machined: validate machine names at more places

When enumerating machines from /run, and when accepting machine names
for operations, be more strict and always validate.

Note that these checks are strictly speaking unnecessary, since
enumeration happens only on the trusted /run...

src/basic/util.c

@@ -4913,6 +4913,9 @@ int container_get_leader(const char *machine, pid_t *pid) {
         assert(machine);
         assert(pid);
 
+        if (!machine_name_is_valid(machine))
+                return -EINVAL;
+
         p = strjoina("/run/systemd/machines/", machine);
         r = parse_env_file(p, NEWLINE, "LEADER", &s, "CLASS", &class, NULL);
         if (r == -ENOENT)

src/libsystemd/sd-login/sd-login.c

@@ -791,7 +791,7 @@ _public_ int sd_get_machine_names(char ***machines) {
 
                 /* Filter out the unit: symlinks */
                 for (a = l, b = l; *a; a++) {
-                        if (startswith(*a, "unit:"))
+                        if (startswith(*a, "unit:") || !machine_name_is_valid(*a))
                                 free(*a);
                         else {
                                 *b = *a;

src/machine/machined.c

@@ -118,6 +118,9 @@ int manager_enumerate_machines(Manager *m) {
                 if (startswith(de->d_name, "unit:"))
                         continue;
 
+                if (!machine_name_is_valid(de->d_name))
+                        continue;
+
                 k = manager_add_machine(m, de->d_name, &machine);
                 if (k < 0) {
                         log_error_errno(k, "Failed to add machine by file name %s: %m", de->d_name);