Use more randomness for ksu secondary cache names

When generating a suffix to append to a ccache name that will hold the
credentials for a ksu-invoked process, instead of using integers
counting up from 1, use the result of base64-encoding six randomly-
generated octets.  Tweak the output alphabet just a bit to avoid using
'+' or '/' in the generated names, the latter of which could really
confuse things.

diff --git a/src/clients/ksu/ccache.c b/src/clients/ksu/ccache.c
index 0f9e0427b984d99d748bcf4fa3d496cbcf789c89..a0736f2daad77f5ce458a318d17977ac5b68ea4d 100644 (file)
--- a/src/clients/ksu/ccache.c
+++ b/src/clients/ksu/ccache.c
@@ -27,6 +27,7 @@
  */
 
 #include "ksu.h"
+#include "k5-base64.h"
 #include "adm_proto.h"
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -504,10 +505,28 @@ show_credential(context, cred, cc)
     free(sname);
 }
 
-int gen_sym(){
-    static int i = 0;
-    i ++;
-    return i;
+/* Create a random string suitable for a filename extension. */
+krb5_error_code
+gen_sym(krb5_context context, char **sym_out)
+{
+    krb5_error_code retval;
+    char bytes[6], *p, *sym;
+    krb5_data data = make_data(bytes, sizeof(bytes));
+
+    *sym_out = NULL;
+    retval = krb5_c_random_make_octets(context, &data);
+    if (retval)
+        return retval;
+    sym = k5_base64_encode(data.data, data.length);
+    if (sym == NULL)
+        return ENOMEM;
+    /* Tweak the output alphabet just a bit. */
+    while ((p = strchr(sym, '/')) != NULL)
+        *p = '_';
+    while ((p = strchr(sym, '+')) != NULL)
+        *p = '-';
+    *sym_out = sym;
+    return 0;
 }
 
 krb5_error_code krb5_ccache_overwrite(context, ccs, cct, primary_principal)

diff --git a/src/clients/ksu/ksu.h b/src/clients/ksu/ksu.h
index fbbf217a6e7a5f93dcfdeaf68ab72b9729d88791..5ba5cebc8c1310381f650b37220f3c2e2b961afb 100644 (file)
--- a/src/clients/ksu/ksu.h
+++ b/src/clients/ksu/ksu.h
@@ -130,7 +130,7 @@ extern krb5_error_code krb5_get_login_princ
 extern void show_credential
 (krb5_context, krb5_creds *, krb5_ccache);
 
-extern int gen_sym (void);
+krb5_error_code gen_sym(krb5_context context, char **sym);
 
 extern krb5_error_code krb5_ccache_overwrite
 (krb5_context, krb5_ccache, krb5_ccache, krb5_principal);

diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
index 41a3bf8aadc0db412673bf7e6f9c798780e53391..47fa8203e24d3f513bf184e6b41f03e39e4ef10a 100644 (file)
--- a/src/clients/ksu/main.c
+++ b/src/clients/ksu/main.c
@@ -856,7 +856,7 @@ resolve_target_cache(krb5_context context, krb5_principal princ,
     krb5_error_code retval;
     krb5_boolean switchable, reused = FALSE;
     krb5_ccache ccache = NULL;
-    char *sep, *ccname = NULL, *target;
+    char *sep, *ccname = NULL, *sym = NULL, *target;
 
     *ccache_out = NULL;
     *ccache_reused = FALSE;
@@ -876,12 +876,20 @@ resolve_target_cache(krb5_context context, krb5_principal princ,
          * the name of a cache that doesn't exist yet. */
         do {
             free(ccname);
-            if (asprintf(&ccname, "%s.%d", target, gen_sym()) < 0) {
+            retval = gen_sym(context, &sym);
+            if (retval) {
+                com_err(prog_name, retval,
+                        _("while generating part of the target ccache name"));
+                return retval;
+            }
+            if (asprintf(&ccname, "%s.%s", target, sym) < 0) {
                 retval = ENOMEM;
-                com_err(prog_name, ENOMEM,
-                        _("while allocating memory for target ccache name"));
+                free(sym);
+                com_err(prog_name, retval, _("while allocating memory for the "
+                                             "target ccache name"));
                 goto cleanup;
             }
+            free(sym);
         } while (ks_ccache_name_is_initialized(context, ccname));
         retval = krb5_cc_resolve(context, ccname, &ccache);
     } else {