rpms / sssd

Clone
Source Code
GIT

Blame SOURCES/0006-UTIL-Add-sss_filter_sanitize_ex.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   6cf099e23f0d52471d4c0199a7e8bbd588dac686
  2.   SOURCES
  3.   0006-UTIL-Add-sss_filter_sanitize_ex.patch
Blob History Raw
6cf099 
From f736b14f1e308d67e091d3ee56ef0384d618130e Mon Sep 17 00:00:00 2001
6cf099 
From: Jakub Hrozek <jhrozek@redhat.com>
6cf099 
Date: Mon, 4 May 2015 13:10:01 +0200
6cf099 
Subject: [PATCH 06/13] UTIL: Add sss_filter_sanitize_ex
6cf099 
MIME-Version: 1.0
6cf099 
Content-Type: text/plain; charset=UTF-8
6cf099 
Content-Transfer-Encoding: 8bit
6cf099
6cf099 
Related:
6cf099 
    https://fedorahosted.org/sssd/ticket/2553
6cf099
6cf099 
In order to support wildcard request, we need to introduce an optionally
6cf099 
relaxed version of sss_filter_sanitize that allows to select which
6cf099 
characters are exempt from sanitizing.
6cf099
6cf099 
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
6cf099 
---
6cf099 
 src/tests/util-tests.c |  9 +++++++++
6cf099 
 src/util/util.c        | 28 +++++++++++++++++++++++++---
6cf099 
 src/util/util.h        |  5 +++++
6cf099 
 3 files changed, 39 insertions(+), 3 deletions(-)
6cf099
6cf099 
diff --git a/src/tests/util-tests.c b/src/tests/util-tests.c
6cf099 
index 3d42f0193a677200d5cb4a46805892bed978305c..bfdf078027250b8ff0ce0da2d37fbb20f391d06b 100644
6cf099 
--- a/src/tests/util-tests.c
6cf099 
+++ b/src/tests/util-tests.c
6cf099 
@@ -406,6 +406,15 @@ START_TEST(test_sss_filter_sanitize)
6cf099 
                 "Expected [%s], got [%s]",
6cf099 
                 has_all_expected, sanitized);
6cf099
6cf099 
+    /* Input is reused from previous test - "\\(user)*name" */
6cf099 
+    const char has_all_allow_asterisk_expected[] = "\\5c\\28user\\29*name";
6cf099 
+    ret = sss_filter_sanitize_ex(test_ctx, has_all, &sanitized, "*");
6cf099 
+    fail_unless(ret == EOK, "has_all error [%d][%s]",
6cf099 
+                ret, strerror(ret));
6cf099 
+    fail_unless(strcmp(has_all_allow_asterisk_expected, sanitized)==0,
6cf099 
+                "Expected [%s], got [%s]",
6cf099 
+                has_all_expected, sanitized);
6cf099 
+
6cf099 
     talloc_free(test_ctx);
6cf099 
 }
6cf099 
 END_TEST
6cf099 
diff --git a/src/util/util.c b/src/util/util.c
6cf099 
index cfd26a58b31048996e9669163b821282b219b2de..782cd026b7928e607a8980fb5f333c794feb5b1a 100644
6cf099 
--- a/src/util/util.c
6cf099 
+++ b/src/util/util.c
6cf099 
@@ -525,13 +525,15 @@ errno_t sss_hash_create(TALLOC_CTX *mem_ctx, unsigned long count,
6cf099 
     return sss_hash_create_ex(mem_ctx, count, tbl, 0, 0, 0, 0, NULL, NULL);
6cf099 
 }
6cf099
6cf099 
-errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx,
6cf099 
-                            const char *input,
6cf099 
-                            char **sanitized)
6cf099 
+errno_t sss_filter_sanitize_ex(TALLOC_CTX *mem_ctx,
6cf099 
+                               const char *input,
6cf099 
+                               char **sanitized,
6cf099 
+                               const char *ignore)
6cf099 
 {
6cf099 
     char *output;
6cf099 
     size_t i = 0;
6cf099 
     size_t j = 0;
6cf099 
+    char *allowed;
6cf099
6cf099 
     /* Assume the worst-case. We'll resize it later, once */
6cf099 
     output = talloc_array(mem_ctx, char, strlen(input) * 3 + 1);
6cf099 
@@ -540,6 +542,19 @@ errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx,
6cf099 
     }
6cf099
6cf099 
     while (input[i]) {
6cf099 
+        /* Even though this character might have a special meaning, if it's
6cf099 
+         * expliticly allowed, just copy it and move on
6cf099 
+         */
6cf099 
+        if (ignore == NULL) {
6cf099 
+            allowed = NULL;
6cf099 
+        } else {
6cf099 
+            allowed = strchr(ignore, input[i]);
6cf099 
+        }
6cf099 
+        if (allowed) {
6cf099 
+            output[j++] = input[i++];
6cf099 
+            continue;
6cf099 
+        }
6cf099 
+
6cf099 
         switch(input[i]) {
6cf099 
         case '\t':
6cf099 
             output[j++] = '\\';
6cf099 
@@ -587,6 +602,13 @@ errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx,
6cf099 
     return EOK;
6cf099 
 }
6cf099
6cf099 
+errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx,
6cf099 
+                            const char *input,
6cf099 
+                            char **sanitized)
6cf099 
+{
6cf099 
+    return sss_filter_sanitize_ex(mem_ctx, input, sanitized, NULL);
6cf099 
+}
6cf099 
+
6cf099 
 char *
6cf099 
 sss_escape_ip_address(TALLOC_CTX *mem_ctx, int family, const char *addr)
6cf099 
 {
6cf099 
diff --git a/src/util/util.h b/src/util/util.h
6cf099 
index 3d90cf0d1024b93016987a4d3e8a515359fd974d..94a3ddea839f0998cb7796f1d2fe13f743de3aaf 100644
6cf099 
--- a/src/util/util.h
6cf099 
+++ b/src/util/util.h
6cf099 
@@ -485,6 +485,11 @@ errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx,
6cf099 
                             const char *input,
6cf099 
                             char **sanitized);
6cf099
6cf099 
+errno_t sss_filter_sanitize_ex(TALLOC_CTX *mem_ctx,
6cf099 
+                               const char *input,
6cf099 
+                               char **sanitized,
6cf099 
+                               const char *ignore);
6cf099 
+
6cf099 
 errno_t sss_filter_sanitize_for_dom(TALLOC_CTX *mem_ctx,
6cf099 
                                     const char *input,
6cf099 
                                     struct sss_domain_info *dom,
6cf099 
--
6cf099 
2.4.3
6cf099

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation