summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/providers/krb5/krb5_utils.c45
-rw-r--r--src/tests/krb5_utils-tests.c30
2 files changed, 45 insertions, 30 deletions
diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c
index df789215..6bf1cf61 100644
--- a/src/providers/krb5/krb5_utils.c
+++ b/src/providers/krb5/krb5_utils.c
@@ -157,24 +157,14 @@ done:
return ret;
}
-#define S_EXP_TEMP "{TEMP}"
-#define L_EXP_TEMP (sizeof(S_EXP_TEMP) - 1)
#define S_EXP_UID "{uid}"
#define L_EXP_UID (sizeof(S_EXP_UID) - 1)
#define S_EXP_USERID "{USERID}"
#define L_EXP_USERID (sizeof(S_EXP_USERID) - 1)
#define S_EXP_EUID "{euid}"
#define L_EXP_EUID (sizeof(S_EXP_EUID) - 1)
-#define S_EXP_NULL "{null}"
-#define L_EXP_NULL (sizeof(S_EXP_NULL) - 1)
#define S_EXP_USERNAME "{username}"
#define L_EXP_USERNAME (sizeof(S_EXP_USERNAME) - 1)
-#define S_EXP_LIBDIR "{LIBDIR}"
-#define L_EXP_LIBDIR (sizeof(S_EXP_LIBDIR) - 1)
-#define S_EXP_BINDIR "{BINDIR}"
-#define L_EXP_BINDIR (sizeof(S_EXP_BINDIR) - 1)
-#define S_EXP_SBINDIR "{SBINDIR}"
-#define L_EXP_SBINDIR (sizeof(S_EXP_SBINDIR) - 1)
char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
const char *template, bool file_mode,
@@ -325,11 +315,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
/* Additional syntax from krb5.conf default_ccache_name */
case '{':
- if (strncmp(n, S_EXP_TEMP, L_EXP_TEMP) == 0) {
- /* let the libkrb5 library resolve this */
- result = talloc_asprintf_append(result, "%%"S_EXP_TEMP);
- n += L_EXP_TEMP - 1;
- } else if (strncmp(n , S_EXP_UID, L_EXP_UID) == 0) {
+ if (strncmp(n , S_EXP_UID, L_EXP_UID) == 0) {
action = 'U';
n += L_EXP_UID - 1;
rerun = true;
@@ -346,26 +332,25 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
n += L_EXP_EUID - 1;
rerun = true;
continue;
- } else if (strncmp(n , S_EXP_NULL, L_EXP_NULL) == 0) {
- /* skip immediately */
- n += L_EXP_NULL - 1;
} else if (strncmp(n , S_EXP_USERNAME, L_EXP_USERNAME) == 0) {
action = 'u';
n += L_EXP_USERNAME - 1;
rerun = true;
continue;
- } else if (strncmp(n , S_EXP_LIBDIR, L_EXP_LIBDIR) == 0) {
- /* skip, only the libkrb5 library can resolve this */
- result = talloc_asprintf_append(result, "%%"S_EXP_LIBDIR);
- n += L_EXP_LIBDIR - 1;
- } else if (strncmp(n , S_EXP_BINDIR, L_EXP_BINDIR) == 0) {
- /* skip, only the libkrb5 library can resolve this */
- result = talloc_asprintf_append(result, "%%"S_EXP_BINDIR);
- n += L_EXP_BINDIR - 1;
- } else if (strncmp(n , S_EXP_SBINDIR, L_EXP_SBINDIR) == 0) {
- /* skip, only the libkrb5 library can resolve this */
- result = talloc_asprintf_append(result, "%%"S_EXP_SBINDIR);
- n += L_EXP_SBINDIR - 1;
+ } else {
+ /* ignore any expansion variable we do not understand and
+ * let libkrb5 hndle it or fail */
+ name = n;
+ n = strchr(name, '}');
+ if (!n) {
+ DEBUG(SSSDBG_CRIT_FAILURE, (
+ "Invalid substitution sequence in cache "
+ "template. Missing closing '}' in [%s].\n",
+ template));
+ goto done;
+ }
+ result = talloc_asprintf_append(result, "%s%%%.*s", p,
+ (int)(n - name + 1), name);
}
break;
default:
diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c
index 174d463b..4715774f 100644
--- a/src/tests/krb5_utils-tests.c
+++ b/src/tests/krb5_utils-tests.c
@@ -673,6 +673,35 @@ START_TEST(test_no_substitution)
}
END_TEST
+START_TEST(test_krb5_style_expansion)
+{
+ char *result;
+ bool private_path = false;
+ const char *file_template;
+ const char *expected;
+
+ file_template = BASE"/%{uid}/%{USERID}/%{euid}/%{username}";
+ expected = BASE"/"UID"/"UID"/"UID"/"USERNAME;
+ result = expand_ccname_template(tmp_ctx, kr, file_template, true,
+ true, &private_path);
+
+ fail_unless(result != NULL, "Cannot expand template [%s].", file_template);
+ fail_unless(strcmp(result, expected) == 0,
+ "Expansion failed, result [%s], expected [%s].",
+ result, expected);
+
+ file_template = BASE"/%{unknown}";
+ expected = BASE"/%{unknown}";
+ result = expand_ccname_template(tmp_ctx, kr, file_template, true,
+ false, &private_path);
+
+ fail_unless(result != NULL, "Cannot expand template [%s].", file_template);
+ fail_unless(strcmp(result, expected) == 0,
+ "Expansion failed, result [%s], expected [%s].",
+ result, expected);
+}
+END_TEST
+
START_TEST(test_compare_principal_realm)
{
int ret;
@@ -738,6 +767,7 @@ Suite *krb5_utils_suite (void)
tcase_add_test (tc_ccname_template, test_pid);
tcase_add_test (tc_ccname_template, test_percent);
tcase_add_test (tc_ccname_template, test_multiple_substitutions);
+ tcase_add_test (tc_ccname_template, test_krb5_style_expansion);
suite_add_tcase (s, tc_ccname_template);
TCase *tc_create_dir = tcase_create("create_dir");