search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge pull request #203 from sdigit/patch-1
[heimdal.git] / lib / krb5 / expand_path.c
blob3315efa5a41fe798839db1e8a7bf984c044edf45
1
2 /***********************************************************************
3 * Copyright (c) 2009, Secure Endpoints Inc.
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * - Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * - Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
21 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
23 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
25 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
27 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
29 * OF THE POSSIBILITY OF SUCH DAMAGE.
30 *
31 **********************************************************************/
32
33 #include "krb5_locl.h"
34
35 #include <stdarg.h>
36
37 typedef int PTYPE;
38
39 #ifdef _WIN32
40 #include <shlobj.h>
41 #include <sddl.h>
42
43 /*
44 * Expand a %{TEMP} token
45 *
46 * The %{TEMP} token expands to the temporary path for the current
47 * user as returned by GetTempPath().
48 *
49 * @note: Since the GetTempPath() function relies on the TMP or TEMP
50 * environment variables, this function will failover to the system
51 * temporary directory until the user profile is loaded. In addition,
52 * the returned path may or may not exist.
53 */
54 static krb5_error_code
55 _expand_temp_folder(krb5_context context, PTYPE param, const char *postfix, char **ret)
56 {
57 TCHAR tpath[MAX_PATH];
58 size_t len;
59
60 if (!GetTempPath(sizeof(tpath)/sizeof(tpath[0]), tpath)) {
61 if (context)
62 krb5_set_error_message(context, EINVAL,
63 "Failed to get temporary path (GLE=%d)",
64 GetLastError());
65 return EINVAL;
66 }
67
68 len = strlen(tpath);
69
70 if (len > 0 && tpath[len - 1] == '\\')
71 tpath[len - 1] = '\0';
72
73 *ret = strdup(tpath);
74
75 if (*ret == NULL)
76 return krb5_enomem(context);
77
78 return 0;
79 }
80
81 extern HINSTANCE _krb5_hInstance;
82
83 /*
84 * Expand a %{BINDIR} token
85 *
86 * This is also used to expand a few other tokens on Windows, since
87 * most of the executable binaries end up in the same directory. The
88 * "bin" directory is considered to be the directory in which the
89 * krb5.dll is located.
90 */
91 static krb5_error_code
92 _expand_bin_dir(krb5_context context, PTYPE param, const char *postfix, char **ret)
93 {
94 TCHAR path[MAX_PATH];
95 TCHAR *lastSlash;
96 DWORD nc;
97
98 nc = GetModuleFileName(_krb5_hInstance, path, sizeof(path)/sizeof(path[0]));
99 if (nc == 0 ||
100 nc == sizeof(path)/sizeof(path[0])) {
101 return EINVAL;
102 }
103
104 lastSlash = strrchr(path, '\\');
105 if (lastSlash != NULL) {
106 TCHAR *fslash = strrchr(lastSlash, '/');
107
108 if (fslash != NULL)
109 lastSlash = fslash;
110
111 *lastSlash = '\0';
112 }
113
114 if (postfix) {
115 if (strlcat(path, postfix, sizeof(path)/sizeof(path[0])) >= sizeof(path)/sizeof(path[0]))
116 return EINVAL;
117 }
118
119 *ret = strdup(path);
120 if (*ret == NULL)
121 return krb5_enomem(context);
122
123 return 0;
124 }
125
126 /*
127 * Expand a %{USERID} token
128 *
129 * The %{USERID} token expands to the string representation of the
130 * user's SID. The user account that will be used is the account
131 * corresponding to the current thread's security token. This means
132 * that:
133 *
134 * - If the current thread token has the anonymous impersonation
135 * level, the call will fail.
136 *
137 * - If the current thread is impersonating a token at
138 * SecurityIdentification level the call will fail.
139 *
140 */
141 static krb5_error_code
142 _expand_userid(krb5_context context, PTYPE param, const char *postfix, char **ret)
143 {
144 int rv = EINVAL;
145 HANDLE hThread = NULL;
146 HANDLE hToken = NULL;
147 PTOKEN_OWNER pOwner = NULL;
148 DWORD len = 0;
149 LPTSTR strSid = NULL;
150
151 hThread = GetCurrentThread();
152
153 if (!OpenThreadToken(hThread, TOKEN_QUERY,
154 FALSE, /* Open the thread token as the
155 current thread user. */
156 &hToken)) {
157
158 DWORD le = GetLastError();
159
160 if (le == ERROR_NO_TOKEN) {
161 HANDLE hProcess = GetCurrentProcess();
162
163 le = 0;
164 if (!OpenProcessToken(hProcess, TOKEN_QUERY, &hToken))
165 le = GetLastError();
166 }
167
168 if (le != 0) {
169 if (context)
170 krb5_set_error_message(context, rv,
171 "Can't open thread token (GLE=%d)", le);
172 goto _exit;
173 }
174 }
175
176 if (!GetTokenInformation(hToken, TokenOwner, NULL, 0, &len)) {
177 if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
178 if (context)
179 krb5_set_error_message(context, rv,
180 "Unexpected error reading token information (GLE=%d)",
181 GetLastError());
182 goto _exit;
183 }
184
185 if (len == 0) {
186 if (context)
187 krb5_set_error_message(context, rv,
188 "GetTokenInformation() returned truncated buffer");
189 goto _exit;
190 }
191
192 pOwner = malloc(len);
193 if (pOwner == NULL) {
194 if (context)
195 krb5_set_error_message(context, rv, "Out of memory");
196 goto _exit;
197 }
198 } else {
199 if (context)
200 krb5_set_error_message(context, rv, "GetTokenInformation() returned truncated buffer");
201 goto _exit;
202 }
203
204 if (!GetTokenInformation(hToken, TokenOwner, pOwner, len, &len)) {
205 if (context)
206 krb5_set_error_message(context, rv, "GetTokenInformation() failed. GLE=%d", GetLastError());
207 goto _exit;
208 }
209
210 if (!ConvertSidToStringSid(pOwner->Owner, &strSid)) {
211 if (context)
212 krb5_set_error_message(context, rv, "Can't convert SID to string. GLE=%d", GetLastError());
213 goto _exit;
214 }
215
216 *ret = strdup(strSid);
217 if (*ret == NULL && context)
218 krb5_set_error_message(context, rv, "Out of memory");
219
220 rv = 0;
221
222 _exit:
223 if (hToken != NULL)
224 CloseHandle(hToken);
225
226 if (pOwner != NULL)
227 free (pOwner);
228
229 if (strSid != NULL)
230 LocalFree(strSid);
231
232 return rv;
233 }
234
235 /*
236 * Expand a folder identified by a CSIDL
237 */
238
239 static krb5_error_code
240 _expand_csidl(krb5_context context, PTYPE folder, const char *postfix, char **ret)
241 {
242 TCHAR path[MAX_PATH];
243 size_t len;
244
245 if (SHGetFolderPath(NULL, folder, NULL, SHGFP_TYPE_CURRENT, path) != S_OK) {
246 if (context)
247 krb5_set_error_message(context, EINVAL, "Unable to determine folder path");
248 return EINVAL;
249 }
250
251 len = strlen(path);
252
253 if (len > 0 && path[len - 1] == '\\')
254 path[len - 1] = '\0';
255
256 if (postfix &&
257 strlcat(path, postfix, sizeof(path)/sizeof(path[0])) >= sizeof(path)/sizeof(path[0]))
258 return krb5_enomem(context);
259
260 *ret = strdup(path);
261 if (*ret == NULL)
262 return krb5_enomem(context);
263 return 0;
264 }
265
266 #else
267
268 static krb5_error_code
269 _expand_path(krb5_context context, PTYPE param, const char *postfix, char **ret)
270 {
271 *ret = strdup(postfix);
272 if (*ret == NULL)
273 return krb5_enomem(context);
274 return 0;
275 }
276
277 static krb5_error_code
278 _expand_temp_folder(krb5_context context, PTYPE param, const char *postfix, char **ret)
279 {
280 const char *p = NULL;
281
282 if (!issuid())
283 p = getenv("TEMP");
284
285 if (p)
286 *ret = strdup(p);
287 else
288 *ret = strdup("/tmp");
289 if (*ret == NULL)
290 return krb5_enomem(context);
291 return 0;
292 }
293
294 static krb5_error_code
295 _expand_userid(krb5_context context, PTYPE param, const char *postfix, char **str)
296 {
297 int ret = asprintf(str, "%ld", (unsigned long)getuid());
298 if (ret < 0 || *str == NULL)
299 return krb5_enomem(context);
300 return 0;
301 }
302
303
304 #endif /* _WIN32 */
305
306 /**
307 * Expand an extra token
308 */
309
310 static krb5_error_code
311 _expand_extra_token(krb5_context context, const char *value, char **ret)
312 {
313 *ret = strdup(value);
314 if (*ret == NULL)
315 return krb5_enomem(context);
316 return 0;
317 }
318
319 /**
320 * Expand a %{null} token
321 *
322 * The expansion of a %{null} token is always the empty string.
323 */
324
325 static krb5_error_code
326 _expand_null(krb5_context context, PTYPE param, const char *postfix, char **ret)
327 {
328 *ret = strdup("");
329 if (*ret == NULL)
330 return krb5_enomem(context);
331 return 0;
332 }
333
334
335 static const struct {
336 const char * tok;
337 int ftype;
338 #define FTYPE_CSIDL 0
339 #define FTYPE_SPECIAL 1
340
341 PTYPE param;
342 const char * postfix;
343
344 int (*exp_func)(krb5_context, PTYPE, const char *, char **);
345
346 #define SPECIALP(f, P) FTYPE_SPECIAL, 0, P, f
347 #define SPECIAL(f) SPECIALP(f, NULL)
348
349 } tokens[] = {
350 #ifdef _WIN32
351 #define CSIDLP(C,P) FTYPE_CSIDL, C, P, _expand_csidl
352 #define CSIDL(C) CSIDLP(C, NULL)
353
354 {"APPDATA", CSIDL(CSIDL_APPDATA)}, /* Roaming application data (for current user) */
355 {"COMMON_APPDATA", CSIDL(CSIDL_COMMON_APPDATA)}, /* Application data (all users) */
356 {"LOCAL_APPDATA", CSIDL(CSIDL_LOCAL_APPDATA)}, /* Local application data (for current user) */
357 {"SYSTEM", CSIDL(CSIDL_SYSTEM)}, /* Windows System folder (e.g. %WINDIR%\System32) */
358 {"WINDOWS", CSIDL(CSIDL_WINDOWS)}, /* Windows folder */
359 {"USERCONFIG", CSIDLP(CSIDL_APPDATA, "\\" PACKAGE)}, /* Per user Heimdal configuration file path */
360 {"COMMONCONFIG", CSIDLP(CSIDL_COMMON_APPDATA, "\\" PACKAGE)}, /* Common Heimdal configuration file path */
361 {"LIBDIR", SPECIAL(_expand_bin_dir)},
362 {"BINDIR", SPECIAL(_expand_bin_dir)},
363 {"LIBEXEC", SPECIAL(_expand_bin_dir)},
364 {"SBINDIR", SPECIAL(_expand_bin_dir)},
365 #else
366 {"LIBDIR", FTYPE_SPECIAL, 0, LIBDIR, _expand_path},
367 {"BINDIR", FTYPE_SPECIAL, 0, BINDIR, _expand_path},
368 {"LIBEXEC", FTYPE_SPECIAL, 0, LIBEXECDIR, _expand_path},
369 {"SBINDIR", FTYPE_SPECIAL, 0, SBINDIR, _expand_path},
370 #endif
371 {"TEMP", SPECIAL(_expand_temp_folder)},
372 {"USERID", SPECIAL(_expand_userid)},
373 {"uid", SPECIAL(_expand_userid)},
374 {"null", SPECIAL(_expand_null)}
375 };
376
377 static krb5_error_code
378 _expand_token(krb5_context context,
379 const char *token,
380 const char *token_end,
381 char **extra_tokens,
382 char **ret)
383 {
384 size_t i;
385 char **p;
386
387 *ret = NULL;
388
389 if (token[0] != '%' || token[1] != '{' || token_end[0] != '}' ||
390 token_end - token <= 2) {
391 if (context)
392 krb5_set_error_message(context, EINVAL,"Invalid token.");
393 return EINVAL;
394 }
395
396 for (p = extra_tokens; p && p[0]; p += 2) {
397 if (strncmp(token+2, p[0], (token_end - token) - 2) == 0)
398 return _expand_extra_token(context, p[1], ret);
399 }
400
401 for (i = 0; i < sizeof(tokens)/sizeof(tokens[0]); i++) {
402 if (!strncmp(token+2, tokens[i].tok, (token_end - token) - 2))
403 return tokens[i].exp_func(context, tokens[i].param,
404 tokens[i].postfix, ret);
405 }
406
407 if (context)
408 krb5_set_error_message(context, EINVAL, "Invalid token.");
409 return EINVAL;
410 }
411
412 /**
413 * Internal function to expand tokens in paths.
414 *
415 * Inputs:
416 *
417 * @context A krb5_context
418 * @path_in The path to expand tokens from
419 *
420 * Outputs:
421 *
422 * @ppath_out Path with expanded tokens (caller must free() this)
423 */
424 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
425 _krb5_expand_path_tokens(krb5_context context,
426 const char *path_in,
427 int filepath,
428 char **ppath_out)
429 {
430 return _krb5_expand_path_tokensv(context, path_in, filepath, ppath_out, NULL);
431 }
432
433 static void
434 free_extra_tokens(char **extra_tokens)
435 {
436 char **p;
437
438 for (p = extra_tokens; p && *p; p++)
439 free(*p);
440 free(extra_tokens);
441 }
442
443 /**
444 * Internal function to expand tokens in paths.
445 *
446 * Inputs:
447 *
448 * @context A krb5_context
449 * @path_in The path to expand tokens from
450 * @ppath_out The expanded path
451 * @... Variable number of pairs of strings, the first of each
452 * being a token (e.g., "luser") and the second a string to
453 * replace it with. The list is terminated by a NULL.
454 *
455 * Outputs:
456 *
457 * @ppath_out Path with expanded tokens (caller must free() this)
458 */
459 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
460 _krb5_expand_path_tokensv(krb5_context context,
461 const char *path_in,
462 int filepath,
463 char **ppath_out, ...)
464 {
465 char *tok_begin, *tok_end, *append;
466 char **extra_tokens = NULL;
467 const char *path_left;
468 const char *s;
469 size_t nargs = 0;
470 size_t len = 0;
471 va_list ap;
472
473 if (path_in == NULL || *path_in == '\0') {
474 *ppath_out = strdup("");
475 return 0;
476 }
477
478 *ppath_out = NULL;
479
480 va_start(ap, ppath_out);
481 while ((s = va_arg(ap, const char *))) {
482 nargs++;
483 s = va_arg(ap, const char *);
484 }
485 va_end(ap);
486 nargs *= 2;
487
488 /* Get extra tokens */
489 if (nargs) {
490 size_t i;
491
492 extra_tokens = calloc(nargs + 1, sizeof (*extra_tokens));
493 if (extra_tokens == NULL)
494 return krb5_enomem(context);
495 va_start(ap, ppath_out);
496 for (i = 0; i < nargs; i++) {
497 s = va_arg(ap, const char *); /* token key */
498 if (s == NULL)
499 break;
500 extra_tokens[i] = strdup(s);
501 if (extra_tokens[i++] == NULL) {
502 free_extra_tokens(extra_tokens);
503 return krb5_enomem(context);
504 }
505 s = va_arg(ap, const char *); /* token value */
506 if (s == NULL)
507 s = "";
508 extra_tokens[i] = strdup(s);
509 if (extra_tokens[i] == NULL) {
510 free_extra_tokens(extra_tokens);
511 return krb5_enomem(context);
512 }
513 }
514 va_end(ap);
515 }
516
517 for (path_left = path_in; path_left && *path_left; ) {
518
519 tok_begin = strstr(path_left, "%{");
520
521 if (tok_begin && tok_begin != path_left) {
522
523 append = malloc((tok_begin - path_left) + 1);
524 if (append) {
525 memcpy(append, path_left, tok_begin - path_left);
526 append[tok_begin - path_left] = '\0';
527 }
528 path_left = tok_begin;
529
530 } else if (tok_begin) {
531
532 tok_end = strchr(tok_begin, '}');
533 if (tok_end == NULL) {
534 free_extra_tokens(extra_tokens);
535 if (*ppath_out)
536 free(*ppath_out);
537 *ppath_out = NULL;
538 if (context)
539 krb5_set_error_message(context, EINVAL, "variable missing }");
540 return EINVAL;
541 }
542
543 if (_expand_token(context, tok_begin, tok_end, extra_tokens,
544 &append)) {
545 free_extra_tokens(extra_tokens);
546 if (*ppath_out)
547 free(*ppath_out);
548 *ppath_out = NULL;
549 return EINVAL;
550 }
551
552 path_left = tok_end + 1;
553 } else {
554
555 append = strdup(path_left);
556 path_left = NULL;
557
558 }
559
560 if (append == NULL) {
561
562 free_extra_tokens(extra_tokens);
563 if (*ppath_out)
564 free(*ppath_out);
565 *ppath_out = NULL;
566 return krb5_enomem(context);
567
568 }
569
570 {
571 size_t append_len = strlen(append);
572 char * new_str = realloc(*ppath_out, len + append_len + 1);
573
574 if (new_str == NULL) {
575 free_extra_tokens(extra_tokens);
576 free(append);
577 if (*ppath_out)
578 free(*ppath_out);
579 *ppath_out = NULL;
580 return krb5_enomem(context);
581 }
582
583 *ppath_out = new_str;
584 memcpy(*ppath_out + len, append, append_len + 1);
585 len = len + append_len;
586 free(append);
587 }
588 }
589
590 #ifdef _WIN32
591 /* Also deal with slashes */
592 if (filepath && *ppath_out) {
593 char * c;
594
595 for (c = *ppath_out; *c; c++)
596 if (*c == '/')
597 *c = '\\';
598 }
599 #endif
600
601 free_extra_tokens(extra_tokens);
602 return 0;
603 }
Heimdal