From f736b14f1e308d67e091d3ee56ef0384d618130e Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 4 May 2015 13:10:01 +0200 Subject: UTIL: Add sss_filter_sanitize_ex MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Related: https://fedorahosted.org/sssd/ticket/2553 In order to support wildcard request, we need to introduce an optionally relaxed version of sss_filter_sanitize that allows to select which characters are exempt from sanitizing. Reviewed-by: Pavel Březina --- src/tests/util-tests.c | 9 +++++++++ src/util/util.c | 28 +++++++++++++++++++++++++--- src/util/util.h | 5 +++++ 3 files changed, 39 insertions(+), 3 deletions(-) diff --git a/src/tests/util-tests.c b/src/tests/util-tests.c index 3d42f0193..bfdf07802 100644 --- a/src/tests/util-tests.c +++ b/src/tests/util-tests.c @@ -406,6 +406,15 @@ START_TEST(test_sss_filter_sanitize) "Expected [%s], got [%s]", has_all_expected, sanitized); + /* Input is reused from previous test - "\\(user)*name" */ + const char has_all_allow_asterisk_expected[] = "\\5c\\28user\\29*name"; + ret = sss_filter_sanitize_ex(test_ctx, has_all, &sanitized, "*"); + fail_unless(ret == EOK, "has_all error [%d][%s]", + ret, strerror(ret)); + fail_unless(strcmp(has_all_allow_asterisk_expected, sanitized)==0, + "Expected [%s], got [%s]", + has_all_expected, sanitized); + talloc_free(test_ctx); } END_TEST diff --git a/src/util/util.c b/src/util/util.c index cfd26a58b..782cd026b 100644 --- a/src/util/util.c +++ b/src/util/util.c @@ -525,13 +525,15 @@ errno_t sss_hash_create(TALLOC_CTX *mem_ctx, unsigned long count, return sss_hash_create_ex(mem_ctx, count, tbl, 0, 0, 0, 0, NULL, NULL); } -errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx, - const char *input, - char **sanitized) +errno_t sss_filter_sanitize_ex(TALLOC_CTX *mem_ctx, + const char *input, + char **sanitized, + const char *ignore) { char *output; size_t i = 0; size_t j = 0; + char *allowed; /* Assume the worst-case. We'll resize it later, once */ output = talloc_array(mem_ctx, char, strlen(input) * 3 + 1); @@ -540,6 +542,19 @@ errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx, } while (input[i]) { + /* Even though this character might have a special meaning, if it's + * expliticly allowed, just copy it and move on + */ + if (ignore == NULL) { + allowed = NULL; + } else { + allowed = strchr(ignore, input[i]); + } + if (allowed) { + output[j++] = input[i++]; + continue; + } + switch(input[i]) { case '\t': output[j++] = '\\'; @@ -587,6 +602,13 @@ errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx, return EOK; } +errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx, + const char *input, + char **sanitized) +{ + return sss_filter_sanitize_ex(mem_ctx, input, sanitized, NULL); +} + char * sss_escape_ip_address(TALLOC_CTX *mem_ctx, int family, const char *addr) { diff --git a/src/util/util.h b/src/util/util.h index 3d90cf0d1..94a3ddea8 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -485,6 +485,11 @@ errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx, const char *input, char **sanitized); +errno_t sss_filter_sanitize_ex(TALLOC_CTX *mem_ctx, + const char *input, + char **sanitized, + const char *ignore); + errno_t sss_filter_sanitize_for_dom(TALLOC_CTX *mem_ctx, const char *input, struct sss_domain_info *dom, -- cgit