UTIL: Add sss_filter_sanitize_ex

Related:
    https://fedorahosted.org/sssd/ticket/2553

In order to support wildcard request, we need to introduce an optionally
relaxed version of sss_filter_sanitize that allows to select which
characters are exempt from sanitizing.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>

3 files changed, 39 insertions, 3 deletions

diff --git a/src/tests/util-tests.c b/src/tests/util-tests.c
index 3d42f0193..bfdf07802 100644
--- a/src/tests/util-tests.c
+++ b/src/tests/util-tests.c
@@ -406,6 +406,15 @@ START_TEST(test_sss_filter_sanitize)
                 "Expected [%s], got [%s]",
                 has_all_expected, sanitized);
 
+    /* Input is reused from previous test - "\\(user)*name" */
+    const char has_all_allow_asterisk_expected[] = "\\5c\\28user\\29*name";
+    ret = sss_filter_sanitize_ex(test_ctx, has_all, &sanitized, "*");
+    fail_unless(ret == EOK, "has_all error [%d][%s]",
+                ret, strerror(ret));
+    fail_unless(strcmp(has_all_allow_asterisk_expected, sanitized)==0,
+                "Expected [%s], got [%s]",
+                has_all_expected, sanitized);
+
     talloc_free(test_ctx);
 }
 END_TEST
diff --git a/src/util/util.c b/src/util/util.c
index cfd26a58b..782cd026b 100644
--- a/src/util/util.c
+++ b/src/util/util.c
@@ -525,13 +525,15 @@ errno_t sss_hash_create(TALLOC_CTX *mem_ctx, unsigned long count,
     return sss_hash_create_ex(mem_ctx, count, tbl, 0, 0, 0, 0, NULL, NULL);
 }
 
-errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx,
-                            const char *input,
-                            char **sanitized)
+errno_t sss_filter_sanitize_ex(TALLOC_CTX *mem_ctx,
+                               const char *input,
+                               char **sanitized,
+                               const char *ignore)
 {
     char *output;
     size_t i = 0;
     size_t j = 0;
+    char *allowed;
 
     /* Assume the worst-case. We'll resize it later, once */
     output = talloc_array(mem_ctx, char, strlen(input) * 3 + 1);
@@ -540,6 +542,19 @@ errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx,
     }
 
     while (input[i]) {
+        /* Even though this character might have a special meaning, if it's
+         * expliticly allowed, just copy it and move on
+         */
+        if (ignore == NULL) {
+            allowed = NULL;
+        } else {
+            allowed = strchr(ignore, input[i]);
+        }
+        if (allowed) {
+            output[j++] = input[i++];
+            continue;
+        }
+
         switch(input[i]) {
         case '\t':
             output[j++] = '\\';
@@ -587,6 +602,13 @@ errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx,
     return EOK;
 }
 
+errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx,
+                            const char *input,
+                            char **sanitized)
+{
+    return sss_filter_sanitize_ex(mem_ctx, input, sanitized, NULL);
+}
+
 char *
 sss_escape_ip_address(TALLOC_CTX *mem_ctx, int family, const char *addr)
 {
diff --git a/src/util/util.h b/src/util/util.h
index 3d90cf0d1..94a3ddea8 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -485,6 +485,11 @@ errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx,
                             const char *input,
                             char **sanitized);
 
+errno_t sss_filter_sanitize_ex(TALLOC_CTX *mem_ctx,
+                               const char *input,
+                               char **sanitized,
+                               const char *ignore);
+
 errno_t sss_filter_sanitize_for_dom(TALLOC_CTX *mem_ctx,
                                     const char *input,
                                     struct sss_domain_info *dom,