core: refuse credentials with invalid names matching with glob

Even if the glob pattern is valid, the pattern may match credentials
with invalid names. So, we need to check the names of the found
credentials.

Follow-up for 947c4d3952e30604b97f657dca08f93a0a8f4bae.

1 files changed, 18 insertions, 0 deletions

diff --git a/test/units/TEST-54-CREDS.sh b/test/units/TEST-54-CREDS.sh
index f0e6932825..29b789d361 100755
--- a/test/units/TEST-54-CREDS.sh
+++ b/test/units/TEST-54-CREDS.sh
@@ -279,6 +279,24 @@ echo -n ignored >/run/credstore/test.creds.second
 mkdir -p /etc/credstore
 echo -n b >/etc/credstore/test.creds.second
 echo -n c >/etc/credstore/test.creds.third
+# Credential name cannot contain ':'
+echo -n hoge >/etc/credstore/test.creds.hoge:invalid
+
+# Check if credentials with invalid names are not imported.
+systemd-run -p "ImportCredential=test.creds.*" \
+            --unit=test-54-ImportCredential.service \
+            -p DynamicUser=1 \
+            --wait \
+            --pipe \
+            test ! -e '${CREDENTIALS_DIRECTORY}/test.creds.hoge:invalid'
+
+# Check if credentials with invalid names are not imported (with renaming).
+systemd-run -p "ImportCredentialEx=test.creds.*:renamed.creds." \
+            --unit=test-54-ImportCredential.service \
+            -p DynamicUser=1 \
+            --wait \
+            --pipe \
+            test ! -e '${CREDENTIALS_DIRECTORY}/renamed.creds.hoge:invalid'
 
 # Check that all valid credentials are imported.
 systemd-run -p "ImportCredential=test.creds.*" \