Allow default realm to be overriden by extern variable

Cache default realm so that we don't have to repeatedly open /etc/krb.conf.
(Also prevents possible security problems if /etc/krb.conf is over the network,
and an attacker spoofs /etc/krb.conf for some calls to get_default_realm,
but not all of them.)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@3726 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/os/def_realm.c b/src/lib/krb5/os/def_realm.c
index 247d161c706ffc2f637392a902735fc344856804..809ee44051da373652a3181306a837d96b0f9f05 100644 (file)
--- a/src/lib/krb5/os/def_realm.c
+++ b/src/lib/krb5/os/def_realm.c
@@ -51,24 +51,57 @@ static char rcsid_def_realm_c[] =
 
 extern char *krb5_config_file;         /* extern so can be set at
                                           load/runtime */
+
+/*
+ * In case the program wants to override this.
+ */
+extern char *krb5_override_default_realm;
+
+char *krb5_override_default_realm = 0;
+
 krb5_error_code
 krb5_get_default_realm(lrealm)
 char **lrealm;
 {
     FILE *config_file;
     char realmbuf[BUFSIZ];
+    static char *saved_realm = 0;
+    char *realm;
     char *cp;
 
-    if (!(config_file = fopen(krb5_config_file, "r")))
-       /* can't open */
-       return KRB5_CONFIG_CANTOPEN;
+    if (krb5_override_default_realm)
+           realm = krb5_override_default_realm;
+    else if (saved_realm)
+           realm = saved_realm;
+    else {
+           if (!(config_file = fopen(krb5_config_file, "r")))
+                   /* can't open */
+                   return KRB5_CONFIG_CANTOPEN;
+
+           if (fgets(realmbuf, sizeof(realmbuf), config_file) == NULL) {
+                   fclose(config_file);
+                   return(KRB5_CONFIG_BADFORMAT);
+           }
+           fclose(config_file);
+           
+           realmbuf[BUFSIZ-1] = '0';
+           cp = strchr(realmbuf, '\n');
+           if (cp)
+                   *cp = '\0';
+           cp = strchr(realmbuf, ' ');
+           if (cp)
+                   *cp = '\0';
+
+           saved_realm = malloc(strlen (realmbuf) + 1);
+           if (!saved_realm)
+                   return ENOMEM;
+
+           strcpy(saved_realm, realmbuf);
 
-    if (fscanf(config_file, "%s", realmbuf) != 1) {
-       fclose(config_file);
-       return( KRB5_CONFIG_BADFORMAT);
+           realm = saved_realm;
     }
-    fclose(config_file);
-    if (!(*lrealm = cp = malloc((unsigned int) strlen(realmbuf) + 1)))
+    
+    if (!(*lrealm = cp = malloc((unsigned int) strlen(realm) + 1)))
            return ENOMEM;
     strcpy(cp, realmbuf);
     return(0);