machine-credential: tweak --load-credential= use a bit

author Lennart Poettering <lennart@poettering.net>

Wed, 22 Nov 2023 11:02:07 +0000 (12:02 +0100)

committer Lennart Poettering <lennart@poettering.net>

Wed, 22 Nov 2023 14:17:18 +0000 (15:17 +0100)
author Lennart Poettering <lennart@poettering.net>
Wed, 22 Nov 2023 11:02:07 +0000 (12:02 +0100)
committer Lennart Poettering <lennart@poettering.net>
Wed, 22 Nov 2023 14:17:18 +0000 (15:17 +0100)
diff --git a/src/shared/machine-credential.c b/src/shared/machine-credential.c

index 7df36049777189b0ba23e167d4e2cba62bbd3140..17f7afc4a0fdf8cf0a8186b4f6e9a87a776fe087 100644 (file)
--- a/src/shared/machine-credential.c
+++ b/src/shared/machine-credential.c
@@ -90,9 +90,9 @@ int machine_credential_load(MachineCredential **credentials, size_t *n_credentia
                  if (streq(cred->id, word))
                          return log_error_errno(SYNTHETIC_ERRNO(EEXIST), "Duplicate credential '%s', refusing.", word);
  
-        if (path_is_absolute(p))
+        if (is_path(p) && path_is_valid(p))
                  flags |= READ_FULL_FILE_CONNECT_SOCKET;
-        else {
+        else if (credential_name_valid(p)) {
                  const char *e;
  
                  r = get_credentials_dir(&e);
@@ -104,7 +104,8 @@ int machine_credential_load(MachineCredential **credentials, size_t *n_credentia
                          return log_oom();
  
                  p = j;
-        }
+        } else
+                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Credential source appears to be neither a valid path nor a credential name: %s", p);
  
          r = read_full_file_full(AT_FDCWD, p, UINT64_MAX, SIZE_MAX,
                                  flags,
author	Lennart Poettering <lennart@poettering.net>
	Wed, 22 Nov 2023 11:02:07 +0000 (12:02 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Wed, 22 Nov 2023 14:17:18 +0000 (15:17 +0100)