projects / systemd / .git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4143bc7)
creds: fix cat with encrypted credentials
authorSimon Pilkington <simonp.git@mailbox.org>
Wed, 25 Sep 2024 09:25:48 +0000 (11:25 +0200)
committerLuca Boccassi <luca.boccassi@gmail.com>
Tue, 8 Oct 2024 15:39:12 +0000 (16:39 +0100)
Fixes: https://github.com/systemd/systemd/issues/34547
(cherry picked from commit 32951fe4de683f5d42cec2fb2e036f766b051e2b)

src/creds/creds.c patch | blob | history
test/units/TEST-54-CREDS.sh patch | blob | history

diff --git a/src/creds/creds.c b/src/creds/creds.c
index 1c8d9578904073d5e3b6b1762e45b2bde952e617..17dba3c079b5afc20d5a17dd59628649e9d019e4 100644 (file)
--- a/src/creds/creds.c
+++ b/src/creds/creds.c
@@ -396,10 +396,14 @@ static int verb_cat(int argc, char **argv, void *userdata) {
                         if (!d) /* Not set */
                                 continue;
 
+                        ReadFullFileFlags flags = READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE;
+                        if (encrypted)
+                                flags |= READ_FULL_FILE_UNBASE64;
+
                         r = read_full_file_full(
                                         dirfd(d), *cn,
                                         UINT64_MAX, SIZE_MAX,
-                                        READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE,
+                                        flags,
                                         NULL,
                                         (char**) &data, &size);
                         if (r == -ENOENT) /* Not found */
diff --git a/test/units/TEST-54-CREDS.sh b/test/units/TEST-54-CREDS.sh
index 89d6dcdf034de81c849dee724b890e9fd5bb79d4..2b14ddd42714c8d4216c273bff33267099c6c10d 100755 (executable)
--- a/test/units/TEST-54-CREDS.sh
+++ b/test/units/TEST-54-CREDS.sh
@@ -43,8 +43,8 @@ CRED_DIR="$(mktemp -d)"
 ENC_CRED_DIR="$(mktemp -d)"
 echo foo >"$CRED_DIR/secure-or-weak"
 echo foo >"$CRED_DIR/insecure"
-echo foo | systemd-creds --name="encrypted" encrypt - - | base64 -d >"$ENC_CRED_DIR/encrypted"
-echo foo | systemd-creds encrypt - - | base64 -d >"$ENC_CRED_DIR/encrypted-unnamed"
+echo foo | systemd-creds --name="encrypted" encrypt - "$ENC_CRED_DIR/encrypted"
+echo foo | systemd-creds encrypt - "$ENC_CRED_DIR/encrypted-unnamed"
 chmod -R 0400 "$CRED_DIR" "$ENC_CRED_DIR"
 chmod -R 0444 "$CRED_DIR/insecure"
 mkdir /tmp/empty/
https://github.com/systemd/systemd.git