From ad7e54d698433cea77bfb4c98ac93255743d0c93 Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Wed, 7 Dec 2011 23:59:01 -0600 Subject: [PATCH] Generalize token expansion to allow for context-specific tokens --- lib/krb5/acache.c | 2 +- lib/krb5/cache.c | 6 +-- lib/krb5/config_file.c | 2 +- lib/krb5/expand_path.c | 100 ++++++++++++++++++++++++++++++++++++++++++++----- lib/krb5/fcache.c | 2 +- lib/krb5/kuserok.c | 12 +++++- lib/krb5/pkinit.c | 2 +- lib/krb5/plugin.c | 2 +- 8 files changed, 110 insertions(+), 18 deletions(-) diff --git a/lib/krb5/acache.c b/lib/krb5/acache.c index 13333bc7f..19eeecda4 100644 --- a/lib/krb5/acache.c +++ b/lib/krb5/acache.c @@ -125,7 +125,7 @@ init_ccapi(krb5_context context) #ifdef KRB5_USE_PATH_TOKENS { char * explib = NULL; - if (_krb5_expand_path_tokens(context, lib, NULL, &explib) == 0) { + if (_krb5_expand_path_tokens(context, lib, &explib) == 0) { cc_handle = dlopen(explib, RTLD_LAZY|RTLD_LOCAL); free(explib); } diff --git a/lib/krb5/cache.c b/lib/krb5/cache.c index 69d076a16..88040cbc6 100644 --- a/lib/krb5/cache.c +++ b/lib/krb5/cache.c @@ -189,7 +189,7 @@ allocate_ccache (krb5_context context, #ifdef KRB5_USE_PATH_TOKENS char * exp_residual = NULL; - ret = _krb5_expand_path_tokens(context, residual, NULL, &exp_residual); + ret = _krb5_expand_path_tokens(context, residual, &exp_residual); if (ret) return ret; @@ -410,7 +410,7 @@ krb5_cc_get_ops(krb5_context context, krb5_ccache id) krb5_error_code _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) { - return _krb5_expand_path_tokens(context, str, NULL, res); + return _krb5_expand_path_tokens(context, str, res); } /* @@ -559,7 +559,7 @@ krb5_cc_set_default_name(krb5_context context, const char *name) return ENOMEM; } - ret = _krb5_expand_path_tokens(context, p, NULL, &exp_p); + ret = _krb5_expand_path_tokens(context, p, &exp_p); free(p); if (ret) return ret; diff --git a/lib/krb5/config_file.c b/lib/krb5/config_file.c index 10f1600af..4ac25ae28 100644 --- a/lib/krb5/config_file.c +++ b/lib/krb5/config_file.c @@ -483,7 +483,7 @@ krb5_config_parse_file_multi (krb5_context context, #ifdef KRB5_USE_PATH_TOKENS char * exp_fname = NULL; - ret = _krb5_expand_path_tokens(context, fname, NULL, &exp_fname); + ret = _krb5_expand_path_tokens(context, fname, &exp_fname); if (ret) { if (newfname) free(newfname); diff --git a/lib/krb5/expand_path.c b/lib/krb5/expand_path.c index e7ffe289e..f88068e01 100644 --- a/lib/krb5/expand_path.c +++ b/lib/krb5/expand_path.c @@ -32,6 +32,8 @@ #include "krb5_locl.h" +#include + typedef int PTYPE; #ifdef _WIN32 @@ -310,13 +312,13 @@ _expand_userid(krb5_context context, PTYPE param, const char *postfix, char **st #endif /* _WIN32 */ /** - * Expand a %{luser} token + * Expand an extra token */ static int -_expand_luser(krb5_context context, const char *luser, char **ret) +_expand_extra_token(krb5_context context, const char *value, char **ret) { - *ret = strdup(luser); + *ret = strdup(value); if (*ret == NULL) { if (context) krb5_set_error_message(context, ENOMEM, "Out of memory"); @@ -390,10 +392,11 @@ static int _expand_token(krb5_context context, const char *token, const char *token_end, - const char *luser, + char **extra_tokens, char **ret) { size_t i; + char **p; *ret = NULL; @@ -404,8 +407,10 @@ _expand_token(krb5_context context, return EINVAL; } - if (strncmp(token+2, "luser", (token_end - token) - 2) == 0) - return _expand_luser(context, luser, ret); + for (p = extra_tokens; p && p[0]; p += 2) { + if (strncmp(token+2, p[0], (token_end - token) - 2) == 0) + return _expand_extra_token(context, p[1], ret); + } for (i = 0; i < sizeof(tokens)/sizeof(tokens[0]); i++) { if (!strncmp(token+2, tokens[i].tok, (token_end - token) - 2)) @@ -425,7 +430,6 @@ _expand_token(krb5_context context, * * @context A krb5_context * @path_in The path to expand tokens from - * @luser A local username (optional, for krb5_kuserok()) * * Outputs: * @@ -434,12 +438,48 @@ _expand_token(krb5_context context, KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_expand_path_tokens(krb5_context context, const char *path_in, - const char *luser, char **ppath_out) { + return _krb5_expand_path_tokensv(context, path_in, ppath_out, NULL); +} + +static void +free_extra_tokens(char **extra_tokens) +{ + char **p; + + for (p = extra_tokens; p && *p; p++) + free(*p); + free(extra_tokens); +} + +/** + * Internal function to expand tokens in paths. + * + * Inputs: + * + * @context A krb5_context + * @path_in The path to expand tokens from + * @token Variable number of pairs of strings, the first of each + * being a token (e.g., "luser") and the second a string to + * replace it with. The list is terminated by a NULL. + * + * Outputs: + * + * @ppath_out Path with expanded tokens (caller must free() this) + */ +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_expand_path_tokensv(krb5_context context, + const char *path_in, + char **ppath_out, ...) +{ char *tok_begin, *tok_end, *append; + char **extra_tokens = NULL; const char *path_left; + const char *s; + size_t nextra_tokens = 0; size_t len = 0; + va_list ap; if (path_in == NULL || *path_in == '\0') { *ppath_out = strdup(""); @@ -448,6 +488,42 @@ _krb5_expand_path_tokens(krb5_context context, *ppath_out = NULL; + va_start(ap, ppath_out); + while ((s = va_arg(ap, const char *))) { + nextra_tokens++; + s = va_arg(ap, const char *); + } + va_end(ap); + + /* Get extra tokens */ + if (nextra_tokens) { + size_t i; + + extra_tokens = calloc(nextra_tokens + 2, sizeof (*extra_tokens)); + if (extra_tokens == NULL) + return context ? krb5_enomem(context) : ENOMEM; + va_start(ap, ppath_out); + for (i = 0; i < nextra_tokens; i++) { + s = va_arg(ap, const char *); + if (s == NULL) + break; + extra_tokens[i] = strdup(s); + if (extra_tokens[i++] == NULL) { + free_extra_tokens(extra_tokens); + return context ? krb5_enomem(context) : ENOMEM; + } + s = va_arg(ap, const char *); + if (s == NULL) + break; + extra_tokens[i] = strdup(s); + if (extra_tokens[i] == NULL) { + free_extra_tokens(extra_tokens); + return context ? krb5_enomem(context) : ENOMEM; + } + } + va_end(ap); + } + for (path_left = path_in; path_left && *path_left; ) { tok_begin = strstr(path_left, "%{"); @@ -465,6 +541,7 @@ _krb5_expand_path_tokens(krb5_context context, tok_end = strchr(tok_begin, '}'); if (tok_end == NULL) { + free_extra_tokens(extra_tokens); if (*ppath_out) free(*ppath_out); *ppath_out = NULL; @@ -473,7 +550,9 @@ _krb5_expand_path_tokens(krb5_context context, return EINVAL; } - if (_expand_token(context, tok_begin, tok_end, luser, &append)) { + if (_expand_token(context, tok_begin, tok_end, extra_tokens, + &append)) { + free_extra_tokens(extra_tokens); if (*ppath_out) free(*ppath_out); *ppath_out = NULL; @@ -490,6 +569,7 @@ _krb5_expand_path_tokens(krb5_context context, if (append == NULL) { + free_extra_tokens(extra_tokens); if (*ppath_out) free(*ppath_out); *ppath_out = NULL; @@ -504,6 +584,7 @@ _krb5_expand_path_tokens(krb5_context context, char * new_str = realloc(*ppath_out, len + append_len + 1); if (new_str == NULL) { + free_extra_tokens(extra_tokens); free(append); if (*ppath_out) free(*ppath_out); @@ -530,5 +611,6 @@ _krb5_expand_path_tokens(krb5_context context, } #endif + free_extra_tokens(extra_tokens); return 0; } diff --git a/lib/krb5/fcache.c b/lib/krb5/fcache.c index acc5956cc..731f29341 100644 --- a/lib/krb5/fcache.c +++ b/lib/krb5/fcache.c @@ -328,7 +328,7 @@ fcc_gen_new(krb5_context context, krb5_ccache *id) N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } - ret = _krb5_expand_path_tokens(context, file, NULL, &exp_file); + ret = _krb5_expand_path_tokens(context, file, &exp_file); free(file); if (ret) return ret; diff --git a/lib/krb5/kuserok.c b/lib/krb5/kuserok.c index fad554417..90eaa0bb1 100644 --- a/lib/krb5/kuserok.c +++ b/lib/krb5/kuserok.c @@ -465,7 +465,8 @@ kuserok_sys_k5login_plug_f(void *plug_ctx, krb5_context context, else profile_dir++; - ret = _krb5_expand_path_tokens(context, profile_dir, luser, &path); + ret = _krb5_expand_path_tokensv(context, profile_dir, &path, + "luser", luser, NULL); if (ret) return ret; @@ -495,6 +496,7 @@ kuserok_user_k5login_plug_f(void *plug_ctx, krb5_context context, return KRB5_PLUGIN_NO_HANDLE; #else char *path; + char *path_exp; const char *profile_dir = NULL; krb5_error_code ret; krb5_boolean found_file = FALSE; @@ -524,6 +526,14 @@ kuserok_user_k5login_plug_f(void *plug_ctx, krb5_context context, if (asprintf(&path, "%s/.k5login.d", profile_dir) == -1) return ENOMEM; + + ret = _krb5_expand_path_tokensv(context, path, &path_exp, + "luser", luser, NULL); + free(path); + if (ret) + return ret; + path = path_exp; + /* check user's ~/.k5login */ path[strlen(path) - strlen(".d")] = '\0'; ret = check_one_file(context, path, luser, FALSE, principal, result); diff --git a/lib/krb5/pkinit.c b/lib/krb5/pkinit.c index 0617ec0d1..1103a1780 100644 --- a/lib/krb5/pkinit.c +++ b/lib/krb5/pkinit.c @@ -2220,7 +2220,7 @@ _krb5_parse_moduli(krb5_context context, const char *file, { char * exp_file; - if (_krb5_expand_path_tokens(context, file, NULL, &exp_file) == 0) { + if (_krb5_expand_path_tokens(context, file, &exp_file) == 0) { f = fopen(exp_file, "r"); krb5_xfree(exp_file); } else { diff --git a/lib/krb5/plugin.c b/lib/krb5/plugin.c index 5f9f6991b..ec126f02b 100644 --- a/lib/krb5/plugin.c +++ b/lib/krb5/plugin.c @@ -241,7 +241,7 @@ load_plugins(krb5_context context) char * dir = *di; #ifdef KRB5_USE_PATH_TOKENS - if (_krb5_expand_path_tokens(context, *di, NULL, &dir)) + if (_krb5_expand_path_tokens(context, *di, &dir)) goto next_dir; #endif -- 2.11.4.GIT