summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordm <dm@cvs.openbsd.org>1997-01-27 20:44:17 +0000
committerdm <dm@cvs.openbsd.org>1997-01-27 20:44:17 +0000
commit0496f8bac5be6f7abc63054681532bf3e7de62b7 (patch)
tree30dc800325e8c52797d9553560238d54e554b75d
parent4877d47f7b5b3a6500cb143ee6a3910545d4b596 (diff)
security
-rw-r--r--kerberosIV/krb/in_tkt.c2
-rw-r--r--usr.bin/login/klogin.c17
-rw-r--r--usr.bin/login/login.c8
3 files changed, 18 insertions, 9 deletions
diff --git a/kerberosIV/krb/in_tkt.c b/kerberosIV/krb/in_tkt.c
index 21c841e164f..0bb8926c209 100644
--- a/kerberosIV/krb/in_tkt.c
+++ b/kerberosIV/krb/in_tkt.c
@@ -100,7 +100,7 @@ in_tkt(pname, pinst)
if (krb_debug)
printf("swapped UID's %d and %d\n",(int)metoo,(int)me);
}
- if ((tktfile = creat(file,0600)) < 0) {
+ if ((tktfile = open (file,O_CREAT|O_EXCL|O_WRONLY,0600)) < 0) {
if (krb_debug)
fprintf(stderr,"Error initializing %s",TKT_FILE);
return(KFAILURE);
diff --git a/usr.bin/login/klogin.c b/usr.bin/login/klogin.c
index 893e745e007..aef17616ef8 100644
--- a/usr.bin/login/klogin.c
+++ b/usr.bin/login/klogin.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: klogin.c,v 1.3 1996/06/26 05:36:00 deraadt Exp $ */
+/* $OpenBSD: klogin.c,v 1.4 1997/01/27 20:44:16 dm Exp $ */
/* $NetBSD: klogin.c,v 1.7 1996/05/21 22:07:04 mrg Exp $ */
/*-
@@ -38,7 +38,7 @@
#if 0
static char sccsid[] = "@(#)klogin.c 8.3 (Berkeley) 4/2/94";
#endif
-static char rcsid[] = "$OpenBSD: klogin.c,v 1.3 1996/06/26 05:36:00 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: klogin.c,v 1.4 1997/01/27 20:44:16 dm Exp $";
#endif /* not lint */
#ifdef KERBEROS
@@ -97,15 +97,18 @@ klogin(pw, instance, localhost, password)
#endif
/*
- * Root logins don't use Kerberos.
+ * Root logins don't use Kerberos (or at least shouldn't be
+ * sending kerberos passwords around in cleartext), so don't
+ * allow any root logins here (keeping in mind that we only
+ * get here with a password).
+ *
* If we have a realm, try getting a ticket-granting ticket
* and using it to authenticate. Otherwise, return
* failure so that we can try the normal passwd file
* for a password. If that's ok, log the user in
* without issuing any tickets.
*/
- if (strcmp(pw->pw_name, "root") == 0 ||
- krb_get_lrealm(realm, 0) != KSUCCESS)
+ if (pw->pw_uid == 0 || krb_get_lrealm(realm, 0) != KSUCCESS)
return (1);
/*
@@ -178,7 +181,9 @@ klogin(pw, instance, localhost, password)
dest_tkt();
return (1);
}
- return (0);
+ /* Otherwise, leave ticket around, but make sure
+ * password matches the Unix password. */
+ return (1);
}
if (kerror != KSUCCESS) {
diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c
index e64d6003472..59f556a9b8a 100644
--- a/usr.bin/login/login.c
+++ b/usr.bin/login/login.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: login.c,v 1.16 1997/01/15 23:43:03 millert Exp $ */
+/* $OpenBSD: login.c,v 1.17 1997/01/27 20:44:14 dm Exp $ */
/* $NetBSD: login.c,v 1.13 1996/05/15 23:50:16 jtc Exp $ */
/*-
@@ -44,7 +44,7 @@ static char copyright[] =
#if 0
static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94";
#endif
-static char rcsid[] = "$OpenBSD: login.c,v 1.16 1997/01/15 23:43:03 millert Exp $";
+static char rcsid[] = "$OpenBSD: login.c,v 1.17 1997/01/27 20:44:14 dm Exp $";
#endif /* not lint */
/*
@@ -221,6 +221,9 @@ main(argc, argv)
getloginname();
}
rootlogin = 0;
+#if 1 /* Why should anyone with a root instance be able to be root here? */
+ instance = "";
+#else
#ifdef KERBEROS
if ((instance = strchr(username, '.')) != NULL) {
if (strncmp(instance, ".root", 5) == 0)
@@ -237,6 +240,7 @@ main(argc, argv)
} else
instance = "";
#endif
+#endif
if (strlen(username) > UT_NAMESIZE)
username[UT_NAMESIZE] = '\0';