creds: fix cat with encrypted credentials

Fixes: https://github.com/systemd/systemd/issues/34547 (cherry picked from commit 32951fe4de683f5d42cec2fb2e036f766b051e2b) (cherry picked from commit bc0ba0030b83cea3c5bf62695bb70f406fe6d12d)
2025-03-12 08:58:20 +03:00 · 2024-09-25 11:25:48 +02:00 · 2024-09-25 11:25:48 +02:00 · 6a6cf125da
commit 6a6cf125da
parent d371cb4725
2 changed files with 7 additions and 3 deletions
--- a/src/creds/creds.c
+++ b/src/creds/creds.c
@ -391,10 +391,14 @@ static int verb_cat(int argc, char **argv, void *userdata) {
                        if (!d) /* Not set */
                                continue;

+                        ReadFullFileFlags flags = READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE;
+                        if (encrypted)
+                                flags |= READ_FULL_FILE_UNBASE64;
+
                        r = read_full_file_full(
                                        dirfd(d), *cn,
                                        UINT64_MAX, SIZE_MAX,
-                                        READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE,
+                                        flags,
                                        NULL,
                                        (char**) &data, &size);
                        if (r == -ENOENT) /* Not found */
--- a/test/units/testsuite-54.sh
+++ b/test/units/testsuite-54.sh
@ -33,8 +33,8 @@ CRED_DIR="$(mktemp -d)"
 ENC_CRED_DIR="$(mktemp -d)"
 echo foo >"$CRED_DIR/secure-or-weak"
 echo foo >"$CRED_DIR/insecure"
-echo foo | systemd-creds --name="encrypted" encrypt - - | base64 -d >"$ENC_CRED_DIR/encrypted"
-echo foo | systemd-creds encrypt - - | base64 -d >"$ENC_CRED_DIR/encrypted-unnamed"
+echo foo | systemd-creds --name="encrypted" encrypt - "$ENC_CRED_DIR/encrypted"
+echo foo | systemd-creds encrypt - "$ENC_CRED_DIR/encrypted-unnamed"
 chmod -R 0400 "$CRED_DIR" "$ENC_CRED_DIR"
 chmod -R 0444 "$CRED_DIR/insecure"
 mkdir /tmp/empty/