diff options
author | Lennart Poettering <lennart@poettering.net> | 2021-06-21 17:58:58 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2021-07-08 09:30:18 +0200 |
commit | 8f860b4df0bf0c92b4b1bca242b70fe0b7ab1d48 (patch) | |
tree | cbfb4e4bd72ee19274d7ae3706277034d4db61cd /src/shared/creds-util.c | |
parent | 82b4ec445bac33b1305786071fac361bdd22f4df (diff) | |
download | systemd-8f860b4df0bf0c92b4b1bca242b70fe0b7ab1d48.tar.gz |
util: move src/basic/creds-util.[ch] → src/shared/
This is preparation for adding encryption support to the credentials
logic, and we thus would like to add more deps. Let's hence move things
from src/basic/ to src/shared, so that we can rely on the OpenSSL
utilities already in src/shared.
Diffstat (limited to 'src/shared/creds-util.c')
-rw-r--r-- | src/shared/creds-util.c | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c new file mode 100644 index 0000000000..58076705e7 --- /dev/null +++ b/src/shared/creds-util.c @@ -0,0 +1,54 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ + +#include "creds-util.h" +#include "fd-util.h" +#include "fileio.h" +#include "path-util.h" + +bool credential_name_valid(const char *s) { + /* We want that credential names are both valid in filenames (since that's our primary way to pass + * them around) and as fdnames (which is how we might want to pass them around eventually) */ + return filename_is_valid(s) && fdname_is_valid(s); +} + +int get_credentials_dir(const char **ret) { + const char *e; + + assert(ret); + + e = secure_getenv("CREDENTIALS_DIRECTORY"); + if (!e) + return -ENXIO; + + if (!path_is_absolute(e) || !path_is_normalized(e)) + return -EINVAL; + + *ret = e; + return 0; +} + +int read_credential(const char *name, void **ret, size_t *ret_size) { + _cleanup_free_ char *fn = NULL; + const char *d; + int r; + + assert(ret); + + if (!credential_name_valid(name)) + return -EINVAL; + + r = get_credentials_dir(&d); + if (r < 0) + return r; + + fn = path_join(d, name); + if (!fn) + return -ENOMEM; + + return read_full_file_full( + AT_FDCWD, fn, + UINT64_MAX, SIZE_MAX, + READ_FULL_FILE_SECURE, + NULL, + (char**) ret, ret_size); +} |