From 042eeabbeca9802001b5499ab299dd244094f4c9 Mon Sep 17 00:00:00 2001 From: tholo Date: Thu, 14 Dec 1995 08:43:39 +0000 Subject: [PATCH] Do not use hardcoded realm or host names --- kerberosIV/acl/acl_files.c | 21 +++++++++++++-------- kerberosIV/include/kerberosIV/acl.h | 4 ++-- kerberosIV/include/kerberosIV/krb.h | 10 ++-------- kerberosIV/include/kerberosIV/site.h | 6 +----- kerberosIV/kadmin/kadmin.c | 23 ++++++++++++++++++----- kerberosIV/kadmind/kadm_ser_wrap.c | 10 +++++++--- kerberosIV/kdb_init/kdb_init.c | 23 +++++++++++++++++------ kerberosIV/kprop/kprop.c | 12 ++++++++++-- kerberosIV/kpropd/kpropd.c | 14 +++++++++++--- kerberosIV/krb/decomp_ticket.c | 7 +++---- kerberosIV/krb/get_krbhst.c | 13 +++---------- kerberosIV/krb/get_krbrlm.c | 11 ++--------- kerberosIV/krb/get_pw_tkt.c | 11 +++++++++-- kerberosIV/ksrvutil/ksrvutil.c | 22 +++++++++++++++------- 14 files changed, 113 insertions(+), 74 deletions(-) diff --git a/kerberosIV/acl/acl_files.c b/kerberosIV/acl/acl_files.c index cc9dd5e313a..03dd041d60b 100644 --- a/kerberosIV/acl/acl_files.c +++ b/kerberosIV/acl/acl_files.c @@ -1,4 +1,4 @@ -/* $Id: acl_files.c,v 1.1.1.1 1995/12/14 06:52:36 tholo Exp $ */ +/* $Id: acl_files.c,v 1.2 1995/12/14 08:43:39 tholo Exp $ */ /*- * Copyright (C) 1989 by the Massachusetts Institute of Technology @@ -66,7 +66,7 @@ /* If realm is missing, it becomes the local realm */ /* Canonicalized form is put in canon, which must be big enough to hold MAX_PRINCIPAL_SIZE characters */ -void +int acl_canonicalize_principal(principal, canon) char *principal; char *canon; @@ -84,7 +84,7 @@ acl_canonicalize_principal(principal, canon) /* Copy into canon */ strncpy(canon, principal, MAX_PRINCIPAL_SIZE); canon[MAX_PRINCIPAL_SIZE-1] = '\0'; - return; + return(0); } else { /* Nope, it's part of the realm */ dot = NULL; @@ -122,8 +122,9 @@ acl_canonicalize_principal(principal, canon) canon += len; *canon++ = '\0'; } else if(krb_get_lrealm(canon, 1) != KSUCCESS) { - strcpy(canon, KRB_REALM); + return(-1); } + return(0); } /* Get a lock to modify acl_file */ @@ -438,7 +439,8 @@ acl_load(name) acl_cache[i].acl = make_hash(ACL_LEN); while(fgets(buf, sizeof(buf), f) != NULL) { nuke_whitespace(buf); - acl_canonicalize_principal(buf, canon); + if (acl_canonicalize_principal(buf, canon) < 0) + return(-1); add_hash(acl_cache[i].acl, canon); } fclose(f); @@ -472,7 +474,8 @@ acl_check(acl, principal) char canon[MAX_PRINCIPAL_SIZE]; char *realm; - acl_canonicalize_principal(principal, canon); + if (acl_canonicalize_principal(principal, canon) < 0) + return(0); /* Is it there? */ if(acl_exact_match(acl, canon)) return(1); @@ -502,7 +505,8 @@ acl_add(acl, principal) FILE *new; char canon[MAX_PRINCIPAL_SIZE]; - acl_canonicalize_principal(principal, canon); + if (acl_canonicalize_principal(principal, canon) < 0) + return(-1); if((new = acl_lock_file(acl)) == NULL) return(-1); if((acl_exact_match(acl, canon)) @@ -537,7 +541,8 @@ acl_delete(acl, principal) FILE *new; char canon[MAX_PRINCIPAL_SIZE]; - acl_canonicalize_principal(principal, canon); + if (acl_canonicalize_principal(principal, canon) < 0) + return(-1); if((new = acl_lock_file(acl)) == NULL) return(-1); if((!acl_exact_match(acl, canon)) diff --git a/kerberosIV/include/kerberosIV/acl.h b/kerberosIV/include/kerberosIV/acl.h index 0a3ce5c5fea..ce170746f00 100644 --- a/kerberosIV/include/kerberosIV/acl.h +++ b/kerberosIV/include/kerberosIV/acl.h @@ -1,11 +1,11 @@ -/* $Id: acl.h,v 1.1.1.1 1995/12/14 06:52:34 tholo Exp $ */ +/* $Id: acl.h,v 1.2 1995/12/14 08:43:41 tholo Exp $ */ #ifndef __ACL_H #define __ACL_H #include -void acl_canonicalize_principal __P((char *principal, char *canon)); +int acl_canonicalize_principal __P((char *principal, char *canon)); int acl_initialize __P((char *acl_file, int perm)); int acl_exact_match __P((char *acl, char *principal)); int acl_check __P((char *acl, char *principal)); diff --git a/kerberosIV/include/kerberosIV/krb.h b/kerberosIV/include/kerberosIV/krb.h index dc8c0435e32..f2865abd95a 100644 --- a/kerberosIV/include/kerberosIV/krb.h +++ b/kerberosIV/include/kerberosIV/krb.h @@ -1,4 +1,4 @@ -/* $Id: krb.h,v 1.1.1.1 1995/12/14 06:52:34 tholo Exp $ */ +/* $Id: krb.h,v 1.2 1995/12/14 08:43:42 tholo Exp $ */ /*- * Copyright 1987, 1988 by the Student Information Processing Board @@ -54,13 +54,7 @@ extern const char *krb_err_txt[MAX_KRB_ERRORS]; * * KRBLOG is the log file for the kerberos master server. KRB_CONF is * the configuration file where different host machines running master - * and slave servers can be found. KRB_MASTER is the name of the - * machine with the master database. The admin_server runs on this - * machine, and all changes to the db (as opposed to read-only - * requests, which can go to slaves) must go to it. KRB_HOST is the - * default machine * when looking for a kerberos slave server. Other - * possibilities are * in the KRB_CONF file. KRB_REALM is the name of - * the realm. + * and slave servers can be found. */ /* The maximum sizes for aname, realm, sname, and instance +1 */ diff --git a/kerberosIV/include/kerberosIV/site.h b/kerberosIV/include/kerberosIV/site.h index d3191ed8d63..179a579c5bf 100644 --- a/kerberosIV/include/kerberosIV/site.h +++ b/kerberosIV/include/kerberosIV/site.h @@ -1,4 +1,4 @@ -/* $Id: site.h,v 1.1.1.1 1995/12/14 06:52:35 tholo Exp $ */ +/* $Id: site.h,v 1.2 1995/12/14 08:43:43 tholo Exp $ */ /* * Site-specific definitions. @@ -23,10 +23,6 @@ #define KRBLOG "/var/log/kerberos.log" /* master server */ #define KRBSLAVELOG "/var/log/kerberos_slave.log" /* master (?) server */ -#define KRB_MASTER "kerberos" -#define KRB_HOST "kowande.bu.oz.au" -#define KRB_REALM "KOWANDE.BU.OZ.AU" - /* from: kadm_server.h */ /* the default syslog file */ #define KADM_SYSLOG "/var/log/admin_server.log" diff --git a/kerberosIV/kadmin/kadmin.c b/kerberosIV/kadmin/kadmin.c index e5581f5f71e..2cb575103c3 100644 --- a/kerberosIV/kadmin/kadmin.c +++ b/kerberosIV/kadmin/kadmin.c @@ -1,4 +1,4 @@ -/* $Id: kadmin.c,v 1.1.1.1 1995/12/14 06:52:48 tholo Exp $ */ +/* $Id: kadmin.c,v 1.2 1995/12/14 08:43:44 tholo Exp $ */ /* * Copyright (C) 1989 by the Massachusetts Institute of Technology @@ -287,6 +287,7 @@ static int inited = 0; static void do_init(int argc, char **argv) { + char *dot, admin[MAXHOSTNAMELEN]; struct passwd *pw; int c; #define OPTION_STRING "u:r:m" @@ -298,14 +299,21 @@ do_init(int argc, char **argv) * This is only as a default/initial realm; we don't care * about failure. */ - if (krb_get_lrealm(default_realm, 1) != KSUCCESS) - strcpy(default_realm, KRB_REALM); + if (krb_get_lrealm(default_realm, 1) != KSUCCESS) { + fprintf(stderr, + "Could not determine local realm name.\n"); + } + + c = krb_get_admhst(admin, default_realm, 1); + if (c == KSUCCESS && (dot = strchr(admin, '.')) != NULL) + *dot = '\0'; /* * If we can reach the local realm, initialize to it. Otherwise, * don't initialize. */ - if (kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm) != KADM_SUCCESS) + if (c == KSUCCESS && + kadm_init_link(PWSERV_NAME, admin, default_realm) != KADM_SUCCESS) bzero(krbrlm, sizeof(krbrlm)); else strcpy(krbrlm, default_realm); @@ -370,6 +378,7 @@ main(int argc, char **argv) static int setvals(Kadm_vals *vals, char *string) { + char *dot, admin[MAXHOSTNAMELEN]; char realm[REALM_SZ]; int status = KADM_SUCCESS; @@ -385,8 +394,12 @@ setvals(Kadm_vals *vals, char *string) if (!realm[0]) strcpy(realm, default_realm); if (strcmp(realm, krbrlm)) { + if ((status = krb_get_admhst(admin, realm, 1)) != KSUCCESS) + return(status); + if (status == KSUCCESS && (dot = strchr(admin, '.')) != NULL) + *dot = '\0'; strcpy(krbrlm, realm); - if ((status = kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm)) + if ((status = kadm_init_link(PWSERV_NAME, admin, krbrlm)) != KADM_SUCCESS) printf("kadm error for realm %s: %s\n", krbrlm, error_message(status)); diff --git a/kerberosIV/kadmind/kadm_ser_wrap.c b/kerberosIV/kadmind/kadm_ser_wrap.c index 62430414e72..543b6565540 100644 --- a/kerberosIV/kadmind/kadm_ser_wrap.c +++ b/kerberosIV/kadmind/kadm_ser_wrap.c @@ -1,4 +1,4 @@ -/* $Id: kadm_ser_wrap.c,v 1.1.1.1 1995/12/14 06:52:49 tholo Exp $ */ +/* $Id: kadm_ser_wrap.c,v 1.2 1995/12/14 08:43:45 tholo Exp $ */ /*- * Copyright (C) 1989 by the Massachusetts Institute of Technology @@ -46,7 +46,7 @@ kadm_ser_init(int inter, char *realm) { struct servent *sep; struct hostent *hp; - char hostname[MAXHOSTNAMELEN]; + char *dot, admin[MAXHOSTNAMELEN], hostname[MAXHOSTNAMELEN]; (void) init_kadm_err_tbl(); (void) init_krb_err_tbl(); @@ -54,7 +54,11 @@ kadm_ser_init(int inter, char *realm) return KADM_NO_HOSTNAME; (void) strcpy(server_parm.sname, PWSERV_NAME); - (void) strcpy(server_parm.sinst, KRB_MASTER); + if (krb_get_admhst(admin, realm, 1) != KSUCCESS) + return KADM_NO_MAST; + if ((dot = strchr(server_parm.sinst, '.')) != NULL) + *dot = '\0'; + (void) strcpy(server_parm.sinst, admin); (void) strcpy(server_parm.krbrlm, realm); server_parm.admin_fd = -1; diff --git a/kerberosIV/kdb_init/kdb_init.c b/kerberosIV/kdb_init/kdb_init.c index 9866e5466c9..035a2b6e16a 100644 --- a/kerberosIV/kdb_init/kdb_init.c +++ b/kerberosIV/kdb_init/kdb_init.c @@ -1,4 +1,4 @@ -/* $Id: kdb_init.c,v 1.1.1.1 1995/12/14 06:52:42 tholo Exp $ */ +/* $Id: kdb_init.c,v 1.2 1995/12/14 08:43:47 tholo Exp $ */ /*- * Copyright 1987, 1988 by the Student Information Processing Board @@ -23,6 +23,7 @@ */ #include +#include enum ap_op { NULL_KEY, /* setup null keys */ @@ -100,8 +101,9 @@ add_principal(char *name, char *instance, enum ap_op aap_op) int main(int argc, char **argv) { - char realm[REALM_SZ]; - char *cp; + char admin[MAXHOSTNAMELEN]; + char realm[REALM_SZ], defrealm[REALM_SZ]; + char *cp, *dot; int code; char *database; @@ -128,7 +130,9 @@ main(int argc, char **argv) if (argc == 2) strncpy(realm, argv[1], REALM_SZ); else { - fprintf(stderr, "Realm name [default %s ]: ", KRB_REALM); + if (krb_get_lrealm(defrealm, 1) != KSUCCESS) + strcpy(defrealm, "NONE"); + fprintf(stderr, "Realm name [default %s ]: ", defrealm); if (fgets(realm, sizeof(realm), stdin) == NULL) { fprintf(stderr, "\nEOF reading realm\n"); exit(1); @@ -136,7 +140,7 @@ main(int argc, char **argv) if ((cp = strchr(realm, '\n'))) *cp = '\0'; if (!*realm) /* no realm given */ - strcpy(realm, KRB_REALM); + strcpy(realm, defrealm); } if (!k_isrealm(realm)) { fprintf(stderr, "%s: Bad kerberos realm name \"%s\"\n", @@ -152,6 +156,13 @@ main(int argc, char **argv) exit (-1); } + if (krb_get_admhst(admin, realm, 1) != KSUCCESS) { + fprintf (stderr, "Couldn't get admin server.\n"); + exit (-1); + } + if ((dot = strchr(admin, '.')) != NULL) + *dot = '\0'; + /* Initialize non shared random sequence */ des_init_random_number_generator(&master_key); @@ -159,7 +170,7 @@ main(int argc, char **argv) add_principal(KERB_M_NAME, KERB_M_INST, MASTER_KEY) || add_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, NULL_KEY) || add_principal("krbtgt", realm, RANDOM_KEY) || - add_principal("changepw", KRB_MASTER, RANDOM_KEY) + add_principal("changepw", admin, RANDOM_KEY) ) { fprintf(stderr, "\n%s: couldn't initialize database.\n", progname); diff --git a/kerberosIV/kprop/kprop.c b/kerberosIV/kprop/kprop.c index b61cb791f32..b0d6a58aa8d 100644 --- a/kerberosIV/kprop/kprop.c +++ b/kerberosIV/kprop/kprop.c @@ -1,4 +1,4 @@ -/* $Id: kprop.c,v 1.1.1.1 1995/12/14 06:52:49 tholo Exp $ */ +/* $Id: kprop.c,v 1.2 1995/12/14 08:43:48 tholo Exp $ */ /*- * Copyright 1987 by the Massachusetts Institute of Technology. @@ -126,6 +126,7 @@ int get_slaves(struct slave_host **psl, char *file, time_t ok_mtime) static int prop_to_slaves(struct slave_host *sl, int fd, char *fslv) { + char *dot, admin[MAXHOSTNAMELEN]; char buf[KPROP_BUFSIZ]; char obuf[KPROP_BUFSIZ + 64 /* leave room for private msg overhead */ ]; struct servent *sp; @@ -215,11 +216,18 @@ prop_to_slaves(struct slave_host *sl, int fd, char *fslv) /* copy it to make sure gethostbyname static doesn't * screw us. */ strcpy (kprop_service_instance, p_my_host_name); + + if (krb_get_admhst(admin, my_realm, 1) != KSUCCESS) { + fprintf (stderr, "Could not get admin host.\n"); + break; + } + if ((dot = strchr(admin, '.')) != NULL) + *dot = '\0'; kerror = krb_get_svc_in_tkt (KPROP_SERVICE_NAME, #if 0 kprop_service_instance, #else - KRB_MASTER, + admin, #endif my_realm, TGT_SERVICE_NAME, diff --git a/kerberosIV/kpropd/kpropd.c b/kerberosIV/kpropd/kpropd.c index 91b547a4c43..4e27c37fc3a 100644 --- a/kerberosIV/kpropd/kpropd.c +++ b/kerberosIV/kpropd/kpropd.c @@ -1,4 +1,4 @@ -/* $Id: kpropd.c,v 1.1.1.1 1995/12/14 06:52:52 tholo Exp $ */ +/* $Id: kpropd.c,v 1.2 1995/12/14 08:43:50 tholo Exp $ */ /*- * Copyright 1987 by the Massachusetts Institute of Technology. @@ -14,6 +14,7 @@ #include #include +#include static char *kdb_util_path = "kdb_util"; @@ -138,7 +139,8 @@ main(int argc, char **argv) char local_file[256]; char local_temp[256]; struct hostent *hp; - char hostname[256]; + char *dot, admin[MAXHOSTNAMELEN]; + char hostname[MAXHOSTNAMELEN]; char from_str[128]; long kerror; AUTH_DAT auth_dat; @@ -315,9 +317,15 @@ main(int argc, char **argv) /* AUTHORIZATION is done here. We might want to expand this to * read an acl file at some point, but allowing for now * KPROP_SERVICE_NAME.KRB_MASTER@local-realm is fine ... */ + if (krb_get_admhst(admin, my_realm, 1) != KSUCCESS) { + klog (L_KRB_PERR, "Unable to get admin host"); + SlowDeath(); + } + if ((dot = strchr(admin, '.')) != NULL) + *dot = '\0'; if ((strcmp (KPROP_SERVICE_NAME, auth_dat.pname) != 0) || - (strcmp (KRB_MASTER, auth_dat.pinst) != 0) || + (strcmp (admin, auth_dat.pinst) != 0) || (strcmp (my_realm, auth_dat.prealm) != 0)) { klog (L_KRB_PERR, "Authorization denied!"); SlowDeath(); diff --git a/kerberosIV/krb/decomp_ticket.c b/kerberosIV/krb/decomp_ticket.c index c8778dc0807..6c41b5f1da5 100644 --- a/kerberosIV/krb/decomp_ticket.c +++ b/kerberosIV/krb/decomp_ticket.c @@ -35,8 +35,7 @@ or implied warranty. * fills in values for its arguments. * * Note: if the client realm field in the ticket is the null string, - * then the "prealm" variable is filled in with the local realm (as - * defined by KRB_REALM). + * then the "prealm" variable is filled in with the local realm. * * If the ticket byte order is different than the host's byte order * (as indicated by the byte order bit of the "flags" field), then @@ -103,8 +102,8 @@ decomp_ticket(tkt, flags, pname, pinstance, prealm, paddress, session, (void) strcpy(prealm,ptr); /* realm */ ptr += strlen(prealm) + 1; /* temporary hack until realms are dealt with properly */ - if (*prealm == 0) - (void) strcpy(prealm,KRB_REALM); + if (*prealm == 0 && krb_get_lrealm(prealm, 1) != KSUCCESS) + return(KFAILURE); bcopy(ptr,(char *)paddress,4); /* net address */ ptr += 4; diff --git a/kerberosIV/krb/get_krbhst.c b/kerberosIV/krb/get_krbhst.c index 3b386c87393..05dfa6bfb0b 100644 --- a/kerberosIV/krb/get_krbhst.c +++ b/kerberosIV/krb/get_krbhst.c @@ -38,10 +38,8 @@ or implied warranty. * returns (in h) the nth entry from the configuration file (KRB_CONF, * defined in "krb.h") associated with the specified realm. * - * On end-of-file, krb_get_krbhst returns KFAILURE. If n=1 and the - * configuration file does not exist, krb_get_krbhst will return KRB_HOST - * (also defined in "krb.h"). If all goes well, the routine returnes - * KSUCCESS. + * On end-of-file, krb_get_krbhst returns KFAILURE. If all goes well, + * the routine returns KSUCCESS. * * The KRB_CONF file contains the name of the local realm in the first * line (not used by this routine), followed by lines indicating realm/host @@ -78,12 +76,7 @@ krb_get_krbhst(h, r, n) strncat(tbuf, "/krb.conf", sizeof(tbuf)); tbuf[sizeof(tbuf)-1] = 0; if ((cnffile = fopen(tbuf,"r")) == NULL) - if (n==1) { - (void) strcpy(h,KRB_HOST); - return(KSUCCESS); - } - else - return(KFAILURE); + return(KFAILURE); } if (fscanf(cnffile,"%s",tr) == EOF) return(KFAILURE); diff --git a/kerberosIV/krb/get_krbrlm.c b/kerberosIV/krb/get_krbrlm.c index 1c8ea6e81c0..d6892a2ddfe 100644 --- a/kerberosIV/krb/get_krbrlm.c +++ b/kerberosIV/krb/get_krbrlm.c @@ -33,9 +33,7 @@ or implied warranty. * krb_get_lrealm takes a pointer to a string, and a number, n. It fills * in the string, r, with the name of the nth realm specified on the * first line of the kerberos config file (KRB_CONF, defined in "krb.h"). - * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the - * config file does not exist, and if n=1, a successful return will occur - * with r = KRB_REALM (also defined in "krb.h"). + * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. * * NOTE: for archaic & compatibility reasons, this routine will only return * valid results when n = 1. @@ -61,12 +59,7 @@ krb_get_lrealm(r, n) strncat(tbuf, "/krb.conf", sizeof(tbuf)); tbuf[sizeof(tbuf)-1] = 0; if ((cnffile = fopen(tbuf,"r")) == NULL) - if (n == 1) { - (void) strcpy(r, KRB_REALM); - return(KSUCCESS); - } - else - return(KFAILURE); + return(KFAILURE); } if (fscanf(cnffile,"%s",r) != 1) { diff --git a/kerberosIV/krb/get_pw_tkt.c b/kerberosIV/krb/get_pw_tkt.c index a94ff237f52..504f5c81099 100644 --- a/kerberosIV/krb/get_pw_tkt.c +++ b/kerberosIV/krb/get_pw_tkt.c @@ -28,6 +28,7 @@ or implied warranty. */ #include "krb_locl.h" +#include /* * Get a ticket for the password-changing server ("changepw.KRB_MASTER"). @@ -66,17 +67,23 @@ get_pw_tkt(user, instance, realm, cpw) char *realm; char *cpw; { + char *dot, admin[MAXHOSTNAMELEN]; int kerror; + if ((kerror = krb_get_admhst(admin, realm, 1)) != KSUCCESS) + return(GT_PW_BADPW); + if ((dot = strchr(admin, '.')) != NULL) + *dot = '\0'; + kerror = krb_get_pw_in_tkt(user, instance, realm, "changepw", - KRB_MASTER, 1, cpw); + admin, 1, cpw); if (kerror == INTK_BADPW) return(GT_PW_BADPW); if (kerror == KDC_NULL_KEY) { kerror = krb_get_pw_in_tkt("default","changepw",realm,"changepw", - KRB_MASTER,1,"changepwkrb"); + admin,1,"changepwkrb"); if (kerror) return(kerror); return(GT_PW_NULL); diff --git a/kerberosIV/ksrvutil/ksrvutil.c b/kerberosIV/ksrvutil/ksrvutil.c index 96dfb4174e0..32486110522 100644 --- a/kerberosIV/ksrvutil/ksrvutil.c +++ b/kerberosIV/ksrvutil/ksrvutil.c @@ -1,4 +1,4 @@ -/* $Id: ksrvutil.c,v 1.1.1.1 1995/12/14 06:52:53 tholo Exp $ */ +/* $Id: ksrvutil.c,v 1.2 1995/12/14 08:43:56 tholo Exp $ */ /*- * Copyright (C) 1989 by the Massachusetts Institute of Technology @@ -232,11 +232,17 @@ print_name(char *name, char *inst, char *realm) static int get_svc_new_key(unsigned char *new_key, char *sname, char *sinst, char *srealm, char *keyfile) { - int status = KADM_SUCCESS; - + char *dot, admin[MAXHOSTNAMELEN]; + int status; + + if ((status = krb_get_admhst(admin, srealm, 1)) != KSUCCESS) + return(status); + if ((dot = strchr(admin, '.')) != NULL) + *dot = '\0'; + status = KADM_SUCCESS; if (((status = krb_get_svc_in_tkt(sname, sinst, srealm, PWSERV_NAME, KADM_SINST, 1, keyfile)) == KSUCCESS) && - ((status = kadm_init_link("changepw", KRB_MASTER, srealm)) == + ((status = kadm_init_link("changepw", admin, srealm)) == KADM_SUCCESS)) { #ifdef NOENCRYPTION (void) bzero((char *) new_key, sizeof(des_cblock)); @@ -323,8 +329,10 @@ main(int argc, char **argv) krb_set_tkt_string(change_tkt); /* This is used only as a default for adding keys */ - if (krb_get_lrealm(local_realm, 1) != KSUCCESS) - (void) strcpy(local_realm, KRB_REALM); + if (krb_get_lrealm(local_realm, 1) != KSUCCESS) { + (void) fprintf(stderr, "%s: Unable to find local realm name\n", argv[0]); + exit(1); + } for (i = 1; i < argc; i++) { if (strcmp(argv[i], "-i") == 0) @@ -593,7 +601,7 @@ ksrvutil_get() char local_hostname[100]; if (krb_get_lrealm(local_realm, 1) != KSUCCESS) - strcpy(local_realm, KRB_REALM); + strcpy(local_realm, ""); gethostname(local_hostname, sizeof(local_hostname)); strcpy(local_hostname, krb_get_phost(local_hostname)); do { -- 2.20.1