From 32951fe4de683f5d42cec2fb2e036f766b051e2b Mon Sep 17 00:00:00 2001 From: Simon Pilkington Date: Wed, 25 Sep 2024 11:25:48 +0200 Subject: [PATCH] creds: fix cat with encrypted credentials Fixes: https://github.com/systemd/systemd/issues/34547 --- src/creds/creds.c | 6 +++++- test/units/TEST-54-CREDS.sh | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/creds/creds.c b/src/creds/creds.c index b55c60775c..bb59db37fc 100644 --- a/src/creds/creds.c +++ b/src/creds/creds.c @@ -434,10 +434,14 @@ static int verb_cat(int argc, char **argv, void *userdata) { if (!d) /* Not set */ continue; + ReadFullFileFlags flags = READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE; + if (encrypted) + flags |= READ_FULL_FILE_UNBASE64; + r = read_full_file_full( dirfd(d), *cn, UINT64_MAX, SIZE_MAX, - READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE, + flags, NULL, (char**) &data, &size); if (r == -ENOENT) /* Not found */ diff --git a/test/units/TEST-54-CREDS.sh b/test/units/TEST-54-CREDS.sh index 29b789d361..3a4fa654e9 100755 --- a/test/units/TEST-54-CREDS.sh +++ b/test/units/TEST-54-CREDS.sh @@ -43,8 +43,8 @@ CRED_DIR="$(mktemp -d)" ENC_CRED_DIR="$(mktemp -d)" echo foo >"$CRED_DIR/secure-or-weak" echo foo >"$CRED_DIR/insecure" -echo foo | systemd-creds --name="encrypted" encrypt - - | base64 -d >"$ENC_CRED_DIR/encrypted" -echo foo | systemd-creds encrypt - - | base64 -d >"$ENC_CRED_DIR/encrypted-unnamed" +echo foo | systemd-creds --name="encrypted" encrypt - "$ENC_CRED_DIR/encrypted" +echo foo | systemd-creds encrypt - "$ENC_CRED_DIR/encrypted-unnamed" chmod -R 0400 "$CRED_DIR" "$ENC_CRED_DIR" chmod -R 0444 "$CRED_DIR/insecure" mkdir /tmp/empty/