[PATCH] documentation fixes and keytab handling regression
Jeremy Allison
jra at samba.org
Fri Dec 2 19:11:03 UTC 2016
On Fri, Dec 02, 2016 at 12:56:03PM +0200, Alexander Bokovoy wrote:
> Hi,
>
> attached two patches improve documentation for 'logon script' and
> 'dedicated keytab file' options.
>
> The second patch also fixes a regression introduced by the commit
> c2f5c30b which broke specifying storage access format for keytabs.
NAK on the second patch. Sorry, but I don't understand what
you're trying to check for w.r.t. relative/absolute paths
here.
The original code refuses all paths that don't start with '/'
(i.e. don't allow relative paths).
I'm assuming you want to allow paths of the form:
/absol/ute/path
FILE:/absol/ute/path
WRFILE:/absol/ute/path
but disallow paths of the form:
rela/tive/path
FILE:rela/tive/path
WRFILE:rela/tive/path
In which case the logic should be:
if (keytab_name_req != NULL) {
if (keytab_name_req[0] != '/') {
/*
* Might still be an absolute path, but
* prefixed by FILE:/ or WRFILE:/
*/
bool good_file = (strncmp(keytab_name_req, "FILE:/", 6) == 0);
bool good_wrfile = (strncmp(keytab_name_req, "WRFILE:/", 8) == 0);
if (!good_file && !good_wrfile) {
/* Nope - relative path. Disallow. */
return KRB5_KT_BADNAME;
}
}
}
Is this correct ?
Jeremy.
More information about the samba-technical
mailing list