Let's unify how we remove secrets from the env block.
*ret_paths = TAKE_PTR(l);
return 1;
}
+
+int unsetenv_erase(const char *name) {
+ char *p;
+
+ assert(name);
+
+ p = getenv(name);
+ if (!p)
+ return 0;
+
+ string_erase(p);
+
+ if (unsetenv(name) < 0)
+ return -errno;
+
+ return 1;
+}
/* Parses and does sanity checks on an environment variable containing
* PATH-like colon-separated absolute paths */
int getenv_path_list(const char *name, char ***ret_paths);
+
+int unsetenv_erase(const char *name);
#include "ask-password-api.h"
#include "cryptenroll-password.h"
+#include "env-util.h"
#include "escape.h"
#include "memory-util.h"
#include "pwquality-util.h"
if (!new_password)
return log_oom();
- string_erase(e);
- assert_se(unsetenv("NEWPASSWORD") == 0);
+ assert_se(unsetenv_erase("NEWPASSWORD") >= 0);
} else {
_cleanup_free_ char *disk_path = NULL;
#include "cryptenroll-wipe.h"
#include "cryptenroll.h"
#include "cryptsetup-util.h"
+#include "env-util.h"
#include "escape.h"
#include "libfido2-util.h"
#include "main-func.h"
if (!password)
return log_oom();
- string_erase(e);
- assert_se(unsetenv("PASSWORD") >= 0);
+ assert_se(unsetenv_erase("PASSWORD") >= 0);
r = crypt_volume_key_get(
cd,
#include "ask-password-api.h"
#include "cryptsetup-fido2.h"
+#include "env-util.h"
#include "fileio.h"
#include "hexdecoct.h"
#include "json.h"
if (!pins)
return log_oom();
- string_erase(e);
- if (unsetenv("PIN") < 0)
- return log_error_errno(errno, "Failed to unset $PIN: %m");
+ assert_se(unsetenv_erase("PIN") >= 0);
}
for (;;) {
if (r < 0)
return log_error_errno(r, "Failed to store password: %m");
- string_erase(e);
- assert_se(unsetenv("PASSWORD") == 0);
-
+ assert_se(unsetenv_erase("PASSWORD") >= 0);
return 1;
}
if (r < 0)
return log_error_errno(r, "Failed to store token PIN: %m");
- string_erase(e);
- assert_se(unsetenv("PIN") == 0);
-
+ assert_se(unsetenv_erase("PIN") >= 0);
return 1;
}
if (r < 0)
return log_error_errno(r, "Failed to store password: %m");
- string_erase(e);
- assert_se(unsetenv("NEWPASSWORD") == 0);
+ assert_se(unsetenv_erase("NEWPASSWORD") >= 0);
if (ret)
*ret = TAKE_PTR(copy);
#include <fcntl.h>
#include "ask-password-api.h"
+#include "env-util.h"
#include "escape.h"
#include "fd-util.h"
#include "format-table.h"
if (!passwords)
return log_oom();
- string_erase(e);
- if (unsetenv("PIN") < 0)
- return log_error_errno(errno, "Failed to unset $PIN: %m");
+ assert_se(unsetenv_erase("PIN") >= 0);
} else if (headless)
return log_error_errno(SYNTHETIC_ERRNO(ENOPKG), "PIN querying disabled via 'headless' option. Use the 'PIN' environment variable.");
else {
assert_se(set_unset_env("SYSTEMD_EXEC_PID", saved, 1) >= 0);
}
+static void test_unsetenv_erase(void) {
+ int r;
+
+ log_info("/* %s */", __func__);
+
+ r = safe_fork("(sd-unsetenverase)", FORK_DEATHSIG|FORK_LOG|FORK_WAIT, NULL);
+ if (r == 0) {
+ _cleanup_strv_free_ char **l = NULL;
+ char **e;
+
+ /* child */
+
+ assert_se(unsetenv_erase("thisenvvardefinitelywontexist") == 0);
+
+ l = strv_new("FOO=BAR", "QUUX=PIFF", "ONE=TWO", "A=B");
+ assert_se(strv_length(l) == 4);
+
+ environ = l;
+
+ STRV_FOREACH(e, environ) {
+ _cleanup_free_ char *n = NULL;
+ char *eq;
+
+ eq = strchr(*e, '=');
+ if (!eq)
+ continue;
+
+ n = strndup(*e, eq - *e);
+ assert_se(n);
+
+ assert_se(streq_ptr(getenv(n), eq + 1));
+ assert_se(getenv(n) == eq + 1);
+ assert_se(unsetenv_erase(n) > 0);
+ assert_se(isempty(eq + 1));
+ assert_se(!getenv(n));
+ }
+
+ environ = NULL;
+ l = strv_free(l);
+
+ _exit(EXIT_SUCCESS);
+ }
+
+ assert_se(r > 0);
+}
+
int main(int argc, char *argv[]) {
test_setup_logging(LOG_DEBUG);
test_env_assignment_is_valid();
test_putenv_dup();
test_setenv_systemd_exec_pid();
+ test_unsetenv_erase();
return 0;
}
projects / thirdparty / systemd.git / commitdiff
