From fe7cbdedb1ba8dd168c27fe834486bda7e4ee99e Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Fri, 12 Apr 2013 14:19:42 +0200 Subject: [PATCH] Don't allow commas in logins used in sssd access lists https://bugs.freedesktop.org/show_bug.cgi?id=62517 --- service/realm-sssd.c | 47 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 34 insertions(+), 13 deletions(-) diff --git a/service/realm-sssd.c b/service/realm-sssd.c index 9ce5967..cdeba74 100644 --- a/service/realm-sssd.c +++ b/service/realm-sssd.c @@ -27,6 +27,7 @@ #include "realm-sssd-config.h" #include +#include #include @@ -113,6 +114,26 @@ sssd_config_change_login_policy (RealmIniConfig *config, return realm_ini_config_finish_change (config, error); } +static gboolean +sssd_config_check_login_list (gchar **logins, + GError **error) +{ + #define INVALID_CHARS ",$" + gint i; + + for (i = 0; logins[i] != NULL; i++) { + if (strcspn (logins[i], INVALID_CHARS) != strlen (logins[i])) { + g_set_error (error, G_DBUS_ERROR, + G_DBUS_ERROR_INVALID_ARGS, + _("Invalid login argument '%s' contains unsupported characters."), + logins[i]); + return FALSE; + } + } + + return TRUE; +} + static void realm_sssd_logins_async (RealmKerberos *realm, GDBusMethodInvocation *invocation, @@ -167,21 +188,21 @@ realm_sssd_logins_async (RealmKerberos *realm, if (add_names != NULL) remove_names = realm_kerberos_parse_logins (realm, TRUE, remove, &error); - if (add_names == NULL || remove_names == NULL) { - g_simple_async_result_take_error (async, error); - g_simple_async_result_complete_in_idle (async); - g_object_unref (async); - return; + if (error == NULL) + sssd_config_check_login_list (add_names, &error); + if (error == NULL) + sssd_config_check_login_list (remove_names, &error); + + if (error == NULL) { + sssd_config_change_login_policy (self->pv->config, + self->pv->section, + access_provider, + (const gchar **)add_names, + (const gchar **)remove_names, + &error); } - ret = sssd_config_change_login_policy (self->pv->config, - self->pv->section, - access_provider, - (const gchar **)add_names, - (const gchar **)remove_names, - &error); - - if (ret) { + if (error == NULL) { realm_service_restart ("sssd", invocation, on_logins_restarted, g_object_ref (async)); -- 1.8.1.4