ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL pid_file_write(const char *progname) { const char *pidfile_dir = NULL; char *ret = NULL; FILE *fp; /* * Maybe we could have a version of this function (and pidfile()) * where we get a directory from the caller. That would allow us to * have command-line options for the daemons for this. * * For now we use an environment variable. */ if (!issuid()) pidfile_dir = getenv("HEIM_PIDFILE_DIR"); if (pidfile_dir == NULL) pidfile_dir = _PATH_VARRUN; if (asprintf(&ret, "%s%s.pid", pidfile_dir, progname) < 0 || ret == NULL) return NULL; fp = fopen(ret, "w"); if (fp == NULL) { free(ret); return NULL; } fprintf(fp, "%lu\n", (unsigned long)getpid()); fclose(fp); return ret; }
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_get_default_config_files(char ***pfilenames) { const char *files = NULL; if (pfilenames == NULL) return EINVAL; if(!issuid()) files = getenv("KRB5_CONFIG"); #ifdef _WIN32 if (files == NULL) { char * reg_files; reg_files = _krb5_get_default_config_config_files_from_registry(); if (reg_files != NULL) { krb5_error_code code; code = krb5_prepend_config_files(reg_files, NULL, pfilenames); free(reg_files); return code; } } #endif if (files == NULL) files = krb5_config_file; return krb5_prepend_config_files(files, NULL, pfilenames); }
static int try_aix(void) { #ifdef STATIC_AFS_SYSCALLS Pioctl = aix_pioctl; Setpag = aix_setpag; #else void *ptr; char path[MaxPathLen], *p; /* * If we are root or running setuid don't trust AFSLIBPATH! */ if (getuid() != 0 && !issuid() && (p = getenv("AFSLIBPATH")) != NULL) strlcpy(path, p, sizeof(path)); else snprintf(path, sizeof(path), "%s/afslib.so", LIBDIR); ptr = dlopen(path, RTLD_NOW); if(ptr == NULL) { if(_kafs_debug) { if(errno == ENOEXEC && (p = dlerror()) != NULL) fprintf(stderr, "dlopen(%s): %s\n", path, p); else if (errno != ENOENT) fprintf(stderr, "dlopen(%s): %s\n", path, strerror(errno)); } return 1; } Setpag = (int (*)(void))dlsym(ptr, "aix_setpag"); Pioctl = (int (*)(char*, int, struct ViceIoctl*, int))dlsym(ptr, "aix_pioctl"); #endif afs_entry_point = AIX_ENTRY_POINTS; return 0; }
const char * RAND_file_name(char *filename, size_t size) { const char *e = NULL; int pathp = 0, ret; if (!issuid()) { e = getenv("RANDFILE"); if (e == NULL) e = getenv("HOME"); if (e) pathp = 1; } #ifndef _WIN32 /* * Here we really want to call getpwuid(getuid()) but this will * cause recursive lookups if the nss library uses * gssapi/krb5/hcrypto to authenticate to the ldap servers. * * So at least return the unix /dev/random if we have one */ if (e == NULL) { int fd; fd = _hc_unix_device_fd(O_RDONLY, &e); if (fd >= 0) close(fd); } #else /* Win32 */ if (e == NULL) { char profile[MAX_PATH]; if (SHGetFolderPath(NULL, CSIDL_LOCAL_APPDATA, NULL, SHGFP_TYPE_CURRENT, profile) == S_OK) { ret = snprintf(filename, size, "%s\\.rnd", profile); if (ret > 0 && ret < size) return filename; } } #endif if (e == NULL) return NULL; if (pathp) ret = snprintf(filename, size, "%s/.rnd", e); else ret = snprintf(filename, size, "%s", e); if (ret <= 0 || ret >= size) return NULL; return filename; }
/* * Default ktname from context with possible environment * override */ static const char *default_ktname(krb5_context context) { const char *tmp = NULL; if(!issuid()) tmp = getenv("KRB5_KTNAME"); if(tmp != NULL) return tmp; return context->default_keytab; }
static int _expand_temp_folder(krb5_context context, PTYPE param, const char *postfix, char **ret) { const char *p = NULL; if (issuid()) p = getenv("TEMP"); if (p) *ret = strdup(p); else *ret = strdup("/tmp"); if (*ret == NULL) return ENOMEM; return 0; }
static krb5_error_code _expand_temp_folder(krb5_context context, PTYPE param, const char *postfix, char **ret) { const char *p = NULL; if (issuid()) p = getenv("TEMP"); if (p) *ret = strdup(p); else *ret = strdup("/tmp"); if (*ret == NULL) return krb5_enomem(context); return 0; }
static int get_user_file(const ntlm_name target_name, char **username, struct ntlm_buf *key) { const char *fn; if (issuid()) return ENOENT; fn = getenv("NTLM_USER_FILE"); if (fn == NULL) return ENOENT; if (from_file(fn, target_name->domain, username, key) == 0) return 0; return ENOENT; }
static krb5_error_code get_krb4_cc_name(const char *tkfile, char **cc) { *cc = NULL; if(tkfile == NULL) { char *path; if(!issuid()) { path = getenv("KRBTKFILE"); if (path) *cc = strdup(path); } if(*cc == NULL) if (asprintf(cc, "%s%u", TKT_ROOT, (unsigned)getuid()) < 0) return errno; } else { *cc = strdup(tkfile); if (*cc == NULL) return ENOMEM; } return 0; }
static int get_user_file(const ntlm_name target_name, char **domainp, char **usernamep, struct ntlm_buf *key) { const char *domain; const char *fn; *domainp = NULL; if (issuid()) return ENOENT; domain = target_name != NULL ? target_name->domain : NULL; fn = getenv("NTLM_USER_FILE"); if (fn == NULL) return ENOENT; if (from_file(fn, domain, domainp, usernamep, key) == 0) return 0; return ENOENT; }
int main(int argc, char **argv) { int i, optidx = 0; char *su_user; struct passwd *su_info; struct passwd *login_info; struct passwd *pwd; char *shell; int ok = 0; setprogname (argv[0]); if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) usage(1); for (i=0; i < optidx; i++) if (strcmp(argv[i], "-") == 0) { full_login = 1; break; } if(help_flag) usage(0); if(version_flag) { print_version(NULL); exit(0); } if(optidx >= argc) su_user = "******"; else su_user = argv[optidx++]; if (!issuid() && getuid() != 0) warnx("Not setuid and you are not root, expect this to fail"); pwd = k_getpwnam(su_user); if(pwd == NULL) errx (1, "unknown login %s", su_user); if (pwd->pw_uid == 0 && strcmp ("root", su_user) != 0) { syslog (LOG_ALERT, "NIS attack, user %s has uid 0", su_user); errx (1, "unknown login %s", su_user); } su_info = dup_info(pwd); if (su_info == NULL) errx (1, "malloc: out of memory"); pwd = getpwuid(getuid()); if(pwd == NULL) errx(1, "who are you?"); login_info = dup_info(pwd); if (login_info == NULL) errx (1, "malloc: out of memory"); if(env_flag) shell = login_info->pw_shell; else shell = su_info->pw_shell; if(shell == NULL || *shell == '\0') shell = _PATH_BSHELL; #ifdef KRB5 if(kerberos_flag && ok == 0 && krb5_verify(login_info, su_info, kerberos_instance) == 0) ok = 5; #endif if(ok == 0 && login_info->pw_uid && verify_unix(login_info, su_info) != 0) { printf("Sorry!\n"); exit(1); } #ifdef HAVE_GETSPNAM { struct spwd *sp; long today; sp = getspnam(su_info->pw_name); if (sp != NULL) { today = time(0)/(24L * 60 * 60); if (sp->sp_expire > 0) { if (today >= sp->sp_expire) { if (login_info->pw_uid) errx(1,"Your account has expired."); else printf("Your account has expired."); } else if (sp->sp_expire - today < 14) printf("Your account will expire in %d days.\n", (int)(sp->sp_expire - today)); } if (sp->sp_max > 0) { if (today >= sp->sp_lstchg + sp->sp_max) { if (login_info->pw_uid) errx(1,"Your password has expired. Choose a new one."); else printf("Your password has expired. Choose a new one."); } else if (today >= sp->sp_lstchg + sp->sp_max - sp->sp_warn) printf("Your account will expire in %d days.\n", (int)(sp->sp_lstchg + sp->sp_max -today)); } } } #endif { char *tty = ttyname (STDERR_FILENO); if (tty) syslog (LOG_NOTICE | LOG_AUTH, "%s to %s on %s", login_info->pw_name, su_info->pw_name, tty); else syslog (LOG_NOTICE | LOG_AUTH, "%s to %s", login_info->pw_name, su_info->pw_name); } if(!env_flag) { if(full_login) { char *t = getenv ("TERM"); char **newenv = NULL; int j; i = read_environment(_PATH_ETC_ENVIRONMENT, &newenv); environ = malloc ((10 + i) * sizeof (char *)); if (environ == NULL) err (1, "malloc"); environ[0] = NULL; for (j = 0; j < i; j++) { char *p = strchr(newenv[j], '='); if (p == NULL) errx(1, "environment '%s' missing '='", newenv[j]); *p++ = 0; esetenv (newenv[j], p, 1); } free(newenv); esetenv ("PATH", _PATH_DEFPATH, 1); if (t) esetenv ("TERM", t, 1); if (chdir (su_info->pw_dir) < 0) errx (1, "no directory"); } if (full_login || su_info->pw_uid) esetenv ("USER", su_info->pw_name, 1); esetenv("HOME", su_info->pw_dir, 1); esetenv("SHELL", shell, 1); } { char **new_argv; char *p; p = strrchr(shell, '/'); if(p) p++; else p = shell; if (strcmp(p, "csh") != 0) csh_f_flag = 0; new_argv = malloc(((cmd ? 2 : 0) + 1 + argc - optidx + 1 + csh_f_flag) * sizeof(*new_argv)); if (new_argv == NULL) err (1, "malloc"); i = 0; if(full_login) { if (asprintf(&new_argv[i++], "-%s", p) == -1) errx (1, "malloc"); } else new_argv[i++] = p; if (cmd) { new_argv[i++] = "-c"; new_argv[i++] = cmd; } if (csh_f_flag) new_argv[i++] = "-f"; for (argv += optidx; *argv; ++argv) new_argv[i++] = *argv; new_argv[i] = NULL; if(setgid(su_info->pw_gid) < 0) err(1, "setgid"); if (initgroups (su_info->pw_name, su_info->pw_gid) < 0) err (1, "initgroups"); if(setuid(su_info->pw_uid) < 0 || (su_info->pw_uid != 0 && setuid(0) == 0)) err(1, "setuid"); #ifdef KRB5 if (ok == 5) krb5_start_session(); #endif execve(shell, new_argv, environ); } exit(1); }
krb5_error_code KRB5_LIB_FUNCTION krb5_config_parse_file_multi (krb5_context context, const char *fname, krb5_config_section **res) { const char *str; char *newfname = NULL; unsigned lineno = 0; krb5_error_code ret; struct fileptr f; /** * If the fname starts with "~/" parse configuration file in the * current users home directory. The behavior can be disabled and * enabled by calling krb5_set_home_dir_access(). */ if (_krb5_homedir_access(context) && fname[0] == '~' && fname[1] == '/') { const char *home = NULL; if(!issuid()) home = getenv("HOME"); if (home == NULL) { struct passwd *pw = getpwuid(getuid()); if(pw != NULL) home = pw->pw_dir; } if (home) { asprintf(&newfname, "%s%s", home, &fname[1]); if (newfname == NULL) { krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } fname = newfname; } } f.f = fopen(fname, "r"); f.s = NULL; if(f.f == NULL) { ret = errno; krb5_set_error_message (context, ret, "open %s: %s", fname, strerror(ret)); if (newfname) free(newfname); return ret; } ret = krb5_config_parse_debug (&f, res, &lineno, &str); fclose(f.f); if (ret) { krb5_set_error_message (context, ret, "%s:%u: %s", fname, lineno, str); if (newfname) free(newfname); return ret; } if (newfname) free(newfname); return 0; }
static krb5_error_code get_ccache(krb5_context context, int *destroy, krb5_ccache *id) { krb5_principal principal = NULL; krb5_error_code ret; krb5_keytab kt = NULL; *id = NULL; if (!issuid()) { const char *cache; cache = getenv("NTLM_ACCEPTOR_CCACHE"); if (cache) { ret = krb5_cc_resolve(context, cache, id); if (ret) goto out; return 0; } } ret = krb5_sname_to_principal(context, NULL, "host", KRB5_NT_SRV_HST, &principal); if (ret) goto out; ret = krb5_cc_cache_match(context, principal, id); if (ret == 0) return 0; /* did not find in default credcache, lets try default keytab */ ret = krb5_kt_default(context, &kt); if (ret) goto out; /* XXX check in keytab */ { krb5_get_init_creds_opt *opt; krb5_creds cred; memset(&cred, 0, sizeof(cred)); ret = krb5_cc_new_unique(context, "MEMORY", NULL, id); if (ret) goto out; *destroy = 1; ret = krb5_get_init_creds_opt_alloc(context, &opt); if (ret) goto out; ret = krb5_get_init_creds_keytab (context, &cred, principal, kt, 0, NULL, opt); krb5_get_init_creds_opt_free(context, opt); if (ret) goto out; ret = krb5_cc_initialize (context, *id, cred.client); if (ret) { krb5_free_cred_contents (context, &cred); goto out; } ret = krb5_cc_store_cred (context, *id, &cred); krb5_free_cred_contents (context, &cred); if (ret) goto out; } krb5_kt_close(context, kt); return 0; out: if (*id) { if (*destroy) krb5_cc_destroy(context, *id); else krb5_cc_close(context, *id); *id = NULL; } if (kt) krb5_kt_close(context, kt); if (principal) krb5_free_principal(context, principal); return ret; }
static krb5_error_code init_context_from_config_file(krb5_context context) { krb5_error_code ret; const char * tmp; char **s; krb5_enctype *tmptypes; INIT_FIELD(context, time, max_skew, 5 * 60, "clockskew"); INIT_FIELD(context, time, kdc_timeout, 30, "kdc_timeout"); INIT_FIELD(context, time, host_timeout, 3, "host_timeout"); INIT_FIELD(context, int, max_retries, 3, "max_retries"); INIT_FIELD(context, string, http_proxy, NULL, "http_proxy"); ret = krb5_config_get_bool_default(context, NULL, FALSE, "libdefaults", "allow_weak_crypto", NULL); if (ret) { krb5_enctype_enable(context, ETYPE_DES_CBC_CRC); krb5_enctype_enable(context, ETYPE_DES_CBC_MD4); krb5_enctype_enable(context, ETYPE_DES_CBC_MD5); krb5_enctype_enable(context, ETYPE_DES_CBC_NONE); krb5_enctype_enable(context, ETYPE_DES_CFB64_NONE); krb5_enctype_enable(context, ETYPE_DES_PCBC_NONE); } ret = set_etypes (context, "default_etypes", &tmptypes); if(ret) return ret; free(context->etypes); context->etypes = tmptypes; ret = set_etypes (context, "default_etypes_des", &tmptypes); if(ret) return ret; free(context->etypes_des); context->etypes_des = tmptypes; ret = set_etypes (context, "default_as_etypes", &tmptypes); if(ret) return ret; free(context->as_etypes); context->as_etypes = tmptypes; ret = set_etypes (context, "default_tgs_etypes", &tmptypes); if(ret) return ret; free(context->tgs_etypes); context->tgs_etypes = tmptypes; ret = set_etypes (context, "permitted_enctypes", &tmptypes); if(ret) return ret; free(context->permitted_enctypes); context->permitted_enctypes = tmptypes; /* default keytab name */ tmp = NULL; if(!issuid()) tmp = getenv("KRB5_KTNAME"); if(tmp != NULL) context->default_keytab = tmp; else INIT_FIELD(context, string, default_keytab, KEYTAB_DEFAULT, "default_keytab_name"); INIT_FIELD(context, string, default_keytab_modify, NULL, "default_keytab_modify_name"); INIT_FIELD(context, string, time_fmt, "%Y-%m-%dT%H:%M:%S", "time_format"); INIT_FIELD(context, string, date_fmt, "%Y-%m-%d", "date_format"); INIT_FIELD(context, bool, log_utc, FALSE, "log_utc"); /* init dns-proxy slime */ tmp = krb5_config_get_string(context, NULL, "libdefaults", "dns_proxy", NULL); if(tmp) roken_gethostby_setup(context->http_proxy, tmp); krb5_free_host_realm (context, context->default_realms); context->default_realms = NULL; { krb5_addresses addresses; char **adr, **a; krb5_set_extra_addresses(context, NULL); adr = krb5_config_get_strings(context, NULL, "libdefaults", "extra_addresses", NULL); memset(&addresses, 0, sizeof(addresses)); for(a = adr; a && *a; a++) { ret = krb5_parse_address(context, *a, &addresses); if (ret == 0) { krb5_add_extra_addresses(context, &addresses); krb5_free_addresses(context, &addresses); } } krb5_config_free_strings(adr); krb5_set_ignore_addresses(context, NULL); adr = krb5_config_get_strings(context, NULL, "libdefaults", "ignore_addresses", NULL); memset(&addresses, 0, sizeof(addresses)); for(a = adr; a && *a; a++) { ret = krb5_parse_address(context, *a, &addresses); if (ret == 0) { krb5_add_ignore_addresses(context, &addresses); krb5_free_addresses(context, &addresses); } } krb5_config_free_strings(adr); } INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces"); INIT_FIELD(context, int, fcache_vno, 0, "fcache_version"); /* prefer dns_lookup_kdc over srv_lookup. */ INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup"); INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc"); INIT_FIELD(context, int, large_msg_size, 1400, "large_message_size"); INIT_FIELD(context, int, max_msg_size, 1000 * 1024, "maximum_message_size"); INIT_FLAG(context, flags, KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME, TRUE, "dns_canonicalize_hostname"); INIT_FLAG(context, flags, KRB5_CTX_F_CHECK_PAC, TRUE, "check_pac"); if (context->default_cc_name) free(context->default_cc_name); context->default_cc_name = NULL; context->default_cc_name_set = 0; s = krb5_config_get_strings(context, NULL, "logging", "krb5", NULL); if(s) { char **p; if (context->debug_dest) krb5_closelog(context, context->debug_dest); krb5_initlog(context, "libkrb5", &context->debug_dest); for(p = s; *p; p++) krb5_addlog_dest(context, context->debug_dest, *p); krb5_config_free_strings(s); } tmp = krb5_config_get_string(context, NULL, "libdefaults", "check-rd-req-server", NULL); if (tmp == NULL && !issuid()) tmp = getenv("KRB5_CHECK_RD_REQ_SERVER"); if(tmp) { if (strcasecmp(tmp, "ignore") == 0) context->flags |= KRB5_CTX_F_RD_REQ_IGNORE; } ret = krb5_config_get_bool_default(context, NULL, TRUE, "libdefaults", "fcache_strict_checking", NULL); if (ret) context->flags |= KRB5_CTX_F_FCACHE_STRICT_CHECKING; return 0; }
int main(void) { char buf[MAX_PATH * 2]; #ifndef WIN32 char buf2[MAX_PATH * 2]; int ret = 0; if (!issuid() && getuid() != 0) { if (getenv("USER") != NULL && strlen(getenv("USER")) != 0 && strcmp(getenv("USER"), roken_get_username(buf, sizeof(buf))) != 0) { warnx("roken_get_username() != getenv(\"USER\")"); ret++; } if (getenv("HOME") != NULL && strlen(getenv("HOME")) != 0 && strcmp(getenv("HOME"), roken_get_homedir(buf, sizeof(buf))) != 0) { warnx("roken_get_homedir() != getenv(\"HOME\")"); ret++; } if (getenv("HOME") != NULL && strlen(getenv("HOME")) != 0 && strcmp(roken_get_appdatadir(buf, sizeof(buf)), roken_get_homedir(buf2, sizeof(buf2))) != 0) { warnx("roken_get_homedir() != roken_get_appdatadir()"); ret++; } if (getenv("SHELL") != NULL && strlen(getenv("SHELL")) != 0 && strcmp(getenv("SHELL"), roken_get_shell(buf, sizeof(buf))) != 0) { warnx("roken_get_shell() != getenv(\"SHELL\")"); ret++; } } #endif printf("Username:\t%s\n", roken_get_username(buf, sizeof(buf))); printf("Home:\t\t%s\n", roken_get_homedir(buf, sizeof(buf))); printf("Appdatadir:\t%s\n", roken_get_appdatadir(buf, sizeof(buf))); printf("Shell:\t\t%s\n", roken_get_shell(buf, sizeof(buf))); #ifndef WIN32 if (!issuid() && getuid() != 0) { putenv("USER=h5lfoouser"); putenv("HOME=/no/such/dir/h5lfoouser"); putenv("SHELL=/no/such/shell"); if (strcmp("h5lfoouser", roken_get_username(buf, sizeof(buf))) != 0) { warnx("roken_get_username() (%s) did not honor $USER", roken_get_username(buf, sizeof(buf))); ret++; } if (strcmp("/no/such/dir/h5lfoouser", roken_get_homedir(buf, sizeof(buf))) != 0) { warnx("roken_get_homedir() (%s) did not honor $HOME", roken_get_homedir(buf, sizeof(buf))); ret++; } if (strcmp(roken_get_appdatadir(buf, sizeof(buf)), roken_get_homedir(buf2, sizeof(buf2))) != 0) { warnx("roken_get_homedir() != roken_get_appdatadir() (%s)", roken_get_appdatadir(buf, sizeof(buf))); ret++; } if (strcmp("/no/such/shell", roken_get_shell(buf, sizeof(buf))) != 0) { warnx("roken_get_shell() (%s) did not honor $SHELL", roken_get_shell(buf, sizeof(buf))); ret++; } } return ret; #endif return 0; }
int k_hasafs(void) { #if !defined(NO_AFS) && defined(SIGSYS) RETSIGTYPE (*saved_func)(int); #endif int saved_errno, ret; char *env = NULL; if (!issuid()) env = getenv ("AFS_SYSCALL"); /* * Already checked presence of AFS syscalls? */ if (afs_entry_point != UNKNOWN_ENTRY_POINT) return afs_entry_point != NO_ENTRY_POINT; /* * Probe kernel for AFS specific syscalls, * they (currently) come in two flavors. * If the syscall is absent we recive a SIGSYS. */ afs_entry_point = NO_ENTRY_POINT; saved_errno = errno; #ifndef NO_AFS #ifdef SIGSYS saved_func = signal(SIGSYS, SIGSYS_handler); #endif if (env && strstr(env, "..") == NULL) { if (strncmp("/proc/", env, 6) == 0) { if (try_ioctlpath(env, VIOC_SYSCALL_PROC, LINUX_PROC_POINT) == 0) goto done; } if (strncmp("/dev/", env, 5) == 0) { #ifdef VIOC_SYSCALL_DEV if (try_ioctlpath(env, VIOC_SYSCALL_DEV, MACOS_DEV_POINT) == 0) goto done; #endif #ifdef VIOC_SYSCALL_DEV_OPENAFS if (try_ioctlpath(env,VIOC_SYSCALL_DEV_OPENAFS,MACOS_DEV_POINT) ==0) goto done; #endif } } ret = try_ioctlpath("/proc/fs/openafs/afs_ioctl", VIOC_SYSCALL_PROC, LINUX_PROC_POINT); if (ret == 0) goto done; ret = try_ioctlpath("/proc/fs/nnpfs/afs_ioctl", VIOC_SYSCALL_PROC, LINUX_PROC_POINT); if (ret == 0) goto done; #ifdef VIOC_SYSCALL_DEV_OPENAFS ret = try_ioctlpath("/dev/openafs_ioctl", VIOC_SYSCALL_DEV_OPENAFS, MACOS_DEV_POINT); if (ret == 0) goto done; #endif #ifdef VIOC_SYSCALL_DEV ret = try_ioctlpath("/dev/nnpfs_ioctl", VIOC_SYSCALL_DEV, MACOS_DEV_POINT); if (ret == 0) goto done; #endif #if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3) { int tmp; if (env != NULL) { if (sscanf (env, "%d", &tmp) == 1) { if (try_one (tmp) == 0) goto done; } else { char *end = NULL; char *p; char *s = strdup (env); if (s != NULL) { for (p = strtok_r (s, ",", &end); p != NULL; p = strtok_r (NULL, ",", &end)) { if (map_syscall_name_to_number (p, &tmp) == 0) if (try_one (tmp) == 0) { free (s); goto done; } } free (s); } } } } #endif /* AFS_SYSCALL || AFS_SYSCALL2 || AFS_SYSCALL3 */ #ifdef AFS_SYSCALL if (try_one (AFS_SYSCALL) == 0) goto done; #endif /* AFS_SYSCALL */ #ifdef AFS_PIOCTL { int tmp[2]; if (env != NULL && sscanf (env, "%d%d", &tmp[0], &tmp[1]) == 2) if (try_two (tmp[0], tmp[1]) == 2) goto done; } #endif /* AFS_PIOCTL */ #ifdef AFS_PIOCTL if (try_two (AFS_PIOCTL, AFS_SETPAG) == 0) goto done; #endif /* AFS_PIOCTL */ #ifdef AFS_SYSCALL2 if (try_one (AFS_SYSCALL2) == 0) goto done; #endif /* AFS_SYSCALL2 */ #ifdef AFS_SYSCALL3 if (try_one (AFS_SYSCALL3) == 0) goto done; #endif /* AFS_SYSCALL3 */ #ifdef _AIX #if 0 if (env != NULL) { char *pos = NULL; char *pioctl_name; char *setpag_name; pioctl_name = strtok_r (env, ", \t", &pos); if (pioctl_name != NULL) { setpag_name = strtok_r (NULL, ", \t", &pos); if (setpag_name != NULL) if (try_aix (pioctl_name, setpag_name) == 0) goto done; } } #endif if(try_aix() == 0) goto done; #endif done: #ifdef SIGSYS signal(SIGSYS, saved_func); #endif #endif /* NO_AFS */ errno = saved_errno; return afs_entry_point != NO_ENTRY_POINT; }
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_file_multi (krb5_context context, const char *fname, krb5_config_section **res) { const char *str; char *newfname = NULL; unsigned lineno = 0; krb5_error_code ret; struct fileptr f; /** * If the fname starts with "~/" parse configuration file in the * current users home directory. The behavior can be disabled and * enabled by calling krb5_set_home_dir_access(). */ if (fname[0] == '~' && fname[1] == '/') { #ifndef KRB5_USE_PATH_TOKENS const char *home = NULL; if (!_krb5_homedir_access(context)) { krb5_set_error_message(context, EPERM, "Access to home directory not allowed"); return EPERM; } if(!issuid()) home = getenv("HOME"); if (home == NULL) { struct passwd *pw = getpwuid(getuid()); if(pw != NULL) home = pw->pw_dir; } if (home) { asprintf(&newfname, "%s%s", home, &fname[1]); if (newfname == NULL) { krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } fname = newfname; } #else /* KRB5_USE_PATH_TOKENS */ if (asprintf(&newfname, "%%{USERCONFIG}%s", &fname[1]) < 0 || newfname == NULL) { krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } fname = newfname; #endif } if (is_plist_file(fname)) { #ifdef __APPLE__ ret = parse_plist_config(context, fname, res); if (ret) { krb5_set_error_message(context, ret, "Failed to parse plist %s", fname); if (newfname) free(newfname); return ret; } #else krb5_set_error_message(context, ENOENT, "no support for plist configuration files"); return ENOENT; #endif } else { #ifdef KRB5_USE_PATH_TOKENS char * exp_fname = NULL; ret = _krb5_expand_path_tokens(context, fname, &exp_fname); if (ret) { if (newfname) free(newfname); return ret; } if (newfname) free(newfname); fname = newfname = exp_fname; #endif f.f = fopen(fname, "r"); f.s = NULL; if(f.f == NULL) { ret = errno; krb5_set_error_message (context, ret, "open %s: %s", fname, strerror(ret)); if (newfname) free(newfname); return ret; } ret = krb5_config_parse_debug (&f, res, &lineno, &str); fclose(f.f); if (ret) { krb5_set_error_message (context, ret, "%s:%u: %s", fname, lineno, str); if (newfname) free(newfname); return ret; } } return 0; }
static OM_uint32 select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p, gss_OID *mech_p) { char mechbuf[64]; size_t mech_len; gss_OID_desc oid; gss_OID oidp; gss_OID_set mechs; int i; OM_uint32 ret, junk; ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1, sizeof(mechbuf), mechType, &mech_len); if (ret) { return GSS_S_DEFECTIVE_TOKEN; } oid.length = mech_len; oid.elements = mechbuf + sizeof(mechbuf) - mech_len; if (gss_oid_equal(&oid, GSS_SPNEGO_MECHANISM)) { return GSS_S_BAD_MECH; } *minor_status = 0; /* Translate broken MS Kebreros OID */ if (gss_oid_equal(&oid, &_gss_spnego_mskrb_mechanism_oid_desc)) oidp = &_gss_spnego_krb5_mechanism_oid_desc; else oidp = &oid; ret = gss_indicate_mechs(&junk, &mechs); if (ret) return (ret); for (i = 0; i < mechs->count; i++) if (gss_oid_equal(&mechs->elements[i], oidp)) break; if (i == mechs->count) { gss_release_oid_set(&junk, &mechs); return GSS_S_BAD_MECH; } gss_release_oid_set(&junk, &mechs); ret = gss_duplicate_oid(minor_status, &oid, /* possibly this should be oidp */ mech_p); if (verify_p) { gss_name_t name = GSS_C_NO_NAME; gss_buffer_desc namebuf; char *str = NULL, *host, hostname[MAXHOSTNAMELEN]; host = getenv("GSSAPI_SPNEGO_NAME"); if (host == NULL || issuid()) { if (gethostname(hostname, sizeof(hostname)) != 0) { *minor_status = errno; return GSS_S_FAILURE; } i = asprintf(&str, "host@%s", hostname); if (i < 0 || str == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; } host = str; } namebuf.length = strlen(host); namebuf.value = host; ret = gss_import_name(minor_status, &namebuf, GSS_C_NT_HOSTBASED_SERVICE, &name); if (str) free(str); if (ret != GSS_S_COMPLETE) return ret; ret = acceptor_approved(name, *mech_p); gss_release_name(&junk, &name); } return ret; }