_cleanup_(free_host_infop) HostInfo *host = NULL;
int r;
+ assert(hi);
+
host = new0(HostInfo, 1);
if (!host)
return log_oom();
_cleanup_fclose_ FILE *f = NULL;
int r;
+ assert(ret);
+
/* Let's read the available system calls from the list of available tracing events. Slightly dirty,
* but good enough for analysis purposes. */
BootTimes *t;
int r;
+ assert(ret);
+
r = acquire_boot_times(bus, /* require_finished= */ true, &t);
if (r < 0)
return r;
UnitInfo u;
int r;
+ assert(out);
+
r = acquire_boot_times(bus, require_finished, &boot_times);
if (r < 0)
return r;
static int find_environment_binary(const char *fn, const char **ret) {
+ assert(ret);
+
/* If a path such as /usr/lib/systemd/systemd-foobar is specified, then this will check for an
* environment variable SYSTEMD_FOOBAR_PATH and return it if set. */
int cg_escape(const char *p, char **ret) {
_cleanup_free_ char *n = NULL;
+ assert(ret);
+
/* This implements very minimal escaping for names to be used as file names in the cgroup tree: any
* name which might conflict with a kernel name or is prefixed with '_' is prefixed with a '_'. That
* way, when reading cgroup names it is sufficient to remove a single prefixing underscore if there
CGroupMask mask;
int r;
+ assert(ret);
+
/* Determines the mask of supported cgroup controllers. Only includes controllers we can make sense of and that
* are actually accessible. Only covers real controllers, i.e. not the CGROUP_CONTROLLER_BPF_xyz
* pseudo-controllers. */
uint64_t t;
int r;
+ assert(ret);
+
r = read_one_line_file(fn, &ln);
if (r < 0)
return r;
int hashmap_put_strdup_full(Hashmap **h, const struct hash_ops *hash_ops, const char *k, const char *v) {
int r;
+ assert(h);
+
r = hashmap_ensure_allocated(h, hash_ops);
if (r < 0)
return r;
size_t n;
int r;
+ assert(ret);
+
r = _hashmap_dump_entries_sorted(h, &entries, &n);
if (r < 0)
return r;
size_t n;
int r;
+ assert(ret);
+
r = _hashmap_dump_entries_sorted(h, &entries, &n);
if (r < 0)
return r;
const char *c, *next = NULL;
int r;
+ POINTER_MAY_BE_NULL(path);
+
/* Split the path into dir prefix/filename pair. Returns:
*
* -EINVAL → if the path is not valid
assert(ibuf);
assert(*ibuf);
+ POINTER_MAY_BE_NULL(_isz);
/* This does three things:
*
_cleanup_free_ char *s = NULL;
int r;
+ assert(ret);
+
r = getttyname_malloc(fd, &s);
if (r < 0)
return r;
#endif
int read_login_defs(UGIDAllocationRange *ret_defs, const char *path, const char *root) {
+ assert(ret_defs);
+
#if ENABLE_COMPAT_MUTABLE_UID_BOUNDARIES
_cleanup_fclose_ FILE *f = NULL;
UGIDAllocationRange defs;
char *t;
assert(f);
+ assert(ret);
r = strdup(f);
if (!r)
le64_t h;
size_t len;
+ assert(ret);
+
if (strlen(name) < UNIT_NAME_MAX)
return -EMSGSIZE;
/* Convert to a string that has only ASCII chars, replacing anything that is not ASCII
* by replacement_char. */
+ assert(str);
+ assert(ret);
+
_cleanup_free_ char *ans = new(char, strlen(str) + 1);
if (!ans)
return -ENOMEM;
}
static int load_bpf_progs_from_fs_to_set(Unit *u, char **filter_paths, Set **set) {
+ assert(set);
+
set_clear(*set);
STRV_FOREACH(bpf_fs_path, filter_paths) {
assert(m);
assert(bus);
assert(path);
+ assert(unit);
if (streq(path, "/org/freedesktop/systemd1/unit/self")) {
_cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
assert(m);
assert(id);
+ assert(tmp_dir);
+ assert(var_tmp_dir);
/* tmp_dir, var_tmp_dir, {net,ipc}ns_storage_socket fds are donated on success */
Unit *target;
int r;
+ assert(ret_error_message);
+
if (arg_default_unit)
unit = arg_default_unit;
else if (in_initrd())
Unit *unit;
int r;
+ assert(ret);
+
r = manager_load_unit(m, name, path, &error, &unit);
if (r < 0)
return log_error_errno(r, "Failed to load %s %s: %s",
int r;
assert(s);
+ assert(ret_pid);
r = socket_arm_timer(s, /* relative= */ true, s->timeout_usec);
if (r < 0)
char *dash;
int r;
+ assert(ret);
+
r = unit_name_to_prefix(u->id, &prefix);
if (r < 0)
return r;
_cleanup_(unit_freep) Unit *u = NULL;
int r;
+ assert(ret);
+
u = unit_new(m, size);
if (!u)
return -ENOMEM;
_cleanup_free_ char *n = NULL;
int r;
+ assert(u);
+ assert(ret);
+
r = unit_name_to_prefix(u->id, &n);
if (r < 0)
return r;
CGroupDeviceAllow *allow = userdata;
int r;
+ assert(ret);
+
LIST_FOREACH(device_allow, a, allow) {
r = sd_json_variant_append_arraybo(
&v,
ExecContext *c = ASSERT_PTR(userdata);
_cleanup_free_ char *v = bpf_delegate_commands_to_string(c->bpf_delegate_commands);
+ assert(ret);
+
if (!v) {
*ret = NULL;
return 0;
}
- return sd_json_variant_new_string(ASSERT_PTR(ret), v);
+ return sd_json_variant_new_string(ret, v);
}
static int private_bpf_delegate_maps_build_json(sd_json_variant **ret, const char *name, void *userdata) {
ExecContext *c = ASSERT_PTR(userdata);
_cleanup_free_ char *v = bpf_delegate_maps_to_string(c->bpf_delegate_maps);
+ assert(ret);
+
if (!v) {
*ret = NULL;
return 0;
}
- return sd_json_variant_new_string(ASSERT_PTR(ret), v);
+ return sd_json_variant_new_string(ret, v);
}
static int private_bpf_delegate_programs_build_json(sd_json_variant **ret, const char *name, void *userdata) {
ExecContext *c = ASSERT_PTR(userdata);
_cleanup_free_ char *v = bpf_delegate_programs_to_string(c->bpf_delegate_programs);
+ assert(ret);
+
if (!v) {
*ret = NULL;
return 0;
}
- return sd_json_variant_new_string(ASSERT_PTR(ret), v);
+ return sd_json_variant_new_string(ret, v);
}
static int private_bpf_delegate_attachments_build_json(sd_json_variant **ret, const char *name, void *userdata) {
ExecContext *c = ASSERT_PTR(userdata);
_cleanup_free_ char *v = bpf_delegate_attachments_to_string(c->bpf_delegate_attachments);
+ assert(ret);
+
if (!v) {
*ret = NULL;
return 0;
}
- return sd_json_variant_new_string(ASSERT_PTR(ret), v);
+ return sd_json_variant_new_string(ret, v);
}
static int syscall_filter_build_json(sd_json_variant **ret, const char *name, void *userdata) {
assert(pidref_is_set(pid));
assert(!pidref_is_remote(pid));
+ assert(ret_cmdline);
r = pidref_from_same_root_fs(pid, &PIDREF_MAKE_FROM_PID(1));
if (r < 0)
_cleanup_free_ char *private_uri = NULL;
int r;
+ assert(ret_uri);
+
r = uri_from_string(uri, &p11kit_uri);
if (r < 0)
return log_error_errno(r, "Failed to parse PKCS#11 URI '%s': %m", uri);
_cleanup_(hibernate_info_done) HibernateInfo i = {};
int r;
+ assert(ret);
+
r = get_kernel_hibernate_location(&i.cmdline);
if (r < 0)
return r;
static int parse_language_field(char ***languages, const char *arg) {
int r;
+ assert(languages);
+
if (isempty(arg)) {
r = drop_from_identity("preferredLanguage", "additionalLanguages");
if (r < 0)
Home *h;
int r;
+ assert(found);
+
r = sd_bus_path_decode(path, "/org/freedesktop/home1/home", &e);
if (r <= 0)
return 0;
int r;
assert(cd);
+ assert(ret);
/* Let's find the right OpenSSL EVP_CIPHER object that matches the encryption settings of the LUKS
* device */
assert(cd);
assert(h);
+ assert(ret_luks_home_record);
for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
_cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL, *rr = NULL;
assert(label);
assert(ret_offset);
assert(ret_size);
+ assert(ret_disk_uuid);
t = fdisk_new_parttype();
if (!t)
assert(fd >= 0);
assert(ret_disk_uuid);
assert(ret_table);
+ assert(ret_partition);
assert((partition_offset & 511) == 0);
assert((old_partition_size & 511) == 0);
int r;
assert(h);
+ assert(ret_home);
if (!h->user_name)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "User record lacks user name, refusing.");
assert(host);
assert(embedded);
+ assert(ret);
/* Make sure both records are initialized */
if (!host->json || !embedded->json)
_cleanup_free_ char *model = NULL, *sku = NULL;
int r;
+ assert(ret);
+
r = get_dmi_property(c, "ID_SKU", &sku);
if (r < 0)
return r;
_cleanup_free_ char *version = NULL;
int r;
+ assert(ret);
+
r = get_dmi_property(c, "ID_HARDWARE_VERSION", &version);
if (r < 0)
return r;
_cleanup_(sd_event_unrefp) sd_event *e = NULL;
int r;
+ assert(glue);
+
if (event)
e = sd_event_ref(event);
else {
assert(protocol);
assert(registry);
- assert(image && *image);
+ assert(image);
+ assert(*image);
assert(tag);
/* OCI container reference are supposed to have the form <registry>/<name>:<tag>. Except that it's
DEFINE_STRING_TABLE_LOOKUP_FROM_STRING(go_arch, Architecture);
char* urlescape(const char *s) {
+ POINTER_MAY_BE_NULL(s);
size_t l = strlen_ptr(s);
_cleanup_free_ char *t = new(char, l * 3 + 1);
int r;
assert(j);
+ assert(ret);
/* Generic implementation of a PullJobNotFound handler, that restarts the job requesting a different
* signature file. After the initial file, additional *.sha256.gpg, SHA256SUMS.gpg and SHA256SUMS.asc
_cleanup_free_ char *ll = NULL;
int r;
+ assert(ret);
+
if (arg_import_flags & IMPORT_DIRECT) {
if (!local)
char *b = NULL;
int r;
+ assert(v);
+
r = sd_bus_default_system(&bus);
if (r < 0)
return r;
_cleanup_free_ char *p = NULL;
int r;
+ assert(m);
assert(!uid_for_system_journal(uid));
+ assert(ret);
f = ordered_hashmap_get(m->user_journals, UID_TO_PTR(uid));
if (f)
int r;
assert(version);
+ assert(ret_kernel);
vmlinuz = path_join("/usr/lib/modules/", version, "/vmlinuz");
if (!vmlinuz)
size_t sz;
int r;
+ assert(ret);
+
r = message_from_header(
bus,
buffer, length,
static void server(sd_bus *b, size_t *result) {
int r;
+ assert(result);
+
for (;;) {
_cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
static void prepare_loopback(sd_device **ret) {
_cleanup_(sd_device_unrefp) sd_device *dev = NULL;
+ assert(ret);
+
ASSERT_OK(sd_device_new_from_syspath(&dev, "/sys/class/net/lo"));
ASSERT_OK(device_add_property(dev, "ACTION", "add"));
ASSERT_OK(device_add_property(dev, "SEQNUM", "10"));
_cleanup_(sd_device_unrefp) sd_device *dev = NULL;
int r;
+ assert(ret);
+
r = sd_device_new_from_subsystem_sysname(&dev, "block", "sda");
if (r < 0)
return r;
static void prepare_monitor(sd_device_monitor **ret_server, sd_device_monitor **ret_client, union sockaddr_union *ret_address) {
_cleanup_(sd_device_monitor_unrefp) sd_device_monitor *monitor_server = NULL, *monitor_client = NULL;
+ assert(ret_server);
+ assert(ret_client);
+
ASSERT_OK(device_monitor_new_full(&monitor_server, MONITOR_GROUP_NONE, -EBADF));
ASSERT_OK(sd_device_monitor_set_description(monitor_server, "sender"));
ASSERT_OK(sd_device_monitor_start(monitor_server, NULL, NULL));
unsigned n_new_dev = 0, n_removed_dev = 0;
sd_device *dev;
+ assert(ret_n_new_dev);
+ assert(ret_n_removed_dev);
+
ASSERT_OK(sd_device_enumerator_new(&e));
ASSERT_OK(sd_device_enumerator_add_match_subsystem(e, subsystem, true));
exclude_problematic_devices(e);
static void mkdtemp_chdir_chattr(const char *template, char **ret) {
_cleanup_(rm_rf_physical_and_freep) char *path = NULL;
+ assert(ret);
+
ASSERT_OK(mkdtemp_malloc(template, &path));
ASSERT_OK_ERRNO(chdir(path));
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
+ assert(ret);
+
r = sd_nfnl_message_new(nfnl, &m, nfproto, NFNL_SUBSYS_NFTABLES, NFT_MSG_NEWCHAIN, NLM_F_CREATE);
if (r < 0)
return r;
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
+ assert(ret);
+
r = sd_nfnl_message_new(nfnl, &m, nfproto, NFNL_SUBSYS_NFTABLES, NFT_MSG_NEWTABLE, NLM_F_CREATE | NLM_F_EXCL);
if (r < 0)
return r;
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
+ assert(ret);
+
r = sd_nfnl_message_new(nfnl, &m, nfproto, NFNL_SUBSYS_NFTABLES, NFT_MSG_NEWRULE, NLM_F_CREATE);
if (r < 0)
return r;
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
+ assert(ret);
+
r = sd_nfnl_message_new(nfnl, &m, nfproto, NFNL_SUBSYS_NFTABLES, NFT_MSG_NEWSET, NLM_F_CREATE);
if (r < 0)
return r;
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
+ assert(ret);
+
if (add)
r = sd_nfnl_message_new(nfnl, &m, nfproto, NFNL_SUBSYS_NFTABLES, NFT_MSG_NEWSETELEM, NLM_F_CREATE);
else
_cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL;
+ POINTER_MAY_BE_NULL(ifindex);
+
if (!ifindex || *ifindex <= 0)
return;
assert(p);
assert(*p);
assert(line);
+ assert(column);
assert(field);
r = varlink_idl_subparse_whitespace(p, line, column);
_cleanup_(sd_varlink_interface_freep) sd_varlink_interface *interface = NULL;
_cleanup_(varlink_symbol_freep) sd_varlink_symbol *symbol = NULL;
+
+ assert_return(ret, -EINVAL);
+
enum {
STATE_PRE_INTERFACE,
STATE_INTERFACE,
_cleanup_(sd_varlink_server_unrefp) sd_varlink_server *s = NULL;
int r;
+ assert(ret);
+
r = sd_varlink_server_new(&s, flags|SD_VARLINK_SERVER_FD_PASSING_INPUT_STRICT);
if (r < 0)
return log_debug_errno(r, "Failed to allocate varlink server object: %m");
int r;
assert(m);
+ assert(ret);
/* Acquire the sender's session. This first checks if the sending process is inside a session itself,
* and returns that. If not and 'consult_display' is true, this returns the display session of the
User *user;
int r;
+ assert(ret);
+
/* Note that we get the owner UID of the session, not the actual client UID here! */
r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_OWNER_UID|SD_BUS_CREDS_AUGMENT, &creds);
if (r < 0)
assert(name);
assert(prefix);
assert(prefix2);
+ assert(ret);
r = bus_call_method(bus, bus_machine_mgr, "GetMachineAddresses", NULL, &reply, "s", name);
if (r < 0)
assert(message);
assert(name);
assert(c == _MACHINE_CLASS_INVALID || MACHINE_CLASS_CAN_REGISTER(c));
+ assert(leader_pidref);
+ assert(supervisor_pidref);
assert(ret);
if (leader_pidref->pid == 1)
_cleanup_(pcr_state_free_all) PcrState *pcr_states = NULL;
size_t n = 0;
+ assert(ret);
+
pcr_states = new0(PcrState, strv_length(arg_banks) + 1);
if (!pcr_states)
return log_oom();
_cleanup_(manager_freep) Manager *m = NULL;
int r;
+ assert(ret);
+
m = new(Manager, 1);
if (!m)
return -ENOMEM;
assert(netdev);
assert(netdev->manager);
+ assert(ret);
r = sd_genl_message_new(netdev->manager->genl, FOU_GENL_NAME, FOU_CMD_ADD, &m);
if (r < 0)
assert(local_address);
assert(netdev);
assert(netdev->manager);
+ assert(ret);
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
uint16_t encap_type;
assert(netdev->manager);
assert(session);
assert(session->tunnel);
+ assert(ret);
r = sd_genl_message_new(netdev->manager->genl, L2TP_GENL_NAME, L2TP_CMD_SESSION_CREATE, &m);
if (r < 0)
assert(netdev);
assert(netdev->ifindex > 0);
assert(netdev->manager);
+ assert(ret);
r = sd_genl_message_new(netdev->manager->genl, MACSEC_GENL_NAME, command, &m);
if (r < 0)
int address_new(Address **ret) {
_cleanup_(address_unrefp) Address *address = NULL;
+ assert(ret);
+
address = new(Address, 1);
if (!address)
return -ENOMEM;
struct in_addr **addresses,
size_t *n_addresses) {
+ assert(addresses);
+ assert(n_addresses);
+
for (;;) {
_cleanup_free_ char *word = NULL, *server_name = NULL;
union in_addr_union address;
Address *existing;
int r;
+ assert(link);
+ assert(server_address);
+ assert(ip6_addr);
+
r = address_new(&addr);
if (r < 0)
return log_oom();
int manager_new(Manager **ret, bool test_mode) {
_cleanup_(manager_freep) Manager *m = NULL;
+ assert(ret);
+
m = new(Manager, 1);
if (!m)
return -ENOMEM;
int nexthop_new(NextHop **ret) {
_cleanup_(nexthop_unrefp) NextHop *nexthop = NULL;
+ assert(ret);
+
nexthop = new(NextHop, 1);
if (!nexthop)
return -ENOMEM;
int route_new(Route **ret) {
_cleanup_(route_unrefp) Route *route = NULL;
+ assert(ret);
+
route = new(Route, 1);
if (!route)
return -ENOMEM;
_cleanup_(qdisc_unrefp) QDisc *qdisc = NULL;
int r;
+ assert(ret);
+
if (kind == _QDISC_KIND_INVALID) {
qdisc = new(QDisc, 1);
if (!qdisc)
_cleanup_(tclass_unrefp) TClass *tclass = NULL;
int r;
+ assert(ret);
+
if (kind == _TCLASS_KIND_INVALID) {
tclass = new(TClass, 1);
if (!tclass)
}
static int parse_mount_bind_options(const char *options, unsigned long *open_tree_flags, char **mount_opts, RemountIdmapping *idmapping) {
- unsigned long flags = *open_tree_flags;
+ unsigned long flags = *ASSERT_PTR(open_tree_flags);
char *opts = NULL;
- RemountIdmapping new_idmapping = *idmapping;
+ RemountIdmapping new_idmapping = *ASSERT_PTR(idmapping);
int r;
assert(options);
+ assert(mount_opts);
for (;;) {
_cleanup_free_ char *word = NULL;
assert(machine_name);
assert(pidref_is_set(pid));
assert(iface_name);
+ assert(provided_mac);
/* Use two different interface name prefixes depending whether
* we are in bridge mode or not. */
int r;
assert_se(bundle);
+ assert(ret);
path = strjoina(bundle, "/config.json");
uint64_t mask = 0;
int r;
+ assert(ret_mask);
+
for (;;) {
_cleanup_free_ char *t = NULL;
_cleanup_(manager_freep) Manager *m = NULL;
int r;
+ assert(ret);
+
m = new(Manager, 1);
if (!m)
return -ENOMEM;
_cleanup_(sd_varlink_unrefp) sd_varlink *link = NULL;
int r;
+ assert(ret);
+
r = sd_varlink_connect_address(&link, "/run/systemd/resolve/io.systemd.Resolve");
if (r < 0)
return r;
_cleanup_free_ char *safe = NULL;
assert(data || size == 0);
+ assert(ret);
if (size > EXTENSION_STRING_SAFE_LIMIT) {
safe = cescape_length(data, EXTENSION_STRING_SAFE_LIMIT);
_cleanup_(event_log_freep) EventLog *el = NULL;
int r;
+ assert(ret);
+
el = event_log_new();
if (!el)
return log_oom();
_cleanup_free_ char *s = NULL;
assert(normalized_path);
+ assert(ret);
if (path_equal(normalized_path, "/"))
s = strdup(PCRLOCK_ROOT_FILE_SYSTEM_PATH);
size_t m;
int r;
+ assert(ret);
+
r = path_extract_filename(path, &bn);
if (r < 0)
return r;
size_t n = 0;
int r;
+ assert(key);
+
r = read_full_file_full(
AT_FDCWD, filename,
/* offset= */ UINT64_MAX,
const char *label;
sd_id128_t id;
+ assert(ret);
+
/* Tries really hard to find a suitable description for this partition */
if (p->definition_path)
uint64_t rbytes = 0, rios = 0;
int r;
+ assert(ret_rbytes);
+ assert(ret_rios);
+
r = cg_get_path(cgroup_path, "io.stat", &path);
if (r < 0)
return r;
int r;
assert(context);
+ assert(ret);
_cleanup_(table_unrefp) Table *table = table_new("family", "object", "fields", "value");
if (!table)
int r;
assert(context);
+ assert(ret);
_cleanup_(table_unrefp) Table *table = table_new("family", "type", "description");
if (!table)
int r;
assert(context);
+ assert(ret);
_cleanup_(table_unrefp) Table *table = table_new("family", "object", "value");
if (!table)
int r;
assert(context);
+ assert(ret);
_cleanup_(table_unrefp) Table *table = table_new("family", "description");
if (!table)
bool authenticated = true;
int r;
+ assert(_authenticated);
+
/* Run a positive NSEC wildcard proof. Specifically:
*
* A proof that there's neither a wildcard name nor a non-wildcard name that is a suffix of the name "name" and
static int answer_add_ptr(DnsAnswer **answer, const char *from, const char *to, int ifindex, DnsAnswerFlags flags) {
_cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
+ assert(answer);
+
rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_PTR, from);
if (!rr)
return -ENOMEM;
DnsResourceRecord *rr;
int r;
+ assert(have_nsec);
assert(nvalidations);
+ assert(validated);
/* Returns negative on error, 0 if validation failed, 1 to restart validation, 2 when finished. */
static int load_static_record_file_item(sd_json_variant *rj, Hashmap **records) {
int r;
+ assert(records);
+
_cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
r = dns_resource_record_from_json(rj, &rr);
if (r < 0)
DnsResourceRecord *rr;
int ifindex, r;
+ assert(q);
+ POINTER_MAY_BE_NULL(canonical);
+
DNS_ANSWER_FOREACH_IFINDEX(rr, ifindex, q->answer) {
_cleanup_(sd_json_variant_unrefp) sd_json_variant *entry = NULL;
int family;
uint64_t i, u;
char *m = NULL;
+ assert(ret);
+
u = 1 + (random_u64() & 3);
for (i = 0; i < u; i++) {
assert(fd >= 0);
assert(path);
+ assert(ret_cmdline);
r = pe_load_headers_and_sections(fd, path, §ions, &pe_header);
if (r < 0)
_cleanup_(bpf_program_freep) BPFProgram *p = NULL;
_cleanup_free_ char *name = NULL;
+ assert(ret);
+
if (prog_name) {
if (strlen(prog_name) >= BPF_OBJ_NAME_LEN)
return -ENAMETOOLONG;
static int bus_append_refresh_on_reload(sd_bus_message *m, const char *field, const char *eq) {
int r;
+ assert(eq);
+
r = sd_bus_message_open_container(m, 'r', "sv");
if (r < 0)
return bus_log_create_error(r);
assert(spec);
assert(tm);
+ assert(usec);
c = *tm;
tm_usec = *usec;
_cleanup_free_ char *root = NULL;
int r;
+ assert(ret);
+
if (machine) {
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
_cleanup_free_ char *unit = NULL;
assert(line > 0);
assert(lookup);
assert(l);
+ assert(section);
+ assert(section_line);
+ assert(section_ignored);
l = strstrip(l);
if (isempty(l))
bool all = true;
int r, ret = 0;
+ assert(first_value);
+
/* Reads a bunch of credentials into the specified buffers. If the specified buffers are already
* non-NULL frees them if a credential is found. Only supports string-based credentials
* (i.e. refuses embedded NUL bytes).
_cleanup_free_ char *cn = NULL;
int r;
+ assert(ret_password);
+ assert(ret_is_hashed);
+
/* Try to pick up the password for this account via the credentials logic */
cn = strjoin("passwd.hashed-password.", username);
if (!cn)
const char *uuid;
char *s;
+ assert(ret);
+
uuid = sym_crypt_get_uuid(cd);
if (!uuid)
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to get LUKS UUID.");
char *hex;
int r;
+ assert(ret);
+
r = cryptsetup_get_volume_key_prefix(cd, volume_name, &prefix);
if (r < 0)
return log_debug_errno(r, "Failed to get LUKS volume key prefix.");
assert(devname);
assert(m);
assert(fstype);
+ POINTER_MAY_BE_NULL(mount_node_fd);
if (!image_filter_test(filter, PARTITION_ROOT, /* label= */ NULL)) /* do a filter check with an empty partition label */
return -ECOMM;
DnsAnswerItem *item;
int r;
+ assert(a);
+
/* Removes all items from '*a' that have a matching key in 'b' */
DNS_ANSWER_FOREACH_ITEM(item, b) {
int r;
assert(p);
+ assert(ret);
r = dns_packet_read_uint8(p, &c, NULL);
if (r < 0)
unsigned n;
int r;
+ assert(ret_question);
+
n = DNS_PACKET_QDCOUNT(p);
if (n > 0) {
question = dns_question_new(n);
bool bad_opt = false;
int r;
+ assert(ret_answer);
+
n = DNS_PACKET_RRCOUNT(p);
if (n == 0)
return 0;
assert(key);
assert(cname);
+ assert(ret);
/* Checks if the RR `cname` is a CNAME/DNAME RR that matches the specified `key`. If so, returns the
* target domain. If not, returns -EUNATCH */
_cleanup_free_ char **l = NULL;
int r;
+ assert(ret_hierarchies);
assert(hierarchy_env);
r = getenv_path_list(hierarchy_env, &l);
if (r == -ENXIO) {
_cleanup_(iovec_done) struct iovec salt = {};
int r;
+ assert(ret_salt);
+
r = crypto_random_bytes_allocate_iovec(FIDO2_SALT_SIZE, &salt);
if (r < 0)
return log_error_errno(r, "Failed to generate FIDO2 salt: %m");
_cleanup_free_ char *bind_name = NULL;
int r;
+ assert(ret_salt);
+
/* If we read the salt via AF_UNIX, make the client recognizable */
if (asprintf(&bind_name, "@%" PRIx64"/%s-fido2-salt/%s", random_u64(), client, node) < 0)
return log_oom();
const char *filename, uint16_t file_priority, uint32_t line_number, bool compat) {
int r = 0;
+ assert(node);
+
for (size_t i = 0;; i++) {
size_t p;
char c;
_cleanup_free_ char *prefix = NULL;
int r;
+ assert(ret);
+
r = unit_name_to_prefix_and_instance(i->name, &prefix);
if (r < 0)
return r;
_cleanup_free_ char *dst_updated = NULL;
int r;
+ assert(ret_dst);
+
/* Verify that dst is a valid either a valid alias or a valid .wants/.requires symlink for the target
* unit *i. Return negative on error or if not compatible, zero on success.
*
bool has_install_info = false;
int r;
+ assert(changes);
+ assert(n_changes);
+
STRV_FOREACH(name, names) {
InstallInfo *info;
_cleanup_(fido_dev_free_wrapper) fido_dev_t *d = NULL;
int r;
+ assert(ret_has_rk);
+ assert(ret_has_client_pin);
+ assert(ret_has_up);
+ assert(ret_has_uv);
+ assert(ret_has_always_uv);
+
d = sym_fido_dev_new();
if (!d)
return log_oom();
/* Older libmount seems to require this. */
assert(!source || path);
assert(IN_SET(direction, MNT_ITER_FORWARD, MNT_ITER_BACKWARD));
+ assert(ret_table);
+ assert(ret_iter);
r = dlopen_libmount();
if (r < 0)
assert(u);
assert(g);
assert(user_record_gid(u) == g->gid);
+ assert(ret_converted_user);
+ assert(ret_converted_group);
if (shell_copy)
shell = u->shell;
}
static int mangle_fat_label(const char *s, char **ret) {
- assert(s);
-
_cleanup_free_ char *q = NULL;
int r;
+ assert(s);
+ assert(ret);
+
r = utf8_to_ascii(s, '_', &q);
if (r < 0)
return r;
_cleanup_free_ void *b = NULL;
size_t l;
+ assert(ret_encrypt_key);
+ assert(ret_encrypt_key_size);
+
ctx = EVP_PKEY_CTX_new(pkey, NULL);
if (!ctx)
return log_openssl_errors("Failed to allocate public key context");
void **ret_saved_key,
size_t *ret_saved_key_size) {
+ assert(ret_decrypted_key);
+ assert(ret_decrypted_key_size);
+ assert(ret_saved_key);
+ assert(ret_saved_key_size);
+
_cleanup_(EVP_PKEY_freep) EVP_PKEY *pkey_new = NULL;
_cleanup_(erase_and_freep) void *decrypted_key = NULL;
_cleanup_free_ unsigned char *saved_key = NULL;
size_t decrypted_key_size, saved_key_size;
int r;
+ assert(ret_decrypted_key);
+ assert(ret_decrypted_key_size);
+ assert(ret_saved_key);
+ assert(ret_saved_key_size);
+
r = rsa_pkey_to_suitable_key_size(pkey, &decrypted_key_size);
if (r < 0)
return log_debug_errno(r, "Failed to determine RSA public key size.");
}
static int openssl_ask_password_ui_new(const AskPasswordRequest *request, OpenSSLAskPasswordUI **ret) {
+ assert(request);
assert(ret);
#ifndef OPENSSL_NO_UI_CONSOLE
assert(name);
assert(iovec_is_set(root_hash));
+ assert(ret);
_cleanup_free_ char *name_escaped = xescape(name, ":"); /* Avoid ambiguity around ":" */
if (!name_escaped)
CK_OBJECT_HANDLE object,
EVP_PKEY **ret_pkey) {
+ assert(ret_pkey);
+
CK_ATTRIBUTE attribute = { CKA_PUBLIC_KEY_INFO, NULL_PTR, 0 };
_cleanup_(EVP_PKEY_freep) EVP_PKEY *pkey = NULL;
CK_RV rv;
CK_RV rv;
int r;
+ assert(ret_pkey);
+
r = read_public_key_info(m, session, object, &pkey);
if (r >= 0) {
*ret_pkey = TAKE_PTR(pkey);
X509_NAME *name = NULL;
int r;
+ assert(ret_cert);
+
r = dlopen_p11kit();
if (r < 0)
return r;
CK_RV rv;
int r;
+ assert(ret_compressed_point);
+ assert(ret_compressed_point_size);
+
rv = m->C_GetAttributeValue(session, object, &ec_params_attr, 1);
if (!IN_SET(rv, CKR_OK, CKR_ATTRIBUTE_TYPE_INVALID))
return log_error_errno(SYNTHETIC_ERRNO(EIO),
CK_ULONG dbuffer_size = 0;
CK_RV rv;
+ assert(ret_decrypted_data);
+ assert(ret_decrypted_data_size);
+
rv = m->C_DecryptInit(session, (CK_MECHANISM*) &mechanism, object);
if (rv != CKR_OK)
return log_error_errno(SYNTHETIC_ERRNO(EIO),
char *url = NULL;
int r;
+ assert(ret);
+
if (uname(&u) < 0)
return -errno;
_cleanup_free_ char *n = NULL;
bool run = false, coll = false;
const char *ext = ".conf";
+
+ assert(name);
+ assert(ret_prefixes);
+ assert(ret_is_collection);
+ assert(ret_extension);
+
/* This is static so that the array doesn't get deallocated when we exit the function */
static const char* const std_prefixes[] = { CONF_PATHS(""), NULL };
static const char* const run_prefixes[] = { "/run/", NULL };
_cleanup_(seccomp_releasep) scmp_filter_ctx seccomp = NULL;
int r;
+ assert(ret);
+
/* Much like seccomp_init(), but initializes the filter for one specific architecture only, without affecting
* any others. Also, turns off the NNP fiddling. */
_cleanup_free_ char *np = NULL;
int r;
+ assert(ret_new_path);
+
/* If the specified path is a mount point we generate the new snapshot immediately
* inside it under a random name. However if the specified is not a mount point we
* create the new snapshot in the parent directory, just next to it. */
_cleanup_free_ char *name = NULL;
struct in_addr_full *x;
+ assert(a);
assert(ret);
if (!isempty(server_name)) {
int r;
assert(entry);
+ assert(xa);
+ assert(n_xa);
/* Fills in all fields that are present in the archive entry. Doesn't change the fields if the entry
* doesn't contain the relevant data */
assert(d);
assert(inode_fd >= 0);
assert(sx);
+ assert(ret);
/* If we know the hardlink count, and it's 1, then don't bother */
if (FLAGS_SET(sx->stx_mask, STATX_NLINK) && sx->stx_nlink == 1)
assert(c);
assert(data);
assert(primary_handle);
+ POINTER_MAY_BE_NULL(policy);
/* This is a generic version of tpm2_seal(), that doesn't imply any policy or any specific
* combination of the two keypairs in their marshalling. tpm2_seal() is somewhat specific to the FDE
assert(public_blob);
assert(private_blob);
assert(primary_handle);
+ assert(ret_data);
TPM2B_PUBLIC public;
r = tpm2_unmarshal_public(public_blob->iov_base, public_blob->iov_len, &public);
_cleanup_fclose_ FILE *f = NULL;
int r;
+ assert(ret_policy);
+
r = tpm2_pcrlock_search_file(path, &f, &discovered_path);
if (r == -ENOENT) {
*ret_policy = (Tpm2PCRLockPolicy) {};
_cleanup_set_free_ Set *names = NULL;
int r;
+ assert(ret_fragment_path);
+
/* Finds a fragment path, and returns the set of names:
* if we have …/foo.service and …/foo-alias.service→foo.service,
* and …/foo@.service and …/foo-alias@.service→foo@.service,
_cleanup_free_ char *mode = NULL;
int r;
+ assert(ret);
+
r = proc_cmdline_get_key("systemd.volatile", PROC_CMDLINE_VALUE_OPTIONAL, &mode);
if (r < 0)
return r;
_cleanup_free_ char *sys_fn = NULL;
int r;
+ assert(ret_gov);
+
r = watchdog_get_sysfs_path("pretimeout_governor", &sys_fn);
if (r < 0)
return r;
_cleanup_free_ char *bus_name = NULL;
int r;
+ assert(ret_dbus_name);
+
/* First, look for the BusName= property */
_cleanup_free_ char *dbus_path = unit_dbus_path_from_name(name);
if (!dbus_path)
int r;
assert(device);
+ POINTER_MAY_BE_NULL(partition_type);
assert(ret);
r = fdisk_new_context_at(AT_FDCWD, device, /* read_only= */ true, /* sector_size= */ UINT32_MAX, &c);
int r;
assert(rr);
+ POINTER_MAY_BE_NULL(web_cache);
ci = web_cache ? web_cache_get_item(*web_cache, rr->path, verify) : NULL;
if (ci) {
assert(t);
assert(i);
assert(cb);
+ assert(ret);
ctx = new(CalloutContext, 1);
if (!ctx)
int r;
assert(c);
+ assert(ret_tmpfile);
+ assert(ret_tmpfile_path);
if (ordered_hashmap_isempty(c->todo_uids))
goto done;
int r;
assert(c);
+ assert(ret_tmpfile);
+ assert(ret_tmpfile_path);
if (ordered_hashmap_isempty(c->todo_uids))
goto done;
int r;
assert(c);
+ assert(ret_tmpfile);
+ assert(ret_tmpfile_path);
if (ordered_hashmap_isempty(c->todo_gids) && ordered_hashmap_isempty(c->members))
goto done;
int r;
assert(c);
+ assert(ret_tmpfile);
+ assert(ret_tmpfile_path);
if (ordered_hashmap_isempty(c->todo_gids) && ordered_hashmap_isempty(c->members))
goto done;
_cleanup_hashmap_free_ Hashmap *cache = NULL;
int r;
+ assert(ret);
+
cache = hashmap_new(&uid_gid_hash_ops);
if (!cache)
return -ENOMEM;
_cleanup_hashmap_free_ Hashmap *cache = NULL;
int r;
+ assert(ret);
+
cache = hashmap_new(&uid_gid_hash_ops);
if (!cache)
return -ENOMEM;
unsigned i;
int r;
+ assert(ret);
assert_cc(ELEMENTSOF(paths_system) == ELEMENTSOF(paths_user));
paths = arg_runtime_scope == RUNTIME_SCOPE_USER ? paths_user : paths_system;
_cleanup_(iovec_done_erase) struct iovec buf = {};
int r;
+ assert(ret);
+
const char *bs = in_initrd() ? "/.extra/boot-secret" : "/run/systemd/stub/boot-secret";
r = read_full_file_full(
AT_FDCWD,
const char *subsystem, *devtype, *tag;
int r;
+ assert(ret);
+
r = device_monitor_new_full(&monitor, sender, -EBADF);
if (r < 0)
return log_error_errno(r, "Failed to create netlink socket: %m");
_cleanup_(manager_freep) Manager *m = NULL;
int r;
+ assert(ret);
+
m = new(Manager, 1);
if (!m)
return -ENOMEM;
const char *start,
const char *end) {
+ assert(sv);
+ assert(n);
+
if (end == start)
return 0;
projects / thirdparty / systemd.git / commitdiff
