Follow-ups for recent changes to creds (#39040 )

machine: fix crash on update from older than v258
UID entry in the machine state file is introduced in v258, hence when a host is upgraded to v258, the field does not exist in the file, thus the variable 'uid' is NULL. Follow-up for 276d20018623ef14956ce87975be48da5de63f29. Fixes #39061.
2025-11-22 10:14:45 +01:00 · 2025-09-22 04:54:57 +09:00 · 2025-09-22 04:53:57 +09:00 · 2025-09-21 17:16:52 +02:00 · 2025-09-21 17:16:52 +02:00 · 2025-09-21 17:16:51 +02:00
5 changed files with 60 additions and 44 deletions
--- a/src/core/exec-credential.c
+++ b/src/core/exec-credential.c
@ -520,7 +520,7 @@ static int maybe_decrypt_and_write_credential(
                }
                if (r < 0) {
                        if (graceful) {
-                                log_warning_errno(r, "Unable to decrypt credential '%s', skipping.", id);
+                                log_warning_errno(r, "Unable to decrypt credential '%s', skipping: %m", id);
                                return 0;
                        }

@ -739,7 +739,7 @@ static int load_credential(
        if (r < 0)
                return log_debug_errno(r, "Failed to read credential '%s': %m", path);

-        return maybe_decrypt_and_write_credential(args, id, data, size, /* graceful= */ true);
+        return maybe_decrypt_and_write_credential(args, id, data, size, /* graceful= */ false);
 }

 static int load_cred_recurse_dir_cb(
--- a/src/creds/creds.c
+++ b/src/creds/creds.c
@ -1409,28 +1409,15 @@ static int vl_method_decrypt(sd_varlink *link, sd_json_variant *parameters, sd_v
                ask_polkit = true;
        }

-        if (r == -EBADMSG)
-                return sd_varlink_error(link, "io.systemd.Credentials.BadFormat", NULL);
-        if (r == -EDESTADDRREQ)
-                return sd_varlink_error(link, "io.systemd.Credentials.NameMismatch", NULL);
-        if (r == -ESTALE)
-                return sd_varlink_error(link, "io.systemd.Credentials.TimeMismatch", NULL);
-        if (r == -ESRCH)
-                return sd_varlink_error(link, "io.systemd.Credentials.NoSuchUser", NULL);
-        if (r == -EMEDIUMTYPE)
-                return sd_varlink_error(link, "io.systemd.Credentials.BadScope", NULL);
-        if (r == -EHOSTDOWN)
-                return sd_varlink_error(link, "io.systemd.Credentials.CantFindPCRSignature", NULL);
-        if (r == -EHWPOISON)
-                return sd_varlink_error(link, "io.systemd.Credentials.NullKeyNotAllowed", NULL);
-        if (r == -EREMOTE)
-                return sd_varlink_error(link, "io.systemd.Credentials.KeyBelongsToOtherTPM", NULL);
-        if (r == -ENOLCK)
-                return sd_varlink_error(link, "io.systemd.Credentials.TPMInDictionaryLockout", NULL);
        if (IN_SET(r, -EREMCHG, -ENOANO, -EUCLEAN, -EPERM))
                return sd_varlink_error(link, "io.systemd.Credentials.UnexpectedPCRState", NULL);
-        if (r < 0)
+        if (r < 0) {
+                const CredentialsVarlinkError *e = credentials_varlink_error_by_errno(r);
+                if (e)
+                        return sd_varlink_error(link, e->id, NULL);
+
                return r;
+        }

        _cleanup_(sd_json_variant_unrefp) sd_json_variant *reply = NULL;

--- a/src/machine/machine.c
+++ b/src/machine/machine.c
@ -403,9 +403,11 @@ int machine_load(Machine *m) {
                        log_warning_errno(r, "Failed to parse AF_VSOCK CID, ignoring: %s", vsock_cid);
        }

+        if (uid) {
                r = parse_uid(uid, &m->uid);
                if (r < 0)
                        log_warning_errno(r, "Failed to parse owning UID, ignoring: %s", uid);
+        }

        return r;
 }
--- a/src/shared/creds-util.c
+++ b/src/shared/creds-util.c
@ -1652,26 +1652,9 @@ int ipc_decrypt_credential(const char *validate_name, usec_t validate_timestamp,
        if (r < 0)
                return log_error_errno(r, "Failed to call Decrypt() varlink call.");
        if (!isempty(error_id))  {
-                static struct {
-                        const char *id;
-                        int errnum;
-                        const char *msg;
-                } table[] = {
-                        { "io.systemd.Credentials.BadFormat",              EBADMSG,      "Bad credential format." },
-                        { "io.systemd.Credentials.NameMismatch",           EDESTADDRREQ, "Name in credential doesn't match expectations." },
-                        { "io.systemd.Credentials.TimeMismatch",           ESTALE,       "Outside of credential validity time window." },
-                        { "io.systemd.Credentials.NoSuchUser",             ESRCH,        "No such user." },
-                        { "io.systemd.Credentials.BadScope",               EMEDIUMTYPE,  "Scope mismatch." },
-                        { "io.systemd.Credentials.CantFindPCRSignature",   EHOSTDOWN,    "PCR signature required for decryption, but could not be found." },
-                        { "io.systemd.Credentials.NullKeyNotAllowed",      EHWPOISON,    "The key was encrypted with a null key, but that's now allowed during decryption." },
-                        { "io.systemd.Credentials.KeyBelongsToOtherTPM",   EREMOTE,      "The TPM integrity check for this key failed, key probably belongs to another TPM, or was corrupted." },
-                        { "io.systemd.Credentials.TPMInDictionaryLockout", ENOLCK,       "The TPM is in dictionary lockout mode, cannot operate." },
-                        { "io.systemd.Credentials.UnexpectedPCRState" ,    EUCLEAN,      "Unexpected TPM PCR state of the system." },
-                };
-
-                FOREACH_ELEMENT(i, table)
-                        if (streq(i->id, error_id))
-                                return log_error_errno(SYNTHETIC_ERRNO(i->errnum), "%s", i->msg);
+                const CredentialsVarlinkError *e = credentials_varlink_error_by_id(error_id);
+                if (e)
+                        return log_error_errno(SYNTHETIC_ERRNO(e->errnum), "%s", e->msg);

                return log_error_errno(sd_varlink_error_to_errno(error_id, reply), "Failed to decrypt: %s", error_id);
        }
@ -1824,3 +1807,38 @@ int pick_up_credentials(const PickUpCredential *table, size_t n_table_entry) {

        return ret;
 }
+
+static const CredentialsVarlinkError credentials_varlink_error_table[] = {
+        { "io.systemd.Credentials.BadFormat",              EBADMSG,      "Bad credential format." },
+        { "io.systemd.Credentials.NameMismatch",           EDESTADDRREQ, "Name in credential doesn't match expectations." },
+        { "io.systemd.Credentials.TimeMismatch",           ESTALE,       "Outside of credential validity time window." },
+        { "io.systemd.Credentials.NoSuchUser",             ESRCH,        "No such user." },
+        { "io.systemd.Credentials.BadScope",               EMEDIUMTYPE,  "Scope mismatch." },
+        { "io.systemd.Credentials.CantFindPCRSignature",   EHOSTDOWN,    "PCR signature required for decryption, but could not be found." },
+        { "io.systemd.Credentials.NullKeyNotAllowed",      EHWPOISON,    "The key was encrypted with a null key, but that's now allowed during decryption." },
+        { "io.systemd.Credentials.KeyBelongsToOtherTPM",   EREMOTE,      "The TPM integrity check for this key failed, key probably belongs to another TPM, or was corrupted." },
+        { "io.systemd.Credentials.TPMInDictionaryLockout", ENOLCK,       "The TPM is in dictionary lockout mode, cannot operate." },
+        { "io.systemd.Credentials.UnexpectedPCRState" ,    EUCLEAN,      "Unexpected TPM PCR state of the system." },
+};
+
+const CredentialsVarlinkError* credentials_varlink_error_by_id(const char *id) {
+        assert(id);
+
+        FOREACH_ELEMENT(i, credentials_varlink_error_table)
+                if (streq(id, i->id))
+                        return i;
+
+        return NULL;
+}
+
+const CredentialsVarlinkError* credentials_varlink_error_by_errno(int errnum) {
+        assert(errnum != 0);
+
+        errnum = ABS(errnum);
+
+        FOREACH_ELEMENT(i, credentials_varlink_error_table)
+                if (errnum == i->errnum)
+                        return i;
+
+        return NULL;
+}
--- a/src/shared/creds-util.h
+++ b/src/shared/creds-util.h
@ -102,3 +102,12 @@ typedef struct PickUpCredential {
 } PickUpCredential;

 int pick_up_credentials(const PickUpCredential *table, size_t n_table_entry);
+
+typedef struct CredentialsVarlinkError {
+        const char *id;
+        int errnum;
+        const char *msg;
+} CredentialsVarlinkError;
+
+const CredentialsVarlinkError* credentials_varlink_error_by_id(const char *id) _pure_;
+const CredentialsVarlinkError* credentials_varlink_error_by_errno(int errnum) _const_;
Author	SHA1	Message	Date
Yu Watanabe	5c7be92494	Follow-ups for recent changes to creds (#39040 )	2025-09-22 04:54:57 +09:00
Yu Watanabe	43cea09f95	machine: fix crash on update from older than v258 UID entry in the machine state file is introduced in v258, hence when a host is upgraded to v258, the field does not exist in the file, thus the variable 'uid' is NULL. Follow-up for 276d20018623ef14956ce87975be48da5de63f29. Fixes #39061.	2025-09-22 04:53:57 +09:00
Mike Yuan	1419e8d324	core/exec-credential: don't enable graceful for load_credential() Follow-up for 4be269563db777bb30f2609b3d4f5180fe9e2d2a This contradicts the logic described in commit msg.	2025-09-21 17:16:52 +02:00
Mike Yuan	f4fc2c3fc9	core/exec-credential: log about errno	2025-09-21 17:16:52 +02:00
Mike Yuan	edb9a2870f	creds: uniformly use varlink error table Follow-up for ffd4b3809681b940d7d1fb9bc64502306c0a3e7e	2025-09-21 17:16:51 +02:00