Blob Blame History Raw
From 69c8e20b18577781e17c5959e23514134dfb5755 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@redhat.com>
Date: Thu, 24 Jul 2014 16:43:21 -0400
Subject: [PATCH 6/7] Use more randomness for ksu secondary cache names

When generating a suffix to append to a ccache name that will hold the
credentials for a ksu-invoked process, instead of using integers
counting up from 1, use the result of base64-encoding six randomly-
generated octets.  Tweak the output alphabet just a bit to avoid using
'+' or '/' in the generated names, the latter of which could really
confuse things.
---
 src/clients/ksu/ccache.c | 27 +++++++++++++++++++++++----
 src/clients/ksu/ksu.h    |  2 +-
 src/clients/ksu/main.c   | 16 ++++++++++++----
 3 files changed, 36 insertions(+), 9 deletions(-)

diff --git a/src/clients/ksu/ccache.c b/src/clients/ksu/ccache.c
index 0f9e042..a0736f2 100644
--- a/src/clients/ksu/ccache.c
+++ b/src/clients/ksu/ccache.c
@@ -27,6 +27,7 @@
  */
 
 #include "ksu.h"
+#include "k5-base64.h"
 #include "adm_proto.h"
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -504,10 +505,28 @@ show_credential(context, cred, cc)
     free(sname);
 }
 
-int gen_sym(){
-    static int i = 0;
-    i ++;
-    return i;
+/* Create a random string suitable for a filename extension. */
+krb5_error_code
+gen_sym(krb5_context context, char **sym_out)
+{
+    krb5_error_code retval;
+    char bytes[6], *p, *sym;
+    krb5_data data = make_data(bytes, sizeof(bytes));
+
+    *sym_out = NULL;
+    retval = krb5_c_random_make_octets(context, &data);
+    if (retval)
+        return retval;
+    sym = k5_base64_encode(data.data, data.length);
+    if (sym == NULL)
+        return ENOMEM;
+    /* Tweak the output alphabet just a bit. */
+    while ((p = strchr(sym, '/')) != NULL)
+        *p = '_';
+    while ((p = strchr(sym, '+')) != NULL)
+        *p = '-';
+    *sym_out = sym;
+    return 0;
 }
 
 krb5_error_code krb5_ccache_overwrite(context, ccs, cct, primary_principal)
diff --git a/src/clients/ksu/ksu.h b/src/clients/ksu/ksu.h
index fbbf217..5ba5ceb 100644
--- a/src/clients/ksu/ksu.h
+++ b/src/clients/ksu/ksu.h
@@ -130,7 +130,7 @@ extern krb5_error_code krb5_get_login_princ
 extern void show_credential
 (krb5_context, krb5_creds *, krb5_ccache);
 
-extern int gen_sym (void);
+krb5_error_code gen_sym(krb5_context context, char **sym);
 
 extern krb5_error_code krb5_ccache_overwrite
 (krb5_context, krb5_ccache, krb5_ccache, krb5_principal);
diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
index 41a3bf8..47fa820 100644
--- a/src/clients/ksu/main.c
+++ b/src/clients/ksu/main.c
@@ -856,7 +856,7 @@ resolve_target_cache(krb5_context context, krb5_principal princ,
     krb5_error_code retval;
     krb5_boolean switchable, reused = FALSE;
     krb5_ccache ccache = NULL;
-    char *sep, *ccname = NULL, *target;
+    char *sep, *ccname = NULL, *sym = NULL, *target;
 
     *ccache_out = NULL;
     *ccache_reused = FALSE;
@@ -876,12 +876,20 @@ resolve_target_cache(krb5_context context, krb5_principal princ,
          * the name of a cache that doesn't exist yet. */
         do {
             free(ccname);
-            if (asprintf(&ccname, "%s.%d", target, gen_sym()) < 0) {
+            retval = gen_sym(context, &sym);
+            if (retval) {
+                com_err(prog_name, retval,
+                        _("while generating part of the target ccache name"));
+                return retval;
+            }
+            if (asprintf(&ccname, "%s.%s", target, sym) < 0) {
                 retval = ENOMEM;
-                com_err(prog_name, ENOMEM,
-                        _("while allocating memory for target ccache name"));
+                free(sym);
+                com_err(prog_name, retval, _("while allocating memory for the "
+                                             "target ccache name"));
                 goto cleanup;
             }
+            free(sym);
         } while (ks_ccache_name_is_initialized(context, ccname));
         retval = krb5_cc_resolve(context, ccname, &ccache);
     } else {
-- 
2.0.4