18052125394

Committed 26 Sep 2025 11:00PM UTC coverage: 72.224% (+0.02%) from 72.205%

Build # 18052125394

Build Type

push

github

Committed by

YHNdnzj

Commit Message

pam_systemd: correct alignment

Follow-up for cf2630aca

Run Details

303350 of 420010 relevant lines covered (72.22%)

1058085.05 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

20.9

/src/ssh-generator/ssh-proxy.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <unistd.h>

#include "sd-varlink.h"

#include "alloc-util.h"
#include "fd-util.h"
#include "io-util.h"
#include "iovec-util.h"
#include "log.h"
#include "main-func.h"
#include "path-lookup.h"
#include "socket-util.h"
#include "string-util.h"
#include "strv.h"

static int process_vsock_cid(unsigned cid, const char *port) {
        int r;

        assert(cid != VMADDR_CID_ANY);
        assert(port);

        union sockaddr_union sa = {
                .vm.svm_cid = cid,
                .vm.svm_family = AF_VSOCK,
        };

        r = vsock_parse_port(port, &sa.vm.svm_port);
        if (r < 0)
                return log_error_errno(r, "Failed to parse vsock port: %s", port);

        _cleanup_close_ int fd = socket(AF_VSOCK, SOCK_STREAM|SOCK_CLOEXEC, 0);
        if (fd < 0)
                return log_error_errno(errno, "Failed to allocate AF_VSOCK socket: %m");

        if (connect(fd, &sa.sa, sockaddr_len(&sa)) < 0)
                return log_error_errno(errno, "Failed to connect to vsock:%u:%u: %m", sa.vm.svm_cid, sa.vm.svm_port);

        /* OpenSSH wants us to send a single byte along with the file descriptor, hence do so */
        r = send_one_fd_iov(STDOUT_FILENO, fd, &iovec_nul_byte, /* iovlen= */ 1, /* flags= */ 0);
        if (r < 0)
                return log_error_errno(r, "Failed to send socket via STDOUT: %m");

        log_debug("Successfully sent AF_VSOCK socket via STDOUT.");
        return 0;
}

static int process_vsock_string(const char *host, const char *port) {
        unsigned cid;
        int r;

        assert(host);
        assert(port);

        r = vsock_parse_cid(host, &cid);
        if (r < 0)
                return log_error_errno(r, "Failed to parse vsock cid: %s", host);

        return process_vsock_cid(cid, port);
}

static int process_unix(const char *path) {
        int r;

        assert(path);

        /* We assume the path is absolute unless it starts with a dot (or is already explicitly absolute) */
        _cleanup_free_ char *prefixed = NULL;
        if (!STARTSWITH_SET(path, "/", "./")) {
                prefixed = strjoin("/", path);
                if (!prefixed)
                        return log_oom();

                path = prefixed;
        }

        _cleanup_close_ int fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
        if (fd < 0)
                return log_error_errno(errno, "Failed to allocate AF_UNIX socket: %m");

        r = connect_unix_path(fd, AT_FDCWD, path);
        if (r < 0)
                return log_error_errno(r, "Failed to connect to AF_UNIX socket %s: %m", path);

        r = send_one_fd_iov(STDOUT_FILENO, fd, &iovec_nul_byte, /* iovlen= */ 1, /* flags= */ 0);
        if (r < 0)
                return log_error_errno(r, "Failed to send socket via STDOUT: %m");

        log_debug("Successfully sent AF_UNIX socket via STDOUT.");
        return 0;
}

static int process_vsock_mux(const char *path, const char *port) {
        int r;

        assert(path);
        assert(port);

        /* We assume the path is absolute unless it starts with a dot (or is already explicitly absolute) */
        _cleanup_free_ char *prefixed = NULL;
        if (!STARTSWITH_SET(path, "/", "./")) {
                prefixed = strjoin("/", path);
                if (!prefixed)
                        return log_oom();

                path = prefixed;
        }

        _cleanup_close_ int fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
        if (fd < 0)
                return log_error_errno(errno, "Failed to allocate AF_UNIX socket: %m");

        r = connect_unix_path(fd, AT_FDCWD, path);
        if (r < 0)
                return log_error_errno(r, "Failed to connect to AF_UNIX socket %s: %m", path);

        /* Based on the protocol as defined here:
         * https://github.com/cloud-hypervisor/cloud-hypervisor/blob/main/docs/vsock.md
         * https://github.com/firecracker-microvm/firecracker/blob/main/docs/vsock.md */
        _cleanup_free_ char *connect_cmd = NULL;
        connect_cmd = strjoin("CONNECT ", port, "\n");
        if (!connect_cmd)
                return log_oom();

        r = loop_write(fd, connect_cmd, SIZE_MAX);
        if (r < 0)
                return log_error_errno(r, "Failed to send CONNECT to %s:%s: %m", path, port);

        r = send_one_fd_iov(STDOUT_FILENO, fd, &iovec_nul_byte, /* iovlen= */ 1, /* flags= */ 0);
        if (r < 0)
                return log_error_errno(r, "Failed to send socket via STDOUT: %m");

        log_debug("Successfully sent AF_UNIX socket via STDOUT.");
        return 0;
}

static int fetch_machine(const char *machine, RuntimeScope scope, sd_json_variant **ret) {
        int r;

        assert(machine);
        assert(ret);

        _cleanup_free_ char *addr = NULL;
        r = runtime_directory_generic(scope, "machine/io.systemd.Machine", &addr);
        if (r < 0)
                return r;

        _cleanup_(sd_varlink_unrefp) sd_varlink *vl = NULL;
        r = sd_varlink_connect_address(&vl, addr);
        if (r < 0)
                return log_error_errno(r, "Failed to connect to machined on %s: %m", addr);

        _cleanup_(sd_json_variant_unrefp) sd_json_variant *result = NULL;
        const char *error_id;
        r = sd_varlink_callbo(
                        vl,
                        "io.systemd.Machine.List",
                        &result,
                        &error_id,
                        SD_JSON_BUILD_PAIR("name", SD_JSON_BUILD_STRING(machine)));
        if (r < 0)
                return log_error_errno(r, "Failed to issue io.systemd.Machine.List() varlink call: %m");
        if (error_id) {
                if (streq(error_id, "io.systemd.Machine.NoSuchMachine"))
                        return -ESRCH;

                r = sd_varlink_error_to_errno(error_id, result); /* If this is a system errno style error, output it with %m */
                if (r != -EBADR)
                        return log_error_errno(r, "Failed to issue io.systemd.Machine.List() varlink call: %m");

                return log_error_errno(r, "Failed to issue io.systemd.Machine.List() varlink call: %s", error_id);
        }

        *ret = TAKE_PTR(result);
        return 0;
}

static int process_machine(const char *machine, const char *port) {
        int r;

        assert(machine);
        assert(port);

        _cleanup_(sd_json_variant_unrefp) sd_json_variant *result = NULL;
        r = fetch_machine(machine, RUNTIME_SCOPE_USER, &result);
        if (r == -ESRCH)
                r = fetch_machine(machine, RUNTIME_SCOPE_SYSTEM, &result);
        if (r < 0)
                return r;

        uint32_t cid = VMADDR_CID_ANY;

        static const sd_json_dispatch_field dispatch_table[] = {
                { "vSockCid", SD_JSON_VARIANT_UNSIGNED, sd_json_dispatch_uint32, 0, 0 },
                {}
        };

        r = sd_json_dispatch(result, dispatch_table, SD_JSON_ALLOW_EXTENSIONS, &cid);
        if (r < 0)
                return log_error_errno(r, "Failed to parse Varlink reply: %m");

        if (cid == VMADDR_CID_ANY)
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Machine %s has no AF_VSOCK CID assigned.", machine);

        return process_vsock_cid(cid, port);
}

static char *startswith_sep(const char *s, const char *prefix) {
        const char *p = startswith(s, prefix);

        if (p && IN_SET(*p, '/', '%'))
                return (char*) p + 1;

        return NULL;
}

static int run(int argc, char* argv[]) {

        log_setup();

        if (argc != 3)
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Expected two arguments: host and port.");

        const char *host = argv[1], *port = argv[2];

        const char *p = startswith_sep(host, "vsock");
        if (p)
                return process_vsock_string(p, port);

        p = startswith_sep(host, "unix");
        if (p)
                return process_unix(p);

        p = startswith_sep(host, "vsock-mux");
        if (p)
                return process_vsock_mux(p, port);

        p = startswith_sep(host, "machine");
        if (p)
                return process_machine(p, port);

        return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Don't know how to parse host name specification: %s", host);
}

DEFINE_MAIN_FUNCTION(run);

1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3	#include <unistd.h>
4
5	#include "sd-varlink.h"
6
7	#include "alloc-util.h"
8	#include "fd-util.h"
9	#include "io-util.h"
10	#include "iovec-util.h"
11	#include "log.h"
12	#include "main-func.h"
13	#include "path-lookup.h"
14	#include "socket-util.h"
15	#include "string-util.h"
16	#include "strv.h"
17
18	static int process_vsock_cid(unsigned cid, const char *port) {	×
19	int r;	×
20
21	assert(cid != VMADDR_CID_ANY);	×
22	assert(port);	×
23
24	union sockaddr_union sa = {	×
25	.vm.svm_cid = cid,
26	.vm.svm_family = AF_VSOCK,
27	};
28
29	r = vsock_parse_port(port, &sa.vm.svm_port);	×
30	if (r < 0)	×
31	return log_error_errno(r, "Failed to parse vsock port: %s", port);	×
32
33	_cleanup_close_ int fd = socket(AF_VSOCK, SOCK_STREAM\|SOCK_CLOEXEC, 0);	×
34	if (fd < 0)	×
35	return log_error_errno(errno, "Failed to allocate AF_VSOCK socket: %m");	×
36
37	if (connect(fd, &sa.sa, sockaddr_len(&sa)) < 0)	×
38	return log_error_errno(errno, "Failed to connect to vsock:%u:%u: %m", sa.vm.svm_cid, sa.vm.svm_port);	×
39
40	/* OpenSSH wants us to send a single byte along with the file descriptor, hence do so */
41	r = send_one_fd_iov(STDOUT_FILENO, fd, &iovec_nul_byte, /* iovlen= / 1, / flags= */ 0);	×
42	if (r < 0)	×
43	return log_error_errno(r, "Failed to send socket via STDOUT: %m");	×
44
45	log_debug("Successfully sent AF_VSOCK socket via STDOUT.");	×
46	return 0;
47	}
48
49	static int process_vsock_string(const char host, const char port) {	×
50	unsigned cid;	×
51	int r;	×
52
53	assert(host);	×
54	assert(port);	×
55
56	r = vsock_parse_cid(host, &cid);	×
57	if (r < 0)	×
58	return log_error_errno(r, "Failed to parse vsock cid: %s", host);	×
59
60	return process_vsock_cid(cid, port);	×
61	}
62
63	static int process_unix(const char *path) {	3✔
64	int r;	3✔
65
66	assert(path);	3✔
67
68	/* We assume the path is absolute unless it starts with a dot (or is already explicitly absolute) */
69	_cleanup_free_ char *prefixed = NULL;	3✔
70	if (!STARTSWITH_SET(path, "/", "./")) {	3✔
71	prefixed = strjoin("/", path);	3✔
72	if (!prefixed)	3✔
73	return log_oom();	×
74
75	path = prefixed;
76	}
77
78	_cleanup_close_ int fd = socket(AF_UNIX, SOCK_STREAM\|SOCK_CLOEXEC, 0);	6✔
79	if (fd < 0)	3✔
80	return log_error_errno(errno, "Failed to allocate AF_UNIX socket: %m");	×
81
82	r = connect_unix_path(fd, AT_FDCWD, path);	3✔
83	if (r < 0)	3✔
84	return log_error_errno(r, "Failed to connect to AF_UNIX socket %s: %m", path);	×
85
86	r = send_one_fd_iov(STDOUT_FILENO, fd, &iovec_nul_byte, /* iovlen= / 1, / flags= */ 0);	3✔
87	if (r < 0)	3✔
88	return log_error_errno(r, "Failed to send socket via STDOUT: %m");	×
89
90	log_debug("Successfully sent AF_UNIX socket via STDOUT.");	3✔
91	return 0;
92	}
93
94	static int process_vsock_mux(const char path, const char port) {	×
95	int r;	×
96
97	assert(path);	×
98	assert(port);	×
99
100	/* We assume the path is absolute unless it starts with a dot (or is already explicitly absolute) */
101	_cleanup_free_ char *prefixed = NULL;	×
102	if (!STARTSWITH_SET(path, "/", "./")) {	×
103	prefixed = strjoin("/", path);	×
104	if (!prefixed)	×
105	return log_oom();	×
106
107	path = prefixed;
108	}
109
110	_cleanup_close_ int fd = socket(AF_UNIX, SOCK_STREAM\|SOCK_CLOEXEC, 0);	×
111	if (fd < 0)	×
112	return log_error_errno(errno, "Failed to allocate AF_UNIX socket: %m");	×
113
114	r = connect_unix_path(fd, AT_FDCWD, path);	×
115	if (r < 0)	×
116	return log_error_errno(r, "Failed to connect to AF_UNIX socket %s: %m", path);	×
117
118	/* Based on the protocol as defined here:
119	* https://github.com/cloud-hypervisor/cloud-hypervisor/blob/main/docs/vsock.md
120	* https://github.com/firecracker-microvm/firecracker/blob/main/docs/vsock.md */
121	_cleanup_free_ char *connect_cmd = NULL;	×
122	connect_cmd = strjoin("CONNECT ", port, "\n");	×
123	if (!connect_cmd)	×
124	return log_oom();	×
125
126	r = loop_write(fd, connect_cmd, SIZE_MAX);	×
127	if (r < 0)	×
128	return log_error_errno(r, "Failed to send CONNECT to %s:%s: %m", path, port);	×
129
130	r = send_one_fd_iov(STDOUT_FILENO, fd, &iovec_nul_byte, /* iovlen= / 1, / flags= */ 0);	×
131	if (r < 0)	×
132	return log_error_errno(r, "Failed to send socket via STDOUT: %m");	×
133
134	log_debug("Successfully sent AF_UNIX socket via STDOUT.");	×
135	return 0;
136	}
137
138	static int fetch_machine(const char machine, RuntimeScope scope, sd_json_variant *ret) {	×
139	int r;	×
140
141	assert(machine);	×
142	assert(ret);	×
143
144	_cleanup_free_ char *addr = NULL;	×
145	r = runtime_directory_generic(scope, "machine/io.systemd.Machine", &addr);	×
146	if (r < 0)	×
147	return r;
148
149	_cleanup_(sd_varlink_unrefp) sd_varlink *vl = NULL;	×
150	r = sd_varlink_connect_address(&vl, addr);	×
151	if (r < 0)	×
152	return log_error_errno(r, "Failed to connect to machined on %s: %m", addr);	×
153
154	_cleanup_(sd_json_variant_unrefp) sd_json_variant *result = NULL;	×
155	const char *error_id;	×
156	r = sd_varlink_callbo(	×
157	vl,
158	"io.systemd.Machine.List",
159	&result,
160	&error_id,
161	SD_JSON_BUILD_PAIR("name", SD_JSON_BUILD_STRING(machine)));
162	if (r < 0)	×
163	return log_error_errno(r, "Failed to issue io.systemd.Machine.List() varlink call: %m");	×
164	if (error_id) {	×
165	if (streq(error_id, "io.systemd.Machine.NoSuchMachine"))	×
166	return -ESRCH;
167
168	r = sd_varlink_error_to_errno(error_id, result); /* If this is a system errno style error, output it with %m */	×
169	if (r != -EBADR)	×
170	return log_error_errno(r, "Failed to issue io.systemd.Machine.List() varlink call: %m");	×
171
172	return log_error_errno(r, "Failed to issue io.systemd.Machine.List() varlink call: %s", error_id);	×
173	}
174
175	*ret = TAKE_PTR(result);	×
176	return 0;	×
177	}
178
179	static int process_machine(const char machine, const char port) {	×
180	int r;	×
181
182	assert(machine);	×
183	assert(port);	×
184
185	_cleanup_(sd_json_variant_unrefp) sd_json_variant *result = NULL;	×
186	r = fetch_machine(machine, RUNTIME_SCOPE_USER, &result);	×
187	if (r == -ESRCH)	×
188	r = fetch_machine(machine, RUNTIME_SCOPE_SYSTEM, &result);	×
189	if (r < 0)	×
190	return r;
191
192	uint32_t cid = VMADDR_CID_ANY;	×
193
194	static const sd_json_dispatch_field dispatch_table[] = {	×
195	{ "vSockCid", SD_JSON_VARIANT_UNSIGNED, sd_json_dispatch_uint32, 0, 0 },
196	{}
197	};
198
199	r = sd_json_dispatch(result, dispatch_table, SD_JSON_ALLOW_EXTENSIONS, &cid);	×
200	if (r < 0)	×
201	return log_error_errno(r, "Failed to parse Varlink reply: %m");	×
202
203	if (cid == VMADDR_CID_ANY)	×
204	return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Machine %s has no AF_VSOCK CID assigned.", machine);	×
205
206	return process_vsock_cid(cid, port);	×
207	}
208
209	static char startswith_sep(const char s, const char *prefix) {	6✔
210	const char *p = startswith(s, prefix);	6✔
211
212	if (p && IN_SET(*p, '/', '%'))	6✔
213	return (char*) p + 1;	3✔
214
215	return NULL;
216	}
217
218	static int run(int argc, char* argv[]) {	3✔
219
220	log_setup();	3✔
221
222	if (argc != 3)	3✔
223	return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Expected two arguments: host and port.");	×
224
225	const char host = argv[1], port = argv[2];	3✔
226
227	const char *p = startswith_sep(host, "vsock");	3✔
228	if (p)	3✔
229	return process_vsock_string(p, port);	×
230
231	p = startswith_sep(host, "unix");	3✔
232	if (p)	3✔
233	return process_unix(p);	3✔
234
235	p = startswith_sep(host, "vsock-mux");	×
236	if (p)	×
237	return process_vsock_mux(p, port);	×
238
239	p = startswith_sep(host, "machine");	×
240	if (p)	×
241	return process_machine(p, port);	×
242
243	return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Don't know how to parse host name specification: %s", host);	×
244	}
245
246	DEFINE_MAIN_FUNCTION(run);	3✔

systemd / systemd / 18052125394

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous