contained in:
parent
60b6991a4d
commit
db5c012285
6
TODO
6
TODO
|
@ -100,10 +100,6 @@ Features:
|
|||
/lib/modules/$(uname -r)/modules.devname
|
||||
and apply ACLs to them if they have TAG=="uaccess" in udev rules.
|
||||
|
||||
* matching against units is currently broken in journalctl. We really
|
||||
need another AND level in the expressions,
|
||||
i.e. sd_journal_add_conjunction().
|
||||
|
||||
* add ConditionArchitecture= or so
|
||||
|
||||
* teach ConditionKernelCommandLine= globs or regexes (in order to match foobar={no,0,off})
|
||||
|
@ -125,8 +121,6 @@ Features:
|
|||
|
||||
* man: remove .include documentation, and instead push people to use .d/*.conf
|
||||
|
||||
* disallow .include from included files
|
||||
|
||||
* safe_atod() is too naive, as it is vulnerable to locale parameters, should be locale independent.
|
||||
|
||||
* think about requeuing jobs when daemon-reload is issued? usecase:
|
||||
|
|
|
@ -124,7 +124,7 @@ static void parse_conf(void) {
|
|||
return;
|
||||
|
||||
r = config_parse(NULL, BOOTCHART_CONF, f,
|
||||
NULL, config_item_table_lookup, (void*) items, true, NULL);
|
||||
NULL, config_item_table_lookup, (void*) items, true, false, NULL);
|
||||
if (r < 0)
|
||||
log_warning("Failed to parse configuration file: %s", strerror(-r));
|
||||
|
||||
|
|
|
@ -200,7 +200,7 @@ int unit_load_dropin(Unit *u) {
|
|||
STRV_FOREACH(f, u->dropin_paths) {
|
||||
r = config_parse(u->id, *f, NULL,
|
||||
UNIT_VTABLE(u)->sections, config_item_perf_lookup,
|
||||
(void*) load_fragment_gperf_lookup, false, u);
|
||||
(void*) load_fragment_gperf_lookup, false, false, u);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
|
|
@ -2270,7 +2270,7 @@ static int load_from_path(Unit *u, const char *path) {
|
|||
/* Now, parse the file contents */
|
||||
r = config_parse(u->id, filename, f, UNIT_VTABLE(u)->sections,
|
||||
config_item_perf_lookup,
|
||||
(void*) load_fragment_gperf_lookup, false, u);
|
||||
(void*) load_fragment_gperf_lookup, false, true, u);
|
||||
if (r < 0)
|
||||
goto finish;
|
||||
|
||||
|
|
|
@ -677,7 +677,7 @@ static int parse_config_file(void) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
r = config_parse(NULL, fn, f, "Manager\0", config_item_table_lookup, (void*) items, false, NULL);
|
||||
r = config_parse(NULL, fn, f, "Manager\0", config_item_table_lookup, (void*) items, false, false, NULL);
|
||||
if (r < 0)
|
||||
log_warning("Failed to parse configuration file: %s", strerror(-r));
|
||||
|
||||
|
|
|
@ -1271,7 +1271,7 @@ static int server_parse_proc_cmdline(Server *s) {
|
|||
}
|
||||
|
||||
static int server_parse_config_file(Server *s) {
|
||||
static const char *fn = "/etc/systemd/journald.conf";
|
||||
static const char fn[] = "/etc/systemd/journald.conf";
|
||||
_cleanup_fclose_ FILE *f = NULL;
|
||||
int r;
|
||||
|
||||
|
@ -1287,7 +1287,7 @@ static int server_parse_config_file(Server *s) {
|
|||
}
|
||||
|
||||
r = config_parse(NULL, fn, f, "Journal\0", config_item_perf_lookup,
|
||||
(void*) journald_gperf_lookup, false, s);
|
||||
(void*) journald_gperf_lookup, false, false, s);
|
||||
if (r < 0)
|
||||
log_warning("Failed to parse configuration file: %s", strerror(-r));
|
||||
|
||||
|
|
|
@ -1683,13 +1683,12 @@ int manager_run(Manager *m) {
|
|||
}
|
||||
|
||||
static int manager_parse_config_file(Manager *m) {
|
||||
FILE *f;
|
||||
const char *fn;
|
||||
static const char fn[] = "/etc/systemd/logind.conf";
|
||||
_cleanup_fclose_ FILE *f = NULL;
|
||||
int r;
|
||||
|
||||
assert(m);
|
||||
|
||||
fn = "/etc/systemd/logind.conf";
|
||||
f = fopen(fn, "re");
|
||||
if (!f) {
|
||||
if (errno == ENOENT)
|
||||
|
@ -1699,12 +1698,11 @@ static int manager_parse_config_file(Manager *m) {
|
|||
return -errno;
|
||||
}
|
||||
|
||||
r = config_parse(NULL, fn, f, "Login\0", config_item_perf_lookup, (void*) logind_gperf_lookup, false, m);
|
||||
r = config_parse(NULL, fn, f, "Login\0", config_item_perf_lookup,
|
||||
(void*) logind_gperf_lookup, false, false, m);
|
||||
if (r < 0)
|
||||
log_warning("Failed to parse configuration file: %s", strerror(-r));
|
||||
|
||||
fclose(f);
|
||||
|
||||
return r;
|
||||
}
|
||||
|
||||
|
|
|
@ -70,7 +70,7 @@ int log_syntax_internal(const char *unit, int level,
|
|||
"ERRNO=%d", error > 0 ? error : EINVAL,
|
||||
"MESSAGE=[%s:%u] %s", config_file, config_line, msg,
|
||||
NULL);
|
||||
log_info("logged here: '%s': %d", msg, r);
|
||||
|
||||
return r;
|
||||
}
|
||||
|
||||
|
@ -199,6 +199,7 @@ static int parse_line(const char* unit,
|
|||
ConfigItemLookup lookup,
|
||||
void *table,
|
||||
bool relaxed,
|
||||
bool allow_include,
|
||||
char **section,
|
||||
char *l,
|
||||
void *userdata) {
|
||||
|
@ -219,13 +220,19 @@ static int parse_line(const char* unit,
|
|||
return 0;
|
||||
|
||||
if (startswith(l, ".include ")) {
|
||||
_cleanup_free_ char *fn;
|
||||
_cleanup_free_ char *fn = NULL;
|
||||
|
||||
if (!allow_include) {
|
||||
log_syntax(unit, LOG_ERR, filename, line, EBADMSG,
|
||||
".include not allowed here. Ignoring.");
|
||||
return 0;
|
||||
}
|
||||
|
||||
fn = file_in_same_dir(filename, strstrip(l+9));
|
||||
if (!fn)
|
||||
return -ENOMEM;
|
||||
|
||||
return config_parse(unit, fn, NULL, sections, lookup, table, relaxed, userdata);
|
||||
return config_parse(unit, fn, NULL, sections, lookup, table, relaxed, false, userdata);
|
||||
}
|
||||
|
||||
if (*l == '[') {
|
||||
|
@ -299,11 +306,12 @@ int config_parse(const char *unit,
|
|||
ConfigItemLookup lookup,
|
||||
void *table,
|
||||
bool relaxed,
|
||||
bool allow_include,
|
||||
void *userdata) {
|
||||
|
||||
unsigned line = 0;
|
||||
_cleanup_free_ char *section = NULL, *continuation = NULL;
|
||||
_cleanup_fclose_ FILE *ours = NULL;
|
||||
unsigned line = 0;
|
||||
int r;
|
||||
|
||||
assert(filename);
|
||||
|
@ -370,6 +378,7 @@ int config_parse(const char *unit,
|
|||
lookup,
|
||||
table,
|
||||
relaxed,
|
||||
allow_include,
|
||||
§ion,
|
||||
p,
|
||||
userdata);
|
||||
|
|
|
@ -87,6 +87,7 @@ int config_parse(const char *unit,
|
|||
ConfigItemLookup lookup,
|
||||
void *table,
|
||||
bool relaxed,
|
||||
bool allow_include,
|
||||
void *userdata);
|
||||
|
||||
/* Generic parsers */
|
||||
|
|
|
@ -1015,7 +1015,7 @@ static int unit_file_load(
|
|||
}
|
||||
|
||||
r = config_parse(NULL, path, f, NULL,
|
||||
config_item_table_lookup, (void*) items, true, info);
|
||||
config_item_table_lookup, (void*) items, true, true, info);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
|
|
@ -275,7 +275,7 @@ static int parse_password(const char *filename, char **wall) {
|
|||
return -errno;
|
||||
}
|
||||
|
||||
r = config_parse(NULL, filename, f, NULL, config_item_table_lookup, (void*) items, true, NULL);
|
||||
r = config_parse(NULL, filename, f, NULL, config_item_table_lookup, (void*) items, true, false, NULL);
|
||||
if (r < 0) {
|
||||
log_error("Failed to parse password file %s: %s", filename, strerror(-r));
|
||||
goto finish;
|
||||
|
|
Loading…
Reference in New Issue