diff options
-rw-r--r-- | source3/auth/auth_util.c | 27 | ||||
-rw-r--r-- | source3/lib/util_str.c | 74 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_pam.c | 18 | ||||
-rw-r--r-- | source3/passdb/pdb_ldap.c | 3 |
4 files changed, 101 insertions, 21 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 497f16adf2..eb15fff7c8 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -591,33 +591,36 @@ static NTSTATUS create_nt_user_token(const DOM_SID *user_sid, const DOM_SID *gro (strlen(lp_log_nt_token_command()) > 0)) { TALLOC_CTX *mem_ctx; char *command; - fstring sidstr; - char *user_sidstr, *group_sidstr; + char *group_sidstr; mem_ctx = talloc_init("setnttoken"); if (mem_ctx == NULL) return NT_STATUS_NO_MEMORY; - sid_to_string(sidstr, &ptoken->user_sids[0]); - user_sidstr = talloc_strdup(mem_ctx, sidstr); - group_sidstr = talloc_strdup(mem_ctx, ""); for (i=1; i<ptoken->num_sids; i++) { - sid_to_string(sidstr, &ptoken->user_sids[i]); - group_sidstr = talloc_asprintf(mem_ctx, "%s %s", - group_sidstr, sidstr); + group_sidstr = talloc_asprintf( + mem_ctx, "%s %s", group_sidstr, + sid_string_static(&ptoken->user_sids[i])); + } + + command = talloc_string_sub( + mem_ctx, lp_log_nt_token_command(), + "%s", sid_string_static(&ptoken->user_sids[0])); + command = talloc_string_sub( + mem_ctx, command, "%t", group_sidstr); + + if (command == NULL) { + talloc_destroy(mem_ctx); + return NT_STATUS_NO_MEMORY; } - command = SMB_STRDUP(lp_log_nt_token_command()); - command = realloc_string_sub(command, "%s", user_sidstr); - command = realloc_string_sub(command, "%t", group_sidstr); DEBUG(8, ("running command: [%s]\n", command)); if (smbrun(command, NULL) != 0) { DEBUG(0, ("Could not log NT token\n")); nt_status = NT_STATUS_ACCESS_DENIED; } talloc_destroy(mem_ctx); - SAFE_FREE(command); } *token = ptoken; diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c index 9b14dcfaf0..80bb2ff2ad 100644 --- a/source3/lib/util_str.c +++ b/source3/lib/util_str.c @@ -1003,7 +1003,8 @@ void pstring_sub(char *s,const char *pattern,const char *insert) as string. **/ -char *realloc_string_sub(char *string, const char *pattern, const char *insert) +char *realloc_string_sub(char *string, const char *pattern, + const char *insert) { char *p, *in; char *s; @@ -1063,6 +1064,77 @@ char *realloc_string_sub(char *string, const char *pattern, const char *insert) return string; } +/* Same as string_sub, but returns a talloc'ed string */ + +char *talloc_string_sub(TALLOC_CTX *mem_ctx, const char *src, + const char *pattern, const char *insert) +{ + char *p, *in; + char *s; + char *string; + ssize_t ls,lp,li,ld, i; + + if (!insert || !pattern || !*pattern || !src || !*src) + return NULL; + + string = talloc_strdup(mem_ctx, src); + if (string == NULL) { + DEBUG(0, ("talloc_strdup failed\n")); + return NULL; + } + + s = string; + + in = SMB_STRDUP(insert); + if (!in) { + DEBUG(0, ("talloc_string_sub: out of memory!\n")); + return NULL; + } + ls = (ssize_t)strlen(s); + lp = (ssize_t)strlen(pattern); + li = (ssize_t)strlen(insert); + ld = li - lp; + for (i=0;i<li;i++) { + switch (in[i]) { + case '`': + case '"': + case '\'': + case ';': + case '$': + case '%': + case '\r': + case '\n': + in[i] = '_'; + default: + /* ok */ + break; + } + } + + while ((p = strstr_m(s,pattern))) { + if (ld > 0) { + int offset = PTR_DIFF(s,string); + char *t = TALLOC_REALLOC(mem_ctx, string, ls + ld + 1); + if (!t) { + DEBUG(0, ("talloc_string_sub: out of " + "memory!\n")); + SAFE_FREE(in); + return NULL; + } + string = t; + p = t + offset + (p - s); + } + if (li != lp) { + memmove(p+li,p+lp,strlen(p+lp)+1); + } + memcpy(p, in, li); + s = p + li; + ls += ld; + } + SAFE_FREE(in); + return string; +} + /** Similar to string_sub() but allows for any character to be substituted. Use with caution! diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index e683f397b6..1d9b77afee 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -419,16 +419,21 @@ done: if ( NT_STATUS_IS_OK(result) && (state->request.flags & WBFLAG_PAM_AFS_TOKEN) ) { - char *afsname = SMB_STRDUP(lp_afs_username_map()); + char *afsname = talloc_strdup(state->mem_ctx, + lp_afs_username_map()); char *cell; if (afsname == NULL) { goto no_token; } - afsname = realloc_string_sub(afsname, "%D", name_domain); - afsname = realloc_string_sub(afsname, "%u", name_user); - afsname = realloc_string_sub(afsname, "%U", name_user); + afsname = talloc_string_sub(state->mem_ctx, + lp_afs_username_map(), + "%D", name_domain); + afsname = talloc_string_sub(state->mem_ctx, afsname, + "%u", name_user); + afsname = talloc_string_sub(state->mem_ctx, afsname, + "%U", name_user); { DOM_SID user_sid; @@ -437,7 +442,8 @@ done: sid_copy(&user_sid, &info3.dom_sid.sid); sid_append_rid(&user_sid, info3.user_rid); sid_to_string(sidstr, &user_sid); - afsname = realloc_string_sub(afsname, "%s", sidstr); + afsname = talloc_string_sub(state->mem_ctx, afsname, + "%s", sidstr); } if (afsname == NULL) { @@ -466,7 +472,7 @@ done: strlen(state->response.extra_data)+1; no_token: - SAFE_FREE(afsname); + talloc_free(afsname); } return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 20cf2d328e..cb0bc8eeb6 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -3708,8 +3708,7 @@ char *get_ldap_filter(TALLOC_CTX *mem_ctx, const char *username) escaped = escape_ldap_string_alloc(username); if (escaped == NULL) goto done; - filter = realloc_string_sub(filter, "%u", username); - result = talloc_strdup(mem_ctx, filter); + result = talloc_string_sub(mem_ctx, filter, "%u", username); done: SAFE_FREE(filter); |