From: Michael Vogt Date: Tue, 5 May 2026 07:43:50 +0000 (+0200) Subject: core: extract exec_context_apply_set_credential() helper X-Git-Tag: v261-rc1~158^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=045d08e41744f0f0ec54a684ba37cd8ad46b5243;p=thirdparty%2Fsystemd.git core: extract exec_context_apply_set_credential() helper Extract the SetCredential{,Encrypted} logic out of bus_exec_context_set_transient_property() into a new helper. No functional changes. This will be used in the varlink Unit.StartTransient SetCredential implementation. --- diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c index 068b1ebb3d3..906002570f1 100644 --- a/src/core/dbus-execute.c +++ b/src/core/dbus-execute.c @@ -2536,6 +2536,7 @@ int bus_exec_context_set_transient_property( return 1; } else if (STR_IN_SET(name, "SetCredential", "SetCredentialEncrypted")) { + bool encrypted = endswith(name, "Encrypted"); bool isempty = true; r = sd_bus_message_enter_container(message, 'a', "(say)"); @@ -2546,6 +2547,7 @@ int bus_exec_context_set_transient_property( const char *id; const void *p; size_t sz; + const char *err = NULL; r = sd_bus_message_enter_container(message, 'r', "say"); if (r < 0) @@ -2565,34 +2567,13 @@ int bus_exec_context_set_transient_property( if (r < 0) return r; - if (!credential_name_valid(id)) - return sd_bus_error_setf(reterr_error, SD_BUS_ERROR_INVALID_ARGS, "Credential ID is invalid: %s", id); - isempty = false; - if (!UNIT_WRITE_FLAGS_NOOP(flags)) { - bool encrypted = endswith(name, "Encrypted"); - _cleanup_free_ char *a = NULL, *b = NULL; - _cleanup_free_ void *copy = NULL; - - copy = memdup(p, sz); - if (!copy) - return -ENOMEM; - - a = specifier_escape(id); - if (!a) - return -ENOMEM; - - b = cescape_length(p, sz); - if (!b) - return -ENOMEM; - - r = exec_context_put_set_credential(c, id, TAKE_PTR(copy), sz, encrypted); - if (r < 0) - return r; - - (void) unit_write_settingf(u, flags, name, "%s=%s:%s", name, a, b); - } + r = exec_context_apply_set_credential(u, c, id, p, sz, encrypted, flags, &err); + if (r == -EINVAL) + return sd_bus_error_setf(reterr_error, SD_BUS_ERROR_INVALID_ARGS, "%s: %s", err, id); + if (r < 0) + return r; } r = sd_bus_message_exit_container(message); diff --git a/src/core/execute.c b/src/core/execute.c index 7f92eba30f5..7935da74316 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -18,11 +18,13 @@ #include "cgroup-setup.h" #include "coredump-util.h" #include "cpu-set-util.h" +#include "creds-util.h" #include "dissect-image.h" #include "dynamic-user.h" #include "env-file.h" #include "env-util.h" #include "escape.h" +#include "exec-credential.h" #include "execute.h" #include "execute-serialize.h" #include "fd-util.h" @@ -55,6 +57,7 @@ #include "serialize.h" #include "set.h" #include "sort-util.h" +#include "specifier.h" #include "string-table.h" #include "string-util.h" #include "strv.h" @@ -788,6 +791,53 @@ int exec_context_apply_environment( return 0; } +int exec_context_apply_set_credential( + Unit *u, + ExecContext *c, + const char *id, + const void *data, + size_t size, + bool encrypted, + UnitWriteFlags flags, + const char **reterr_message) { + + int r; + + assert(u); + assert(c); + assert(id); + assert(data || size == 0); + + if (!credential_name_valid(id)) { + if (reterr_message) + *reterr_message = "Credential ID is invalid"; + return -EINVAL; + } + + if (UNIT_WRITE_FLAGS_NOOP(flags)) + return 0; + + _cleanup_free_ void *copy = memdup(data, size); + if (!copy) + return -ENOMEM; + + _cleanup_free_ char *escaped_id = specifier_escape(id); + if (!escaped_id) + return -ENOMEM; + + _cleanup_free_ char *escaped_value = cescape_length(data, size); + if (!escaped_value) + return -ENOMEM; + + r = exec_context_put_set_credential(c, id, TAKE_PTR(copy), size, encrypted); + if (r < 0) + return r; + + const char *name = encrypted ? "SetCredentialEncrypted" : "SetCredential"; + unit_write_settingf(u, flags, name, "%s=%s:%s", name, escaped_id, escaped_value); + return 0; +} + int exec_context_destroy_runtime_directory(const ExecContext *c, const char *runtime_prefix) { assert(c); diff --git a/src/core/execute.h b/src/core/execute.h index f29f23bc2ef..4553ce9d84d 100644 --- a/src/core/execute.h +++ b/src/core/execute.h @@ -541,6 +541,7 @@ void exec_context_done(ExecContext *c); void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix); int exec_context_apply_environment(Unit *u, ExecContext *c, char **env, UnitWriteFlags flags); +int exec_context_apply_set_credential(Unit *u, ExecContext *c, const char *id, const void *data, size_t size, bool encrypted, UnitWriteFlags flags, const char **reterr_message); int exec_context_destroy_runtime_directory(const ExecContext *c, const char *runtime_prefix); int exec_context_destroy_mount_ns_dir(Unit *u);