Use roken_get_*() instead of getpwuuid()

Using non-reentrant getpwuid() (or getpwnam(), or getspnam())  can be
dangerous.  We had a report of a login application / PAM that calls
those, and Heimdal, by calling them too, clobbered the cached struct
passwd used by the login app / PAM.

lib/hx509/softp11.c

@@ -819,45 +819,25 @@ static char *
 get_config_file_for_user(void)
 {
     char *fn;
-
-#ifndef _WIN32
-    char *home;
     int ret;
 
     fn = secure_getenv("SOFTPKCS11RC");
     if (fn)
         fn = strdup(fn);
-    home = secure_getenv("HOME");
-    if (fn == NULL && home == NULL) {
-        struct passwd *pw = getpwuid(getuid());
-        if(pw != NULL)
-            home = pw->pw_dir;
-    }
     if (fn == NULL) {
+        char homebuf[MAX_PATH];
+        const char *home = roken_get_appdatadir(homebuf, sizeof(homebuf));
+
         if (home) {
             ret = asprintf(&fn, "%s/.soft-token.rc", home);
 	    if (ret == -1)
 		fn = NULL;
-        } else
+        } else {
+#ifndef WIN32
             fn = strdup("/etc/soft-token.rc");
+#endif
+        }
     }
-#else  /* Windows */
-
-    char appdatafolder[MAX_PATH];
-
-    fn = getenv("SOFTPKCS11RC");
-
-    /* Retrieve the roaming AppData folder for the current user.  The
-       current user is the user account represented by the current
-       thread token. */
-
-    if (fn == NULL &&
-        SUCCEEDED(SHGetFolderPath(NULL, CSIDL_APPDATA, NULL, SHGFP_TYPE_CURRENT, appdatafolder))) {
-
-        asprintf(&fn, "%s\\.soft-token.rc", appdatafolder);
-    }
-
-#endif  /* _WIN32 */
 
     return fn;
 }

lib/krb5/config_file.c

@@ -569,6 +569,7 @@ krb5_config_parse_file_multi (krb5_context context,
     if (ISTILDE(fname[0]) && ISPATHSEP(fname[1])) {
 #ifndef KRB5_USE_PATH_TOKENS
 	const char *home = NULL;
+        char homebuf[MAX_PATH];
 
 	if (!_krb5_homedir_access(context)) {
             context->config_include_depth--;
@@ -577,12 +578,7 @@ krb5_config_parse_file_multi (krb5_context context,
 	    return EPERM;
 	}
 
-        home = secure_getenv("HOME");
-	if (home == NULL) {
-	    struct passwd *pw = getpwuid(getuid());
-	    if(pw != NULL)
-		home = pw->pw_dir;
-	}
+        home = roken_get_appdatadir(homebuf, sizeof(homebuf));
 	if (home) {
 	    int aret;
 

lib/krb5/get_default_principal.c

@@ -37,113 +37,37 @@
  * Try to find out what's a reasonable default principal.
  */
 
-static const char*
-get_env_user(void)
-{
-    const char *user = getenv("USER");
-    if(user == NULL)
-	user = getenv("LOGNAME");
-    if(user == NULL)
-	user = getenv("USERNAME");
-    return user;
-}
-
-#ifndef _WIN32
-
-/*
- * Will only use operating-system dependant operation to get the
- * default principal, for use of functions that in ccache layer to
- * avoid recursive calls.
- */
-
 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
 _krb5_get_default_principal_local (krb5_context context,
 				   krb5_principal *princ)
 {
-    krb5_error_code ret;
     const char *user;
-    uid_t uid;
+    const char *second_component = NULL;
+    char userbuf[128];
 
     *princ = NULL;
 
-    uid = getuid();
-    if(uid == 0) {
-	user = getlogin();
-	if(user == NULL)
-	    user = get_env_user();
-	if(user != NULL && strcmp(user, "root") != 0)
-	    ret = krb5_make_principal(context, princ, NULL, user, "root", NULL);
-	else
-	    ret = krb5_make_principal(context, princ, NULL, "root", NULL);
-    } else {
-	struct passwd *pw = getpwuid(uid);
-	if(pw != NULL)
-	    user = pw->pw_name;
-	else {
-	    user = get_env_user();
-	    if(user == NULL)
-		user = getlogin();
-	}
-	if(user == NULL) {
-	    krb5_set_error_message(context, ENOTTY,
-				   N_("unable to figure out current "
-				      "principal", ""));
-	    return ENOTTY; /* XXX */
-	}
-	ret = krb5_make_principal(context, princ, NULL, user, NULL);
+    /*
+     * NOTE: We depend on roken_get_username() preferentially using
+     *       getlogin_r() first when !issuid() && getuid() == 0, otherwise we
+     *       won't figure out to output <username>/root@DEFAULT_REALM.
+     */
+    user = roken_get_username(userbuf, sizeof(userbuf));
+    if (user == NULL) {
+        krb5_set_error_message(context, ENOTTY,
+                               N_("unable to figure out current principal",
+                                  ""));
+        return ENOTTY; /* XXX */
     }
-    return ret;
+
+#ifndef WIN32
+    if (!issuid() && getuid() == 0 && strcmp(user, "root") != 0)
+        second_component = "root"; /* We'll use <user>/root */
+#endif;
+    return krb5_make_principal(context, princ, NULL, user,
+                               second_component, NULL);
 }
 
-#else  /* _WIN32 */
-
-#define SECURITY_WIN32
-#include <security.h>
-
-KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
-_krb5_get_default_principal_local(krb5_context context,
-				  krb5_principal *princ)
-{
-    /* See if we can get the principal first.  We only expect this to
-       work if logged into a domain. */
-    {
-	char username[1024];
-	ULONG sz = sizeof(username);
-
-	if (GetUserNameEx(NameUserPrincipal, username, &sz)) {
-	    return krb5_parse_name_flags(context, username,
-					 KRB5_PRINCIPAL_PARSE_ENTERPRISE,
-					 princ);
-	}
-    }
-
-    /* Just get the Windows username.  This should pretty much always
-       work. */
-    {
-	char username[1024];
-	DWORD dsz = sizeof(username);
-
-	if (GetUserName(username, &dsz)) {
-	    return krb5_make_principal(context, princ, NULL, username, NULL);
-	}
-    }
-
-    /* Failing that, we look at the environment */
-    {
-	const char * username = get_env_user();
-
-	if (username == NULL) {
-	    krb5_set_error_string(context,
-				  "unable to figure out current principal");
-	    return ENOTTY;	/* Really? */
-	}
-
-	return krb5_make_principal(context, princ, NULL, username, NULL);
-    }
-}
-
-#endif
-
 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
 krb5_get_default_principal (krb5_context context,
 			    krb5_principal *princ)