creds: refactor reading user password

Share code between firstboot and sysusers
author: Ludwig Nussel <ludwig.nussel@suse.de> 2022-08-09 11:07:34 +0200
committer: Ludwig Nussel <ludwig.nussel@suse.de> 2022-08-11 13:32:55 +0200
commit: ff86850b304f635297829c7d12208b96c10fa48f (patch)
tree: ad9fd39bfe58844dc14121a8b275f3cc3b127448 /src/sysusers
parent: 6a941db798e3c5d896f6732afb4e6e482d708900 (diff)
download: systemd-ff86850b304f635297829c7d12208b96c10fa48f.tar.gz
1 files changed, 9 insertions, 23 deletions
diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index 901e8aaf02..dfb703f10e 100644
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -581,7 +581,7 @@ static int write_temporary_shadow(const char *shadow_path, FILE **tmpfile, char
 
         ORDERED_HASHMAP_FOREACH(i, todo_uids) {
                 _cleanup_(erase_and_freep) char *creds_password = NULL;
-                _cleanup_free_ char *cn = NULL;
+                bool is_hashed;
 
                 struct spwd n = {
                         .sp_namp = i->name,
@@ -595,30 +595,16 @@ static int write_temporary_shadow(const char *shadow_path, FILE **tmpfile, char
                         .sp_flag = ULONG_MAX, /* this appears to be what everybody does ... */
                 };
 
-                /* Try to pick up the password for this account via the credentials logic */
-                cn = strjoin("passwd.hashed-password.", i->name);
-                if (!cn)
-                        return -ENOMEM;
-
-                r = read_credential(cn, (void**) &creds_password, NULL);
-                if (r == -ENOENT) {
-                        _cleanup_(erase_and_freep) char *plaintext_password = NULL;
-
-                        free(cn);
-                        cn = strjoin("passwd.plaintext-password.", i->name);
-                        if (!cn)
-                                return -ENOMEM;
+                r = get_credential_user_password(i->name, &creds_password, &is_hashed);
+                if (r < 0)
+                        log_debug_errno(r, "Couldn't read password credential for user '%s', ignoring: %m", i->name);
 
-                        r = read_credential(cn, (void**) &plaintext_password, NULL);
+                if (creds_password && !is_hashed) {
+                        _cleanup_(erase_and_freep) char* plaintext_password = TAKE_PTR(creds_password);
+                        r = hash_password(plaintext_password, &creds_password);
                         if (r < 0)
-                                log_debug_errno(r, "Couldn't read credential '%s', ignoring: %m", cn);
-                        else {
-                                r = hash_password(plaintext_password, &creds_password);
-                                if (r < 0)
-                                        return log_debug_errno(r, "Failed to hash password: %m");
-                        }
-                } else if (r < 0)
-                        log_debug_errno(r, "Couldn't read credential '%s', ignoring: %m", cn);
+                                return log_debug_errno(r, "Failed to hash password: %m");
+                }
 
                 if (creds_password)
                         n.sp_pwdp = creds_password;
author	Ludwig Nussel <ludwig.nussel@suse.de>	2022-08-09 11:07:34 +0200
committer	Ludwig Nussel <ludwig.nussel@suse.de>	2022-08-11 13:32:55 +0200
commit	ff86850b304f635297829c7d12208b96c10fa48f (patch)
tree	ad9fd39bfe58844dc14121a8b275f3cc3b127448 /src/sysusers
parent	6a941db798e3c5d896f6732afb4e6e482d708900 (diff)
download	systemd-ff86850b304f635297829c7d12208b96c10fa48f.tar.gz