From: Mike Yuan <me@yhndnzj.com>
Date: Tue, 6 Feb 2024 13:53:35 +0000 (+0800)
Subject: core: introduce exec_params_need_credentials
X-Git-Tag: v256-rc1~955^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1221ba0f6f2438035a601ef55cb651bb030456f1;p=thirdparty%2Fsystemd.git

core: introduce exec_params_need_credentials

Also rename EXEC_WRITE_CREDENTIALS to EXEC_SETUP_CREDENTIALS.
---

diff --git a/src/core/exec-credential.c b/src/core/exec-credential.c
index 7248ad03481..9b76c5a3249 100644
--- a/src/core/exec-credential.c
+++ b/src/core/exec-credential.c
@@ -49,6 +49,12 @@ DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(
         char, string_hash_func, string_compare_func,
         ExecLoadCredential, exec_load_credential_free);
 
+bool exec_params_need_credentials(const ExecParameters *p) {
+        assert(p);
+
+        return FLAGS_SET(p->flags, EXEC_SETUP_CREDENTIALS);
+}
+
 bool exec_context_has_credentials(const ExecContext *c) {
         assert(c);
 
@@ -106,7 +112,7 @@ int exec_context_get_credential_directory(
         assert(unit);
         assert(ret);
 
-        if (!exec_context_has_credentials(context)) {
+        if (!exec_params_need_credentials(params) || !exec_context_has_credentials(context)) {
                 *ret = NULL;
                 return 0;
         }
@@ -936,7 +942,7 @@ int exec_setup_credentials(
         assert(params);
         assert(unit);
 
-        if (!exec_context_has_credentials(context))
+        if (!exec_params_need_credentials(params) || !exec_context_has_credentials(context))
                 return 0;
 
         if (!params->prefix[EXEC_DIRECTORY_RUNTIME])
diff --git a/src/core/exec-credential.h b/src/core/exec-credential.h
index 9e4770d0b8e..70bb46bdde6 100644
--- a/src/core/exec-credential.h
+++ b/src/core/exec-credential.h
@@ -34,6 +34,8 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(ExecLoadCredential*, exec_load_credential_free);
 extern const struct hash_ops exec_set_credential_hash_ops;
 extern const struct hash_ops exec_load_credential_hash_ops;
 
+bool exec_params_need_credentials(const ExecParameters *p);
+
 bool exec_context_has_credentials(const ExecContext *c);
 bool exec_context_has_encrypted_credentials(const ExecContext *c);
 
diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
index 81d243c5b20..c62b7385cb3 100644
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@@ -3175,11 +3175,9 @@ static int apply_mount_namespace(
                                params,
                                "shared mount propagation hidden by other fs namespacing unit settings: ignoring");
 
-        if (FLAGS_SET(params->flags, EXEC_WRITE_CREDENTIALS)) {
-                r = exec_context_get_credential_directory(context, params, params->unit_id, &creds_path);
-                if (r < 0)
-                        return r;
-        }
+        r = exec_context_get_credential_directory(context, params, params->unit_id, &creds_path);
+        if (r < 0)
+                return r;
 
         if (params->runtime_scope == RUNTIME_SCOPE_SYSTEM) {
                 propagate_dir = path_join("/run/systemd/propagate/", params->unit_id);
@@ -4534,12 +4532,10 @@ int exec_invoke(
                         return log_exec_error_errno(context, params, r, "Failed to set up special execution directory in %s: %m", params->prefix[dt]);
         }
 
-        if (FLAGS_SET(params->flags, EXEC_WRITE_CREDENTIALS)) {
-                r = exec_setup_credentials(context, params, params->unit_id, uid, gid);
-                if (r < 0) {
-                        *exit_status = EXIT_CREDENTIALS;
-                        return log_exec_error_errno(context, params, r, "Failed to set up credentials: %m");
-                }
+        r = exec_setup_credentials(context, params, params->unit_id, uid, gid);
+        if (r < 0) {
+                *exit_status = EXIT_CREDENTIALS;
+                return log_exec_error_errno(context, params, r, "Failed to set up credentials: %m");
         }
 
         r = build_environment(
diff --git a/src/core/execute.h b/src/core/execute.h
index e226654c6ab..916e66adcdc 100644
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -399,7 +399,7 @@ typedef enum ExecFlags {
         EXEC_CGROUP_DELEGATE       = 1 << 6,
         EXEC_IS_CONTROL            = 1 << 7,
         EXEC_CONTROL_CGROUP        = 1 << 8, /* Place the process not in the indicated cgroup but in a subcgroup '/.control', but only EXEC_CGROUP_DELEGATE and EXEC_IS_CONTROL is set, too */
-        EXEC_WRITE_CREDENTIALS     = 1 << 9, /* Set up the credential store logic */
+        EXEC_SETUP_CREDENTIALS     = 1 << 9, /* Set up the credential store logic */
 
         /* The following are not used by execute.c, but by consumers internally */
         EXEC_PASS_FDS              = 1 << 10,
diff --git a/src/core/service.c b/src/core/service.c
index 38934390f03..8553e28e1da 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -1609,7 +1609,7 @@ static ExecFlags service_exec_flags(ServiceExecCommand command_id) {
 
         /* All start phases get access to credentials */
         if (IN_SET(command_id, SERVICE_EXEC_START_PRE, SERVICE_EXEC_START, SERVICE_EXEC_START_POST))
-                flags |= EXEC_WRITE_CREDENTIALS;
+                flags |= EXEC_SETUP_CREDENTIALS;
 
         if (IN_SET(command_id, SERVICE_EXEC_START_PRE, SERVICE_EXEC_START))
                 flags |= EXEC_SETENV_MONITOR_RESULT;