mod_auth_gssapi/0001-Escape-principal-name-to-remove-the-path-separator.patch

91 lines
2.9 KiB
Diff
Raw Normal View History

From 286e3dac69c3d4b32db93de1f9937f434383588f Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Thu, 26 Mar 2015 16:30:56 -0400
Subject: [PATCH] Escape principal name to remove the path separator
The principla name is used as a file name, any embedded path separators
are going to cause trouble if used in the file name, so we need to escape
them away. Usee ~ as the escape chracter (~~ to escape ~ itself)
Fixes #14
---
src/mod_auth_gssapi.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 53 insertions(+), 1 deletion(-)
diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c
index 4f21123a4caa56d748307055be73099cc9a63dc0..c7881bf9e149bb190ad73741250d94541abfd0e8 100644
--- a/src/mod_auth_gssapi.c
+++ b/src/mod_auth_gssapi.c
@@ -119,6 +119,48 @@ static bool mag_conn_is_https(conn_rec *c)
return false;
}
+static char *escape(apr_pool_t *pool, const char *name,
+ char find, const char *replace)
+{
+ char *escaped = NULL;
+ char *namecopy;
+ char *n;
+ char *p;
+
+ namecopy = apr_pstrdup(pool, name);
+ if (!namecopy) goto done;
+
+ p = strchr(namecopy, find);
+ if (!p) return namecopy;
+
+ /* first segment */
+ n = namecopy;
+ while (p) {
+ /* terminate previous segment */
+ *p = '\0';
+ if (escaped) {
+ escaped = apr_pstrcat(pool, escaped, n, replace, NULL);
+ } else {
+ escaped = apr_pstrcat(pool, n, replace, NULL);
+ }
+ if (!escaped) goto done;
+ /* move to next segment */
+ n = p + 1;
+ p = strchr(n, find);
+ }
+ /* append last segment if any */
+ if (*n) {
+ escaped = apr_pstrcat(pool, escaped, n, NULL);
+ }
+
+done:
+ if (!escaped) {
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, NULL,
+ "OOM escaping name");
+ }
+ return escaped;
+}
+
static void mag_store_deleg_creds(request_rec *req,
char *dir, char *clientname,
gss_cred_id_t delegated_cred,
@@ -128,8 +170,18 @@ static void mag_store_deleg_creds(request_rec *req,
gss_key_value_set_desc store;
char *value;
uint32_t maj, min;
+ char *escaped;
- value = apr_psprintf(req->pool, "FILE:%s/%s", dir, clientname);
+ /* We need to escape away '/', we can't have path separators in
+ * a ccache file name */
+ /* first double escape the esacping char (~) if any */
+ escaped = escape(req->pool, clientname, '~', "~~");
+ if (!escaped) return;
+ /* then escape away the separator (/) if any */
+ escaped = escape(req->pool, escaped, '/', "~");
+ if (!escaped) return;
+
+ value = apr_psprintf(req->pool, "FILE:%s/%s", dir, escaped);
if (!value) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, NULL,
"OOM storing delegated credentials");
--
2.1.0