From d0fcb614cb0b5e620eab8ad1273fba93076b4e8b Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Wed, 11 Sep 2024 17:15:19 +0200 Subject: [PATCH 1/3] core/import-creds: rename import_credentials_context_free() to _done() This is allocated on stack, hence rename as per our coding style. While at it, make sure the struct name is consistent with funcs. --- src/core/import-creds.c | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/src/core/import-creds.c b/src/core/import-creds.c index dc37c0d573..99ec2a69b7 100644 --- a/src/core/import-creds.c +++ b/src/core/import-creds.c @@ -66,19 +66,19 @@ * Net result: the service manager can pick up trusted credentials from $CREDENTIALS_DIRECTORY afterwards, * and untrusted ones from $ENCRYPTED_CREDENTIALS_DIRECTORY. */ -typedef struct ImportCredentialContext { +typedef struct ImportCredentialsContext { int target_dir_fd; size_t size_sum; unsigned n_credentials; -} ImportCredentialContext; +} ImportCredentialsContext; -static void import_credentials_context_free(ImportCredentialContext *c) { +static void import_credentials_context_done(ImportCredentialsContext *c) { assert(c); - c->target_dir_fd = safe_close(c->target_dir_fd); + safe_close(c->target_dir_fd); } -static int acquire_credential_directory(ImportCredentialContext *c, const char *path, bool with_mount) { +static int acquire_credential_directory(ImportCredentialsContext *c, const char *path, bool with_mount) { int r; assert(c); @@ -130,7 +130,7 @@ static int open_credential_file_for_write(int target_dir_fd, const char *dir_nam return fd; } -static bool credential_size_ok(ImportCredentialContext *c, const char *name, uint64_t size) { +static bool credential_size_ok(const ImportCredentialsContext *c, const char *name, uint64_t size) { assert(c); assert(name); @@ -169,7 +169,7 @@ static int finalize_credentials_dir(const char *dir, const char *envvar) { } static int import_credentials_boot(void) { - _cleanup_(import_credentials_context_free) ImportCredentialContext context = { + _cleanup_(import_credentials_context_done) ImportCredentialsContext context = { .target_dir_fd = -EBADF, }; int r; @@ -285,7 +285,7 @@ static int import_credentials_boot(void) { } static int proc_cmdline_callback(const char *key, const char *value, void *data) { - ImportCredentialContext *c = ASSERT_PTR(data); + ImportCredentialsContext *c = ASSERT_PTR(data); _cleanup_free_ void *binary = NULL; _cleanup_free_ char *n = NULL; _cleanup_close_ int nfd = -EBADF; @@ -360,7 +360,7 @@ static int proc_cmdline_callback(const char *key, const char *value, void *data) return 0; } -static int import_credentials_proc_cmdline(ImportCredentialContext *c) { +static int import_credentials_proc_cmdline(ImportCredentialsContext *c) { int r; assert(c); @@ -374,7 +374,7 @@ static int import_credentials_proc_cmdline(ImportCredentialContext *c) { #define QEMU_FWCFG_PATH "/sys/firmware/qemu_fw_cfg/by_name/opt/io.systemd.credentials" -static int import_credentials_qemu(ImportCredentialContext *c) { +static int import_credentials_qemu(ImportCredentialsContext *c) { _cleanup_free_ DirectoryEntries *de = NULL; _cleanup_close_ int source_dir_fd = -EBADF; int r; @@ -471,7 +471,7 @@ static int import_credentials_qemu(ImportCredentialContext *c) { return 0; } -static int parse_smbios_strings(ImportCredentialContext *c, const char *data, size_t size) { +static int parse_smbios_strings(ImportCredentialsContext *c, const char *data, size_t size) { size_t left, skip; const char *p; int r; @@ -573,9 +573,11 @@ static int parse_smbios_strings(ImportCredentialContext *c, const char *data, si return 0; } -static int import_credentials_smbios(ImportCredentialContext *c) { +static int import_credentials_smbios(ImportCredentialsContext *c) { int r; + assert(c); + /* Parses DMI OEM strings fields (SMBIOS type 11), as settable with qemu's -smbios type=11,value=… switch. */ if (detect_container() > 0) /* don't access /sys/ in a container */ @@ -607,7 +609,7 @@ static int import_credentials_smbios(ImportCredentialContext *c) { return 0; } -static int import_credentials_initrd(ImportCredentialContext *c) { +static int import_credentials_initrd(ImportCredentialsContext *c) { _cleanup_free_ DirectoryEntries *de = NULL; _cleanup_close_ int source_dir_fd = -EBADF; int r; @@ -700,7 +702,7 @@ static int import_credentials_initrd(ImportCredentialContext *c) { } static int import_credentials_trusted(void) { - _cleanup_(import_credentials_context_free) ImportCredentialContext c = { + _cleanup_(import_credentials_context_done) ImportCredentialsContext c = { .target_dir_fd = -EBADF, }; int q, w, r, y; @@ -728,7 +730,7 @@ static int import_credentials_trusted(void) { } static int merge_credentials_trusted(const char *creds_dir) { - _cleanup_(import_credentials_context_free) ImportCredentialContext c = { + _cleanup_(import_credentials_context_done) ImportCredentialsContext c = { .target_dir_fd = -EBADF, }; int r; From 61e018dfad3269e9b0e81c88cb60349a49d29dcd Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Wed, 11 Sep 2024 17:20:50 +0200 Subject: [PATCH 2/3] core/import-creds: use FOREACH_ARRAY at one more place --- src/core/import-creds.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/core/import-creds.c b/src/core/import-creds.c index 99ec2a69b7..0d83081393 100644 --- a/src/core/import-creds.c +++ b/src/core/import-creds.c @@ -404,8 +404,8 @@ static int import_credentials_qemu(ImportCredentialsContext *c) { return 0; } - for (size_t i = 0; i < de->n_entries; i++) { - const struct dirent *d = de->entries[i]; + FOREACH_ARRAY(i, de->entries, de->n_entries) { + const struct dirent *d = *i; _cleanup_close_ int vfd = -EBADF, rfd = -EBADF, nfd = -EBADF; _cleanup_free_ char *szs = NULL; uint64_t sz; From 63edae360fe5f82380b1382437df7f7f5e2d9db1 Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Wed, 11 Sep 2024 17:21:30 +0200 Subject: [PATCH 3/3] core/import-creds: use RET_GATHER --- src/core/import-creds.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/src/core/import-creds.c b/src/core/import-creds.c index 0d83081393..0f35514079 100644 --- a/src/core/import-creds.c +++ b/src/core/import-creds.c @@ -705,28 +705,26 @@ static int import_credentials_trusted(void) { _cleanup_(import_credentials_context_done) ImportCredentialsContext c = { .target_dir_fd = -EBADF, }; - int q, w, r, y; + int r, ret = 0; /* This is invoked during early boot when no credentials have been imported so far. (Specifically, if * the $CREDENTIALS_DIRECTORY or $ENCRYPTED_CREDENTIALS_DIRECTORY environment variables are not set * yet.) */ - r = import_credentials_qemu(&c); - w = import_credentials_smbios(&c); - q = import_credentials_proc_cmdline(&c); - y = import_credentials_initrd(&c); + RET_GATHER(ret, import_credentials_qemu(&c)); + RET_GATHER(ret, import_credentials_smbios(&c)); + RET_GATHER(ret, import_credentials_proc_cmdline(&c)); + RET_GATHER(ret, import_credentials_initrd(&c)); if (c.n_credentials > 0) { - int z; - log_debug("Imported %u credentials from kernel command line/smbios/fw_cfg/initrd.", c.n_credentials); - z = finalize_credentials_dir(SYSTEM_CREDENTIALS_DIRECTORY, "CREDENTIALS_DIRECTORY"); - if (z < 0) - return z; + r = finalize_credentials_dir(SYSTEM_CREDENTIALS_DIRECTORY, "CREDENTIALS_DIRECTORY"); + if (r < 0) + return r; } - return r < 0 ? r : w < 0 ? w : q < 0 ? q : y; + return ret; } static int merge_credentials_trusted(const char *creds_dir) {