Egor Ignatov
1d8aae4327
shared: add libpasswdqc support
...
Co-authored-by: Dmitry V. Levin <ldv@altlinux.org>
Resolves : #15055
2023-07-06 10:59:41 +00:00
Egor Ignatov
d34b1823ca
shared: add password quality check abstraction layer to support both pwquality and passwdqc
...
Co-authored-by: Dmitry V. Levin <ldv@altlinux.org>
2023-07-06 10:59:41 +00:00
Dmitry V. Levin
6377f57fa7
homed: change user_record_quality_check_password to use quality_check_password
...
With this change, the only direct users of libpwquality functions
are those defined in pwquality-util.
2023-07-06 10:59:41 +00:00
Dmitry V. Levin
bc0ef0e2c0
pwquality: add old password argument to quality_check_password
...
This would allow to use quality_check_password() in
user_record_quality_check_password() which still uses
sym_pwquality_check() directly.
2023-07-06 10:59:41 +00:00
Dmitry V. Levin
0351d560a2
pwquality: do not log password suggestions
...
As logging password suggestions might leak sensitive information,
print it instead.
Suggested-by: Yu Watanabe <watanabe.yu+github@gmail.com>
2023-07-06 10:59:41 +00:00
Dmitry V. Levin
7fc3f9c032
pwquality: fix quality_check_password return value
...
quality_check_password() used to return the same value 0 in two
different cases: when pwq_allocate_context() failed with a
ERRNO_IS_NOT_SUPPORTED() code, and when pwquality_check() rejected the
password. As result, users of quality_check_password() used to report
password weakness also in case when the underlying library was not
available.
Fix this by changing quality_check_password() to forward the
ERRNO_IS_NOT_SUPPORTED() code to its callers, and change the callers
to handle this case gracefully.
2023-07-06 10:59:41 +00:00
Dmitry V. Levin
29dd2e253c
pwquality: fix use of ERRNO_IS_NOT_SUPPORTED
...
Given that ERRNO_IS_*() also match positive values, call
ERRNO_IS_NOT_SUPPORTED() only if the value returned by
pwq_allocate_context() is negative.
2023-07-06 10:59:41 +00:00
Joerg Behrmann
5bc9ea070f
treewide: fix "an" before consonant U sounds
...
The article "a" goes before consonant sounds and "an" goes before vowel
sounds. This commit changes an to a for UKI, UDP, UTF-8, URL, UUID, U-Label, UI
and USB, since they start with the sound /ˌjuː/.
2023-07-06 11:59:41 +01:00
Andrew Baxter
1b91662ca0
Hwdb: Add Sanwa Direct 400-MA128 external trackpad ( #28272 )
...
* Hwdb: Add Sanwa Direct 400-MA128 external trackpad
```
$ udevadm info /dev/input/by-path/pci-0000:28:00.3-usb-0:1.4.4.1:1.1-event-mouse
P: /devices/pci0000:00/0000:00:07.1/0000:28:00.3/usb5/5-1/5-1.4/5-1.4.4/5-1.4.4.1/5-1.4.4.1:1.1/0003:258A:0501.0097/input/input256/event15
M: event15
R: 15
U: input
D: c 13:79
N: input/event15
L: 0
S: input/by-id/usb-SINO_WEALTH_USB_TOUCHPAD-if01-event-mouse
S: input/by-path/pci-0000:28:00.3-usb-0:1.4.4.1:1.1-event-mouse
E: DEVPATH=/devices/pci0000:00/0000:00:07.1/0000:28:00.3/usb5/5-1/5-1.4/5-1.4.4/5-1.4.4.1/5-1.4.4.1:1.1/0003:258A:0501.0097/input/input256/event15
E: DEVNAME=/dev/input/event15
E: MAJOR=13
E: MINOR=79
E: SUBSYSTEM=input
E: USEC_INITIALIZED=3436890430330
E: ID_INPUT=1
E: ID_INPUT_TOUCHPAD=1
E: ID_INPUT_WIDTH_MM=106
E: ID_INPUT_HEIGHT_MM=77
E: ID_BUS=usb
E: ID_MODEL=USB_TOUCHPAD
E: ID_MODEL_ENC=USB\x20TOUCHPAD
E: ID_MODEL_ID=0501
E: ID_SERIAL=SINO_WEALTH_USB_TOUCHPAD
E: ID_VENDOR=SINO_WEALTH
E: ID_VENDOR_ENC=SINO\x20WEALTH
E: ID_VENDOR_ID=258a
E: ID_REVISION=0521
E: ID_TYPE=hid
E: ID_USB_MODEL=USB_TOUCHPAD
E: ID_USB_MODEL_ENC=USB\x20TOUCHPAD
E: ID_USB_MODEL_ID=0501
E: ID_USB_SERIAL=SINO_WEALTH_USB_TOUCHPAD
E: ID_USB_VENDOR=SINO_WEALTH
E: ID_USB_VENDOR_ENC=SINO\x20WEALTH
E: ID_USB_VENDOR_ID=258a
E: ID_USB_REVISION=0521
E: ID_USB_TYPE=hid
E: ID_USB_INTERFACES=:030101:030000:
E: ID_USB_INTERFACE_NUM=01
E: ID_USB_DRIVER=usbhid
E: ID_PATH=pci-0000:28:00.3-usb-0:1.4.4.1:1.1
E: ID_PATH_TAG=pci-0000_28_00_3-usb-0_1_4_4_1_1_1
E: ID_INPUT_TOUCHPAD_INTEGRATION=internal
E: LIBINPUT_DEVICE_GROUP=3/258a/501:usb-0000:28:00.3-1.4.4
E: DEVLINKS=/dev/input/by-id/usb-SINO_WEALTH_USB_TOUCHPAD-if01-event-mouse /dev/input/by-path/pci-0000:28:00.3-usb-0:1.4.4.1:1.1-event-mouse
```
Link to product: https://www.amazon.co.jp/gp/product/B07Z5HCMFP
2023-07-06 11:42:33 +01:00
Thomas Genty
7d06cd73c2
hwdb: add support for Archos 101 Cesium to 60-sensor.hwdb ( #28270 )
...
Co-authored-by: Yu Watanabe <watanabe.yu+github@gmail.com>
2023-07-06 18:39:28 +08:00
Antonio Alvarez Feijoo
0a3d108f46
tpm2-util: remove unnecessary semicolon
2023-07-06 10:44:23 +01:00
Yu Watanabe
efa5521be8
network/json: introduce PreferredLifetimeUSec and ValidLifetimeUSec
2023-07-06 11:41:49 +02:00
Lennart Poettering
9103278ff7
Merge pull request #28265 from yuwata/network-captive-portal-follow-ups
...
network: several follow-ups for captive portal support
2023-07-06 11:39:24 +02:00
Lennart Poettering
4ab426bf56
service: explicitly cast float to usec_t
...
Let's cast these floats explicitly to usec_t, since implicit
float-to-integer casts are dangerous business, and we should underline
that there's a cast happening here.
2023-07-06 11:21:35 +02:00
Yu Watanabe
ea792cacb9
core/service: make restart delay increase more smoothly
...
Suggested in https://github.com/systemd/systemd/pull/26902#issuecomment-1620400583 .
2023-07-06 11:20:13 +02:00
Lennart Poettering
eade959b90
NEWS: more preparation for 254-rc1
2023-07-06 11:16:16 +02:00
Lennart Poettering
a130b09513
Merge pull request #27713 from ddstreet/tpm2_replace_make_primary
...
Tpm2 replace make primary
2023-07-06 10:22:12 +02:00
Lennart Poettering
e40cad1f3c
Merge pull request #28243 from bluca/sbat_initrd
...
ukify: enable --sbat for UKIs too
2023-07-06 10:21:44 +02:00
Yu Watanabe
52ee8ecf07
networkctl: urlify captive portal entry
2023-07-06 14:55:58 +09:00
Yu Watanabe
62eaf8d039
test-network: drop ExecReload= in networkd.service and udevd.service
...
Follow-up for 0e07cdb0e7
and
f84331539d
.
2023-07-06 14:55:58 +09:00
Yu Watanabe
2c5bca1734
network/ndisc: downgrade log level
...
The failures may be critical for per-link operation, but not critical
for the service.
2023-07-06 14:55:58 +09:00
Yu Watanabe
64de00c49f
network: handle captive portal with multiple routers
...
Before this patch, if a network has multiple routers and one of them
provides a captive portal, then the portal was overwritten or cleared
when another RA from another router is received.
This makes captive portals managed in the similar way as DNS servers or
DNS domains. So now captive portal can safely handled even if a network
has multiple routers.
2023-07-06 14:55:58 +09:00
Yu Watanabe
04eaf63c66
network: update comment
2023-07-06 14:55:58 +09:00
Yu Watanabe
6341ea5467
network: introduce link_get_captive_portal()
...
Then, downgrade log level of the message about mis-match of captive
portals in different protocols.
2023-07-06 14:55:46 +09:00
Yu Watanabe
21da5178ec
Merge pull request #28262 from YHNdnzj/transaction-followup
...
Follow-ups for PropagatesStopTo= fix
2023-07-06 12:55:25 +09:00
Dan Streetman
20988602ff
tpm2: remove tpm2_make_primary()
...
Replace use of tpm2_make_primary() with tpm2_create_loaded()
2023-07-05 17:39:33 -04:00
Dan Streetman
98497426d6
tpm2: move local vars in tpm2_unseal() to point of use
...
No functional change; cosmetic only.
2023-07-05 17:39:18 -04:00
Dan Streetman
cea525a902
tpm2: add tpm2_get_or_create_srk()
...
Add function to simplify getting the TPM SRK; if one exists, it is provided,
otherwise one is created and then the new SRK provided.
This also add tpm2_create_loaded() and updates tpm2_seal() to use the new
functions instead of tpm2_make_primary().
2023-07-05 17:39:18 -04:00
Dan Streetman
d2d29c3be2
tpm2: add tpm2_persist_handle()
...
Add function to convert a transient handle in the TPM into a persistent handle
in the TPM.
2023-07-05 17:38:31 -04:00
Dan Streetman
cbc92a3172
tpm2: cache TPM algorithms
...
Cache the supported algorithms when creating a new context.
2023-07-05 17:33:55 -04:00
Dan Streetman
adbf0c8cfb
tpm2: cache the TPM supported commands, add tpm2_supports_command()
...
Cache the TPM's supported commands and provide a function to check if a command
is supported.
2023-07-05 17:33:55 -04:00
Dan Streetman
3f27ba9954
basic/alloc-util: add greedy_realloc_append()
...
Add function to perform greedy realloc as well as copying the new data into the
newly allocated space.
2023-07-05 17:33:55 -04:00
Dan Streetman
9ea0ffe612
tpm2: replace tpm2_capability_pcrs() macro with direct c->capaiblity_pcrs use
2023-07-05 17:33:55 -04:00
Dan Streetman
e3f1f21076
tpm2: add tpm2_create()
...
This allows creating a new object (e.g. sealed secret) or key using the TPM.
Note that the new object/key is not loaded in the TPM after creation.
2023-07-05 17:33:55 -04:00
Dan Streetman
180444b885
tpm2: replace magic number in hmac_sensitive initialization
...
Instead of setting hmac_sensitive.sensitive.data.size to '32' use the actual
hash size as set in the hmac_template.
2023-07-05 17:33:55 -04:00
Dan Streetman
ee6a8713ab
tpm2: move local vars in tpm2_seal() to point of use
...
No functional change; cosmetic only.
2023-07-05 17:33:55 -04:00
Dan Streetman
efe153bdc2
tpm2: add tpm2_load_external()
...
This allows loading an external object/key (e.g. an openssl public key) into
the TPM.
2023-07-05 17:33:55 -04:00
Dan Streetman
d1d0de735d
tpm2: add tpm2_load()
...
This function allows loading an object (e.g. a sealed secret) or key into the
TPM.
2023-07-05 17:33:55 -04:00
Lennart Poettering
6c1d10fe03
update syscall tables for upcoming v254
2023-07-05 23:18:16 +02:00
Lennart Poettering
61905882c9
update hwdb autosuspend data for v254
2023-07-05 23:18:16 +02:00
Lennart Poettering
4560f9821b
meson: run forgotten 'update-man-rules'
2023-07-05 23:18:16 +02:00
Mike Yuan
bf3dfa6202
TEST-03-JOBS: test indirect PropagatesStopTo=
2023-07-06 05:12:04 +08:00
Mike Yuan
4893902be8
core/transaction: correctly skip unneeded operations for PropagatesStopTo=
...
Follow-up for 48cb073db8
Break out from LIST_FOREACH correctly if nt == JOB_NOP.
Shouldn't have functional changes, just optimization.
2023-07-06 05:12:04 +08:00
Luca Boccassi
9d54e578f7
Merge pull request #28258 from poettering/boot-feature-catchup
...
sd-boot/sd-stub boot feature flag catchup
2023-07-05 21:40:43 +01:00
Luca Boccassi
79be4b7da8
Merge pull request #28255 from yuwata/sd-device-fix-clone
...
sd-device: fix device_clone_with_db()
2023-07-05 21:38:52 +01:00
Frantisek Sumsal
ba4a1cd8a8
test: replace readfp() with read_file()
...
ConfigParser.readfp() has been deprecated since Python 3.2 and was
dropped completely in Python 3.11.
2023-07-05 21:38:24 +01:00
Luca Boccassi
635c6ea622
ukify: measure sbat section too
2023-07-05 21:31:08 +01:00
Luca Boccassi
a8b645dec8
ukify: enable --sbat for UKIs too
...
For confidential computing they want to be able to revoke initrds too, so allow
passing a specific --sbat section when building a UKI too, not just an addon.
Merge it with the stub and kernel sections.
2023-07-05 21:31:08 +01:00
Lennart Poettering
c75f81292d
hwdb update for v246-rc1
2023-07-05 22:00:38 +02:00
Lennart Poettering
983d621e11
hostname-setup: don't pass "true" to a flags parameter
2023-07-06 03:10:31 +08:00