summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/basic/env-util.c4
-rw-r--r--src/basic/env-util.h4
-rw-r--r--src/basic/initrd-util.c2
-rw-r--r--src/basic/locale-util.c2
-rw-r--r--src/basic/log.c2
-rw-r--r--src/fstab-generator/fstab-generator.c2
-rw-r--r--src/libsystemd/sd-device/sd-device.c2
-rw-r--r--src/libsystemd/sd-event/sd-event.c2
-rw-r--r--src/nss-resolve/nss-resolve.c3
-rw-r--r--src/nss-systemd/nss-systemd.c12
-rw-r--r--src/nss-systemd/userdb-glue.c2
-rw-r--r--src/shared/creds-util.c4
-rw-r--r--src/shared/dissect-image.c6
-rw-r--r--src/shared/efi-loader.c2
-rw-r--r--src/shared/pager.c2
-rw-r--r--src/shared/seccomp-util.c2
-rw-r--r--src/sysusers/sysusers.c2
-rw-r--r--src/test/test-nss-hosts.c2
18 files changed, 29 insertions, 28 deletions
diff --git a/src/basic/env-util.c b/src/basic/env-util.c
index 3bb2654657..7608f90a4a 100644
--- a/src/basic/env-util.c
+++ b/src/basic/env-util.c
@@ -963,7 +963,7 @@ int getenv_bool(const char *p) {
return parse_boolean(e);
}
-int getenv_bool_secure(const char *p) {
+int secure_getenv_bool(const char *p) {
const char *e;
e = secure_getenv(p);
@@ -973,7 +973,7 @@ int getenv_bool_secure(const char *p) {
return parse_boolean(e);
}
-int getenv_uint64_secure(const char *p, uint64_t *ret) {
+int secure_getenv_uint64(const char *p, uint64_t *ret) {
const char *e;
assert(p);
diff --git a/src/basic/env-util.h b/src/basic/env-util.h
index 15d867a3d9..6610ca8ca1 100644
--- a/src/basic/env-util.h
+++ b/src/basic/env-util.h
@@ -62,9 +62,9 @@ static inline char* strv_env_get(char * const *x, const char *n) {
char *strv_env_pairs_get(char **l, const char *name) _pure_;
int getenv_bool(const char *p);
-int getenv_bool_secure(const char *p);
+int secure_getenv_bool(const char *p);
-int getenv_uint64_secure(const char *p, uint64_t *ret);
+int secure_getenv_uint64(const char *p, uint64_t *ret);
/* Like setenv, but calls unsetenv if value == NULL. */
int set_unset_env(const char *name, const char *value, bool overwrite);
diff --git a/src/basic/initrd-util.c b/src/basic/initrd-util.c
index 03ccfbe483..d3aa933977 100644
--- a/src/basic/initrd-util.c
+++ b/src/basic/initrd-util.c
@@ -21,7 +21,7 @@ bool in_initrd(void) {
* This can be overridden by setting SYSTEMD_IN_INITRD=0|1.
*/
- r = getenv_bool_secure("SYSTEMD_IN_INITRD");
+ r = secure_getenv_bool("SYSTEMD_IN_INITRD");
if (r < 0 && r != -ENXIO)
log_debug_errno(r, "Failed to parse $SYSTEMD_IN_INITRD, ignoring: %m");
diff --git a/src/basic/locale-util.c b/src/basic/locale-util.c
index e6da5dbc63..23565273dd 100644
--- a/src/basic/locale-util.c
+++ b/src/basic/locale-util.c
@@ -295,7 +295,7 @@ bool is_locale_utf8(void) {
if (cached_answer >= 0)
goto out;
- r = getenv_bool_secure("SYSTEMD_UTF8");
+ r = secure_getenv_bool("SYSTEMD_UTF8");
if (r >= 0) {
cached_answer = r;
goto out;
diff --git a/src/basic/log.c b/src/basic/log.c
index 7ddca92afa..172a2c8ada 100644
--- a/src/basic/log.c
+++ b/src/basic/log.c
@@ -1674,7 +1674,7 @@ bool log_context_enabled(void) {
if (saved_log_context_enabled >= 0)
return saved_log_context_enabled;
- r = getenv_bool_secure("SYSTEMD_ENABLE_LOG_CONTEXT");
+ r = secure_getenv_bool("SYSTEMD_ENABLE_LOG_CONTEXT");
if (r < 0 && r != -ENXIO)
log_debug_errno(r, "Failed to parse $SYSTEMD_ENABLE_LOG_CONTEXT, ignoring: %m");
diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
index 3a1d2f38db..7a235c5bf4 100644
--- a/src/fstab-generator/fstab-generator.c
+++ b/src/fstab-generator/fstab-generator.c
@@ -824,7 +824,7 @@ static bool sysfs_check(void) {
int r;
if (cached < 0) {
- r = getenv_bool_secure("SYSTEMD_SYSFS_CHECK");
+ r = secure_getenv_bool("SYSTEMD_SYSFS_CHECK");
if (r < 0 && r != -ENXIO)
log_debug_errno(r, "Failed to parse $SYSTEMD_SYSFS_CHECK, ignoring: %m");
cached = r != 0;
diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
index bfc2a8a9ca..9a34015738 100644
--- a/src/libsystemd/sd-device/sd-device.c
+++ b/src/libsystemd/sd-device/sd-device.c
@@ -214,7 +214,7 @@ int device_set_syspath(sd_device *device, const char *_syspath, bool verify) {
/* Only operate on sysfs, i.e. refuse going down into /sys/fs/cgroup/ or similar places where
* things are not arranged as kobjects in kernel, and hence don't necessarily have
* kobject/attribute structure. */
- r = getenv_bool_secure("SYSTEMD_DEVICE_VERIFY_SYSFS");
+ r = secure_getenv_bool("SYSTEMD_DEVICE_VERIFY_SYSFS");
if (r < 0 && r != -ENXIO)
log_debug_errno(r, "Failed to parse $SYSTEMD_DEVICE_VERIFY_SYSFS value: %m");
if (r != 0) {
diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
index 338609b186..c651d59502 100644
--- a/src/libsystemd/sd-event/sd-event.c
+++ b/src/libsystemd/sd-event/sd-event.c
@@ -1574,7 +1574,7 @@ static int child_exit_callback(sd_event_source *s, const siginfo_t *si, void *us
static bool shall_use_pidfd(void) {
/* Mostly relevant for debugging, i.e. this is used in test-event.c to test the event loop once with and once without pidfd */
- return getenv_bool_secure("SYSTEMD_PIDFD") != 0;
+ return secure_getenv_bool("SYSTEMD_PIDFD") != 0;
}
_public_ int sd_event_add_child(
diff --git a/src/nss-resolve/nss-resolve.c b/src/nss-resolve/nss-resolve.c
index ce8c064004..3cefb6394c 100644
--- a/src/nss-resolve/nss-resolve.c
+++ b/src/nss-resolve/nss-resolve.c
@@ -202,9 +202,10 @@ static uint64_t query_flag(
const char *name,
const int value,
uint64_t flag) {
+
int r;
- r = getenv_bool_secure(name);
+ r = secure_getenv_bool(name);
if (r >= 0)
return r == value ? flag : 0;
if (r != -ENXIO)
diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c
index 1d6e25399f..8e8d4cf1cb 100644
--- a/src/nss-systemd/nss-systemd.c
+++ b/src/nss-systemd/nss-systemd.c
@@ -306,7 +306,7 @@ enum nss_status _nss_systemd_getpwnam_r(
return NSS_STATUS_NOTFOUND;
/* Synthesize entries for the root and nobody users, in case they are missing in /etc/passwd */
- if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
+ if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
if (streq(name, root_passwd.pw_name))
return copy_synthesized_passwd(pwd, &root_passwd,
@@ -354,7 +354,7 @@ enum nss_status _nss_systemd_getpwuid_r(
return NSS_STATUS_NOTFOUND;
/* Synthesize data for the root user and for nobody in case they are missing from /etc/passwd */
- if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
+ if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
if (uid == root_passwd.pw_uid)
return copy_synthesized_passwd(pwd, &root_passwd,
@@ -403,7 +403,7 @@ enum nss_status _nss_systemd_getspnam_r(
return NSS_STATUS_NOTFOUND;
/* Synthesize entries for the root and nobody users, in case they are missing in /etc/passwd */
- if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
+ if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
if (streq(name, root_spwd.sp_namp))
return copy_synthesized_spwd(spwd, &root_spwd, buffer, buflen, errnop);
@@ -450,7 +450,7 @@ enum nss_status _nss_systemd_getgrnam_r(
return NSS_STATUS_NOTFOUND;
/* Synthesize records for root and nobody, in case they are missing from /etc/group */
- if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
+ if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
if (streq(name, root_group.gr_name))
return copy_synthesized_group(gr, &root_group, buffer, buflen, errnop);
@@ -494,7 +494,7 @@ enum nss_status _nss_systemd_getgrgid_r(
return NSS_STATUS_NOTFOUND;
/* Synthesize records for root and nobody, in case they are missing from /etc/group */
- if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
+ if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
if (gid == root_group.gr_gid)
return copy_synthesized_group(gr, &root_group, buffer, buflen, errnop);
@@ -539,7 +539,7 @@ enum nss_status _nss_systemd_getsgnam_r(
return NSS_STATUS_NOTFOUND;
/* Synthesize records for root and nobody, in case they are missing from /etc/group */
- if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
+ if (secure_getenv_bool("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) {
if (streq(name, root_sgrp.sg_namp))
return copy_synthesized_sgrp(sgrp, &root_sgrp, buffer, buflen, errnop);
diff --git a/src/nss-systemd/userdb-glue.c b/src/nss-systemd/userdb-glue.c
index c69667d660..b02d89a20b 100644
--- a/src/nss-systemd/userdb-glue.c
+++ b/src/nss-systemd/userdb-glue.c
@@ -14,7 +14,7 @@ UserDBFlags nss_glue_userdb_flags(void) {
UserDBFlags flags = USERDB_EXCLUDE_NSS;
/* Make sure that we don't go in circles when allocating a dynamic UID by checking our own database */
- if (getenv_bool_secure("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
+ if (secure_getenv_bool("SYSTEMD_NSS_DYNAMIC_BYPASS") > 0)
flags |= USERDB_EXCLUDE_DYNAMIC_USER;
return flags;
diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c
index a495f82b87..2d5846a06f 100644
--- a/src/shared/creds-util.c
+++ b/src/shared/creds-util.c
@@ -1489,7 +1489,7 @@ int decrypt_credential_and_warn(
if (validate_name && !streq(embedded_name, validate_name)) {
- r = getenv_bool_secure("SYSTEMD_CREDENTIAL_VALIDATE_NAME");
+ r = secure_getenv_bool("SYSTEMD_CREDENTIAL_VALIDATE_NAME");
if (r < 0 && r != -ENXIO)
log_debug_errno(r, "Failed to parse $SYSTEMD_CREDENTIAL_VALIDATE_NAME: %m");
if (r != 0)
@@ -1505,7 +1505,7 @@ int decrypt_credential_and_warn(
if (le64toh(m->not_after) != USEC_INFINITY && le64toh(m->not_after) < validate_timestamp) {
- r = getenv_bool_secure("SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER");
+ r = secure_getenv_bool("SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER");
if (r < 0 && r != -ENXIO)
log_debug_errno(r, "Failed to parse $SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER: %m");
if (r != 0)
diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c
index 216c036a31..763fdf1cbf 100644
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@@ -2628,7 +2628,7 @@ static int do_crypt_activate_verity(
assert(verity);
if (verity->root_hash_sig) {
- r = getenv_bool_secure("SYSTEMD_DISSECT_VERITY_SIGNATURE");
+ r = secure_getenv_bool("SYSTEMD_DISSECT_VERITY_SIGNATURE");
if (r < 0 && r != -ENXIO)
log_debug_errno(r, "Failed to parse $SYSTEMD_DISSECT_VERITY_SIGNATURE");
@@ -3100,7 +3100,7 @@ int verity_settings_load(
if (is_device_path(image))
return 0;
- r = getenv_bool_secure("SYSTEMD_DISSECT_VERITY_SIDECAR");
+ r = secure_getenv_bool("SYSTEMD_DISSECT_VERITY_SIDECAR");
if (r < 0 && r != -ENXIO)
log_debug_errno(r, "Failed to parse $SYSTEMD_DISSECT_VERITY_SIDECAR, ignoring: %m");
if (r == 0)
@@ -3285,7 +3285,7 @@ int dissected_image_load_verity_sig_partition(
if (verity->root_hash && verity->root_hash_sig) /* Already loaded? */
return 0;
- r = getenv_bool_secure("SYSTEMD_DISSECT_VERITY_EMBEDDED");
+ r = secure_getenv_bool("SYSTEMD_DISSECT_VERITY_EMBEDDED");
if (r < 0 && r != -ENXIO)
log_debug_errno(r, "Failed to parse $SYSTEMD_DISSECT_VERITY_EMBEDDED, ignoring: %m");
if (r == 0)
diff --git a/src/shared/efi-loader.c b/src/shared/efi-loader.c
index 7d6bda924a..ab377aaa8b 100644
--- a/src/shared/efi-loader.c
+++ b/src/shared/efi-loader.c
@@ -262,7 +262,7 @@ int efi_measured_uki(int log_level) {
* being used, but it measured things into a different PCR than we are configured for in
* userspace. (i.e. we expect PCR 11 being used for this by both sd-stub and us) */
- r = getenv_bool_secure("SYSTEMD_FORCE_MEASURE"); /* Give user a chance to override the variable test,
+ r = secure_getenv_bool("SYSTEMD_FORCE_MEASURE"); /* Give user a chance to override the variable test,
* for debugging purposes */
if (r >= 0)
return (cached = r);
diff --git a/src/shared/pager.c b/src/shared/pager.c
index 19deefab56..9b8ae76700 100644
--- a/src/shared/pager.c
+++ b/src/shared/pager.c
@@ -175,7 +175,7 @@ void pager_open(PagerFlags flags) {
* pager. If they didn't, use secure mode when under euid is changed. If $SYSTEMD_PAGERSECURE
* wasn't explicitly set, and we autodetect the need for secure mode, only use the pager we
* know to be good. */
- int use_secure_mode = getenv_bool_secure("SYSTEMD_PAGERSECURE");
+ int use_secure_mode = secure_getenv_bool("SYSTEMD_PAGERSECURE");
bool trust_pager = use_secure_mode >= 0;
if (use_secure_mode == -ENXIO) {
uid_t uid;
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 00a8cedcb8..2469e24253 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -298,7 +298,7 @@ bool is_seccomp_available(void) {
if (cached_enabled < 0) {
int b;
- b = getenv_bool_secure("SYSTEMD_SECCOMP");
+ b = secure_getenv_bool("SYSTEMD_SECCOMP");
if (b != 0) {
if (b < 0 && b != -ENXIO) /* ENXIO: env var unset */
log_debug_errno(b, "Failed to parse $SYSTEMD_SECCOMP value, ignoring.");
diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index 6e28b1cf8f..e443b10211 100644
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -569,7 +569,7 @@ static int write_temporary_passwd(
static usec_t epoch_or_now(void) {
uint64_t epoch;
- if (getenv_uint64_secure("SOURCE_DATE_EPOCH", &epoch) >= 0) {
+ if (secure_getenv_uint64("SOURCE_DATE_EPOCH", &epoch) >= 0) {
if (epoch > UINT64_MAX/USEC_PER_SEC) /* Overflow check */
return USEC_INFINITY;
return (usec_t) epoch * USEC_PER_SEC;
diff --git a/src/test/test-nss-hosts.c b/src/test/test-nss-hosts.c
index 72a9c6454c..2f1810d93b 100644
--- a/src/test/test-nss-hosts.c
+++ b/src/test/test-nss-hosts.c
@@ -140,7 +140,7 @@ static void test_gethostbyname4_r(void *handle, const char *module, const char *
assert_se(status == NSS_STATUS_SUCCESS);
assert_se(n == socket_ipv6_is_enabled() + 1);
- } else if (streq(module, "resolve") && getenv_bool_secure("SYSTEMD_NSS_RESOLVE_SYNTHESIZE") != 0) {
+ } else if (streq(module, "resolve") && secure_getenv_bool("SYSTEMD_NSS_RESOLVE_SYNTHESIZE") != 0) {
assert_se(status == NSS_STATUS_SUCCESS);
if (socket_ipv6_is_enabled())
assert_se(n == 2);