Detect non-local file URIs when reading the configuration.

If a file-based URI contains an authority part that is not 'localhost',
error out when reading the configuration instead of letting the file
module detect and ignore the error later.

src/gfsec-errors.h

@@ -34,3 +34,4 @@ GFSEC_ERROR(CONFIG_INVALID_URI_PATH,   -15, _("Invalid path in share URI"))
 GFSEC_ERROR(CONFIG_INVALID_URI_PARAM,  -16, _("Invalid parameter in share URI"))
 GFSEC_ERROR(CONFIG_MISSING_AUTHORITY,  -17, _("Missing authority in share URI"))
 GFSEC_ERROR(CONFIG_MISSING_SHARENR,    -18, _("Missing share number"))
+GFSEC_ERROR(CONFIG_NONLOCAL_FILE_URI,  -19, _("Invalid non-local file URI"))

src/secretcfg.c

@@ -73,15 +73,20 @@ get_line(FILE *f, char *buffer, size_t len)
  * @param uri       The address of the URI string. The pointer is
  *                  advanced to the '/' character separating the
  *                  authority from the path.
- * @param authority The address of a newly allocated buffer to
- *                  store the authority.
+ * @param share     The share object to which the authority will be
+ *                  assigned.
  *
- * @return 0 if the authority was successfully extracted, or
- * GFSEC_ERR_CONFIG_INVALID_URI if the uri did not contain a '/'
- * character.
+ * @return
+ * - 0 if successful;
+ * - GFSEC_ERR_CONFIG_INVALID_URI if the URI does not contain a '/'
+ *   character;
+ * - GFSEC_ERR_CONFIG_MISSING_AUTHORITY if the authority portion is
+ *   empty and the scheme is not 'file://';
+ * - GFSEC_ERR_CONFIG_NONLOCAL_FILE_URI if the scheme is 'file://'
+ *   and the authority is not 'localhost'.
  */
 static int
-parse_authority(const char **uri, char **authority)
+parse_authority(const char **uri, gfsec_share_t *share)
 {
     char *slash;
 
@@ -89,9 +94,18 @@ parse_authority(const char **uri, char **authority)
         return GFSEC_ERR_CONFIG_INVALID_URI;
 
     if ( slash > *uri ) {
-        *authority = xstrndup(*uri, slash - *uri);
+        size_t len = slash - *uri;
+
+        if ( share->scheme == GFSEC_SCHEME_FILE ) {
+            if ( len != 9 || strncmp(*uri, "localhost", len) != 0 )
+                return GFSEC_ERR_CONFIG_NONLOCAL_FILE_URI;
+        }
+
+        share->authority = xstrndup(*uri, len);
         *uri = slash;
     }
+    else if ( share->scheme != GFSEC_SCHEME_FILE )
+        return GFSEC_ERR_CONFIG_MISSING_AUTHORITY;
 
     return 0;
 }
@@ -316,10 +330,7 @@ gfsec_parse_uri(const char *uri, gfsec_secret_t *secret, int assign)
         rc = GFSEC_ERR_CONFIG_UNKNOWN_SCHEME;
 
     if ( rc == 0 )
-        rc = parse_authority(&p, &(share->authority));
-
-    if ( ! share->authority && share->scheme != GFSEC_SCHEME_FILE )
-        rc = GFSEC_ERR_CONFIG_MISSING_AUTHORITY;
+        rc = parse_authority(&p, share);
 
     if ( rc == 0 )
         rc = parse_path(&p, &(share->path));

tests/t-parseuri.c

@@ -73,6 +73,13 @@ struct test tests[] = {
     { "http:///", GFSEC_ERR_CONFIG_MISSING_AUTHORITY },
     { "https:///", GFSEC_ERR_CONFIG_MISSING_AUTHORITY },
 
+    /* Non-localhost authority for file-based URIs. */
+    { "file://localhost/path/to/share.123",
+        0, GFSEC_SCHEME_FILE, "localhost", "/path/to/share.123", 123, 0 },
+    { "file://abc/path/to/share.123", GFSEC_ERR_CONFIG_NONLOCAL_FILE_URI },
+    { "file://abcdefghjklm/path/to/share.123", GFSEC_ERR_CONFIG_NONLOCAL_FILE_URI },
+    { "file://localhostabc/path/to/share.123", GFSEC_ERR_CONFIG_NONLOCAL_FILE_URI },
+
     /* Empty path. */
     { "file:///", GFSEC_ERR_CONFIG_INVALID_URI_PATH },
     { "file:///?param=value", GFSEC_ERR_CONFIG_INVALID_URI_PATH },