On 01/31/2013 08:07 PM, Jakub Hrozek wrote:
On Thu, Jan 31, 2013 at 11:52:53AM +0100, Pavel Březina wrote:
https://fedorahosted.org/sssd/ticket/1795
From aba6be77012e2c4f741d78e887f9524b869b78ae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Thu, 31 Jan 2013 11:21:06 +0100
Subject: [PATCH 1/2] util: add replace_char() function
Replace all occurrences of character in string with other character.
Please add a unit test for new utility functions. I know that this is
a trivial C function, but in general I think we should start to be far
stricter especially with new code now that we are not rushing for a deadline.
No, thank you.
Just kidding :-) I switched to the condition below, which is not generic
enough to create a separate utility function.
I would also say that we should be even more defensive because currently
the libkrb5 code only allows these file names (see valid_name() function
in src/util/profile/prof_parse.c):
if (!isalnum((unsigned char)*p) && *p != '-' && *p != '_')
return invalid;
So in my opinion we should replace any character that doesn't match the
above. Dot would be the typical case, but I don't think we guarantee
that other weird characters don't appear in the domain name. Debugging
why the file didn't load would then be very hard.
I tried $ and @ characters in addition to dot and we fail to initialize
D-Bus with those characters present. They must be escaped to be used in
D-Bus.
Maybe make it clear with the function name that the replace is not done
in-place?
+{
+ char *str = NULL;
+ char *pos = NULL;
+
You don't need to initialize the pointers here as they are assigned on
the next line..
I know. It is my habit to always initialize variables (except ret).
New patch is attached.
From a0388dc52f5461f72f8221c9bb7c92008e1fe2c5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Fri, 1 Feb 2013 12:17:47 +0100
Subject: [PATCH] subdomains: replace invalid characters with underscore in
krb5 mapping file name
https://fedorahosted.org/sssd/ticket/1795
Only alpha-numeric chars, dashes and underscores are allowed in
krb5 include directory.
---
src/providers/ipa/ipa_subdomains.c | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index ef6195d19de72be7fd2b12a309b33fcf20e0e3a1..f959c4e6eb1d830e3990f552c9f4cf962298ef48 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -287,22 +287,46 @@ ipa_subdomains_write_mappings(struct sss_domain_info *domain,
errno_t err;
TALLOC_CTX *tmp_ctx;
const char *mapping_file;
+ char *sanitized_domain;
char *tmp_file = NULL;
int fd = -1;
mode_t old_mode;
FILE *fstream = NULL;
size_t i;
+ if (domain == NULL || domain->name == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("No domain name provided\n"));
+ return EINVAL;
+ }
+
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) return ENOMEM;
+ sanitized_domain = talloc_strdup(tmp_ctx, domain->name);
+ if (sanitized_domain == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup() failed\n"));
+ return ENOMEM;
+ }
+
+ /* only alpha-numeric chars, dashes and underscores are allowed in
+ * krb5 include directory */
+ for (i = 0; sanitized_domain[i] != '\0'; i++) {
+ if (!isalnum(sanitized_domain[i])
+ && sanitized_domain[i] != '-' && sanitized_domain[i] != '_') {
+ sanitized_domain[i] = '_';
+ }
+ }
+
mapping_file = talloc_asprintf(tmp_ctx, "%s/domain_realm_%s",
- IPA_SUBDOMAIN_MAPPING_DIR, domain->name);
+ IPA_SUBDOMAIN_MAPPING_DIR, sanitized_domain);
if (!mapping_file) {
ret = ENOMEM;
goto done;
}
+ DEBUG(SSSDBG_FUNC_DATA, ("Mapping file for domain [%s] is [%s]\n",
+ domain->name, mapping_file));
+
tmp_file = talloc_asprintf(tmp_ctx, "%sXXXXXX", mapping_file);
if (tmp_file == NULL) {
ret = ENOMEM;
--
1.7.11.7
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
