diff options
| author | Lennart Poettering <lennart@poettering.net> | 2024-05-02 14:26:21 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2024-06-12 18:42:22 +0200 |
| commit | 309a747fa6cfeac0a0165543f23a924866727c9b (patch) | |
| tree | a51242aa3ac87243c0614bf93d27e9083182e485 /src/cryptenroll | |
| parent | json: merge json_dispatch_path() + json_dispatch_absolute_path() (diff) | |
| download | systemd-309a747fa6cfeac0a0165543f23a924866727c9b.tar.xz systemd-309a747fa6cfeac0a0165543f23a924866727c9b.zip | |
libsystemd: turn json.[ch] into a public API
This is preparation for making our Varlink API a public API. Since our
Varlink API is built on top of our JSON API we need to make that public
first (it's a nice API, but JSON APIs there are already enough, this is
purely about the Varlink angle).
I made most of the json.h APIs public, and just placed them in
sd-json.h. Sometimes I wasn't so sure however, since the underlying data
structures would have to be made public too. If in doubt I didn#t risk
it, and moved the relevant API to src/libsystemd/sd-json/json-util.h
instead (without any sd_* symbol prefixes).
This is mostly a giant search/replace patch.
Diffstat (limited to 'src/cryptenroll')
| -rw-r--r-- | src/cryptenroll/cryptenroll-fido2.c | 24 | ||||
| -rw-r--r-- | src/cryptenroll/cryptenroll-list.c | 21 | ||||
| -rw-r--r-- | src/cryptenroll/cryptenroll-pkcs11.c | 16 | ||||
| -rw-r--r-- | src/cryptenroll/cryptenroll-recovery.c | 12 | ||||
| -rw-r--r-- | src/cryptenroll/cryptenroll-tpm2.c | 15 | ||||
| -rw-r--r-- | src/cryptenroll/cryptenroll-wipe.c | 38 |
6 files changed, 66 insertions, 60 deletions
diff --git a/src/cryptenroll/cryptenroll-fido2.c b/src/cryptenroll/cryptenroll-fido2.c index baa630a6b3..0baf276878 100644 --- a/src/cryptenroll/cryptenroll-fido2.c +++ b/src/cryptenroll/cryptenroll-fido2.c @@ -4,7 +4,7 @@ #include "cryptenroll-fido2.h" #include "cryptsetup-fido2.h" #include "hexdecoct.h" -#include "json.h" +#include "json-util.h" #include "libfido2-util.h" #include "memory-util.h" #include "random-util.h" @@ -71,7 +71,7 @@ int enroll_fido2( _cleanup_(erase_and_freep) void *salt = NULL, *secret = NULL; _cleanup_(erase_and_freep) char *base64_encoded = NULL; - _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; + _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL; _cleanup_free_ char *keyslot_as_string = NULL; size_t cid_size, salt_size, secret_size; _cleanup_free_ void *cid = NULL; @@ -130,16 +130,16 @@ int enroll_fido2( if (asprintf(&keyslot_as_string, "%i", keyslot) < 0) return log_oom(); - r = json_build(&v, - JSON_BUILD_OBJECT( - JSON_BUILD_PAIR("type", JSON_BUILD_CONST_STRING("systemd-fido2")), - JSON_BUILD_PAIR("keyslots", JSON_BUILD_ARRAY(JSON_BUILD_STRING(keyslot_as_string))), - JSON_BUILD_PAIR("fido2-credential", JSON_BUILD_BASE64(cid, cid_size)), - JSON_BUILD_PAIR("fido2-salt", JSON_BUILD_BASE64(salt, salt_size)), - JSON_BUILD_PAIR("fido2-rp", JSON_BUILD_CONST_STRING("io.systemd.cryptsetup")), - JSON_BUILD_PAIR("fido2-clientPin-required", JSON_BUILD_BOOLEAN(FLAGS_SET(lock_with, FIDO2ENROLL_PIN))), - JSON_BUILD_PAIR("fido2-up-required", JSON_BUILD_BOOLEAN(FLAGS_SET(lock_with, FIDO2ENROLL_UP))), - JSON_BUILD_PAIR("fido2-uv-required", JSON_BUILD_BOOLEAN(FLAGS_SET(lock_with, FIDO2ENROLL_UV))))); + r = sd_json_build(&v, + SD_JSON_BUILD_OBJECT( + SD_JSON_BUILD_PAIR("type", JSON_BUILD_CONST_STRING("systemd-fido2")), + SD_JSON_BUILD_PAIR("keyslots", SD_JSON_BUILD_ARRAY(SD_JSON_BUILD_STRING(keyslot_as_string))), + SD_JSON_BUILD_PAIR("fido2-credential", SD_JSON_BUILD_BASE64(cid, cid_size)), + SD_JSON_BUILD_PAIR("fido2-salt", SD_JSON_BUILD_BASE64(salt, salt_size)), + SD_JSON_BUILD_PAIR("fido2-rp", JSON_BUILD_CONST_STRING("io.systemd.cryptsetup")), + SD_JSON_BUILD_PAIR("fido2-clientPin-required", SD_JSON_BUILD_BOOLEAN(FLAGS_SET(lock_with, FIDO2ENROLL_PIN))), + SD_JSON_BUILD_PAIR("fido2-up-required", SD_JSON_BUILD_BOOLEAN(FLAGS_SET(lock_with, FIDO2ENROLL_UP))), + SD_JSON_BUILD_PAIR("fido2-uv-required", SD_JSON_BUILD_BOOLEAN(FLAGS_SET(lock_with, FIDO2ENROLL_UV))))); if (r < 0) return log_error_errno(r, "Failed to prepare FIDO2 JSON token object: %m"); diff --git a/src/cryptenroll/cryptenroll-list.c b/src/cryptenroll/cryptenroll-list.c index 00a1a8e637..ffc1067d2d 100644 --- a/src/cryptenroll/cryptenroll-list.c +++ b/src/cryptenroll/cryptenroll-list.c @@ -1,8 +1,11 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ +#include "sd-json.h" + #include "cryptenroll-list.h" #include "cryptenroll.h" #include "format-table.h" +#include "json-util.h" #include "parse-util.h" struct keyslot_metadata { @@ -39,9 +42,9 @@ int list_enrolled(struct crypt_device *cd) { /* Second step, enumerate through all tokens, and update the slot table, indicating what kind of * token they are assigned to */ for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) { - _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; + _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL; const char *type; - JsonVariant *w, *z; + sd_json_variant *w, *z; EnrollType et; r = cryptsetup_get_token_as_json(cd, token, NULL, &v); @@ -52,20 +55,20 @@ int list_enrolled(struct crypt_device *cd) { continue; } - w = json_variant_by_key(v, "type"); - if (!w || !json_variant_is_string(w)) { + w = sd_json_variant_by_key(v, "type"); + if (!w || !sd_json_variant_is_string(w)) { log_warning("Token JSON data lacks type field, ignoring."); continue; } - et = luks2_token_type_from_string(json_variant_string(w)); + et = luks2_token_type_from_string(sd_json_variant_string(w)); if (et < 0) type = "other"; else type = enroll_type_to_string(et); - w = json_variant_by_key(v, "keyslots"); - if (!w || !json_variant_is_array(w)) { + w = sd_json_variant_by_key(v, "keyslots"); + if (!w || !sd_json_variant_is_array(w)) { log_warning("Token JSON data lacks keyslots field, ignoring."); continue; } @@ -73,12 +76,12 @@ int list_enrolled(struct crypt_device *cd) { JSON_VARIANT_ARRAY_FOREACH(z, w) { unsigned u; - if (!json_variant_is_string(z)) { + if (!sd_json_variant_is_string(z)) { log_warning("Token JSON data's keyslot field is not an array of strings, ignoring."); continue; } - r = safe_atou(json_variant_string(z), &u); + r = safe_atou(sd_json_variant_string(z), &u); if (r < 0) { log_warning_errno(r, "Token JSON data's keyslot field is not an integer formatted as string, ignoring."); continue; diff --git a/src/cryptenroll/cryptenroll-pkcs11.c b/src/cryptenroll/cryptenroll-pkcs11.c index 1e4be008e3..f7cf700084 100644 --- a/src/cryptenroll/cryptenroll-pkcs11.c +++ b/src/cryptenroll/cryptenroll-pkcs11.c @@ -2,7 +2,7 @@ #include "cryptenroll-pkcs11.h" #include "hexdecoct.h" -#include "json.h" +#include "json-util.h" #include "memory-util.h" #include "openssl-util.h" #include "pkcs11-util.h" @@ -39,7 +39,7 @@ int enroll_pkcs11( _cleanup_(erase_and_freep) void *decrypted_key = NULL; _cleanup_(erase_and_freep) char *base64_encoded = NULL; - _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; + _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL; _cleanup_free_ char *keyslot_as_string = NULL, *private_uri = NULL; size_t decrypted_key_size, saved_key_size; _cleanup_free_ void *saved_key = NULL; @@ -100,12 +100,12 @@ int enroll_pkcs11( if (r < 0) return r; - r = json_build(&v, - JSON_BUILD_OBJECT( - JSON_BUILD_PAIR("type", JSON_BUILD_CONST_STRING("systemd-pkcs11")), - JSON_BUILD_PAIR("keyslots", JSON_BUILD_ARRAY(JSON_BUILD_STRING(keyslot_as_string))), - JSON_BUILD_PAIR("pkcs11-uri", JSON_BUILD_STRING(private_uri ?: uri)), - JSON_BUILD_PAIR("pkcs11-key", JSON_BUILD_BASE64(saved_key, saved_key_size)))); + r = sd_json_build(&v, + SD_JSON_BUILD_OBJECT( + SD_JSON_BUILD_PAIR("type", JSON_BUILD_CONST_STRING("systemd-pkcs11")), + SD_JSON_BUILD_PAIR("keyslots", SD_JSON_BUILD_ARRAY(SD_JSON_BUILD_STRING(keyslot_as_string))), + SD_JSON_BUILD_PAIR("pkcs11-uri", SD_JSON_BUILD_STRING(private_uri ?: uri)), + SD_JSON_BUILD_PAIR("pkcs11-key", SD_JSON_BUILD_BASE64(saved_key, saved_key_size)))); if (r < 0) return log_error_errno(r, "Failed to prepare PKCS#11 JSON token object: %m"); diff --git a/src/cryptenroll/cryptenroll-recovery.c b/src/cryptenroll/cryptenroll-recovery.c index 7c170f2850..6b42a54c8a 100644 --- a/src/cryptenroll/cryptenroll-recovery.c +++ b/src/cryptenroll/cryptenroll-recovery.c @@ -2,7 +2,7 @@ #include "cryptenroll-recovery.h" #include "glyph-util.h" -#include "json.h" +#include "json-util.h" #include "memory-util.h" #include "qrcode-util.h" #include "recovery-key.h" @@ -13,7 +13,7 @@ int enroll_recovery( const void *volume_key, size_t volume_key_size) { - _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; + _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL; _cleanup_(erase_and_freep) char *password = NULL; _cleanup_free_ char *keyslot_as_string = NULL; int keyslot, r, q; @@ -74,10 +74,10 @@ int enroll_recovery( goto rollback; } - r = json_build(&v, - JSON_BUILD_OBJECT( - JSON_BUILD_PAIR("type", JSON_BUILD_CONST_STRING("systemd-recovery")), - JSON_BUILD_PAIR("keyslots", JSON_BUILD_ARRAY(JSON_BUILD_STRING(keyslot_as_string))))); + r = sd_json_build(&v, + SD_JSON_BUILD_OBJECT( + SD_JSON_BUILD_PAIR("type", JSON_BUILD_CONST_STRING("systemd-recovery")), + SD_JSON_BUILD_PAIR("keyslots", SD_JSON_BUILD_ARRAY(SD_JSON_BUILD_STRING(keyslot_as_string))))); if (r < 0) { log_error_errno(r, "Failed to prepare recovery key JSON token object: %m"); goto rollback; diff --git a/src/cryptenroll/cryptenroll-tpm2.c b/src/cryptenroll/cryptenroll-tpm2.c index 1ee3525a81..85eec177ad 100644 --- a/src/cryptenroll/cryptenroll-tpm2.c +++ b/src/cryptenroll/cryptenroll-tpm2.c @@ -1,5 +1,7 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ +#include "sd-json.h" + #include "alloc-util.h" #include "ask-password-api.h" #include "cryptenroll-tpm2.h" @@ -8,7 +10,6 @@ #include "errno-util.h" #include "fileio.h" #include "hexdecoct.h" -#include "json.h" #include "log.h" #include "memory-util.h" #include "random-util.h" @@ -29,11 +30,11 @@ static int search_policy_hash( return 0; for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) { - _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; + _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL; _cleanup_free_ void *thash = NULL; size_t thash_size = 0; int keyslot; - JsonVariant *w; + sd_json_variant *w; r = cryptsetup_get_token_as_json(cd, token, "systemd-tpm2", &v); if (IN_SET(r, -ENOENT, -EINVAL, -EMEDIUMTYPE)) @@ -49,12 +50,12 @@ static int search_policy_hash( continue; } - w = json_variant_by_key(v, "tpm2-policy-hash"); - if (!w || !json_variant_is_string(w)) + w = sd_json_variant_by_key(v, "tpm2-policy-hash"); + if (!w || !sd_json_variant_is_string(w)) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "TPM2 token data lacks 'tpm2-policy-hash' field."); - r = unhexmem(json_variant_string(w), &thash, &thash_size); + r = unhexmem(sd_json_variant_string(w), &thash, &thash_size); if (r < 0) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid base64 data in 'tpm2-policy-hash' field."); @@ -257,7 +258,7 @@ int enroll_tpm2(struct crypt_device *cd, const char *pcrlock_path, int *ret_slot_to_wipe) { - _cleanup_(json_variant_unrefp) JsonVariant *v = NULL, *signature_json = NULL; + _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL, *signature_json = NULL; _cleanup_(erase_and_freep) char *base64_encoded = NULL; _cleanup_(iovec_done) struct iovec srk = {}, blob = {}, pubkey = {}; _cleanup_(iovec_done_erase) struct iovec secret = {}; diff --git a/src/cryptenroll/cryptenroll-wipe.c b/src/cryptenroll/cryptenroll-wipe.c index 314ebd3113..703342f758 100644 --- a/src/cryptenroll/cryptenroll-wipe.c +++ b/src/cryptenroll/cryptenroll-wipe.c @@ -1,8 +1,10 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ +#include "sd-json.h" + #include "cryptenroll-wipe.h" #include "cryptenroll.h" -#include "json.h" +#include "json-util.h" #include "memory-util.h" #include "parse-util.h" #include "set.h" @@ -100,8 +102,8 @@ static int find_slots_by_mask( /* Find all slots that are associated with a token of a type in the specified token type mask */ for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) { - _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; - JsonVariant *w, *z; + _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL; + sd_json_variant *w, *z; EnrollType t; r = cryptsetup_get_token_as_json(cd, token, NULL, &v); @@ -112,16 +114,16 @@ static int find_slots_by_mask( continue; } - w = json_variant_by_key(v, "type"); - if (!w || !json_variant_is_string(w)) { + w = sd_json_variant_by_key(v, "type"); + if (!w || !sd_json_variant_is_string(w)) { log_warning("Token JSON data lacks type field, ignoring."); continue; } - t = luks2_token_type_from_string(json_variant_string(w)); + t = luks2_token_type_from_string(sd_json_variant_string(w)); - w = json_variant_by_key(v, "keyslots"); - if (!w || !json_variant_is_array(w)) { + w = sd_json_variant_by_key(v, "keyslots"); + if (!w || !sd_json_variant_is_array(w)) { log_warning("Token JSON data lacks keyslots field, ignoring."); continue; } @@ -129,12 +131,12 @@ static int find_slots_by_mask( JSON_VARIANT_ARRAY_FOREACH(z, w) { int slot; - if (!json_variant_is_string(z)) { + if (!sd_json_variant_is_string(z)) { log_warning("Token JSON data's keyslot field is not an array of strings, ignoring."); continue; } - r = safe_atoi(json_variant_string(z), &slot); + r = safe_atoi(sd_json_variant_string(z), &slot); if (r < 0) { log_warning_errno(r, "Token JSON data's keyslot filed is not an integer formatted as string, ignoring."); continue; @@ -200,9 +202,9 @@ static int find_slot_tokens(struct crypt_device *cd, Set *wipe_slots, Set *keep_ * the slots sets according to the token data: add any other slots listed in the tokens we act on. */ for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) { - _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; + _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL; bool shall_wipe = false; - JsonVariant *w, *z; + sd_json_variant *w, *z; r = cryptsetup_get_token_as_json(cd, token, NULL, &v); if (IN_SET(r, -ENOENT, -EINVAL)) @@ -212,8 +214,8 @@ static int find_slot_tokens(struct crypt_device *cd, Set *wipe_slots, Set *keep_ continue; } - w = json_variant_by_key(v, "keyslots"); - if (!w || !json_variant_is_array(w)) { + w = sd_json_variant_by_key(v, "keyslots"); + if (!w || !sd_json_variant_is_array(w)) { log_warning("Token JSON data lacks keyslots field, ignoring."); continue; } @@ -222,12 +224,12 @@ static int find_slot_tokens(struct crypt_device *cd, Set *wipe_slots, Set *keep_ JSON_VARIANT_ARRAY_FOREACH(z, w) { int slot; - if (!json_variant_is_string(z)) { + if (!sd_json_variant_is_string(z)) { log_warning("Token JSON data's keyslot field is not an array of strings, ignoring."); continue; } - r = safe_atoi(json_variant_string(z), &slot); + r = safe_atoi(sd_json_variant_string(z), &slot); if (r < 0) { log_warning_errno(r, "Token JSON data's keyslot filed is not an integer formatted as string, ignoring."); continue; @@ -249,9 +251,9 @@ static int find_slot_tokens(struct crypt_device *cd, Set *wipe_slots, Set *keep_ JSON_VARIANT_ARRAY_FOREACH(z, w) { int slot; - if (!json_variant_is_string(z)) + if (!sd_json_variant_is_string(z)) continue; - if (safe_atoi(json_variant_string(z), &slot) < 0) + if (safe_atoi(sd_json_variant_string(z), &slot) < 0) continue; if (set_put(shall_wipe ? wipe_slots : keep_slots, INT_TO_PTR(slot)) < 0) |