From: Simon Pilkington Date: Wed, 25 Sep 2024 09:25:48 +0000 (+0200) Subject: creds: fix cat with encrypted credentials X-Git-Tag: v257-rc1~364^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=32951fe4de683f5d42cec2fb2e036f766b051e2b;p=thirdparty%2Fsystemd.git creds: fix cat with encrypted credentials Fixes: https://github.com/systemd/systemd/issues/34547 --- diff --git a/src/creds/creds.c b/src/creds/creds.c index b55c60775c1..bb59db37fc9 100644 --- a/src/creds/creds.c +++ b/src/creds/creds.c @@ -434,10 +434,14 @@ static int verb_cat(int argc, char **argv, void *userdata) { if (!d) /* Not set */ continue; + ReadFullFileFlags flags = READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE; + if (encrypted) + flags |= READ_FULL_FILE_UNBASE64; + r = read_full_file_full( dirfd(d), *cn, UINT64_MAX, SIZE_MAX, - READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE, + flags, NULL, (char**) &data, &size); if (r == -ENOENT) /* Not found */ diff --git a/test/units/TEST-54-CREDS.sh b/test/units/TEST-54-CREDS.sh index 29b789d3616..3a4fa654e94 100755 --- a/test/units/TEST-54-CREDS.sh +++ b/test/units/TEST-54-CREDS.sh @@ -43,8 +43,8 @@ CRED_DIR="$(mktemp -d)" ENC_CRED_DIR="$(mktemp -d)" echo foo >"$CRED_DIR/secure-or-weak" echo foo >"$CRED_DIR/insecure" -echo foo | systemd-creds --name="encrypted" encrypt - - | base64 -d >"$ENC_CRED_DIR/encrypted" -echo foo | systemd-creds encrypt - - | base64 -d >"$ENC_CRED_DIR/encrypted-unnamed" +echo foo | systemd-creds --name="encrypted" encrypt - "$ENC_CRED_DIR/encrypted" +echo foo | systemd-creds encrypt - "$ENC_CRED_DIR/encrypted-unnamed" chmod -R 0400 "$CRED_DIR" "$ENC_CRED_DIR" chmod -R 0444 "$CRED_DIR/insecure" mkdir /tmp/empty/