From: Mike Yuan <me@yhndnzj.com>
Date: Fri, 19 Sep 2025 22:32:54 +0000 (+0200)
Subject: creds: uniformly use varlink error table
X-Git-Tag: v259-rc1~479^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=edb9a2870fcc96d060f2a40712fa8a78c7a5a735;p=thirdparty%2Fsystemd.git

creds: uniformly use varlink error table

Follow-up for ffd4b3809681b940d7d1fb9bc64502306c0a3e7e
---

diff --git a/src/creds/creds.c b/src/creds/creds.c
index ab3beabc02d..19857407542 100644
--- a/src/creds/creds.c
+++ b/src/creds/creds.c
@@ -1409,28 +1409,15 @@ static int vl_method_decrypt(sd_varlink *link, sd_json_variant *parameters, sd_v
                 ask_polkit = true;
         }
 
-        if (r == -EBADMSG)
-                return sd_varlink_error(link, "io.systemd.Credentials.BadFormat", NULL);
-        if (r == -EDESTADDRREQ)
-                return sd_varlink_error(link, "io.systemd.Credentials.NameMismatch", NULL);
-        if (r == -ESTALE)
-                return sd_varlink_error(link, "io.systemd.Credentials.TimeMismatch", NULL);
-        if (r == -ESRCH)
-                return sd_varlink_error(link, "io.systemd.Credentials.NoSuchUser", NULL);
-        if (r == -EMEDIUMTYPE)
-                return sd_varlink_error(link, "io.systemd.Credentials.BadScope", NULL);
-        if (r == -EHOSTDOWN)
-                return sd_varlink_error(link, "io.systemd.Credentials.CantFindPCRSignature", NULL);
-        if (r == -EHWPOISON)
-                return sd_varlink_error(link, "io.systemd.Credentials.NullKeyNotAllowed", NULL);
-        if (r == -EREMOTE)
-                return sd_varlink_error(link, "io.systemd.Credentials.KeyBelongsToOtherTPM", NULL);
-        if (r == -ENOLCK)
-                return sd_varlink_error(link, "io.systemd.Credentials.TPMInDictionaryLockout", NULL);
         if (IN_SET(r, -EREMCHG, -ENOANO, -EUCLEAN, -EPERM))
                 return sd_varlink_error(link, "io.systemd.Credentials.UnexpectedPCRState", NULL);
-        if (r < 0)
+        if (r < 0) {
+                const CredentialsVarlinkError *e = credentials_varlink_error_by_errno(r);
+                if (e)
+                        return sd_varlink_error(link, e->id, NULL);
+
                 return r;
+        }
 
         _cleanup_(sd_json_variant_unrefp) sd_json_variant *reply = NULL;
 
diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c
index cc9d5c37fa6..7f7c04470f2 100644
--- a/src/shared/creds-util.c
+++ b/src/shared/creds-util.c
@@ -1652,26 +1652,9 @@ int ipc_decrypt_credential(const char *validate_name, usec_t validate_timestamp,
         if (r < 0)
                 return log_error_errno(r, "Failed to call Decrypt() varlink call.");
         if (!isempty(error_id))  {
-                static struct {
-                        const char *id;
-                        int errnum;
-                        const char *msg;
-                } table[] = {
-                        { "io.systemd.Credentials.BadFormat",              EBADMSG,      "Bad credential format." },
-                        { "io.systemd.Credentials.NameMismatch",           EDESTADDRREQ, "Name in credential doesn't match expectations." },
-                        { "io.systemd.Credentials.TimeMismatch",           ESTALE,       "Outside of credential validity time window." },
-                        { "io.systemd.Credentials.NoSuchUser",             ESRCH,        "No such user." },
-                        { "io.systemd.Credentials.BadScope",               EMEDIUMTYPE,  "Scope mismatch." },
-                        { "io.systemd.Credentials.CantFindPCRSignature",   EHOSTDOWN,    "PCR signature required for decryption, but could not be found." },
-                        { "io.systemd.Credentials.NullKeyNotAllowed",      EHWPOISON,    "The key was encrypted with a null key, but that's now allowed during decryption." },
-                        { "io.systemd.Credentials.KeyBelongsToOtherTPM",   EREMOTE,      "The TPM integrity check for this key failed, key probably belongs to another TPM, or was corrupted." },
-                        { "io.systemd.Credentials.TPMInDictionaryLockout", ENOLCK,       "The TPM is in dictionary lockout mode, cannot operate." },
-                        { "io.systemd.Credentials.UnexpectedPCRState" ,    EUCLEAN,      "Unexpected TPM PCR state of the system." },
-                };
-
-                FOREACH_ELEMENT(i, table)
-                        if (streq(i->id, error_id))
-                                return log_error_errno(SYNTHETIC_ERRNO(i->errnum), "%s", i->msg);
+                const CredentialsVarlinkError *e = credentials_varlink_error_by_id(error_id);
+                if (e)
+                        return log_error_errno(SYNTHETIC_ERRNO(e->errnum), "%s", e->msg);
 
                 return log_error_errno(sd_varlink_error_to_errno(error_id, reply), "Failed to decrypt: %s", error_id);
         }
@@ -1824,3 +1807,38 @@ int pick_up_credentials(const PickUpCredential *table, size_t n_table_entry) {
 
         return ret;
 }
+
+static const CredentialsVarlinkError credentials_varlink_error_table[] = {
+        { "io.systemd.Credentials.BadFormat",              EBADMSG,      "Bad credential format." },
+        { "io.systemd.Credentials.NameMismatch",           EDESTADDRREQ, "Name in credential doesn't match expectations." },
+        { "io.systemd.Credentials.TimeMismatch",           ESTALE,       "Outside of credential validity time window." },
+        { "io.systemd.Credentials.NoSuchUser",             ESRCH,        "No such user." },
+        { "io.systemd.Credentials.BadScope",               EMEDIUMTYPE,  "Scope mismatch." },
+        { "io.systemd.Credentials.CantFindPCRSignature",   EHOSTDOWN,    "PCR signature required for decryption, but could not be found." },
+        { "io.systemd.Credentials.NullKeyNotAllowed",      EHWPOISON,    "The key was encrypted with a null key, but that's now allowed during decryption." },
+        { "io.systemd.Credentials.KeyBelongsToOtherTPM",   EREMOTE,      "The TPM integrity check for this key failed, key probably belongs to another TPM, or was corrupted." },
+        { "io.systemd.Credentials.TPMInDictionaryLockout", ENOLCK,       "The TPM is in dictionary lockout mode, cannot operate." },
+        { "io.systemd.Credentials.UnexpectedPCRState" ,    EUCLEAN,      "Unexpected TPM PCR state of the system." },
+};
+
+const CredentialsVarlinkError* credentials_varlink_error_by_id(const char *id) {
+        assert(id);
+
+        FOREACH_ELEMENT(i, credentials_varlink_error_table)
+                if (streq(id, i->id))
+                        return i;
+
+        return NULL;
+}
+
+const CredentialsVarlinkError* credentials_varlink_error_by_errno(int errnum) {
+        assert(errnum != 0);
+
+        errnum = ABS(errnum);
+
+        FOREACH_ELEMENT(i, credentials_varlink_error_table)
+                if (errnum == i->errnum)
+                        return i;
+
+        return NULL;
+}
diff --git a/src/shared/creds-util.h b/src/shared/creds-util.h
index 7124ecd8543..058c8cabc7b 100644
--- a/src/shared/creds-util.h
+++ b/src/shared/creds-util.h
@@ -102,3 +102,12 @@ typedef struct PickUpCredential {
 } PickUpCredential;
 
 int pick_up_credentials(const PickUpCredential *table, size_t n_table_entry);
+
+typedef struct CredentialsVarlinkError {
+        const char *id;
+        int errnum;
+        const char *msg;
+} CredentialsVarlinkError;
+
+const CredentialsVarlinkError* credentials_varlink_error_by_id(const char *id) _pure_;
+const CredentialsVarlinkError* credentials_varlink_error_by_errno(int errnum) _const_;