From 69c8e20b18577781e17c5959e23514134dfb5755 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Thu, 24 Jul 2014 16:43:21 -0400 Subject: [PATCH 6/7] Use more randomness for ksu secondary cache names When generating a suffix to append to a ccache name that will hold the credentials for a ksu-invoked process, instead of using integers counting up from 1, use the result of base64-encoding six randomly- generated octets. Tweak the output alphabet just a bit to avoid using '+' or '/' in the generated names, the latter of which could really confuse things. --- src/clients/ksu/ccache.c | 27 +++++++++++++++++++++++---- src/clients/ksu/ksu.h | 2 +- src/clients/ksu/main.c | 16 ++++++++++++---- 3 files changed, 36 insertions(+), 9 deletions(-) diff --git a/src/clients/ksu/ccache.c b/src/clients/ksu/ccache.c index 0f9e042..a0736f2 100644 --- a/src/clients/ksu/ccache.c +++ b/src/clients/ksu/ccache.c @@ -27,6 +27,7 @@ */ #include "ksu.h" +#include "k5-base64.h" #include "adm_proto.h" #include #include @@ -504,10 +505,28 @@ show_credential(context, cred, cc) free(sname); } -int gen_sym(){ - static int i = 0; - i ++; - return i; +/* Create a random string suitable for a filename extension. */ +krb5_error_code +gen_sym(krb5_context context, char **sym_out) +{ + krb5_error_code retval; + char bytes[6], *p, *sym; + krb5_data data = make_data(bytes, sizeof(bytes)); + + *sym_out = NULL; + retval = krb5_c_random_make_octets(context, &data); + if (retval) + return retval; + sym = k5_base64_encode(data.data, data.length); + if (sym == NULL) + return ENOMEM; + /* Tweak the output alphabet just a bit. */ + while ((p = strchr(sym, '/')) != NULL) + *p = '_'; + while ((p = strchr(sym, '+')) != NULL) + *p = '-'; + *sym_out = sym; + return 0; } krb5_error_code krb5_ccache_overwrite(context, ccs, cct, primary_principal) diff --git a/src/clients/ksu/ksu.h b/src/clients/ksu/ksu.h index fbbf217..5ba5ceb 100644 --- a/src/clients/ksu/ksu.h +++ b/src/clients/ksu/ksu.h @@ -130,7 +130,7 @@ extern krb5_error_code krb5_get_login_princ extern void show_credential (krb5_context, krb5_creds *, krb5_ccache); -extern int gen_sym (void); +krb5_error_code gen_sym(krb5_context context, char **sym); extern krb5_error_code krb5_ccache_overwrite (krb5_context, krb5_ccache, krb5_ccache, krb5_principal); diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c index 41a3bf8..47fa820 100644 --- a/src/clients/ksu/main.c +++ b/src/clients/ksu/main.c @@ -856,7 +856,7 @@ resolve_target_cache(krb5_context context, krb5_principal princ, krb5_error_code retval; krb5_boolean switchable, reused = FALSE; krb5_ccache ccache = NULL; - char *sep, *ccname = NULL, *target; + char *sep, *ccname = NULL, *sym = NULL, *target; *ccache_out = NULL; *ccache_reused = FALSE; @@ -876,12 +876,20 @@ resolve_target_cache(krb5_context context, krb5_principal princ, * the name of a cache that doesn't exist yet. */ do { free(ccname); - if (asprintf(&ccname, "%s.%d", target, gen_sym()) < 0) { + retval = gen_sym(context, &sym); + if (retval) { + com_err(prog_name, retval, + _("while generating part of the target ccache name")); + return retval; + } + if (asprintf(&ccname, "%s.%s", target, sym) < 0) { retval = ENOMEM; - com_err(prog_name, ENOMEM, - _("while allocating memory for target ccache name")); + free(sym); + com_err(prog_name, retval, _("while allocating memory for the " + "target ccache name")); goto cleanup; } + free(sym); } while (ks_ccache_name_is_initialized(context, ccname)); retval = krb5_cc_resolve(context, ccname, &ccache); } else { -- 2.0.4