diff options
author | Bjorn Sandell <biorn@cvs.openbsd.org> | 2006-01-22 06:04:29 +0000 |
---|---|---|
committer | Bjorn Sandell <biorn@cvs.openbsd.org> | 2006-01-22 06:04:29 +0000 |
commit | 27083ed6d6c3fb986af2909eb3993565b8502b84 (patch) | |
tree | 14fcc2870c1ed9685793ad4f3787eda0c6bc2868 | |
parent | ae39834e967e79a1c98550cc90226342112cebf2 (diff) |
- drop privs before running krb5 code
- avoid calling krb5_get_init_creds_password(3) with principal == NULL
- try to change the kerberos password if there is a ticket file
help from millert@, ok beck@
-rw-r--r-- | usr.bin/passwd/krb5_passwd.c | 17 | ||||
-rw-r--r-- | usr.bin/passwd/passwd.c | 25 |
2 files changed, 32 insertions, 10 deletions
diff --git a/usr.bin/passwd/krb5_passwd.c b/usr.bin/passwd/krb5_passwd.c index af83baa73a1..2f608c28ae9 100644 --- a/usr.bin/passwd/krb5_passwd.c +++ b/usr.bin/passwd/krb5_passwd.c @@ -65,6 +65,12 @@ krb5_passwd(int argc, char **argv) char pwbuf[BUFSIZ]; krb5_creds cred; int result_code; + uid_t uid; + + uid = getuid(); + if (setresuid(uid, uid, uid)) { + errx(1, "can't drop privileges\n"); + } krb5_get_init_creds_opt_init (&opt); @@ -78,10 +84,13 @@ krb5_passwd(int argc, char **argv) if (argv[0]) { ret = krb5_parse_name(context, argv[0], &principal); - if (ret) - krb5_err(context, 1, ret, "krb5_parse_name"); - } else - principal = NULL; + if (ret) + krb5_err(context, 1, ret, "krb5_parse_name"); + } else { + ret = krb5_get_default_principal (context, &principal); + if (ret) + krb5_err (context, 1, ret, "krb5_get_default_principal"); + } ret = krb5_get_init_creds_password (context, &cred, principal, NULL, krb5_prompter_posix, NULL, 0, diff --git a/usr.bin/passwd/passwd.c b/usr.bin/passwd/passwd.c index 896002a0b75..fae31c3e260 100644 --- a/usr.bin/passwd/passwd.c +++ b/usr.bin/passwd/passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: passwd.c,v 1.22 2005/12/18 12:29:26 biorn Exp $ */ +/* $OpenBSD: passwd.c,v 1.23 2006/01/22 06:04:28 biorn Exp $ */ /* * Copyright (c) 1988 The Regents of the University of California. @@ -37,7 +37,7 @@ char copyright[] = #ifndef lint /*static const char sccsid[] = "from: @(#)passwd.c 5.5 (Berkeley) 7/6/91";*/ -static const char rcsid[] = "$OpenBSD: passwd.c,v 1.22 2005/12/18 12:29:26 biorn Exp $"; +static const char rcsid[] = "$OpenBSD: passwd.c,v 1.23 2006/01/22 06:04:28 biorn Exp $"; #endif /* not lint */ #include <stdio.h> @@ -47,6 +47,10 @@ static const char rcsid[] = "$OpenBSD: passwd.c,v 1.22 2005/12/18 12:29:26 biorn #include <err.h> #include <rpcsvc/ypclnt.h> +#if defined(KRB5) +#include <sys/stat.h> +#endif + /* * Note on configuration: * Generally one would not use both Kerberos and YP @@ -76,11 +80,16 @@ main(int argc, char **argv) #ifdef YP int status = 0; #endif +#if defined(KRB5) + char *ccfile; + struct stat sb; -#if defined(KERBEROS5) - extern char realm[]; + if (!(ccfile = getenv("KRB5CCNAME"))) + if (asprintf(&ccfile, "/tmp/krb5cc_%u", (unsigned)getuid()) == + -1) + errx(1, "out of memory"); - if (krb_get_lrealm(realm,1) == KSUCCESS) + if ((stat(ccfile, &sb) == 0) && (sb.st_uid == getuid())) use_kerberos = 1; #endif #ifdef YP @@ -101,7 +110,7 @@ main(int argc, char **argv) use_yp = 0; break; case 'K': -#ifdef KRB5 +#if defined(KRB5) /* Skip programname and '-K' option */ argc -= 2; argv += 2; @@ -147,6 +156,10 @@ main(int argc, char **argv) usage(1); } +#if defined(KRB5) + if (use_kerberos) + exit(krb5_passwd(argc, argv)); +#endif #ifdef YP if (force_yp || ((status = local_passwd(username, 0)) && use_yp)) exit(yp_passwd(username)); |