core/exec-credential: introduce exec_context_get_credential_directory() helper function

No functional change, just refactoring.
2025-01-11 09:18:07 +03:00 · 2023-08-25 16:11:02 +09:00 · 2023-08-25 16:11:02 +09:00 · 133e4de23f
commit 133e4de23f
parent 43962c30fb
3 changed files with 35 additions and 8 deletions
--- a/src/core/exec-credential.c
+++ b/src/core/exec-credential.c
@ -94,6 +94,25 @@ static int get_credential_directory(
        return 1;
 }

+int exec_context_get_credential_directory(
+                const ExecContext *context,
+                const ExecParameters *params,
+                const char *unit,
+                char **ret) {
+
+        assert(context);
+        assert(params);
+        assert(unit);
+        assert(ret);
+
+        if (!exec_context_has_credentials(context)) {
+                *ret = NULL;
+                return 0;
+        }
+
+        return get_credential_directory(params->prefix[EXEC_DIRECTORY_RUNTIME], unit, ret);
+}
+
 int unit_add_default_credential_dependencies(Unit *u, const ExecContext *c) {
        _cleanup_free_ char *p = NULL, *m = NULL;
        int r;
--- a/src/core/exec-credential.h
+++ b/src/core/exec-credential.h
@ -37,6 +37,12 @@ extern const struct hash_ops exec_load_credential_hash_ops;
 bool exec_context_has_encrypted_credentials(ExecContext *c);
 bool exec_context_has_credentials(const ExecContext *c);

+int exec_context_get_credential_directory(
+                const ExecContext *context,
+                const ExecParameters *params,
+                const char *unit,
+                char **ret);
+
 int unit_add_default_credential_dependencies(Unit *u, const ExecContext *c);

 int exec_context_destroy_credentials(const ExecContext *c, const char *runtime_root, const char *unit);
--- a/src/core/execute.c
+++ b/src/core/execute.c
@ -2041,8 +2041,12 @@ static int build_environment(
                our_env[n_env++] = x;
        }

-        if (exec_context_has_credentials(c) && p->prefix[EXEC_DIRECTORY_RUNTIME]) {
-                x = strjoin("CREDENTIALS_DIRECTORY=", p->prefix[EXEC_DIRECTORY_RUNTIME], "/credentials/", u->id);
+        _cleanup_free_ char *creds_dir = NULL;
+        r = exec_context_get_credential_directory(c, p, u->id, &creds_dir);
+        if (r < 0)
+                return r;
+        if (r > 0) {
+                x = strjoin("CREDENTIALS_DIRECTORY=", creds_dir);
                if (!x)
                        return -ENOMEM;

@ -3217,12 +3221,10 @@ static int apply_mount_namespace(
        if (context->mount_propagation_flag == MS_SHARED)
                log_unit_debug(u, "shared mount propagation hidden by other fs namespacing unit settings: ignoring");

-        if (exec_context_has_credentials(context) &&
-            params->prefix[EXEC_DIRECTORY_RUNTIME] &&
-            FLAGS_SET(params->flags, EXEC_WRITE_CREDENTIALS)) {
-                creds_path = path_join(params->prefix[EXEC_DIRECTORY_RUNTIME], "credentials", u->id);
-                if (!creds_path)
-                        return -ENOMEM;
+        if (FLAGS_SET(params->flags, EXEC_WRITE_CREDENTIALS)) {
+                r = exec_context_get_credential_directory(context, params, u->id, &creds_path);
+                if (r < 0)
+                        return r;
        }

        if (params->runtime_scope == RUNTIME_SCOPE_SYSTEM) {