From: Daan De Meyer Date: Fri, 26 Sep 2025 07:39:23 +0000 (+0200) Subject: ssh-proxy: Add support for per user machined X-Git-Tag: v259-rc1~421 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=677785c8f8aeadbb04f452a1da3166d3b73833b1;p=thirdparty%2Fsystemd.git ssh-proxy: Add support for per user machined Let's check both the per user machined and the system machined instead of only the system machined. We give preference to the per user machined and fall back to the system machined. --- diff --git a/src/ssh-generator/ssh-proxy.c b/src/ssh-generator/ssh-proxy.c index 30360b18b43..fcdc40c09dc 100644 --- a/src/ssh-generator/ssh-proxy.c +++ b/src/ssh-generator/ssh-proxy.c @@ -10,10 +10,10 @@ #include "iovec-util.h" #include "log.h" #include "main-func.h" +#include "path-lookup.h" #include "socket-util.h" #include "string-util.h" #include "strv.h" -#include "varlink-util.h" static int process_vsock_cid(unsigned cid, const char *port) { int r; @@ -135,23 +135,57 @@ static int process_vsock_mux(const char *path, const char *port) { return 0; } -static int process_machine(const char *machine, const char *port) { - _cleanup_(sd_varlink_unrefp) sd_varlink *vl = NULL; +static int fetch_machine(const char *machine, RuntimeScope scope, sd_json_variant **ret) { int r; assert(machine); - assert(port); + assert(ret); - r = sd_varlink_connect_address(&vl, "/run/systemd/machine/io.systemd.Machine"); + _cleanup_free_ char *addr = NULL; + r = runtime_directory_generic(scope, "machine/io.systemd.Machine", &addr); if (r < 0) - return log_error_errno(r, "Failed to connect to machined on /run/systemd/machine/io.systemd.Machine: %m"); + return r; + + _cleanup_(sd_varlink_unrefp) sd_varlink *vl = NULL; + r = sd_varlink_connect_address(&vl, addr); + if (r < 0) + return log_error_errno(r, "Failed to connect to machined on %s: %m", addr); _cleanup_(sd_json_variant_unrefp) sd_json_variant *result = NULL; - r = varlink_callbo_and_log( + const char *error_id; + r = sd_varlink_callbo( vl, "io.systemd.Machine.List", &result, + &error_id, SD_JSON_BUILD_PAIR("name", SD_JSON_BUILD_STRING(machine))); + if (r < 0) + return log_error_errno(r, "Failed to issue io.systemd.Machine.List() varlink call: %m"); + if (error_id) { + if (streq(error_id, "io.systemd.Machine.NoSuchMachine")) + return -ESRCH; + + r = sd_varlink_error_to_errno(error_id, result); /* If this is a system errno style error, output it with %m */ + if (r != -EBADR) + return log_error_errno(r, "Failed to issue io.systemd.Machine.List() varlink call: %m"); + + return log_error_errno(r, "Failed to issue io.systemd.Machine.List() varlink call: %s", error_id); + } + + *ret = TAKE_PTR(result); + return 0; +} + +static int process_machine(const char *machine, const char *port) { + int r; + + assert(machine); + assert(port); + + _cleanup_(sd_json_variant_unrefp) sd_json_variant *result = NULL; + r = fetch_machine(machine, RUNTIME_SCOPE_USER, &result); + if (r == -ESRCH) + r = fetch_machine(machine, RUNTIME_SCOPE_SYSTEM, &result); if (r < 0) return r; @@ -167,7 +201,7 @@ static int process_machine(const char *machine, const char *port) { return log_error_errno(r, "Failed to parse Varlink reply: %m"); if (cid == VMADDR_CID_ANY) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Machine has no AF_VSOCK CID assigned."); + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Machine %s has no AF_VSOCK CID assigned.", machine); return process_vsock_cid(cid, port); }