mirror of
https://github.com/systemd/systemd
synced 2026-04-25 08:25:12 +02:00
Compare commits
No commits in common. "255689ae92224df2d2bd7b65fb1f566d6fda15e3" and "6ae16e01b59e4e06ecb14db55e9f34396b398014" have entirely different histories.
255689ae92
...
6ae16e01b5
@ -1156,12 +1156,9 @@ static int bus_append_execute_property(sd_bus_message *m, const char *field, con
|
||||
return log_oom();
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to parse %s= parameter: %s", field, eq);
|
||||
if (r == 0)
|
||||
if (r == 0 || !p)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Missing argument to %s=.", field);
|
||||
|
||||
if (isempty(p)) /* If only one field is specified, then this means "inherit from above" */
|
||||
p = eq;
|
||||
|
||||
r = sd_bus_message_append(m, "a(ss)", 1, word, p);
|
||||
}
|
||||
if (r < 0)
|
||||
|
||||
@ -94,30 +94,9 @@ struct credential_host_secret_format {
|
||||
uint8_t data[CREDENTIAL_HOST_SECRET_SIZE];
|
||||
} _packed_;
|
||||
|
||||
static void warn_not_encrypted(int fd, CredentialSecretFlags flags, const char *dirname, const char *filename) {
|
||||
int r;
|
||||
|
||||
assert(fd >= 0);
|
||||
assert(dirname);
|
||||
assert(filename);
|
||||
|
||||
if (!FLAGS_SET(flags, CREDENTIAL_SECRET_WARN_NOT_ENCRYPTED))
|
||||
return;
|
||||
|
||||
r = fd_is_encrypted(fd);
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed to determine if credential secret file '%s/%s' is encrypted.",
|
||||
dirname, filename);
|
||||
else if (r == 0)
|
||||
log_warning("Credential secret file '%s/%s' is not located on encrypted media, using anyway.",
|
||||
dirname, filename);
|
||||
}
|
||||
|
||||
static int make_credential_host_secret(
|
||||
int dfd,
|
||||
const sd_id128_t machine_id,
|
||||
CredentialSecretFlags flags,
|
||||
const char *dirname,
|
||||
const char *fn,
|
||||
void **ret_data,
|
||||
size_t *ret_size) {
|
||||
@ -163,8 +142,6 @@ static int make_credential_host_secret(
|
||||
goto finish;
|
||||
}
|
||||
|
||||
warn_not_encrypted(fd, flags, dirname, fn);
|
||||
|
||||
if (t) {
|
||||
r = rename_noreplace(dfd, t, dfd, fn);
|
||||
if (r < 0)
|
||||
@ -271,7 +248,7 @@ int get_credential_host_secret(CredentialSecretFlags flags, void **ret, size_t *
|
||||
"Failed to open %s/%s: %m", dirname, filename);
|
||||
|
||||
|
||||
r = make_credential_host_secret(dfd, machine_id, flags, dirname, filename, ret, ret_size);
|
||||
r = make_credential_host_secret(dfd, machine_id, filename, ret, ret_size);
|
||||
if (r == -EEXIST) {
|
||||
log_debug_errno(r, "Credential secret %s/%s appeared while we were creating it, rereading.",
|
||||
dirname, filename);
|
||||
@ -280,6 +257,7 @@ int get_credential_host_secret(CredentialSecretFlags flags, void **ret, size_t *
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to create credential secret %s/%s: %m",
|
||||
dirname, filename);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -324,7 +302,15 @@ int get_credential_host_secret(CredentialSecretFlags flags, void **ret, size_t *
|
||||
if (sd_id128_equal(machine_id, f->machine_id)) {
|
||||
size_t sz;
|
||||
|
||||
warn_not_encrypted(fd, flags, dirname, filename);
|
||||
if (FLAGS_SET(flags, CREDENTIAL_SECRET_WARN_NOT_ENCRYPTED)) {
|
||||
r = fd_is_encrypted(fd);
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed to determine if credential secret file '%s/%s' is encrypted.",
|
||||
dirname, filename);
|
||||
else if (r == 0)
|
||||
log_warning("Credential secret file '%s/%s' is not located on encrypted media, using anyway.",
|
||||
dirname, filename);
|
||||
}
|
||||
|
||||
sz = l - offsetof(struct credential_host_secret_format, data);
|
||||
assert(sz > 0);
|
||||
@ -584,7 +570,7 @@ int encrypt_credential_and_warn(
|
||||
else if (!sd_id128_equal(with_key, _CRED_AUTO))
|
||||
return r;
|
||||
|
||||
log_notice_errno(r, "TPM2 sealing didn't work, continuing without TPM2: %m");
|
||||
log_debug_errno(r, "TPM2 sealing didn't work, not using: %m");
|
||||
}
|
||||
|
||||
assert(tpm2_blob_size <= CREDENTIAL_FIELD_SIZE_MAX);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user