From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 21 Feb 2022 13:06:15 +0000 (+0100)
Subject: analyze: fully move "security" verb to analyze-security.[ch]
X-Git-Tag: v251-rc1~249^2~5
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=57a22a3f97c1b84884f4c2fe65a0a25d7f80a378;p=thirdparty%2Fsystemd.git

analyze: fully move "security" verb to analyze-security.[ch]

let's move the verb entropy point too, like for the other verbs now.
---

diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c
index 3ee7644a89f..642c4f5d1c2 100644
--- a/src/analyze/analyze-security.c
+++ b/src/analyze/analyze-security.c
@@ -3,6 +3,7 @@
 #include <sys/utsname.h>
 
 #include "af-list.h"
+#include "analyze.h"
 #include "analyze-security.h"
 #include "analyze-verify.h"
 #include "bus-error.h"
@@ -11,6 +12,8 @@
 #include "bus-util.h"
 #include "copy.h"
 #include "env-util.h"
+#include "fd-util.h"
+#include "fileio.h"
 #include "format-table.h"
 #include "in-addr-prefix-util.h"
 #include "locale-util.h"
@@ -2753,7 +2756,7 @@ static int offline_security_checks(char **filenames,
         return r;
 }
 
-int analyze_security(sd_bus *bus,
+static int analyze_security(sd_bus *bus,
                      char **units,
                      JsonVariant *policy,
                      UnitFileScope scope,
@@ -2886,3 +2889,51 @@ int analyze_security(sd_bus *bus,
         }
         return ret;
 }
+
+int do_security(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        _cleanup_(json_variant_unrefp) JsonVariant *policy = NULL;
+        int r;
+        unsigned line, column;
+
+        if (!arg_offline) {
+                r = acquire_bus(&bus, NULL);
+                if (r < 0)
+                        return bus_log_connect_error(r, arg_transport);
+        }
+
+        pager_open(arg_pager_flags);
+
+        if (arg_security_policy) {
+                r = json_parse_file(/*f=*/ NULL, arg_security_policy, /*flags=*/ 0, &policy, &line, &column);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to parse '%s' at %u:%u: %m", arg_security_policy, line, column);
+        } else {
+                _cleanup_fclose_ FILE *f = NULL;
+                _cleanup_free_ char *pp = NULL;
+
+                r = search_and_fopen_nulstr("systemd-analyze-security.policy", "re", /*root=*/ NULL, CONF_PATHS_NULSTR("systemd"), &f, &pp);
+                if (r < 0 && r != -ENOENT)
+                        return r;
+
+                if (f) {
+                        r = json_parse_file(f, pp, /*flags=*/ 0, &policy, &line, &column);
+                        if (r < 0)
+                                return log_error_errno(r, "[%s:%u:%u] Failed to parse JSON policy: %m", pp, line, column);
+                }
+        }
+
+        return analyze_security(bus,
+                                strv_skip(argv, 1),
+                                policy,
+                                arg_scope,
+                                arg_man,
+                                arg_generators,
+                                arg_offline,
+                                arg_threshold,
+                                arg_root,
+                                arg_profile,
+                                arg_json_format_flags,
+                                arg_pager_flags,
+                                /*flags=*/ 0);
+}
diff --git a/src/analyze/analyze-security.h b/src/analyze/analyze-security.h
index 07483248eeb..84436c7dadc 100644
--- a/src/analyze/analyze-security.h
+++ b/src/analyze/analyze-security.h
@@ -1,30 +1,10 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 #pragma once
 
-#include <stdbool.h>
-
-#include "sd-bus.h"
-
-#include "json.h"
-#include "pager.h"
-#include "unit-file.h"
-
 typedef enum AnalyzeSecurityFlags {
         ANALYZE_SECURITY_SHORT             = 1 << 0,
         ANALYZE_SECURITY_ONLY_LOADED       = 1 << 1,
         ANALYZE_SECURITY_ONLY_LONG_RUNNING = 1 << 2,
 } AnalyzeSecurityFlags;
 
-int analyze_security(sd_bus *bus,
-                     char **units,
-                     JsonVariant *policy,
-                     UnitFileScope scope,
-                     bool check_man,
-                     bool run_generators,
-                     bool offline,
-                     unsigned threshold,
-                     const char *root,
-                     const char *profile,
-                     JsonFormatFlags json_format_flags,
-                     PagerFlags pager_flags,
-                     AnalyzeSecurityFlags flags);
+int do_security(int argc, char *argv[], void *userdata);
diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c
index 9ff0f6dcf41..b2aaf65338c 100644
--- a/src/analyze/analyze.c
+++ b/src/analyze/analyze.c
@@ -91,19 +91,19 @@ BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
 const char *arg_host = NULL;
 UnitFileScope arg_scope = UNIT_FILE_SYSTEM;
 static RecursiveErrors arg_recursive_errors = RECURSIVE_ERRORS_YES;
-static bool arg_man = true;
-static bool arg_generators = false;
+bool arg_man = true;
+bool arg_generators = false;
 char *arg_root = NULL;
 static char *arg_image = NULL;
-static char *arg_security_policy = NULL;
-static bool arg_offline = false;
-static unsigned arg_threshold = 100;
+char *arg_security_policy = NULL;
+bool arg_offline = false;
+unsigned arg_threshold = 100;
 unsigned arg_iterations = 1;
 usec_t arg_base_time = USEC_INFINITY;
 static char *arg_unit = NULL;
-static JsonFormatFlags arg_json_format_flags = JSON_FORMAT_OFF;
+JsonFormatFlags arg_json_format_flags = JSON_FORMAT_OFF;
 bool arg_quiet = false;
-static char *arg_profile = NULL;
+char *arg_profile = NULL;
 
 STATIC_DESTRUCTOR_REGISTER(arg_dot_from_patterns, strv_freep);
 STATIC_DESTRUCTOR_REGISTER(arg_dot_to_patterns, strv_freep);
@@ -230,54 +230,6 @@ static int do_verify(int argc, char *argv[], void *userdata) {
         return verify_units(filenames, arg_scope, arg_man, arg_generators, arg_recursive_errors, arg_root);
 }
 
-static int do_security(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        _cleanup_(json_variant_unrefp) JsonVariant *policy = NULL;
-        int r;
-        unsigned line, column;
-
-        if (!arg_offline) {
-                r = acquire_bus(&bus, NULL);
-                if (r < 0)
-                        return bus_log_connect_error(r, arg_transport);
-        }
-
-        pager_open(arg_pager_flags);
-
-        if (arg_security_policy) {
-                r = json_parse_file(/*f=*/ NULL, arg_security_policy, /*flags=*/ 0, &policy, &line, &column);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to parse '%s' at %u:%u: %m", arg_security_policy, line, column);
-        } else {
-                _cleanup_fclose_ FILE *f = NULL;
-                _cleanup_free_ char *pp = NULL;
-
-                r = search_and_fopen_nulstr("systemd-analyze-security.policy", "re", /*root=*/ NULL, CONF_PATHS_NULSTR("systemd"), &f, &pp);
-                if (r < 0 && r != -ENOENT)
-                        return r;
-
-                if (f) {
-                        r = json_parse_file(f, pp, /*flags=*/ 0, &policy, &line, &column);
-                        if (r < 0)
-                                return log_error_errno(r, "[%s:%u:%u] Failed to parse JSON policy: %m", pp, line, column);
-                }
-        }
-
-        return analyze_security(bus,
-                                strv_skip(argv, 1),
-                                policy,
-                                arg_scope,
-                                arg_man,
-                                arg_generators,
-                                arg_offline,
-                                arg_threshold,
-                                arg_root,
-                                arg_profile,
-                                arg_json_format_flags,
-                                arg_pager_flags,
-                                /*flags=*/ 0);
-}
-
 static int do_elf_inspection(int argc, char *argv[], void *userdata) {
         pager_open(arg_pager_flags);
 
diff --git a/src/analyze/analyze.h b/src/analyze/analyze.h
index 57740acc8c3..94eec410621 100644
--- a/src/analyze/analyze.h
+++ b/src/analyze/analyze.h
@@ -4,6 +4,7 @@
 #include <stdbool.h>
 
 #include "bus-util.h"
+#include "json.h"
 #include "pager.h"
 #include "time-util.h"
 #include "unit-file.h"
@@ -21,10 +22,17 @@ extern PagerFlags arg_pager_flags;
 extern BusTransport arg_transport;
 extern const char *arg_host;
 extern UnitFileScope arg_scope;
+extern bool arg_man;
+extern bool arg_generators;
 extern char *arg_root;
+extern char *arg_security_policy;
+extern bool arg_offline;
+extern unsigned arg_threshold;
 extern unsigned arg_iterations;
 extern usec_t arg_base_time;
+extern JsonFormatFlags arg_json_format_flags;
 extern bool arg_quiet;
+extern char *arg_profile;
 
 int acquire_bus(sd_bus **bus, bool *use_full_bus);