[Heimdal-source-changes] [heimdal/heimdal] ef8e4d: only perform dir separator normalization for file ...

GitHub noreply at github.com
Ons Jan 7 20:43:30 CET 2015 

  Branch: refs/heads/master
  Home:   https://github.com/heimdal/heimdal
  Commit: ef8e4da01035981b228d8d26ca25598dd81bc766
      https://github.com/heimdal/heimdal/commit/ef8e4da01035981b228d8d26ca25598dd81bc766
  Author: Jeffrey Altman <jaltman at secure-endpoints.com>
  Date:   2015-01-07 (Wed, 07 Jan 2015)

  Changed paths:
    M lib/krb5/acache.c
    M lib/krb5/cache.c
    M lib/krb5/config_file.c
    M lib/krb5/expand_path.c
    M lib/krb5/fcache.c
    M lib/krb5/kuserok.c
    M lib/krb5/pkinit.c
    M lib/krb5/test_expand_toks.c

  Log Message:
  -----------
  only perform dir separator normalization for file paths

Commit ad7e54d698433cea77bfb4c98ac93255743d0c93 introduced the use
of _krb5_expand_path_tokens() to expand tokens (and on Windows convert
path delimiters) within credential cache names.  This is safe to do
for the path based credential cache types FILE, DIR and SCC but on
Windows is unsafe for the non-path types.

For example on Windows, the API credential cache names are often based
on the principal name and the principal name is parsed from the ccname.
This practice was introduced with the version v2 ccapi when there was
no method of enumerating the caches from the krb5 library.

This change adds a "filepath" boolean parameter to _krb5_expand_path_tokens()
which is set to TRUE (non-zero) when the input is a file path and FALSE
(zero) when the input is not a file path.  _krb5_expand_path_tokens() will
only perform directory separator normalization on Windows when the
"filepath" parameter is TRUE.

This change is not the preferred solution because it requires that the
library be aware of all credential cache types that use path based
residuals.  The preferred solution would require that the credential cache
implementation indicate whether or not it uses a path based residual.

This change has been implemented using a prefix test and not a change to
struct krb5_cc_ops because existing ccache plugins will not know how to
advertise their use of path based residuals and that path expansion is
safe.

Change-Id: I8135991e8ce69fc5273d381ea9c2078bc2bcd19a

More information about the Heimdal-source-changes mailing list