tmpfiles: minor modernization

When RefHome() bus method is called in acquire_home(), secret is NULL.

Fixes #20639.

mkosi.default.d/fedora/mkosi.fedora

@@ -67,7 +67,7 @@ BuildPackages=
 Packages=
         gdb
         nano
-        # procps-ng provides a set of useful utilies (ps, free, etc)
+        # procps-ng provides a set of useful utilities (ps, free, etc)
         procps-ng
         strace
         tpm2-tss

src/analyze/analyze-security.c

@@ -1615,7 +1615,7 @@ static JsonVariant* security_assessor_find_in_policy(const struct security_asses
         if (!policy)
                 return NULL;
         if (!json_variant_is_object(policy)) {
-                log_debug("Specificied policy is not a JSON object, ignoring.");
+                log_debug("Specified policy is not a JSON object, ignoring.");
                 return NULL;
         }
 

src/basic/socket-util.h

@@ -286,7 +286,7 @@ struct timespec_large {
 };
 
 /* glibc duplicates timespec/timeval on certain 32bit archs, once in 32bit and once in 64bit.
- * See __convert_scm_timestamps() in glibc souce code. Hence, we need additional buffer space for them
+ * See __convert_scm_timestamps() in glibc source code. Hence, we need additional buffer space for them
  * to prevent from recvmsg_safe() returning -EXFULL. */
 #define CMSG_SPACE_TIMEVAL                                              \
         ((sizeof(struct timeval) == sizeof(struct timeval_large)) ?     \

src/home/pam_systemd_home.c

@@ -281,7 +281,6 @@ static int handle_generic_user_record_error(
                 const sd_bus_error *error) {
 
         assert(user_name);
-        assert(secret);
         assert(error);
 
         int r;
@@ -301,6 +300,8 @@ static int handle_generic_user_record_error(
         } else if (sd_bus_error_has_name(error, BUS_ERROR_BAD_PASSWORD)) {
                 _cleanup_(erase_and_freep) char *newp = NULL;
 
+                assert(secret);
+
                 /* This didn't work? Ask for an (additional?) password */
 
                 if (strv_isempty(secret->password))
@@ -326,6 +327,8 @@ static int handle_generic_user_record_error(
         } else if (sd_bus_error_has_name(error, BUS_ERROR_BAD_PASSWORD_AND_NO_TOKEN)) {
                 _cleanup_(erase_and_freep) char *newp = NULL;
 
+                assert(secret);
+
                 if (strv_isempty(secret->password)) {
                         (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token of user %s not inserted.", user_name);
                         r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Try again with password: ");
@@ -350,6 +353,8 @@ static int handle_generic_user_record_error(
         } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PIN_NEEDED)) {
                 _cleanup_(erase_and_freep) char *newp = NULL;
 
+                assert(secret);
+
                 r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Security token PIN: ");
                 if (r != PAM_SUCCESS)
                         return PAM_CONV_ERR; /* no logging here */
@@ -367,6 +372,8 @@ static int handle_generic_user_record_error(
 
         } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PROTECTED_AUTHENTICATION_PATH_NEEDED)) {
 
+                assert(secret);
+
                 (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please authenticate physically on security token of user %s.", user_name);
 
                 r = user_record_set_pkcs11_protected_authentication_path_permitted(secret, true);
@@ -377,6 +384,8 @@ static int handle_generic_user_record_error(
 
         } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_USER_PRESENCE_NEEDED)) {
 
+                assert(secret);
+
                 (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please confirm presence on security token of user %s.", user_name);
 
                 r = user_record_set_fido2_user_presence_permitted(secret, true);
@@ -387,6 +396,8 @@ static int handle_generic_user_record_error(
 
         } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_USER_VERIFICATION_NEEDED)) {
 
+                assert(secret);
+
                 (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please verify user on security token of user %s.", user_name);
 
                 r = user_record_set_fido2_user_verification_permitted(secret, true);
@@ -403,6 +414,8 @@ static int handle_generic_user_record_error(
         } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN)) {
                 _cleanup_(erase_and_freep) char *newp = NULL;
 
+                assert(secret);
+
                 (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN incorrect for user %s.", user_name);
                 r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: ");
                 if (r != PAM_SUCCESS)
@@ -422,6 +435,8 @@ static int handle_generic_user_record_error(
         } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN_FEW_TRIES_LEFT)) {
                 _cleanup_(erase_and_freep) char *newp = NULL;
 
+                assert(secret);
+
                 (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN of user %s incorrect (only a few tries left!)", user_name);
                 r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: ");
                 if (r != PAM_SUCCESS)
@@ -441,6 +456,8 @@ static int handle_generic_user_record_error(
         } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN_ONE_TRY_LEFT)) {
                 _cleanup_(erase_and_freep) char *newp = NULL;
 
+                assert(secret);
+
                 (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN of user %s incorrect (only one try left!)", user_name);
                 r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: ");
                 if (r != PAM_SUCCESS)

src/libsystemd/sd-netlink/netlink-types-rtnl.c

@@ -238,7 +238,7 @@ static  const NLType rtnl_link_info_data_gre_types[] = {
 };
 
 /* IFLA_IPTUN_ attributes are used in ipv4/ipip.c, ipv6/ip6_tunnel.c, and ipv6/sit.c. And unfortunately,
- * IFLA_IPTUN_FLAGS is used with differnt types, ugh... */
+ * IFLA_IPTUN_FLAGS is used with different types, ugh... */
 #define DEFINE_IPTUN_TYPES(name, flags_type)                                            \
         static const NLType rtnl_link_info_data_##name##_types[] = {                    \
                 [IFLA_IPTUN_LINK]                = { .type = NETLINK_TYPE_U32 },        \

src/tmpfiles/tmpfiles.c

@@ -194,7 +194,7 @@ static Set *unix_sockets = NULL;
 
 STATIC_DESTRUCTOR_REGISTER(items, ordered_hashmap_freep);
 STATIC_DESTRUCTOR_REGISTER(globs, ordered_hashmap_freep);
-STATIC_DESTRUCTOR_REGISTER(unix_sockets, set_free_freep);
+STATIC_DESTRUCTOR_REGISTER(unix_sockets, set_freep);
 STATIC_DESTRUCTOR_REGISTER(arg_include_prefixes, freep);
 STATIC_DESTRUCTOR_REGISTER(arg_exclude_prefixes, freep);
 STATIC_DESTRUCTOR_REGISTER(arg_root, freep);
@@ -421,7 +421,7 @@ static struct Item* find_glob(OrderedHashmap *h, const char *match) {
 }
 
 static int load_unix_sockets(void) {
-        _cleanup_set_free_free_ Set *sockets = NULL;
+        _cleanup_set_free_ Set *sockets = NULL;
         _cleanup_fclose_ FILE *f = NULL;
         int r;
 
@@ -430,10 +430,6 @@ static int load_unix_sockets(void) {
 
         /* We maintain a cache of the sockets we found in /proc/net/unix to speed things up a little. */
 
-        sockets = set_new(&path_hash_ops);
-        if (!sockets)
-                return log_oom();
-
         f = fopen("/proc/net/unix", "re");
         if (!f)
                 return log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno,
@@ -447,7 +443,7 @@ static int load_unix_sockets(void) {
                 return log_warning_errno(SYNTHETIC_ERRNO(EIO), "Premature end of file reading /proc/net/unix.");
 
         for (;;) {
-                _cleanup_free_ char *line = NULL, *s = NULL;
+                _cleanup_free_ char *line = NULL;
                 char *p;
 
                 r = read_line(f, LONG_LINE_MAX, &line);
@@ -468,22 +464,12 @@ static int load_unix_sockets(void) {
                 p += strcspn(p, WHITESPACE); /* skip one more word */
                 p += strspn(p, WHITESPACE);
 
-                if (*p != '/')
+                if (!path_is_absolute(p))
                         continue;
 
-                s = strdup(p);
+                r = set_put_strdup_full(&sockets, &path_hash_ops_free, p);
-                if (!s)
-                        return log_oom();
-
-                path_simplify(s);
-
-                r = set_consume(sockets, s);
-                if (r == -EEXIST)
-                        continue;
                 if (r < 0)
                         return log_warning_errno(r, "Failed to add AF_UNIX socket to set, ignoring: %m");
-
-                TAKE_PTR(s);
         }
 
         unix_sockets = TAKE_PTR(sockets);
@@ -496,7 +482,7 @@ static bool unix_socket_alive(const char *fn) {
         if (load_unix_sockets() < 0)
                 return true;     /* We don't know, so assume yes */
 
-        return !!set_get(unix_sockets, (char*) fn);
+        return set_contains(unix_sockets, fn);
 }
 
 static DIR* xopendirat_nomod(int dirfd, const char *path) {

test/units/testsuite-63.sh

@@ -55,7 +55,7 @@ EOF
 systemd-analyze verify --recursive-errors=no /tmp/testfile2.service
 
 set +e
-# Non-zero exit status since all associated dependencies are recusrively loaded when the unit file is loaded
+# Non-zero exit status since all associated dependencies are recusively loaded when the unit file is loaded
 systemd-analyze verify --recursive-errors=yes /tmp/testfile2.service \
     && { echo 'unexpected success'; exit 1; }
 set -e