From 9b827a8bfac032fa284e7bb23cbed6cf00bc0d05 Mon Sep 17 00:00:00 2001
From: D Brashear <shadow@your-file-system.com>
Date: Wed, 16 Apr 2014 10:35:57 -0400
Subject: [PATCH] auth: check for keytab before using in akimpersonate

Heimdal 1.5.2 happily tries to dereference a keytab file even if
none is there. if we have a FILE: type, stat it before use

1.6 only change: master uses KeyFileExt

FIXES 131852

Change-Id: I939eb9e47d2dbbef75c2a64724fdb9111f600150
Reviewed-on: http://gerrit.openafs.org/11075
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
---
 src/auth/akimpersonate.c | 37 +++++++++++++++++++++++++++++++++----
 1 file changed, 33 insertions(+), 4 deletions(-)

diff --git a/src/auth/akimpersonate.c b/src/auth/akimpersonate.c
index d5222044d..1ecf71e66 100644
--- a/src/auth/akimpersonate.c
+++ b/src/auth/akimpersonate.c
@@ -68,6 +68,9 @@
 #define KERBEROS_APPLE_DEPRECATED(x)
 #include <krb5.h>
 
+#include <string.h>
+#include <sys/stat.h>
+
 #include "akimpersonate.h"
 #include "akimpersonate_v5gen.h"
 
@@ -680,6 +683,9 @@ get_credv5_akimpersonate(krb5_context context, char* keytab,
 			 time_t endtime, const int *allowed_enctypes,
 			 krb5_creds** out_creds /* out */ )
 {
+    char *tmpkt = NULL;
+    struct stat tstat;
+    char *ktname = NULL;
     krb5_error_code code;
     krb5_keytab kt = 0;
     krb5_keytab_entry entry[1];
@@ -719,10 +725,31 @@ get_credv5_akimpersonate(krb5_context context, char* keytab,
     if (allowed_enctypes == NULL)
         allowed_enctypes = any_enctype;
 
-    if (keytab != NULL)
-      code = krb5_kt_resolve(context, keytab, &kt);
-    else
-      code = krb5_kt_default(context, &kt);
+    if (keytab != NULL) {
+	tmpkt = strdup(keytab);
+	if (!tmpkt)
+	    code = ENOMEM;
+    } else {
+	tmpkt = malloc(256);
+	if (!tmpkt)
+	    code = ENOMEM;
+	else
+	    code = krb5_kt_default_name(context, tmpkt, 256);
+    }
+    if (code)
+	goto cleanup;
+
+    if (strncmp(tmpkt, "WRFILE:", 7) == 0)
+	ktname = &(tmpkt[7]);
+    else if (strncmp(tmpkt, "FILE:", 5) == 0)
+	ktname = &(tmpkt[5]);
+
+    if (ktname && (stat(ktname, &tstat) != 0)) {
+	code = KRB5_KT_NOTFOUND;
+	goto cleanup;
+    }
+
+    code = krb5_kt_resolve(context, tmpkt, &kt);
     if (code != 0)
         goto cleanup;
 
@@ -758,6 +785,8 @@ get_credv5_akimpersonate(krb5_context context, char* keytab,
     *out_creds = creds;
     creds = NULL;
 cleanup:
+    if (tmpkt)
+	free(tmpkt);
     if (deref_enc_data(&ticket_reply->enc_part) != NULL)
         free(deref_enc_data(&ticket_reply->enc_part));
     krb5_free_keytab_entry_contents(context, entry);
-- 
2.39.5