Add credential loader helper #98
Conversation
|
Strict 1:1 is indeed not a goal, if an helper makes sense to have I'll gladly take it :) |
|
Essentially, this is |
|
Currently it only abstracts away It could be extended by |
| /// } | ||
| /// } | ||
| /// ``` | ||
| pub fn get<K: AsRef<OsStr>>(&self, id: K) -> io::Result<Vec<u8>> { |
There was a problem hiding this comment.
I'd be happier if we return a std::fs::File instead of a vector of bytes.
The rationale is that it will allow the caller to read the content at a later time, not having to keep the secret in memory since the beginning.
| self._get(id.as_ref()) | ||
| } | ||
|
|
||
| fn _get(&self, id: &OsStr) -> io::Result<Vec<u8>> { |
There was a problem hiding this comment.
Please note that the systemd docs says ASCII string suitable as filename in the filesystem.
Thus I think we should have some basic sanity check to detect /, empty string, null bytes and such.
This is to avoid ending up with ../../../../etc/passwd or similar.
| /// } | ||
| /// # Ok::<(), std::io::Error>(()) | ||
| pub fn iter(&self) -> fs::ReadDir { | ||
| self.dir.read_dir().expect("path exists") |
There was a problem hiding this comment.
If you need this kind of listing primitive, then let's store a https://docs.rs/nix/latest/nix/dir/struct.Dir.html internally and directly wire our method to Dir::iter().
|
|
||
| impl CredentialLoader { | ||
| /// Attempt to initiate a loader, returning [`None`] if no credentials are available. | ||
| pub fn new() -> Option<Self> { |
There was a problem hiding this comment.
This should probably be called open() and return a Result<Self> instead.
To check whether the credentials store is available or not, let's add a dedicated CredentialLoader::credentials_directory() -> Option<PathBuf> on the side.
| @@ -23,6 +23,7 @@ | |||
|
|
|||
| /// Interfaces for socket-activated services. | |||
| pub mod activation; | |||
| mod credential; | |||
There was a problem hiding this comment.
Let's call this credentials (plural) and do a pub mod credentials here.
|
@vilgotf are you still pursuing this? If you have other things to handle at the moment, I'd be happy to push some changes on top of your branch and land it. |
|
(I'm not sure how this PR got closed, but even if it got stale by now I'll be happy to throw some changes on top and eventually merge it) |
|
Ah, the repository behind this PR does not exist anymore so I can't push there to update the PR. |
Not a part of the C
libsystemdlibrary but I don't know if being strictly 1-1 is a goal.Although the code is simple I do feel that it'd be a waste for every application to reimplement it.