* init_os_ctx.c (krb5_secure_config_files): New function that

		will set flag and path to prevent user from overriding
		configuration files with environment variables.

This is intended for those pesky suid root programs so that they cannot
break security as easily...

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6928 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/os/ChangeLog b/src/lib/krb5/os/ChangeLog
index c488e188aa57b3d642a592b5839998de7d5f6a4a..92b694788604d127cb0e47e902223b2900439280 100644 (file)
--- a/src/lib/krb5/os/ChangeLog
+++ b/src/lib/krb5/os/ChangeLog
@@ -1,3 +1,9 @@
+Thu Oct  5 07:49:26 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>
+
+       * init_os_ctx.c (krb5_secure_config_files): New function that 
+               will set flag and path to prevent user from overriding
+               configuration files with environment variables.
+
 Mon Oct  2 17:36:38 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>
 
        * init_os_ctx.c (krb5_os_init_context): Put back in the

diff --git a/src/lib/krb5/os/init_os_ctx.c b/src/lib/krb5/os/init_os_ctx.c
index 9d21c9423edbe983567fbbe0b2ed153af3cc5bfd..ea5d80af7b45a55fb9e966d6fe0c1043a254d8fc 100644 (file)
--- a/src/lib/krb5/os/init_os_ctx.c
+++ b/src/lib/krb5/os/init_os_ctx.c
@@ -95,29 +95,19 @@ char        pathbuf[255];
 }
 #endif
 
-krb5_error_code
-krb5_os_init_context(ctx)
+/* Set the profile paths in the context. If secure is set to TRUE then 
+   do not include user paths (from environment variables, etc.)
+*/
+static krb5_error_code
+os_init_paths(ctx, secure)
        krb5_context ctx;
+       krb5_boolean secure;
 {
-       krb5_os_context os_ctx;
        krb5_error_code retval = 0;
-       char *name;
+       char *name = 0;
        const char *filenames[2];
-       
-       if (ctx->os_context)
-               return 0;
-
-       os_ctx = malloc(sizeof(struct _krb5_os_context));
-       if (!os_ctx)
-               return ENOMEM;
-       memset(os_ctx, 0, sizeof(struct _krb5_os_context));
-       os_ctx->magic = KV5M_OS_CONTEXT;
-
-       ctx->os_context = (void *) os_ctx;
 
-       os_ctx->time_offset = 0;
-       os_ctx->usec_offset = 0;
-       os_ctx->os_flags = 0;
+       ctx->profile_secure = secure;
 
 #ifdef _WINDOWS
     {
@@ -147,7 +137,7 @@ krb5_os_init_context(ctx)
         * When the profile routines are later enhanced, we will try
         * including a config file from user's home directory here.
         */
-        name = getenv("KRB5_CONFIG");
+        if (!secure) name = getenv("KRB5_CONFIG");
        if(!name) name = DEFAULT_PROFILE_PATH;
 
        retval = profile_init_path(name, &ctx->profile);
@@ -157,6 +147,35 @@ krb5_os_init_context(ctx)
        if (retval)
            ctx->profile = 0;
 
+       return retval;
+}
+
+krb5_error_code
+krb5_os_init_context(ctx)
+       krb5_context ctx;
+{
+       krb5_os_context os_ctx;
+       krb5_error_code retval = 0;
+       char *name;
+       const char *filenames[2];
+       
+       if (ctx->os_context)
+               return 0;
+
+       os_ctx = malloc(sizeof(struct _krb5_os_context));
+       if (!os_ctx)
+               return ENOMEM;
+       memset(os_ctx, 0, sizeof(struct _krb5_os_context));
+       os_ctx->magic = KV5M_OS_CONTEXT;
+
+       ctx->os_context = (void *) os_ctx;
+
+       os_ctx->time_offset = 0;
+       os_ctx->usec_offset = 0;
+       os_ctx->os_flags = 0;
+
+       retval = os_init_paths(ctx, FALSE);
+
        /*
         * We ignore errors if the profile can not be initialized,
         * since there must be a way to get a context even if the
@@ -185,6 +204,22 @@ krb5_set_config_files(ctx, filenames)
        return 0;
 }
 
+krb5_error_code INTERFACE
+krb5_secure_config_files(ctx)
+       krb5_context ctx;
+{
+       krb5_error_code retval;
+       
+       if (ctx->profile) {
+               profile_release(ctx->profile);
+               ctx->profile = 0;
+       }
+
+       retval = os_init_paths(ctx, TRUE);
+
+       return retval;
+}
+
 void
 krb5_os_free_context(ctx)
        krb5_context    ctx;