24319958878

Committed 12 Apr 2026 08:20PM UTC coverage: 72.107% (+1.6%) from 70.514%

Build # 24319958878

Build Type

push

github

Committed by

bluca

Commit Message

nss-systemd: fix off-by-one in nss_pack_group_record_shadow()

nss_count_strv() counts trailing NULL pointers in n. The pointer area
then used (n + 1), reserving one slot more than the size check
accounted for.

Drop the + 1 since n already includes the trailing NULLs, unlike the
non-shadow nss_pack_group_record() where n does not.

Fixes: https://github.com/systemd/systemd/issues/41591

Coverage Stats

0 of 1 new or added line in 1 file covered. (0.0%)

1275 existing lines in 56 files now uncovered.

319881 of 443617 relevant lines covered (72.11%)

1260063.45 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

60.73

/src/debug-generator/debug-generator.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <unistd.h>

#include "alloc-util.h"
#include "bitfield.h"
#include "creds-util.h"
#include "dropin.h"
#include "errno-util.h"
#include "extract-word.h"
#include "fileio.h"
#include "log.h"
#include "generator.h"
#include "initrd-util.h"
#include "parse-util.h"
#include "path-util.h"
#include "proc-cmdline.h"
#include "recurse-dir.h"
#include "special.h"
#include "string-util.h"
#include "strv.h"
#include "unit-file.h"
#include "unit-name.h"

static const char *arg_dest = NULL;
static char *arg_default_unit = NULL;
static char **arg_mask = NULL;
static char **arg_wants = NULL;
static bool arg_debug_shell = false;
static char *arg_debug_tty = NULL;
static char *arg_default_debug_tty = NULL;
static uint32_t arg_breakpoints = 0;

STATIC_DESTRUCTOR_REGISTER(arg_default_unit, freep);
STATIC_DESTRUCTOR_REGISTER(arg_mask, strv_freep);
STATIC_DESTRUCTOR_REGISTER(arg_wants, strv_freep);
STATIC_DESTRUCTOR_REGISTER(arg_debug_tty, freep);
STATIC_DESTRUCTOR_REGISTER(arg_default_debug_tty, freep);

typedef enum BreakpointType {
        BREAKPOINT_PRE_UDEV,
        BREAKPOINT_PRE_BASIC,
        BREAKPOINT_PRE_SYSROOT_MOUNT,
        BREAKPOINT_PRE_SWITCH_ROOT,
        _BREAKPOINT_TYPE_MAX,
        _BREAKPOINT_TYPE_INVALID = -EINVAL,
} BreakpointType;

typedef enum BreakpointValidity {
        BREAKPOINT_DEFAULT   = 1 << 0,
        BREAKPOINT_IN_INITRD = 1 << 1,
        BREAKPOINT_ON_HOST   = 1 << 2,
} BreakpointValidity;

typedef struct BreakpointInfo {
        BreakpointType type;
        const char *name;
        const char *unit;
        BreakpointValidity validity;
} BreakpointInfo;

static const struct BreakpointInfo breakpoint_info_table[_BREAKPOINT_TYPE_MAX] = {
        { BREAKPOINT_PRE_UDEV,          "pre-udev",        "breakpoint-pre-udev.service",        BREAKPOINT_IN_INITRD | BREAKPOINT_ON_HOST },
        { BREAKPOINT_PRE_BASIC,         "pre-basic",       "breakpoint-pre-basic.service",       BREAKPOINT_IN_INITRD | BREAKPOINT_ON_HOST },
        { BREAKPOINT_PRE_SYSROOT_MOUNT, "pre-mount",       "breakpoint-pre-mount.service",       BREAKPOINT_IN_INITRD                      },
        { BREAKPOINT_PRE_SWITCH_ROOT,   "pre-switch-root", "breakpoint-pre-switch-root.service", BREAKPOINT_IN_INITRD | BREAKPOINT_DEFAULT },
};

static bool breakpoint_applies(const BreakpointInfo *info, int log_level) {
        assert(info);

        if (in_initrd() && !FLAGS_SET(info->validity, BREAKPOINT_IN_INITRD))
                log_full(log_level, "Breakpoint '%s' not valid in the initrd, ignoring.", info->name);
        else if (!in_initrd() && !FLAGS_SET(info->validity, BREAKPOINT_ON_HOST))
                log_full(log_level, "Breakpoint '%s' not valid on the host, ignoring.", info->name);
        else
                return true;

        return false;
}

static BreakpointType parse_breakpoint_from_string_one(const char *s) {
        assert(s);

        FOREACH_ELEMENT(i, breakpoint_info_table)
                if (streq(i->name, s))
                        return i->type;

        return _BREAKPOINT_TYPE_INVALID;
}

static int parse_breakpoint_from_string(const char *s, uint32_t *ret_breakpoints) {
        uint32_t breakpoints = 0;
        int r;

        assert(ret_breakpoints);

        /* Empty value? set default breakpoint */
        if (isempty(s)) {
                bool found_default = false;

                FOREACH_ELEMENT(i, breakpoint_info_table)
                        if (FLAGS_SET(i->validity, BREAKPOINT_DEFAULT) && breakpoint_applies(i, INT_MAX)) {
                                assert(i->type >= 0 && i->type < _BREAKPOINT_TYPE_MAX); /* silence coverity */
                                breakpoints |= UINT32_C(1) << i->type;
                                found_default = true;
                                break;
                        }

                if (!found_default)
                        log_warning("No default breakpoint defined %s, ignoring.",
                                    in_initrd() ? "in the initrd" : "on the host");
        } else
                for (;;) {
                        _cleanup_free_ char *t = NULL;
                        BreakpointType tt;

                        r = extract_first_word(&s, &t, ",", EXTRACT_DONT_COALESCE_SEPARATORS);
                        if (r < 0)
                                return r;
                        if (r == 0)
                                break;

                        tt = parse_breakpoint_from_string_one(t);
                        if (tt < 0) {
                                log_warning("Invalid breakpoint value '%s', ignoring.", t);
                                continue;
                        }

                        if (breakpoint_applies(&breakpoint_info_table[tt], LOG_WARNING))
                                breakpoints |= UINT32_C(1) << tt;
                }

        *ret_breakpoints = breakpoints;

        return 0;
}

static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
        int r;

        assert(key);

        if (streq(key, "systemd.mask")) {
                char *n;

                if (proc_cmdline_value_missing(key, value))
                        return 0;

                r = unit_name_mangle(value, UNIT_NAME_MANGLE_WARN, &n);
                if (r < 0)
                        return log_error_errno(r, "Failed to glob unit name: %m");

                if (strv_consume(&arg_mask, n) < 0)
                        return log_oom();

        } else if (streq(key, "systemd.wants")) {
                char *n;

                if (proc_cmdline_value_missing(key, value))
                        return 0;

                r = unit_name_mangle(value, UNIT_NAME_MANGLE_WARN, &n);
                if (r < 0)
                        return log_error_errno(r, "Failed to glob unit name: %m");

                if (strv_consume(&arg_wants, n) < 0)
                        return log_oom();

        } else if (proc_cmdline_key_streq(key, "systemd.debug_shell")) {

                r = value ? parse_boolean(value) : 1;
                arg_debug_shell = r != 0;
                if (r >= 0)
                        return 0;

                return free_and_strdup_warn(&arg_debug_tty, skip_dev_prefix(value));

        } else if (proc_cmdline_key_streq(key, "systemd.default_debug_tty")) {

                if (proc_cmdline_value_missing(key, value))
                        return 0;

                return free_and_strdup_warn(&arg_default_debug_tty, skip_dev_prefix(value));

        } else if (streq(key, "systemd.unit")) {

                if (proc_cmdline_value_missing(key, value))
                        return 0;

                return free_and_strdup_warn(&arg_default_unit, value);

        } else if (streq(key, "systemd.break")) {
                uint32_t breakpoints = 0;

                r = parse_breakpoint_from_string(value, &breakpoints);
                if (r < 0)
                        return log_warning_errno(r, "Failed to parse breakpoint value '%s': %m", value);

                arg_breakpoints |= breakpoints;

        } else if (!value) {
                const char *target;

                target = runlevel_to_target(key);
                if (target)
                        return free_and_strdup_warn(&arg_default_unit, target);
        }

        return 0;
}

static int generate_mask_symlinks(void) {
        int r = 0;

        STRV_FOREACH(u, arg_mask) {
                _cleanup_free_ char *p = NULL;

                p = path_join(arg_dest, *u);
                if (!p)
                        return log_oom();

                if (symlink("/dev/null", p) < 0)
                        RET_GATHER(r, log_error_errno(errno, "Failed to create mask symlink '%s': %m", p));
        }

        return r;
}

static int generate_wants_symlinks(void) {
        int r = 0;

        STRV_FOREACH(u, arg_wants) {
                _cleanup_free_ char *f = NULL;
                const char *target;

                /* This should match what do_queue_default_job() in core/main.c does. */
                if (arg_default_unit)
                        target = arg_default_unit;
                else if (in_initrd())
                        target = SPECIAL_INITRD_TARGET;
                else
                        target = SPECIAL_DEFAULT_TARGET;

                f = path_join(SYSTEM_DATA_UNIT_DIR, *u);
                if (!f)
                        return log_oom();

                RET_GATHER(r, generator_add_symlink(arg_dest, target, "wants", f));
        }

        return r;
}

static int install_debug_shell_dropin(void) {
        const char *tty = arg_debug_tty ?: arg_default_debug_tty;
        int r;

        if (!tty || path_equal(tty, skip_dev_prefix(DEBUGTTY)))
                return 0;

        r = write_drop_in_format(arg_dest, "debug-shell.service", 50, "tty",
                                 "# Automatically generated by systemd-debug-generator\n\n"
                                 "[Unit]\n"
                                 "Description=Early root shell on /dev/%s FOR DEBUGGING ONLY\n"
                                 "ConditionPathExists=\n"
                                 "\n[Service]\n"
                                 "TTYPath=/dev/%s\n",
                                 tty, tty);
        if (r < 0)
                return log_warning_errno(r, "Failed to write drop-in for debug-shell.service: %m");

        return 1;
}

static int process_unit_credentials(const char *credentials_dir) {
        _cleanup_free_ DirectoryEntries *des = NULL;
        int r;

        assert(credentials_dir);

        r = readdir_all_at(AT_FDCWD, credentials_dir, RECURSE_DIR_SORT|RECURSE_DIR_IGNORE_DOT|RECURSE_DIR_ENSURE_TYPE, &des);
        if (r < 0)
                return log_error_errno(r, "Failed to enumerate credentials from credentials directory '%s': %m", credentials_dir);

        FOREACH_ARRAY(i, des->entries, des->n_entries) {
                struct dirent *de = *i;
                const char *unit, *dropin;

                if (de->d_type != DT_REG)
                        continue;

                unit = startswith(de->d_name, "systemd.extra-unit.");
                dropin = startswith(de->d_name, "systemd.unit-dropin.");

                if (!unit && !dropin)
                        continue;

                _cleanup_free_ char *d = NULL;

                r = read_credential_with_decryption(de->d_name, (void**) &d, NULL);
                if (r < 0) {
                        log_warning_errno(r, "Failed to read credential '%s', ignoring: %m", de->d_name);
                        continue;
                }

                if (unit) {
                        _cleanup_free_ char *p = NULL;

                        if (!unit_name_is_valid(unit, UNIT_NAME_ANY)) {
                                log_warning("Invalid unit name '%s' in credential '%s', ignoring.",
                                            unit, de->d_name);
                                continue;
                        }

                        p = path_join(arg_dest, unit);
                        if (!p)
                                return log_oom();

                        r = write_string_file(p, d, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_MKDIR_0755|WRITE_STRING_FILE_LABEL);
                        if (r < 0) {
                                log_warning_errno(r, "Failed to write unit file '%s' from credential '%s', ignoring: %m",
                                                  unit, de->d_name);
                                continue;
                        }

                        log_debug("Wrote unit file '%s' from credential '%s'", unit, de->d_name);

                } else if (dropin) {
                        _cleanup_free_ char *dropin_unit = NULL;
                        const char *tilde, *dropin_name;

                        tilde = strchrnul(dropin, '~');
                        dropin_unit = strndup(dropin, tilde - dropin);
                        if (!dropin_unit)
                                return log_oom();

                        if (!unit_name_is_valid(dropin_unit, UNIT_NAME_ANY)) {
                                log_warning("Invalid unit name '%s' in credential '%s', ignoring.",
                                            dropin_unit, de->d_name);
                                continue;
                        }

                        dropin_name = isempty(tilde) ? "50-credential" : tilde + 1;
                        if (isempty(dropin_name)) {
                                log_warning("Empty drop-in name for unit '%s' in credential '%s', ignoring.",
                                            dropin_unit, de->d_name);
                                continue;
                        }

                        r = write_drop_in(arg_dest, dropin_unit, /* level= */ UINT_MAX, dropin_name, d);
                        if (r < 0) {
                                log_warning_errno(r, "Failed to write drop-in '%s' for unit '%s' from credential '%s', ignoring: %m",
                                                  dropin_name, dropin_unit, de->d_name);
                                continue;
                        }

                        log_debug("Wrote drop-in '%s' for unit '%s' from credential '%s'", dropin_name, dropin_unit, de->d_name);
                } else
                        assert_not_reached();
        }

        return 0;
}

static int run(const char *dest, const char *dest_early, const char *dest_late) {
        const char *credentials_dir;
        int r;

        assert_se(arg_dest = dest_early);

        r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, PROC_CMDLINE_RD_STRICT | PROC_CMDLINE_STRIP_RD_PREFIX);
        if (r < 0)
                log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");

        if (arg_debug_shell) {
                if (strv_extend(&arg_wants, "debug-shell.service") < 0)
                        return log_oom();

                RET_GATHER(r, install_debug_shell_dropin());
        }

        BIT_FOREACH(i, arg_breakpoints)
                if (strv_extend(&arg_wants, breakpoint_info_table[i].unit) < 0)
                        return log_oom();

        if (get_credentials_dir(&credentials_dir) >= 0)
                RET_GATHER(r, process_unit_credentials(credentials_dir));

        if (get_encrypted_credentials_dir(&credentials_dir) >= 0)
                RET_GATHER(r, process_unit_credentials(credentials_dir));

        RET_GATHER(r, generate_mask_symlinks());
        RET_GATHER(r, generate_wants_symlinks());

        return r;
}

DEFINE_MAIN_GENERATOR_FUNCTION(run);

1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3	#include <unistd.h>
4
5	#include "alloc-util.h"
6	#include "bitfield.h"
7	#include "creds-util.h"
8	#include "dropin.h"
9	#include "errno-util.h"
10	#include "extract-word.h"
11	#include "fileio.h"
12	#include "log.h"
13	#include "generator.h"
14	#include "initrd-util.h"
15	#include "parse-util.h"
16	#include "path-util.h"
17	#include "proc-cmdline.h"
18	#include "recurse-dir.h"
19	#include "special.h"
20	#include "string-util.h"
21	#include "strv.h"
22	#include "unit-file.h"
23	#include "unit-name.h"
24
25	static const char *arg_dest = NULL;
26	static char *arg_default_unit = NULL;
27	static char **arg_mask = NULL;
28	static char **arg_wants = NULL;
29	static bool arg_debug_shell = false;
30	static char *arg_debug_tty = NULL;
31	static char *arg_default_debug_tty = NULL;
32	static uint32_t arg_breakpoints = 0;
33
34	STATIC_DESTRUCTOR_REGISTER(arg_default_unit, freep);	20✔
35	STATIC_DESTRUCTOR_REGISTER(arg_mask, strv_freep);	20✔
36	STATIC_DESTRUCTOR_REGISTER(arg_wants, strv_freep);	20✔
37	STATIC_DESTRUCTOR_REGISTER(arg_debug_tty, freep);	20✔
38	STATIC_DESTRUCTOR_REGISTER(arg_default_debug_tty, freep);	20✔
39
40	typedef enum BreakpointType {
41	BREAKPOINT_PRE_UDEV,
42	BREAKPOINT_PRE_BASIC,
43	BREAKPOINT_PRE_SYSROOT_MOUNT,
44	BREAKPOINT_PRE_SWITCH_ROOT,
45	_BREAKPOINT_TYPE_MAX,
46	_BREAKPOINT_TYPE_INVALID = -EINVAL,
47	} BreakpointType;
48
49	typedef enum BreakpointValidity {
50	BREAKPOINT_DEFAULT = 1 << 0,
51	BREAKPOINT_IN_INITRD = 1 << 1,
52	BREAKPOINT_ON_HOST = 1 << 2,
53	} BreakpointValidity;
54
55	typedef struct BreakpointInfo {
56	BreakpointType type;
57	const char *name;
58	const char *unit;
59	BreakpointValidity validity;
60	} BreakpointInfo;
61
62	static const struct BreakpointInfo breakpoint_info_table[_BREAKPOINT_TYPE_MAX] = {
63	{ BREAKPOINT_PRE_UDEV, "pre-udev", "breakpoint-pre-udev.service", BREAKPOINT_IN_INITRD \| BREAKPOINT_ON_HOST },
64	{ BREAKPOINT_PRE_BASIC, "pre-basic", "breakpoint-pre-basic.service", BREAKPOINT_IN_INITRD \| BREAKPOINT_ON_HOST },
65	{ BREAKPOINT_PRE_SYSROOT_MOUNT, "pre-mount", "breakpoint-pre-mount.service", BREAKPOINT_IN_INITRD },
66	{ BREAKPOINT_PRE_SWITCH_ROOT, "pre-switch-root", "breakpoint-pre-switch-root.service", BREAKPOINT_IN_INITRD \| BREAKPOINT_DEFAULT },
67	};
68
69	static bool breakpoint_applies(const BreakpointInfo *info, int log_level) {	66✔
70	assert(info);	66✔
71
72	if (in_initrd() && !FLAGS_SET(info->validity, BREAKPOINT_IN_INITRD))	66✔
73	log_full(log_level, "Breakpoint '%s' not valid in the initrd, ignoring.", info->name);	×
74	else if (!in_initrd() && !FLAGS_SET(info->validity, BREAKPOINT_ON_HOST))	66✔
75	log_full(log_level, "Breakpoint '%s' not valid on the host, ignoring.", info->name);	22✔
76	else
77	return true;
78
79	return false;
80	}
81
82	static BreakpointType parse_breakpoint_from_string_one(const char *s) {	52✔
83	assert(s);	52✔
84
85	FOREACH_ELEMENT(i, breakpoint_info_table)	130✔
86	if (streq(i->name, s))	130✔
87	return i->type;	52✔
88
89	return _BREAKPOINT_TYPE_INVALID;
90	}
91
92	static int parse_breakpoint_from_string(const char s, uint32_t ret_breakpoints) {	54✔
93	uint32_t breakpoints = 0;	54✔
94	int r;	54✔
95
96	assert(ret_breakpoints);	54✔
97
98	/* Empty value? set default breakpoint */
99	if (isempty(s)) {	94✔
100	bool found_default = false;	63✔
101
102	FOREACH_ELEMENT(i, breakpoint_info_table)	63✔
103	if (FLAGS_SET(i->validity, BREAKPOINT_DEFAULT) && breakpoint_applies(i, INT_MAX)) {	56✔
104	assert(i->type >= 0 && i->type < _BREAKPOINT_TYPE_MAX); /* silence coverity */	7✔
105	breakpoints \|= UINT32_C(1) << i->type;	7✔
106	found_default = true;	7✔
107	break;	7✔
108	}
109
110	if (!found_default)	7✔
111	log_warning("No default breakpoint defined %s, ignoring.",	14✔
112	in_initrd() ? "in the initrd" : "on the host");
113	} else
114	for (;;) {	92✔
115	_cleanup_free_ char *t = NULL;	92✔
116	BreakpointType tt;	92✔
117
118	r = extract_first_word(&s, &t, ",", EXTRACT_DONT_COALESCE_SEPARATORS);	92✔
119	if (r < 0)	92✔
UNCOV 120	return r;	×
121	if (r == 0)	92✔
122	break;
123
124	tt = parse_breakpoint_from_string_one(t);	52✔
125	if (tt < 0) {	52✔
126	log_warning("Invalid breakpoint value '%s', ignoring.", t);	×
UNCOV 127	continue;	×
128	}
129
130	if (breakpoint_applies(&breakpoint_info_table[tt], LOG_WARNING))	52✔
131	breakpoints \|= UINT32_C(1) << tt;	37✔
132	}
133
134	*ret_breakpoints = breakpoints;	54✔
135
136	return 0;	54✔
137	}
138
139	static int parse_proc_cmdline_item(const char key, const char value, void *data) {	205✔
140	int r;	205✔
141
142	assert(key);	205✔
143
144	if (streq(key, "systemd.mask")) {	205✔
145	char *n;	42✔
146
147	if (proc_cmdline_value_missing(key, value))	42✔
UNCOV 148	return 0;	×
149
150	r = unit_name_mangle(value, UNIT_NAME_MANGLE_WARN, &n);	42✔
151	if (r < 0)	42✔
UNCOV 152	return log_error_errno(r, "Failed to glob unit name: %m");	×
153
154	if (strv_consume(&arg_mask, n) < 0)	42✔
UNCOV 155	return log_oom();	×
156
157	} else if (streq(key, "systemd.wants")) {	163✔
158	char *n;	42✔
159
160	if (proc_cmdline_value_missing(key, value))	42✔
UNCOV 161	return 0;	×
162
163	r = unit_name_mangle(value, UNIT_NAME_MANGLE_WARN, &n);	42✔
164	if (r < 0)	42✔
UNCOV 165	return log_error_errno(r, "Failed to glob unit name: %m");	×
166
167	if (strv_consume(&arg_wants, n) < 0)	42✔
UNCOV 168	return log_oom();	×
169
170	} else if (proc_cmdline_key_streq(key, "systemd.debug_shell")) {	121✔
171
172	r = value ? parse_boolean(value) : 1;	35✔
173	arg_debug_shell = r != 0;	35✔
174	if (r >= 0)	35✔
175	return 0;
176
177	return free_and_strdup_warn(&arg_debug_tty, skip_dev_prefix(value));	9✔
178
179	} else if (proc_cmdline_key_streq(key, "systemd.default_debug_tty")) {	86✔
180
181	if (proc_cmdline_value_missing(key, value))	8✔
182	return 0;
183
184	return free_and_strdup_warn(&arg_default_debug_tty, skip_dev_prefix(value));	8✔
185
186	} else if (streq(key, "systemd.unit")) {	78✔
187
188	if (proc_cmdline_value_missing(key, value))	2✔
189	return 0;
190
191	return free_and_strdup_warn(&arg_default_unit, value);	2✔
192
193	} else if (streq(key, "systemd.break")) {	76✔
194	uint32_t breakpoints = 0;	54✔
195
196	r = parse_breakpoint_from_string(value, &breakpoints);	54✔
197	if (r < 0)	54✔
UNCOV 198	return log_warning_errno(r, "Failed to parse breakpoint value '%s': %m", value);	×
199
200	arg_breakpoints \|= breakpoints;	54✔
201
202	} else if (!value) {	22✔
203	const char *target;	11✔
204
205	target = runlevel_to_target(key);	11✔
206	if (target)	11✔
UNCOV 207	return free_and_strdup_warn(&arg_default_unit, target);	×
208	}
209
210	return 0;
211	}
212
213	static int generate_mask_symlinks(void) {	20✔
214	int r = 0;	20✔
215
216	STRV_FOREACH(u, arg_mask) {	62✔
217	_cleanup_free_ char *p = NULL;	42✔
218
219	p = path_join(arg_dest, *u);	42✔
220	if (!p)	42✔
UNCOV 221	return log_oom();	×
222
223	if (symlink("/dev/null", p) < 0)	42✔
UNCOV 224	RET_GATHER(r, log_error_errno(errno, "Failed to create mask symlink '%s': %m", p));	×
225	}
226
227	return r;
228	}
229
230	static int generate_wants_symlinks(void) {	20✔
231	int r = 0;	20✔
232
233	STRV_FOREACH(u, arg_wants) {	109✔
234	_cleanup_free_ char *f = NULL;	89✔
235	const char *target;	89✔
236
237	/* This should match what do_queue_default_job() in core/main.c does. */
238	if (arg_default_unit)	89✔
239	target = arg_default_unit;
240	else if (in_initrd())	77✔
241	target = SPECIAL_INITRD_TARGET;
242	else
243	target = SPECIAL_DEFAULT_TARGET;	44✔
244
245	f = path_join(SYSTEM_DATA_UNIT_DIR, *u);	89✔
246	if (!f)	89✔
UNCOV 247	return log_oom();	×
248
249	RET_GATHER(r, generator_add_symlink(arg_dest, target, "wants", f));	89✔
250	}
251
252	return r;
253	}
254
255	static int install_debug_shell_dropin(void) {	18✔
256	const char *tty = arg_debug_tty ?: arg_default_debug_tty;	18✔
257	int r;	9✔
258
259	if (!tty \|\| path_equal(tty, skip_dev_prefix(DEBUGTTY)))	18✔
260	return 0;
261
262	r = write_drop_in_format(arg_dest, "debug-shell.service", 50, "tty",	9✔
263	"# Automatically generated by systemd-debug-generator\n\n"
264	"[Unit]\n"
265	"Description=Early root shell on /dev/%s FOR DEBUGGING ONLY\n"
266	"ConditionPathExists=\n"
267	"\n[Service]\n"
268	"TTYPath=/dev/%s\n",
269	tty, tty);
270	if (r < 0)	9✔
UNCOV 271	return log_warning_errno(r, "Failed to write drop-in for debug-shell.service: %m");	×
272
273	return 1;
274	}
275
276	static int process_unit_credentials(const char *credentials_dir) {	×
277	_cleanup_free_ DirectoryEntries *des = NULL;	×
UNCOV 278	int r;	×
279
UNCOV 280	assert(credentials_dir);	×
281
282	r = readdir_all_at(AT_FDCWD, credentials_dir, RECURSE_DIR_SORT\|RECURSE_DIR_IGNORE_DOT\|RECURSE_DIR_ENSURE_TYPE, &des);	×
283	if (r < 0)	×
UNCOV 284	return log_error_errno(r, "Failed to enumerate credentials from credentials directory '%s': %m", credentials_dir);	×
285
286	FOREACH_ARRAY(i, des->entries, des->n_entries) {	×
287	struct dirent de = i;	×
UNCOV 288	const char unit, dropin;	×
289
290	if (de->d_type != DT_REG)	×
UNCOV 291	continue;	×
292
293	unit = startswith(de->d_name, "systemd.extra-unit.");	×
UNCOV 294	dropin = startswith(de->d_name, "systemd.unit-dropin.");	×
295
296	if (!unit && !dropin)	×
UNCOV 297	continue;	×
298
UNCOV 299	_cleanup_free_ char *d = NULL;	×
300
301	r = read_credential_with_decryption(de->d_name, (void**) &d, NULL);	×
302	if (r < 0) {	×
303	log_warning_errno(r, "Failed to read credential '%s', ignoring: %m", de->d_name);	×
UNCOV 304	continue;	×
305	}
306
307	if (unit) {	×
UNCOV 308	_cleanup_free_ char *p = NULL;	×
309
310	if (!unit_name_is_valid(unit, UNIT_NAME_ANY)) {	×
UNCOV 311	log_warning("Invalid unit name '%s' in credential '%s', ignoring.",	×
312	unit, de->d_name);
UNCOV 313	continue;	×
314	}
315
316	p = path_join(arg_dest, unit);	×
317	if (!p)	×
UNCOV 318	return log_oom();	×
319
320	r = write_string_file(p, d, WRITE_STRING_FILE_CREATE\|WRITE_STRING_FILE_ATOMIC\|WRITE_STRING_FILE_MKDIR_0755\|WRITE_STRING_FILE_LABEL);	×
321	if (r < 0) {	×
UNCOV 322	log_warning_errno(r, "Failed to write unit file '%s' from credential '%s', ignoring: %m",	×
323	unit, de->d_name);
UNCOV 324	continue;	×
325	}
326
UNCOV 327	log_debug("Wrote unit file '%s' from credential '%s'", unit, de->d_name);	×
328
329	} else if (dropin) {	×
330	_cleanup_free_ char *dropin_unit = NULL;	×
UNCOV 331	const char tilde, dropin_name;	×
332
333	tilde = strchrnul(dropin, '~');	×
334	dropin_unit = strndup(dropin, tilde - dropin);	×
335	if (!dropin_unit)	×
UNCOV 336	return log_oom();	×
337
338	if (!unit_name_is_valid(dropin_unit, UNIT_NAME_ANY)) {	×
UNCOV 339	log_warning("Invalid unit name '%s' in credential '%s', ignoring.",	×
340	dropin_unit, de->d_name);
UNCOV 341	continue;	×
342	}
343
344	dropin_name = isempty(tilde) ? "50-credential" : tilde + 1;	×
345	if (isempty(dropin_name)) {	×
UNCOV 346	log_warning("Empty drop-in name for unit '%s' in credential '%s', ignoring.",	×
347	dropin_unit, de->d_name);
UNCOV 348	continue;	×
349	}
350
351	r = write_drop_in(arg_dest, dropin_unit, /* level= */ UINT_MAX, dropin_name, d);	×
352	if (r < 0) {	×
UNCOV 353	log_warning_errno(r, "Failed to write drop-in '%s' for unit '%s' from credential '%s', ignoring: %m",	×
354	dropin_name, dropin_unit, de->d_name);
UNCOV 355	continue;	×
356	}
357
UNCOV 358	log_debug("Wrote drop-in '%s' for unit '%s' from credential '%s'", dropin_name, dropin_unit, de->d_name);	×
359	} else
UNCOV 360	assert_not_reached();	×
361	}
362
363	return 0;
364	}
365
366	static int run(const char dest, const char dest_early, const char *dest_late) {	20✔
367	const char *credentials_dir;	20✔
368	int r;	20✔
369
370	assert_se(arg_dest = dest_early);	20✔
371
372	r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, PROC_CMDLINE_RD_STRICT \| PROC_CMDLINE_STRIP_RD_PREFIX);	20✔
373	if (r < 0)	20✔
UNCOV 374	log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");	×
375
376	if (arg_debug_shell) {	20✔
377	if (strv_extend(&arg_wants, "debug-shell.service") < 0)	18✔
UNCOV 378	return log_oom();	×
379
380	RET_GATHER(r, install_debug_shell_dropin());	18✔
381	}
382
383	BIT_FOREACH(i, arg_breakpoints)	49✔
384	if (strv_extend(&arg_wants, breakpoint_info_table[i].unit) < 0)	29✔
UNCOV 385	return log_oom();	×
386
387	if (get_credentials_dir(&credentials_dir) >= 0)	20✔
UNCOV 388	RET_GATHER(r, process_unit_credentials(credentials_dir));	×
389
390	if (get_encrypted_credentials_dir(&credentials_dir) >= 0)	20✔
UNCOV 391	RET_GATHER(r, process_unit_credentials(credentials_dir));	×
392
393	RET_GATHER(r, generate_mask_symlinks());	20✔
394	RET_GATHER(r, generate_wants_symlinks());	20✔
395
396	return r;
397	}
398
399	DEFINE_MAIN_GENERATOR_FUNCTION(run);	20✔

systemd / systemd / 24319958878

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous