core/exec-credential: introduce exec_context_get_credential_directory() helper function

No functional change, just refactoring.

diff --git a/src/core/exec-credential.c b/src/core/exec-credential.c
index e7bab891b877b42e2a59b59dcc49ae1416ebdca4..e69c4a9fa6fe60e1945f768151fa8f6d99b24449 100644 (file)
--- a/src/core/exec-credential.c
+++ b/src/core/exec-credential.c
@@ -94,6 +94,25 @@ static int get_credential_directory(
         return 1;
 }
 
+int exec_context_get_credential_directory(
+                const ExecContext *context,
+                const ExecParameters *params,
+                const char *unit,
+                char **ret) {
+
+        assert(context);
+        assert(params);
+        assert(unit);
+        assert(ret);
+
+        if (!exec_context_has_credentials(context)) {
+                *ret = NULL;
+                return 0;
+        }
+
+        return get_credential_directory(params->prefix[EXEC_DIRECTORY_RUNTIME], unit, ret);
+}
+
 int unit_add_default_credential_dependencies(Unit *u, const ExecContext *c) {
         _cleanup_free_ char *p = NULL, *m = NULL;
         int r;

diff --git a/src/core/exec-credential.h b/src/core/exec-credential.h
index db8e4ec3a523f8753cc1a54167ff927bbf7f9056..9e6f6656217210156b8f6a8357dcb7ec049960c3 100644 (file)
--- a/src/core/exec-credential.h
+++ b/src/core/exec-credential.h
@@ -37,6 +37,12 @@ extern const struct hash_ops exec_load_credential_hash_ops;
 bool exec_context_has_encrypted_credentials(ExecContext *c);
 bool exec_context_has_credentials(const ExecContext *c);
 
+int exec_context_get_credential_directory(
+                const ExecContext *context,
+                const ExecParameters *params,
+                const char *unit,
+                char **ret);
+
 int unit_add_default_credential_dependencies(Unit *u, const ExecContext *c);
 
 int exec_context_destroy_credentials(const ExecContext *c, const char *runtime_root, const char *unit);

diff --git a/src/core/execute.c b/src/core/execute.c
index 81be3a642e4c09d3a6698ccfb1551a8da645590a..701e1ead2aa0dd02fcf5ca597c66ed196f2f79c7 100644 (file)
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2041,8 +2041,12 @@ static int build_environment(
                 our_env[n_env++] = x;
         }
 
-        if (exec_context_has_credentials(c) && p->prefix[EXEC_DIRECTORY_RUNTIME]) {
-                x = strjoin("CREDENTIALS_DIRECTORY=", p->prefix[EXEC_DIRECTORY_RUNTIME], "/credentials/", u->id);
+        _cleanup_free_ char *creds_dir = NULL;
+        r = exec_context_get_credential_directory(c, p, u->id, &creds_dir);
+        if (r < 0)
+                return r;
+        if (r > 0) {
+                x = strjoin("CREDENTIALS_DIRECTORY=", creds_dir);
                 if (!x)
                         return -ENOMEM;
 
@@ -3217,12 +3221,10 @@ static int apply_mount_namespace(
         if (context->mount_propagation_flag == MS_SHARED)
                 log_unit_debug(u, "shared mount propagation hidden by other fs namespacing unit settings: ignoring");
 
-        if (exec_context_has_credentials(context) &&
-            params->prefix[EXEC_DIRECTORY_RUNTIME] &&
-            FLAGS_SET(params->flags, EXEC_WRITE_CREDENTIALS)) {
-                creds_path = path_join(params->prefix[EXEC_DIRECTORY_RUNTIME], "credentials", u->id);
-                if (!creds_path)
-                        return -ENOMEM;
+        if (FLAGS_SET(params->flags, EXEC_WRITE_CREDENTIALS)) {
+                r = exec_context_get_credential_directory(context, params, u->id, &creds_path);
+                if (r < 0)
+                        return r;
         }
 
         if (params->runtime_scope == RUNTIME_SCOPE_SYSTEM) {