diff options
Diffstat (limited to 'lib/krb5/keytab.c')
| -rw-r--r-- | lib/krb5/keytab.c | 56 |
1 files changed, 38 insertions, 18 deletions
diff --git a/lib/krb5/keytab.c b/lib/krb5/keytab.c index 4977a62f21c4..bcb3ed837331 100644 --- a/lib/krb5/keytab.c +++ b/lib/krb5/keytab.c @@ -250,8 +250,7 @@ static const char *default_ktname(krb5_context context) { const char *tmp = NULL; - if(!issuid()) - tmp = getenv("KRB5_KTNAME"); + tmp = secure_getenv("KRB5_KTNAME"); if(tmp != NULL) return tmp; return context->default_keytab; @@ -583,29 +582,31 @@ _krb5_kt_principal_not_found(krb5_context context, krb5_enctype enctype, int kvno) { - char princ[256], kvno_str[25], *kt_name; + char kvno_str[25]; char *enctype_str = NULL; + char *kt_name = NULL; + char *princ = NULL; - krb5_unparse_name_fixed (context, principal, princ, sizeof(princ)); - krb5_kt_get_full_name (context, id, &kt_name); + (void) krb5_unparse_name(context, principal, &princ); + (void) krb5_kt_get_full_name(context, id, &kt_name); if (enctype) - krb5_enctype_to_string(context, enctype, &enctype_str); + (void) krb5_enctype_to_string(context, enctype, &enctype_str); if (kvno) snprintf(kvno_str, sizeof(kvno_str), "(kvno %d)", kvno); else kvno_str[0] = '\0'; - krb5_set_error_message (context, ret, - N_("Failed to find %s%s in keytab %s (%s)", - "principal, kvno, keytab file, enctype"), - princ, - kvno_str, - kt_name ? kt_name : "unknown keytab", - enctype_str ? enctype_str : "unknown enctype"); + krb5_set_error_message(context, ret, + N_("Failed to find %s%s in keytab %s (%s)", + "principal, kvno, keytab file, enctype"), + princ ? princ : "<unknown>", + kvno_str, + kt_name ? kt_name : "unknown keytab", + enctype_str ? enctype_str : "unknown enctype"); + free(princ); free(kt_name); - if (enctype_str) - free(enctype_str); + free(enctype_str); return ret; } @@ -688,7 +689,8 @@ krb5_kt_get_entry(krb5_context context, krb5_name_canon_iterator name_canon_iter; if (!principal) - return krb5_kt_get_entry_wrapped(context, id, principal, kvno, enctype, + /* Use `NULL' instead of `principal' to quiet static analizers */ + return krb5_kt_get_entry_wrapped(context, id, NULL, kvno, enctype, entry); ret = krb5_name_canon_iterator_start(context, principal, &name_canon_iter); @@ -708,7 +710,7 @@ krb5_kt_get_entry(krb5_context context, enctype, entry); } while (ret == KRB5_KT_NOTFOUND && name_canon_iter); - if (ret != KRB5_KT_NOTFOUND) + if (ret && ret != KRB5_KT_NOTFOUND) krb5_set_error_message(context, ret, N_("Name canon failed while searching keytab", "")); @@ -828,6 +830,7 @@ krb5_kt_next_entry(krb5_context context, id->prefix); return HEIM_ERR_OPNOTSUPP; } + memset(entry, 0x0, sizeof(*entry)); return (*id->next_entry)(context, id, entry, cursor); } @@ -880,7 +883,8 @@ krb5_kt_add_entry(krb5_context context, id->prefix); return KRB5_KT_NOWRITE; } - entry->timestamp = time(NULL); + if (entry->timestamp == 0) + entry->timestamp = time(NULL); return (*id->add)(context, id,entry); } @@ -954,3 +958,19 @@ krb5_kt_have_content(krb5_context context, } return KRB5_KT_NOTFOUND; } + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_kt_client_default_name(krb5_context context, char **name) +{ + const char *tmp; + + tmp = secure_getenv("KRB5_CLIENT_KTNAME"); + if (tmp == NULL) + tmp = krb5_config_get_string(context, NULL, + "libdefaults", + "default_client_keytab_name", NULL); + if (tmp == NULL) + tmp = CLIENT_KEYTAB_DEFAULT; + + return _krb5_expand_path_tokens(context, tmp, 1, name); +} |