search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix string overflow due to wrong size calculation
[Samba/gebeck_regimport.git] / source3 / lib / substitute.c
blob5dec9808101d957d7340364367183f68167e177b
1 /*
2 Unix SMB/CIFS implementation.
3 string substitution functions
4 Copyright (C) Andrew Tridgell 1992-2000
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 */
20
21
22 #include "includes.h"
23
24 fstring local_machine="";
25 fstring remote_arch="UNKNOWN";
26 userdom_struct current_user_info;
27 fstring remote_proto="UNKNOWN";
28
29 static fstring remote_machine;
30 static fstring smb_user_name;
31
32 /**
33 * Set the 'local' machine name
34 * @param local_name the name we are being called
35 * @param if this is the 'final' name for us, not be be changed again
36 */
37
38 void set_local_machine_name(const char* local_name, BOOL perm)
39 {
40 static BOOL already_perm = False;
41 fstring tmp_local_machine;
42
43 /*
44 * Windows NT/2k uses "*SMBSERVER" and XP uses "*SMBSERV"
45 * arrggg!!!
46 */
47
48 if (strequal(local_name, "*SMBSERVER"))
49 return;
50
51 if (strequal(local_name, "*SMBSERV"))
52 return;
53
54 if (already_perm)
55 return;
56
57 already_perm = perm;
58
59 fstrcpy(tmp_local_machine,local_name);
60 trim_char(tmp_local_machine,' ',' ');
61 alpha_strcpy(local_machine,tmp_local_machine,SAFE_NETBIOS_CHARS,sizeof(local_machine)-1);
62 strlower_m(local_machine);
63 }
64
65 /**
66 * Set the 'remote' machine name
67 * @param remote_name the name our client wants to be called by
68 * @param if this is the 'final' name for them, not be be changed again
69 */
70
71 void set_remote_machine_name(const char* remote_name, BOOL perm)
72 {
73 static BOOL already_perm = False;
74 fstring tmp_remote_machine;
75
76 if (already_perm)
77 return;
78
79 already_perm = perm;
80
81 fstrcpy(tmp_remote_machine,remote_name);
82 trim_char(tmp_remote_machine,' ',' ');
83 alpha_strcpy(remote_machine,tmp_remote_machine,SAFE_NETBIOS_CHARS,sizeof(remote_machine)-1);
84 strlower_m(remote_machine);
85 }
86
87 const char* get_remote_machine_name(void)
88 {
89 return remote_machine;
90 }
91
92 const char* get_local_machine_name(void)
93 {
94 if (!*local_machine) {
95 return global_myname();
96 }
97
98 return local_machine;
99 }
100
101 /*******************************************************************
102 Setup the string used by %U substitution.
103 ********************************************************************/
104
105 void sub_set_smb_name(const char *name)
106 {
107 fstring tmp;
108
109 /* don't let anonymous logins override the name */
110 if (! *name)
111 return;
112
113 fstrcpy(tmp,name);
114 trim_char(tmp,' ',' ');
115 strlower_m(tmp);
116 alpha_strcpy(smb_user_name,tmp,SAFE_NETBIOS_CHARS,sizeof(smb_user_name)-1);
117 }
118
119 /*******************************************************************
120 Setup the strings used by substitutions. Called per packet. Ensure
121 %U name is set correctly also.
122 ********************************************************************/
123
124 void set_current_user_info(const userdom_struct *pcui)
125 {
126 current_user_info = *pcui;
127 /* The following is safe as current_user_info.smb_name
128 * has already been sanitised in register_vuid. */
129 fstrcpy(smb_user_name, current_user_info.smb_name);
130 }
131
132 /*******************************************************************
133 Given a pointer to a %$(NAME) expand it as an environment variable.
134 Return the number of characters by which the pointer should be advanced.
135 Based on code by Branko Cibej <branko.cibej@hermes.si>
136 When this is called p points at the '%' character.
137 ********************************************************************/
138
139 static size_t expand_env_var(char *p, int len)
140 {
141 fstring envname;
142 char *envval;
143 char *q, *r;
144 int copylen;
145
146 if (p[1] != '$')
147 return 1;
148
149 if (p[2] != '(')
150 return 2;
151
152 /*
153 * Look for the terminating ')'.
154 */
155
156 if ((q = strchr_m(p,')')) == NULL) {
157 DEBUG(0,("expand_env_var: Unterminated environment variable [%s]\n", p));
158 return 2;
159 }
160
161 /*
162 * Extract the name from within the %$(NAME) string.
163 */
164
165 r = p+3;
166 copylen = MIN((q-r),(sizeof(envname)-1));
167 strncpy(envname,r,copylen);
168 envname[copylen] = '\0';
169
170 if ((envval = getenv(envname)) == NULL) {
171 DEBUG(0,("expand_env_var: Environment variable [%s] not set\n", envname));
172 return 2;
173 }
174
175 /*
176 * Copy the full %$(NAME) into envname so it
177 * can be replaced.
178 */
179
180 copylen = MIN((q+1-p),(sizeof(envname)-1));
181 strncpy(envname,p,copylen);
182 envname[copylen] = '\0';
183 string_sub(p,envname,envval,len);
184 return 0; /* Allow the environment contents to be parsed. */
185 }
186
187 /*******************************************************************
188 Given a pointer to a %$(NAME) in p and the whole string in str
189 expand it as an environment variable.
190 Return a new allocated and expanded string.
191 Based on code by Branko Cibej <branko.cibej@hermes.si>
192 When this is called p points at the '%' character.
193 May substitute multiple occurrencies of the same env var.
194 ********************************************************************/
195
196
197 static char * realloc_expand_env_var(char *str, char *p)
198 {
199 char *envname;
200 char *envval;
201 char *q, *r;
202 int copylen;
203
204 if (p[0] != '%' || p[1] != '$' || p[2] != '(')
205 return str;
206
207 /*
208 * Look for the terminating ')'.
209 */
210
211 if ((q = strchr_m(p,')')) == NULL) {
212 DEBUG(0,("expand_env_var: Unterminated environment variable [%s]\n", p));
213 return str;
214 }
215
216 /*
217 * Extract the name from within the %$(NAME) string.
218 */
219
220 r = p + 3;
221 copylen = q - r;
222 envname = (char *)malloc(copylen + 1 + 4); /* reserve space for use later add %$() chars */
223 if (envname == NULL) return NULL;
224 strncpy(envname,r,copylen);
225 envname[copylen] = '\0';
226
227 if ((envval = getenv(envname)) == NULL) {
228 DEBUG(0,("expand_env_var: Environment variable [%s] not set\n", envname));
229 SAFE_FREE(envname);
230 return str;
231 }
232
233 /*
234 * Copy the full %$(NAME) into envname so it
235 * can be replaced.
236 */
237
238 copylen = q + 1 - p;
239 strncpy(envname,p,copylen);
240 envname[copylen] = '\0';
241 r = realloc_string_sub(str, envname, envval);
242 SAFE_FREE(envname);
243 if (r == NULL) return NULL;
244 return r;
245 }
246
247 /*******************************************************************
248 Patch from jkf@soton.ac.uk
249 Added this to implement %p (NIS auto-map version of %H)
250 *******************************************************************/
251
252 static char *automount_path(const char *user_name)
253 {
254 static pstring server_path;
255
256 /* use the passwd entry as the default */
257 /* this will be the default if WITH_AUTOMOUNT is not used or fails */
258
259 pstrcpy(server_path, get_user_home_dir(user_name));
260
261 #if (defined(HAVE_NETGROUP) && defined (WITH_AUTOMOUNT))
262
263 if (lp_nis_home_map()) {
264 char *home_path_start;
265 char *automount_value = automount_lookup(user_name);
266
267 if(strlen(automount_value) > 0) {
268 home_path_start = strchr_m(automount_value,':');
269 if (home_path_start != NULL) {
270 DEBUG(5, ("NIS lookup succeeded. Home path is: %s\n",
271 home_path_start?(home_path_start+1):""));
272 pstrcpy(server_path, home_path_start+1);
273 }
274 } else {
275 /* NIS key lookup failed: default to user home directory from password file */
276 DEBUG(5, ("NIS lookup failed. Using Home path from passwd file. Home path is: %s\n", server_path ));
277 }
278 }
279 #endif
280
281 DEBUG(4,("Home server path: %s\n", server_path));
282
283 return server_path;
284 }
285
286 /*******************************************************************
287 Patch from jkf@soton.ac.uk
288 This is Luke's original function with the NIS lookup code
289 moved out to a separate function.
290 *******************************************************************/
291
292 static const char *automount_server(const char *user_name)
293 {
294 static pstring server_name;
295 const char *local_machine_name = get_local_machine_name();
296
297 /* use the local machine name as the default */
298 /* this will be the default if WITH_AUTOMOUNT is not used or fails */
299 if (local_machine_name && *local_machine_name)
300 pstrcpy(server_name, local_machine_name);
301 else
302 pstrcpy(server_name, global_myname());
303
304 #if (defined(HAVE_NETGROUP) && defined (WITH_AUTOMOUNT))
305
306 if (lp_nis_home_map()) {
307 int home_server_len;
308 char *automount_value = automount_lookup(user_name);
309 home_server_len = strcspn(automount_value,":");
310 DEBUG(5, ("NIS lookup succeeded. Home server length: %d\n",home_server_len));
311 if (home_server_len > sizeof(pstring))
312 home_server_len = sizeof(pstring);
313 strncpy(server_name, automount_value, home_server_len);
314 server_name[home_server_len] = '\0';
315 }
316 #endif
317
318 DEBUG(4,("Home server: %s\n", server_name));
319
320 return server_name;
321 }
322
323 /****************************************************************************
324 Do some standard substitutions in a string.
325 len is the length in bytes of the space allowed in string str. If zero means
326 don't allow expansions.
327 ****************************************************************************/
328
329 void standard_sub_basic(const char *smb_name, char *str,size_t len)
330 {
331 char *p, *s;
332 fstring pidstr;
333 struct passwd *pass;
334 const char *local_machine_name = get_local_machine_name();
335
336 for (s=str; (p=strchr_m(s, '%'));s=p) {
337 fstring tmp_str;
338
339 int l = (int)len - (int)(p-str);
340
341 if (l < 0)
342 l = 0;
343
344 switch (*(p+1)) {
345 case 'U' :
346 fstrcpy(tmp_str, smb_name);
347 strlower_m(tmp_str);
348 string_sub(p,"%U",tmp_str,l);
349 break;
350 case 'G' :
351 fstrcpy(tmp_str, smb_name);
352 if ((pass = Get_Pwnam(tmp_str))!=NULL) {
353 string_sub(p,"%G",gidtoname(pass->pw_gid),l);
354 } else {
355 p += 2;
356 }
357 break;
358 case 'D' :
359 fstrcpy(tmp_str, current_user_info.domain);
360 strupper_m(tmp_str);
361 string_sub(p,"%D", tmp_str,l);
362 break;
363 case 'I' :
364 string_sub(p,"%I", client_addr(),l);
365 break;
366 case 'i' :
367 string_sub(p,"%i", client_socket_addr(),l);
368 break;
369 case 'L' :
370 if (local_machine_name && *local_machine_name)
371 string_sub(p,"%L", local_machine_name,l);
372 else {
373 pstring temp_name;
374
375 pstrcpy(temp_name, global_myname());
376 strlower_m(temp_name);
377 string_sub(p,"%L", temp_name,l);
378 }
379 break;
380 case 'M' :
381 string_sub(p,"%M", client_name(),l);
382 break;
383 case 'R' :
384 string_sub(p,"%R", remote_proto,l);
385 break;
386 case 'T' :
387 string_sub(p,"%T", timestring(False),l);
388 break;
389 case 'a' :
390 string_sub(p,"%a", remote_arch,l);
391 break;
392 case 'd' :
393 slprintf(pidstr,sizeof(pidstr)-1, "%d",(int)sys_getpid());
394 string_sub(p,"%d", pidstr,l);
395 break;
396 case 'h' :
397 string_sub(p,"%h", myhostname(),l);
398 break;
399 case 'm' :
400 string_sub(p,"%m", get_remote_machine_name(),l);
401 break;
402 case 'v' :
403 string_sub(p,"%v", SAMBA_VERSION_STRING,l);
404 break;
405 case '$' :
406 p += expand_env_var(p,l);
407 break; /* Expand environment variables */
408 case '\0':
409 p++;
410 break; /* don't run off the end of the string */
411
412 default: p+=2;
413 break;
414 }
415 }
416 }
417
418 static void standard_sub_advanced(int snum, const char *user,
419 const char *connectpath, gid_t gid,
420 const char *smb_name, char *str, size_t len)
421 {
422 char *p, *s, *home;
423
424 for (s=str; (p=strchr_m(s, '%'));s=p) {
425 int l = (int)len - (int)(p-str);
426
427 if (l < 0)
428 l = 0;
429
430 switch (*(p+1)) {
431 case 'N' :
432 string_sub(p,"%N", automount_server(user),l);
433 break;
434 case 'H':
435 if ((home = get_user_home_dir(user)))
436 string_sub(p,"%H",home, l);
437 else
438 p += 2;
439 break;
440 case 'P':
441 string_sub(p,"%P", connectpath, l);
442 break;
443 case 'S':
444 string_sub(p,"%S", lp_servicename(snum), l);
445 break;
446 case 'g':
447 string_sub(p,"%g", gidtoname(gid), l);
448 break;
449 case 'u':
450 string_sub(p,"%u", user, l);
451 break;
452
453 /* Patch from jkf@soton.ac.uk Left the %N (NIS
454 * server name) in standard_sub_basic as it is
455 * a feature for logon servers, hence uses the
456 * username. The %p (NIS server path) code is
457 * here as it is used instead of the default
458 * "path =" string in [homes] and so needs the
459 * service name, not the username. */
460 case 'p':
461 string_sub(p,"%p", automount_path(lp_servicename(snum)), l);
462 break;
463 case '\0':
464 p++;
465 break; /* don't run off the end of the string */
466
467 default: p+=2;
468 break;
469 }
470 }
471
472 standard_sub_basic(smb_name, str, len);
473 }
474
475 /****************************************************************************
476 Do some standard substitutions in a string.
477 This function will return an allocated string that have to be freed.
478 ****************************************************************************/
479
480 char *talloc_sub_basic(TALLOC_CTX *mem_ctx, const char *smb_name, const char *str)
481 {
482 char *a, *t;
483 a = alloc_sub_basic(smb_name, str);
484 if (!a) return NULL;
485 t = talloc_strdup(mem_ctx, a);
486 SAFE_FREE(a);
487 return t;
488 }
489
490 char *alloc_sub_basic(const char *smb_name, const char *str)
491 {
492 char *b, *p, *s, *t, *r, *a_string;
493 fstring pidstr;
494 struct passwd *pass;
495 const char *local_machine_name = get_local_machine_name();
496
497 /* workaround to prevent a crash while lookinf at bug #687 */
498
499 if ( !str ) {
500 DEBUG(0,("alloc_sub_basic: NULL source string! This should not happen\n"));
501 return NULL;
502 }
503
504 a_string = strdup(str);
505 if (a_string == NULL) {
506 DEBUG(0, ("alloc_sub_specified: Out of memory!\n"));
507 return NULL;
508 }
509
510 for (b = s = a_string; (p = strchr_m(s, '%')); s = a_string + (p - b)) {
511
512 r = NULL;
513 b = t = a_string;
514
515 switch (*(p+1)) {
516 case 'U' :
517 r = strdup_lower(smb_name);
518 if (r == NULL) goto error;
519 t = realloc_string_sub(t, "%U", r);
520 break;
521 case 'G' :
522 r = strdup(smb_name);
523 if (r == NULL) goto error;
524 if ((pass = Get_Pwnam(r))!=NULL) {
525 t = realloc_string_sub(t, "%G", gidtoname(pass->pw_gid));
526 }
527 break;
528 case 'D' :
529 r = strdup_upper(current_user_info.domain);
530 if (r == NULL) goto error;
531 t = realloc_string_sub(t, "%D", r);
532 break;
533 case 'I' :
534 t = realloc_string_sub(t, "%I", client_addr());
535 break;
536 case 'L' :
537 if (local_machine_name && *local_machine_name)
538 t = realloc_string_sub(t, "%L", local_machine_name);
539 else
540 t = realloc_string_sub(t, "%L", global_myname());
541 break;
542 case 'N':
543 t = realloc_string_sub(t, "%N", automount_server(smb_name));
544 break;
545 case 'M' :
546 t = realloc_string_sub(t, "%M", client_name());
547 break;
548 case 'R' :
549 t = realloc_string_sub(t, "%R", remote_proto);
550 break;
551 case 'T' :
552 t = realloc_string_sub(t, "%T", timestring(False));
553 break;
554 case 'a' :
555 t = realloc_string_sub(t, "%a", remote_arch);
556 break;
557 case 'd' :
558 slprintf(pidstr,sizeof(pidstr)-1, "%d",(int)sys_getpid());
559 t = realloc_string_sub(t, "%d", pidstr);
560 break;
561 case 'h' :
562 t = realloc_string_sub(t, "%h", myhostname());
563 break;
564 case 'm' :
565 t = realloc_string_sub(t, "%m", remote_machine);
566 break;
567 case 'v' :
568 t = realloc_string_sub(t, "%v", SAMBA_VERSION_STRING);
569 break;
570 case '$' :
571 t = realloc_expand_env_var(t, p); /* Expand environment variables */
572 break;
573
574 default:
575 break;
576 }
577
578 p++;
579 SAFE_FREE(r);
580 if (t == NULL) goto error;
581 a_string = t;
582 }
583
584 return a_string;
585 error:
586 SAFE_FREE(a_string);
587 return NULL;
588 }
589
590 /****************************************************************************
591 Do some specific substitutions in a string.
592 This function will return an allocated string that have to be freed.
593 ****************************************************************************/
594
595 char *talloc_sub_specified(TALLOC_CTX *mem_ctx,
596 const char *input_string,
597 const char *username,
598 const char *domain,
599 uid_t uid,
600 gid_t gid)
601 {
602 char *a, *t;
603 a = alloc_sub_specified(input_string, username, domain, uid, gid);
604 if (!a) return NULL;
605 t = talloc_strdup(mem_ctx, a);
606 SAFE_FREE(a);
607 return t;
608 }
609
610 char *alloc_sub_specified(const char *input_string,
611 const char *username,
612 const char *domain,
613 uid_t uid,
614 gid_t gid)
615 {
616 char *a_string, *ret_string;
617 char *b, *p, *s, *t;
618
619 a_string = strdup(input_string);
620 if (a_string == NULL) {
621 DEBUG(0, ("alloc_sub_specified: Out of memory!\n"));
622 return NULL;
623 }
624
625 for (b = s = a_string; (p = strchr_m(s, '%')); s = a_string + (p - b)) {
626
627 b = t = a_string;
628
629 switch (*(p+1)) {
630 case 'U' :
631 t = realloc_string_sub(t, "%U", username);
632 break;
633 case 'u' :
634 t = realloc_string_sub(t, "%u", username);
635 break;
636 case 'G' :
637 if (gid != -1) {
638 t = realloc_string_sub(t, "%G", gidtoname(gid));
639 } else {
640 t = realloc_string_sub(t, "%G", "NO_GROUP");
641 }
642 break;
643 case 'g' :
644 if (gid != -1) {
645 t = realloc_string_sub(t, "%g", gidtoname(gid));
646 } else {
647 t = realloc_string_sub(t, "%g", "NO_GROUP");
648 }
649 break;
650 case 'D' :
651 t = realloc_string_sub(t, "%D", domain);
652 break;
653 case 'N' :
654 t = realloc_string_sub(t, "%N", automount_server(username));
655 break;
656 default:
657 break;
658 }
659
660 p++;
661 if (t == NULL) {
662 SAFE_FREE(a_string);
663 return NULL;
664 }
665 a_string = t;
666 }
667
668 ret_string = alloc_sub_basic(username, a_string);
669 SAFE_FREE(a_string);
670 return ret_string;
671 }
672
673 char *talloc_sub_advanced(TALLOC_CTX *mem_ctx,
674 int snum,
675 const char *user,
676 const char *connectpath,
677 gid_t gid,
678 const char *smb_name,
679 const char *str)
680 {
681 char *a, *t;
682 a = alloc_sub_advanced(snum, user, connectpath, gid, smb_name, str);
683 if (!a) return NULL;
684 t = talloc_strdup(mem_ctx, a);
685 SAFE_FREE(a);
686 return t;
687 }
688
689 char *alloc_sub_advanced(int snum, const char *user,
690 const char *connectpath, gid_t gid,
691 const char *smb_name, const char *str)
692 {
693 char *a_string, *ret_string;
694 char *b, *p, *s, *t, *h;
695
696 a_string = strdup(str);
697 if (a_string == NULL) {
698 DEBUG(0, ("alloc_sub_specified: Out of memory!\n"));
699 return NULL;
700 }
701
702 for (b = s = a_string; (p = strchr_m(s, '%')); s = a_string + (p - b)) {
703
704 b = t = a_string;
705
706 switch (*(p+1)) {
707 case 'N' :
708 t = realloc_string_sub(t, "%N", automount_server(user));
709 break;
710 case 'H':
711 if ((h = get_user_home_dir(user)))
712 t = realloc_string_sub(t, "%H", h);
713 break;
714 case 'P':
715 t = realloc_string_sub(t, "%P", connectpath);
716 break;
717 case 'S':
718 t = realloc_string_sub(t, "%S", lp_servicename(snum));
719 break;
720 case 'g':
721 t = realloc_string_sub(t, "%g", gidtoname(gid));
722 break;
723 case 'u':
724 t = realloc_string_sub(t, "%u", user);
725 break;
726
727 /* Patch from jkf@soton.ac.uk Left the %N (NIS
728 * server name) in standard_sub_basic as it is
729 * a feature for logon servers, hence uses the
730 * username. The %p (NIS server path) code is
731 * here as it is used instead of the default
732 * "path =" string in [homes] and so needs the
733 * service name, not the username. */
734 case 'p':
735 t = realloc_string_sub(t, "%p", automount_path(lp_servicename(snum)));
736 break;
737
738 default:
739 break;
740 }
741
742 p++;
743 if (t == NULL) {
744 SAFE_FREE(a_string);
745 return NULL;
746 }
747 a_string = t;
748 }
749
750 ret_string = alloc_sub_basic(smb_name, a_string);
751 SAFE_FREE(a_string);
752 return ret_string;
753 }
754
755 /****************************************************************************
756 Do some standard substitutions in a string.
757 ****************************************************************************/
758
759 void standard_sub_conn(connection_struct *conn, char *str, size_t len)
760 {
761 standard_sub_advanced(SNUM(conn), conn->user, conn->connectpath,
762 conn->gid, smb_user_name, str, len);
763 }
764
765 char *talloc_sub_conn(TALLOC_CTX *mem_ctx, connection_struct *conn, const char *str)
766 {
767 return talloc_sub_advanced(mem_ctx, SNUM(conn), conn->user,
768 conn->connectpath, conn->gid,
769 smb_user_name, str);
770 }
771
772 char *alloc_sub_conn(connection_struct *conn, const char *str)
773 {
774 return alloc_sub_advanced(SNUM(conn), conn->user, conn->connectpath,
775 conn->gid, smb_user_name, str);
776 }
777
778 /****************************************************************************
779 Like standard_sub but by snum.
780 ****************************************************************************/
781
782 void standard_sub_snum(int snum, char *str, size_t len)
783 {
784 extern struct current_user current_user;
785 static uid_t cached_uid = -1;
786 static fstring cached_user;
787 /* calling uidtoname() on every substitute would be too expensive, so
788 we cache the result here as nearly every call is for the same uid */
789
790 if (cached_uid != current_user.uid) {
791 fstrcpy(cached_user, uidtoname(current_user.uid));
792 cached_uid = current_user.uid;
793 }
794
795 standard_sub_advanced(snum, cached_user, "", -1,
796 smb_user_name, str, len);
797 }
reg import