summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBjorn Sandell <biorn@cvs.openbsd.org>2006-01-22 06:04:29 +0000
committerBjorn Sandell <biorn@cvs.openbsd.org>2006-01-22 06:04:29 +0000
commit27083ed6d6c3fb986af2909eb3993565b8502b84 (patch)
tree14fcc2870c1ed9685793ad4f3787eda0c6bc2868
parentae39834e967e79a1c98550cc90226342112cebf2 (diff)
- drop privs before running krb5 code
- avoid calling krb5_get_init_creds_password(3) with principal == NULL - try to change the kerberos password if there is a ticket file help from millert@, ok beck@
-rw-r--r--usr.bin/passwd/krb5_passwd.c17
-rw-r--r--usr.bin/passwd/passwd.c25
2 files changed, 32 insertions, 10 deletions
diff --git a/usr.bin/passwd/krb5_passwd.c b/usr.bin/passwd/krb5_passwd.c
index af83baa73a1..2f608c28ae9 100644
--- a/usr.bin/passwd/krb5_passwd.c
+++ b/usr.bin/passwd/krb5_passwd.c
@@ -65,6 +65,12 @@ krb5_passwd(int argc, char **argv)
char pwbuf[BUFSIZ];
krb5_creds cred;
int result_code;
+ uid_t uid;
+
+ uid = getuid();
+ if (setresuid(uid, uid, uid)) {
+ errx(1, "can't drop privileges\n");
+ }
krb5_get_init_creds_opt_init (&opt);
@@ -78,10 +84,13 @@ krb5_passwd(int argc, char **argv)
if (argv[0]) {
ret = krb5_parse_name(context, argv[0], &principal);
- if (ret)
- krb5_err(context, 1, ret, "krb5_parse_name");
- } else
- principal = NULL;
+ if (ret)
+ krb5_err(context, 1, ret, "krb5_parse_name");
+ } else {
+ ret = krb5_get_default_principal (context, &principal);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_get_default_principal");
+ }
ret = krb5_get_init_creds_password (context, &cred,
principal, NULL, krb5_prompter_posix, NULL, 0,
diff --git a/usr.bin/passwd/passwd.c b/usr.bin/passwd/passwd.c
index 896002a0b75..fae31c3e260 100644
--- a/usr.bin/passwd/passwd.c
+++ b/usr.bin/passwd/passwd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: passwd.c,v 1.22 2005/12/18 12:29:26 biorn Exp $ */
+/* $OpenBSD: passwd.c,v 1.23 2006/01/22 06:04:28 biorn Exp $ */
/*
* Copyright (c) 1988 The Regents of the University of California.
@@ -37,7 +37,7 @@ char copyright[] =
#ifndef lint
/*static const char sccsid[] = "from: @(#)passwd.c 5.5 (Berkeley) 7/6/91";*/
-static const char rcsid[] = "$OpenBSD: passwd.c,v 1.22 2005/12/18 12:29:26 biorn Exp $";
+static const char rcsid[] = "$OpenBSD: passwd.c,v 1.23 2006/01/22 06:04:28 biorn Exp $";
#endif /* not lint */
#include <stdio.h>
@@ -47,6 +47,10 @@ static const char rcsid[] = "$OpenBSD: passwd.c,v 1.22 2005/12/18 12:29:26 biorn
#include <err.h>
#include <rpcsvc/ypclnt.h>
+#if defined(KRB5)
+#include <sys/stat.h>
+#endif
+
/*
* Note on configuration:
* Generally one would not use both Kerberos and YP
@@ -76,11 +80,16 @@ main(int argc, char **argv)
#ifdef YP
int status = 0;
#endif
+#if defined(KRB5)
+ char *ccfile;
+ struct stat sb;
-#if defined(KERBEROS5)
- extern char realm[];
+ if (!(ccfile = getenv("KRB5CCNAME")))
+ if (asprintf(&ccfile, "/tmp/krb5cc_%u", (unsigned)getuid()) ==
+ -1)
+ errx(1, "out of memory");
- if (krb_get_lrealm(realm,1) == KSUCCESS)
+ if ((stat(ccfile, &sb) == 0) && (sb.st_uid == getuid()))
use_kerberos = 1;
#endif
#ifdef YP
@@ -101,7 +110,7 @@ main(int argc, char **argv)
use_yp = 0;
break;
case 'K':
-#ifdef KRB5
+#if defined(KRB5)
/* Skip programname and '-K' option */
argc -= 2;
argv += 2;
@@ -147,6 +156,10 @@ main(int argc, char **argv)
usage(1);
}
+#if defined(KRB5)
+ if (use_kerberos)
+ exit(krb5_passwd(argc, argv));
+#endif
#ifdef YP
if (force_yp || ((status = local_passwd(username, 0)) && use_yp))
exit(yp_passwd(username));