From: Luca Boccassi Date: Wed, 28 Feb 2024 18:01:52 +0000 (+0000) Subject: Merge pull request #31524 from poettering/secure-getenv-naming-fix X-Git-Tag: v256-rc1~706 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e72ae41b51a2738438e1f3669265d7c37d9d33f6;hp=de461d3269577b68fad3d965b2fc9419ee6ab032;p=thirdparty%2Fsystemd.git Merge pull request #31524 from poettering/secure-getenv-naming-fix change naming order getenv_xyz_secure() → secure_getenv_xyz() to match glibc --- diff --git a/src/basic/env-util.c b/src/basic/env-util.c index 3bb26546570..7608f90a4a6 100644 --- a/src/basic/env-util.c +++ b/src/basic/env-util.c @@ -963,7 +963,7 @@ int getenv_bool(const char *p) { return parse_boolean(e); } -int getenv_bool_secure(const char *p) { +int secure_getenv_bool(const char *p) { const char *e; e = secure_getenv(p); @@ -973,7 +973,7 @@ int getenv_bool_secure(const char *p) { return parse_boolean(e); } -int getenv_uint64_secure(const char *p, uint64_t *ret) { +int secure_getenv_uint64(const char *p, uint64_t *ret) { const char *e; assert(p); diff --git a/src/basic/env-util.h b/src/basic/env-util.h index 15d867a3d9a..6610ca8ca16 100644 --- a/src/basic/env-util.h +++ b/src/basic/env-util.h @@ -62,9 +62,9 @@ static inline char* strv_env_get(char * const *x, const char *n) { char *strv_env_pairs_get(char **l, const char *name) _pure_; int getenv_bool(const char *p); -int getenv_bool_secure(const char *p); +int secure_getenv_bool(const char *p); -int getenv_uint64_secure(const char *p, uint64_t *ret); +int secure_getenv_uint64(const char *p, uint64_t *ret); /* Like setenv, but calls unsetenv if value == NULL. */ int set_unset_env(const char *name, const char *value, bool overwrite); diff --git a/src/basic/initrd-util.c b/src/basic/initrd-util.c index 03ccfbe4832..d3aa933977a 100644 --- a/src/basic/initrd-util.c +++ b/src/basic/initrd-util.c @@ -21,7 +21,7 @@ bool in_initrd(void) { * This can be overridden by setting SYSTEMD_IN_INITRD=0|1. */ - r = getenv_bool_secure("SYSTEMD_IN_INITRD"); + r = secure_getenv_bool("SYSTEMD_IN_INITRD"); if (r < 0 && r != -ENXIO) log_debug_errno(r, "Failed to parse $SYSTEMD_IN_INITRD, ignoring: %m"); diff --git a/src/basic/locale-util.c b/src/basic/locale-util.c index e6da5dbc631..23565273dd2 100644 --- a/src/basic/locale-util.c +++ b/src/basic/locale-util.c @@ -295,7 +295,7 @@ bool is_locale_utf8(void) { if (cached_answer >= 0) goto out; - r = getenv_bool_secure("SYSTEMD_UTF8"); + r = secure_getenv_bool("SYSTEMD_UTF8"); if (r >= 0) { cached_answer = r; goto out; diff --git a/src/basic/log.c b/src/basic/log.c index 7ddca92afa8..172a2c8ada0 100644 --- a/src/basic/log.c +++ b/src/basic/log.c @@ -1674,7 +1674,7 @@ bool log_context_enabled(void) { if (saved_log_context_enabled >= 0) return saved_log_context_enabled; - r = getenv_bool_secure("SYSTEMD_ENABLE_LOG_CONTEXT"); + r = secure_getenv_bool("SYSTEMD_ENABLE_LOG_CONTEXT"); if (r < 0 && r != -ENXIO) log_debug_errno(r, "Failed to parse $SYSTEMD_ENABLE_LOG_CONTEXT, ignoring: %m"); diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c index 3a1d2f38dbb..7a235c5bf46 100644 --- a/src/fstab-generator/fstab-generator.c +++ b/src/fstab-generator/fstab-generator.c @@ -824,7 +824,7 @@ static bool sysfs_check(void) { int r; if (cached < 0) { - r = getenv_bool_secure("SYSTEMD_SYSFS_CHECK"); + r = secure_getenv_bool("SYSTEMD_SYSFS_CHECK"); if (r < 0 && r != -ENXIO) log_debug_errno(r, "Failed to parse $SYSTEMD_SYSFS_CHECK, ignoring: %m"); cached = r != 0; diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c index bfc2a8a9ca5..9a340157380 100644 --- a/src/libsystemd/sd-device/sd-device.c +++ b/src/libsystemd/sd-device/sd-device.c @@ -214,7 +214,7 @@ int device_set_syspath(sd_device *device, const char *_syspath, bool verify) { /* Only operate on sysfs, i.e. refuse going down into /sys/fs/cgroup/ or similar places where * things are not arranged as kobjects in kernel, and hence don't necessarily have * kobject/attribute structure. */ - r = getenv_bool_secure("SYSTEMD_DEVICE_VERIFY_SYSFS"); + r = secure_getenv_bool("SYSTEMD_DEVICE_VERIFY_SYSFS"); if (r < 0 && r != -ENXIO) log_debug_errno(r, "Failed to parse $SYSTEMD_DEVICE_VERIFY_SYSFS value: %m"); if (r != 0) { diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c index 338609b1869..c651d595026 100644 --- a/src/libsystemd/sd-event/sd-event.c +++ b/src/libsystemd/sd-event/sd-event.c @@ -1574,7 +1574,7 @@ static int child_exit_callback(sd_event_source *s, const siginfo_t *si, void *us static bool shall_use_pidfd(void) { /* Mostly relevant for debugging, i.e. this is used in test-event.c to test the event loop once with and once without pidfd */ - return getenv_bool_secure("SYSTEMD_PIDFD") != 0; + return secure_getenv_bool("SYSTEMD_PIDFD") != 0; } _public_ int sd_event_add_child( diff --git a/src/nss-resolve/nss-resolve.c b/src/nss-resolve/nss-resolve.c index ce8c0640043..3cefb6394c8 100644 --- a/src/nss-resolve/nss-resolve.c +++ b/src/nss-resolve/nss-resolve.c @@ -202,9 +202,10 @@ static uint64_t query_flag( const char *name, const int value, uint64_t flag) { + int r; - r = getenv_bool_secure(name); + r = secure_getenv_bool(name); if (r >= 0) return r == value ? flag : 0; if (r != -ENXIO) diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c index 1d6e25399f6..8e8d4cf1cb6 100644 --- a/src/nss-systemd/nss-systemd.c +++ b/src/nss-systemd/nss-systemd.c @@ -306,7 +306,7 @@ enum nss_status _nss_systemd_getpwnam_r( return NSS_STATUS_NOTFOUND; /* Synthesize entries for the root and nobody users, in case they are missing in /etc/passwd */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { + if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { if (streq(name, root_passwd.pw_name)) return copy_synthesized_passwd(pwd, &root_passwd, @@ -354,7 +354,7 @@ enum nss_status _nss_systemd_getpwuid_r( return NSS_STATUS_NOTFOUND; /* Synthesize data for the root user and for nobody in case they are missing from /etc/passwd */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { + if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { if (uid == root_passwd.pw_uid) return copy_synthesized_passwd(pwd, &root_passwd, @@ -403,7 +403,7 @@ enum nss_status _nss_systemd_getspnam_r( return NSS_STATUS_NOTFOUND; /* Synthesize entries for the root and nobody users, in case they are missing in /etc/passwd */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { + if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { if (streq(name, root_spwd.sp_namp)) return copy_synthesized_spwd(spwd, &root_spwd, buffer, buflen, errnop); @@ -450,7 +450,7 @@ enum nss_status _nss_systemd_getgrnam_r( return NSS_STATUS_NOTFOUND; /* Synthesize records for root and nobody, in case they are missing from /etc/group */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { + if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { if (streq(name, root_group.gr_name)) return copy_synthesized_group(gr, &root_group, buffer, buflen, errnop); @@ -494,7 +494,7 @@ enum nss_status _nss_systemd_getgrgid_r( return NSS_STATUS_NOTFOUND; /* Synthesize records for root and nobody, in case they are missing from /etc/group */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { + if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { if (gid == root_group.gr_gid) return copy_synthesized_group(gr, &root_group, buffer, buflen, errnop); @@ -539,7 +539,7 @@ enum nss_status _nss_systemd_getsgnam_r( return NSS_STATUS_NOTFOUND; /* Synthesize records for root and nobody, in case they are missing from /etc/group */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { + if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { if (streq(name, root_sgrp.sg_namp)) return copy_synthesized_sgrp(sgrp, &root_sgrp, buffer, buflen, errnop); diff --git a/src/nss-systemd/userdb-glue.c b/src/nss-systemd/userdb-glue.c index c69667d6607..b02d89a20bc 100644 --- a/src/nss-systemd/userdb-glue.c +++ b/src/nss-systemd/userdb-glue.c @@ -14,7 +14,7 @@ UserDBFlags nss_glue_userdb_flags(void) { UserDBFlags flags = USERDB_EXCLUDE_NSS; /* Make sure that we don't go in circles when allocating a dynamic UID by checking our own database */ - if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0) + if (secure_getenv_bool("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0) flags |= USERDB_EXCLUDE_DYNAMIC_USER; return flags; diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c index a495f82b875..2d5846a06ff 100644 --- a/src/shared/creds-util.c +++ b/src/shared/creds-util.c @@ -1489,7 +1489,7 @@ int decrypt_credential_and_warn( if (validate_name && !streq(embedded_name, validate_name)) { - r = getenv_bool_secure("SYSTEMD_CREDENTIAL_VALIDATE_NAME"); + r = secure_getenv_bool("SYSTEMD_CREDENTIAL_VALIDATE_NAME"); if (r < 0 && r != -ENXIO) log_debug_errno(r, "Failed to parse $SYSTEMD_CREDENTIAL_VALIDATE_NAME: %m"); if (r != 0) @@ -1505,7 +1505,7 @@ int decrypt_credential_and_warn( if (le64toh(m->not_after) != USEC_INFINITY && le64toh(m->not_after) < validate_timestamp) { - r = getenv_bool_secure("SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER"); + r = secure_getenv_bool("SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER"); if (r < 0 && r != -ENXIO) log_debug_errno(r, "Failed to parse $SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER: %m"); if (r != 0) diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 216c036a31e..763fdf1cbf0 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -2628,7 +2628,7 @@ static int do_crypt_activate_verity( assert(verity); if (verity->root_hash_sig) { - r = getenv_bool_secure("SYSTEMD_DISSECT_VERITY_SIGNATURE"); + r = secure_getenv_bool("SYSTEMD_DISSECT_VERITY_SIGNATURE"); if (r < 0 && r != -ENXIO) log_debug_errno(r, "Failed to parse $SYSTEMD_DISSECT_VERITY_SIGNATURE"); @@ -3100,7 +3100,7 @@ int verity_settings_load( if (is_device_path(image)) return 0; - r = getenv_bool_secure("SYSTEMD_DISSECT_VERITY_SIDECAR"); + r = secure_getenv_bool("SYSTEMD_DISSECT_VERITY_SIDECAR"); if (r < 0 && r != -ENXIO) log_debug_errno(r, "Failed to parse $SYSTEMD_DISSECT_VERITY_SIDECAR, ignoring: %m"); if (r == 0) @@ -3285,7 +3285,7 @@ int dissected_image_load_verity_sig_partition( if (verity->root_hash && verity->root_hash_sig) /* Already loaded? */ return 0; - r = getenv_bool_secure("SYSTEMD_DISSECT_VERITY_EMBEDDED"); + r = secure_getenv_bool("SYSTEMD_DISSECT_VERITY_EMBEDDED"); if (r < 0 && r != -ENXIO) log_debug_errno(r, "Failed to parse $SYSTEMD_DISSECT_VERITY_EMBEDDED, ignoring: %m"); if (r == 0) diff --git a/src/shared/efi-loader.c b/src/shared/efi-loader.c index 7d6bda924a9..ab377aaa8b7 100644 --- a/src/shared/efi-loader.c +++ b/src/shared/efi-loader.c @@ -262,7 +262,7 @@ int efi_measured_uki(int log_level) { * being used, but it measured things into a different PCR than we are configured for in * userspace. (i.e. we expect PCR 11 being used for this by both sd-stub and us) */ - r = getenv_bool_secure("SYSTEMD_FORCE_MEASURE"); /* Give user a chance to override the variable test, + r = secure_getenv_bool("SYSTEMD_FORCE_MEASURE"); /* Give user a chance to override the variable test, * for debugging purposes */ if (r >= 0) return (cached = r); diff --git a/src/shared/pager.c b/src/shared/pager.c index 19deefab565..9b8ae767005 100644 --- a/src/shared/pager.c +++ b/src/shared/pager.c @@ -175,7 +175,7 @@ void pager_open(PagerFlags flags) { * pager. If they didn't, use secure mode when under euid is changed. If $SYSTEMD_PAGERSECURE * wasn't explicitly set, and we autodetect the need for secure mode, only use the pager we * know to be good. */ - int use_secure_mode = getenv_bool_secure("SYSTEMD_PAGERSECURE"); + int use_secure_mode = secure_getenv_bool("SYSTEMD_PAGERSECURE"); bool trust_pager = use_secure_mode >= 0; if (use_secure_mode == -ENXIO) { uid_t uid; diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index 00a8cedcb8e..2469e242534 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -298,7 +298,7 @@ bool is_seccomp_available(void) { if (cached_enabled < 0) { int b; - b = getenv_bool_secure("SYSTEMD_SECCOMP"); + b = secure_getenv_bool("SYSTEMD_SECCOMP"); if (b != 0) { if (b < 0 && b != -ENXIO) /* ENXIO: env var unset */ log_debug_errno(b, "Failed to parse $SYSTEMD_SECCOMP value, ignoring."); diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c index 6e28b1cf8ff..e443b102116 100644 --- a/src/sysusers/sysusers.c +++ b/src/sysusers/sysusers.c @@ -569,7 +569,7 @@ static int write_temporary_passwd( static usec_t epoch_or_now(void) { uint64_t epoch; - if (getenv_uint64_secure("SOURCE_DATE_EPOCH", &epoch) >= 0) { + if (secure_getenv_uint64("SOURCE_DATE_EPOCH", &epoch) >= 0) { if (epoch > UINT64_MAX/USEC_PER_SEC) /* Overflow check */ return USEC_INFINITY; return (usec_t) epoch * USEC_PER_SEC; diff --git a/src/test/test-nss-hosts.c b/src/test/test-nss-hosts.c index 72a9c6454c6..2f1810d93be 100644 --- a/src/test/test-nss-hosts.c +++ b/src/test/test-nss-hosts.c @@ -140,7 +140,7 @@ static void test_gethostbyname4_r(void *handle, const char *module, const char * assert_se(status == NSS_STATUS_SUCCESS); assert_se(n == socket_ipv6_is_enabled() + 1); - } else if (streq(module, "resolve") && getenv_bool_secure("SYSTEMD_NSS_RESOLVE_SYNTHESIZE") != 0) { + } else if (streq(module, "resolve") && secure_getenv_bool("SYSTEMD_NSS_RESOLVE_SYNTHESIZE") != 0) { assert_se(status == NSS_STATUS_SUCCESS); if (socket_ipv6_is_enabled()) assert_se(n == 2);