From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 25 Aug 2023 07:11:02 +0000 (+0900)
Subject: core/exec-credential: introduce exec_context_get_credential_directory() helper function
X-Git-Tag: v255-rc1~557^2~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=133e4de23fda6c69d692c5f4f16a69dc80f5893b;p=thirdparty%2Fsystemd.git

core/exec-credential: introduce exec_context_get_credential_directory() helper function

No functional change, just refactoring.
---

diff --git a/src/core/exec-credential.c b/src/core/exec-credential.c
index e7bab891b87..e69c4a9fa6f 100644
--- a/src/core/exec-credential.c
+++ b/src/core/exec-credential.c
@@ -94,6 +94,25 @@ static int get_credential_directory(
         return 1;
 }
 
+int exec_context_get_credential_directory(
+                const ExecContext *context,
+                const ExecParameters *params,
+                const char *unit,
+                char **ret) {
+
+        assert(context);
+        assert(params);
+        assert(unit);
+        assert(ret);
+
+        if (!exec_context_has_credentials(context)) {
+                *ret = NULL;
+                return 0;
+        }
+
+        return get_credential_directory(params->prefix[EXEC_DIRECTORY_RUNTIME], unit, ret);
+}
+
 int unit_add_default_credential_dependencies(Unit *u, const ExecContext *c) {
         _cleanup_free_ char *p = NULL, *m = NULL;
         int r;
diff --git a/src/core/exec-credential.h b/src/core/exec-credential.h
index db8e4ec3a52..9e6f6656217 100644
--- a/src/core/exec-credential.h
+++ b/src/core/exec-credential.h
@@ -37,6 +37,12 @@ extern const struct hash_ops exec_load_credential_hash_ops;
 bool exec_context_has_encrypted_credentials(ExecContext *c);
 bool exec_context_has_credentials(const ExecContext *c);
 
+int exec_context_get_credential_directory(
+                const ExecContext *context,
+                const ExecParameters *params,
+                const char *unit,
+                char **ret);
+
 int unit_add_default_credential_dependencies(Unit *u, const ExecContext *c);
 
 int exec_context_destroy_credentials(const ExecContext *c, const char *runtime_root, const char *unit);
diff --git a/src/core/execute.c b/src/core/execute.c
index 81be3a642e4..701e1ead2aa 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2041,8 +2041,12 @@ static int build_environment(
                 our_env[n_env++] = x;
         }
 
-        if (exec_context_has_credentials(c) && p->prefix[EXEC_DIRECTORY_RUNTIME]) {
-                x = strjoin("CREDENTIALS_DIRECTORY=", p->prefix[EXEC_DIRECTORY_RUNTIME], "/credentials/", u->id);
+        _cleanup_free_ char *creds_dir = NULL;
+        r = exec_context_get_credential_directory(c, p, u->id, &creds_dir);
+        if (r < 0)
+                return r;
+        if (r > 0) {
+                x = strjoin("CREDENTIALS_DIRECTORY=", creds_dir);
                 if (!x)
                         return -ENOMEM;
 
@@ -3217,12 +3221,10 @@ static int apply_mount_namespace(
         if (context->mount_propagation_flag == MS_SHARED)
                 log_unit_debug(u, "shared mount propagation hidden by other fs namespacing unit settings: ignoring");
 
-        if (exec_context_has_credentials(context) &&
-            params->prefix[EXEC_DIRECTORY_RUNTIME] &&
-            FLAGS_SET(params->flags, EXEC_WRITE_CREDENTIALS)) {
-                creds_path = path_join(params->prefix[EXEC_DIRECTORY_RUNTIME], "credentials", u->id);
-                if (!creds_path)
-                        return -ENOMEM;
+        if (FLAGS_SET(params->flags, EXEC_WRITE_CREDENTIALS)) {
+                r = exec_context_get_credential_directory(context, params, u->id, &creds_path);
+                if (r < 0)
+                        return r;
         }
 
         if (params->runtime_scope == RUNTIME_SCOPE_SYSTEM) {