Do not use hardcoded realm or host names

4 files changed, 17 insertions, 25 deletions

diff --git a/kerberosIV/krb/decomp_ticket.c b/kerberosIV/krb/decomp_ticket.c
index 00b95910230..a0de714ccbe 100644
--- a/kerberosIV/krb/decomp_ticket.c
+++ b/kerberosIV/krb/decomp_ticket.c
@@ -35,8 +35,7 @@ or implied warranty.
  * fills in values for its arguments.
  *
  * Note: if the client realm field in the ticket is the null string,
- * then the "prealm" variable is filled in with the local realm (as
- * defined by KRB_REALM).
+ * then the "prealm" variable is filled in with the local realm.
  *
  * If the ticket byte order is different than the host's byte order
  * (as indicated by the byte order bit of the "flags" field), then
@@ -103,8 +102,8 @@ decomp_ticket(tkt, flags, pname, pinstance, prealm, paddress, session,
     (void) strcpy(prealm,ptr);  /* realm */
     ptr += strlen(prealm) + 1;
     /* temporary hack until realms are dealt with properly */
-    if (*prealm == 0)
-        (void) strcpy(prealm,KRB_REALM);
+    if (*prealm == 0 && krb_get_lrealm(prealm, 1) != KSUCCESS)
+	return(KFAILURE);
 
     bcopy(ptr,(char *)paddress,4); /* net address */
     ptr += 4;
diff --git a/kerberosIV/krb/get_krbhst.c b/kerberosIV/krb/get_krbhst.c
index 9d396af4815..14493581e44 100644
--- a/kerberosIV/krb/get_krbhst.c
+++ b/kerberosIV/krb/get_krbhst.c
@@ -38,10 +38,8 @@ or implied warranty.
  * returns (in h) the nth entry from the configuration file (KRB_CONF,
  * defined in "krb.h") associated with the specified realm.
  *
- * On end-of-file, krb_get_krbhst returns KFAILURE.  If n=1 and the
- * configuration file does not exist, krb_get_krbhst will return KRB_HOST
- * (also defined in "krb.h").  If all goes well, the routine returnes
- * KSUCCESS.
+ * On end-of-file, krb_get_krbhst returns KFAILURE. If all goes well,
+ * the routine returns KSUCCESS.
  *
  * The KRB_CONF file contains the name of the local realm in the first
  * line (not used by this routine), followed by lines indicating realm/host
@@ -78,12 +76,7 @@ krb_get_krbhst(h, r, n)
         strncat(tbuf, "/krb.conf", sizeof(tbuf));
         tbuf[sizeof(tbuf)-1] = 0;
         if ((cnffile = fopen(tbuf,"r")) == NULL)
-            if (n==1) {
-                (void) strcpy(h,KRB_HOST);
-                return(KSUCCESS);
-            }
-            else
-                return(KFAILURE);
+            return(KFAILURE);
     }
     if (fscanf(cnffile,"%s",tr) == EOF)
         return(KFAILURE);
diff --git a/kerberosIV/krb/get_krbrlm.c b/kerberosIV/krb/get_krbrlm.c
index a3a9a625833..4d67382ed1b 100644
--- a/kerberosIV/krb/get_krbrlm.c
+++ b/kerberosIV/krb/get_krbrlm.c
@@ -33,9 +33,7 @@ or implied warranty.
  * krb_get_lrealm takes a pointer to a string, and a number, n.  It fills
  * in the string, r, with the name of the nth realm specified on the
  * first line of the kerberos config file (KRB_CONF, defined in "krb.h").
- * It returns 0 (KSUCCESS) on success, and KFAILURE on failure.  If the
- * config file does not exist, and if n=1, a successful return will occur
- * with r = KRB_REALM (also defined in "krb.h").
+ * It returns 0 (KSUCCESS) on success, and KFAILURE on failure.
  *
  * NOTE: for archaic & compatibility reasons, this routine will only return
  * valid results when n = 1.
@@ -61,12 +59,7 @@ krb_get_lrealm(r, n)
         strncat(tbuf, "/krb.conf", sizeof(tbuf));
         tbuf[sizeof(tbuf)-1] = 0;
         if ((cnffile = fopen(tbuf,"r")) == NULL)
-            if (n == 1) {
-                (void) strcpy(r, KRB_REALM);
-                return(KSUCCESS);
-            }
-            else
-                return(KFAILURE);
+            return(KFAILURE);
     }
 
     if (fscanf(cnffile,"%s",r) != 1) {
diff --git a/kerberosIV/krb/get_pw_tkt.c b/kerberosIV/krb/get_pw_tkt.c
index 0e459a3c6d7..d2dbf5ee2e1 100644
--- a/kerberosIV/krb/get_pw_tkt.c
+++ b/kerberosIV/krb/get_pw_tkt.c
@@ -28,6 +28,7 @@ or implied warranty.
   */
 
 #include "krb_locl.h"
+#include <sys/param.h>
 
 /*
  * Get a ticket for the password-changing server ("changepw.KRB_MASTER").
@@ -66,17 +67,23 @@ get_pw_tkt(user, instance, realm, cpw)
 	char *realm;
 	char *cpw;
 {
+    char *dot, admin[MAXHOSTNAMELEN];
     int kerror;
 
+    if ((kerror = krb_get_admhst(admin, realm, 1)) != KSUCCESS)
+        return(GT_PW_BADPW);
+    if ((dot = strchr(admin, '.')) != NULL)
+	*dot = '\0';
+
     kerror = krb_get_pw_in_tkt(user, instance, realm, "changepw",
-			       KRB_MASTER, 1, cpw);
+			       admin, 1, cpw);
 
     if (kerror == INTK_BADPW)
 	return(GT_PW_BADPW);
 
     if (kerror == KDC_NULL_KEY) {
 	kerror = krb_get_pw_in_tkt("default","changepw",realm,"changepw",
-				   KRB_MASTER,1,"changepwkrb");
+				   admin,1,"changepwkrb");
 	if (kerror)
 	    return(kerror);
 	return(GT_PW_NULL);