diff options
-rw-r--r-- | kerberosV/src/lib/kafs/afssys.c | 2 | ||||
-rw-r--r-- | kerberosV/src/lib/krb5/context.c | 164 |
2 files changed, 129 insertions, 37 deletions
diff --git a/kerberosV/src/lib/kafs/afssys.c b/kerberosV/src/lib/kafs/afssys.c index d8d2c8afa3f..01e131f5b54 100644 --- a/kerberosV/src/lib/kafs/afssys.c +++ b/kerberosV/src/lib/kafs/afssys.c @@ -71,7 +71,7 @@ try_aix(void) /* * If we are root or running setuid don't trust AFSLIBPATH! */ - if (getuid() != 0 && !issuid() && (p = getenv("AFSLIBPATH")) != NULL) + if (getuid() != 0 && !issetugid() && (p = getenv("AFSLIBPATH")) != NULL) strlcpy(path, p, sizeof(path)); else snprintf(path, sizeof(path), "%s/afslib.so", LIBDIR); diff --git a/kerberosV/src/lib/krb5/context.c b/kerberosV/src/lib/krb5/context.c index 9512fe65e70..64162e38c79 100644 --- a/kerberosV/src/lib/krb5/context.c +++ b/kerberosV/src/lib/krb5/context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$KTH: context.c,v 1.59 2000/12/15 17:11:51 joda Exp $"); +RCSID("$KTH: context.c,v 1.71 2001/08/31 08:00:15 joda Exp $"); #define INIT_FIELD(C, T, E, D, F) \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ @@ -60,6 +60,7 @@ set_etypes (krb5_context context, etypes = malloc((i+1) * sizeof(*etypes)); if (etypes == NULL) { krb5_config_free_strings (etypes_str); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } for(j = 0, k = 0; j < i; j++) { @@ -80,7 +81,9 @@ set_etypes (krb5_context context, static krb5_error_code init_context_from_config_file(krb5_context context) { + krb5_error_code ret; const char * tmp; + INIT_FIELD(context, time, max_skew, 5 * 60, "clockskew"); INIT_FIELD(context, time, kdc_timeout, 3, "kdc_timeout"); INIT_FIELD(context, int, max_retries, 3, "max_retries"); @@ -94,6 +97,9 @@ init_context_from_config_file(krb5_context context) INIT_FIELD(context, string, default_keytab, KEYTAB_DEFAULT, "default_keytab_name"); + INIT_FIELD(context, string, default_keytab_modify, + KEYTAB_DEFAULT_MODIFY, "default_keytab_modify_name"); + INIT_FIELD(context, string, time_fmt, "%Y-%m-%dT%H:%M:%S", "time_format"); @@ -121,16 +127,31 @@ init_context_from_config_file(krb5_context context) NULL); memset(&addresses, 0, sizeof(addresses)); for(a = adr; a && *a; a++) { - krb5_parse_address(context, *a, &addresses); - krb5_add_extra_addresses(context, &addresses); - krb5_free_addresses(context, &addresses); + ret = krb5_parse_address(context, *a, &addresses); + if (ret == 0) { + krb5_add_extra_addresses(context, &addresses); + krb5_free_addresses(context, &addresses); + } + } + krb5_config_free_strings(adr); + + adr = krb5_config_get_strings(context, NULL, + "libdefaults", + "ignore_addresses", + NULL); + memset(&addresses, 0, sizeof(addresses)); + for(a = adr; a && *a; a++) { + ret = krb5_parse_address(context, *a, &addresses); + if (ret == 0) { + krb5_add_ignore_addresses(context, &addresses); + krb5_free_addresses(context, &addresses); + } } krb5_config_free_strings(adr); } INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces"); INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup"); - INIT_FIELD(context, bool, srv_try_txt, FALSE, "srv_try_txt"); INIT_FIELD(context, int, fcache_vno, 0, "fcache_version"); context->cc_ops = NULL; @@ -144,6 +165,8 @@ init_context_from_config_file(krb5_context context) krb5_kt_register (context, &krb5_mkt_ops); krb5_kt_register (context, &krb5_akf_ops); krb5_kt_register (context, &krb4_fkt_ops); + krb5_kt_register (context, &krb5_srvtab_fkt_ops); + krb5_kt_register (context, &krb5_any_ops); return 0; } @@ -163,12 +186,12 @@ krb5_init_context(krb5_context *context) /* init error tables */ krb5_init_ets(p); - if(!issuid()) + if(!issetugid()) config_file = getenv("KRB5_CONFIG"); if (config_file == NULL) config_file = krb5_config_file; - ret = krb5_config_parse_file (config_file, &tmp_cf); + ret = krb5_config_parse_file (p, config_file, &tmp_cf); if (ret == 0) p->cf = tmp_cf; @@ -191,18 +214,23 @@ krb5_init_context(krb5_context *context) void krb5_free_context(krb5_context context) { - int i; + int i; - free(context->etypes); - free(context->etypes_des); - krb5_free_host_realm (context, context->default_realms); - krb5_config_file_free (context, context->cf); - free_error_table (context->et_list); - for(i = 0; i < context->num_cc_ops; ++i) - free(context->cc_ops[i].prefix); - free(context->cc_ops); - free(context->kt_types); - free(context); + free(context->etypes); + free(context->etypes_des); + krb5_free_host_realm (context, context->default_realms); + krb5_config_file_free (context, context->cf); + free_error_table (context->et_list); + for(i = 0; i < context->num_cc_ops; ++i) + free(context->cc_ops[i].prefix); + free(context->cc_ops); + free(context->kt_types); + krb5_clear_error_string(context); + if(context->warn_dest != NULL) + krb5_closelog(context, context->warn_dest); + krb5_set_extra_addresses(context, NULL); + krb5_set_ignore_addresses(context, NULL); + free(context); } /* @@ -210,7 +238,7 @@ krb5_free_context(krb5_context context) */ static krb5_error_code -default_etypes(krb5_enctype **etype) +default_etypes(krb5_context context, krb5_enctype **etype) { krb5_enctype p[] = { ETYPE_DES3_CBC_SHA1, @@ -221,9 +249,12 @@ default_etypes(krb5_enctype **etype) ETYPE_DES_CBC_CRC, ETYPE_NULL }; + *etype = malloc(sizeof(p)); - if(*etype == NULL) + if(*etype == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } memcpy(*etype, p, sizeof(p)); return 0; } @@ -236,14 +267,18 @@ krb5_set_default_in_tkt_etypes(krb5_context context, krb5_enctype *p = NULL; if(etypes) { - i = 0; - while(etypes[i]) - if(!krb5_enctype_valid(context, etypes[i++])) + for (i = 0; etypes[i]; ++i) + if(!krb5_enctype_valid(context, etypes[i])) { + krb5_set_error_string(context, "enctype %d not supported", + etypes[i]); return KRB5_PROG_ETYPE_NOSUPP; + } ++i; ALLOC(p, i); - if(!p) + if(!p) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } memmove(p, etypes, i * sizeof(krb5_enctype)); } if(context->etypes) @@ -259,17 +294,22 @@ krb5_get_default_in_tkt_etypes(krb5_context context, { krb5_enctype *p; int i; + krb5_error_code ret; if(context->etypes) { for(i = 0; context->etypes[i]; i++); ++i; ALLOC(p, i); - if(!p) + if(!p) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } memmove(p, context->etypes, i * sizeof(krb5_enctype)); - } else - if(default_etypes(&p)) - return ENOMEM; + } else { + ret = default_etypes(context, &p); + if (ret) + return ret; + } *etypes = p; return 0; } @@ -287,9 +327,10 @@ void krb5_init_ets(krb5_context context) { if(context->et_list == NULL){ - initialize_krb5_error_table_r(&context->et_list); - initialize_asn1_error_table_r(&context->et_list); - initialize_heim_error_table_r(&context->et_list); + krb5_add_et_list(context, initialize_krb5_error_table_r); + krb5_add_et_list(context, initialize_asn1_error_table_r); + krb5_add_et_list(context, initialize_heim_error_table_r); + krb5_add_et_list(context, initialize_k524_error_table_r); } } @@ -319,14 +360,22 @@ krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses) krb5_error_code krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses) { - if(context->extra_addresses) { + if(context->extra_addresses) krb5_free_addresses(context, context->extra_addresses); - free(context->extra_addresses); + + if(addresses == NULL) { + if(context->extra_addresses != NULL) { + free(context->extra_addresses); + context->extra_addresses = NULL; + } + return 0; } if(context->extra_addresses == NULL) { context->extra_addresses = malloc(sizeof(*context->extra_addresses)); - if(context->extra_addresses == NULL) + if(context->extra_addresses == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } } return krb5_copy_addresses(context, addresses, context->extra_addresses); } @@ -338,7 +387,50 @@ krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses) memset(addresses, 0, sizeof(*addresses)); return 0; } - return copy_HostAddresses(context->extra_addresses, addresses); + return krb5_copy_addresses(context,context->extra_addresses, addresses); +} + +krb5_error_code +krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses) +{ + + if(context->ignore_addresses) + return krb5_append_addresses(context, + context->ignore_addresses, addresses); + else + return krb5_set_ignore_addresses(context, addresses); +} + +krb5_error_code +krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses) +{ + if(context->ignore_addresses) + krb5_free_addresses(context, context->ignore_addresses); + if(addresses == NULL) { + if(context->ignore_addresses != NULL) { + free(context->ignore_addresses); + context->ignore_addresses = NULL; + } + return 0; + } + if(context->ignore_addresses == NULL) { + context->ignore_addresses = malloc(sizeof(*context->ignore_addresses)); + if(context->ignore_addresses == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + } + return krb5_copy_addresses(context, addresses, context->ignore_addresses); +} + +krb5_error_code +krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses) +{ + if(context->ignore_addresses == NULL) { + memset(addresses, 0, sizeof(*addresses)); + return 0; + } + return krb5_copy_addresses(context, context->ignore_addresses, addresses); } krb5_error_code |