Rewrote krb_get_lrealm to correctly handle the v4 realms section in the profile and...

author Alexandra Ellwood <lxs@mit.edu>

Fri, 11 Jul 2003 15:03:59 +0000 (15:03 +0000)

committer Alexandra Ellwood <lxs@mit.edu>

Fri, 11 Jul 2003 15:03:59 +0000 (15:03 +0000)
author Alexandra Ellwood <lxs@mit.edu>
Fri, 11 Jul 2003 15:03:59 +0000 (15:03 +0000)
committer Alexandra Ellwood <lxs@mit.edu>
Fri, 11 Jul 2003 15:03:59 +0000 (15:03 +0000)
diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog

index 702d0220d5d5bd641880673b84764b5f6c174c6e..97c0a54744bb877cd5854f4477a76f274939eade 100644 (file)
--- a/src/lib/krb4/ChangeLog
+++ b/src/lib/krb4/ChangeLog
@@ -1,3 +1,10 @@
+2003-07-10  Alexandra Ellwood  <lxs@mit.edu>
+
+        * RealmsConfig-glue.c: krb_get_lrealm fix so that if there is no
+        "v4_realm" tag, krb_get_lrealm doesn't just always return
+        ATHENA.MIT.EDU even though a different realm is specified in
+        krb5.conf and there is a [v4 realm] config
+
  2003-07-07  Alexandra Ellwood  <lxs@mit.edu>
  
          * RealmsConfig-glue.c: krb_prof_get_nth() no longer assumes that
diff --git a/src/lib/krb4/RealmsConfig-glue.c b/src/lib/krb4/RealmsConfig-glue.c

index dd0f0d9d49715c6f9bba1dc9e83a3f7432ee7cd3..0ff47b15e8b6e9d6ee75f718c8d344b313e86a52 100644 (file)
--- a/src/lib/krb4/RealmsConfig-glue.c
+++ b/src/lib/krb4/RealmsConfig-glue.c
@@ -190,76 +190,104 @@ krb_get_lrealm(
      char       *realm,
      int                n)
  {
-    long       profErr = 0;
-    char       *realmString = NULL;
-    char       *realmStringV4 = NULL;
-    profile_t  profile = NULL;
-    int                result;
-    FILE       *cnffile = NULL;
-    char       scratch[SCRATCHSZ];
-
-    if (n != 1 || realm == NULL)
-       return KFAILURE;
-
-    result = KFAILURE;         /* Start out with failure. */
+    int         result = KSUCCESS;
+    profile_t   profile = NULL;
+    char       *profileDefaultRealm = NULL;
+    char      **profileV4Realms = NULL;
+    int         profileHasDefaultRealm = 0;
+    int         profileDefaultRealmIsV4RealmInProfile = 0;
+    char        krbConfLocalRealm[REALM_SZ];
+    int         krbConfHasLocalRealm = 0;
  
-    profErr = krb_get_profile(&profile);
-    if (profErr)
-       goto cleanup;
-
-    profErr = profile_get_string(profile, REALMS_V4_PROF_LIBDEFAULTS_SECTION,
-                                REALMS_V4_DEFAULT_REALM, NULL, NULL,
-                                &realmString);
-    if (profErr || realmString == NULL)
-       goto cleanup;
+    if (result == KSUCCESS) {
+        int profileErr = krb_get_profile (&profile);
+
+        if (!profileErr) {
+            /* Get the default realm from the profile */
+            profileErr = profile_get_string(profile, REALMS_V4_PROF_LIBDEFAULTS_SECTION,
+                                            REALMS_V4_DEFAULT_REALM, NULL, NULL,
+                                            &profileDefaultRealm);
+            if (profileDefaultRealm == NULL) { profileErr = KFAILURE; }
+        }
+
+        if (!profileErr) {
+            /* If there is an equivalent v4 realm to the default realm, use that instead */
+            char *profileV4EquivalentRealm = NULL;
+
+            if (profile_get_string (profile, "realms", profileDefaultRealm, "v4_realm", NULL,
+                                    &profileV4EquivalentRealm) == 0 &&
+                profileV4EquivalentRealm != NULL) {
+
+                profile_release_string (profileDefaultRealm);
+                profileDefaultRealm = profileV4EquivalentRealm;
+            }
+        }
+
+        if (!profileErr) {
+            if (strlen (profileDefaultRealm) < REALM_SZ) {
+                profileHasDefaultRealm = 1;  /* a reasonable default realm */
+            }
+        }
+
+        if (!profileErr) {
+            /* Walk through the v4 realms list looking for the default realm */
+            const char *profileV4RealmsList[] = { REALMS_V4_PROF_REALMS_SECTION, NULL };
+
+            if (profile_get_subsection_names (profile, profileV4RealmsList,
+                                              &profileV4Realms) == 0 &&
+                profileV4Realms != NULL) {
+
+                char **profileRealm;
+                for (profileRealm = profileV4Realms; *profileRealm != NULL; profileRealm++) {
+                    if (strcmp (*profileRealm, profileDefaultRealm) == 0) {
+                        /* default realm is a v4 realm */
+                        profileDefaultRealmIsV4RealmInProfile = 1;
+                        break;
+                    }
+                }
+            }
+        }
+    }
+    
+    if (result == KSUCCESS) {
+        /* Try to get old-style config file lookup for fallback. */
+        FILE   *cnffile = NULL;
+        char   scratch[SCRATCHSZ];
+
+        cnffile = krb__get_cnffile();
+        if (cnffile != NULL) {
+            if (fscanf(cnffile, SCNSCRATCH, scratch) == 1) {
+                if (strlen(scratch) < REALM_SZ) {
+                    strncpy(krbConfLocalRealm, scratch, REALM_SZ);
+                    krbConfHasLocalRealm = 1;
+                } else {
+                    result = KFAILURE; /* Invalid config file! */
+                }
+            }
+            fclose(cnffile);
+        }
+    }
  
-    if (strlen(realmString) >= REALM_SZ)
-       goto cleanup;
-    strncpy(realm, realmString, REALM_SZ);
-    /*
-     * Step 2: the default realm is actually v5 realm, so we have to
-     * check for the case where v4 and v5 realms are different.
-     */
-    profErr = profile_get_string(profile, "realms", realm, "v4_realm",
-                                NULL, &realmStringV4);
-    if (profErr || realmStringV4 == NULL)
-       goto cleanup;
+    if (result == KSUCCESS) {
+        /*
+         * We want to favor the profile value over the krb.conf value
+         * but not stop suppporting its use with a v5-only profile. 
+         * So we only use the krb.conf realm when the default profile
+         * realm doesn't exist in the v4 realm section of the profile.
+         */
+        if (krbConfHasLocalRealm && !profileDefaultRealmIsV4RealmInProfile) {
+            strncpy (realm, krbConfLocalRealm, REALM_SZ);
+        } else if (profileHasDefaultRealm) {
+            strncpy (realm, profileDefaultRealm, REALM_SZ);
+        } else {
+            result = KFAILURE;  /* No default realm */
+        }
+    }
  
-    if (strlen(realmStringV4) >= REALM_SZ)
-       goto cleanup;
-    strncpy(realm, realmStringV4, REALM_SZ);
-    result = KSUCCESS;
-cleanup:
-    if (realmString != NULL)
-       profile_release_string(realmString);
-    if (realmStringV4 != NULL)
-       profile_release_string(realmStringV4);
-    if (profile != NULL)
-       profile_abandon(profile);
+    if (profileDefaultRealm != NULL) { profile_release_string (profileDefaultRealm); }
+    if (profileV4Realms     != NULL) { profile_free_list (profileV4Realms); }
+    if (profile             != NULL) { profile_abandon (profile); }
  
-    if (result == KSUCCESS)
-       return result;
-    /*
-     * Do old-style config file lookup.
-     */
-    do {
-       cnffile = krb__get_cnffile();
-       if (cnffile == NULL)
-           break;
-       if (fscanf(cnffile, SCNSCRATCH, scratch) == 1) {
-           if (strlen(scratch) >= REALM_SZ)
-               result = KFAILURE;
-           else {
-               strncpy(realm, scratch, REALM_SZ);
-               result = KSUCCESS;
-           }
-       }
-       fclose(cnffile);
-    } while (0);
-    if (result == KFAILURE && strlen(KRB_REALM) < REALM_SZ) {
-       strncpy(realm, KRB_REALM, REALM_SZ);
-       result = KSUCCESS;
-    }
      return result;
  }
author	Alexandra Ellwood <lxs@mit.edu>
	Fri, 11 Jul 2003 15:03:59 +0000 (15:03 +0000)
committer	Alexandra Ellwood <lxs@mit.edu>
	Fri, 11 Jul 2003 15:03:59 +0000 (15:03 +0000)
src/lib/krb4/ChangeLog		patch \| blob \| blame \| history
src/lib/krb4/RealmsConfig-glue.c		patch \| blob \| blame \| history