execute: drop 'seen_creds' set

When checking whether we already loaded a credential before, let's just use faccessat() in the credential dir we are populating. First of all, we already do it exactly that way when appliying SetCredential= settings later. Secondly, this is not performance relevant, and by using faccessat() things simply become a lot simpler.
2025-03-19 22:50:17 +03:00 · 2022-04-13 23:01:16 +02:00 · 2022-04-13 23:01:16 +02:00 · 5bec447afb
commit 5bec447afb
parent 461345a164
1 changed files with 3 additions and 16 deletions
--- a/src/core/execute.c
+++ b/src/core/execute.c
@ -2698,7 +2698,6 @@ static int load_credential(
 }

 struct load_cred_args {
-        Set *seen_creds;
        const ExecContext *context;
        const ExecParameters *params;
        bool encrypted;
@ -2735,14 +2734,12 @@ static int load_cred_recurse_dir_cb(
        if (!credential_name_valid(sub_id))
                return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Credential would get ID %s, which is not valid, refusing", sub_id);

-        if (set_contains(args->seen_creds, sub_id)) {
+        if (faccessat(args->dfd, sub_id, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) {
                log_debug("Skipping credential with duplicated ID %s at %s", sub_id, path);
                return RECURSE_DIR_CONTINUE;
        }
-
-        r = set_put_strdup(&args->seen_creds, sub_id);
-        if (r < 0)
-                return r;
+        if (errno != ENOENT)
+                return log_debug_errno(errno, "Failed to test if credential %s exists: %m", sub_id);

        r = load_credential(
                        args->context,
@ -2772,7 +2769,6 @@ static int acquire_credentials(

        uint64_t left = CREDENTIALS_TOTAL_SIZE_MAX;
        _cleanup_close_ int dfd = -1;
-        _cleanup_set_free_ Set *seen_creds = NULL;
        ExecLoadCredential *lc;
        ExecSetCredential *sc;
        int r;
@ -2784,10 +2780,6 @@ static int acquire_credentials(
        if (dfd < 0)
                return -errno;

-        seen_creds = set_new(&string_hash_ops_free);
-        if (!seen_creds)
-                return -ENOMEM;
-
        /* First, load credentials off disk (or acquire via AF_UNIX socket) */
        HASHMAP_FOREACH(lc, context->load_credentials) {
                _cleanup_close_ int sub_fd = -1;
@ -2804,10 +2796,6 @@ static int acquire_credentials(
                if (sub_fd < 0) {
                        /* Regular file */

-                        r = set_put_strdup(&seen_creds, lc->id);
-                        if (r < 0)
-                                return r;
-
                        r = load_credential(
                                        context,
                                        params,
@ -2834,7 +2822,6 @@ static int acquire_credentials(
                                        RECURSE_DIR_IGNORE_DOT|RECURSE_DIR_ENSURE_TYPE,
                                        load_cred_recurse_dir_cb,
                                        &(struct load_cred_args) {
-                                                .seen_creds = seen_creds,
                                                .context = context,
                                                .params = params,
                                                .encrypted = lc->encrypted,