diff options
Diffstat (limited to '')
-rw-r--r-- | src/shared/ask-password-api.c | 29 | ||||
-rw-r--r-- | src/shared/copy.c | 8 | ||||
-rw-r--r-- | src/shared/copy.h | 39 | ||||
-rw-r--r-- | src/shared/dissect-image.c | 1 | ||||
-rw-r--r-- | src/shared/tests.c | 19 | ||||
-rw-r--r-- | src/shared/tests.h | 34 |
6 files changed, 102 insertions, 28 deletions
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c index bf79dc2..042c0ad 100644 --- a/src/shared/ask-password-api.c +++ b/src/shared/ask-password-api.c @@ -167,7 +167,16 @@ static int ask_password_keyring(const AskPasswordRequest *req, AskPasswordFlags if (r < 0) return r; - return retrieve_key(serial, ret); + _cleanup_strv_free_erase_ char **l = NULL; + r = retrieve_key(serial, &l); + if (r < 0) + return r; + + if (strv_isempty(l)) + return log_debug_errno(SYNTHETIC_ERRNO(ENOKEY), "Found an empty password from keyring."); + + *ret = TAKE_PTR(l); + return 0; } static int backspace_chars(int ttyfd, size_t p) { @@ -322,8 +331,8 @@ int ask_password_plymouth( return -ENOENT; } else if (IN_SET(buffer[0], 2, 9)) { + _cleanup_strv_free_erase_ char **l = NULL; uint32_t size; - char **l; /* One or more answers */ if (p < 5) @@ -341,15 +350,16 @@ int ask_password_plymouth( if (!l) return -ENOMEM; - *ret = l; - break; + if (strv_isempty(l)) + return log_debug_errno(SYNTHETIC_ERRNO(ECANCELED), "Received an empty password."); + + *ret = TAKE_PTR(l); + return 0; } else /* Unknown packet */ return -EIO; } - - return 0; } #define NO_ECHO "(no echo) " @@ -949,8 +959,8 @@ finish: static int ask_password_credential(const AskPasswordRequest *req, AskPasswordFlags flags, char ***ret) { _cleanup_(erase_and_freep) char *buffer = NULL; + _cleanup_strv_free_erase_ char **l = NULL; size_t size; - char **l; int r; assert(req); @@ -965,7 +975,10 @@ static int ask_password_credential(const AskPasswordRequest *req, AskPasswordFla if (!l) return -ENOMEM; - *ret = l; + if (strv_isempty(l)) + return log_debug_errno(SYNTHETIC_ERRNO(ENOKEY), "Found an empty password in credential."); + + *ret = TAKE_PTR(l); return 0; } diff --git a/src/shared/copy.c b/src/shared/copy.c index 8389774..9b90afa 100644 --- a/src/shared/copy.c +++ b/src/shared/copy.c @@ -982,6 +982,7 @@ static int fd_copy_directory( _cleanup_close_ int fdf = -EBADF, fdt = -EBADF; _cleanup_closedir_ DIR *d = NULL; + struct stat dt_st; bool exists; int r; @@ -1026,6 +1027,9 @@ static int fd_copy_directory( if (fdt < 0) return fdt; + if (exists && FLAGS_SET(copy_flags, COPY_RESTORE_DIRECTORY_TIMESTAMPS) && fstat(fdt, &dt_st) < 0) + return -errno; + r = 0; if (PTR_TO_INT(hashmap_get(denylist, st)) == DENY_CONTENTS) { @@ -1125,7 +1129,9 @@ finish: (void) copy_xattr(dirfd(d), NULL, fdt, NULL, copy_flags); (void) futimens(fdt, (struct timespec[]) { st->st_atim, st->st_mtim }); - } + } else if (FLAGS_SET(copy_flags, COPY_RESTORE_DIRECTORY_TIMESTAMPS)) + /* If the directory already exists, make sure the timestamps stay the same as before. */ + (void) futimens(fdt, (struct timespec[]) { dt_st.st_atim, dt_st.st_mtim }); if (copy_flags & COPY_FSYNC_FULL) { if (fsync(fdt) < 0) diff --git a/src/shared/copy.h b/src/shared/copy.h index b8fb28a..db95738 100644 --- a/src/shared/copy.h +++ b/src/shared/copy.h @@ -12,25 +12,26 @@ #include "set.h" typedef enum CopyFlags { - COPY_REFLINK = 1 << 0, /* Try to reflink */ - COPY_MERGE = 1 << 1, /* Merge existing trees with our new one to copy */ - COPY_REPLACE = 1 << 2, /* Replace an existing file if there's one */ - COPY_SAME_MOUNT = 1 << 3, /* Don't descend recursively into other file systems, across mount point boundaries */ - COPY_MERGE_EMPTY = 1 << 4, /* Merge an existing, empty directory with our new tree to copy */ - COPY_CRTIME = 1 << 5, /* Generate a user.crtime_usec xattr off the source crtime if there is one, on copying */ - COPY_SIGINT = 1 << 6, /* Check for SIGINT regularly and return EINTR if seen (caller needs to block SIGINT) */ - COPY_SIGTERM = 1 << 7, /* ditto, but for SIGTERM */ - COPY_MAC_CREATE = 1 << 8, /* Create files with the correct MAC label (currently SELinux only) */ - COPY_HARDLINKS = 1 << 9, /* Try to reproduce hard links */ - COPY_FSYNC = 1 << 10, /* fsync() after we are done */ - COPY_FSYNC_FULL = 1 << 11, /* fsync_full() after we are done */ - COPY_SYNCFS = 1 << 12, /* syncfs() the *top-level* dir after we are done */ - COPY_ALL_XATTRS = 1 << 13, /* Preserve all xattrs when copying, not just those in the user namespace */ - COPY_HOLES = 1 << 14, /* Copy holes */ - COPY_GRACEFUL_WARN = 1 << 15, /* Skip copying file types that aren't supported by the target filesystem */ - COPY_TRUNCATE = 1 << 16, /* Truncate to current file offset after copying */ - COPY_LOCK_BSD = 1 << 17, /* Return a BSD exclusively locked file descriptor referring to the copied image/directory. */ - COPY_VERIFY_LINKED = 1 << 18, /* Check the source file is still linked after copying. */ + COPY_REFLINK = 1 << 0, /* Try to reflink */ + COPY_MERGE = 1 << 1, /* Merge existing trees with our new one to copy */ + COPY_REPLACE = 1 << 2, /* Replace an existing file if there's one */ + COPY_SAME_MOUNT = 1 << 3, /* Don't descend recursively into other file systems, across mount point boundaries */ + COPY_MERGE_EMPTY = 1 << 4, /* Merge an existing, empty directory with our new tree to copy */ + COPY_CRTIME = 1 << 5, /* Generate a user.crtime_usec xattr off the source crtime if there is one, on copying */ + COPY_SIGINT = 1 << 6, /* Check for SIGINT regularly and return EINTR if seen (caller needs to block SIGINT) */ + COPY_SIGTERM = 1 << 7, /* ditto, but for SIGTERM */ + COPY_MAC_CREATE = 1 << 8, /* Create files with the correct MAC label (currently SELinux only) */ + COPY_HARDLINKS = 1 << 9, /* Try to reproduce hard links */ + COPY_FSYNC = 1 << 10, /* fsync() after we are done */ + COPY_FSYNC_FULL = 1 << 11, /* fsync_full() after we are done */ + COPY_SYNCFS = 1 << 12, /* syncfs() the *top-level* dir after we are done */ + COPY_ALL_XATTRS = 1 << 13, /* Preserve all xattrs when copying, not just those in the user namespace */ + COPY_HOLES = 1 << 14, /* Copy holes */ + COPY_GRACEFUL_WARN = 1 << 15, /* Skip copying file types that aren't supported by the target filesystem */ + COPY_TRUNCATE = 1 << 16, /* Truncate to current file offset after copying */ + COPY_LOCK_BSD = 1 << 17, /* Return a BSD exclusively locked file descriptor referring to the copied image/directory. */ + COPY_VERIFY_LINKED = 1 << 18, /* Check the source file is still linked after copying. */ + COPY_RESTORE_DIRECTORY_TIMESTAMPS = 1 << 19, /* Make sure existing directory timestamps don't change during copying. */ } CopyFlags; typedef enum DenyType { diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index a9e211f..6a39010 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -3077,6 +3077,7 @@ int dissected_image_decrypt_interactively( if (r < 0) return log_error_errno(r, "Failed to query for passphrase: %m"); + assert(!strv_isempty(z)); passphrase = z[0]; } } diff --git a/src/shared/tests.c b/src/shared/tests.c index 9169513..a919212 100644 --- a/src/shared/tests.c +++ b/src/shared/tests.c @@ -29,6 +29,7 @@ #include "strv.h" #include "tests.h" #include "tmpfile-util.h" +#include "uid-range.h" char* setup_fake_runtime_dir(void) { char t[] = "/tmp/fake-xdg-runtime-XXXXXX", *p; @@ -166,6 +167,24 @@ bool have_namespaces(void) { assert_not_reached(); } +bool userns_has_single_user(void) { + _cleanup_(uid_range_freep) UIDRange *uidrange = NULL, *gidrange = NULL; + + /* Check if we're in a user namespace with only a single user mapped in. We special case this + * scenario in a few tests because it's the only kind of namespace that can be created unprivileged + * and as such happens more often than not, so we make sure to deal with it so that all tests pass + * in such environments. */ + + if (uid_range_load_userns(NULL, UID_RANGE_USERNS_INSIDE, &uidrange) < 0) + return false; + + if (uid_range_load_userns(NULL, GID_RANGE_USERNS_INSIDE, &gidrange) < 0) + return false; + + return uidrange->n_entries == 1 && uidrange->entries[0].nr == 1 && + gidrange->n_entries == 1 && gidrange->entries[0].nr == 1; +} + bool can_memlock(void) { /* Let's see if we can mlock() a larger blob of memory. BPF programs are charged against * RLIMIT_MEMLOCK, hence let's first make sure we can lock memory at all, and skip the test if we diff --git a/src/shared/tests.h b/src/shared/tests.h index 21f00db..f904c0d 100644 --- a/src/shared/tests.h +++ b/src/shared/tests.h @@ -76,6 +76,7 @@ void test_setup_logging(int level); int write_tmpfile(char *pattern, const char *contents); bool have_namespaces(void); +bool userns_has_single_user(void); /* We use the small but non-trivial limit here */ #define CAN_MEMLOCK_SIZE (512 * 1024U) @@ -217,6 +218,39 @@ static inline int run_test_table(void) { } \ }) +/* For funtions that return a boolean on success and a negative errno on failure. */ +#define ASSERT_OK_POSITIVE(expr) \ + ({ \ + typeof(expr) _result = (expr); \ + if (_result < 0) { \ + log_error_errno(_result, "%s:%i: Assertion failed: expected \"%s\" to succeed but got the following error: %m", \ + PROJECT_FILE, __LINE__, #expr); \ + abort(); \ + } \ + if (_result == 0) { \ + log_error("%s:%i: Assertion failed: expected \"%s\" to be positive, but it is zero.", \ + PROJECT_FILE, __LINE__, #expr); \ + abort(); \ + } \ + }) + +#define ASSERT_OK_ZERO(expr) \ + ({ \ + typeof(expr) _result = (expr); \ + if (_result < 0) { \ + log_error_errno(_result, "%s:%i: Assertion failed: expected \"%s\" to succeed but got the following error: %m", \ + PROJECT_FILE, __LINE__, #expr); \ + abort(); \ + } \ + if (_result != 0) { \ + char _sexpr[DECIMAL_STR_MAX(typeof(expr))]; \ + xsprintf(_sexpr, DECIMAL_STR_FMT(_result), _result); \ + log_error("%s:%i: Assertion failed: expected \"%s\" to be zero, but it is %s.", \ + PROJECT_FILE, __LINE__, #expr, _sexpr); \ + abort(); \ + } \ + }) + #define ASSERT_OK_ERRNO(expr) \ ({ \ typeof(expr) _result = (expr); \ |