summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--kerberosV/src/lib/kafs/afssys.c2
-rw-r--r--kerberosV/src/lib/krb5/context.c164
2 files changed, 129 insertions, 37 deletions
diff --git a/kerberosV/src/lib/kafs/afssys.c b/kerberosV/src/lib/kafs/afssys.c
index d8d2c8afa3f..01e131f5b54 100644
--- a/kerberosV/src/lib/kafs/afssys.c
+++ b/kerberosV/src/lib/kafs/afssys.c
@@ -71,7 +71,7 @@ try_aix(void)
/*
* If we are root or running setuid don't trust AFSLIBPATH!
*/
- if (getuid() != 0 && !issuid() && (p = getenv("AFSLIBPATH")) != NULL)
+ if (getuid() != 0 && !issetugid() && (p = getenv("AFSLIBPATH")) != NULL)
strlcpy(path, p, sizeof(path));
else
snprintf(path, sizeof(path), "%s/afslib.so", LIBDIR);
diff --git a/kerberosV/src/lib/krb5/context.c b/kerberosV/src/lib/krb5/context.c
index 9512fe65e70..64162e38c79 100644
--- a/kerberosV/src/lib/krb5/context.c
+++ b/kerberosV/src/lib/krb5/context.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$KTH: context.c,v 1.59 2000/12/15 17:11:51 joda Exp $");
+RCSID("$KTH: context.c,v 1.71 2001/08/31 08:00:15 joda Exp $");
#define INIT_FIELD(C, T, E, D, F) \
(C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \
@@ -60,6 +60,7 @@ set_etypes (krb5_context context,
etypes = malloc((i+1) * sizeof(*etypes));
if (etypes == NULL) {
krb5_config_free_strings (etypes_str);
+ krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
for(j = 0, k = 0; j < i; j++) {
@@ -80,7 +81,9 @@ set_etypes (krb5_context context,
static krb5_error_code
init_context_from_config_file(krb5_context context)
{
+ krb5_error_code ret;
const char * tmp;
+
INIT_FIELD(context, time, max_skew, 5 * 60, "clockskew");
INIT_FIELD(context, time, kdc_timeout, 3, "kdc_timeout");
INIT_FIELD(context, int, max_retries, 3, "max_retries");
@@ -94,6 +97,9 @@ init_context_from_config_file(krb5_context context)
INIT_FIELD(context, string, default_keytab,
KEYTAB_DEFAULT, "default_keytab_name");
+ INIT_FIELD(context, string, default_keytab_modify,
+ KEYTAB_DEFAULT_MODIFY, "default_keytab_modify_name");
+
INIT_FIELD(context, string, time_fmt,
"%Y-%m-%dT%H:%M:%S", "time_format");
@@ -121,16 +127,31 @@ init_context_from_config_file(krb5_context context)
NULL);
memset(&addresses, 0, sizeof(addresses));
for(a = adr; a && *a; a++) {
- krb5_parse_address(context, *a, &addresses);
- krb5_add_extra_addresses(context, &addresses);
- krb5_free_addresses(context, &addresses);
+ ret = krb5_parse_address(context, *a, &addresses);
+ if (ret == 0) {
+ krb5_add_extra_addresses(context, &addresses);
+ krb5_free_addresses(context, &addresses);
+ }
+ }
+ krb5_config_free_strings(adr);
+
+ adr = krb5_config_get_strings(context, NULL,
+ "libdefaults",
+ "ignore_addresses",
+ NULL);
+ memset(&addresses, 0, sizeof(addresses));
+ for(a = adr; a && *a; a++) {
+ ret = krb5_parse_address(context, *a, &addresses);
+ if (ret == 0) {
+ krb5_add_ignore_addresses(context, &addresses);
+ krb5_free_addresses(context, &addresses);
+ }
}
krb5_config_free_strings(adr);
}
INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces");
INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup");
- INIT_FIELD(context, bool, srv_try_txt, FALSE, "srv_try_txt");
INIT_FIELD(context, int, fcache_vno, 0, "fcache_version");
context->cc_ops = NULL;
@@ -144,6 +165,8 @@ init_context_from_config_file(krb5_context context)
krb5_kt_register (context, &krb5_mkt_ops);
krb5_kt_register (context, &krb5_akf_ops);
krb5_kt_register (context, &krb4_fkt_ops);
+ krb5_kt_register (context, &krb5_srvtab_fkt_ops);
+ krb5_kt_register (context, &krb5_any_ops);
return 0;
}
@@ -163,12 +186,12 @@ krb5_init_context(krb5_context *context)
/* init error tables */
krb5_init_ets(p);
- if(!issuid())
+ if(!issetugid())
config_file = getenv("KRB5_CONFIG");
if (config_file == NULL)
config_file = krb5_config_file;
- ret = krb5_config_parse_file (config_file, &tmp_cf);
+ ret = krb5_config_parse_file (p, config_file, &tmp_cf);
if (ret == 0)
p->cf = tmp_cf;
@@ -191,18 +214,23 @@ krb5_init_context(krb5_context *context)
void
krb5_free_context(krb5_context context)
{
- int i;
+ int i;
- free(context->etypes);
- free(context->etypes_des);
- krb5_free_host_realm (context, context->default_realms);
- krb5_config_file_free (context, context->cf);
- free_error_table (context->et_list);
- for(i = 0; i < context->num_cc_ops; ++i)
- free(context->cc_ops[i].prefix);
- free(context->cc_ops);
- free(context->kt_types);
- free(context);
+ free(context->etypes);
+ free(context->etypes_des);
+ krb5_free_host_realm (context, context->default_realms);
+ krb5_config_file_free (context, context->cf);
+ free_error_table (context->et_list);
+ for(i = 0; i < context->num_cc_ops; ++i)
+ free(context->cc_ops[i].prefix);
+ free(context->cc_ops);
+ free(context->kt_types);
+ krb5_clear_error_string(context);
+ if(context->warn_dest != NULL)
+ krb5_closelog(context, context->warn_dest);
+ krb5_set_extra_addresses(context, NULL);
+ krb5_set_ignore_addresses(context, NULL);
+ free(context);
}
/*
@@ -210,7 +238,7 @@ krb5_free_context(krb5_context context)
*/
static krb5_error_code
-default_etypes(krb5_enctype **etype)
+default_etypes(krb5_context context, krb5_enctype **etype)
{
krb5_enctype p[] = {
ETYPE_DES3_CBC_SHA1,
@@ -221,9 +249,12 @@ default_etypes(krb5_enctype **etype)
ETYPE_DES_CBC_CRC,
ETYPE_NULL
};
+
*etype = malloc(sizeof(p));
- if(*etype == NULL)
+ if(*etype == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
+ }
memcpy(*etype, p, sizeof(p));
return 0;
}
@@ -236,14 +267,18 @@ krb5_set_default_in_tkt_etypes(krb5_context context,
krb5_enctype *p = NULL;
if(etypes) {
- i = 0;
- while(etypes[i])
- if(!krb5_enctype_valid(context, etypes[i++]))
+ for (i = 0; etypes[i]; ++i)
+ if(!krb5_enctype_valid(context, etypes[i])) {
+ krb5_set_error_string(context, "enctype %d not supported",
+ etypes[i]);
return KRB5_PROG_ETYPE_NOSUPP;
+ }
++i;
ALLOC(p, i);
- if(!p)
+ if(!p) {
+ krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
+ }
memmove(p, etypes, i * sizeof(krb5_enctype));
}
if(context->etypes)
@@ -259,17 +294,22 @@ krb5_get_default_in_tkt_etypes(krb5_context context,
{
krb5_enctype *p;
int i;
+ krb5_error_code ret;
if(context->etypes) {
for(i = 0; context->etypes[i]; i++);
++i;
ALLOC(p, i);
- if(!p)
+ if(!p) {
+ krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
+ }
memmove(p, context->etypes, i * sizeof(krb5_enctype));
- } else
- if(default_etypes(&p))
- return ENOMEM;
+ } else {
+ ret = default_etypes(context, &p);
+ if (ret)
+ return ret;
+ }
*etypes = p;
return 0;
}
@@ -287,9 +327,10 @@ void
krb5_init_ets(krb5_context context)
{
if(context->et_list == NULL){
- initialize_krb5_error_table_r(&context->et_list);
- initialize_asn1_error_table_r(&context->et_list);
- initialize_heim_error_table_r(&context->et_list);
+ krb5_add_et_list(context, initialize_krb5_error_table_r);
+ krb5_add_et_list(context, initialize_asn1_error_table_r);
+ krb5_add_et_list(context, initialize_heim_error_table_r);
+ krb5_add_et_list(context, initialize_k524_error_table_r);
}
}
@@ -319,14 +360,22 @@ krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
krb5_error_code
krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
{
- if(context->extra_addresses) {
+ if(context->extra_addresses)
krb5_free_addresses(context, context->extra_addresses);
- free(context->extra_addresses);
+
+ if(addresses == NULL) {
+ if(context->extra_addresses != NULL) {
+ free(context->extra_addresses);
+ context->extra_addresses = NULL;
+ }
+ return 0;
}
if(context->extra_addresses == NULL) {
context->extra_addresses = malloc(sizeof(*context->extra_addresses));
- if(context->extra_addresses == NULL)
+ if(context->extra_addresses == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
+ }
}
return krb5_copy_addresses(context, addresses, context->extra_addresses);
}
@@ -338,7 +387,50 @@ krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses)
memset(addresses, 0, sizeof(*addresses));
return 0;
}
- return copy_HostAddresses(context->extra_addresses, addresses);
+ return krb5_copy_addresses(context,context->extra_addresses, addresses);
+}
+
+krb5_error_code
+krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses)
+{
+
+ if(context->ignore_addresses)
+ return krb5_append_addresses(context,
+ context->ignore_addresses, addresses);
+ else
+ return krb5_set_ignore_addresses(context, addresses);
+}
+
+krb5_error_code
+krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses)
+{
+ if(context->ignore_addresses)
+ krb5_free_addresses(context, context->ignore_addresses);
+ if(addresses == NULL) {
+ if(context->ignore_addresses != NULL) {
+ free(context->ignore_addresses);
+ context->ignore_addresses = NULL;
+ }
+ return 0;
+ }
+ if(context->ignore_addresses == NULL) {
+ context->ignore_addresses = malloc(sizeof(*context->ignore_addresses));
+ if(context->ignore_addresses == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ }
+ return krb5_copy_addresses(context, addresses, context->ignore_addresses);
+}
+
+krb5_error_code
+krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses)
+{
+ if(context->ignore_addresses == NULL) {
+ memset(addresses, 0, sizeof(*addresses));
+ return 0;
+ }
+ return krb5_copy_addresses(context, context->ignore_addresses, addresses);
}
krb5_error_code