summaryrefslogtreecommitdiffstats
path: root/src/shared
diff options
context:
space:
mode:
Diffstat (limited to 'src/shared')
-rw-r--r--src/shared/ask-password-api.c29
-rw-r--r--src/shared/copy.c8
-rw-r--r--src/shared/copy.h39
-rw-r--r--src/shared/dissect-image.c1
-rw-r--r--src/shared/tests.c19
-rw-r--r--src/shared/tests.h34
6 files changed, 102 insertions, 28 deletions
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index bf79dc2..042c0ad 100644
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -167,7 +167,16 @@ static int ask_password_keyring(const AskPasswordRequest *req, AskPasswordFlags
if (r < 0)
return r;
- return retrieve_key(serial, ret);
+ _cleanup_strv_free_erase_ char **l = NULL;
+ r = retrieve_key(serial, &l);
+ if (r < 0)
+ return r;
+
+ if (strv_isempty(l))
+ return log_debug_errno(SYNTHETIC_ERRNO(ENOKEY), "Found an empty password from keyring.");
+
+ *ret = TAKE_PTR(l);
+ return 0;
}
static int backspace_chars(int ttyfd, size_t p) {
@@ -322,8 +331,8 @@ int ask_password_plymouth(
return -ENOENT;
} else if (IN_SET(buffer[0], 2, 9)) {
+ _cleanup_strv_free_erase_ char **l = NULL;
uint32_t size;
- char **l;
/* One or more answers */
if (p < 5)
@@ -341,15 +350,16 @@ int ask_password_plymouth(
if (!l)
return -ENOMEM;
- *ret = l;
- break;
+ if (strv_isempty(l))
+ return log_debug_errno(SYNTHETIC_ERRNO(ECANCELED), "Received an empty password.");
+
+ *ret = TAKE_PTR(l);
+ return 0;
} else
/* Unknown packet */
return -EIO;
}
-
- return 0;
}
#define NO_ECHO "(no echo) "
@@ -949,8 +959,8 @@ finish:
static int ask_password_credential(const AskPasswordRequest *req, AskPasswordFlags flags, char ***ret) {
_cleanup_(erase_and_freep) char *buffer = NULL;
+ _cleanup_strv_free_erase_ char **l = NULL;
size_t size;
- char **l;
int r;
assert(req);
@@ -965,7 +975,10 @@ static int ask_password_credential(const AskPasswordRequest *req, AskPasswordFla
if (!l)
return -ENOMEM;
- *ret = l;
+ if (strv_isempty(l))
+ return log_debug_errno(SYNTHETIC_ERRNO(ENOKEY), "Found an empty password in credential.");
+
+ *ret = TAKE_PTR(l);
return 0;
}
diff --git a/src/shared/copy.c b/src/shared/copy.c
index 8389774..9b90afa 100644
--- a/src/shared/copy.c
+++ b/src/shared/copy.c
@@ -982,6 +982,7 @@ static int fd_copy_directory(
_cleanup_close_ int fdf = -EBADF, fdt = -EBADF;
_cleanup_closedir_ DIR *d = NULL;
+ struct stat dt_st;
bool exists;
int r;
@@ -1026,6 +1027,9 @@ static int fd_copy_directory(
if (fdt < 0)
return fdt;
+ if (exists && FLAGS_SET(copy_flags, COPY_RESTORE_DIRECTORY_TIMESTAMPS) && fstat(fdt, &dt_st) < 0)
+ return -errno;
+
r = 0;
if (PTR_TO_INT(hashmap_get(denylist, st)) == DENY_CONTENTS) {
@@ -1125,7 +1129,9 @@ finish:
(void) copy_xattr(dirfd(d), NULL, fdt, NULL, copy_flags);
(void) futimens(fdt, (struct timespec[]) { st->st_atim, st->st_mtim });
- }
+ } else if (FLAGS_SET(copy_flags, COPY_RESTORE_DIRECTORY_TIMESTAMPS))
+ /* If the directory already exists, make sure the timestamps stay the same as before. */
+ (void) futimens(fdt, (struct timespec[]) { dt_st.st_atim, dt_st.st_mtim });
if (copy_flags & COPY_FSYNC_FULL) {
if (fsync(fdt) < 0)
diff --git a/src/shared/copy.h b/src/shared/copy.h
index b8fb28a..db95738 100644
--- a/src/shared/copy.h
+++ b/src/shared/copy.h
@@ -12,25 +12,26 @@
#include "set.h"
typedef enum CopyFlags {
- COPY_REFLINK = 1 << 0, /* Try to reflink */
- COPY_MERGE = 1 << 1, /* Merge existing trees with our new one to copy */
- COPY_REPLACE = 1 << 2, /* Replace an existing file if there's one */
- COPY_SAME_MOUNT = 1 << 3, /* Don't descend recursively into other file systems, across mount point boundaries */
- COPY_MERGE_EMPTY = 1 << 4, /* Merge an existing, empty directory with our new tree to copy */
- COPY_CRTIME = 1 << 5, /* Generate a user.crtime_usec xattr off the source crtime if there is one, on copying */
- COPY_SIGINT = 1 << 6, /* Check for SIGINT regularly and return EINTR if seen (caller needs to block SIGINT) */
- COPY_SIGTERM = 1 << 7, /* ditto, but for SIGTERM */
- COPY_MAC_CREATE = 1 << 8, /* Create files with the correct MAC label (currently SELinux only) */
- COPY_HARDLINKS = 1 << 9, /* Try to reproduce hard links */
- COPY_FSYNC = 1 << 10, /* fsync() after we are done */
- COPY_FSYNC_FULL = 1 << 11, /* fsync_full() after we are done */
- COPY_SYNCFS = 1 << 12, /* syncfs() the *top-level* dir after we are done */
- COPY_ALL_XATTRS = 1 << 13, /* Preserve all xattrs when copying, not just those in the user namespace */
- COPY_HOLES = 1 << 14, /* Copy holes */
- COPY_GRACEFUL_WARN = 1 << 15, /* Skip copying file types that aren't supported by the target filesystem */
- COPY_TRUNCATE = 1 << 16, /* Truncate to current file offset after copying */
- COPY_LOCK_BSD = 1 << 17, /* Return a BSD exclusively locked file descriptor referring to the copied image/directory. */
- COPY_VERIFY_LINKED = 1 << 18, /* Check the source file is still linked after copying. */
+ COPY_REFLINK = 1 << 0, /* Try to reflink */
+ COPY_MERGE = 1 << 1, /* Merge existing trees with our new one to copy */
+ COPY_REPLACE = 1 << 2, /* Replace an existing file if there's one */
+ COPY_SAME_MOUNT = 1 << 3, /* Don't descend recursively into other file systems, across mount point boundaries */
+ COPY_MERGE_EMPTY = 1 << 4, /* Merge an existing, empty directory with our new tree to copy */
+ COPY_CRTIME = 1 << 5, /* Generate a user.crtime_usec xattr off the source crtime if there is one, on copying */
+ COPY_SIGINT = 1 << 6, /* Check for SIGINT regularly and return EINTR if seen (caller needs to block SIGINT) */
+ COPY_SIGTERM = 1 << 7, /* ditto, but for SIGTERM */
+ COPY_MAC_CREATE = 1 << 8, /* Create files with the correct MAC label (currently SELinux only) */
+ COPY_HARDLINKS = 1 << 9, /* Try to reproduce hard links */
+ COPY_FSYNC = 1 << 10, /* fsync() after we are done */
+ COPY_FSYNC_FULL = 1 << 11, /* fsync_full() after we are done */
+ COPY_SYNCFS = 1 << 12, /* syncfs() the *top-level* dir after we are done */
+ COPY_ALL_XATTRS = 1 << 13, /* Preserve all xattrs when copying, not just those in the user namespace */
+ COPY_HOLES = 1 << 14, /* Copy holes */
+ COPY_GRACEFUL_WARN = 1 << 15, /* Skip copying file types that aren't supported by the target filesystem */
+ COPY_TRUNCATE = 1 << 16, /* Truncate to current file offset after copying */
+ COPY_LOCK_BSD = 1 << 17, /* Return a BSD exclusively locked file descriptor referring to the copied image/directory. */
+ COPY_VERIFY_LINKED = 1 << 18, /* Check the source file is still linked after copying. */
+ COPY_RESTORE_DIRECTORY_TIMESTAMPS = 1 << 19, /* Make sure existing directory timestamps don't change during copying. */
} CopyFlags;
typedef enum DenyType {
diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c
index a9e211f..6a39010 100644
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@@ -3077,6 +3077,7 @@ int dissected_image_decrypt_interactively(
if (r < 0)
return log_error_errno(r, "Failed to query for passphrase: %m");
+ assert(!strv_isempty(z));
passphrase = z[0];
}
}
diff --git a/src/shared/tests.c b/src/shared/tests.c
index 9169513..a919212 100644
--- a/src/shared/tests.c
+++ b/src/shared/tests.c
@@ -29,6 +29,7 @@
#include "strv.h"
#include "tests.h"
#include "tmpfile-util.h"
+#include "uid-range.h"
char* setup_fake_runtime_dir(void) {
char t[] = "/tmp/fake-xdg-runtime-XXXXXX", *p;
@@ -166,6 +167,24 @@ bool have_namespaces(void) {
assert_not_reached();
}
+bool userns_has_single_user(void) {
+ _cleanup_(uid_range_freep) UIDRange *uidrange = NULL, *gidrange = NULL;
+
+ /* Check if we're in a user namespace with only a single user mapped in. We special case this
+ * scenario in a few tests because it's the only kind of namespace that can be created unprivileged
+ * and as such happens more often than not, so we make sure to deal with it so that all tests pass
+ * in such environments. */
+
+ if (uid_range_load_userns(NULL, UID_RANGE_USERNS_INSIDE, &uidrange) < 0)
+ return false;
+
+ if (uid_range_load_userns(NULL, GID_RANGE_USERNS_INSIDE, &gidrange) < 0)
+ return false;
+
+ return uidrange->n_entries == 1 && uidrange->entries[0].nr == 1 &&
+ gidrange->n_entries == 1 && gidrange->entries[0].nr == 1;
+}
+
bool can_memlock(void) {
/* Let's see if we can mlock() a larger blob of memory. BPF programs are charged against
* RLIMIT_MEMLOCK, hence let's first make sure we can lock memory at all, and skip the test if we
diff --git a/src/shared/tests.h b/src/shared/tests.h
index 21f00db..f904c0d 100644
--- a/src/shared/tests.h
+++ b/src/shared/tests.h
@@ -76,6 +76,7 @@ void test_setup_logging(int level);
int write_tmpfile(char *pattern, const char *contents);
bool have_namespaces(void);
+bool userns_has_single_user(void);
/* We use the small but non-trivial limit here */
#define CAN_MEMLOCK_SIZE (512 * 1024U)
@@ -217,6 +218,39 @@ static inline int run_test_table(void) {
} \
})
+/* For funtions that return a boolean on success and a negative errno on failure. */
+#define ASSERT_OK_POSITIVE(expr) \
+ ({ \
+ typeof(expr) _result = (expr); \
+ if (_result < 0) { \
+ log_error_errno(_result, "%s:%i: Assertion failed: expected \"%s\" to succeed but got the following error: %m", \
+ PROJECT_FILE, __LINE__, #expr); \
+ abort(); \
+ } \
+ if (_result == 0) { \
+ log_error("%s:%i: Assertion failed: expected \"%s\" to be positive, but it is zero.", \
+ PROJECT_FILE, __LINE__, #expr); \
+ abort(); \
+ } \
+ })
+
+#define ASSERT_OK_ZERO(expr) \
+ ({ \
+ typeof(expr) _result = (expr); \
+ if (_result < 0) { \
+ log_error_errno(_result, "%s:%i: Assertion failed: expected \"%s\" to succeed but got the following error: %m", \
+ PROJECT_FILE, __LINE__, #expr); \
+ abort(); \
+ } \
+ if (_result != 0) { \
+ char _sexpr[DECIMAL_STR_MAX(typeof(expr))]; \
+ xsprintf(_sexpr, DECIMAL_STR_FMT(_result), _result); \
+ log_error("%s:%i: Assertion failed: expected \"%s\" to be zero, but it is %s.", \
+ PROJECT_FILE, __LINE__, #expr, _sexpr); \
+ abort(); \
+ } \
+ })
+
#define ASSERT_OK_ERRNO(expr) \
({ \
typeof(expr) _result = (expr); \
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-23 22:21:48 +0000