diff options
author | Ludwig Nussel <ludwig.nussel@suse.de> | 2022-08-09 11:07:34 +0200 |
---|---|---|
committer | Ludwig Nussel <ludwig.nussel@suse.de> | 2022-08-11 13:32:55 +0200 |
commit | ff86850b304f635297829c7d12208b96c10fa48f (patch) | |
tree | ad9fd39bfe58844dc14121a8b275f3cc3b127448 /src/sysusers/sysusers.c | |
parent | 6a941db798e3c5d896f6732afb4e6e482d708900 (diff) | |
download | systemd-ff86850b304f635297829c7d12208b96c10fa48f.tar.gz |
creds: refactor reading user password
Share code between firstboot and sysusers
Diffstat (limited to 'src/sysusers/sysusers.c')
-rw-r--r-- | src/sysusers/sysusers.c | 32 |
1 files changed, 9 insertions, 23 deletions
diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c index 901e8aaf02..dfb703f10e 100644 --- a/src/sysusers/sysusers.c +++ b/src/sysusers/sysusers.c @@ -581,7 +581,7 @@ static int write_temporary_shadow(const char *shadow_path, FILE **tmpfile, char ORDERED_HASHMAP_FOREACH(i, todo_uids) { _cleanup_(erase_and_freep) char *creds_password = NULL; - _cleanup_free_ char *cn = NULL; + bool is_hashed; struct spwd n = { .sp_namp = i->name, @@ -595,30 +595,16 @@ static int write_temporary_shadow(const char *shadow_path, FILE **tmpfile, char .sp_flag = ULONG_MAX, /* this appears to be what everybody does ... */ }; - /* Try to pick up the password for this account via the credentials logic */ - cn = strjoin("passwd.hashed-password.", i->name); - if (!cn) - return -ENOMEM; - - r = read_credential(cn, (void**) &creds_password, NULL); - if (r == -ENOENT) { - _cleanup_(erase_and_freep) char *plaintext_password = NULL; - - free(cn); - cn = strjoin("passwd.plaintext-password.", i->name); - if (!cn) - return -ENOMEM; + r = get_credential_user_password(i->name, &creds_password, &is_hashed); + if (r < 0) + log_debug_errno(r, "Couldn't read password credential for user '%s', ignoring: %m", i->name); - r = read_credential(cn, (void**) &plaintext_password, NULL); + if (creds_password && !is_hashed) { + _cleanup_(erase_and_freep) char* plaintext_password = TAKE_PTR(creds_password); + r = hash_password(plaintext_password, &creds_password); if (r < 0) - log_debug_errno(r, "Couldn't read credential '%s', ignoring: %m", cn); - else { - r = hash_password(plaintext_password, &creds_password); - if (r < 0) - return log_debug_errno(r, "Failed to hash password: %m"); - } - } else if (r < 0) - log_debug_errno(r, "Couldn't read credential '%s', ignoring: %m", cn); + return log_debug_errno(r, "Failed to hash password: %m"); + } if (creds_password) n.sp_pwdp = creds_password; |