From c9c0389f9190c7dfade1dc83f1eeaa81694980a0 Mon Sep 17 00:00:00 2001 From: Marc Horowitz Date: Fri, 14 Aug 1998 05:41:10 +0000 Subject: [PATCH] there is code in the tree (notably, the admin server code) which uses globals to set the keytab which will be used by gssapi. this is gross, and we need a better answer. However, even that didn't work if there was an env var or krb5.conf variable, since those override krb5_defkeyname. Add a new global, krb5_overridekeyname, which really does override all the other keytab locators. While I'm at it, make the buffer overflow checks sane. git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10823 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kadmin/server/ovsec_kadmd.c | 11 ++++++----- src/lib/krb5/os/ktdefname.c | 21 ++++++++++++++------- 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c index 5a1c6b44c2..b1290e596c 100644 --- a/src/kadmin/server/ovsec_kadmd.c +++ b/src/kadmin/server/ovsec_kadmd.c @@ -58,7 +58,7 @@ void *global_server_handle; * it also restricts us to linking against the Kv5 GSS-API library. * Since this is *k*admind, that shouldn't be a problem. */ -extern char *krb5_defkeyname; +extern char *krb5_overridekeyname; char *build_princ_name(char *name, char *realm); void log_badauth(OM_uint32 major, OM_uint32 minor, @@ -309,7 +309,7 @@ int main(int argc, char *argv[]) htons(addr.sin_port)); } kadm5_destroy(global_server_handle); - krb5_klog_close(); + krb5_klog_close(); exit(1); } memset(&addr, 0, sizeof(addr)); @@ -380,9 +380,10 @@ int main(int argc, char *argv[]) exit(1); } - /* XXX krb5_defkeyname is an internal library global and should - go away */ - krb5_defkeyname = params.admin_keytab; + /* XXX krb5_overridekeyname is an internal library global and should + go away. This is an awful hack. */ + + krb5_overridekeyname = params.admin_keytab; /* * Try to acquire creds for the old OV services as well as the diff --git a/src/lib/krb5/os/ktdefname.c b/src/lib/krb5/os/ktdefname.c index c645635ab0..af17e57e27 100644 --- a/src/lib/krb5/os/ktdefname.c +++ b/src/lib/krb5/os/ktdefname.c @@ -30,6 +30,9 @@ extern char *krb5_defkeyname; +/* this is a an exceedinly gross thing. */ +char *krb5_overridekeyname = NULL; + KRB5_DLLIMP krb5_error_code KRB5_CALLCONV krb5_kt_default_name(context, name, namesize) krb5_context context; @@ -40,19 +43,23 @@ krb5_kt_default_name(context, name, namesize) krb5_error_code code; char *retval; - if ((context->profile_secure == FALSE) && + if (krb5_overridekeyname) { + if ((size_t) namesize < (strlen(krb5_overridekeyname)+1)) + return KRB5_CONFIG_NOTENUFSPACE; + strcpy(name, krb5_overridekeyname); + } else if ((context->profile_secure == FALSE) && (cp = getenv("KRB5_KTNAME"))) { - strncpy(name, cp, namesize); - if (strlen(cp) >= (size_t) namesize) + if ((size_t) namesize < (strlen(cp)+1)) return KRB5_CONFIG_NOTENUFSPACE; + strcpy(name, cp); } else if (((code = profile_get_string(context->profile, "libdefaults", "default_keytab_name", NULL, NULL, &retval)) == 0) && retval) { - strncpy(name, retval, namesize); - if ((size_t) namesize < strlen(retval)) + if ((size_t) namesize < (strlen(retval)+1)) return KRB5_CONFIG_NOTENUFSPACE; + strcpy(name, retval); } else { #if defined (_MSDOS) || defined(_WIN32) { @@ -66,9 +73,9 @@ krb5_kt_default_name(context, name, namesize) sprintf(name, krb5_defkeyname, defname); } #else - strncpy(name, krb5_defkeyname, namesize); - if ((size_t) namesize < strlen(krb5_defkeyname)) + if ((size_t) namesize < (strlen(krb5_defkeyname)+1)) return KRB5_CONFIG_NOTENUFSPACE; + strcpy(name, krb5_defkeyname); #endif } return 0; -- 2.47.2