there is code in the tree (notably, the admin server code) which uses

globals to set the keytab which will be used by gssapi.  this is
gross, and we need a better answer.  However, even that didn't work if
there was an env var or krb5.conf variable, since those override
krb5_defkeyname.  Add a new global, krb5_overridekeyname, which really
does override all the other keytab locators.  While I'm at it, make the buffer overflow checks sane.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10823 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c
index 5a1c6b44c26b8d679dfe9ed723916c0e20409ac2..b1290e596c211bc6ff5979ee1c7555c15bf2ceee 100644 (file)
--- a/src/kadmin/server/ovsec_kadmd.c
+++ b/src/kadmin/server/ovsec_kadmd.c
@@ -58,7 +58,7 @@ void *global_server_handle;
  * it also restricts us to linking against the Kv5 GSS-API library.
  * Since this is *k*admind, that shouldn't be a problem.
  */
-extern         char *krb5_defkeyname;
+extern         char *krb5_overridekeyname;
 
 char *build_princ_name(char *name, char *realm);
 void log_badauth(OM_uint32 major, OM_uint32 minor,
@@ -309,7 +309,7 @@ int main(int argc, char *argv[])
                      htons(addr.sin_port));
          }
          kadm5_destroy(global_server_handle);
-         krb5_klog_close();      
+         krb5_klog_close();
          exit(1);
      }
      memset(&addr, 0, sizeof(addr));
@@ -380,9 +380,10 @@ int main(int argc, char *argv[])
          exit(1);
      }
 
-     /* XXX krb5_defkeyname is an internal library global and should
-        go away */
-     krb5_defkeyname = params.admin_keytab;
+     /* XXX krb5_overridekeyname is an internal library global and should
+        go away.  This is an awful hack. */
+
+     krb5_overridekeyname = params.admin_keytab;
 
      /*
       * Try to acquire creds for the old OV services as well as the

diff --git a/src/lib/krb5/os/ktdefname.c b/src/lib/krb5/os/ktdefname.c
index c645635ab016ecc61d53e0e3750f917945b92025..af17e57e2763d0a78901bd843d6b517bbb19db85 100644 (file)
--- a/src/lib/krb5/os/ktdefname.c
+++ b/src/lib/krb5/os/ktdefname.c
@@ -30,6 +30,9 @@
 
 extern char *krb5_defkeyname;
 
+/* this is a an exceedinly gross thing. */
+char *krb5_overridekeyname = NULL;
+
 KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
 krb5_kt_default_name(context, name, namesize)
     krb5_context context;
@@ -40,19 +43,23 @@ krb5_kt_default_name(context, name, namesize)
     krb5_error_code code;
     char *retval;
 
-    if ((context->profile_secure == FALSE) &&
+    if (krb5_overridekeyname) {
+       if ((size_t) namesize < (strlen(krb5_overridekeyname)+1))
+           return KRB5_CONFIG_NOTENUFSPACE;
+       strcpy(name, krb5_overridekeyname);
+    } else if ((context->profile_secure == FALSE) &&
        (cp = getenv("KRB5_KTNAME"))) {
-       strncpy(name, cp, namesize);
-       if (strlen(cp) >= (size_t) namesize)
+       if ((size_t) namesize < (strlen(cp)+1))
            return KRB5_CONFIG_NOTENUFSPACE;
+       strcpy(name, cp);
     } else if (((code = profile_get_string(context->profile,
                                           "libdefaults",
                                           "default_keytab_name", NULL, 
                                           NULL, &retval)) == 0) &&
               retval) {
-       strncpy(name, retval, namesize);
-       if ((size_t) namesize < strlen(retval))
+       if ((size_t) namesize < (strlen(retval)+1))
            return KRB5_CONFIG_NOTENUFSPACE;
+       strcpy(name, retval);
     } else {
 #if defined (_MSDOS) || defined(_WIN32)
        {
@@ -66,9 +73,9 @@ krb5_kt_default_name(context, name, namesize)
            sprintf(name, krb5_defkeyname, defname);
        }
 #else
-       strncpy(name, krb5_defkeyname, namesize);
-       if ((size_t) namesize < strlen(krb5_defkeyname))
+       if ((size_t) namesize < (strlen(krb5_defkeyname)+1))
            return KRB5_CONFIG_NOTENUFSPACE;
+       strcpy(name, krb5_defkeyname);
 #endif
     }
     return 0;