|
 |
905b4d |
From f72856736ac39c7e926c02c11f854f43400366d4 Mon Sep 17 00:00:00 2001
|
|
|
905b4d |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
905b4d |
Date: Sat, 18 Oct 2014 22:03:01 +0200
|
|
|
905b4d |
Subject: [PATCH 86/92] KRB5: Move checking for illegal RE to krb5_utils.c
|
|
|
905b4d |
MIME-Version: 1.0
|
|
|
905b4d |
Content-Type: text/plain; charset=UTF-8
|
|
|
905b4d |
Content-Transfer-Encoding: 8bit
|
|
|
905b4d |
|
|
|
905b4d |
Otherwise we would have to link krb5_child with pcre and transfer the
|
|
|
905b4d |
regex, which would be cumbersome. Check for illegal patterns when
|
|
|
905b4d |
expanding the template instead.
|
|
|
905b4d |
|
|
|
905b4d |
Related:
|
|
|
905b4d |
https://fedorahosted.org/sssd/ticket/2370
|
|
|
905b4d |
|
|
|
905b4d |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
905b4d |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
905b4d |
---
|
|
|
905b4d |
src/providers/krb5/krb5_auth.c | 5 +--
|
|
|
905b4d |
src/providers/krb5/krb5_ccache.c | 38 ++------------------
|
|
|
905b4d |
src/providers/krb5/krb5_ccache.h | 7 +---
|
|
|
905b4d |
src/providers/krb5/krb5_utils.c | 36 +++++++++++++++++--
|
|
|
905b4d |
src/providers/krb5/krb5_utils.h | 4 +--
|
|
|
905b4d |
src/tests/krb5_child-test.c | 2 +-
|
|
|
905b4d |
src/tests/krb5_utils-tests.c | 78 ++++++++++++++++------------------------
|
|
|
905b4d |
7 files changed, 73 insertions(+), 97 deletions(-)
|
|
|
905b4d |
|
|
|
905b4d |
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
|
|
|
905b4d |
index bd8b51f47462f1eaef8da61b42caedda3475a4e7..5ed561601ac80e53ee795b458c5bf0ca410951bc 100644
|
|
|
905b4d |
--- a/src/providers/krb5/krb5_auth.c
|
|
|
905b4d |
+++ b/src/providers/krb5/krb5_auth.c
|
|
|
905b4d |
@@ -302,7 +302,9 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr,
|
|
|
905b4d |
DEBUG(SSSDBG_TRACE_ALL, "Recreating ccache file.\n");
|
|
|
905b4d |
ccname_template = dp_opt_get_cstring(kr->krb5_ctx->opts,
|
|
|
905b4d |
KRB5_CCNAME_TMPL);
|
|
|
905b4d |
- kr->ccname = expand_ccname_template(kr, kr, ccname_template, true,
|
|
|
905b4d |
+ kr->ccname = expand_ccname_template(kr, kr, ccname_template,
|
|
|
905b4d |
+ kr->krb5_ctx->illegal_path_re,
|
|
|
905b4d |
+ true,
|
|
|
905b4d |
be_ctx->domain->case_sensitive);
|
|
|
905b4d |
if (kr->ccname == NULL) {
|
|
|
905b4d |
DEBUG(SSSDBG_CRIT_FAILURE, "expand_ccname_template failed.\n");
|
|
|
905b4d |
@@ -310,7 +312,6 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr,
|
|
|
905b4d |
}
|
|
|
905b4d |
|
|
|
905b4d |
ret = sss_krb5_precreate_ccache(kr->ccname,
|
|
|
905b4d |
- kr->krb5_ctx->illegal_path_re,
|
|
|
905b4d |
kr->uid, kr->gid);
|
|
|
905b4d |
if (ret != EOK) {
|
|
|
905b4d |
DEBUG(SSSDBG_OP_FAILURE, "ccache creation failed.\n");
|
|
|
905b4d |
diff --git a/src/providers/krb5/krb5_ccache.c b/src/providers/krb5/krb5_ccache.c
|
|
|
905b4d |
index 5586963338616519f36e5d75e796a597d3ac2f22..c0f5b7b8ced3fd2d6d8cbbf4e3339caba60888ff 100644
|
|
|
905b4d |
--- a/src/providers/krb5/krb5_ccache.c
|
|
|
905b4d |
+++ b/src/providers/krb5/krb5_ccache.c
|
|
|
905b4d |
@@ -33,28 +33,6 @@
|
|
|
905b4d |
#include "util/sss_krb5.h"
|
|
|
905b4d |
#include "util/util.h"
|
|
|
905b4d |
|
|
|
905b4d |
-static errno_t
|
|
|
905b4d |
-check_ccache_re(const char *filename, pcre *illegal_re)
|
|
|
905b4d |
-{
|
|
|
905b4d |
- errno_t ret;
|
|
|
905b4d |
-
|
|
|
905b4d |
- ret = pcre_exec(illegal_re, NULL, filename, strlen(filename),
|
|
|
905b4d |
- 0, 0, NULL, 0);
|
|
|
905b4d |
- if (ret == 0) {
|
|
|
905b4d |
- DEBUG(SSSDBG_OP_FAILURE,
|
|
|
905b4d |
- "Illegal pattern in ccache directory name [%s].\n", filename);
|
|
|
905b4d |
- return EINVAL;
|
|
|
905b4d |
- } else if (ret == PCRE_ERROR_NOMATCH) {
|
|
|
905b4d |
- DEBUG(SSSDBG_TRACE_LIBS,
|
|
|
905b4d |
- "Ccache directory name [%s] does not contain "
|
|
|
905b4d |
- "illegal patterns.\n", filename);
|
|
|
905b4d |
- return EOK;
|
|
|
905b4d |
- }
|
|
|
905b4d |
-
|
|
|
905b4d |
- DEBUG(SSSDBG_CRIT_FAILURE, "pcre_exec failed [%d].\n", ret);
|
|
|
905b4d |
- return EFAULT;
|
|
|
905b4d |
-}
|
|
|
905b4d |
-
|
|
|
905b4d |
struct string_list {
|
|
|
905b4d |
struct string_list *next;
|
|
|
905b4d |
struct string_list *prev;
|
|
|
905b4d |
@@ -162,9 +140,7 @@ static errno_t check_parent_stat(struct stat *parent_stat, uid_t uid)
|
|
|
905b4d |
return EOK;
|
|
|
905b4d |
}
|
|
|
905b4d |
|
|
|
905b4d |
-errno_t create_ccache_dir(const char *ccdirname,
|
|
|
905b4d |
- pcre *illegal_re,
|
|
|
905b4d |
- uid_t uid, gid_t gid)
|
|
|
905b4d |
+static errno_t create_ccache_dir(const char *ccdirname, uid_t uid, gid_t gid)
|
|
|
905b4d |
{
|
|
|
905b4d |
int ret = EFAULT;
|
|
|
905b4d |
struct stat parent_stat;
|
|
|
905b4d |
@@ -188,13 +164,6 @@ errno_t create_ccache_dir(const char *ccdirname,
|
|
|
905b4d |
goto done;
|
|
|
905b4d |
}
|
|
|
905b4d |
|
|
|
905b4d |
- if (illegal_re != NULL) {
|
|
|
905b4d |
- ret = check_ccache_re(ccdirname, illegal_re);
|
|
|
905b4d |
- if (ret != EOK) {
|
|
|
905b4d |
- goto done;
|
|
|
905b4d |
- }
|
|
|
905b4d |
- }
|
|
|
905b4d |
-
|
|
|
905b4d |
ret = find_ccdir_parent_data(tmp_ctx, ccdirname, &parent_stat,
|
|
|
905b4d |
&missing_parents);
|
|
|
905b4d |
if (ret != EOK) {
|
|
|
905b4d |
@@ -242,8 +211,7 @@ done:
|
|
|
905b4d |
return ret;
|
|
|
905b4d |
}
|
|
|
905b4d |
|
|
|
905b4d |
-errno_t sss_krb5_precreate_ccache(const char *ccname, pcre *illegal_re,
|
|
|
905b4d |
- uid_t uid, gid_t gid)
|
|
|
905b4d |
+errno_t sss_krb5_precreate_ccache(const char *ccname, uid_t uid, gid_t gid)
|
|
|
905b4d |
{
|
|
|
905b4d |
TALLOC_CTX *tmp_ctx = NULL;
|
|
|
905b4d |
const char *filename;
|
|
|
905b4d |
@@ -287,7 +255,7 @@ errno_t sss_krb5_precreate_ccache(const char *ccname, pcre *illegal_re,
|
|
|
905b4d |
*end = '\0';
|
|
|
905b4d |
} while (*(end+1) == '\0');
|
|
|
905b4d |
|
|
|
905b4d |
- ret = create_ccache_dir(ccdirname, illegal_re, uid, gid);
|
|
|
905b4d |
+ ret = create_ccache_dir(ccdirname, uid, gid);
|
|
|
905b4d |
done:
|
|
|
905b4d |
talloc_free(tmp_ctx);
|
|
|
905b4d |
return ret;
|
|
|
905b4d |
diff --git a/src/providers/krb5/krb5_ccache.h b/src/providers/krb5/krb5_ccache.h
|
|
|
905b4d |
index 9f0b3ac84b7af118c315ca00a7c52f200534d97e..e39f96cad6f46c4003103dce4eadf007bc0f8920 100644
|
|
|
905b4d |
--- a/src/providers/krb5/krb5_ccache.h
|
|
|
905b4d |
+++ b/src/providers/krb5/krb5_ccache.h
|
|
|
905b4d |
@@ -35,12 +35,7 @@ struct tgt_times {
|
|
|
905b4d |
time_t renew_till;
|
|
|
905b4d |
};
|
|
|
905b4d |
|
|
|
905b4d |
-errno_t create_ccache_dir(const char *ccdirname,
|
|
|
905b4d |
- pcre *illegal_re,
|
|
|
905b4d |
- uid_t uid, gid_t gid);
|
|
|
905b4d |
-
|
|
|
905b4d |
-errno_t sss_krb5_precreate_ccache(const char *ccname, pcre *illegal_re,
|
|
|
905b4d |
- uid_t uid, gid_t gid);
|
|
|
905b4d |
+errno_t sss_krb5_precreate_ccache(const char *ccname, uid_t uid, gid_t gid);
|
|
|
905b4d |
|
|
|
905b4d |
errno_t sss_krb5_cc_destroy(const char *ccname, uid_t uid, gid_t gid);
|
|
|
905b4d |
|
|
|
905b4d |
diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c
|
|
|
905b4d |
index ae72b04be236cfce9b6f794c602887491ba487a9..de2d94503744b80b0a3365efb227cd05434579ff 100644
|
|
|
905b4d |
--- a/src/providers/krb5/krb5_utils.c
|
|
|
905b4d |
+++ b/src/providers/krb5/krb5_utils.c
|
|
|
905b4d |
@@ -202,9 +202,31 @@ done:
|
|
|
905b4d |
#define S_EXP_USERNAME "{username}"
|
|
|
905b4d |
#define L_EXP_USERNAME (sizeof(S_EXP_USERNAME) - 1)
|
|
|
905b4d |
|
|
|
905b4d |
+static errno_t
|
|
|
905b4d |
+check_ccache_re(const char *filename, pcre *illegal_re)
|
|
|
905b4d |
+{
|
|
|
905b4d |
+ errno_t ret;
|
|
|
905b4d |
+
|
|
|
905b4d |
+ ret = pcre_exec(illegal_re, NULL, filename, strlen(filename),
|
|
|
905b4d |
+ 0, 0, NULL, 0);
|
|
|
905b4d |
+ if (ret == 0) {
|
|
|
905b4d |
+ DEBUG(SSSDBG_OP_FAILURE,
|
|
|
905b4d |
+ "Illegal pattern in ccache directory name [%s].\n", filename);
|
|
|
905b4d |
+ return EINVAL;
|
|
|
905b4d |
+ } else if (ret == PCRE_ERROR_NOMATCH) {
|
|
|
905b4d |
+ DEBUG(SSSDBG_TRACE_LIBS,
|
|
|
905b4d |
+ "Ccache directory name [%s] does not contain "
|
|
|
905b4d |
+ "illegal patterns.\n", filename);
|
|
|
905b4d |
+ return EOK;
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+
|
|
|
905b4d |
+ DEBUG(SSSDBG_CRIT_FAILURE, "pcre_exec failed [%d].\n", ret);
|
|
|
905b4d |
+ return EFAULT;
|
|
|
905b4d |
+}
|
|
|
905b4d |
+
|
|
|
905b4d |
char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
|
|
|
905b4d |
- const char *template, bool file_mode,
|
|
|
905b4d |
- bool case_sensitive)
|
|
|
905b4d |
+ const char *template, pcre *illegal_re,
|
|
|
905b4d |
+ bool file_mode, bool case_sensitive)
|
|
|
905b4d |
{
|
|
|
905b4d |
char *copy;
|
|
|
905b4d |
char *p;
|
|
|
905b4d |
@@ -217,6 +239,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
|
|
|
905b4d |
TALLOC_CTX *tmp_ctx = NULL;
|
|
|
905b4d |
char action;
|
|
|
905b4d |
bool rerun;
|
|
|
905b4d |
+ int ret;
|
|
|
905b4d |
|
|
|
905b4d |
if (template == NULL) {
|
|
|
905b4d |
DEBUG(SSSDBG_CRIT_FAILURE, "Missing template.\n");
|
|
|
905b4d |
@@ -320,7 +343,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
|
|
|
905b4d |
}
|
|
|
905b4d |
|
|
|
905b4d |
dummy = expand_ccname_template(tmp_ctx, kr, cache_dir_tmpl,
|
|
|
905b4d |
- false, case_sensitive);
|
|
|
905b4d |
+ illegal_re, false, case_sensitive);
|
|
|
905b4d |
if (dummy == NULL) {
|
|
|
905b4d |
DEBUG(SSSDBG_CRIT_FAILURE,
|
|
|
905b4d |
"Expanding credential cache directory "
|
|
|
905b4d |
@@ -411,6 +434,13 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
|
|
|
905b4d |
goto done;
|
|
|
905b4d |
}
|
|
|
905b4d |
|
|
|
905b4d |
+ if (illegal_re != NULL) {
|
|
|
905b4d |
+ ret = check_ccache_re(result, illegal_re);
|
|
|
905b4d |
+ if (ret != EOK) {
|
|
|
905b4d |
+ goto done;
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+
|
|
|
905b4d |
res = talloc_move(mem_ctx, &result);
|
|
|
905b4d |
done:
|
|
|
905b4d |
talloc_zfree(tmp_ctx);
|
|
|
905b4d |
diff --git a/src/providers/krb5/krb5_utils.h b/src/providers/krb5/krb5_utils.h
|
|
|
905b4d |
index ce5ce1ebcf6db14579191840600e684d41a2fdbe..0155905b5bc7469d09aecbd51cae0e8cc61b3952 100644
|
|
|
905b4d |
--- a/src/providers/krb5/krb5_utils.h
|
|
|
905b4d |
+++ b/src/providers/krb5/krb5_utils.h
|
|
|
905b4d |
@@ -43,8 +43,8 @@ errno_t check_if_cached_upn_needs_update(struct sysdb_ctx *sysdb,
|
|
|
905b4d |
const char *upn);
|
|
|
905b4d |
|
|
|
905b4d |
char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
|
|
|
905b4d |
- const char *template, bool file_mode,
|
|
|
905b4d |
- bool case_sensitive);
|
|
|
905b4d |
+ const char *template, pcre *illegal_re,
|
|
|
905b4d |
+ bool file_mode, bool case_sensitive);
|
|
|
905b4d |
|
|
|
905b4d |
errno_t get_domain_or_subdomain(struct be_ctx *be_ctx,
|
|
|
905b4d |
char *domain_name,
|
|
|
905b4d |
diff --git a/src/tests/krb5_child-test.c b/src/tests/krb5_child-test.c
|
|
|
905b4d |
index 09f23d5386e3c70efc5ce54fa199c1a6e8656eec..8826a28ed5ea064317c62682003dc0e9a6df01b6 100644
|
|
|
905b4d |
--- a/src/tests/krb5_child-test.c
|
|
|
905b4d |
+++ b/src/tests/krb5_child-test.c
|
|
|
905b4d |
@@ -239,6 +239,7 @@ create_dummy_req(TALLOC_CTX *mem_ctx, const char *user,
|
|
|
905b4d |
kr->ccname = expand_ccname_template(kr, kr,
|
|
|
905b4d |
dp_opt_get_cstring(kr->krb5_ctx->opts,
|
|
|
905b4d |
KRB5_CCNAME_TMPL),
|
|
|
905b4d |
+ kr->krb5_ctx->illegal_path_re,
|
|
|
905b4d |
true, true);
|
|
|
905b4d |
if (!kr->ccname) goto fail;
|
|
|
905b4d |
|
|
|
905b4d |
@@ -254,7 +255,6 @@ create_dummy_req(TALLOC_CTX *mem_ctx, const char *user,
|
|
|
905b4d |
kr->ccname, kr->uid, kr->gid);
|
|
|
905b4d |
|
|
|
905b4d |
ret = sss_krb5_precreate_ccache(kr->ccname,
|
|
|
905b4d |
- kr->krb5_ctx->illegal_path_re,
|
|
|
905b4d |
kr->uid, kr->gid);
|
|
|
905b4d |
if (ret != EOK) {
|
|
|
905b4d |
DEBUG(SSSDBG_OP_FAILURE, "create_ccache_dir failed.\n");
|
|
|
905b4d |
diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c
|
|
|
905b4d |
index 52d8a18576b23c627c7ef3358bd34f4b2dbae6f7..409c0f01d2cce9c24a648306007b9fa7f5bc8372 100644
|
|
|
905b4d |
--- a/src/tests/krb5_utils-tests.c
|
|
|
905b4d |
+++ b/src/tests/krb5_utils-tests.c
|
|
|
905b4d |
@@ -131,13 +131,13 @@ START_TEST(test_private_ccache_dir_in_user_dir)
|
|
|
905b4d |
|
|
|
905b4d |
ret = chmod(user_dir, 0600);
|
|
|
905b4d |
fail_unless(ret == EOK, "chmod failed.");
|
|
|
905b4d |
- ret = sss_krb5_precreate_ccache(filename, NULL, uid, gid);
|
|
|
905b4d |
+ ret = sss_krb5_precreate_ccache(filename, uid, gid);
|
|
|
905b4d |
fail_unless(ret == EINVAL, "sss_krb5_precreate_ccache does not return EINVAL "
|
|
|
905b4d |
"while x-bit is missing.");
|
|
|
905b4d |
|
|
|
905b4d |
ret = chmod(user_dir, 0700);
|
|
|
905b4d |
fail_unless(ret == EOK, "chmod failed.");
|
|
|
905b4d |
- ret = sss_krb5_precreate_ccache(filename, NULL, uid, gid);
|
|
|
905b4d |
+ ret = sss_krb5_precreate_ccache(filename, uid, gid);
|
|
|
905b4d |
fail_unless(ret == EOK, "sss_krb5_precreate_ccache failed.");
|
|
|
905b4d |
|
|
|
905b4d |
check_dir(dn3, uid, gid, 0700);
|
|
|
905b4d |
@@ -175,7 +175,7 @@ START_TEST(test_private_ccache_dir_in_wrong_user_dir)
|
|
|
905b4d |
filename = talloc_asprintf(tmp_ctx, "%s/ccfile", subdirname);
|
|
|
905b4d |
fail_unless(filename != NULL, "talloc_asprintf failed.");
|
|
|
905b4d |
|
|
|
905b4d |
- ret = sss_krb5_precreate_ccache(filename, NULL, 12345, 12345);
|
|
|
905b4d |
+ ret = sss_krb5_precreate_ccache(filename, 12345, 12345);
|
|
|
905b4d |
fail_unless(ret == EINVAL, "Creating private ccache dir in wrong user "
|
|
|
905b4d |
"dir does not failed with EINVAL.");
|
|
|
905b4d |
|
|
|
905b4d |
@@ -185,16 +185,14 @@ END_TEST
|
|
|
905b4d |
|
|
|
905b4d |
START_TEST(test_illegal_patterns)
|
|
|
905b4d |
{
|
|
|
905b4d |
- int ret;
|
|
|
905b4d |
char *cwd;
|
|
|
905b4d |
char *dirname;
|
|
|
905b4d |
char *filename;
|
|
|
905b4d |
- uid_t uid = getuid();
|
|
|
905b4d |
- gid_t gid = getgid();
|
|
|
905b4d |
pcre *illegal_re;
|
|
|
905b4d |
const char *errstr;
|
|
|
905b4d |
int errval;
|
|
|
905b4d |
int errpos;
|
|
|
905b4d |
+ char *result = NULL;
|
|
|
905b4d |
|
|
|
905b4d |
illegal_re = pcre_compile2(ILLEGAL_PATH_PATTERN, 0,
|
|
|
905b4d |
&errval, &errstr, &errpos, NULL);
|
|
|
905b4d |
@@ -209,33 +207,28 @@ START_TEST(test_illegal_patterns)
|
|
|
905b4d |
free(cwd);
|
|
|
905b4d |
fail_unless(dirname != NULL, "talloc_asprintf failed.");
|
|
|
905b4d |
|
|
|
905b4d |
-
|
|
|
905b4d |
- filename = talloc_asprintf(tmp_ctx, "abc/./ccfile");
|
|
|
905b4d |
- fail_unless(filename != NULL, "talloc_asprintf failed.");
|
|
|
905b4d |
- ret = create_ccache_dir(filename, illegal_re, uid, gid);
|
|
|
905b4d |
- fail_unless(ret == EINVAL, "create_ccache_dir allowed relative path [%s].",
|
|
|
905b4d |
- filename);
|
|
|
905b4d |
+ result = expand_ccname_template(tmp_ctx, kr, "abc/./ccfile", illegal_re, true, true);
|
|
|
905b4d |
+ fail_unless(result == NULL, "expand_ccname_template allowed relative path\n");
|
|
|
905b4d |
|
|
|
905b4d |
filename = talloc_asprintf(tmp_ctx, "%s/abc/./ccfile", dirname);
|
|
|
905b4d |
fail_unless(filename != NULL, "talloc_asprintf failed.");
|
|
|
905b4d |
- ret = create_ccache_dir(filename, illegal_re, uid, gid);
|
|
|
905b4d |
- fail_unless(ret == EINVAL, "create_ccache_dir allowed "
|
|
|
905b4d |
- "illegal pattern '/./' in filename [%s].",
|
|
|
905b4d |
- filename);
|
|
|
905b4d |
+ result = expand_ccname_template(tmp_ctx, kr, filename, illegal_re, true, true);
|
|
|
905b4d |
+ fail_unless(result == NULL, "expand_ccname_template allowed "
|
|
|
905b4d |
+ "illegal pattern '/./'\n");
|
|
|
905b4d |
|
|
|
905b4d |
filename = talloc_asprintf(tmp_ctx, "%s/abc/../ccfile", dirname);
|
|
|
905b4d |
fail_unless(filename != NULL, "talloc_asprintf failed.");
|
|
|
905b4d |
- ret = create_ccache_dir(filename, illegal_re, uid, gid);
|
|
|
905b4d |
- fail_unless(ret == EINVAL, "create_ccache_dir allowed "
|
|
|
905b4d |
- "illegal pattern '/../' in filename [%s].",
|
|
|
905b4d |
- filename);
|
|
|
905b4d |
+ result = expand_ccname_template(tmp_ctx, kr, filename, illegal_re, true, true);
|
|
|
905b4d |
+ fail_unless(result == NULL, "expand_ccname_template allowed "
|
|
|
905b4d |
+ "illegal pattern '/../' in filename [%s].",
|
|
|
905b4d |
+ filename);
|
|
|
905b4d |
|
|
|
905b4d |
filename = talloc_asprintf(tmp_ctx, "%s/abc//ccfile", dirname);
|
|
|
905b4d |
fail_unless(filename != NULL, "talloc_asprintf failed.");
|
|
|
905b4d |
- ret = create_ccache_dir(filename, illegal_re, uid, gid);
|
|
|
905b4d |
- fail_unless(ret == EINVAL, "create_ccache_dir allowed "
|
|
|
905b4d |
- "illegal pattern '//' in filename [%s].",
|
|
|
905b4d |
- filename);
|
|
|
905b4d |
+ result = expand_ccname_template(tmp_ctx, kr, filename, illegal_re, true, true);
|
|
|
905b4d |
+ fail_unless(result == NULL, "expand_ccname_template allowed "
|
|
|
905b4d |
+ "illegal pattern '//' in filename [%s].",
|
|
|
905b4d |
+ filename);
|
|
|
905b4d |
|
|
|
905b4d |
pcre_free(illegal_re);
|
|
|
905b4d |
}
|
|
|
905b4d |
@@ -248,17 +241,7 @@ START_TEST(test_cc_dir_create)
|
|
|
905b4d |
char *cwd;
|
|
|
905b4d |
uid_t uid = getuid();
|
|
|
905b4d |
gid_t gid = getgid();
|
|
|
905b4d |
- pcre *illegal_re;
|
|
|
905b4d |
errno_t ret;
|
|
|
905b4d |
- const char *errstr;
|
|
|
905b4d |
- int errval;
|
|
|
905b4d |
- int errpos;
|
|
|
905b4d |
-
|
|
|
905b4d |
- illegal_re = pcre_compile2(ILLEGAL_PATH_PATTERN, 0,
|
|
|
905b4d |
- &errval, &errstr, &errpos, NULL);
|
|
|
905b4d |
- fail_unless(illegal_re != NULL, "Invalid Regular Expression pattern at "
|
|
|
905b4d |
- " position %d. (Error: %d [%s])\n",
|
|
|
905b4d |
- errpos, errval, errstr);
|
|
|
905b4d |
|
|
|
905b4d |
cwd = getcwd(NULL, 0);
|
|
|
905b4d |
fail_unless(cwd != NULL, "getcwd failed.");
|
|
|
905b4d |
@@ -269,7 +252,7 @@ START_TEST(test_cc_dir_create)
|
|
|
905b4d |
residual = talloc_asprintf(tmp_ctx, "DIR:%s/%s", dirname, "ccdir");
|
|
|
905b4d |
fail_unless(residual != NULL, "talloc_asprintf failed.");
|
|
|
905b4d |
|
|
|
905b4d |
- ret = sss_krb5_precreate_ccache(residual, illegal_re, uid, gid);
|
|
|
905b4d |
+ ret = sss_krb5_precreate_ccache(residual, uid, gid);
|
|
|
905b4d |
fail_unless(ret == EOK, "sss_krb5_precreate_ccache failed\n");
|
|
|
905b4d |
ret = rmdir(dirname);
|
|
|
905b4d |
if (ret < 0) ret = errno;
|
|
|
905b4d |
@@ -282,14 +265,13 @@ START_TEST(test_cc_dir_create)
|
|
|
905b4d |
residual = talloc_asprintf(tmp_ctx, "DIR:%s/%s", dirname, "ccdir/");
|
|
|
905b4d |
fail_unless(residual != NULL, "talloc_asprintf failed.");
|
|
|
905b4d |
|
|
|
905b4d |
- ret = sss_krb5_precreate_ccache(residual, illegal_re, uid, gid);
|
|
|
905b4d |
+ ret = sss_krb5_precreate_ccache(residual, uid, gid);
|
|
|
905b4d |
fail_unless(ret == EOK, "sss_krb5_precreate_ccache failed\n");
|
|
|
905b4d |
ret = rmdir(dirname);
|
|
|
905b4d |
if (ret < 0) ret = errno;
|
|
|
905b4d |
fail_unless(ret == 0, "Cannot remove %s: %s\n", dirname, strerror(ret));
|
|
|
905b4d |
talloc_free(residual);
|
|
|
905b4d |
free(cwd);
|
|
|
905b4d |
- pcre_free(illegal_re);
|
|
|
905b4d |
}
|
|
|
905b4d |
END_TEST
|
|
|
905b4d |
|
|
|
905b4d |
@@ -356,7 +338,7 @@ static void do_test(const char *file_template, const char *dir_template,
|
|
|
905b4d |
ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, dir_template);
|
|
|
905b4d |
fail_unless(ret == EOK, "Failed to set Ccache dir");
|
|
|
905b4d |
|
|
|
905b4d |
- result = expand_ccname_template(tmp_ctx, kr, file_template, true, true);
|
|
|
905b4d |
+ result = expand_ccname_template(tmp_ctx, kr, file_template, NULL, true, true);
|
|
|
905b4d |
|
|
|
905b4d |
fail_unless(result != NULL, "Cannot expand template [%s].", file_template);
|
|
|
905b4d |
fail_unless(strcmp(result, expected) == 0,
|
|
|
905b4d |
@@ -391,14 +373,14 @@ START_TEST(test_case_sensitive)
|
|
|
905b4d |
ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, CCACHE_DIR);
|
|
|
905b4d |
fail_unless(ret == EOK, "Failed to set Ccache dir");
|
|
|
905b4d |
|
|
|
905b4d |
- result = expand_ccname_template(tmp_ctx, kr, file_template, true, true);
|
|
|
905b4d |
+ result = expand_ccname_template(tmp_ctx, kr, file_template, NULL, true, true);
|
|
|
905b4d |
|
|
|
905b4d |
fail_unless(result != NULL, "Cannot expand template [%s].", file_template);
|
|
|
905b4d |
fail_unless(strcmp(result, expected_cs) == 0,
|
|
|
905b4d |
"Expansion failed, result [%s], expected [%s].",
|
|
|
905b4d |
result, expected_cs);
|
|
|
905b4d |
|
|
|
905b4d |
- result = expand_ccname_template(tmp_ctx, kr, file_template, true, false);
|
|
|
905b4d |
+ result = expand_ccname_template(tmp_ctx, kr, file_template, NULL, true, false);
|
|
|
905b4d |
|
|
|
905b4d |
fail_unless(result != NULL, "Cannot expand template [%s].", file_template);
|
|
|
905b4d |
fail_unless(strcmp(result, expected_ci) == 0,
|
|
|
905b4d |
@@ -445,7 +427,7 @@ START_TEST(test_ccache_dir)
|
|
|
905b4d |
ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, BASE"_%d");
|
|
|
905b4d |
fail_unless(ret == EOK, "Failed to set Ccache dir");
|
|
|
905b4d |
|
|
|
905b4d |
- result = expand_ccname_template(tmp_ctx, kr, "%d/"FILENAME, true, true);
|
|
|
905b4d |
+ result = expand_ccname_template(tmp_ctx, kr, "%d/"FILENAME, NULL, true, true);
|
|
|
905b4d |
|
|
|
905b4d |
fail_unless(result == NULL, "Using %%d in ccache dir should fail.");
|
|
|
905b4d |
}
|
|
|
905b4d |
@@ -461,7 +443,7 @@ START_TEST(test_pid)
|
|
|
905b4d |
ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, BASE"_%P");
|
|
|
905b4d |
fail_unless(ret == EOK, "Failed to set Ccache dir");
|
|
|
905b4d |
|
|
|
905b4d |
- result = expand_ccname_template(tmp_ctx, kr, "%d/"FILENAME, true, true);
|
|
|
905b4d |
+ result = expand_ccname_template(tmp_ctx, kr, "%d/"FILENAME, NULL, true, true);
|
|
|
905b4d |
|
|
|
905b4d |
fail_unless(result == NULL, "Using %%P in ccache dir should fail.");
|
|
|
905b4d |
}
|
|
|
905b4d |
@@ -480,7 +462,7 @@ START_TEST(test_unknown_template)
|
|
|
905b4d |
char *result;
|
|
|
905b4d |
int ret;
|
|
|
905b4d |
|
|
|
905b4d |
- result = expand_ccname_template(tmp_ctx, kr, test_template, true, true);
|
|
|
905b4d |
+ result = expand_ccname_template(tmp_ctx, kr, test_template, NULL, true, true);
|
|
|
905b4d |
|
|
|
905b4d |
fail_unless(result == NULL, "Unknown template [%s] should fail.",
|
|
|
905b4d |
test_template);
|
|
|
905b4d |
@@ -488,7 +470,7 @@ START_TEST(test_unknown_template)
|
|
|
905b4d |
ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, BASE"_%X");
|
|
|
905b4d |
fail_unless(ret == EOK, "Failed to set Ccache dir");
|
|
|
905b4d |
test_template = "%d/"FILENAME;
|
|
|
905b4d |
- result = expand_ccname_template(tmp_ctx, kr, test_template, true, true);
|
|
|
905b4d |
+ result = expand_ccname_template(tmp_ctx, kr, test_template, NULL, true, true);
|
|
|
905b4d |
|
|
|
905b4d |
fail_unless(result == NULL, "Unknown template [%s] should fail.",
|
|
|
905b4d |
test_template);
|
|
|
905b4d |
@@ -500,7 +482,7 @@ START_TEST(test_NULL)
|
|
|
905b4d |
char *test_template = NULL;
|
|
|
905b4d |
char *result;
|
|
|
905b4d |
|
|
|
905b4d |
- result = expand_ccname_template(tmp_ctx, kr, test_template, true, true);
|
|
|
905b4d |
+ result = expand_ccname_template(tmp_ctx, kr, test_template, NULL, true, true);
|
|
|
905b4d |
|
|
|
905b4d |
fail_unless(result == NULL, "Expected NULL as a result for an empty input.",
|
|
|
905b4d |
test_template);
|
|
|
905b4d |
@@ -512,7 +494,7 @@ START_TEST(test_no_substitution)
|
|
|
905b4d |
const char *test_template = BASE;
|
|
|
905b4d |
char *result;
|
|
|
905b4d |
|
|
|
905b4d |
- result = expand_ccname_template(tmp_ctx, kr, test_template, true, true);
|
|
|
905b4d |
+ result = expand_ccname_template(tmp_ctx, kr, test_template, NULL, true, true);
|
|
|
905b4d |
|
|
|
905b4d |
fail_unless(result != NULL, "Cannot expand template [%s].", test_template);
|
|
|
905b4d |
fail_unless(strcmp(result, test_template) == 0,
|
|
|
905b4d |
@@ -529,7 +511,7 @@ START_TEST(test_krb5_style_expansion)
|
|
|
905b4d |
|
|
|
905b4d |
file_template = BASE"/%{uid}/%{USERID}/%{euid}/%{username}";
|
|
|
905b4d |
expected = BASE"/"UID"/"UID"/"UID"/"USERNAME;
|
|
|
905b4d |
- result = expand_ccname_template(tmp_ctx, kr, file_template, true, true);
|
|
|
905b4d |
+ result = expand_ccname_template(tmp_ctx, kr, file_template, NULL, true, true);
|
|
|
905b4d |
|
|
|
905b4d |
fail_unless(result != NULL, "Cannot expand template [%s].", file_template);
|
|
|
905b4d |
fail_unless(strcmp(result, expected) == 0,
|
|
|
905b4d |
@@ -538,7 +520,7 @@ START_TEST(test_krb5_style_expansion)
|
|
|
905b4d |
|
|
|
905b4d |
file_template = BASE"/%{unknown}";
|
|
|
905b4d |
expected = BASE"/%{unknown}";
|
|
|
905b4d |
- result = expand_ccname_template(tmp_ctx, kr, file_template, true, false);
|
|
|
905b4d |
+ result = expand_ccname_template(tmp_ctx, kr, file_template, NULL, true, true);
|
|
|
905b4d |
|
|
|
905b4d |
fail_unless(result != NULL, "Cannot expand template [%s].", file_template);
|
|
|
905b4d |
fail_unless(strcmp(result, expected) == 0,
|
|
|
905b4d |
--
|
|
|
905b4d |
1.9.3
|
|
|
905b4d |
|