Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 16 May 2013 00:56:42 +0000 (UTC)
From:      Rick Macklem <rmacklem@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject:   svn commit: r250690 - stable/9/kerberos5/lib/libgssapi_krb5
Message-ID:  <201305160056.r4G0ugQ8084078@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: rmacklem
Date: Thu May 16 00:56:41 2013
New Revision: 250690
URL: http://svnweb.freebsd.org/changeset/base/250690

Log:
  MFC: r250177
  Fix the getpwnam_r() call in the pname_to_uid() kerberos library function so
  that it handles the ERANGE error return case. Without this fix, authentication
  of users for certain system setups could fail unexpectedly.

Modified:
  stable/9/kerberos5/lib/libgssapi_krb5/pname_to_uid.c
Directory Properties:
  stable/9/kerberos5/lib/libgssapi_krb5/   (props changed)

Modified: stable/9/kerberos5/lib/libgssapi_krb5/pname_to_uid.c
==============================================================================
--- stable/9/kerberos5/lib/libgssapi_krb5/pname_to_uid.c	Thu May 16 00:52:08 2013	(r250689)
+++ stable/9/kerberos5/lib/libgssapi_krb5/pname_to_uid.c	Thu May 16 00:56:41 2013	(r250690)
@@ -26,6 +26,7 @@
  */
 /* $FreeBSD$ */
 
+#include <errno.h>
 #include <pwd.h>
 
 #include "krb5/gsskrb5_locl.h"
@@ -37,8 +38,12 @@ _gsskrb5_pname_to_uid(OM_uint32 *minor_s
 	krb5_context context;
 	krb5_const_principal name = (krb5_const_principal) pname;
 	krb5_error_code kret;
-	char lname[MAXLOGNAME + 1], buf[128];
+	char lname[MAXLOGNAME + 1], buf[1024], *bufp;
 	struct passwd pwd, *pw;
+	size_t buflen;
+	int error;
+	OM_uint32 ret;
+	static size_t buflen_hint = 1024;
 
 	GSSAPI_KRB5_INIT (&context);
 
@@ -49,11 +54,30 @@ _gsskrb5_pname_to_uid(OM_uint32 *minor_s
 	}
 
 	*minor_status = 0;
-	getpwnam_r(lname, &pwd, buf, sizeof(buf), &pw);
+	buflen = buflen_hint;
+	for (;;) {
+		pw = NULL;
+		bufp = buf;
+		if (buflen > sizeof(buf))
+			bufp = malloc(buflen);
+		if (bufp == NULL)
+			break;
+		error = getpwnam_r(lname, &pwd, bufp, buflen, &pw);
+		if (error != ERANGE)
+			break;
+		if (buflen > sizeof(buf))
+			free(bufp);
+		buflen += 1024;
+		if (buflen > buflen_hint)
+			buflen_hint = buflen;
+	}
 	if (pw) {
 		*uidp = pw->pw_uid;
-		return (GSS_S_COMPLETE);
+		ret = GSS_S_COMPLETE;
 	} else {
-		return (GSS_S_FAILURE);
+		ret = GSS_S_FAILURE;
 	}
+	if (bufp != NULL && buflen > sizeof(buf))
+		free(bufp);
+	return (ret);
 }

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201305160056.r4G0ugQ8084078>