mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-25 23:21:33 +03:00
Merge pull request #23148 from poettering/creds-util-mini-tweaks
creds-util: two minor tweaks
This commit is contained in:
Lennart Poettering
GitHub
commit
6a25ce4380
@ -94,9 +94,30 @@ struct credential_host_secret_format {
|
||||
uint8_t data[CREDENTIAL_HOST_SECRET_SIZE];
|
||||
} _packed_;
|
||||
|
||||
static void warn_not_encrypted(int fd, CredentialSecretFlags flags, const char *dirname, const char *filename) {
|
||||
int r;
|
||||
|
||||
assert(fd >= 0);
|
||||
assert(dirname);
|
||||
assert(filename);
|
||||
|
||||
if (!FLAGS_SET(flags, CREDENTIAL_SECRET_WARN_NOT_ENCRYPTED))
|
||||
return;
|
||||
|
||||
r = fd_is_encrypted(fd);
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed to determine if credential secret file '%s/%s' is encrypted.",
|
||||
dirname, filename);
|
||||
else if (r == 0)
|
||||
log_warning("Credential secret file '%s/%s' is not located on encrypted media, using anyway.",
|
||||
dirname, filename);
|
||||
}
|
||||
|
||||
static int make_credential_host_secret(
|
||||
int dfd,
|
||||
const sd_id128_t machine_id,
|
||||
CredentialSecretFlags flags,
|
||||
const char *dirname,
|
||||
const char *fn,
|
||||
void **ret_data,
|
||||
size_t *ret_size) {
|
||||
@ -142,6 +163,8 @@ static int make_credential_host_secret(
|
||||
goto finish;
|
||||
}
|
||||
|
||||
warn_not_encrypted(fd, flags, dirname, fn);
|
||||
|
||||
if (t) {
|
||||
r = rename_noreplace(dfd, t, dfd, fn);
|
||||
if (r < 0)
|
||||
@ -248,7 +271,7 @@ int get_credential_host_secret(CredentialSecretFlags flags, void **ret, size_t *
|
||||
"Failed to open %s/%s: %m", dirname, filename);
|
||||
|
||||
|
||||
r = make_credential_host_secret(dfd, machine_id, filename, ret, ret_size);
|
||||
r = make_credential_host_secret(dfd, machine_id, flags, dirname, filename, ret, ret_size);
|
||||
if (r == -EEXIST) {
|
||||
log_debug_errno(r, "Credential secret %s/%s appeared while we were creating it, rereading.",
|
||||
dirname, filename);
|
||||
@ -257,7 +280,6 @@ int get_credential_host_secret(CredentialSecretFlags flags, void **ret, size_t *
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to create credential secret %s/%s: %m",
|
||||
dirname, filename);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -302,15 +324,7 @@ int get_credential_host_secret(CredentialSecretFlags flags, void **ret, size_t *
|
||||
if (sd_id128_equal(machine_id, f->machine_id)) {
|
||||
size_t sz;
|
||||
|
||||
if (FLAGS_SET(flags, CREDENTIAL_SECRET_WARN_NOT_ENCRYPTED)) {
|
||||
r = fd_is_encrypted(fd);
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed to determine if credential secret file '%s/%s' is encrypted.",
|
||||
dirname, filename);
|
||||
else if (r == 0)
|
||||
log_warning("Credential secret file '%s/%s' is not located on encrypted media, using anyway.",
|
||||
dirname, filename);
|
||||
}
|
||||
warn_not_encrypted(fd, flags, dirname, filename);
|
||||
|
||||
sz = l - offsetof(struct credential_host_secret_format, data);
|
||||
assert(sz > 0);
|
||||
@ -570,7 +584,7 @@ int encrypt_credential_and_warn(
|
||||
else if (!sd_id128_equal(with_key, _CRED_AUTO))
|
||||
return r;
|
||||
|
||||
log_debug_errno(r, "TPM2 sealing didn't work, not using: %m");
|
||||
log_notice_errno(r, "TPM2 sealing didn't work, continuing without TPM2: %m");
|
||||
}
|
||||
|
||||
assert(tpm2_blob_size <= CREDENTIAL_FIELD_SIZE_MAX);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user