diff options
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 4 | ||||
-rw-r--r-- | src/providers/krb5/krb5_utils.c | 16 | ||||
-rw-r--r-- | src/providers/krb5/krb5_utils.h | 2 | ||||
-rw-r--r-- | src/tests/krb5_utils-tests.c | 46 |
4 files changed, 56 insertions, 12 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 6aaf7fbe..66cee473 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -626,7 +626,9 @@ static void krb5_find_ccache_step(struct tevent_req *req) kr->ccname = expand_ccname_template(kr, kr, dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL), - true, &private_path); + true, + state->be_ctx->domain->case_sensitive, + &private_path); if (kr->ccname == NULL) { DEBUG(1, ("expand_ccname_template failed.\n")); ret = ENOMEM; diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c index 7fb0c8b3..2957598c 100644 --- a/src/providers/krb5/krb5_utils.c +++ b/src/providers/krb5/krb5_utils.c @@ -30,13 +30,14 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, const char *template, bool file_mode, - bool *private_path) + bool case_sensitive, bool *private_path) { char *copy; char *p; char *n; char *result = NULL; char *dummy; + char *name; char *res = NULL; const char *cache_dir_tmpl; TALLOC_CTX *tmp_ctx = NULL; @@ -79,8 +80,16 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, "because user name is empty.\n")); goto done; } + name = sss_get_cased_name(tmp_ctx, kr->pd->user, + case_sensitive); + if (!name) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("sss_get_cased_name failed\n")); + goto done; + } + result = talloc_asprintf_append(result, "%s%s", p, - kr->pd->user); + name); if (!file_mode) *private_path = true; break; case 'U': @@ -132,7 +141,8 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, } dummy = expand_ccname_template(tmp_ctx, kr, cache_dir_tmpl, - false, private_path); + false, case_sensitive, + private_path); if (dummy == NULL) { DEBUG(1, ("Expanding credential cache directory " "template failed.\n")); diff --git a/src/providers/krb5/krb5_utils.h b/src/providers/krb5/krb5_utils.h index 8977e14f..7cc57d42 100644 --- a/src/providers/krb5/krb5_utils.h +++ b/src/providers/krb5/krb5_utils.h @@ -33,7 +33,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, const char *template, bool file_mode, - bool *private_path); + bool case_sensitive, bool *private_path); errno_t become_user(uid_t uid, gid_t gid); diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c index 6993398a..aacc384d 100644 --- a/src/tests/krb5_utils-tests.c +++ b/src/tests/krb5_utils-tests.c @@ -421,7 +421,7 @@ static void do_test(const char *file_template, const char *dir_template, fail_unless(ret == EOK, "Failed to set Ccache dir"); result = expand_ccname_template(tmp_ctx, kr, file_template, true, - &private_path); + true, &private_path); fail_unless(result != NULL, "Cannot expand template [%s].", file_template); fail_unless(strcmp(result, expected) == 0, @@ -448,6 +448,37 @@ START_TEST(test_username) } END_TEST +START_TEST(test_case_sensitive) +{ + char *result; + int ret; + bool private_path = false; + const char *file_template = BASE"_%u"; + const char *expected_cs = BASE"_TestUser"; + const char *expected_ci = BASE"_testuser"; + + kr->pd->user = discard_const("TestUser"); + ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, CCACHE_DIR); + fail_unless(ret == EOK, "Failed to set Ccache dir"); + + result = expand_ccname_template(tmp_ctx, kr, file_template, true, + true, &private_path); + + fail_unless(result != NULL, "Cannot expand template [%s].", file_template); + fail_unless(strcmp(result, expected_cs) == 0, + "Expansion failed, result [%s], expected [%s].", + result, expected_cs); + + result = expand_ccname_template(tmp_ctx, kr, file_template, true, + false, &private_path); + + fail_unless(result != NULL, "Cannot expand template [%s].", file_template); + fail_unless(strcmp(result, expected_ci) == 0, + "Expansion failed, result [%s], expected [%s].", + result, expected_ci); +} +END_TEST + START_TEST(test_uid) { do_test(BASE"_%U", CCACHE_DIR, BASE"_"UID, false); @@ -488,7 +519,7 @@ START_TEST(test_ccache_dir) fail_unless(ret == EOK, "Failed to set Ccache dir"); result = expand_ccname_template(tmp_ctx, kr, "%d/"FILENAME, true, - &private_path); + true, &private_path); fail_unless(result == NULL, "Using %%d in ccache dir should fail."); fail_unless(private_path == false, @@ -509,7 +540,7 @@ START_TEST(test_pid) fail_unless(ret == EOK, "Failed to set Ccache dir"); result = expand_ccname_template(tmp_ctx, kr, "%d/"FILENAME, true, - &private_path); + true, &private_path); fail_unless(result == NULL, "Using %%P in ccache dir should fail."); fail_unless(private_path == false, @@ -533,7 +564,7 @@ START_TEST(test_unknow_template) bool private_path = false; result = expand_ccname_template(tmp_ctx, kr, test_template, true, - &private_path); + true, &private_path); fail_unless(result == NULL, "Unknown template [%s] should fail.", test_template); @@ -542,7 +573,7 @@ START_TEST(test_unknow_template) fail_unless(ret == EOK, "Failed to set Ccache dir"); test_template = "%d/"FILENAME; result = expand_ccname_template(tmp_ctx, kr, test_template, true, - &private_path); + true, &private_path); fail_unless(result == NULL, "Unknown template [%s] should fail.", test_template); @@ -559,7 +590,7 @@ START_TEST(test_NULL) bool private_path = false; result = expand_ccname_template(tmp_ctx, kr, test_template, true, - &private_path); + true, &private_path); fail_unless(result == NULL, "Expected NULL as a result for an empty input.", test_template); @@ -576,7 +607,7 @@ START_TEST(test_no_substitution) bool private_path = false; result = expand_ccname_template(tmp_ctx, kr, test_template, true, - &private_path); + true, &private_path); fail_unless(result != NULL, "Cannot expand template [%s].", test_template); fail_unless(strcmp(result, test_template) == 0, @@ -599,6 +630,7 @@ Suite *krb5_utils_suite (void) tcase_add_test (tc_ccname_template, test_NULL); tcase_add_test (tc_ccname_template, test_unknow_template); tcase_add_test (tc_ccname_template, test_username); + tcase_add_test (tc_ccname_template, test_case_sensitive); tcase_add_test (tc_ccname_template, test_uid); tcase_add_test (tc_ccname_template, test_upn); tcase_add_test (tc_ccname_template, test_realm); |