summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2023-11-22 12:02:07 +0100
committerLennart Poettering <lennart@poettering.net>2023-11-22 15:17:18 +0100
commit2105f79ed33b08b054f3d5e50445ea5e7e75a2e3 (patch)
tree9c6bc87df45183d3eb5b443a29ef56d70731d8c4 /src
parentmachine-credential: simplify code a bit (diff)
downloadsystemd-2105f79ed33b08b054f3d5e50445ea5e7e75a2e3.tar.xz
systemd-2105f79ed33b08b054f3d5e50445ea5e7e75a2e3.zip
machine-credential: tweak --load-credential= use a bit
Let's try to recognize paths (i.e. those with a "/") as source for credentials to load, and then read them from the file system. Also, only read credentials from an inbound credentials directory if the source qualifies as valid credential name. Otherwise print a nice error.
Diffstat (limited to 'src')
-rw-r--r--src/shared/machine-credential.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/src/shared/machine-credential.c b/src/shared/machine-credential.c
index 7df3604977..17f7afc4a0 100644
--- a/src/shared/machine-credential.c
+++ b/src/shared/machine-credential.c
@@ -90,9 +90,9 @@ int machine_credential_load(MachineCredential **credentials, size_t *n_credentia
if (streq(cred->id, word))
return log_error_errno(SYNTHETIC_ERRNO(EEXIST), "Duplicate credential '%s', refusing.", word);
- if (path_is_absolute(p))
+ if (is_path(p) && path_is_valid(p))
flags |= READ_FULL_FILE_CONNECT_SOCKET;
- else {
+ else if (credential_name_valid(p)) {
const char *e;
r = get_credentials_dir(&e);
@@ -104,7 +104,8 @@ int machine_credential_load(MachineCredential **credentials, size_t *n_credentia
return log_oom();
p = j;
- }
+ } else
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Credential source appears to be neither a valid path nor a credential name: %s", p);
r = read_full_file_full(AT_FDCWD, p, UINT64_MAX, SIZE_MAX,
flags,
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-12 08:29:37 +0100