mirror of
https://github.com/Dasharo/systemd.git
synced 2026-03-06 15:02:31 -08:00
journal-remote: sync TrustedCertificateFile= parsing with journal-upload
So we can use TrustedCertificateFile=- to disable certificate checking for both utilities.
This commit is contained in:
Frantisek Sumsal
@@ -16,6 +16,7 @@
|
||||
#include "main-func.h"
|
||||
#include "memory-util.h"
|
||||
#include "parse-argument.h"
|
||||
#include "parse-helpers.h"
|
||||
#include "pretty-print.h"
|
||||
#include "process-util.h"
|
||||
#include "rlimit-util.h"
|
||||
@@ -736,7 +737,7 @@ static int parse_config(void) {
|
||||
{ "Remote", "SplitMode", config_parse_write_split_mode, 0, &arg_split_mode },
|
||||
{ "Remote", "ServerKeyFile", config_parse_path, 0, &arg_key },
|
||||
{ "Remote", "ServerCertificateFile", config_parse_path, 0, &arg_cert },
|
||||
{ "Remote", "TrustedCertificateFile", config_parse_path, 0, &arg_trust },
|
||||
{ "Remote", "TrustedCertificateFile", config_parse_path_or_ignore, 0, &arg_trust },
|
||||
{ "Remote", "MaxUse", config_parse_iec_uint64, 0, &arg_max_use },
|
||||
{ "Remote", "MaxFileSize", config_parse_iec_uint64, 0, &arg_max_size },
|
||||
{ "Remote", "MaxFiles", config_parse_uint64, 0, &arg_n_max_files },
|
||||
@@ -910,17 +911,13 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
|
||||
case ARG_TRUST:
|
||||
#if HAVE_GNUTLS
|
||||
if (arg_trust || arg_trust_all)
|
||||
if (arg_trust)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
"Confusing trusted CA configuration");
|
||||
"Cannot use --trust more than once");
|
||||
|
||||
if (streq(optarg, "all"))
|
||||
arg_trust_all = true;
|
||||
else {
|
||||
arg_trust = strdup(optarg);
|
||||
if (!arg_trust)
|
||||
return log_oom();
|
||||
}
|
||||
arg_trust = strdup(optarg);
|
||||
if (!arg_trust)
|
||||
return log_oom();
|
||||
#else
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
"Option --trust is not available.");
|
||||
@@ -1025,6 +1022,11 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||
"For SplitMode=host, output must be a directory.");
|
||||
|
||||
if (STRPTR_IN_SET(arg_trust, "-", "all")) {
|
||||
arg_trust_all = true;
|
||||
arg_trust = mfree(arg_trust);
|
||||
}
|
||||
|
||||
log_debug("Full config: SplitMode=%s Key=%s Cert=%s Trust=%s",
|
||||
journal_write_split_mode_to_string(arg_split_mode),
|
||||
strna(arg_key),
|
||||
|
||||
@@ -20,6 +20,7 @@
|
||||
#include "macro.h"
|
||||
#include "managed-journal-file.h"
|
||||
#include "parse-util.h"
|
||||
#include "parse-helpers.h"
|
||||
#include "process-util.h"
|
||||
#include "socket-util.h"
|
||||
#include "stdio-util.h"
|
||||
|
||||
@@ -518,45 +518,6 @@ static int perform_upload(Uploader *u) {
|
||||
return update_cursor_state(u);
|
||||
}
|
||||
|
||||
static int config_parse_path_or_ignore(
|
||||
const char *unit,
|
||||
const char *filename,
|
||||
unsigned line,
|
||||
const char *section,
|
||||
unsigned section_line,
|
||||
const char *lvalue,
|
||||
int ltype,
|
||||
const char *rvalue,
|
||||
void *data,
|
||||
void *userdata) {
|
||||
|
||||
_cleanup_free_ char *n = NULL;
|
||||
bool fatal = ltype;
|
||||
char **s = ASSERT_PTR(data);
|
||||
int r;
|
||||
|
||||
assert(filename);
|
||||
assert(lvalue);
|
||||
assert(rvalue);
|
||||
|
||||
if (isempty(rvalue))
|
||||
goto finalize;
|
||||
|
||||
n = strdup(rvalue);
|
||||
if (!n)
|
||||
return log_oom();
|
||||
|
||||
if (streq(n, "-"))
|
||||
goto finalize;
|
||||
|
||||
r = path_simplify_and_warn(n, PATH_CHECK_ABSOLUTE | (fatal ? PATH_CHECK_FATAL : 0), unit, filename, line, lvalue);
|
||||
if (r < 0)
|
||||
return fatal ? -ENOEXEC : 0;
|
||||
|
||||
finalize:
|
||||
return free_and_replace(*s, n);
|
||||
}
|
||||
|
||||
static int parse_config(void) {
|
||||
const ConfigTableItem items[] = {
|
||||
{ "Upload", "URL", config_parse_string, CONFIG_PARSE_STRING_SAFE, &arg_url },
|
||||
|
||||
@@ -196,3 +196,42 @@ int parse_socket_bind_item(
|
||||
*port_min = mn;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int config_parse_path_or_ignore(
|
||||
const char *unit,
|
||||
const char *filename,
|
||||
unsigned line,
|
||||
const char *section,
|
||||
unsigned section_line,
|
||||
const char *lvalue,
|
||||
int ltype,
|
||||
const char *rvalue,
|
||||
void *data,
|
||||
void *userdata) {
|
||||
|
||||
_cleanup_free_ char *n = NULL;
|
||||
bool fatal = ltype;
|
||||
char **s = ASSERT_PTR(data);
|
||||
int r;
|
||||
|
||||
assert(filename);
|
||||
assert(lvalue);
|
||||
assert(rvalue);
|
||||
|
||||
if (isempty(rvalue))
|
||||
goto finalize;
|
||||
|
||||
n = strdup(rvalue);
|
||||
if (!n)
|
||||
return log_oom();
|
||||
|
||||
if (streq(n, "-"))
|
||||
goto finalize;
|
||||
|
||||
r = path_simplify_and_warn(n, PATH_CHECK_ABSOLUTE | (fatal ? PATH_CHECK_FATAL : 0), unit, filename, line, lvalue);
|
||||
if (r < 0)
|
||||
return fatal ? -ENOEXEC : 0;
|
||||
|
||||
finalize:
|
||||
return free_and_replace(*s, n);
|
||||
}
|
||||
|
||||
@@ -23,3 +23,15 @@ int parse_socket_bind_item(
|
||||
int *ip_protocol,
|
||||
uint16_t *nr_ports,
|
||||
uint16_t *port_min);
|
||||
|
||||
int config_parse_path_or_ignore(
|
||||
const char *unit,
|
||||
const char *filename,
|
||||
unsigned line,
|
||||
const char *section,
|
||||
unsigned section_line,
|
||||
const char *lvalue,
|
||||
int ltype,
|
||||
const char *rvalue,
|
||||
void *data,
|
||||
void *userdata);
|
||||
|
||||
Reference in New Issue
Block a user