krb5_wrap: More checks for absolute path in smb_krb5_kt_open()

Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
author: Andreas Schneider <asn@samba.org> 2016-12-14 16:37:17 +0100
committer: Jeremy Allison <jra@samba.org> 2016-12-16 01:55:13 +0100
commit: e0990ccf4e68a8d1bdce89b7d83865d950b4c4d0 (patch)
tree: 050c100ae2e38ec08e5d8ca86eefba68a6a3e518 /lib/krb5_wrap
parent: 430c2d18443632585897a988fb8ef7dcbe34095d (diff)
download: samba-e0990ccf4e68a8d1bdce89b7d83865d950b4c4d0.tar.gz
1 files changed, 21 insertions, 4 deletions
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 28884d9044d..6991e585eef 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -1130,12 +1130,29 @@ krb5_error_code smb_krb5_kt_open(krb5_context context,
 				 bool write_access,
 				 krb5_keytab *keytab)
 {
-	if (keytab_name_req != NULL) {
-		if (keytab_name_req[0] != '/') {
-			return KRB5_KT_BADNAME;
-		}
+	int cmp;
+
+	if (keytab_name_req == NULL) {
+		return KRB5_KT_BADNAME;
+	}
+
+	if (keytab_name_req[0] == '/') {
+		goto open_keytab;
 	}
 
+	cmp = strncmp(keytab_name_req, "FILE:/", 6);
+	if (cmp == 0) {
+		goto open_keytab;
+	}
+
+	cmp = strncmp(keytab_name_req, "WRFILE:/", 8);
+	if (cmp == 0) {
+		goto open_keytab;
+	}
+
+	return KRB5_KT_BADNAME;
+
+open_keytab:
 	return smb_krb5_kt_open_relative(context,
 					 keytab_name_req,
 					 write_access,
author	Andreas Schneider <asn@samba.org>	2016-12-14 16:37:17 +0100
committer	Jeremy Allison <jra@samba.org>	2016-12-16 01:55:13 +0100
commit	e0990ccf4e68a8d1bdce89b7d83865d950b4c4d0 (patch)
tree	050c100ae2e38ec08e5d8ca86eefba68a6a3e518 /lib/krb5_wrap
parent	430c2d18443632585897a988fb8ef7dcbe34095d (diff)
download	samba-e0990ccf4e68a8d1bdce89b7d83865d950b4c4d0.tar.gz