system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-09-06 16:56:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #20926 from yuwata/udev-net-wol-sopass

Browse source 
udev/net: introduce WakeOnLanPassword=
This commit is contained in:
Luca Boccassi 2021-10-06 23:36:05 +01:00 committed by GitHub
parent f415cdb372 d3867133f0
commit 0cf250022c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 237 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
man/systemd.link.xml
View file

@ -537,8 +537,17 @@
<varlistentry>
<term><option>secureon</option></term>
<listitem>
<para>Enable secureon(tm) password for MagicPacket(tm).
</para>
<para>Enable SecureOn password for MagicPacket. Implied when
<varname>WakeOnLanPassword=</varname> is specified. If specified without
<varname>WakeOnLanPassword=</varname> option, then the password is read from the
credential <literal><replaceable>LINK</replaceable>.link.wol.password</literal> (e.g.,
<literal>60-foo.link.wol.password</literal>), and if the credential not found, then
read from <literal>wol.password</literal>. See
<varname>LoadCredential=</varname>/<varname>SetCredential=</varname> in
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>1</manvolnum></citerefentry>
for details. The password in the credential, must be 6 bytes in hex format with each
byte separated by a colon (<literal>:</literal>) like an Ethernet MAC address, e.g.,
<literal>aa:bb:cc:dd:ee:ff</literal>.</para>
</listitem>
</varlistentry>
</variablelist>
@ -548,6 +557,19 @@
cleared.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>WakeOnLanPassword=</varname></term>
<listitem>
<para>Specifies the SecureOn password for MagicPacket. Takes an absolute path to a regular
file or an <constant>AF_UNIX</constant> stream socket, or the plain password. When a path to
a regular file is specified, the password is read from it. When an
<constant>AF_UNIX</constant> stream socket is specified, a connection is made to it and the
password is read from it. The password must be 6 bytes in hex format with each byte separated
by a colon (<literal>:</literal>) like an Ethernet MAC address, e.g.,
<literal>aa:bb:cc:dd:ee:ff</literal>. This implies <varname>WakeOnLan=secureon</varname>.
Defaults to unset, and the current value will not be changed.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>Port=</varname></term>
<listitem>

54
src/shared/ethtool-util.c
View file

@ -43,6 +43,11 @@ int wol_options_to_string_alloc(uint32_t opts, char **ret) {
assert(ret);
if (opts == UINT32_MAX) {
*ret = NULL;
return 0;
}
for (size_t i = 0; i < ELEMENTSOF(wol_option_map); i++)
if (opts & wol_option_map[i].opt &&
!strextend_with_separator(&str, ",", wol_option_map[i].name))
@ -55,7 +60,7 @@ int wol_options_to_string_alloc(uint32_t opts, char **ret) {
}
*ret = TAKE_PTR(str);
return 0;
return 1;
}
static const char* const port_table[] = {
@ -395,7 +400,12 @@ int ethtool_get_permanent_macaddr(int *ethtool_fd, const char *ifname, struct et
dest = _v; \
} while(false)
int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts) {
int ethtool_set_wol(
int *ethtool_fd,
const char *ifname,
uint32_t wolopts,
const uint8_t password[SOPASS_MAX]) {
struct ethtool_wolinfo ecmd = {
.cmd = ETHTOOL_GWOL,
};
@ -408,7 +418,8 @@ int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts) {
assert(ethtool_fd);
assert(ifname);
if (wolopts == UINT32_MAX)
if (wolopts == UINT32_MAX && !password)
/* Nothing requested. Return earlier. */
return 0;
r = ethtool_connect(ethtool_fd);
@ -420,16 +431,47 @@ int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts) {
if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0)
return -errno;
if (wolopts == UINT32_MAX) {
/* When password is specified without valid WoL options specified, then enable
* WAKE_MAGICSECURE flag if supported. */
wolopts = ecmd.wolopts;
if (password && FLAGS_SET(ecmd.supported, WAKE_MAGICSECURE))
wolopts |= WAKE_MAGICSECURE;
}
if ((wolopts & ~ecmd.supported) != 0) {
_cleanup_free_ char *str = NULL;
(void) wol_options_to_string_alloc(wolopts & ~ecmd.supported, &str);
log_debug("Network interface %s does not support requested Wake on LAN option(s) \"%s\", ignoring.",
ifname, strna(str));
wolopts &= ecmd.supported;
}
if (!FLAGS_SET(wolopts, WAKE_MAGICSECURE))
/* When WAKE_MAGICSECURE flag is not set, then ignore password. */
password = NULL;
UPDATE(ecmd.wolopts, wolopts, need_update);
if (password &&
memcmp(ecmd.sopass, password, sizeof(ecmd.sopass)) != 0) {
memcpy(ecmd.sopass, password, sizeof(ecmd.sopass));
need_update = true;
}
if (!need_update)
if (!need_update) {
explicit_bzero_safe(&ecmd, sizeof(ecmd));
return 0;
}
r = 0;
ecmd.cmd = ETHTOOL_SWOL;
if (ioctl(*ethtool_fd, SIOCETHTOOL, &ifr) < 0)
return -errno;
r = -errno;
return 0;
explicit_bzero_safe(&ecmd, sizeof(ecmd));
return r;
}
int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netdev_ring_param *ring) {

2
src/shared/ethtool-util.h
View file

@ -164,7 +164,7 @@ int ethtool_get_link_info(int *ethtool_fd, const char *ifname,
int *ret_autonegotiation, uint64_t *ret_speed,
Duplex *ret_duplex, NetDevPort *ret_port);
int ethtool_get_permanent_macaddr(int *ethtool_fd, const char *ifname, struct ether_addr *ret);
int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts);
int ethtool_set_wol(int *ethtool_fd, const char *ifname, uint32_t wolopts, const uint8_t password[SOPASS_MAX]);
int ethtool_set_nic_buffer_size(int *ethtool_fd, const char *ifname, const netdev_ring_param *ring);
int ethtool_set_features(int *ethtool_fd, const char *ifname, const int features[static _NET_DEV_FEAT_MAX]);
int ethtool_set_glinksettings(int *ethtool_fd, const char *ifname,

1
src/udev/net/link-config-gperf.gperf
View file

@ -49,6 +49,7 @@ Link.BitsPerSecond, config_parse_si_uint64,
Link.Duplex, config_parse_duplex, 0, offsetof(LinkConfig, duplex)
Link.AutoNegotiation, config_parse_tristate, 0, offsetof(LinkConfig, autonegotiation)
Link.WakeOnLan, config_parse_wol, 0, offsetof(LinkConfig, wol)
Link.WakeOnLanPassword, config_parse_wol_password, 0, 0
Link.Port, config_parse_port, 0, offsetof(LinkConfig, port)
Link.ReceiveChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_RXCSUM])
Link.TransmitChecksumOffload, config_parse_tristate, 0, offsetof(LinkConfig, features[NET_DEV_FEAT_TXCSUM])

162
src/udev/net/link-config.c
View file

@ -10,11 +10,13 @@
#include "alloc-util.h"
#include "conf-files.h"
#include "conf-parser.h"
#include "creds-util.h"
#include "def.h"
#include "device-private.h"
#include "device-util.h"
#include "ethtool-util.h"
#include "fd-util.h"
#include "fileio.h"
#include "link-config.h"
#include "log.h"
#include "memory-util.h"
@ -56,6 +58,8 @@ static LinkConfig* link_config_free(LinkConfig *link) {
strv_free(link->alternative_names);
free(link->alternative_names_policy);
free(link->alias);
free(link->wol_password_file);
erase_and_free(link->wol_password);
return mfree(link);
}
@ -101,6 +105,108 @@ int link_config_ctx_new(LinkConfigContext **ret) {
return 0;
}
static int link_parse_wol_password(LinkConfig *link, const char *str) {
_cleanup_(erase_and_freep) uint8_t *p = NULL;
int r;
assert(link);
assert(str);
assert_cc(sizeof(struct ether_addr) == SOPASS_MAX);
p = new(uint8_t, SOPASS_MAX);
if (!p)
return -ENOMEM;
/* Reuse ether_addr_from_string(), as their formats are equivalent. */
r = ether_addr_from_string(str, (struct ether_addr*) p);
if (r < 0)
return r;
erase_and_free(link->wol_password);
link->wol_password = TAKE_PTR(p);
return 0;
}
static int link_read_wol_password_from_file(LinkConfig *link) {
_cleanup_(erase_and_freep) char *password = NULL;
int r;
assert(link);
if (!link->wol_password_file)
return 0;
r = read_full_file_full(
AT_FDCWD, link->wol_password_file, UINT64_MAX, SIZE_MAX,
READ_FULL_FILE_SECURE | READ_FULL_FILE_WARN_WORLD_READABLE | READ_FULL_FILE_CONNECT_SOCKET,
NULL, &password, NULL);
if (r < 0)
return r;
return link_parse_wol_password(link, password);
}
static int link_read_wol_password_from_cred(LinkConfig *link) {
_cleanup_free_ char *base = NULL, *cred_name = NULL;
_cleanup_(erase_and_freep) char *password = NULL;
int r;
assert(link);
assert(link->filename);
if (link->wol == UINT32_MAX)
return 0; /* WakeOnLan= is not specified. */
if (!FLAGS_SET(link->wol, WAKE_MAGICSECURE))
return 0; /* secureon is not specified in WakeOnLan=. */
if (link->wol_password)
return 0; /* WakeOnLanPassword= is specified. */
if (link->wol_password_file)
return 0; /* a file name is specified in WakeOnLanPassword=, but failed to read it. */
r = path_extract_filename(link->filename, &base);
if (r < 0)
return r;
cred_name = strjoin(base, ".wol.password");
if (!cred_name)
return -ENOMEM;
r = read_credential(cred_name, (void**) &password, NULL);
if (r == -ENOENT)
r = read_credential("wol.password", (void**) &password, NULL);
if (r < 0)
return r;
return link_parse_wol_password(link, password);
}
static int link_adjust_wol_options(LinkConfig *link) {
int r;
assert(link);
r = link_read_wol_password_from_file(link);
if (r == -ENOMEM)
return log_oom();
if (r < 0)
log_warning_errno(r, "Failed to read WakeOnLan password from %s, ignoring: %m", link->wol_password_file);
r = link_read_wol_password_from_cred(link);
if (r == -ENOMEM)
return log_oom();
if (r < 0)
log_warning_errno(r, "Failed to read WakeOnLan password from credential, ignoring: %m");
if (link->wol != UINT32_MAX && link->wol_password)
/* Enable WAKE_MAGICSECURE flag when WakeOnLanPassword=. Note that when
* WakeOnLanPassword= is set without WakeOnLan=, then ethtool_set_wol() enables
* WAKE_MAGICSECURE flag and other flags are not changed. */
link->wol |= WAKE_MAGICSECURE;
return 0;
}
int link_load_one(LinkConfigContext *ctx, const char *filename) {
_cleanup_(link_config_freep) LinkConfig *link = NULL;
_cleanup_free_ char *name = NULL;
@ -177,6 +283,10 @@ int link_load_one(LinkConfigContext *ctx, const char *filename) {
link->mac = mfree(link->mac);
}
r = link_adjust_wol_options(link);
if (r < 0)
return r;
log_debug("Parsed configuration file %s", filename);
LIST_PREPEND(links, ctx->links, TAKE_PTR(link));
@ -329,13 +439,13 @@ static int link_config_apply_ethtool_settings(int *ethtool_fd, const LinkConfig
port_to_string(config->port));
}
r = ethtool_set_wol(ethtool_fd, name, config->wol);
r = ethtool_set_wol(ethtool_fd, name, config->wol, config->wol_password);
if (r < 0) {
_cleanup_free_ char *str = NULL;
(void) wol_options_to_string_alloc(config->wol, &str);
log_device_warning_errno(device, r, "Could not set WakeOnLan to %s, ignoring: %m",
strna(str));
log_device_warning_errno(device, r, "Could not set WakeOnLan%s%s, ignoring: %m",
isempty(str) ? "" : " to ", strempty(str));
}
r = ethtool_set_features(ethtool_fd, name, config->features);
@ -782,6 +892,52 @@ int config_parse_txqueuelen(
return 0;
}
int config_parse_wol_password(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
LinkConfig *link = userdata;
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(userdata);
if (isempty(rvalue)) {
link->wol_password = erase_and_free(link->wol_password);
link->wol_password_file = mfree(link->wol_password_file);
return 0;
}
if (path_is_absolute(rvalue) && path_is_safe(rvalue)) {
link->wol_password = erase_and_free(link->wol_password);
return free_and_strdup_warn(&link->wol_password_file, rvalue);
}
warn_file_is_world_accessible(filename, NULL, unit, line);
r = link_parse_wol_password(link, rvalue);
if (r == -ENOMEM)
return log_oom();
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to parse %s=, ignoring assignment: %s.", lvalue, rvalue);
return 0;
}
link->wol_password_file = mfree(link->wol_password_file);
return 0;
}
static const char* const mac_address_policy_table[_MAC_ADDRESS_POLICY_MAX] = {
[MAC_ADDRESS_POLICY_PERSISTENT] = "persistent",
[MAC_ADDRESS_POLICY_RANDOM] = "random",

3
src/udev/net/link-config.h
View file

@ -58,6 +58,8 @@ struct LinkConfig {
int autonegotiation;
uint32_t advertise[N_ADVERTISE];
uint32_t wol;
char *wol_password_file;
uint8_t *wol_password;
NetDevPort port;
int features[_NET_DEV_FEAT_MAX];
netdev_channels channels;
@ -97,6 +99,7 @@ const struct ConfigPerfItem* link_config_gperf_lookup(const char *key, GPERF_LEN
CONFIG_PARSER_PROTOTYPE(config_parse_ifalias);
CONFIG_PARSER_PROTOTYPE(config_parse_rx_tx_queues);
CONFIG_PARSER_PROTOTYPE(config_parse_txqueuelen);
CONFIG_PARSER_PROTOTYPE(config_parse_wol_password);
CONFIG_PARSER_PROTOTYPE(config_parse_mac_address_policy);
CONFIG_PARSER_PROTOTYPE(config_parse_name_policy);
CONFIG_PARSER_PROTOTYPE(config_parse_alternative_names_policy);

1
test/fuzz/fuzz-link-parser/directives.link
View file

@ -28,6 +28,7 @@ BitsPerSecond=
Duplex=
AutoNegotiation=
WakeOnLan=
WakeOnLanPassword=
Port=
ReceiveChecksumOffload=
TransmitChecksumOffload=