|
 |
4d476f |
autofs-5.1.0 - add a prefix to program map stdvars
|
|
|
4d476f |
|
|
|
4d476f |
From: Ian Kent <ikent@redhat.com>
|
|
|
4d476f |
|
|
|
4d476f |
When a program map uses an interpreted languages like python it's
|
|
|
4d476f |
possible to load and execute arbitray code from a user home directory.
|
|
|
4d476f |
This is because the standard environment variables are used to locate
|
|
|
4d476f |
and load modules when using these languages.
|
|
|
4d476f |
|
|
|
4d476f |
To avoid that we need to add a prefix to these environment names so
|
|
|
4d476f |
they aren't used for this purpose. The prefix used is "AUTOFS_" and
|
|
|
4d476f |
is not configurable.
|
|
|
4d476f |
---
|
|
|
4d476f |
CHANGELOG | 1
|
|
|
4d476f |
include/mounts.h | 4 +-
|
|
|
4d476f |
lib/mounts.c | 84 +++++++++++++++++++++++++++++++++++++++--------
|
|
|
4d476f |
modules/lookup_program.c | 2 -
|
|
|
4d476f |
modules/parse_sun.c | 8 ++--
|
|
|
4d476f |
5 files changed, 78 insertions(+), 21 deletions(-)
|
|
|
4d476f |
|
|
|
4d476f |
--- autofs-5.0.7.orig/CHANGELOG
|
|
|
4d476f |
+++ autofs-5.0.7/CHANGELOG
|
|
|
4d476f |
@@ -162,6 +162,7 @@
|
|
|
4d476f |
- make negative cache update consistent for all lookup modules.
|
|
|
4d476f |
- ensure negative cache isn't updated on remount.
|
|
|
4d476f |
- dont add wildcard to negative cache.
|
|
|
4d476f |
+- add a prefix to program map stdvars.
|
|
|
4d476f |
|
|
|
4d476f |
25/07/2012 autofs-5.0.7
|
|
|
4d476f |
=======================
|
|
|
4d476f |
--- autofs-5.0.7.orig/include/mounts.h
|
|
|
4d476f |
+++ autofs-5.0.7/include/mounts.h
|
|
|
4d476f |
@@ -87,8 +87,8 @@ extern unsigned int nfs_mount_uses_strin
|
|
|
4d476f |
|
|
|
4d476f |
struct amd_entry;
|
|
|
4d476f |
|
|
|
4d476f |
-struct substvar *addstdenv(struct substvar *sv);
|
|
|
4d476f |
-struct substvar *removestdenv(struct substvar *sv);
|
|
|
4d476f |
+struct substvar *addstdenv(struct substvar *sv, const char *prefix);
|
|
|
4d476f |
+struct substvar *removestdenv(struct substvar *sv, const char *prefix);
|
|
|
4d476f |
void add_std_amd_vars(struct substvar *sv);
|
|
|
4d476f |
void remove_std_amd_vars(void);
|
|
|
4d476f |
struct amd_entry *new_amd_entry(const struct substvar *sv);
|
|
|
4d476f |
--- autofs-5.0.7.orig/lib/mounts.c
|
|
|
4d476f |
+++ autofs-5.0.7/lib/mounts.c
|
|
|
4d476f |
@@ -32,6 +32,7 @@
|
|
|
4d476f |
|
|
|
4d476f |
#define MAX_OPTIONS_LEN 80
|
|
|
4d476f |
#define MAX_MNT_NAME_LEN 30
|
|
|
4d476f |
+#define MAX_ENV_NAME 15
|
|
|
4d476f |
|
|
|
4d476f |
#define EBUFSIZ 1024
|
|
|
4d476f |
|
|
|
4d476f |
@@ -328,7 +329,61 @@ int check_nfs_mount_version(struct nfs_m
|
|
|
4d476f |
}
|
|
|
4d476f |
#endif
|
|
|
4d476f |
|
|
|
4d476f |
-struct substvar *addstdenv(struct substvar *sv)
|
|
|
4d476f |
+static char *set_env_name(const char *prefix, const char *name, char *buf)
|
|
|
4d476f |
+{
|
|
|
4d476f |
+ size_t len;
|
|
|
4d476f |
+
|
|
|
4d476f |
+ len = strlen(name);
|
|
|
4d476f |
+ if (prefix)
|
|
|
4d476f |
+ len += strlen(prefix);
|
|
|
4d476f |
+ len++;
|
|
|
4d476f |
+
|
|
|
4d476f |
+ if (len > MAX_ENV_NAME)
|
|
|
4d476f |
+ return NULL;
|
|
|
4d476f |
+
|
|
|
4d476f |
+ if (!prefix)
|
|
|
4d476f |
+ strcpy(buf, name);
|
|
|
4d476f |
+ else {
|
|
|
4d476f |
+ strcpy(buf, prefix);
|
|
|
4d476f |
+ strcat(buf, name);
|
|
|
4d476f |
+ }
|
|
|
4d476f |
+ return buf;
|
|
|
4d476f |
+}
|
|
|
4d476f |
+
|
|
|
4d476f |
+static struct substvar *do_macro_addvar(struct substvar *list,
|
|
|
4d476f |
+ const char *prefix,
|
|
|
4d476f |
+ const char *name,
|
|
|
4d476f |
+ const char *val)
|
|
|
4d476f |
+{
|
|
|
4d476f |
+ char buf[MAX_ENV_NAME + 1];
|
|
|
4d476f |
+ char *new;
|
|
|
4d476f |
+ size_t len;
|
|
|
4d476f |
+
|
|
|
4d476f |
+ new = set_env_name(prefix, name, buf);
|
|
|
4d476f |
+ if (new) {
|
|
|
4d476f |
+ len = strlen(new);
|
|
|
4d476f |
+ list = macro_addvar(list, new, len, val);
|
|
|
4d476f |
+ }
|
|
|
4d476f |
+ return list;
|
|
|
4d476f |
+}
|
|
|
4d476f |
+
|
|
|
4d476f |
+static struct substvar *do_macro_removevar(struct substvar *list,
|
|
|
4d476f |
+ const char *prefix,
|
|
|
4d476f |
+ const char *name)
|
|
|
4d476f |
+{
|
|
|
4d476f |
+ char buf[MAX_ENV_NAME + 1];
|
|
|
4d476f |
+ char *new;
|
|
|
4d476f |
+ size_t len;
|
|
|
4d476f |
+
|
|
|
4d476f |
+ new = set_env_name(prefix, name, buf);
|
|
|
4d476f |
+ if (new) {
|
|
|
4d476f |
+ len = strlen(new);
|
|
|
4d476f |
+ list = macro_removevar(list, new, len);
|
|
|
4d476f |
+ }
|
|
|
4d476f |
+ return list;
|
|
|
4d476f |
+}
|
|
|
4d476f |
+
|
|
|
4d476f |
+struct substvar *addstdenv(struct substvar *sv, const char *prefix)
|
|
|
4d476f |
{
|
|
|
4d476f |
struct substvar *list = sv;
|
|
|
4d476f |
struct thread_stdenv_vars *tsv;
|
|
|
4d476f |
@@ -343,14 +398,14 @@ struct substvar *addstdenv(struct substv
|
|
|
4d476f |
num = (long) tsv->uid;
|
|
|
4d476f |
ret = sprintf(numbuf, "%ld", num);
|
|
|
4d476f |
if (ret > 0)
|
|
|
4d476f |
- list = macro_addvar(list, "UID", 3, numbuf);
|
|
|
4d476f |
+ list = do_macro_addvar(list, prefix, "UID", numbuf);
|
|
|
4d476f |
num = (long) tsv->gid;
|
|
|
4d476f |
ret = sprintf(numbuf, "%ld", num);
|
|
|
4d476f |
if (ret > 0)
|
|
|
4d476f |
- list = macro_addvar(list, "GID", 3, numbuf);
|
|
|
4d476f |
- list = macro_addvar(list, "USER", 4, tsv->user);
|
|
|
4d476f |
- list = macro_addvar(list, "GROUP", 5, tsv->group);
|
|
|
4d476f |
- list = macro_addvar(list, "HOME", 4, tsv->home);
|
|
|
4d476f |
+ list = do_macro_addvar(list, prefix, "GID", numbuf);
|
|
|
4d476f |
+ list = do_macro_addvar(list, prefix, "USER", tsv->user);
|
|
|
4d476f |
+ list = do_macro_addvar(list, prefix, "GROUP", tsv->group);
|
|
|
4d476f |
+ list = do_macro_addvar(list, prefix, "HOME", tsv->home);
|
|
|
4d476f |
mv = macro_findvar(list, "HOST", 4);
|
|
|
4d476f |
if (mv) {
|
|
|
4d476f |
char *shost = strdup(mv->val);
|
|
|
4d476f |
@@ -358,7 +413,8 @@ struct substvar *addstdenv(struct substv
|
|
|
4d476f |
char *dot = strchr(shost, '.');
|
|
|
4d476f |
if (dot)
|
|
|
4d476f |
*dot = '\0';
|
|
|
4d476f |
- list = macro_addvar(list, "SHOST", 5, shost);
|
|
|
4d476f |
+ list = do_macro_addvar(list,
|
|
|
4d476f |
+ prefix, "SHOST", shost);
|
|
|
4d476f |
free(shost);
|
|
|
4d476f |
}
|
|
|
4d476f |
}
|
|
|
4d476f |
@@ -366,16 +422,16 @@ struct substvar *addstdenv(struct substv
|
|
|
4d476f |
return list;
|
|
|
4d476f |
}
|
|
|
4d476f |
|
|
|
4d476f |
-struct substvar *removestdenv(struct substvar *sv)
|
|
|
4d476f |
+struct substvar *removestdenv(struct substvar *sv, const char *prefix)
|
|
|
4d476f |
{
|
|
|
4d476f |
struct substvar *list = sv;
|
|
|
4d476f |
|
|
|
4d476f |
- list = macro_removevar(list, "UID", 3);
|
|
|
4d476f |
- list = macro_removevar(list, "USER", 4);
|
|
|
4d476f |
- list = macro_removevar(list, "HOME", 4);
|
|
|
4d476f |
- list = macro_removevar(list, "GID", 3);
|
|
|
4d476f |
- list = macro_removevar(list, "GROUP", 5);
|
|
|
4d476f |
- list = macro_removevar(list, "SHOST", 5);
|
|
|
4d476f |
+ list = do_macro_removevar(list, prefix, "UID");
|
|
|
4d476f |
+ list = do_macro_removevar(list, prefix, "USER");
|
|
|
4d476f |
+ list = do_macro_removevar(list, prefix, "HOME");
|
|
|
4d476f |
+ list = do_macro_removevar(list, prefix, "GID");
|
|
|
4d476f |
+ list = do_macro_removevar(list, prefix, "GROUP");
|
|
|
4d476f |
+ list = do_macro_removevar(list, prefix, "SHOST");
|
|
|
4d476f |
return list;
|
|
|
4d476f |
}
|
|
|
4d476f |
|
|
|
4d476f |
--- autofs-5.0.7.orig/modules/lookup_program.c
|
|
|
4d476f |
+++ autofs-5.0.7/modules/lookup_program.c
|
|
|
4d476f |
@@ -181,7 +181,7 @@ static char *lookup_one(struct autofs_po
|
|
|
4d476f |
if (ctxt->mapfmt && strcmp(ctxt->mapfmt, "MAPFMT_DEFAULT")) {
|
|
|
4d476f |
struct parse_context *pctxt = (struct parse_context *) ctxt->parse->context;
|
|
|
4d476f |
/* Add standard environment as seen by sun map parser */
|
|
|
4d476f |
- pctxt->subst = addstdenv(pctxt->subst);
|
|
|
4d476f |
+ pctxt->subst = addstdenv(pctxt->subst, "AUTOFS_");
|
|
|
4d476f |
macro_setenv(pctxt->subst);
|
|
|
4d476f |
}
|
|
|
4d476f |
execl(ctxt->mapname, ctxt->mapname, name, NULL);
|
|
|
4d476f |
--- autofs-5.0.7.orig/modules/parse_sun.c
|
|
|
4d476f |
+++ autofs-5.0.7/modules/parse_sun.c
|
|
|
4d476f |
@@ -1214,12 +1214,12 @@ int parse_mount(struct autofs_point *ap,
|
|
|
4d476f |
pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cur_state);
|
|
|
4d476f |
macro_lock();
|
|
|
4d476f |
|
|
|
4d476f |
- ctxt->subst = addstdenv(ctxt->subst);
|
|
|
4d476f |
+ ctxt->subst = addstdenv(ctxt->subst, NULL);
|
|
|
4d476f |
|
|
|
4d476f |
mapent_len = expandsunent(mapent, NULL, name, ctxt->subst, slashify);
|
|
|
4d476f |
if (mapent_len == 0) {
|
|
|
4d476f |
error(ap->logopt, MODPREFIX "failed to expand map entry");
|
|
|
4d476f |
- ctxt->subst = removestdenv(ctxt->subst);
|
|
|
4d476f |
+ ctxt->subst = removestdenv(ctxt->subst, NULL);
|
|
|
4d476f |
macro_unlock();
|
|
|
4d476f |
pthread_setcancelstate(cur_state, NULL);
|
|
|
4d476f |
return 1;
|
|
|
4d476f |
@@ -1229,7 +1229,7 @@ int parse_mount(struct autofs_point *ap,
|
|
|
4d476f |
if (!pmapent) {
|
|
|
4d476f |
char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
|
|
|
4d476f |
logerr(MODPREFIX "alloca: %s", estr);
|
|
|
4d476f |
- ctxt->subst = removestdenv(ctxt->subst);
|
|
|
4d476f |
+ ctxt->subst = removestdenv(ctxt->subst, NULL);
|
|
|
4d476f |
macro_unlock();
|
|
|
4d476f |
pthread_setcancelstate(cur_state, NULL);
|
|
|
4d476f |
return 1;
|
|
|
4d476f |
@@ -1237,7 +1237,7 @@ int parse_mount(struct autofs_point *ap,
|
|
|
4d476f |
pmapent[mapent_len] = '\0';
|
|
|
4d476f |
|
|
|
4d476f |
expandsunent(mapent, pmapent, name, ctxt->subst, slashify);
|
|
|
4d476f |
- ctxt->subst = removestdenv(ctxt->subst);
|
|
|
4d476f |
+ ctxt->subst = removestdenv(ctxt->subst, NULL);
|
|
|
4d476f |
|
|
|
4d476f |
macro_unlock();
|
|
|
4d476f |
pthread_setcancelstate(cur_state, NULL);
|