base: heim_config_parse_file_multi fix plist config parsing
4c34168b01 ("base: Fix use of
HEIM_USE_PATH_TOKENS") relocated the expansion of path tokens
within heim_config_parse_file_multi() so it is only performed
for non-plist files. However, parse_plist_config() does not
understand tokens and will treat them as path components. As
a result, plist paths such as
%{USERCONFIG}/Library/Preferences/com.apple.Kerberos.plist
will not be expanded. If parse_plist_config() fails with ENOENT,
then the plist configuration will be skipped and krb5_init_context()
will succeed. However, if the current working directory is invalid,
then parse_plist_config() would return ENOMEM which is a fatal
error and krb5_init_context() would fail.
For example, on macOS, if the cwd is in /afs and the user's
tokens have expired:
user@MacBookAir user % ~/src/heimdal/kuser/heimtools klist
shell-init: error retrieving current directory:
getcwd: cannot access parent directories: Permission denied
chdir: error retrieving current directory:
getcwd: cannot access parent directories: Permission denied
heimtools: krb5_init_context failed: 12
With this change %{USERCONFIG} is expanded and parse_plist_config()
is called with an absolute path. Even though the specified file
is inaccessible, the krb5_init_context() call succeeds.This commit is contained in:
Jeffrey Altman
@@ -576,6 +576,7 @@ heim_config_parse_file_multi(heim_context context,
|
||||
{
|
||||
const char *str;
|
||||
char *newfname = NULL;
|
||||
char *exp_fname = NULL;
|
||||
unsigned lineno = 0;
|
||||
heim_error_code ret = 0;
|
||||
struct fileptr f;
|
||||
@@ -608,6 +609,19 @@ heim_config_parse_file_multi(heim_context context,
|
||||
fname = newfname;
|
||||
}
|
||||
|
||||
/*
|
||||
* Note that heim_config_parse_dir_multi() doesn't want tokens
|
||||
* expanded here, but it happens to limit the names of files to
|
||||
* include such that there can be no tokens to expand. Don't
|
||||
* add token expansion for tokens using _, say.
|
||||
*/
|
||||
ret = heim_expand_path_tokens(context, fname, 1, &exp_fname, NULL);
|
||||
if (ret)
|
||||
goto out;
|
||||
free(newfname);
|
||||
fname = newfname = exp_fname;
|
||||
|
||||
|
||||
if (is_plist_file(fname)) {
|
||||
#if defined(HAVE_FRAMEWORK_COREFOUNDATION)
|
||||
ret = parse_plist_config(context, fname, res);
|
||||
@@ -623,20 +637,6 @@ heim_config_parse_file_multi(heim_context context,
|
||||
goto out;
|
||||
#endif
|
||||
} else {
|
||||
char *exp_fname = NULL;
|
||||
|
||||
/*
|
||||
* Note that heim_config_parse_dir_multi() doesn't want tokens
|
||||
* expanded here, but it happens to limit the names of files to
|
||||
* include such that there can be no tokens to expand. Don't
|
||||
* add token expansion for tokens using _, say.
|
||||
*/
|
||||
ret = heim_expand_path_tokens(context, fname, 1, &exp_fname, NULL);
|
||||
if (ret)
|
||||
goto out;
|
||||
free(newfname);
|
||||
fname = newfname = exp_fname;
|
||||
|
||||
f.context = context;
|
||||
f.f = fopen(fname, "r");
|
||||
f.s = NULL;
|
||||
|
||||
Reference in New Issue
Block a user