summaryrefslogtreecommitdiff
path: root/libexec
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>2002-11-21 22:00:51 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>2002-11-21 22:00:51 +0000
commit91aa949ed30790c04068d96e09ed27c5fd8bbd22 (patch)
treefa0236393efd8fb6f80ddfddff2a66c79dd9910e /libexec
parent2386d041ffdf7328f29f13e26f6e934109cae29e (diff)
Add a new group, "tokenadm" and make login_token setgid tokenadm instead
of setuid root. deraadt@ OK
Diffstat (limited to 'libexec')
-rw-r--r--libexec/login_token/Makefile6
-rw-r--r--libexec/login_token/tokendb.c28
-rw-r--r--libexec/login_token/tokendb.h4
3 files changed, 28 insertions, 10 deletions
diff --git a/libexec/login_token/Makefile b/libexec/login_token/Makefile
index 713bbbc6a27..6e372bb4700 100644
--- a/libexec/login_token/Makefile
+++ b/libexec/login_token/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.2 2002/03/11 11:47:51 mpech Exp $
+# $OpenBSD: Makefile,v 1.3 2002/11/21 22:00:49 millert Exp $
PROG= login_token
SRCS= login_token.c init.c token.c tokendb.c
@@ -20,8 +20,8 @@ afterinstall:
done
BINOWN= root
-BINGRP= auth
-BINMODE=4555
+BINGRP= tokenadm
+BINMODE=2555
BINDIR= /usr/libexec/auth
.include <bsd.prog.mk>
diff --git a/libexec/login_token/tokendb.c b/libexec/login_token/tokendb.c
index 75f0f46c06f..3d6e4cd5b64 100644
--- a/libexec/login_token/tokendb.c
+++ b/libexec/login_token/tokendb.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tokendb.c,v 1.4 2002/06/23 03:11:09 deraadt Exp $ */
+/* $OpenBSD: tokendb.c,v 1.5 2002/11/21 22:00:49 millert Exp $ */
/*-
* Copyright (c) 1995 Migration Associates Corp. All Rights Reserved
@@ -44,6 +44,7 @@
#include <db.h>
#include <errno.h>
#include <fcntl.h>
+#include <grp.h>
#include <limits.h>
#include <stdio.h>
#include <syslog.h>
@@ -164,14 +165,26 @@ static int
tokendb_open(void)
{
int must_set_perms = 0;
+ int must_set_mode = 0;
+ struct group *grp;
struct stat statb;
+ if ((grp = getgrnam(TOKEN_GROUP)) == NULL) {
+ printf("Missing %s group, authentication disabled\n",
+ TOKEN_GROUP);
+ fflush(stdout);
+ syslog(LOG_ALERT,
+ "the %s group is missing, token authentication disabled",
+ TOKEN_GROUP);
+ return (-1);
+ }
+
if (stat(tt->db, &statb) < 0) {
if (errno != ENOENT)
return (-1);
must_set_perms++;
} else {
- if (statb.st_uid != 0 || statb.st_gid != 0) {
+ if (statb.st_uid != 0 || statb.st_gid != grp->gr_gid) {
#ifdef PARANOID
printf("Authentication disabled\n");
fflush(stdout);
@@ -183,7 +196,7 @@ tokendb_open(void)
must_set_perms++;
#endif
}
- if ((statb.st_mode & 0777) != 0600) {
+ if ((statb.st_mode & 0777) != 0620) {
#ifdef PARANOID
printf("Authentication disabled\n");
fflush(stdout);
@@ -192,21 +205,24 @@ tokendb_open(void)
tt->db, statb.st_mode);
return (-1);
#else
- must_set_perms++;
+ must_set_mode++;
#endif
}
}
if (!(tokendb =
- dbopen(tt->db, O_CREAT | O_RDWR, 0600, DB_BTREE, 0)) )
+ dbopen(tt->db, O_CREAT | O_RDWR, 0620, DB_BTREE, 0)) )
return (-1);
if (flock((tokendb->fd)(tokendb), LOCK_SH)) {
(tokendb->close)(tokendb);
return (-1);
}
- if (must_set_perms && chown(tt->db, 0, 0))
+ if (must_set_perms && fchown((tokendb->fd)(tokendb), 0, grp->gr_gid))
syslog(LOG_INFO,
"Can't set owner/group of %s errno=%m", tt->db);
+ if (must_set_mode && fchmod((tokendb->fd)(tokendb), 0620))
+ syslog(LOG_INFO,
+ "Can't set mode of %s errno=%m", tt->db);
return (0);
}
diff --git a/libexec/login_token/tokendb.h b/libexec/login_token/tokendb.h
index 9479ff6de7b..d5bb6efb119 100644
--- a/libexec/login_token/tokendb.h
+++ b/libexec/login_token/tokendb.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tokendb.h,v 1.2 2000/12/20 01:52:12 millert Exp $ */
+/* $OpenBSD: tokendb.h,v 1.3 2002/11/21 22:00:50 millert Exp $ */
/*-
* Copyright (c) 1995 Migration Associates Corp. All Rights Reserved
@@ -65,6 +65,8 @@ typedef struct {
#define TOKEN_PHONEMODE 0x4 /* allow phone book results */
#define TOKEN_RIM 0x8 /* reduced imput mode */
+#define TOKEN_GROUP "tokenadm" /* group that owns token database */
+
/*
* Function prototypes for routines which manipulate the
* database for the token. These routines have no knowledge