diff options
| author | Stefan Metzmacher <metze@samba.org> | 2016-12-15 12:41:58 +0100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2016-12-20 01:11:24 +0100 |
| commit | 05e8bfdc95437c4a0ac087f1767bae7f5b930283 (patch) | |
| tree | b3276e79e1c05bde0fa350d398d96a0d9c7fc994 /auth/credentials | |
| parent | 250df9d6374b690daea2839ba7eecb350a42d8e6 (diff) | |
| download | samba-05e8bfdc95437c4a0ac087f1767bae7f5b930283.tar.gz | |
auth/credentials: change the parsing order of cli_credentials_parse_file()
We now first just remember the domain, realm, username, password values
(the last value wins).
At the end we call cli_credentials_set_{realm,domain,password}()
followed by cli_credentials_parse_string() for 'username'.
It means the last 'username' line beats the domain, realm or password lines, e.g.:
username=USERDOMAIN\username
domain=DOMAIN
will result in cli_credentials_get_domain() returning "USERDOMAIN" instead of
DOMAIN.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth/credentials')
| -rw-r--r-- | auth/credentials/credentials.c | 54 |
1 files changed, 49 insertions, 5 deletions
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c index 0ffcc5c2cfb..9a935c6cf39 100644 --- a/auth/credentials/credentials.c +++ b/auth/credentials/credentials.c @@ -1117,6 +1117,10 @@ _PUBLIC_ bool cli_credentials_parse_file(struct cli_credentials *cred, const cha char *ptr, *val, *param; char **lines; int i, numlines; + const char *realm = NULL; + const char *domain = NULL; + const char *password = NULL; + const char *username = NULL; lines = file_lines_load(file, &numlines, 0, NULL); @@ -1147,17 +1151,57 @@ _PUBLIC_ bool cli_credentials_parse_file(struct cli_credentials *cred, const cha val++; if (strwicmp("password", param) == 0) { - cli_credentials_set_password(cred, val, obtained); + password = val; } else if (strwicmp("username", param) == 0) { - cli_credentials_parse_string(cred, val, obtained); + username = val; } else if (strwicmp("domain", param) == 0) { - cli_credentials_set_domain(cred, val, obtained); + domain = val; } else if (strwicmp("realm", param) == 0) { - cli_credentials_set_realm(cred, val, obtained); + realm = val; } - memset(lines[i], 0, len); + + /* + * We need to readd '=' in order to let + * the strlen() work in the last loop + * that clears the memory. + */ + *ptr = '='; + } + + if (realm != NULL && strlen(realm) != 0) { + /* + * only overwrite with a valid string + */ + cli_credentials_set_realm(cred, realm, obtained); + } + + if (domain != NULL && strlen(domain) != 0) { + /* + * only overwrite with a valid string + */ + cli_credentials_set_domain(cred, domain, obtained); } + if (password != NULL) { + /* + * Here we allow "". + */ + cli_credentials_set_password(cred, password, obtained); + } + + if (username != NULL) { + /* + * The last "username" line takes preference + * if the string also contains domain, realm or + * password. + */ + cli_credentials_parse_string(cred, username, obtained); + } + + for (i = 0; i < numlines; i++) { + len = strlen(lines[i]); + memset(lines[i], 0, len); + } talloc_free(lines); return true; |