diff options
| -rw-r--r-- | src/basic/env-util.c | 2 | ||||
| -rw-r--r-- | src/basic/env-util.h | 2 | ||||
| -rw-r--r-- | src/basic/initrd-util.c | 2 | ||||
| -rw-r--r-- | src/basic/locale-util.c | 2 | ||||
| -rw-r--r-- | src/basic/log.c | 2 | ||||
| -rw-r--r-- | src/fstab-generator/fstab-generator.c | 2 | ||||
| -rw-r--r-- | src/libsystemd/sd-device/sd-device.c | 2 | ||||
| -rw-r--r-- | src/libsystemd/sd-event/sd-event.c | 2 | ||||
| -rw-r--r-- | src/nss-resolve/nss-resolve.c | 3 | ||||
| -rw-r--r-- | src/nss-systemd/nss-systemd.c | 12 | ||||
| -rw-r--r-- | src/nss-systemd/userdb-glue.c | 2 | ||||
| -rw-r--r-- | src/shared/creds-util.c | 4 | ||||
| -rw-r--r-- | src/shared/dissect-image.c | 6 | ||||
| -rw-r--r-- | src/shared/efi-loader.c | 2 | ||||
| -rw-r--r-- | src/shared/pager.c | 2 | ||||
| -rw-r--r-- | src/shared/seccomp-util.c | 2 | ||||
| -rw-r--r-- | src/test/test-nss-hosts.c | 2 |
17 files changed, 26 insertions, 25 deletions
diff --git a/src/basic/env-util.c b/src/basic/env-util.c index 3bb2654657..bc121228d5 100644 --- a/src/basic/env-util.c +++ b/src/basic/env-util.c @@ -963,7 +963,7 @@ int getenv_bool(const char *p) { return parse_boolean(e); } -int getenv_bool_secure(const char *p) { +int secure_getenv_bool(const char *p) { const char *e; e = secure_getenv(p); diff --git a/src/basic/env-util.h b/src/basic/env-util.h index 15d867a3d9..3ac1dfb379 100644 --- a/src/basic/env-util.h +++ b/src/basic/env-util.h @@ -62,7 +62,7 @@ static inline char* strv_env_get(char * const *x, const char *n) { char *strv_env_pairs_get(char **l, const char *name) _pure_; int getenv_bool(const char *p); -int getenv_bool_secure(const char *p); +int secure_getenv_bool(const char *p); int getenv_uint64_secure(const char *p, uint64_t *ret); diff --git a/src/basic/initrd-util.c b/src/basic/initrd-util.c index 03ccfbe483..d3aa933977 100644 --- a/src/basic/initrd-util.c +++ b/src/basic/initrd-util.c @@ -21,7 +21,7 @@ bool in_initrd(void) { * This can be overridden by setting SYSTEMD_IN_INITRD=0|1. */ - r = getenv_bool_secure("SYSTEMD_IN_INITRD"); + r = secure_getenv_bool("SYSTEMD_IN_INITRD"); if (r < 0 && r != -ENXIO) log_debug_errno(r, "Failed to parse $SYSTEMD_IN_INITRD, ignoring: %m"); diff --git a/src/basic/locale-util.c b/src/basic/locale-util.c index e6da5dbc63..23565273dd 100644 --- a/src/basic/locale-util.c +++ b/src/basic/locale-util.c @@ -295,7 +295,7 @@ bool is_locale_utf8(void) { if (cached_answer >= 0) goto out; - r = getenv_bool_secure("SYSTEMD_UTF8"); + r = secure_getenv_bool("SYSTEMD_UTF8"); if (r >= 0) { cached_answer = r; goto out; diff --git a/src/basic/log.c b/src/basic/log.c index 7ddca92afa..172a2c8ada 100644 --- a/src/basic/log.c +++ b/src/basic/log.c @@ -1674,7 +1674,7 @@ bool log_context_enabled(void) { if (saved_log_context_enabled >= 0) return saved_log_context_enabled; - r = getenv_bool_secure("SYSTEMD_ENABLE_LOG_CONTEXT"); + r = secure_getenv_bool("SYSTEMD_ENABLE_LOG_CONTEXT"); if (r < 0 && r != -ENXIO) log_debug_errno(r, "Failed to parse $SYSTEMD_ENABLE_LOG_CONTEXT, ignoring: %m"); diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c index 3a1d2f38db..7a235c5bf4 100644 --- a/src/fstab-generator/fstab-generator.c +++ b/src/fstab-generator/fstab-generator.c @@ -824,7 +824,7 @@ static bool sysfs_check(void) { int r; if (cached < 0) { - r = getenv_bool_secure("SYSTEMD_SYSFS_CHECK"); + r = secure_getenv_bool("SYSTEMD_SYSFS_CHECK"); if (r < 0 && r != -ENXIO) log_debug_errno(r, "Failed to parse $SYSTEMD_SYSFS_CHECK, ignoring: %m"); cached = r != 0; diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c index bfc2a8a9ca..9a34015738 100644 --- a/src/libsystemd/sd-device/sd-device.c +++ b/src/libsystemd/sd-device/sd-device.c @@ -214,7 +214,7 @@ int device_set_syspath(sd_device *device, const char *_syspath, bool verify) { /* Only operate on sysfs, i.e. refuse going down into /sys/fs/cgroup/ or similar places where * things are not arranged as kobjects in kernel, and hence don't necessarily have * kobject/attribute structure. */ - r = getenv_bool_secure("SYSTEMD_DEVICE_VERIFY_SYSFS"); + r = secure_getenv_bool("SYSTEMD_DEVICE_VERIFY_SYSFS"); if (r < 0 && r != -ENXIO) log_debug_errno(r, "Failed to parse $SYSTEMD_DEVICE_VERIFY_SYSFS value: %m"); if (r != 0) { diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c index 338609b186..c651d59502 100644 --- a/src/libsystemd/sd-event/sd-event.c +++ b/src/libsystemd/sd-event/sd-event.c @@ -1574,7 +1574,7 @@ static int child_exit_callback(sd_event_source *s, const siginfo_t *si, void *us static bool shall_use_pidfd(void) { /* Mostly relevant for debugging, i.e. this is used in test-event.c to test the event loop once with and once without pidfd */ - return getenv_bool_secure("SYSTEMD_PIDFD") != 0; + return secure_getenv_bool("SYSTEMD_PIDFD") != 0; } _public_ int sd_event_add_child( diff --git a/src/nss-resolve/nss-resolve.c b/src/nss-resolve/nss-resolve.c index ce8c064004..3cefb6394c 100644 --- a/src/nss-resolve/nss-resolve.c +++ b/src/nss-resolve/nss-resolve.c @@ -202,9 +202,10 @@ static uint64_t query_flag( const char *name, const int value, uint64_t flag) { + int r; - r = getenv_bool_secure(name); + r = secure_getenv_bool(name); if (r >= 0) return r == value ? flag : 0; if (r != -ENXIO) diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c index 1d6e25399f..8e8d4cf1cb 100644 --- a/src/nss-systemd/nss-systemd.c +++ b/src/nss-systemd/nss-systemd.c @@ -306,7 +306,7 @@ enum nss_status _nss_systemd_getpwnam_r( return NSS_STATUS_NOTFOUND; /* Synthesize entries for the root and nobody users, in case they are missing in /etc/passwd */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { + if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { if (streq(name, root_passwd.pw_name)) return copy_synthesized_passwd(pwd, &root_passwd, @@ -354,7 +354,7 @@ enum nss_status _nss_systemd_getpwuid_r( return NSS_STATUS_NOTFOUND; /* Synthesize data for the root user and for nobody in case they are missing from /etc/passwd */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { + if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { if (uid == root_passwd.pw_uid) return copy_synthesized_passwd(pwd, &root_passwd, @@ -403,7 +403,7 @@ enum nss_status _nss_systemd_getspnam_r( return NSS_STATUS_NOTFOUND; /* Synthesize entries for the root and nobody users, in case they are missing in /etc/passwd */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { + if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { if (streq(name, root_spwd.sp_namp)) return copy_synthesized_spwd(spwd, &root_spwd, buffer, buflen, errnop); @@ -450,7 +450,7 @@ enum nss_status _nss_systemd_getgrnam_r( return NSS_STATUS_NOTFOUND; /* Synthesize records for root and nobody, in case they are missing from /etc/group */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { + if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { if (streq(name, root_group.gr_name)) return copy_synthesized_group(gr, &root_group, buffer, buflen, errnop); @@ -494,7 +494,7 @@ enum nss_status _nss_systemd_getgrgid_r( return NSS_STATUS_NOTFOUND; /* Synthesize records for root and nobody, in case they are missing from /etc/group */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { + if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { if (gid == root_group.gr_gid) return copy_synthesized_group(gr, &root_group, buffer, buflen, errnop); @@ -539,7 +539,7 @@ enum nss_status _nss_systemd_getsgnam_r( return NSS_STATUS_NOTFOUND; /* Synthesize records for root and nobody, in case they are missing from /etc/group */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { + if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { if (streq(name, root_sgrp.sg_namp)) return copy_synthesized_sgrp(sgrp, &root_sgrp, buffer, buflen, errnop); diff --git a/src/nss-systemd/userdb-glue.c b/src/nss-systemd/userdb-glue.c index c69667d660..b02d89a20b 100644 --- a/src/nss-systemd/userdb-glue.c +++ b/src/nss-systemd/userdb-glue.c @@ -14,7 +14,7 @@ UserDBFlags nss_glue_userdb_flags(void) { UserDBFlags flags = USERDB_EXCLUDE_NSS; /* Make sure that we don't go in circles when allocating a dynamic UID by checking our own database */ - if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0) + if (secure_getenv_bool("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0) flags |= USERDB_EXCLUDE_DYNAMIC_USER; return flags; diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c index a495f82b87..2d5846a06f 100644 --- a/src/shared/creds-util.c +++ b/src/shared/creds-util.c @@ -1489,7 +1489,7 @@ int decrypt_credential_and_warn( if (validate_name && !streq(embedded_name, validate_name)) { - r = getenv_bool_secure("SYSTEMD_CREDENTIAL_VALIDATE_NAME"); + r = secure_getenv_bool("SYSTEMD_CREDENTIAL_VALIDATE_NAME"); if (r < 0 && r != -ENXIO) log_debug_errno(r, "Failed to parse $SYSTEMD_CREDENTIAL_VALIDATE_NAME: %m"); if (r != 0) @@ -1505,7 +1505,7 @@ int decrypt_credential_and_warn( if (le64toh(m->not_after) != USEC_INFINITY && le64toh(m->not_after) < validate_timestamp) { - r = getenv_bool_secure("SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER"); + r = secure_getenv_bool("SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER"); if (r < 0 && r != -ENXIO) log_debug_errno(r, "Failed to parse $SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER: %m"); if (r != 0) diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 216c036a31..763fdf1cbf 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -2628,7 +2628,7 @@ static int do_crypt_activate_verity( assert(verity); if (verity->root_hash_sig) { - r = getenv_bool_secure("SYSTEMD_DISSECT_VERITY_SIGNATURE"); + r = secure_getenv_bool("SYSTEMD_DISSECT_VERITY_SIGNATURE"); if (r < 0 && r != -ENXIO) log_debug_errno(r, "Failed to parse $SYSTEMD_DISSECT_VERITY_SIGNATURE"); @@ -3100,7 +3100,7 @@ int verity_settings_load( if (is_device_path(image)) return 0; - r = getenv_bool_secure("SYSTEMD_DISSECT_VERITY_SIDECAR"); + r = secure_getenv_bool("SYSTEMD_DISSECT_VERITY_SIDECAR"); if (r < 0 && r != -ENXIO) log_debug_errno(r, "Failed to parse $SYSTEMD_DISSECT_VERITY_SIDECAR, ignoring: %m"); if (r == 0) @@ -3285,7 +3285,7 @@ int dissected_image_load_verity_sig_partition( if (verity->root_hash && verity->root_hash_sig) /* Already loaded? */ return 0; - r = getenv_bool_secure("SYSTEMD_DISSECT_VERITY_EMBEDDED"); + r = secure_getenv_bool("SYSTEMD_DISSECT_VERITY_EMBEDDED"); if (r < 0 && r != -ENXIO) log_debug_errno(r, "Failed to parse $SYSTEMD_DISSECT_VERITY_EMBEDDED, ignoring: %m"); if (r == 0) diff --git a/src/shared/efi-loader.c b/src/shared/efi-loader.c index 7d6bda924a..ab377aaa8b 100644 --- a/src/shared/efi-loader.c +++ b/src/shared/efi-loader.c @@ -262,7 +262,7 @@ int efi_measured_uki(int log_level) { * being used, but it measured things into a different PCR than we are configured for in * userspace. (i.e. we expect PCR 11 being used for this by both sd-stub and us) */ - r = getenv_bool_secure("SYSTEMD_FORCE_MEASURE"); /* Give user a chance to override the variable test, + r = secure_getenv_bool("SYSTEMD_FORCE_MEASURE"); /* Give user a chance to override the variable test, * for debugging purposes */ if (r >= 0) return (cached = r); diff --git a/src/shared/pager.c b/src/shared/pager.c index 19deefab56..9b8ae76700 100644 --- a/src/shared/pager.c +++ b/src/shared/pager.c @@ -175,7 +175,7 @@ void pager_open(PagerFlags flags) { * pager. If they didn't, use secure mode when under euid is changed. If $SYSTEMD_PAGERSECURE * wasn't explicitly set, and we autodetect the need for secure mode, only use the pager we * know to be good. */ - int use_secure_mode = getenv_bool_secure("SYSTEMD_PAGERSECURE"); + int use_secure_mode = secure_getenv_bool("SYSTEMD_PAGERSECURE"); bool trust_pager = use_secure_mode >= 0; if (use_secure_mode == -ENXIO) { uid_t uid; diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index 00a8cedcb8..2469e24253 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -298,7 +298,7 @@ bool is_seccomp_available(void) { if (cached_enabled < 0) { int b; - b = getenv_bool_secure("SYSTEMD_SECCOMP"); + b = secure_getenv_bool("SYSTEMD_SECCOMP"); if (b != 0) { if (b < 0 && b != -ENXIO) /* ENXIO: env var unset */ log_debug_errno(b, "Failed to parse $SYSTEMD_SECCOMP value, ignoring."); diff --git a/src/test/test-nss-hosts.c b/src/test/test-nss-hosts.c index 72a9c6454c..2f1810d93b 100644 --- a/src/test/test-nss-hosts.c +++ b/src/test/test-nss-hosts.c @@ -140,7 +140,7 @@ static void test_gethostbyname4_r(void *handle, const char *module, const char * assert_se(status == NSS_STATUS_SUCCESS); assert_se(n == socket_ipv6_is_enabled() + 1); - } else if (streq(module, "resolve") && getenv_bool_secure("SYSTEMD_NSS_RESOLVE_SYNTHESIZE") != 0) { + } else if (streq(module, "resolve") && secure_getenv_bool("SYSTEMD_NSS_RESOLVE_SYNTHESIZE") != 0) { assert_se(status == NSS_STATUS_SUCCESS); if (socket_ipv6_is_enabled()) assert_se(n == 2); |