mirror of
https://github.com/systemd/systemd
synced 2024-07-21 10:17:21 +00:00
env-util: rename getenv_bool_secure() → secure_getenv_bool()
The glibc API is behind the wrapper is called "secure_getenv()", hence our wrapper really should keep the order too, otherwise things are just too confusing.
This commit is contained in:
parent
78816ce72e
commit
efb9b3bab2
|
@ -963,7 +963,7 @@ int getenv_bool(const char *p) {
|
|||
return parse_boolean(e);
|
||||
}
|
||||
|
||||
int getenv_bool_secure(const char *p) {
|
||||
int secure_getenv_bool(const char *p) {
|
||||
const char *e;
|
||||
|
||||
e = secure_getenv(p);
|
||||
|
|
|
@ -62,7 +62,7 @@ static inline char* strv_env_get(char * const *x, const char *n) {
|
|||
char *strv_env_pairs_get(char **l, const char *name) _pure_;
|
||||
|
||||
int getenv_bool(const char *p);
|
||||
int getenv_bool_secure(const char *p);
|
||||
int secure_getenv_bool(const char *p);
|
||||
|
||||
int getenv_uint64_secure(const char *p, uint64_t *ret);
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ bool in_initrd(void) {
|
|||
* This can be overridden by setting SYSTEMD_IN_INITRD=0|1.
|
||||
*/
|
||||
|
||||
r = getenv_bool_secure("SYSTEMD_IN_INITRD");
|
||||
r = secure_getenv_bool("SYSTEMD_IN_INITRD");
|
||||
if (r < 0 && r != -ENXIO)
|
||||
log_debug_errno(r, "Failed to parse $SYSTEMD_IN_INITRD, ignoring: %m");
|
||||
|
||||
|
|
|
@ -295,7 +295,7 @@ bool is_locale_utf8(void) {
|
|||
if (cached_answer >= 0)
|
||||
goto out;
|
||||
|
||||
r = getenv_bool_secure("SYSTEMD_UTF8");
|
||||
r = secure_getenv_bool("SYSTEMD_UTF8");
|
||||
if (r >= 0) {
|
||||
cached_answer = r;
|
||||
goto out;
|
||||
|
|
|
@ -1674,7 +1674,7 @@ bool log_context_enabled(void) {
|
|||
if (saved_log_context_enabled >= 0)
|
||||
return saved_log_context_enabled;
|
||||
|
||||
r = getenv_bool_secure("SYSTEMD_ENABLE_LOG_CONTEXT");
|
||||
r = secure_getenv_bool("SYSTEMD_ENABLE_LOG_CONTEXT");
|
||||
if (r < 0 && r != -ENXIO)
|
||||
log_debug_errno(r, "Failed to parse $SYSTEMD_ENABLE_LOG_CONTEXT, ignoring: %m");
|
||||
|
||||
|
|
|
@ -824,7 +824,7 @@ static bool sysfs_check(void) {
|
|||
int r;
|
||||
|
||||
if (cached < 0) {
|
||||
r = getenv_bool_secure("SYSTEMD_SYSFS_CHECK");
|
||||
r = secure_getenv_bool("SYSTEMD_SYSFS_CHECK");
|
||||
if (r < 0 && r != -ENXIO)
|
||||
log_debug_errno(r, "Failed to parse $SYSTEMD_SYSFS_CHECK, ignoring: %m");
|
||||
cached = r != 0;
|
||||
|
|
|
@ -214,7 +214,7 @@ int device_set_syspath(sd_device *device, const char *_syspath, bool verify) {
|
|||
/* Only operate on sysfs, i.e. refuse going down into /sys/fs/cgroup/ or similar places where
|
||||
* things are not arranged as kobjects in kernel, and hence don't necessarily have
|
||||
* kobject/attribute structure. */
|
||||
r = getenv_bool_secure("SYSTEMD_DEVICE_VERIFY_SYSFS");
|
||||
r = secure_getenv_bool("SYSTEMD_DEVICE_VERIFY_SYSFS");
|
||||
if (r < 0 && r != -ENXIO)
|
||||
log_debug_errno(r, "Failed to parse $SYSTEMD_DEVICE_VERIFY_SYSFS value: %m");
|
||||
if (r != 0) {
|
||||
|
|
|
@ -1574,7 +1574,7 @@ static int child_exit_callback(sd_event_source *s, const siginfo_t *si, void *us
|
|||
|
||||
static bool shall_use_pidfd(void) {
|
||||
/* Mostly relevant for debugging, i.e. this is used in test-event.c to test the event loop once with and once without pidfd */
|
||||
return getenv_bool_secure("SYSTEMD_PIDFD") != 0;
|
||||
return secure_getenv_bool("SYSTEMD_PIDFD") != 0;
|
||||
}
|
||||
|
||||
_public_ int sd_event_add_child(
|
||||
|
|
|
@ -202,9 +202,10 @@ static uint64_t query_flag(
|
|||
const char *name,
|
||||
const int value,
|
||||
uint64_t flag) {
|
||||
|
||||
int r;
|
||||
|
||||
r = getenv_bool_secure(name);
|
||||
r = secure_getenv_bool(name);
|
||||
if (r >= 0)
|
||||
return r == value ? flag : 0;
|
||||
if (r != -ENXIO)
|
||||
|
|
|
@ -306,7 +306,7 @@ enum nss_status _nss_systemd_getpwnam_r(
|
|||
return NSS_STATUS_NOTFOUND;
|
||||
|
||||
/* Synthesize entries for the root and nobody users, in case they are missing in /etc/passwd */
|
||||
if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
|
||||
if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
|
||||
|
||||
if (streq(name, root_passwd.pw_name))
|
||||
return copy_synthesized_passwd(pwd, &root_passwd,
|
||||
|
@ -354,7 +354,7 @@ enum nss_status _nss_systemd_getpwuid_r(
|
|||
return NSS_STATUS_NOTFOUND;
|
||||
|
||||
/* Synthesize data for the root user and for nobody in case they are missing from /etc/passwd */
|
||||
if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
|
||||
if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
|
||||
|
||||
if (uid == root_passwd.pw_uid)
|
||||
return copy_synthesized_passwd(pwd, &root_passwd,
|
||||
|
@ -403,7 +403,7 @@ enum nss_status _nss_systemd_getspnam_r(
|
|||
return NSS_STATUS_NOTFOUND;
|
||||
|
||||
/* Synthesize entries for the root and nobody users, in case they are missing in /etc/passwd */
|
||||
if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
|
||||
if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
|
||||
|
||||
if (streq(name, root_spwd.sp_namp))
|
||||
return copy_synthesized_spwd(spwd, &root_spwd, buffer, buflen, errnop);
|
||||
|
@ -450,7 +450,7 @@ enum nss_status _nss_systemd_getgrnam_r(
|
|||
return NSS_STATUS_NOTFOUND;
|
||||
|
||||
/* Synthesize records for root and nobody, in case they are missing from /etc/group */
|
||||
if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
|
||||
if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
|
||||
|
||||
if (streq(name, root_group.gr_name))
|
||||
return copy_synthesized_group(gr, &root_group, buffer, buflen, errnop);
|
||||
|
@ -494,7 +494,7 @@ enum nss_status _nss_systemd_getgrgid_r(
|
|||
return NSS_STATUS_NOTFOUND;
|
||||
|
||||
/* Synthesize records for root and nobody, in case they are missing from /etc/group */
|
||||
if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
|
||||
if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
|
||||
|
||||
if (gid == root_group.gr_gid)
|
||||
return copy_synthesized_group(gr, &root_group, buffer, buflen, errnop);
|
||||
|
@ -539,7 +539,7 @@ enum nss_status _nss_systemd_getsgnam_r(
|
|||
return NSS_STATUS_NOTFOUND;
|
||||
|
||||
/* Synthesize records for root and nobody, in case they are missing from /etc/group */
|
||||
if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
|
||||
if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
|
||||
|
||||
if (streq(name, root_sgrp.sg_namp))
|
||||
return copy_synthesized_sgrp(sgrp, &root_sgrp, buffer, buflen, errnop);
|
||||
|
|
|
@ -14,7 +14,7 @@ UserDBFlags nss_glue_userdb_flags(void) {
|
|||
UserDBFlags flags = USERDB_EXCLUDE_NSS;
|
||||
|
||||
/* Make sure that we don't go in circles when allocating a dynamic UID by checking our own database */
|
||||
if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
|
||||
if (secure_getenv_bool("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
|
||||
flags |= USERDB_EXCLUDE_DYNAMIC_USER;
|
||||
|
||||
return flags;
|
||||
|
|
|
@ -1489,7 +1489,7 @@ int decrypt_credential_and_warn(
|
|||
|
||||
if (validate_name && !streq(embedded_name, validate_name)) {
|
||||
|
||||
r = getenv_bool_secure("SYSTEMD_CREDENTIAL_VALIDATE_NAME");
|
||||
r = secure_getenv_bool("SYSTEMD_CREDENTIAL_VALIDATE_NAME");
|
||||
if (r < 0 && r != -ENXIO)
|
||||
log_debug_errno(r, "Failed to parse $SYSTEMD_CREDENTIAL_VALIDATE_NAME: %m");
|
||||
if (r != 0)
|
||||
|
@ -1505,7 +1505,7 @@ int decrypt_credential_and_warn(
|
|||
|
||||
if (le64toh(m->not_after) != USEC_INFINITY && le64toh(m->not_after) < validate_timestamp) {
|
||||
|
||||
r = getenv_bool_secure("SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER");
|
||||
r = secure_getenv_bool("SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER");
|
||||
if (r < 0 && r != -ENXIO)
|
||||
log_debug_errno(r, "Failed to parse $SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER: %m");
|
||||
if (r != 0)
|
||||
|
|
|
@ -2628,7 +2628,7 @@ static int do_crypt_activate_verity(
|
|||
assert(verity);
|
||||
|
||||
if (verity->root_hash_sig) {
|
||||
r = getenv_bool_secure("SYSTEMD_DISSECT_VERITY_SIGNATURE");
|
||||
r = secure_getenv_bool("SYSTEMD_DISSECT_VERITY_SIGNATURE");
|
||||
if (r < 0 && r != -ENXIO)
|
||||
log_debug_errno(r, "Failed to parse $SYSTEMD_DISSECT_VERITY_SIGNATURE");
|
||||
|
||||
|
@ -3100,7 +3100,7 @@ int verity_settings_load(
|
|||
if (is_device_path(image))
|
||||
return 0;
|
||||
|
||||
r = getenv_bool_secure("SYSTEMD_DISSECT_VERITY_SIDECAR");
|
||||
r = secure_getenv_bool("SYSTEMD_DISSECT_VERITY_SIDECAR");
|
||||
if (r < 0 && r != -ENXIO)
|
||||
log_debug_errno(r, "Failed to parse $SYSTEMD_DISSECT_VERITY_SIDECAR, ignoring: %m");
|
||||
if (r == 0)
|
||||
|
@ -3285,7 +3285,7 @@ int dissected_image_load_verity_sig_partition(
|
|||
if (verity->root_hash && verity->root_hash_sig) /* Already loaded? */
|
||||
return 0;
|
||||
|
||||
r = getenv_bool_secure("SYSTEMD_DISSECT_VERITY_EMBEDDED");
|
||||
r = secure_getenv_bool("SYSTEMD_DISSECT_VERITY_EMBEDDED");
|
||||
if (r < 0 && r != -ENXIO)
|
||||
log_debug_errno(r, "Failed to parse $SYSTEMD_DISSECT_VERITY_EMBEDDED, ignoring: %m");
|
||||
if (r == 0)
|
||||
|
|
|
@ -262,7 +262,7 @@ int efi_measured_uki(int log_level) {
|
|||
* being used, but it measured things into a different PCR than we are configured for in
|
||||
* userspace. (i.e. we expect PCR 11 being used for this by both sd-stub and us) */
|
||||
|
||||
r = getenv_bool_secure("SYSTEMD_FORCE_MEASURE"); /* Give user a chance to override the variable test,
|
||||
r = secure_getenv_bool("SYSTEMD_FORCE_MEASURE"); /* Give user a chance to override the variable test,
|
||||
* for debugging purposes */
|
||||
if (r >= 0)
|
||||
return (cached = r);
|
||||
|
|
|
@ -175,7 +175,7 @@ void pager_open(PagerFlags flags) {
|
|||
* pager. If they didn't, use secure mode when under euid is changed. If $SYSTEMD_PAGERSECURE
|
||||
* wasn't explicitly set, and we autodetect the need for secure mode, only use the pager we
|
||||
* know to be good. */
|
||||
int use_secure_mode = getenv_bool_secure("SYSTEMD_PAGERSECURE");
|
||||
int use_secure_mode = secure_getenv_bool("SYSTEMD_PAGERSECURE");
|
||||
bool trust_pager = use_secure_mode >= 0;
|
||||
if (use_secure_mode == -ENXIO) {
|
||||
uid_t uid;
|
||||
|
|
|
@ -298,7 +298,7 @@ bool is_seccomp_available(void) {
|
|||
if (cached_enabled < 0) {
|
||||
int b;
|
||||
|
||||
b = getenv_bool_secure("SYSTEMD_SECCOMP");
|
||||
b = secure_getenv_bool("SYSTEMD_SECCOMP");
|
||||
if (b != 0) {
|
||||
if (b < 0 && b != -ENXIO) /* ENXIO: env var unset */
|
||||
log_debug_errno(b, "Failed to parse $SYSTEMD_SECCOMP value, ignoring.");
|
||||
|
|
|
@ -140,7 +140,7 @@ static void test_gethostbyname4_r(void *handle, const char *module, const char *
|
|||
assert_se(status == NSS_STATUS_SUCCESS);
|
||||
assert_se(n == socket_ipv6_is_enabled() + 1);
|
||||
|
||||
} else if (streq(module, "resolve") && getenv_bool_secure("SYSTEMD_NSS_RESOLVE_SYNTHESIZE") != 0) {
|
||||
} else if (streq(module, "resolve") && secure_getenv_bool("SYSTEMD_NSS_RESOLVE_SYNTHESIZE") != 0) {
|
||||
assert_se(status == NSS_STATUS_SUCCESS);
|
||||
if (socket_ipv6_is_enabled())
|
||||
assert_se(n == 2);
|
||||
|
|
Loading…
Reference in a new issue