src - OpenBSD base system

diff options


context:
space:
mode:

author	Thorsten Lockert <tholo@cvs.openbsd.org>	1995-12-14 08:43:57 +0000
committer	Thorsten Lockert <tholo@cvs.openbsd.org>	1995-12-14 08:43:57 +0000
commit	b9bde382b38aba7823a008759b0b88b6c7a68966 (patch)
tree	2df6948320f675f2f3b178831a2c18f8062fc4d3 /kerberosIV
parent	51285176beb2daf7fedfbdc3f22cb775c29ef5af (diff)

Do not use hardcoded realm or host names

Diffstat (limited to 'kerberosIV')

-rw-r--r--

kerberosIV/acl/acl_files.c

-rw-r--r--

kerberosIV/include/kerberosIV/acl.h

-rw-r--r--

kerberosIV/include/kerberosIV/krb.h

-rw-r--r--

kerberosIV/include/kerberosIV/site.h

-rw-r--r--

kerberosIV/kadmin/kadmin.c

-rw-r--r--

kerberosIV/kadmind/kadm_ser_wrap.c

-rw-r--r--

kerberosIV/kdb_init/kdb_init.c

-rw-r--r--

kerberosIV/kprop/kprop.c

-rw-r--r--

kerberosIV/kpropd/kpropd.c

-rw-r--r--

kerberosIV/krb/decomp_ticket.c

-rw-r--r--

kerberosIV/krb/get_krbhst.c

-rw-r--r--

kerberosIV/krb/get_krbrlm.c

-rw-r--r--

kerberosIV/krb/get_pw_tkt.c

-rw-r--r--

kerberosIV/ksrvutil/ksrvutil.c

14 files changed, 113 insertions, 74 deletions

diff --git a/kerberosIV/acl/acl_files.c b/kerberosIV/acl/acl_files.c
index 545db32ca4d..03dd041d60b 100644
--- a/kerberosIV/acl/acl_files.c
+++ b/kerberosIV/acl/acl_files.c

@@ -1,4 +1,4 @@

-/* $Id: acl_files.c,v 1.1 1995/12/14 06:52:36 tholo Exp $ */

+/* $Id: acl_files.c,v 1.2 1995/12/14 08:43:39 tholo Exp $ */

/*-

@@ -66,7 +66,7 @@

/* If realm is missing, it becomes the local realm */

/* Canonicalized form is put in canon, which must be big enough to hold

MAX_PRINCIPAL_SIZE characters */

-void

+int

acl_canonicalize_principal(principal, canon)

char *principal;

char *canon;

@@ -84,7 +84,7 @@ acl_canonicalize_principal(principal, canon)

/* Copy into canon */

strncpy(canon, principal, MAX_PRINCIPAL_SIZE);

canon[MAX_PRINCIPAL_SIZE-1] = '\0';

- return;

+ return(0);

} else {

/* Nope, it's part of the realm */

dot = NULL;

@@ -122,8 +122,9 @@ acl_canonicalize_principal(principal, canon)

canon += len;

*canon++ = '\0';

} else if(krb_get_lrealm(canon, 1) != KSUCCESS) {

- strcpy(canon, KRB_REALM);

+ return(-1);

}

+ return(0);

}

/* Get a lock to modify acl_file */

@@ -438,7 +439,8 @@ acl_load(name)

acl_cache[i].acl = make_hash(ACL_LEN);

while(fgets(buf, sizeof(buf), f) != NULL) {

nuke_whitespace(buf);

- acl_canonicalize_principal(buf, canon);

+ if (acl_canonicalize_principal(buf, canon) < 0)

+ return(-1);

add_hash(acl_cache[i].acl, canon);

}

fclose(f);

@@ -472,7 +474,8 @@ acl_check(acl, principal)

char canon[MAX_PRINCIPAL_SIZE];

char *realm;

- acl_canonicalize_principal(principal, canon);

+ if (acl_canonicalize_principal(principal, canon) < 0)

+ return(0);

/* Is it there? */

if(acl_exact_match(acl, canon)) return(1);

@@ -502,7 +505,8 @@ acl_add(acl, principal)

FILE *new;

char canon[MAX_PRINCIPAL_SIZE];

- acl_canonicalize_principal(principal, canon);

+ if (acl_canonicalize_principal(principal, canon) < 0)

+ return(-1);

if((new = acl_lock_file(acl)) == NULL) return(-1);

if((acl_exact_match(acl, canon))

@@ -537,7 +541,8 @@ acl_delete(acl, principal)

FILE *new;

char canon[MAX_PRINCIPAL_SIZE];

- acl_canonicalize_principal(principal, canon);

+ if (acl_canonicalize_principal(principal, canon) < 0)

+ return(-1);

if((new = acl_lock_file(acl)) == NULL) return(-1);

if((!acl_exact_match(acl, canon))

diff --git a/kerberosIV/include/kerberosIV/acl.h b/kerberosIV/include/kerberosIV/acl.h
index 652add4e004..ce170746f00 100644
--- a/kerberosIV/include/kerberosIV/acl.h
+++ b/kerberosIV/include/kerberosIV/acl.h

@@ -1,11 +1,11 @@

-/* $Id: acl.h,v 1.1 1995/12/14 06:52:34 tholo Exp $ */

+/* $Id: acl.h,v 1.2 1995/12/14 08:43:41 tholo Exp $ */

#ifndef __ACL_H

#define __ACL_H

#include <sys/cdefs.h>

-void acl_canonicalize_principal __P((char *principal, char *canon));

+int acl_canonicalize_principal __P((char *principal, char *canon));

int acl_initialize __P((char *acl_file, int perm));

int acl_exact_match __P((char *acl, char *principal));

int acl_check __P((char *acl, char *principal));

diff --git a/kerberosIV/include/kerberosIV/krb.h b/kerberosIV/include/kerberosIV/krb.h
index fb5b9ca4498..f2865abd95a 100644
--- a/kerberosIV/include/kerberosIV/krb.h
+++ b/kerberosIV/include/kerberosIV/krb.h

@@ -1,4 +1,4 @@

-/* $Id: krb.h,v 1.1 1995/12/14 06:52:34 tholo Exp $ */

+/* $Id: krb.h,v 1.2 1995/12/14 08:43:42 tholo Exp $ */

/*-

@@ -54,13 +54,7 @@ extern const char *krb_err_txt[MAX_KRB_ERRORS];

* KRBLOG is the log file for the kerberos master server. KRB_CONF is

* the configuration file where different host machines running master

- * and slave servers can be found. KRB_MASTER is the name of the

- * machine with the master database. The admin_server runs on this

- * machine, and all changes to the db (as opposed to read-only

- * requests, which can go to slaves) must go to it. KRB_HOST is the

- * default machine * when looking for a kerberos slave server. Other

- * possibilities are * in the KRB_CONF file. KRB_REALM is the name of

- * the realm.

+ * and slave servers can be found.

/* The maximum sizes for aname, realm, sname, and instance +1 */

diff --git a/kerberosIV/include/kerberosIV/site.h b/kerberosIV/include/kerberosIV/site.h
index e7066084a71..179a579c5bf 100644
--- a/kerberosIV/include/kerberosIV/site.h
+++ b/kerberosIV/include/kerberosIV/site.h

@@ -1,4 +1,4 @@

-/* $Id: site.h,v 1.1 1995/12/14 06:52:35 tholo Exp $ */

+/* $Id: site.h,v 1.2 1995/12/14 08:43:43 tholo Exp $ */

* Site-specific definitions.

@@ -23,10 +23,6 @@

#define KRBLOG "/var/log/kerberos.log" /* master server */

#define KRBSLAVELOG "/var/log/kerberos_slave.log" /* master (?) server */

-#define KRB_MASTER "kerberos"

-#define KRB_HOST "kowande.bu.oz.au"

-#define KRB_REALM "KOWANDE.BU.OZ.AU"

/* from: kadm_server.h */

/* the default syslog file */

#define KADM_SYSLOG "/var/log/admin_server.log"

diff --git a/kerberosIV/kadmin/kadmin.c b/kerberosIV/kadmin/kadmin.c
index 79ef3f9c7f0..2cb575103c3 100644
--- a/kerberosIV/kadmin/kadmin.c
+++ b/kerberosIV/kadmin/kadmin.c

@@ -1,4 +1,4 @@

-/* $Id: kadmin.c,v 1.1 1995/12/14 06:52:48 tholo Exp $ */

+/* $Id: kadmin.c,v 1.2 1995/12/14 08:43:44 tholo Exp $ */

@@ -287,6 +287,7 @@ static int inited = 0;

static void

do_init(int argc, char **argv)

{

+ char *dot, admin[MAXHOSTNAMELEN];

struct passwd *pw;

int c;

#define OPTION_STRING "u:r:m"

@@ -298,14 +299,21 @@ do_init(int argc, char **argv)

* This is only as a default/initial realm; we don't care

* about failure.

- if (krb_get_lrealm(default_realm, 1) != KSUCCESS)

- strcpy(default_realm, KRB_REALM);

+ if (krb_get_lrealm(default_realm, 1) != KSUCCESS) {

+ fprintf(stderr,

+ "Could not determine local realm name.\n");

+ }

+ c = krb_get_admhst(admin, default_realm, 1);

+ if (c == KSUCCESS && (dot = strchr(admin, '.')) != NULL)

+ *dot = '\0';

* If we can reach the local realm, initialize to it. Otherwise,

* don't initialize.

- if (kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm) != KADM_SUCCESS)

+ if (c == KSUCCESS &&

+ kadm_init_link(PWSERV_NAME, admin, default_realm) != KADM_SUCCESS)

bzero(krbrlm, sizeof(krbrlm));

else

strcpy(krbrlm, default_realm);

@@ -370,6 +378,7 @@ main(int argc, char **argv)

static int

setvals(Kadm_vals *vals, char *string)

{

+ char *dot, admin[MAXHOSTNAMELEN];

char realm[REALM_SZ];

int status = KADM_SUCCESS;

@@ -385,8 +394,12 @@ setvals(Kadm_vals *vals, char *string)

if (!realm[0])

strcpy(realm, default_realm);

if (strcmp(realm, krbrlm)) {

+ if ((status = krb_get_admhst(admin, realm, 1)) != KSUCCESS)

+ return(status);

+ if (status == KSUCCESS && (dot = strchr(admin, '.')) != NULL)

+ *dot = '\0';

strcpy(krbrlm, realm);

- if ((status = kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm))

+ if ((status = kadm_init_link(PWSERV_NAME, admin, krbrlm))

!= KADM_SUCCESS)

printf("kadm error for realm %s: %s\n",

krbrlm, error_message(status));

diff --git a/kerberosIV/kadmind/kadm_ser_wrap.c b/kerberosIV/kadmind/kadm_ser_wrap.c
index eec12f47c00..543b6565540 100644
--- a/kerberosIV/kadmind/kadm_ser_wrap.c
+++ b/kerberosIV/kadmind/kadm_ser_wrap.c

@@ -1,4 +1,4 @@

-/* $Id: kadm_ser_wrap.c,v 1.1 1995/12/14 06:52:49 tholo Exp $ */

+/* $Id: kadm_ser_wrap.c,v 1.2 1995/12/14 08:43:45 tholo Exp $ */

/*-

@@ -46,7 +46,7 @@ kadm_ser_init(int inter, char *realm)

{

struct servent *sep;

struct hostent *hp;

- char hostname[MAXHOSTNAMELEN];

+ char *dot, admin[MAXHOSTNAMELEN], hostname[MAXHOSTNAMELEN];

(void) init_kadm_err_tbl();

(void) init_krb_err_tbl();

@@ -54,7 +54,11 @@ kadm_ser_init(int inter, char *realm)

return KADM_NO_HOSTNAME;

(void) strcpy(server_parm.sname, PWSERV_NAME);

- (void) strcpy(server_parm.sinst, KRB_MASTER);

+ if (krb_get_admhst(admin, realm, 1) != KSUCCESS)

+ return KADM_NO_MAST;

+ if ((dot = strchr(server_parm.sinst, '.')) != NULL)

+ *dot = '\0';

+ (void) strcpy(server_parm.sinst, admin);

(void) strcpy(server_parm.krbrlm, realm);

server_parm.admin_fd = -1;

diff --git a/kerberosIV/kdb_init/kdb_init.c b/kerberosIV/kdb_init/kdb_init.c
index ced9997a0d2..035a2b6e16a 100644
--- a/kerberosIV/kdb_init/kdb_init.c
+++ b/kerberosIV/kdb_init/kdb_init.c

@@ -1,4 +1,4 @@

-/* $Id: kdb_init.c,v 1.1 1995/12/14 06:52:42 tholo Exp $ */

+/* $Id: kdb_init.c,v 1.2 1995/12/14 08:43:47 tholo Exp $ */

/*-

@@ -23,6 +23,7 @@

#include <adm_locl.h>

+#include <sys/param.h>

enum ap_op {

NULL_KEY, /* setup null keys */

@@ -100,8 +101,9 @@ add_principal(char *name, char *instance, enum ap_op aap_op)

int

main(int argc, char **argv)

{

- char realm[REALM_SZ];

- char *cp;

+ char admin[MAXHOSTNAMELEN];

+ char realm[REALM_SZ], defrealm[REALM_SZ];

+ char *cp, *dot;

int code;

char *database;

@@ -128,7 +130,9 @@ main(int argc, char **argv)

if (argc == 2)

strncpy(realm, argv[1], REALM_SZ);

else {

- fprintf(stderr, "Realm name [default %s ]: ", KRB_REALM);

+ if (krb_get_lrealm(defrealm, 1) != KSUCCESS)

+ strcpy(defrealm, "NONE");

+ fprintf(stderr, "Realm name [default %s ]: ", defrealm);

if (fgets(realm, sizeof(realm), stdin) == NULL) {

fprintf(stderr, "\nEOF reading realm\n");

exit(1);

@@ -136,7 +140,7 @@ main(int argc, char **argv)

if ((cp = strchr(realm, '\n')))

*cp = '\0';

if (!*realm) /* no realm given */

- strcpy(realm, KRB_REALM);

+ strcpy(realm, defrealm);

}

if (!k_isrealm(realm)) {

fprintf(stderr, "%s: Bad kerberos realm name \"%s\"\n",

@@ -152,6 +156,13 @@ main(int argc, char **argv)

exit (-1);

}

+ if (krb_get_admhst(admin, realm, 1) != KSUCCESS) {

+ fprintf (stderr, "Couldn't get admin server.\n");

+ exit (-1);

+ }

+ if ((dot = strchr(admin, '.')) != NULL)

+ *dot = '\0';

/* Initialize non shared random sequence */

des_init_random_number_generator(&master_key);

@@ -159,7 +170,7 @@ main(int argc, char **argv)

add_principal(KERB_M_NAME, KERB_M_INST, MASTER_KEY) ||

add_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, NULL_KEY) ||

add_principal("krbtgt", realm, RANDOM_KEY) ||

- add_principal("changepw", KRB_MASTER, RANDOM_KEY)

+ add_principal("changepw", admin, RANDOM_KEY)

) {

fprintf(stderr, "\n%s: couldn't initialize database.\n",

progname);

diff --git a/kerberosIV/kprop/kprop.c b/kerberosIV/kprop/kprop.c
index 426a05afc23..b0d6a58aa8d 100644
--- a/kerberosIV/kprop/kprop.c
+++ b/kerberosIV/kprop/kprop.c

@@ -1,4 +1,4 @@

-/* $Id: kprop.c,v 1.1 1995/12/14 06:52:49 tholo Exp $ */

+/* $Id: kprop.c,v 1.2 1995/12/14 08:43:48 tholo Exp $ */

/*-

@@ -126,6 +126,7 @@ int get_slaves(struct slave_host **psl, char *file, time_t ok_mtime)

static int

prop_to_slaves(struct slave_host *sl, int fd, char *fslv)

{

+ char *dot, admin[MAXHOSTNAMELEN];

char buf[KPROP_BUFSIZ];

char obuf[KPROP_BUFSIZ + 64 /* leave room for private msg overhead */ ];

struct servent *sp;

@@ -215,11 +216,18 @@ prop_to_slaves(struct slave_host *sl, int fd, char *fslv)

/* copy it to make sure gethostbyname static doesn't

* screw us. */

strcpy (kprop_service_instance, p_my_host_name);

+ if (krb_get_admhst(admin, my_realm, 1) != KSUCCESS) {

+ fprintf (stderr, "Could not get admin host.\n");

+ break;

+ }

+ if ((dot = strchr(admin, '.')) != NULL)

+ *dot = '\0';

kerror = krb_get_svc_in_tkt (KPROP_SERVICE_NAME,

#if 0

kprop_service_instance,

#else

- KRB_MASTER,

+ admin,

#endif

my_realm,

TGT_SERVICE_NAME,

diff --git a/kerberosIV/kpropd/kpropd.c b/kerberosIV/kpropd/kpropd.c
index 0fb488327b6..4e27c37fc3a 100644
--- a/kerberosIV/kpropd/kpropd.c
+++ b/kerberosIV/kpropd/kpropd.c

@@ -1,4 +1,4 @@

-/* $Id: kpropd.c,v 1.1 1995/12/14 06:52:52 tholo Exp $ */

+/* $Id: kpropd.c,v 1.2 1995/12/14 08:43:50 tholo Exp $ */

/*-

@@ -14,6 +14,7 @@

#include <slav_locl.h>

#include <kprop.h>

+#include <sys/param.h>

static char *kdb_util_path = "kdb_util";

@@ -138,7 +139,8 @@ main(int argc, char **argv)

char local_file[256];

char local_temp[256];

struct hostent *hp;

- char hostname[256];

+ char *dot, admin[MAXHOSTNAMELEN];

+ char hostname[MAXHOSTNAMELEN];

char from_str[128];

long kerror;

AUTH_DAT auth_dat;

@@ -315,9 +317,15 @@ main(int argc, char **argv)

/* AUTHORIZATION is done here. We might want to expand this to

* read an acl file at some point, but allowing for now

* KPROP_SERVICE_NAME.KRB_MASTER@local-realm is fine ... */

+ if (krb_get_admhst(admin, my_realm, 1) != KSUCCESS) {

+ klog (L_KRB_PERR, "Unable to get admin host");

+ SlowDeath();

+ }

+ if ((dot = strchr(admin, '.')) != NULL)

+ *dot = '\0';

if ((strcmp (KPROP_SERVICE_NAME, auth_dat.pname) != 0) ||

- (strcmp (KRB_MASTER, auth_dat.pinst) != 0) ||

+ (strcmp (admin, auth_dat.pinst) != 0) ||

(strcmp (my_realm, auth_dat.prealm) != 0)) {

klog (L_KRB_PERR, "Authorization denied!");

SlowDeath();

diff --git a/kerberosIV/krb/decomp_ticket.c b/kerberosIV/krb/decomp_ticket.c
index 00b95910230..a0de714ccbe 100644
--- a/kerberosIV/krb/decomp_ticket.c
+++ b/kerberosIV/krb/decomp_ticket.c

@@ -35,8 +35,7 @@ or implied warranty.

* fills in values for its arguments.

* Note: if the client realm field in the ticket is the null string,

- * then the "prealm" variable is filled in with the local realm (as

- * defined by KRB_REALM).

+ * then the "prealm" variable is filled in with the local realm.

* If the ticket byte order is different than the host's byte order

* (as indicated by the byte order bit of the "flags" field), then

@@ -103,8 +102,8 @@ decomp_ticket(tkt, flags, pname, pinstance, prealm, paddress, session,

(void) strcpy(prealm,ptr); /* realm */

ptr += strlen(prealm) + 1;

/* temporary hack until realms are dealt with properly */

- if (*prealm == 0)

- (void) strcpy(prealm,KRB_REALM);

+ if (*prealm == 0 && krb_get_lrealm(prealm, 1) != KSUCCESS)

+ return(KFAILURE);

bcopy(ptr,(char *)paddress,4); /* net address */

ptr += 4;

diff --git a/kerberosIV/krb/get_krbhst.c b/kerberosIV/krb/get_krbhst.c
index 9d396af4815..14493581e44 100644
--- a/kerberosIV/krb/get_krbhst.c
+++ b/kerberosIV/krb/get_krbhst.c

@@ -38,10 +38,8 @@ or implied warranty.

* returns (in h) the nth entry from the configuration file (KRB_CONF,

* defined in "krb.h") associated with the specified realm.

- * On end-of-file, krb_get_krbhst returns KFAILURE. If n=1 and the

- * configuration file does not exist, krb_get_krbhst will return KRB_HOST

- * (also defined in "krb.h"). If all goes well, the routine returnes

- * KSUCCESS.

+ * On end-of-file, krb_get_krbhst returns KFAILURE. If all goes well,

+ * the routine returns KSUCCESS.

* The KRB_CONF file contains the name of the local realm in the first

* line (not used by this routine), followed by lines indicating realm/host

@@ -78,12 +76,7 @@ krb_get_krbhst(h, r, n)

strncat(tbuf, "/krb.conf", sizeof(tbuf));

tbuf[sizeof(tbuf)-1] = 0;

if ((cnffile = fopen(tbuf,"r")) == NULL)

- if (n==1) {

- (void) strcpy(h,KRB_HOST);

- return(KSUCCESS);

- }

- else

- return(KFAILURE);

+ return(KFAILURE);

}

if (fscanf(cnffile,"%s",tr) == EOF)

return(KFAILURE);

diff --git a/kerberosIV/krb/get_krbrlm.c b/kerberosIV/krb/get_krbrlm.c
index a3a9a625833..4d67382ed1b 100644
--- a/kerberosIV/krb/get_krbrlm.c
+++ b/kerberosIV/krb/get_krbrlm.c

@@ -33,9 +33,7 @@ or implied warranty.

* krb_get_lrealm takes a pointer to a string, and a number, n. It fills

* in the string, r, with the name of the nth realm specified on the

* first line of the kerberos config file (KRB_CONF, defined in "krb.h").

- * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the

- * config file does not exist, and if n=1, a successful return will occur

- * with r = KRB_REALM (also defined in "krb.h").

+ * It returns 0 (KSUCCESS) on success, and KFAILURE on failure.

* NOTE: for archaic & compatibility reasons, this routine will only return

* valid results when n = 1.

@@ -61,12 +59,7 @@ krb_get_lrealm(r, n)

strncat(tbuf, "/krb.conf", sizeof(tbuf));

tbuf[sizeof(tbuf)-1] = 0;

if ((cnffile = fopen(tbuf,"r")) == NULL)

- if (n == 1) {

- (void) strcpy(r, KRB_REALM);

- return(KSUCCESS);

- }

- else

- return(KFAILURE);

+ return(KFAILURE);

}

if (fscanf(cnffile,"%s",r) != 1) {

diff --git a/kerberosIV/krb/get_pw_tkt.c b/kerberosIV/krb/get_pw_tkt.c
index 0e459a3c6d7..d2dbf5ee2e1 100644
--- a/kerberosIV/krb/get_pw_tkt.c
+++ b/kerberosIV/krb/get_pw_tkt.c

@@ -28,6 +28,7 @@ or implied warranty.

#include "krb_locl.h"

+#include <sys/param.h>

* Get a ticket for the password-changing server ("changepw.KRB_MASTER").

@@ -66,17 +67,23 @@ get_pw_tkt(user, instance, realm, cpw)

char *realm;

char *cpw;

{

+ char *dot, admin[MAXHOSTNAMELEN];

int kerror;

+ if ((kerror = krb_get_admhst(admin, realm, 1)) != KSUCCESS)

+ return(GT_PW_BADPW);

+ if ((dot = strchr(admin, '.')) != NULL)

+ *dot = '\0';

kerror = krb_get_pw_in_tkt(user, instance, realm, "changepw",

- KRB_MASTER, 1, cpw);

+ admin, 1, cpw);

if (kerror == INTK_BADPW)

return(GT_PW_BADPW);

if (kerror == KDC_NULL_KEY) {

kerror = krb_get_pw_in_tkt("default","changepw",realm,"changepw",

- KRB_MASTER,1,"changepwkrb");

+ admin,1,"changepwkrb");

if (kerror)

return(kerror);

return(GT_PW_NULL);

diff --git a/kerberosIV/ksrvutil/ksrvutil.c b/kerberosIV/ksrvutil/ksrvutil.c
index 3187db7e32f..32486110522 100644
--- a/kerberosIV/ksrvutil/ksrvutil.c
+++ b/kerberosIV/ksrvutil/ksrvutil.c

@@ -1,4 +1,4 @@

-/* $Id: ksrvutil.c,v 1.1 1995/12/14 06:52:53 tholo Exp $ */

+/* $Id: ksrvutil.c,v 1.2 1995/12/14 08:43:56 tholo Exp $ */

/*-

@@ -232,11 +232,17 @@ print_name(char *name, char *inst, char *realm)

static int

get_svc_new_key(unsigned char *new_key, char *sname, char *sinst, char *srealm, char *keyfile)

{

- int status = KADM_SUCCESS;

+ char *dot, admin[MAXHOSTNAMELEN];

+ int status;

+ if ((status = krb_get_admhst(admin, srealm, 1)) != KSUCCESS)

+ return(status);

+ if ((dot = strchr(admin, '.')) != NULL)

+ *dot = '\0';

+ status = KADM_SUCCESS;

if (((status = krb_get_svc_in_tkt(sname, sinst, srealm, PWSERV_NAME,

KADM_SINST, 1, keyfile)) == KSUCCESS) &&

- ((status = kadm_init_link("changepw", KRB_MASTER, srealm)) ==

+ ((status = kadm_init_link("changepw", admin, srealm)) ==

KADM_SUCCESS)) {

#ifdef NOENCRYPTION

(void) bzero((char *) new_key, sizeof(des_cblock));

@@ -323,8 +329,10 @@ main(int argc, char **argv)

krb_set_tkt_string(change_tkt);

/* This is used only as a default for adding keys */

- if (krb_get_lrealm(local_realm, 1) != KSUCCESS)

- (void) strcpy(local_realm, KRB_REALM);

+ if (krb_get_lrealm(local_realm, 1) != KSUCCESS) {

+ (void) fprintf(stderr, "%s: Unable to find local realm name\n", argv[0]);

+ exit(1);

+ }

for (i = 1; i < argc; i++) {

if (strcmp(argv[i], "-i") == 0)

@@ -593,7 +601,7 @@ ksrvutil_get()

char local_hostname[100];

if (krb_get_lrealm(local_realm, 1) != KSUCCESS)

- strcpy(local_realm, KRB_REALM);

+ strcpy(local_realm, "");

gethostname(local_hostname, sizeof(local_hostname));

strcpy(local_hostname, krb_get_phost(local_hostname));

do {