summaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>1997-06-27 06:59:59 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>1997-06-27 06:59:59 +0000
commit428f9feab5345b6b730caa295ebb9f0e24fbe724 (patch)
tree92b93847c8954e8546bd10f8519e23089ca877da /usr.bin
parente32d5eb027ef6b337609625f570007d3df472677 (diff)
fix up KRBTKFILE confusion; dm@ and traister@gate.net
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/su/su.c48
1 files changed, 27 insertions, 21 deletions
diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c
index e4972cc0584..56001df9584 100644
--- a/usr.bin/su/su.c
+++ b/usr.bin/su/su.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: su.c,v 1.27 1997/06/23 09:23:12 deraadt Exp $ */
+/* $OpenBSD: su.c,v 1.28 1997/06/27 06:59:58 deraadt Exp $ */
/*
* Copyright (c) 1988 The Regents of the University of California.
@@ -41,7 +41,7 @@ char copyright[] =
#ifndef lint
/*static char sccsid[] = "from: @(#)su.c 5.26 (Berkeley) 7/6/91";*/
-static char rcsid[] = "$OpenBSD: su.c,v 1.27 1997/06/23 09:23:12 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: su.c,v 1.28 1997/06/27 06:59:58 deraadt Exp $";
#endif /* not lint */
#include <sys/param.h>
@@ -71,7 +71,9 @@ static char rcsid[] = "$OpenBSD: su.c,v 1.27 1997/06/23 09:23:12 deraadt Exp $";
#define ARGSTR "-Kflm"
int use_kerberos = 1;
-int got_ticket;
+char krbtkfile[MAXPATHLEN];
+char lrealm[REALM_SZ];
+int ksettkfile(char *);
#else
#define ARGSTR "-flm"
#endif
@@ -93,9 +95,6 @@ main(argc, argv)
enum { UNSET, YES, NO } iscsh = UNSET;
char *user, *shell, *avshell, *username, **np;
char shellbuf[MAXPATHLEN], avshellbuf[MAXPATHLEN];
-#ifdef KERBEROS
- char *k;
-#endif
asme = asthem = fastlogin = 0;
while ((ch = getopt(argc, argv, ARGSTR)) != -1)
@@ -161,6 +160,11 @@ main(argc, argv)
if ((user = strdup(pwd->pw_name)) == NULL)
err(1, "can't allocate memory");
+#if KERBEROS
+ if (ksettkfile(user))
+ use_kerberos = 0;
+#endif
+
if (ruid) {
#ifdef KERBEROS
if (!use_kerberos || kerberos(username, user, pwd->pw_uid))
@@ -238,18 +242,11 @@ badlogin:
if (!asme) {
if (asthem) {
p = getenv("TERM");
-#ifdef KERBEROS
- k = getenv("KRBTKFILE");
-#endif
if ((environ = calloc(1, sizeof (char *))) == NULL)
errx(1, "calloc");
(void)setenv("PATH", _PATH_DEFPATH, 1);
if (p)
(void)setenv("TERM", p, 1);
-#ifdef KERBEROS
- if (k && got_ticket)
- (void)setenv("KRBTKFILE", k, 1);
-#endif
seteuid(pwd->pw_uid);
setegid(pwd->pw_gid);
@@ -266,6 +263,11 @@ badlogin:
(void)setenv("SHELL", shell, 1);
}
+#ifdef KERBEROS
+ if (*krbtkfile)
+ (void)setenv("KRBTKFILE", krbtkfile, 1);
+#endif
+
if (iscsh == YES) {
if (fastlogin)
*np-- = "-f";
@@ -333,21 +335,15 @@ kerberos(username, user, uid)
register char *p;
int kerno;
in_addr_t faddr;
- char lrealm[REALM_SZ], krbtkfile[MAXPATHLEN];
char hostname[MAXHOSTNAMELEN], savehost[MAXHOSTNAMELEN];
char *ontty(), *krb_get_phost();
- if (krb_get_lrealm(lrealm, 1) != KSUCCESS)
- return (1);
if (koktologin(username, lrealm, user) && !uid) {
(void)fprintf(stderr, "kerberos su: not in %s's ACL.\n", user);
return (1);
}
- (void)snprintf(krbtkfile, sizeof(krbtkfile), "%s_%s_%u", TKT_ROOT,
- user, getuid());
-
- (void)setenv("KRBTKFILE", krbtkfile, 1);
(void)krb_set_tkt_string(krbtkfile);
+
/*
* Set real as well as effective ID to 0 for the moment,
* to make the kerberos library do the right thing.
@@ -435,7 +431,6 @@ kerberos(username, user, uid)
return (1);
}
}
- got_ticket = 1;
return (0);
}
@@ -460,4 +455,15 @@ koktologin(name, realm, toname)
return (kuserok(kdata, toname));
}
+
+int
+ksettkfile(user)
+ char *user;
+{
+ if (krb_get_lrealm(lrealm, 1) != KSUCCESS)
+ return (1);
+ (void)snprintf(krbtkfile, sizeof(krbtkfile), "%s_%s_%u", TKT_ROOT,
+ user, getuid());
+ return (0);
+}
#endif