creds: uniformly use varlink error table

author Mike Yuan <me@yhndnzj.com>

Fri, 19 Sep 2025 22:32:54 +0000 (00:32 +0200)

committer Mike Yuan <me@yhndnzj.com>

Sun, 21 Sep 2025 15:16:51 +0000 (17:16 +0200)
author Mike Yuan <me@yhndnzj.com>
Fri, 19 Sep 2025 22:32:54 +0000 (00:32 +0200)
committer Mike Yuan <me@yhndnzj.com>
Sun, 21 Sep 2025 15:16:51 +0000 (17:16 +0200)
diff --git a/src/creds/creds.c b/src/creds/creds.c

index ab3beabc02d77b1ce100b2242ff111cde3a4aaa9..198574075424ce5621bdf811d9b8c7dfa9831869 100644 (file)
--- a/src/creds/creds.c
+++ b/src/creds/creds.c
@@ -1409,28 +1409,15 @@ static int vl_method_decrypt(sd_varlink *link, sd_json_variant *parameters, sd_v
                  ask_polkit = true;
          }
  
-        if (r == -EBADMSG)
-                return sd_varlink_error(link, "io.systemd.Credentials.BadFormat", NULL);
-        if (r == -EDESTADDRREQ)
-                return sd_varlink_error(link, "io.systemd.Credentials.NameMismatch", NULL);
-        if (r == -ESTALE)
-                return sd_varlink_error(link, "io.systemd.Credentials.TimeMismatch", NULL);
-        if (r == -ESRCH)
-                return sd_varlink_error(link, "io.systemd.Credentials.NoSuchUser", NULL);
-        if (r == -EMEDIUMTYPE)
-                return sd_varlink_error(link, "io.systemd.Credentials.BadScope", NULL);
-        if (r == -EHOSTDOWN)
-                return sd_varlink_error(link, "io.systemd.Credentials.CantFindPCRSignature", NULL);
-        if (r == -EHWPOISON)
-                return sd_varlink_error(link, "io.systemd.Credentials.NullKeyNotAllowed", NULL);
-        if (r == -EREMOTE)
-                return sd_varlink_error(link, "io.systemd.Credentials.KeyBelongsToOtherTPM", NULL);
-        if (r == -ENOLCK)
-                return sd_varlink_error(link, "io.systemd.Credentials.TPMInDictionaryLockout", NULL);
          if (IN_SET(r, -EREMCHG, -ENOANO, -EUCLEAN, -EPERM))
                  return sd_varlink_error(link, "io.systemd.Credentials.UnexpectedPCRState", NULL);
-        if (r < 0)
+        if (r < 0) {
+                const CredentialsVarlinkError *e = credentials_varlink_error_by_errno(r);
+                if (e)
+                        return sd_varlink_error(link, e->id, NULL);
+
                  return r;
+        }
  
          _cleanup_(sd_json_variant_unrefp) sd_json_variant *reply = NULL;
  
diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c

index cc9d5c37fa69e292948790f1022aac1bd0d9a89b..7f7c04470f2ece6876b4ea2e41b47265f1d0623b 100644 (file)
--- a/src/shared/creds-util.c
+++ b/src/shared/creds-util.c
@@ -1652,26 +1652,9 @@ int ipc_decrypt_credential(const char *validate_name, usec_t validate_timestamp,
          if (r < 0)
                  return log_error_errno(r, "Failed to call Decrypt() varlink call.");
          if (!isempty(error_id))  {
-                static struct {
-                        const char *id;
-                        int errnum;
-                        const char *msg;
-                } table[] = {
-                        { "io.systemd.Credentials.BadFormat",              EBADMSG,      "Bad credential format." },
-                        { "io.systemd.Credentials.NameMismatch",           EDESTADDRREQ, "Name in credential doesn't match expectations." },
-                        { "io.systemd.Credentials.TimeMismatch",           ESTALE,       "Outside of credential validity time window." },
-                        { "io.systemd.Credentials.NoSuchUser",             ESRCH,        "No such user." },
-                        { "io.systemd.Credentials.BadScope",               EMEDIUMTYPE,  "Scope mismatch." },
-                        { "io.systemd.Credentials.CantFindPCRSignature",   EHOSTDOWN,    "PCR signature required for decryption, but could not be found." },
-                        { "io.systemd.Credentials.NullKeyNotAllowed",      EHWPOISON,    "The key was encrypted with a null key, but that's now allowed during decryption." },
-                        { "io.systemd.Credentials.KeyBelongsToOtherTPM",   EREMOTE,      "The TPM integrity check for this key failed, key probably belongs to another TPM, or was corrupted." },
-                        { "io.systemd.Credentials.TPMInDictionaryLockout", ENOLCK,       "The TPM is in dictionary lockout mode, cannot operate." },
-                        { "io.systemd.Credentials.UnexpectedPCRState" ,    EUCLEAN,      "Unexpected TPM PCR state of the system." },
-                };
-
-                FOREACH_ELEMENT(i, table)
-                        if (streq(i->id, error_id))
-                                return log_error_errno(SYNTHETIC_ERRNO(i->errnum), "%s", i->msg);
+                const CredentialsVarlinkError *e = credentials_varlink_error_by_id(error_id);
+                if (e)
+                        return log_error_errno(SYNTHETIC_ERRNO(e->errnum), "%s", e->msg);
  
                  return log_error_errno(sd_varlink_error_to_errno(error_id, reply), "Failed to decrypt: %s", error_id);
          }
@@ -1824,3 +1807,38 @@ int pick_up_credentials(const PickUpCredential *table, size_t n_table_entry) {
  
          return ret;
  }
+
+static const CredentialsVarlinkError credentials_varlink_error_table[] = {
+        { "io.systemd.Credentials.BadFormat",              EBADMSG,      "Bad credential format." },
+        { "io.systemd.Credentials.NameMismatch",           EDESTADDRREQ, "Name in credential doesn't match expectations." },
+        { "io.systemd.Credentials.TimeMismatch",           ESTALE,       "Outside of credential validity time window." },
+        { "io.systemd.Credentials.NoSuchUser",             ESRCH,        "No such user." },
+        { "io.systemd.Credentials.BadScope",               EMEDIUMTYPE,  "Scope mismatch." },
+        { "io.systemd.Credentials.CantFindPCRSignature",   EHOSTDOWN,    "PCR signature required for decryption, but could not be found." },
+        { "io.systemd.Credentials.NullKeyNotAllowed",      EHWPOISON,    "The key was encrypted with a null key, but that's now allowed during decryption." },
+        { "io.systemd.Credentials.KeyBelongsToOtherTPM",   EREMOTE,      "The TPM integrity check for this key failed, key probably belongs to another TPM, or was corrupted." },
+        { "io.systemd.Credentials.TPMInDictionaryLockout", ENOLCK,       "The TPM is in dictionary lockout mode, cannot operate." },
+        { "io.systemd.Credentials.UnexpectedPCRState" ,    EUCLEAN,      "Unexpected TPM PCR state of the system." },
+};
+
+const CredentialsVarlinkError* credentials_varlink_error_by_id(const char *id) {
+        assert(id);
+
+        FOREACH_ELEMENT(i, credentials_varlink_error_table)
+                if (streq(id, i->id))
+                        return i;
+
+        return NULL;
+}
+
+const CredentialsVarlinkError* credentials_varlink_error_by_errno(int errnum) {
+        assert(errnum != 0);
+
+        errnum = ABS(errnum);
+
+        FOREACH_ELEMENT(i, credentials_varlink_error_table)
+                if (errnum == i->errnum)
+                        return i;
+
+        return NULL;
+}
diff --git a/src/shared/creds-util.h b/src/shared/creds-util.h

index 7124ecd85432e4b985dba6eefdf92fd281937bd0..058c8cabc7bc144e206cca116d0ce5a6531a0083 100644 (file)
--- a/src/shared/creds-util.h
+++ b/src/shared/creds-util.h
@@ -102,3 +102,12 @@ typedef struct PickUpCredential {
  } PickUpCredential;
  
  int pick_up_credentials(const PickUpCredential *table, size_t n_table_entry);
+
+typedef struct CredentialsVarlinkError {
+        const char *id;
+        int errnum;
+        const char *msg;
+} CredentialsVarlinkError;
+
+const CredentialsVarlinkError* credentials_varlink_error_by_id(const char *id) _pure_;
+const CredentialsVarlinkError* credentials_varlink_error_by_errno(int errnum) _const_;
author	Mike Yuan <me@yhndnzj.com>
	Fri, 19 Sep 2025 22:32:54 +0000 (00:32 +0200)
committer	Mike Yuan <me@yhndnzj.com>
	Sun, 21 Sep 2025 15:16:51 +0000 (17:16 +0200)
src/creds/creds.c		patch \| blob \| blame \| history
src/shared/creds-util.c		patch \| blob \| blame \| history
src/shared/creds-util.h		patch \| blob \| blame \| history