diff options
author | dm <dm@cvs.openbsd.org> | 1997-01-27 20:44:17 +0000 |
---|---|---|
committer | dm <dm@cvs.openbsd.org> | 1997-01-27 20:44:17 +0000 |
commit | 0496f8bac5be6f7abc63054681532bf3e7de62b7 (patch) | |
tree | 30dc800325e8c52797d9553560238d54e554b75d | |
parent | 4877d47f7b5b3a6500cb143ee6a3910545d4b596 (diff) |
security
-rw-r--r-- | kerberosIV/krb/in_tkt.c | 2 | ||||
-rw-r--r-- | usr.bin/login/klogin.c | 17 | ||||
-rw-r--r-- | usr.bin/login/login.c | 8 |
3 files changed, 18 insertions, 9 deletions
diff --git a/kerberosIV/krb/in_tkt.c b/kerberosIV/krb/in_tkt.c index 21c841e164f..0bb8926c209 100644 --- a/kerberosIV/krb/in_tkt.c +++ b/kerberosIV/krb/in_tkt.c @@ -100,7 +100,7 @@ in_tkt(pname, pinst) if (krb_debug) printf("swapped UID's %d and %d\n",(int)metoo,(int)me); } - if ((tktfile = creat(file,0600)) < 0) { + if ((tktfile = open (file,O_CREAT|O_EXCL|O_WRONLY,0600)) < 0) { if (krb_debug) fprintf(stderr,"Error initializing %s",TKT_FILE); return(KFAILURE); diff --git a/usr.bin/login/klogin.c b/usr.bin/login/klogin.c index 893e745e007..aef17616ef8 100644 --- a/usr.bin/login/klogin.c +++ b/usr.bin/login/klogin.c @@ -1,4 +1,4 @@ -/* $OpenBSD: klogin.c,v 1.3 1996/06/26 05:36:00 deraadt Exp $ */ +/* $OpenBSD: klogin.c,v 1.4 1997/01/27 20:44:16 dm Exp $ */ /* $NetBSD: klogin.c,v 1.7 1996/05/21 22:07:04 mrg Exp $ */ /*- @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)klogin.c 8.3 (Berkeley) 4/2/94"; #endif -static char rcsid[] = "$OpenBSD: klogin.c,v 1.3 1996/06/26 05:36:00 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: klogin.c,v 1.4 1997/01/27 20:44:16 dm Exp $"; #endif /* not lint */ #ifdef KERBEROS @@ -97,15 +97,18 @@ klogin(pw, instance, localhost, password) #endif /* - * Root logins don't use Kerberos. + * Root logins don't use Kerberos (or at least shouldn't be + * sending kerberos passwords around in cleartext), so don't + * allow any root logins here (keeping in mind that we only + * get here with a password). + * * If we have a realm, try getting a ticket-granting ticket * and using it to authenticate. Otherwise, return * failure so that we can try the normal passwd file * for a password. If that's ok, log the user in * without issuing any tickets. */ - if (strcmp(pw->pw_name, "root") == 0 || - krb_get_lrealm(realm, 0) != KSUCCESS) + if (pw->pw_uid == 0 || krb_get_lrealm(realm, 0) != KSUCCESS) return (1); /* @@ -178,7 +181,9 @@ klogin(pw, instance, localhost, password) dest_tkt(); return (1); } - return (0); + /* Otherwise, leave ticket around, but make sure + * password matches the Unix password. */ + return (1); } if (kerror != KSUCCESS) { diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c index e64d6003472..59f556a9b8a 100644 --- a/usr.bin/login/login.c +++ b/usr.bin/login/login.c @@ -1,4 +1,4 @@ -/* $OpenBSD: login.c,v 1.16 1997/01/15 23:43:03 millert Exp $ */ +/* $OpenBSD: login.c,v 1.17 1997/01/27 20:44:14 dm Exp $ */ /* $NetBSD: login.c,v 1.13 1996/05/15 23:50:16 jtc Exp $ */ /*- @@ -44,7 +44,7 @@ static char copyright[] = #if 0 static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94"; #endif -static char rcsid[] = "$OpenBSD: login.c,v 1.16 1997/01/15 23:43:03 millert Exp $"; +static char rcsid[] = "$OpenBSD: login.c,v 1.17 1997/01/27 20:44:14 dm Exp $"; #endif /* not lint */ /* @@ -221,6 +221,9 @@ main(argc, argv) getloginname(); } rootlogin = 0; +#if 1 /* Why should anyone with a root instance be able to be root here? */ + instance = ""; +#else #ifdef KERBEROS if ((instance = strchr(username, '.')) != NULL) { if (strncmp(instance, ".root", 5) == 0) @@ -237,6 +240,7 @@ main(argc, argv) } else instance = ""; #endif +#endif if (strlen(username) > UT_NAMESIZE) username[UT_NAMESIZE] = '\0'; |