Fix error clobbering bug and code review comments

2011-12-01 13:12:45 -06:00
parent da14596f0e
commit 89bae59b49
4 changed files with 104 additions and 79 deletions
--- a/lib/krb5/aname_to_localname.c
+++ b/lib/krb5/aname_to_localname.c
@@ -186,7 +186,7 @@ an2ln_plugin(krb5_context context, const char *rule, krb5_const_principal aname,
 	ret = KRB5_CONFIG_NOTENUFSPACE;

    heim_release(ctx.luser);
-    return 0;
+    return ret;
 }

 static void
@@ -287,12 +287,23 @@ an2ln_local_names(krb5_context context,
 */
 static krb5_error_code
 an2ln_default(krb5_context context,
-	      int root_princs_ok,
+	      char *rule,
 	      krb5_const_principal aname,
 	      size_t lnsize, char *lname)
 {
    krb5_error_code ret;
    const char *res;
+    int root_princs_ok;
+
+    if (strcmp(rule, "NONE") == 0)
+	return KRB5_NO_LOCALNAME;
+
+    if (strcmp(rule, "DEFAULT") == 0)
+	root_princs_ok = 0;
+    else if (strcmp(rule, "HEIMDAL_DEFAULT") == 0)
+	root_princs_ok = 1;
+    else
+	return KRB5_PLUGIN_NO_HANDLE;

    if (!princ_realm_is_default(context, aname))
 	return KRB5_PLUGIN_NO_HANDLE;
@@ -303,7 +314,7 @@ an2ln_default(krb5_context context,
 	 * component is the username.
 	 */
 	res = aname->name.name_string.val[0];
-    } else if (aname->name.name_string.len == 2 &&
+    } else if (root_princs_ok && aname->name.name_string.len == 2 &&
 	       strcmp (aname->name.name_string.val[1], "root") == 0) {
 	/*
 	 * Two-component principal names in default realm where the
@@ -372,41 +383,42 @@ krb5_aname_to_localname(krb5_context context,
 				    "auth_to_local", NULL);
    if (!rules) {
 	/* Heimdal's default rule */
-	ret = an2ln_default(context, 1, aname, lnsize, lname);
+	ret = an2ln_default(context, "HEIMDAL_DEFAULT", aname, lnsize, lname);
 	if (ret == KRB5_PLUGIN_NO_HANDLE)
 	    return KRB5_NO_LOCALNAME;
 	return ret;
    }

-    /* MIT rules */
+    /*
+     * MIT rules.
+     *
+     * Note that RULEs and DBs only have white-list functionality,
+     * thus RULEs and DBs that we don't understand we simply ignore.
+     *
+     * This means that plugins that implement black-lists are
+     * dangerous: if a black-list plugin isn't found, the black-list
+     * won't be enforced.  But black-lists are dangerous anyways.
+     */
    for (ret = KRB5_PLUGIN_NO_HANDLE, i = 0; rules[i]; i++) {
 	rule = rules[i];
-	if (!*rule || strcmp(rule, "NONE") == 0)
-	    break;
-	else if (strcmp(rule, "HEIMDAL_DEFAULT") == 0)
-	    ret = an2ln_default(context, 1, aname, lnsize, lname);
-	else if (strcmp(rule, "DEFAULT") == 0)
-	    ret = an2ln_default(context, 0, aname, lnsize, lname);
-	else
-	    /* Let the plugins handle DBs and RULEs and anything else*/
+
+	/* Try NONE, DEFAULT, and HEIMDAL_DEFAULT rules */
+	ret = an2ln_default(context, rule, aname, lnsize, lname);
+	if (ret == KRB5_PLUGIN_NO_HANDLE)
+	    /* Try DB, RULE, ... plugins */
 	    ret = an2ln_plugin(context, rule, aname, lnsize, lname);

-	if (ret == 0 && lnsize && lname[0])
-	    break;
-	/*
-	 * Note that RULEs and DBs only have white-list functionality,
-	 * thus RULEs and DBs that we don't understand we simply ignore.
-	 *
-	 * This means that plugins that implement black-lists are
-	 * dangerous: if a black-list plugin isn't found, the black-list
-	 * won't be enforced.  But black-lists are dangerous anyways.
-	 */
-	if (ret != KRB5_PLUGIN_NO_HANDLE)
+	if (ret == 0 && lnsize && !lname[0])
+	    continue; /* Success but no lname?!  lies! */
+	else if (ret != KRB5_PLUGIN_NO_HANDLE)
 	    break;
    }

-    if (ret == KRB5_PLUGIN_NO_HANDLE)
+    if (ret == KRB5_PLUGIN_NO_HANDLE) {
+	if (lnsize)
+	    lname[0] = '\0';
 	ret = KRB5_NO_LOCALNAME;
+    }

    krb5_config_free_strings(rules);
    return ret;
--- a/lib/krb5/test_alname.c
+++ b/lib/krb5/test_alname.c
@@ -34,13 +34,33 @@
 #include <getarg.h>
 #include <err.h>

+char localname[1024];
+static size_t lname_size = sizeof (localname);
+static int lname_size_arg = 0;
+static int simple_flag = 0;
+static int verbose_flag = 0;
+static int version_flag = 0;
+static int help_flag	= 0;
+
+static struct getargs args[] = {
+    {"lname-size",	0,	arg_integer,	&lname_size_arg,
+     "set localname size (0 means use default, must be 0..1023)", "integer" },
+    {"simple",	0,	arg_flag,	&simple_flag, /* Used for scripting */
+     "map the given principal and print the resulting localname", NULL },
+    {"verbose",	0,	arg_flag,	&verbose_flag,
+     "print the actual principal name as well as the localname", NULL },
+    {"version",	0,	arg_flag,	&version_flag,
+     "print version", NULL },
+    {"help",	0,	arg_flag,	&help_flag,
+     NULL, NULL }
+};
+
 static void
 test_alname(krb5_context context, krb5_const_realm realm,
 	    const char *user, const char *inst,
 	    const char *localuser, int ok)
 {
    krb5_principal p;
-    char localname[1024];
    krb5_error_code ret;
    char *princ;

@@ -52,7 +72,7 @@ test_alname(krb5_context context, krb5_const_realm realm,
    if (ret)
 	krb5_err(context, 1, ret, "krb5_unparse_name");

-    ret = krb5_aname_to_localname(context, p, sizeof(localname), localname);
+    ret = krb5_aname_to_localname(context, p, lname_size, localname);
    krb5_free_principal(context, p);
    if (ret) {
 	if (!ok) {
@@ -76,22 +96,6 @@ test_alname(krb5_context context, krb5_const_realm realm,

 }

-static int simple_flag = 0;
-static int verbose_flag = 0;
-static int version_flag = 0;
-static int help_flag	= 0;
-
-static struct getargs args[] = {
-    {"simple",	0,	arg_flag,	&simple_flag, /* Used for scripting */
-     "map the given principal and print the resulting localname", NULL },
-    {"verbose",	0,	arg_flag,	&verbose_flag,
-     "print the actual principal name as well as the localname", NULL },
-    {"version",	0,	arg_flag,	&version_flag,
-     "print version", NULL },
-    {"help",	0,	arg_flag,	&help_flag,
-     NULL, NULL }
-};
-
 static void
 usage (int ret)
 {
@@ -133,9 +137,9 @@ main(int argc, char **argv)

    if (simple_flag) {
 	krb5_principal princ;
-	char localname[1024];
 	char *unparsed;
 	krb5_error_code ret;
+	int status = 0;

 	/* Map then print the result and exit */
 	if (argc != 1)
@@ -149,23 +153,40 @@ main(int argc, char **argv)
 	if (ret)
 	    krb5_err(context, 1, ret, "krb5_unparse_name");

-	ret = krb5_aname_to_localname(context, princ, sizeof(localname),
-				      localname);
+	if (lname_size_arg > 0 && lname_size_arg < 1024)
+	    lname_size = lname_size_arg;
+	else if (lname_size_arg != 0)
+	    errx(1, "local name size must be between 0 and 1023 (inclusive)");
+
+	ret = krb5_aname_to_localname(context, princ, lname_size, localname);
 	if (ret == KRB5_NO_LOCALNAME) {
 	    if (verbose_flag)
 		fprintf(stderr, "No mapping obtained for %s\n", unparsed);
 	    exit(1);
 	}
-	if (ret == KRB5_PLUGIN_NO_HANDLE) {
+	switch (ret) {
+	case KRB5_PLUGIN_NO_HANDLE:
 	    fprintf(stderr, "Error: KRB5_PLUGIN_NO_HANDLE leaked!\n");
-	    exit(2);
+	    status = 2;
+	    break;
+	case KRB5_CONFIG_NOTENUFSPACE:
+	    fprintf(stderr, "Error: lname-size (%lu) too small\n",
+		    (long unsigned)lname_size);
+	    status = 3;
+	    break;
+	case 0:
+	    if (verbose_flag)
+		printf("%s ", unparsed);
+	    printf("%s\n", localname);
+	    break;
+	default:
+	    krb5_err(context, 4, ret, "krb5_aname_to_localname");
+	    break;
 	}
-	if (verbose_flag)
-	    printf("%s ", unparsed);
 	free(unparsed);
 	krb5_free_principal(context, princ);
-	printf("%s\n", localname);
-	exit(0);
+	krb5_free_context(context);
+	exit(status);
    }

    if (argc != 1)