From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sat, 12 Aug 2023 06:06:43 +0000 (+0900)
Subject: core/credential: split out unit_add_default_credential_dependencies()
X-Git-Tag: v255-rc1~669^2~4
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7d202fb35d40ea87d3b4b8e7e415821d8ad3669b;p=thirdparty%2Fsystemd.git

core/credential: split out unit_add_default_credential_dependencies()

No functional change, just refactoring.
---

diff --git a/src/core/credential.c b/src/core/credential.c
index c598decdf25..b8b8b4edaa7 100644
--- a/src/core/credential.c
+++ b/src/core/credential.c
@@ -72,18 +72,63 @@ bool exec_context_has_encrypted_credentials(ExecContext *c) {
         return false;
 }
 
-int exec_context_destroy_credentials(const ExecContext *c, const char *runtime_prefix, const char *unit) {
-        _cleanup_free_ char *p = NULL;
+static int get_credential_directory(
+                const char *runtime_prefix,
+                const char *unit,
+                char **ret) {
 
-        assert(c);
+        char *p;
 
-        if (!runtime_prefix || !unit)
+        assert(ret);
+
+        if (!runtime_prefix || !unit) {
+                *ret = NULL;
                 return 0;
+        }
 
         p = path_join(runtime_prefix, "credentials", unit);
         if (!p)
                 return -ENOMEM;
 
+        *ret = p;
+        return 1;
+}
+
+int unit_add_default_credential_dependencies(Unit *u, const ExecContext *c) {
+        _cleanup_free_ char *p = NULL, *m = NULL;
+        int r;
+
+        assert(u);
+        assert(c);
+
+        if (!exec_context_has_credentials(c))
+                return 0;
+
+        /* Let's make sure the credentials directory of this service is unmounted *after* the service itself
+         * shuts down. This only matters if mount namespacing is not used for the service, and hence the
+         * credentials mount appears on the host. */
+
+        r = get_credential_directory(u->manager->prefix[EXEC_DIRECTORY_RUNTIME], u->id, &p);
+        if (r <= 0)
+                return r;
+
+        r = unit_name_from_path(p, ".mount", &m);
+        if (r < 0)
+                return r;
+
+        return unit_add_dependency_by_name(u, UNIT_AFTER, m, /* add_reference= */ true, UNIT_DEPENDENCY_FILE);
+}
+
+int exec_context_destroy_credentials(const ExecContext *c, const char *runtime_prefix, const char *unit) {
+        _cleanup_free_ char *p = NULL;
+        int r;
+
+        assert(c);
+
+        r = get_credential_directory(runtime_prefix, unit, &p);
+        if (r <= 0)
+                return r;
+
         /* This is either a tmpfs/ramfs of its own, or a plain directory. Either way, let's first try to
          * unmount it, and afterwards remove the mount point */
         (void) umount2(p, MNT_DETACH|UMOUNT_NOFOLLOW);
diff --git a/src/core/credential.h b/src/core/credential.h
index b1cc4ec22e4..54155f515bc 100644
--- a/src/core/credential.h
+++ b/src/core/credential.h
@@ -9,6 +9,7 @@
 
 typedef struct ExecContext ExecContext;
 typedef struct ExecParameters ExecParameters;
+typedef struct Unit Unit;
 
 /* A credential configured with LoadCredential= */
 typedef struct ExecLoadCredential {
@@ -36,6 +37,8 @@ extern const struct hash_ops exec_load_credential_hash_ops;
 bool exec_context_has_encrypted_credentials(ExecContext *c);
 bool exec_context_has_credentials(const ExecContext *c);
 
+int unit_add_default_credential_dependencies(Unit *u, const ExecContext *c);
+
 int exec_context_destroy_credentials(const ExecContext *c, const char *runtime_root, const char *unit);
 int setup_credentials(
                 const ExecContext *context,
diff --git a/src/core/unit.c b/src/core/unit.c
index 660a94399ca..1fc5ae03dcb 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1376,31 +1376,16 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
                 r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_REQUIRES, varlink_socket_unit, true, UNIT_DEPENDENCY_FILE);
                 if (r < 0)
                         return r;
-        } else
+        } else {
                 r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_JOURNALD_SOCKET, true, UNIT_DEPENDENCY_FILE);
-        if (r < 0)
-                return r;
-
-        if (exec_context_has_credentials(c) && u->manager->prefix[EXEC_DIRECTORY_RUNTIME]) {
-                _cleanup_free_ char *p = NULL, *m = NULL;
-
-                /* Let's make sure the credentials directory of this service is unmounted *after* the service
-                 * itself shuts down. This only matters if mount namespacing is not used for the service, and
-                 * hence the credentials mount appears on the host. */
-
-                p = path_join(u->manager->prefix[EXEC_DIRECTORY_RUNTIME], "credentials", u->id);
-                if (!p)
-                        return -ENOMEM;
-
-                r = unit_name_from_path(p, ".mount", &m);
-                if (r < 0)
-                        return r;
-
-                r = unit_add_dependency_by_name(u, UNIT_AFTER, m, /* add_reference= */ true, UNIT_DEPENDENCY_FILE);
                 if (r < 0)
                         return r;
         }
 
+        r = unit_add_default_credential_dependencies(u, c);
+        if (r < 0)
+                return r;
+
         return 0;
 }