_CREDENTIAL_SEARCH_PATH_INVALID = -EINVAL,
} CredentialSearchPath;
-static char** credential_search_path(const ExecParameters *params, CredentialSearchPath path) {
+static int credential_search_path(const ExecParameters *params, CredentialSearchPath path, char ***ret) {
_cleanup_strv_free_ char **l = NULL;
+ int r;
assert(params);
assert(path >= 0 && path < _CREDENTIAL_SEARCH_PATH_MAX);
+ assert(ret);
/* Assemble a search path to find credentials in. For non-encrypted credentials, We'll look in
* /etc/credstore/ (and similar directories in /usr/lib/ + /run/). If we're looking for encrypted
* credentials, we'll look in /etc/credstore.encrypted/ (and similar dirs). */
if (IN_SET(path, CREDENTIAL_SEARCH_PATH_ENCRYPTED, CREDENTIAL_SEARCH_PATH_ALL)) {
- if (strv_extend(&l, params->received_encrypted_credentials_directory) < 0)
- return NULL;
+ r = strv_extend(&l, params->received_encrypted_credentials_directory);
+ if (r < 0)
+ return r;
+
+ _cleanup_strv_free_ char **add = NULL;
+ r = credential_store_path_encrypted(params->runtime_scope, &add);
+ if (r < 0)
+ return r;
- if (strv_extend_strv(&l, CONF_PATHS_STRV("credstore.encrypted"), /* filter_duplicates= */ true) < 0)
- return NULL;
+ r = strv_extend_strv_consume(&l, TAKE_PTR(add), /* filter_duplicates= */ false);
+ if (r < 0)
+ return r;
}
if (IN_SET(path, CREDENTIAL_SEARCH_PATH_TRUSTED, CREDENTIAL_SEARCH_PATH_ALL)) {
- if (strv_extend(&l, params->received_credentials_directory) < 0)
- return NULL;
+ r = strv_extend(&l, params->received_credentials_directory);
+ if (r < 0)
+ return r;
+
+ _cleanup_strv_free_ char **add = NULL;
+ r = credential_store_path(params->runtime_scope, &add);
+ if (r < 0)
+ return r;
- if (strv_extend_strv(&l, CONF_PATHS_STRV("credstore"), /* filter_duplicates= */ true) < 0)
- return NULL;
+ r = strv_extend_strv_consume(&l, TAKE_PTR(add), /* filter_duplicates= */ false);
+ if (r < 0)
+ return r;
}
if (DEBUG_LOGGING) {
log_debug("Credential search path is: %s", strempty(t));
}
- return TAKE_PTR(l);
+ *ret = TAKE_PTR(l);
+ return 0;
}
struct load_cred_args {
* directory we received ourselves. We don't support the AF_UNIX stuff in this mode, since we
* are operating on a credential store, i.e. this is guaranteed to be regular files. */
- search_path = credential_search_path(args->params, CREDENTIAL_SEARCH_PATH_ALL);
- if (!search_path)
- return -ENOMEM;
+ r = credential_search_path(args->params, CREDENTIAL_SEARCH_PATH_ALL, &search_path);
+ if (r < 0)
+ return r;
missing_ok = true;
} else
ORDERED_SET_FOREACH(ic, context->import_credentials) {
_cleanup_free_ char **search_path = NULL;
- search_path = credential_search_path(params, CREDENTIAL_SEARCH_PATH_TRUSTED);
- if (!search_path)
- return -ENOMEM;
+ r = credential_search_path(params, CREDENTIAL_SEARCH_PATH_TRUSTED, &search_path);
+ if (r < 0)
+ return r;
args.encrypted = false;
return r;
search_path = strv_free(search_path);
- search_path = credential_search_path(params, CREDENTIAL_SEARCH_PATH_ENCRYPTED);
- if (!search_path)
- return -ENOMEM;
+
+ r = credential_search_path(params, CREDENTIAL_SEARCH_PATH_ENCRYPTED, &search_path);
+ if (r < 0)
+ return r;
args.encrypted = true;
static inline char** env_generator_binary_paths(RuntimeScope runtime_scope) {
return generator_binary_paths_internal(runtime_scope, true);
}
+
+static inline int credential_store_path(RuntimeScope runtime_scope, char ***ret) {
+ return sd_path_lookup_strv(
+ runtime_scope == RUNTIME_SCOPE_SYSTEM ?
+ SD_PATH_SYSTEM_SEARCH_CREDENTIAL_STORE : SD_PATH_USER_SEARCH_CREDENTIAL_STORE,
+ /* suffix= */ NULL,
+ ret);
+}
+
+static inline int credential_store_path_encrypted(RuntimeScope runtime_scope, char ***ret) {
+ return sd_path_lookup_strv(
+ runtime_scope == RUNTIME_SCOPE_SYSTEM ?
+ SD_PATH_SYSTEM_SEARCH_CREDENTIAL_STORE_ENCRYPTED : SD_PATH_USER_SEARCH_CREDENTIAL_STORE_ENCRYPTED,
+ /* suffix= */ NULL,
+ ret);
+}
projects / thirdparty / systemd.git / commitdiff
