summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/providers/krb5/krb5_auth.c18
-rw-r--r--src/providers/krb5/krb5_auth.h4
-rw-r--r--src/providers/krb5/krb5_utils.c213
-rw-r--r--src/providers/krb5/krb5_utils.h14
-rw-r--r--src/tests/krb5_child-test.c22
-rw-r--r--src/tests/krb5_utils-tests.c197
6 files changed, 282 insertions, 186 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index 6df34a8a..7937ec7e 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -293,7 +293,7 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr,
{
const char *ccname_template;
const char *realm;
- bool private_path = false;
+ char *public_dir = NULL;
errno_t ret;
if (!kr->is_offline) {
@@ -301,11 +301,11 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr,
}
ccname_template = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL);
- kr->ccname = expand_ccname_template(kr, kr, ccname_template, true,
- be_ctx->domain->case_sensitive,
- &private_path);
- if (kr->ccname == NULL) {
- DEBUG(1, ("expand_ccname_template failed.\n"));
+ ret = expand_ccname_template(kr, kr, ccname_template,
+ be_ctx->domain->case_sensitive,
+ &public_dir, &kr->ccname);
+ if (ret != EOK) {
+ DEBUG(1, ("expand_ccname_template failed.\n"));
return ENOMEM;
}
@@ -354,9 +354,9 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr,
kr->valid_tgt ? "" : "not"));
/* always recreate the ccache directory path */
- ret = sss_krb5_precreate_ccache(kr->ccname,
+ ret = sss_krb5_precreate_ccache(kr->ccname, public_dir,
kr->krb5_ctx->illegal_path_re,
- kr->uid, kr->gid, private_path);
+ kr->uid, kr->gid);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("ccache precreation failed.\n"));
return ret;
@@ -626,7 +626,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
NULL);
if (ccache_file != NULL) {
kr->old_ccname = talloc_strdup(kr, ccache_file);
- if (kr->old_ccname == NULL) {
+ if (kr->ccname == NULL || kr->old_ccname == NULL) {
DEBUG(1, ("talloc_strdup failed.\n"));
ret = ENOMEM;
goto done;
diff --git a/src/providers/krb5/krb5_auth.h b/src/providers/krb5/krb5_auth.h
index 022dc9b7..b2ad0946 100644
--- a/src/providers/krb5/krb5_auth.h
+++ b/src/providers/krb5/krb5_auth.h
@@ -41,8 +41,8 @@ struct krb5child_req {
struct pam_data *pd;
struct krb5_ctx *krb5_ctx;
- const char *ccname;
- const char *old_ccname;
+ char *ccname;
+ char *old_ccname;
const char *homedir;
char *upn;
uid_t uid;
diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c
index bd5a38fd..21730d68 100644
--- a/src/providers/krb5/krb5_utils.c
+++ b/src/providers/krb5/krb5_utils.c
@@ -166,41 +166,36 @@ done:
#define S_EXP_USERNAME "{username}"
#define L_EXP_USERNAME (sizeof(S_EXP_USERNAME) - 1)
-char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
- const char *template, bool file_mode,
- bool case_sensitive, bool *private_path)
+static errno_t expand_template(TALLOC_CTX *tmp_ctx, struct krb5child_req *kr,
+ const char *template, bool case_sensitive,
+ bool dir_mode, char **pubdir, char **ccname)
{
char *copy;
char *p;
char *n;
char *result = NULL;
- char *dummy;
char *name;
- char *res = NULL;
const char *cache_dir_tmpl;
- TALLOC_CTX *tmp_ctx = NULL;
char action;
bool rerun;
+ errno_t ret;
+ bool public_path = true;
+ char *dirname;
- *private_path = false;
-
- if (template == NULL) {
- DEBUG(1, ("Missing template.\n"));
- return NULL;
- }
-
- tmp_ctx = talloc_new(NULL);
- if (!tmp_ctx) return NULL;
+ *pubdir = NULL;
+ *ccname = NULL;
copy = talloc_strdup(tmp_ctx, template);
if (copy == NULL) {
DEBUG(1, ("talloc_strdup failed.\n"));
+ ret = ENOMEM;
goto done;
}
result = talloc_strdup(tmp_ctx, "");
if (result == NULL) {
DEBUG(1, ("talloc_strdup failed.\n"));
+ ret = ENOMEM;
goto done;
}
@@ -210,6 +205,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
n++;
if ( *n == '\0' ) {
DEBUG(1, ("format error, single %% at the end of the template.\n"));
+ ret = EINVAL;
goto done;
}
@@ -222,6 +218,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
if (kr->pd->user == NULL) {
DEBUG(1, ("Cannot expand user name template "
"because user name is empty.\n"));
+ ret = EINVAL;
goto done;
}
name = sss_get_cased_name(tmp_ctx, kr->pd->user,
@@ -229,12 +226,13 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
if (!name) {
DEBUG(SSSDBG_CRIT_FAILURE,
("sss_get_cased_name failed\n"));
+ ret = ENOMEM;
goto done;
}
result = talloc_asprintf_append(result, "%s%s", p,
name);
- if (!file_mode) *private_path = true;
+ public_path = false;
break;
case 'U':
if (kr->uid <= 0) {
@@ -244,7 +242,7 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
}
result = talloc_asprintf_append(result, "%s%"SPRIuid, p,
kr->uid);
- if (!file_mode) *private_path = true;
+ public_path = false;
break;
case 'p':
if (kr->upn == NULL) {
@@ -253,60 +251,75 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
goto done;
}
result = talloc_asprintf_append(result, "%s%s", p, kr->upn);
- if (!file_mode) *private_path = true;
+ public_path = false;
break;
case '%':
result = talloc_asprintf_append(result, "%s%%", p);
break;
case 'r':
- dummy = dp_opt_get_string(kr->krb5_ctx->opts, KRB5_REALM);
- if (dummy == NULL) {
+ name = dp_opt_get_string(kr->krb5_ctx->opts, KRB5_REALM);
+ if (name == NULL) {
DEBUG(1, ("Missing kerberos realm.\n"));
+ ret = EINVAL;
goto done;
}
- result = talloc_asprintf_append(result, "%s%s", p, dummy);
+ result = talloc_asprintf_append(result, "%s%s", p, name);
break;
case 'h':
if (kr->homedir == NULL) {
DEBUG(1, ("Cannot expand home directory template "
"because the path is not available.\n"));
+ ret = EINVAL;
goto done;
}
result = talloc_asprintf_append(result, "%s%s", p, kr->homedir);
- if (!file_mode) *private_path = true;
+ public_path = false;
break;
case 'd':
- if (file_mode) {
- cache_dir_tmpl = dp_opt_get_string(kr->krb5_ctx->opts,
- KRB5_CCACHEDIR);
- if (cache_dir_tmpl == NULL) {
- DEBUG(1, ("Missing credential cache directory.\n"));
- goto done;
- }
+ if (dir_mode) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("'%%d' is not allowed in this template.\n"));
+ ret = EINVAL;
+ goto done;
+ }
- dummy = expand_ccname_template(tmp_ctx, kr, cache_dir_tmpl,
- false, case_sensitive,
- private_path);
- if (dummy == NULL) {
- DEBUG(1, ("Expanding credential cache directory "
- "template failed.\n"));
+ cache_dir_tmpl = dp_opt_get_string(kr->krb5_ctx->opts,
+ KRB5_CCACHEDIR);
+ if (cache_dir_tmpl == NULL) {
+ DEBUG(1, ("Missing credential cache directory.\n"));
+ ret = EINVAL;
+ goto done;
+ }
+
+ ret = expand_template(tmp_ctx, kr, cache_dir_tmpl,
+ case_sensitive, true, &dirname, &name);
+ if (ret) {
+ DEBUG(1, ("Expanding credential cache directory "
+ "template failed.\n"));
+ goto done;
+ }
+ if (dirname) {
+ *pubdir = talloc_asprintf(tmp_ctx, "%s%s%s",
+ result, p, dirname);
+ if (*pubdir == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("talloc_asprintf failed.\n"));
+ ret = ENOMEM;
goto done;
}
- result = talloc_asprintf_append(result, "%s%s", p, dummy);
- talloc_zfree(dummy);
- } else {
- DEBUG(1, ("'%%d' is not allowed in this template.\n"));
- goto done;
}
+ result = talloc_asprintf_append(result, "%s%s", p, name);
break;
case 'P':
- if (!file_mode) {
+ if (dir_mode) {
DEBUG(1, ("'%%P' is not allowed in this template.\n"));
+ ret = EINVAL;
goto done;
}
if (kr->pd->cli_pid == 0) {
DEBUG(1, ("Cannot expand PID template "
"because PID is not available.\n"));
+ ret = EINVAL;
goto done;
}
result = talloc_asprintf_append(result, "%s%d", p,
@@ -355,12 +368,14 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
break;
default:
DEBUG(1, ("format error, unknown template [%%%c].\n", *n));
+ ret = EINVAL;
goto done;
}
}
if (result == NULL) {
DEBUG(1, ("talloc_asprintf_append failed.\n"));
+ ret = ENOMEM;
goto done;
}
@@ -370,13 +385,71 @@ char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
result = talloc_asprintf_append(result, "%s", p);
if (result == NULL) {
DEBUG(1, ("talloc_asprintf_append failed.\n"));
+ ret = ENOMEM;
goto done;
}
+ if (dir_mode && public_path) {
+ *pubdir = talloc_strdup(tmp_ctx, result);
+ if (*pubdir == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup failed.\n"));
+ ret = ENOMEM;
+ goto done;
+ }
+ }
+ *ccname = result;
+done:
+ return ret;
+}
+
+errno_t expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
+ const char *template, bool case_sensitive,
+ char **public_dir, char **cc_name)
+{
+ TALLOC_CTX *tmp_ctx = NULL;
+ const char *residual;
+ char *pubdir = NULL;
+ char *ccname = NULL;
+ errno_t ret;
+
+ *public_dir = NULL;
+ *cc_name = NULL;
+
+ if (template == NULL) {
+ DEBUG(1, ("Missing template.\n"));
+ return EINVAL;
+ }
+
+ residual = strchr(template, ':');
+ if (!residual) residual = template;
+ else residual++;
+
+ tmp_ctx = talloc_new(mem_ctx);
+ if (!tmp_ctx) return ENOMEM;
+
+ ret = expand_template(tmp_ctx, kr, residual,
+ case_sensitive, false, &pubdir, &ccname);
+ if (ret) {
+ goto done;
+ }
+
+ if (residual == template) {
+ *cc_name = talloc_move(mem_ctx, &ccname);
+ } else {
+ *cc_name = talloc_asprintf(mem_ctx, "%.*s%s",
+ (int)(residual - template), template,
+ ccname);
+ if (*cc_name == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+ }
+ if (pubdir) {
+ *public_dir = talloc_move(mem_ctx, &pubdir);
+ }
- res = talloc_move(mem_ctx, &result);
done:
talloc_zfree(tmp_ctx);
- return res;
+ return ret;
}
static errno_t check_parent_stat(bool private_path, struct stat *parent_stat,
@@ -424,6 +497,7 @@ static errno_t check_parent_stat(bool private_path, struct stat *parent_stat,
struct string_list {
struct string_list *next;
struct string_list *prev;
+ size_t len_s;
char *s;
};
@@ -468,10 +542,16 @@ static errno_t find_ccdir_parent_data(TALLOC_CTX *mem_ctx,
("talloc_strdup failed.\n"));
return ENOMEM;
}
+ li->len_s = strlen(li->s);
+ /* no trailing slashes */
+ while (li->s[li->len_s - 1] == '/') {
+ li->len_s--;
+ li->s[li->len_s] = '\0';
+ }
DLIST_ADD(*missing_parents, li);
- parent = talloc_strdup(mem_ctx, ccdirname);
+ parent = talloc_strdup(mem_ctx, li->s);
if (parent == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE,
("talloc_strdup failed.\n"));
@@ -480,7 +560,7 @@ static errno_t find_ccdir_parent_data(TALLOC_CTX *mem_ctx,
/* We'll remove all trailing slashes from the back so that
* we only pass /some/path to find_ccdir_parent_data, not
- * /some/path */
+ * /some/path/ */
do {
end = strrchr(parent, '/');
if (end == NULL || end == parent) {
@@ -522,9 +602,8 @@ check_ccache_re(const char *filename, pcre *illegal_re)
return EFAULT;
}
-errno_t
-create_ccache_dir(const char *ccdirname, pcre *illegal_re,
- uid_t uid, gid_t gid, bool private_path)
+errno_t create_ccache_dir(const char *ccdirname, const char *pubdir,
+ pcre *illegal_re, uid_t uid, gid_t gid)
{
int ret = EFAULT;
struct stat parent_stat;
@@ -533,6 +612,9 @@ create_ccache_dir(const char *ccdirname, pcre *illegal_re,
mode_t old_umask;
mode_t new_dir_mode;
TALLOC_CTX *tmp_ctx = NULL;
+ size_t len_pubdir = 0;
+ bool in_pubdir;
+ bool is_pubdir;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
@@ -563,26 +645,35 @@ create_ccache_dir(const char *ccdirname, pcre *illegal_re,
goto done;
}
- ret = check_parent_stat(private_path, &parent_stat, uid, gid);
+ ret = check_parent_stat((pubdir == NULL), &parent_stat, uid, gid);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
("check_parent_stat failed for %s directory [%s].\n",
- private_path ? "private" : "public", ccdirname));
+ (pubdir == NULL) ? "private" : "public", ccdirname));
goto done;
}
+ if (pubdir) {
+ len_pubdir = strlen(pubdir);
+ while (pubdir[len_pubdir - 1] == '/') len_pubdir--;
+ }
+
DLIST_FOR_EACH(li, missing_parents) {
DEBUG(SSSDBG_TRACE_INTERNAL,
("Creating directory [%s].\n", li->s));
- if (li->next == NULL) {
- new_dir_mode = private_path ? 0700 : 01777;
- } else {
- if (private_path &&
- parent_stat.st_uid == uid && parent_stat.st_gid == gid) {
- new_dir_mode = 0700;
+ in_pubdir = false;
+ if (len_pubdir && (strncmp(pubdir, li->s, li->len_s) == 0)) {
+ in_pubdir = true;
+ if (len_pubdir == li->len_s) is_pubdir = true;
+ }
+ if (in_pubdir) {
+ if (is_pubdir) {
+ new_dir_mode = 01777;
} else {
new_dir_mode = 0755;
}
+ } else {
+ new_dir_mode = 0700;
}
old_umask = umask(0000);
@@ -595,9 +686,7 @@ create_ccache_dir(const char *ccdirname, pcre *illegal_re,
strerror(ret)));
goto done;
}
- if (private_path &&
- ((parent_stat.st_uid == uid && parent_stat.st_gid == gid) ||
- li->next == NULL)) {
+ if (!in_pubdir) {
ret = chown(li->s, uid, gid);
if (ret != EOK) {
ret = errno;
@@ -722,8 +811,8 @@ done:
return EOK;
}
-errno_t sss_krb5_precreate_ccache(const char *ccname, pcre *illegal_re,
- uid_t uid, gid_t gid, bool private_path)
+errno_t sss_krb5_precreate_ccache(const char *ccname, const char *pubdir,
+ pcre *illegal_re, uid_t uid, gid_t gid)
{
TALLOC_CTX *tmp_ctx = NULL;
const char *filename;
@@ -767,7 +856,7 @@ errno_t sss_krb5_precreate_ccache(const char *ccname, pcre *illegal_re,
*end = '\0';
} while (*(end+1) == '\0');
- ret = create_ccache_dir(ccdirname, illegal_re, uid, gid, private_path);
+ ret = create_ccache_dir(ccdirname, pubdir, illegal_re, uid, gid);
done:
talloc_free(tmp_ctx);
return ret;
diff --git a/src/providers/krb5/krb5_utils.h b/src/providers/krb5/krb5_utils.h
index 33cc6112..1a0fd080 100644
--- a/src/providers/krb5/krb5_utils.h
+++ b/src/providers/krb5/krb5_utils.h
@@ -42,12 +42,12 @@ errno_t check_if_cached_upn_needs_update(struct sysdb_ctx *sysdb,
const char *user,
const char *upn);
-errno_t create_ccache_dir(const char *dirname, pcre *illegal_re,
- uid_t uid, gid_t gid, bool private_path);
+errno_t create_ccache_dir(const char *ccdirname, const char *pubdir,
+ pcre *illegal_re, uid_t uid, gid_t gid);
-char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
- const char *template, bool file_mode,
- bool case_sensitive, bool *private_path);
+errno_t expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
+ const char *template, bool case_sensitive,
+ char **public_dir, char **ccname);
errno_t become_user(uid_t uid, gid_t gid);
struct sss_creds;
@@ -57,8 +57,8 @@ errno_t switch_creds(TALLOC_CTX *mem_ctx,
struct sss_creds **saved_creds);
errno_t restore_creds(struct sss_creds *saved_creds);
-errno_t sss_krb5_precreate_ccache(const char *ccname, pcre *illegal_re,
- uid_t uid, gid_t gid, bool private_path);
+errno_t sss_krb5_precreate_ccache(const char *ccname, const char *pubdir,
+ pcre *illegal_re, uid_t uid, gid_t gid);
errno_t sss_krb5_cc_destroy(const char *ccname, uid_t uid, gid_t gid);
errno_t sss_krb5_check_ccache_princ(uid_t uid, gid_t gid,
const char *ccname, const char *principal);
diff --git a/src/tests/krb5_child-test.c b/src/tests/krb5_child-test.c
index 959b1bd6..5181f1b5 100644
--- a/src/tests/krb5_child-test.c
+++ b/src/tests/krb5_child-test.c
@@ -198,7 +198,7 @@ create_dummy_req(TALLOC_CTX *mem_ctx, const char *user,
{
struct krb5child_req *kr;
struct passwd *pwd;
- bool private = false;
+ char *pubdir = NULL;
errno_t ret;
/* The top level child request */
@@ -243,15 +243,13 @@ create_dummy_req(TALLOC_CTX *mem_ctx, const char *user,
}
if (!ccname) {
- kr->ccname = expand_ccname_template(kr, kr,
- dp_opt_get_cstring(kr->krb5_ctx->opts,
- KRB5_CCNAME_TMPL),
- true, true, &private);
- if (!kr->ccname) goto fail;
-
- DEBUG(SSSDBG_FUNC_DATA, ("ccname [%s] uid [%llu] gid [%llu]\n",
- kr->ccname, (unsigned long long) kr->uid,
- (unsigned long long) kr->gid));
+ ret = expand_ccname_template(kr, kr, tmpl, true, &pubdir, &kr->ccname);
+ if (ret) goto fail;
+
+ DEBUG(SSSDBG_FUNC_DATA,
+ ("ccname [%s] pubdir [%s] uid [%llu] gid [%llu]\n",
+ kr->ccname, pubdir ? pubdir : "NULL",
+ (unsigned long long) kr->uid, (unsigned long long) kr->gid));
} else {
kr->ccname = talloc_strdup(kr, ccname);
}
@@ -260,9 +258,9 @@ create_dummy_req(TALLOC_CTX *mem_ctx, const char *user,
DEBUG(SSSDBG_FUNC_DATA, ("ccname [%s] uid [%u] gid [%u]\n",
kr->ccname, kr->uid, kr->gid));
- ret = sss_krb5_precreate_ccache(kr->ccname,
+ ret = sss_krb5_precreate_ccache(kr->ccname, pubdir,
kr->krb5_ctx->illegal_path_re,
- kr->uid, kr->gid, private);
+ kr->uid, kr->gid);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("create_ccache_dir failed.\n"));
goto fail;
diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c
index ea029256..96fac4f1 100644
--- a/src/tests/krb5_utils-tests.c
+++ b/src/tests/krb5_utils-tests.c
@@ -117,13 +117,13 @@ START_TEST(test_pub_ccache_dir)
ret = chmod(testpath, 0754);
fail_unless(ret == EOK, "chmod failed.");
- ret = sss_krb5_precreate_ccache(filename, NULL, 12345, 12345, false);
+ ret = sss_krb5_precreate_ccache(filename, dirname, NULL, 12345, 12345);
fail_unless(ret == EINVAL, "sss_krb5_precreate_ccache does not return EINVAL "
"while x-bit is missing.");
ret = chmod(testpath, 0755);
fail_unless(ret == EOK, "chmod failed.");
- ret = sss_krb5_precreate_ccache(filename, NULL, 12345, 12345, false);
+ ret = sss_krb5_precreate_ccache(filename, dirname, NULL, 12345, 12345);
fail_unless(ret == EOK, "sss_krb5_precreate_ccache failed.");
check_dir(subdirname, 0, 0, 01777);
@@ -158,9 +158,9 @@ START_TEST(test_pub_ccache_dir_in_user_dir)
filename = talloc_asprintf(tmp_ctx, "%s/ccfile", subdirname);
fail_unless(filename != NULL, "talloc_asprintf failed.");
- ret = sss_krb5_precreate_ccache(filename, NULL, 12345, 12345, false);
+ ret = sss_krb5_precreate_ccache(filename, dirname, NULL, 12345, 12345);
fail_unless(ret == EINVAL, "Creating public ccache dir in user dir "
- "does not failed with EINVAL.");
+ "does not fail with EINVAL.");
RMDIR(dirname);
}
@@ -193,13 +193,13 @@ START_TEST(test_priv_ccache_dir)
ret = chmod(testpath, 0754);
fail_unless(ret == EOK, "chmod failed.");
- ret = sss_krb5_precreate_ccache(filename, NULL, uid, gid, true);
+ ret = sss_krb5_precreate_ccache(filename, NULL, NULL, uid, gid);
fail_unless(ret == EINVAL, "sss_krb5_precreate_ccache does not return EINVAL "
"while x-bit is missing.");
ret = chmod(testpath, 0755);
fail_unless(ret == EOK, "chmod failed.");
- ret = sss_krb5_precreate_ccache(filename, NULL, uid, gid, true);
+ ret = sss_krb5_precreate_ccache(filename, NULL, NULL, uid, gid);
fail_unless(ret == EOK, "sss_krb5_precreate_ccache failed.");
check_dir(subdir, uid, gid, 0700);
@@ -248,13 +248,13 @@ START_TEST(test_private_ccache_dir_in_user_dir)
ret = chmod(user_dir, 0600);
fail_unless(ret == EOK, "chmod failed.");
- ret = sss_krb5_precreate_ccache(filename, NULL, uid, gid, true);
+ ret = sss_krb5_precreate_ccache(filename, NULL, NULL, uid, gid);
fail_unless(ret == EINVAL, "sss_krb5_precreate_ccache does not return EINVAL "
"while x-bit is missing.");
ret = chmod(user_dir, 0700);
fail_unless(ret == EOK, "chmod failed.");
- ret = sss_krb5_precreate_ccache(filename, NULL, uid, gid, true);
+ ret = sss_krb5_precreate_ccache(filename, NULL, NULL, uid, gid);
fail_unless(ret == EOK, "sss_krb5_precreate_ccache failed.");
check_dir(dn3, uid, gid, 0700);
@@ -292,7 +292,7 @@ START_TEST(test_private_ccache_dir_in_wrong_user_dir)
filename = talloc_asprintf(tmp_ctx, "%s/ccfile", subdirname);
fail_unless(filename != NULL, "talloc_asprintf failed.");
- ret = sss_krb5_precreate_ccache(filename, NULL, 12345, 12345, true);
+ ret = sss_krb5_precreate_ccache(filename, NULL, NULL, 12345, 12345);
fail_unless(ret == EINVAL, "Creating private ccache dir in wrong user "
"dir does not failed with EINVAL.");
@@ -304,6 +304,7 @@ START_TEST(test_illegal_patterns)
{
int ret;
char *cwd;
+ char *base;
char *dirname;
char *filename;
uid_t uid = getuid();
@@ -322,38 +323,49 @@ START_TEST(test_illegal_patterns)
cwd = getcwd(NULL, 0);
fail_unless(cwd != NULL, "getcwd failed.");
- dirname = talloc_asprintf(tmp_ctx, "%s/%s/priv_ccdir", cwd, TESTS_PATH);
+ base = talloc_strdup(tmp_ctx, cwd);
free(cwd);
+ fail_unless(base != NULL, "talloc_asprintf failed.");
+
+ dirname = talloc_asprintf(tmp_ctx, "%s/%s/priv_ccdir", base, TESTS_PATH);
fail_unless(dirname != NULL, "talloc_asprintf failed.");
filename = talloc_asprintf(tmp_ctx, "abc/./ccfile");
fail_unless(filename != NULL, "talloc_asprintf failed.");
- ret = create_ccache_dir(filename, illegal_re, uid, gid, true);
+ ret = create_ccache_dir(filename, NULL, illegal_re, uid, gid);
fail_unless(ret == EINVAL, "create_ccache_dir allowed relative path [%s].",
filename);
filename = talloc_asprintf(tmp_ctx, "%s/abc/./ccfile", dirname);
fail_unless(filename != NULL, "talloc_asprintf failed.");
- ret = create_ccache_dir(filename, illegal_re, uid, gid, true);
+ ret = create_ccache_dir(filename, NULL, illegal_re, uid, gid);
fail_unless(ret == EINVAL, "create_ccache_dir allowed "
"illegal pattern '/./' in filename [%s].",
filename);
filename = talloc_asprintf(tmp_ctx, "%s/abc/../ccfile", dirname);
fail_unless(filename != NULL, "talloc_asprintf failed.");
- ret = create_ccache_dir(filename, illegal_re, uid, gid, true);
+ ret = create_ccache_dir(filename, NULL, illegal_re, uid, gid);
fail_unless(ret == EINVAL, "create_ccache_dir allowed "
"illegal pattern '/../' in filename [%s].",
filename);
filename = talloc_asprintf(tmp_ctx, "%s/abc//ccfile", dirname);
fail_unless(filename != NULL, "talloc_asprintf failed.");
- ret = create_ccache_dir(filename, illegal_re, uid, gid, true);
+ ret = create_ccache_dir(filename, NULL, illegal_re, uid, gid);
fail_unless(ret == EINVAL, "create_ccache_dir allowed "
"illegal pattern '//' in filename [%s].",
filename);
+ dirname = talloc_asprintf(tmp_ctx, "%s/%s/pubdir", base, TESTS_PATH);
+ fail_unless(dirname != NULL, "talloc_asprintf failed.");
+ filename = talloc_asprintf(tmp_ctx, "%s/priv/ate/ccfile", dirname);
+ fail_unless(filename != NULL, "talloc_asprintf failed.");
+
+ ret = create_ccache_dir(filename, dirname, illegal_re, uid, gid);
+ fail_unless(ret == EINVAL,
+ "create_ccache_dir should fail for [%s].", filename);
}
END_TEST
@@ -362,6 +374,7 @@ START_TEST(test_cc_dir_create)
char *residual;
char *dirname;
char *cwd;
+ char *base;
uid_t uid = getuid();
gid_t gid = getgid();
pcre *illegal_re;
@@ -379,13 +392,17 @@ START_TEST(test_cc_dir_create)
cwd = getcwd(NULL, 0);
fail_unless(cwd != NULL, "getcwd failed.");
+ base = talloc_strdup(tmp_ctx, cwd);
+ free(cwd);
+ fail_unless(base != NULL, "talloc_asprintf failed.");
+
dirname = talloc_asprintf(tmp_ctx, "%s/%s/user_dir",
- cwd, TESTS_PATH);
+ base, TESTS_PATH);
fail_unless(dirname != NULL, "talloc_asprintf failed.");
residual = talloc_asprintf(tmp_ctx, "DIR:%s/%s", dirname, "ccdir");
fail_unless(residual != NULL, "talloc_asprintf failed.");
- ret = sss_krb5_precreate_ccache(residual, illegal_re, uid, gid, true);
+ ret = sss_krb5_precreate_ccache(residual, NULL, illegal_re, uid, gid);
fail_unless(ret == EOK, "sss_krb5_precreate_ccache failed\n");
ret = rmdir(dirname);
if (ret < 0) ret = errno;
@@ -393,18 +410,17 @@ START_TEST(test_cc_dir_create)
talloc_free(residual);
dirname = talloc_asprintf(tmp_ctx, "%s/%s/user_dir2",
- cwd, TESTS_PATH);
+ base, TESTS_PATH);
fail_unless(dirname != NULL, "talloc_asprintf failed.");
residual = talloc_asprintf(tmp_ctx, "DIR:%s/%s", dirname, "ccdir/");
fail_unless(residual != NULL, "talloc_asprintf failed.");
- ret = sss_krb5_precreate_ccache(residual, illegal_re, uid, gid, true);
+ ret = sss_krb5_precreate_ccache(residual, NULL, illegal_re, uid, gid);
fail_unless(ret == EOK, "sss_krb5_precreate_ccache failed\n");
ret = rmdir(dirname);
if (ret < 0) ret = errno;
fail_unless(ret == 0, "Cannot remove %s: %s\n", dirname, strerror(ret));
talloc_free(residual);
- free(cwd);
}
END_TEST
@@ -463,48 +479,51 @@ void free_talloc_context(void)
}
static void do_test(const char *file_template, const char *dir_template,
- const char *expected, const bool expected_private_path)
+ const char *expected, const char *expected_pubdir)
{
char *result;
+ char *pubdir;
int ret;
- bool private_path = false;
ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, dir_template);
fail_unless(ret == EOK, "Failed to set Ccache dir");
- result = expand_ccname_template(tmp_ctx, kr, file_template, true,
- true, &private_path);
+ ret = expand_ccname_template(tmp_ctx, kr, file_template,
+ true, &pubdir, &result);
fail_unless(result != NULL, "Cannot expand template [%s].", file_template);
- fail_unless(strcmp(result, expected) == 0,
+ fail_unless(result && expected && strcmp(result, expected) == 0,
"Expansion failed, result [%s], expected [%s].",
- result, expected);
- fail_unless(private_path == expected_private_path,
- "Unexpected private path, get [%s], expected [%s].",
- private_path ? "true" : "false",
- expected_private_path ? "true" : "false");
+ result ? result : "NULL", expected ? expected : "NULL");
+ fail_unless((expected_pubdir ?
+ (pubdir && (strcmp(pubdir, expected_pubdir) == 0)) :
+ (pubdir == NULL)),
+ "Unexpected pubdir, got [%s], expected [%s].",
+ pubdir ? pubdir : "NULL",
+ expected_pubdir ? expected_pubdir : "NULL");
}
START_TEST(test_multiple_substitutions)
{
- do_test(BASE"_%u_%U_%u", CCACHE_DIR, BASE"_"USERNAME"_"UID"_"USERNAME, false);
+ do_test(BASE"_%u_%U_%u", CCACHE_DIR,
+ BASE"_"USERNAME"_"UID"_"USERNAME, NULL);
do_test("%d/"FILENAME, BASE"_%u_%U_%u",
- BASE"_"USERNAME"_"UID"_"USERNAME"/"FILENAME, true);
+ BASE"_"USERNAME"_"UID"_"USERNAME"/"FILENAME, NULL);
}
END_TEST
START_TEST(test_username)
{
- do_test(BASE"_%u", CCACHE_DIR, BASE"_"USERNAME, false);
- do_test("%d/"FILENAME, BASE"_%u", BASE"_"USERNAME"/"FILENAME, true);
+ do_test(BASE"_%u", CCACHE_DIR, BASE"_"USERNAME, NULL);
+ do_test("%d/"FILENAME, BASE"_%u", BASE"_"USERNAME"/"FILENAME, NULL);
}
END_TEST
START_TEST(test_case_sensitive)
{
char *result;
+ char *pubdir;
int ret;
- bool private_path = false;
const char *file_template = BASE"_%u";
const char *expected_cs = BASE"_TestUser";
const char *expected_ci = BASE"_testuser";
@@ -513,98 +532,92 @@ START_TEST(test_case_sensitive)
ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, CCACHE_DIR);
fail_unless(ret == EOK, "Failed to set Ccache dir");
- result = expand_ccname_template(tmp_ctx, kr, file_template, true,
- true, &private_path);
+ ret = expand_ccname_template(tmp_ctx, kr, file_template,
+ true, &pubdir, &result);
fail_unless(result != NULL, "Cannot expand template [%s].", file_template);
- fail_unless(strcmp(result, expected_cs) == 0,
+ fail_unless(result && expected_cs && strcmp(result, expected_cs) == 0,
"Expansion failed, result [%s], expected [%s].",
- result, expected_cs);
+ result ? result : "NULL", expected_cs ? expected_cs : "NULL");
- result = expand_ccname_template(tmp_ctx, kr, file_template, true,
- false, &private_path);
+ ret = expand_ccname_template(tmp_ctx, kr, file_template,
+ false, &pubdir, &result);
fail_unless(result != NULL, "Cannot expand template [%s].", file_template);
- fail_unless(strcmp(result, expected_ci) == 0,
+ fail_unless(result && expected_ci && strcmp(result, expected_ci) == 0,
"Expansion failed, result [%s], expected [%s].",
- result, expected_ci);
+ result ? result : "NULL", expected_ci ? expected_ci : "NULL");
}
END_TEST
START_TEST(test_uid)
{
- do_test(BASE"_%U", CCACHE_DIR, BASE"_"UID, false);
- do_test("%d/"FILENAME, BASE"_%U", BASE"_"UID"/"FILENAME, true);
+ do_test(BASE"_%U", CCACHE_DIR, BASE"_"UID, NULL);
+ do_test("%d/"FILENAME, BASE"_%U", BASE"_"UID"/"FILENAME, NULL);
}
END_TEST
START_TEST(test_upn)
{
- do_test(BASE"_%p", CCACHE_DIR, BASE"_"PRINCIPAL_NAME, false);
- do_test("%d/"FILENAME, BASE"_%p", BASE"_"PRINCIPAL_NAME"/"FILENAME, true);
+ do_test(BASE"_%p", CCACHE_DIR, BASE"_"PRINCIPAL_NAME, NULL);
+ do_test("%d/"FILENAME, BASE"_%p", BASE"_"PRINCIPAL_NAME"/"FILENAME, NULL);
}
END_TEST
START_TEST(test_realm)
{
- do_test(BASE"_%r", CCACHE_DIR, BASE"_"REALM, false);
- do_test("%d/"FILENAME, BASE"_%r", BASE"_"REALM"/"FILENAME, false);
+ do_test(BASE"_%r", CCACHE_DIR, BASE"_"REALM, NULL);
+ do_test("%d/"FILENAME, BASE"_%r", BASE"_"REALM"/"FILENAME, BASE"_"REALM);
}
END_TEST
START_TEST(test_home)
{
- do_test(BASE"_%h", CCACHE_DIR, BASE"_"HOME_DIRECTORY, false);
- do_test("%d/"FILENAME, BASE"_%h", BASE"_"HOME_DIRECTORY"/"FILENAME, true);
+ do_test(BASE"_%h", CCACHE_DIR, BASE"_"HOME_DIRECTORY, NULL);
+ do_test("%d/"FILENAME, BASE"_%h", BASE"_"HOME_DIRECTORY"/"FILENAME, NULL);
}
END_TEST
START_TEST(test_ccache_dir)
{
char *result;
+ char *pubdir;
int ret;
- bool private_path = false;
- do_test(BASE"_%d", CCACHE_DIR, BASE"_"CCACHE_DIR, false);
+ do_test(BASE"_%d", CCACHE_DIR, BASE"_"CCACHE_DIR, BASE"_"CCACHE_DIR);
ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, BASE"_%d");
fail_unless(ret == EOK, "Failed to set Ccache dir");
- result = expand_ccname_template(tmp_ctx, kr, "%d/"FILENAME, true,
- true, &private_path);
+ ret = expand_ccname_template(tmp_ctx, kr, "%d/"FILENAME,
+ true, &pubdir, &result);
fail_unless(result == NULL, "Using %%d in ccache dir should fail.");
- fail_unless(private_path == false,
- "Unexpected private path, get [%s], expected [%s].",
- private_path ? "true" : "false", "false");
}
END_TEST
START_TEST(test_pid)
{
char *result;
+ char *pubdir;
int ret;
- bool private_path = false;
- do_test(BASE"_%P", CCACHE_DIR, BASE"_"PID, false);
+ do_test(BASE"_%P", CCACHE_DIR, BASE"_"PID, NULL);
ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, BASE"_%P");
fail_unless(ret == EOK, "Failed to set Ccache dir");
- result = expand_ccname_template(tmp_ctx, kr, "%d/"FILENAME, true,
- true, &private_path);
+ ret = expand_ccname_template(tmp_ctx, kr, "%d/"FILENAME,
+ true, &pubdir, &result);
fail_unless(result == NULL, "Using %%P in ccache dir should fail.");
- fail_unless(private_path == false,
- "Unexpected private path, get [%s], expected [%s].",
- private_path ? "true" : "false", "false");
}
END_TEST
START_TEST(test_percent)
{
- do_test(BASE"_%%", CCACHE_DIR, BASE"_%", false);
- do_test("%d/"FILENAME, BASE"_%%", BASE"_%/"FILENAME, false);
+ do_test(BASE"_%%", CCACHE_DIR, BASE"_%", NULL);
+ do_test("%d/"FILENAME, BASE"_%%", BASE"_%/"FILENAME, BASE"_%");
}
END_TEST
@@ -612,11 +625,11 @@ START_TEST(test_unknow_template)
{
const char *test_template = BASE"_%X";
char *result;
+ char *pubdir;
int ret;
- bool private_path = false;
- result = expand_ccname_template(tmp_ctx, kr, test_template, true,
- true, &private_path);
+ ret = expand_ccname_template(tmp_ctx, kr, test_template,
+ true, &pubdir, &result);
fail_unless(result == NULL, "Unknown template [%s] should fail.",
test_template);
@@ -624,14 +637,11 @@ START_TEST(test_unknow_template)
ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, BASE"_%X");
fail_unless(ret == EOK, "Failed to set Ccache dir");
test_template = "%d/"FILENAME;
- result = expand_ccname_template(tmp_ctx, kr, test_template, true,
- true, &private_path);
+ ret = expand_ccname_template(tmp_ctx, kr, test_template,
+ true, &pubdir, &result);
fail_unless(result == NULL, "Unknown template [%s] should fail.",
test_template);
- fail_unless(private_path == false,
- "Unexpected private path, get [%s], expected [%s].",
- private_path ? "true" : "false", "false");
}
END_TEST
@@ -639,16 +649,14 @@ START_TEST(test_NULL)
{
char *test_template = NULL;
char *result;
- bool private_path = false;
+ char *pubdir;
+ int ret;
- result = expand_ccname_template(tmp_ctx, kr, test_template, true,
- true, &private_path);
+ ret = expand_ccname_template(tmp_ctx, kr, test_template,
+ true, &pubdir, &result);
- fail_unless(result == NULL, "Expected NULL as a result for an empty input.",
- test_template);
- fail_unless(private_path == false,
- "Unexpected private path, get [%s], expected [%s].",
- private_path ? "true" : "false", "false");
+ fail_unless(result == NULL,
+ "Expected NULL as a result for an empty input.");
}
END_TEST
@@ -656,32 +664,33 @@ START_TEST(test_no_substitution)
{
const char *test_template = BASE;
char *result;
- bool private_path = false;
+ char *pubdir;
+ int ret;
- result = expand_ccname_template(tmp_ctx, kr, test_template, true,
- true, &private_path);
+ ret = expand_ccname_template(tmp_ctx, kr, test_template,
+ true, &pubdir, &result);
fail_unless(result != NULL, "Cannot expand template [%s].", test_template);
fail_unless(strcmp(result, test_template) == 0,
"Expansion failed, result [%s], expected [%s].",
result, test_template);
- fail_unless(private_path == false,
- "Unexpected private path, get [%s], expected [%s].",
- private_path ? "true" : "false", "false");
+ fail_unless(pubdir == NULL,
+ "Unexpected pubdir, got [%s], expected [NULL].", pubdir);
}
END_TEST
START_TEST(test_krb5_style_expansion)
{
- char *result;
- bool private_path = false;
const char *file_template;
const char *expected;
+ char *result;
+ char *pubdir;
+ int ret;
file_template = BASE"/%{uid}/%{USERID}/%{euid}/%{username}";
expected = BASE"/"UID"/"UID"/"UID"/"USERNAME;
- result = expand_ccname_template(tmp_ctx, kr, file_template, true,
- true, &private_path);
+ ret = expand_ccname_template(tmp_ctx, kr, file_template,
+ true, &pubdir, &result);
fail_unless(result != NULL, "Cannot expand template [%s].", file_template);
fail_unless(strcmp(result, expected) == 0,
@@ -690,8 +699,8 @@ START_TEST(test_krb5_style_expansion)
file_template = BASE"/%{unknown}";
expected = BASE"/%{unknown}";
- result = expand_ccname_template(tmp_ctx, kr, file_template, true,
- false, &private_path);
+ ret = expand_ccname_template(tmp_ctx, kr, file_template,
+ true, &pubdir, &result);
fail_unless(result != NULL, "Cannot expand template [%s].", file_template);
fail_unless(strcmp(result, expected) == 0,
generated by cgit (git 2.34.1) at 2025-07-04 14:01:10 +0000