Only call gsskrb5_register_acceptor_identity if we have gssapi_krb5.h.

author Mark Andrews <marka@isc.org>

Thu, 9 Jul 2020 05:30:59 +0000 (15:30 +1000)

committer Mark Andrews <marka@isc.org>

Mon, 13 Jul 2020 22:55:13 +0000 (08:55 +1000)
author Mark Andrews <marka@isc.org>
Thu, 9 Jul 2020 05:30:59 +0000 (15:30 +1000)
committer Mark Andrews <marka@isc.org>
Mon, 13 Jul 2020 22:55:13 +0000 (08:55 +1000)
diff --git a/CHANGES b/CHANGES

index ade4b3ca76dd5393d8d19a394006767d715b1210..f7a45582821d0772e48023f41146f703a38fbb6e 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+5470.  [port]          illumos: only call gsskrb5_register_acceptor_identity
+                       if we have gssapi_krb5.h. [GL #1995]
+
  5469.  [port]          illumos: SEC is defined in <sys/time.h> which
                         conflicted with our use of SEC. [GL #1993]
  
diff --git a/lib/dns/gssapictx.c b/lib/dns/gssapictx.c

index 5852b5e35dde7660bf09afeb0ff03e571fc70e05..a95d5d811668572ecbaaa4ad0c24d0da767306a1 100644 (file)
--- a/lib/dns/gssapictx.c
+++ b/lib/dns/gssapictx.c
@@ -678,6 +678,7 @@ dst_gssapi_acceptctx(gss_cred_id_t cred, const char *gssapi_keytab,
         }
  
         if (gssapi_keytab != NULL) {
+#if HAVE_GSSAPI_GSSAPI_KRB5_H || HAVE_GSSAPI_KRB5_H || defined(WIN32)
                 gret = gsskrb5_register_acceptor_identity(gssapi_keytab);
                 if (gret != GSS_S_COMPLETE) {
                         gss_log(3,
@@ -687,6 +688,27 @@ dst_gssapi_acceptctx(gss_cred_id_t cred, const char *gssapi_keytab,
                                 gss_error_tostring(gret, 0, buf, sizeof(buf)));
                         return (DNS_R_INVALIDTKEY);
                 }
+#else
+               /*
+                * Minimize memory leakage by only setting KRB5_KTNAME
+                * if it needs to change.
+                */
+               const char *old = getenv("KRB5_KTNAME");
+               if (old == NULL || strcmp(old, gssapi_keytab) != 0) {
+                       size_t size;
+                       char *kt;
+
+                       size = strlen(gssapi_keytab) + 13;
+                       kt = malloc(size);
+                       if (kt == NULL) {
+                               return (ISC_R_NOMEMORY);
+                       }
+                       snprintf(kt, size, "KRB5_KTNAME=%s", gssapi_keytab);
+                       if (putenv(kt) != 0) {
+                               return (ISC_R_NOMEMORY);
+                       }
+               }
+#endif
         }
  
         log_cred(cred);
author	Mark Andrews <marka@isc.org>
	Thu, 9 Jul 2020 05:30:59 +0000 (15:30 +1000)
committer	Mark Andrews <marka@isc.org>
	Mon, 13 Jul 2020 22:55:13 +0000 (08:55 +1000)
CHANGES		patch \| blob \| blame \| history
lib/dns/gssapictx.c		patch \| blob \| blame \| history