--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include "creds-util.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "path-util.h"
+
+bool credential_name_valid(const char *s) {
+ /* We want that credential names are both valid in filenames (since that's our primary way to pass
+ * them around) and as fdnames (which is how we might want to pass them around eventually) */
+ return filename_is_valid(s) && fdname_is_valid(s);
+}
+
+int get_credentials_dir(const char **ret) {
+ const char *e;
+
+ assert(ret);
+
+ e = secure_getenv("CREDENTIALS_DIRECTORY");
+ if (!e)
+ return -ENXIO;
+
+ if (!path_is_absolute(e) || !path_is_normalized(e))
+ return -EINVAL;
+
+ *ret = e;
+ return 0;
+}
+
+int read_credential(const char *name, void **ret, size_t *ret_size) {
+ _cleanup_free_ char *fn = NULL;
+ const char *d;
+ int r;
+
+ assert(ret);
+
+ if (!credential_name_valid(name))
+ return -EINVAL;
+
+ r = get_credentials_dir(&d);
+ if (r < 0)
+ return r;
+
+ fn = path_join(d, name);
+ if (!fn)
+ return -ENOMEM;
+
+ return read_full_file_full(
+ AT_FDCWD, fn,
+ UINT64_MAX, SIZE_MAX,
+ READ_FULL_FILE_SECURE,
+ NULL,
+ (char**) ret, ret_size);
+}
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+#include <inttypes.h>
+#include <stdbool.h>
+#include <sys/types.h>
+
+bool credential_name_valid(const char *s);
+
+int get_credentials_dir(const char **ret);
+
+int read_credential(const char *name, void **ret, size_t *ret_size);
conf-files.h
copy.c
copy.h
+ creds-util.c
+ creds-util.h
def.h
device-nodes.c
device-nodes.h
return false;
}
-
-bool credential_name_valid(const char *s) {
- /* We want that credential names are both valid in filenames (since that's our primary way to pass
- * them around) and as fdnames (which is how we might want to pass them around eventually) */
- return filename_is_valid(s) && fdname_is_valid(s);
-}
bool path_strv_contains(char **l, const char *path);
bool prefixed_path_strv_contains(char **l, const char *path);
-
-bool credential_name_valid(const char *s);
#include "cap-list.h"
#include "capability-util.h"
#include "cpu-set-util.h"
+#include "creds-util.h"
#include "dbus-execute.h"
#include "dbus-util.h"
#include "env-util.h"
#include "sd-messages.h"
#include "af-list.h"
-#include "alloc-util.h"
#include "all-units.h"
+#include "alloc-util.h"
#include "bpf-firewall.h"
#include "bus-error.h"
#include "bus-internal.h"
#include "conf-parser.h"
#include "core-varlink.h"
#include "cpu-set-util.h"
+#include "creds-util.h"
#include "env-util.h"
#include "errno-list.h"
#include "escape.h"
#include "clean-ipc.h"
#include "clock-util.h"
#include "core-varlink.h"
+#include "creds-util.h"
#include "dbus-job.h"
#include "dbus-manager.h"
#include "dbus-unit.h"
#include "install.h"
#include "io-util.h"
#include "label.h"
-#include "locale-setup.h"
#include "load-fragment.h"
+#include "locale-setup.h"
#include "log.h"
#include "macro.h"
#include "manager.h"
if (r < 0)
return r;
- e = secure_getenv("CREDENTIALS_DIRECTORY");
- if (e) {
+ r = get_credentials_dir(&e);
+ if (r >= 0) {
m->received_credentials = strdup(e);
if (!m->received_credentials)
return -ENOMEM;
#include "cgroup-util.h"
#include "copy.h"
#include "cpu-set-util.h"
+#include "creds-util.h"
#include "dev-setup.h"
#include "discover-image.h"
#include "dissect-image.h"
else {
const char *e;
- e = getenv("CREDENTIALS_DIRECTORY");
- if (!e)
- return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Credential not available (no credentials passed at all): %s", word);
+ r = get_credentials_dir(&e);
+ if (r < 0)
+ return log_error_errno(r, "Credential not available (no credentials passed at all): %s", word);
j = path_join(e, p);
if (!j)
projects / thirdparty / systemd.git / commitdiff
