|
|
6cf099 |
From f736b14f1e308d67e091d3ee56ef0384d618130e Mon Sep 17 00:00:00 2001
|
|
|
6cf099 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
6cf099 |
Date: Mon, 4 May 2015 13:10:01 +0200
|
|
|
6cf099 |
Subject: [PATCH 06/13] UTIL: Add sss_filter_sanitize_ex
|
|
|
6cf099 |
MIME-Version: 1.0
|
|
|
6cf099 |
Content-Type: text/plain; charset=UTF-8
|
|
|
6cf099 |
Content-Transfer-Encoding: 8bit
|
|
|
6cf099 |
|
|
|
6cf099 |
Related:
|
|
|
6cf099 |
https://fedorahosted.org/sssd/ticket/2553
|
|
|
6cf099 |
|
|
|
6cf099 |
In order to support wildcard request, we need to introduce an optionally
|
|
|
6cf099 |
relaxed version of sss_filter_sanitize that allows to select which
|
|
|
6cf099 |
characters are exempt from sanitizing.
|
|
|
6cf099 |
|
|
|
6cf099 |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
6cf099 |
---
|
|
|
6cf099 |
src/tests/util-tests.c | 9 +++++++++
|
|
|
6cf099 |
src/util/util.c | 28 +++++++++++++++++++++++++---
|
|
|
6cf099 |
src/util/util.h | 5 +++++
|
|
|
6cf099 |
3 files changed, 39 insertions(+), 3 deletions(-)
|
|
|
6cf099 |
|
|
|
6cf099 |
diff --git a/src/tests/util-tests.c b/src/tests/util-tests.c
|
|
|
6cf099 |
index 3d42f0193a677200d5cb4a46805892bed978305c..bfdf078027250b8ff0ce0da2d37fbb20f391d06b 100644
|
|
|
6cf099 |
--- a/src/tests/util-tests.c
|
|
|
6cf099 |
+++ b/src/tests/util-tests.c
|
|
|
6cf099 |
@@ -406,6 +406,15 @@ START_TEST(test_sss_filter_sanitize)
|
|
|
6cf099 |
"Expected [%s], got [%s]",
|
|
|
6cf099 |
has_all_expected, sanitized);
|
|
|
6cf099 |
|
|
|
6cf099 |
+ /* Input is reused from previous test - "\\(user)*name" */
|
|
|
6cf099 |
+ const char has_all_allow_asterisk_expected[] = "\\5c\\28user\\29*name";
|
|
|
6cf099 |
+ ret = sss_filter_sanitize_ex(test_ctx, has_all, &sanitized, "*");
|
|
|
6cf099 |
+ fail_unless(ret == EOK, "has_all error [%d][%s]",
|
|
|
6cf099 |
+ ret, strerror(ret));
|
|
|
6cf099 |
+ fail_unless(strcmp(has_all_allow_asterisk_expected, sanitized)==0,
|
|
|
6cf099 |
+ "Expected [%s], got [%s]",
|
|
|
6cf099 |
+ has_all_expected, sanitized);
|
|
|
6cf099 |
+
|
|
|
6cf099 |
talloc_free(test_ctx);
|
|
|
6cf099 |
}
|
|
|
6cf099 |
END_TEST
|
|
|
6cf099 |
diff --git a/src/util/util.c b/src/util/util.c
|
|
|
6cf099 |
index cfd26a58b31048996e9669163b821282b219b2de..782cd026b7928e607a8980fb5f333c794feb5b1a 100644
|
|
|
6cf099 |
--- a/src/util/util.c
|
|
|
6cf099 |
+++ b/src/util/util.c
|
|
|
6cf099 |
@@ -525,13 +525,15 @@ errno_t sss_hash_create(TALLOC_CTX *mem_ctx, unsigned long count,
|
|
|
6cf099 |
return sss_hash_create_ex(mem_ctx, count, tbl, 0, 0, 0, 0, NULL, NULL);
|
|
|
6cf099 |
}
|
|
|
6cf099 |
|
|
|
6cf099 |
-errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx,
|
|
|
6cf099 |
- const char *input,
|
|
|
6cf099 |
- char **sanitized)
|
|
|
6cf099 |
+errno_t sss_filter_sanitize_ex(TALLOC_CTX *mem_ctx,
|
|
|
6cf099 |
+ const char *input,
|
|
|
6cf099 |
+ char **sanitized,
|
|
|
6cf099 |
+ const char *ignore)
|
|
|
6cf099 |
{
|
|
|
6cf099 |
char *output;
|
|
|
6cf099 |
size_t i = 0;
|
|
|
6cf099 |
size_t j = 0;
|
|
|
6cf099 |
+ char *allowed;
|
|
|
6cf099 |
|
|
|
6cf099 |
/* Assume the worst-case. We'll resize it later, once */
|
|
|
6cf099 |
output = talloc_array(mem_ctx, char, strlen(input) * 3 + 1);
|
|
|
6cf099 |
@@ -540,6 +542,19 @@ errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx,
|
|
|
6cf099 |
}
|
|
|
6cf099 |
|
|
|
6cf099 |
while (input[i]) {
|
|
|
6cf099 |
+ /* Even though this character might have a special meaning, if it's
|
|
|
6cf099 |
+ * expliticly allowed, just copy it and move on
|
|
|
6cf099 |
+ */
|
|
|
6cf099 |
+ if (ignore == NULL) {
|
|
|
6cf099 |
+ allowed = NULL;
|
|
|
6cf099 |
+ } else {
|
|
|
6cf099 |
+ allowed = strchr(ignore, input[i]);
|
|
|
6cf099 |
+ }
|
|
|
6cf099 |
+ if (allowed) {
|
|
|
6cf099 |
+ output[j++] = input[i++];
|
|
|
6cf099 |
+ continue;
|
|
|
6cf099 |
+ }
|
|
|
6cf099 |
+
|
|
|
6cf099 |
switch(input[i]) {
|
|
|
6cf099 |
case '\t':
|
|
|
6cf099 |
output[j++] = '\\';
|
|
|
6cf099 |
@@ -587,6 +602,13 @@ errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx,
|
|
|
6cf099 |
return EOK;
|
|
|
6cf099 |
}
|
|
|
6cf099 |
|
|
|
6cf099 |
+errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx,
|
|
|
6cf099 |
+ const char *input,
|
|
|
6cf099 |
+ char **sanitized)
|
|
|
6cf099 |
+{
|
|
|
6cf099 |
+ return sss_filter_sanitize_ex(mem_ctx, input, sanitized, NULL);
|
|
|
6cf099 |
+}
|
|
|
6cf099 |
+
|
|
|
6cf099 |
char *
|
|
|
6cf099 |
sss_escape_ip_address(TALLOC_CTX *mem_ctx, int family, const char *addr)
|
|
|
6cf099 |
{
|
|
|
6cf099 |
diff --git a/src/util/util.h b/src/util/util.h
|
|
|
6cf099 |
index 3d90cf0d1024b93016987a4d3e8a515359fd974d..94a3ddea839f0998cb7796f1d2fe13f743de3aaf 100644
|
|
|
6cf099 |
--- a/src/util/util.h
|
|
|
6cf099 |
+++ b/src/util/util.h
|
|
|
6cf099 |
@@ -485,6 +485,11 @@ errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx,
|
|
|
6cf099 |
const char *input,
|
|
|
6cf099 |
char **sanitized);
|
|
|
6cf099 |
|
|
|
6cf099 |
+errno_t sss_filter_sanitize_ex(TALLOC_CTX *mem_ctx,
|
|
|
6cf099 |
+ const char *input,
|
|
|
6cf099 |
+ char **sanitized,
|
|
|
6cf099 |
+ const char *ignore);
|
|
|
6cf099 |
+
|
|
|
6cf099 |
errno_t sss_filter_sanitize_for_dom(TALLOC_CTX *mem_ctx,
|
|
|
6cf099 |
const char *input,
|
|
|
6cf099 |
struct sss_domain_info *dom,
|
|
|
6cf099 |
--
|
|
|
6cf099 |
2.4.3
|
|
|
6cf099 |
|