diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1997-06-27 06:59:59 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1997-06-27 06:59:59 +0000 |
commit | 428f9feab5345b6b730caa295ebb9f0e24fbe724 (patch) | |
tree | 92b93847c8954e8546bd10f8519e23089ca877da /usr.bin | |
parent | e32d5eb027ef6b337609625f570007d3df472677 (diff) |
fix up KRBTKFILE confusion; dm@ and traister@gate.net
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/su/su.c | 48 |
1 files changed, 27 insertions, 21 deletions
diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c index e4972cc0584..56001df9584 100644 --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -1,4 +1,4 @@ -/* $OpenBSD: su.c,v 1.27 1997/06/23 09:23:12 deraadt Exp $ */ +/* $OpenBSD: su.c,v 1.28 1997/06/27 06:59:58 deraadt Exp $ */ /* * Copyright (c) 1988 The Regents of the University of California. @@ -41,7 +41,7 @@ char copyright[] = #ifndef lint /*static char sccsid[] = "from: @(#)su.c 5.26 (Berkeley) 7/6/91";*/ -static char rcsid[] = "$OpenBSD: su.c,v 1.27 1997/06/23 09:23:12 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: su.c,v 1.28 1997/06/27 06:59:58 deraadt Exp $"; #endif /* not lint */ #include <sys/param.h> @@ -71,7 +71,9 @@ static char rcsid[] = "$OpenBSD: su.c,v 1.27 1997/06/23 09:23:12 deraadt Exp $"; #define ARGSTR "-Kflm" int use_kerberos = 1; -int got_ticket; +char krbtkfile[MAXPATHLEN]; +char lrealm[REALM_SZ]; +int ksettkfile(char *); #else #define ARGSTR "-flm" #endif @@ -93,9 +95,6 @@ main(argc, argv) enum { UNSET, YES, NO } iscsh = UNSET; char *user, *shell, *avshell, *username, **np; char shellbuf[MAXPATHLEN], avshellbuf[MAXPATHLEN]; -#ifdef KERBEROS - char *k; -#endif asme = asthem = fastlogin = 0; while ((ch = getopt(argc, argv, ARGSTR)) != -1) @@ -161,6 +160,11 @@ main(argc, argv) if ((user = strdup(pwd->pw_name)) == NULL) err(1, "can't allocate memory"); +#if KERBEROS + if (ksettkfile(user)) + use_kerberos = 0; +#endif + if (ruid) { #ifdef KERBEROS if (!use_kerberos || kerberos(username, user, pwd->pw_uid)) @@ -238,18 +242,11 @@ badlogin: if (!asme) { if (asthem) { p = getenv("TERM"); -#ifdef KERBEROS - k = getenv("KRBTKFILE"); -#endif if ((environ = calloc(1, sizeof (char *))) == NULL) errx(1, "calloc"); (void)setenv("PATH", _PATH_DEFPATH, 1); if (p) (void)setenv("TERM", p, 1); -#ifdef KERBEROS - if (k && got_ticket) - (void)setenv("KRBTKFILE", k, 1); -#endif seteuid(pwd->pw_uid); setegid(pwd->pw_gid); @@ -266,6 +263,11 @@ badlogin: (void)setenv("SHELL", shell, 1); } +#ifdef KERBEROS + if (*krbtkfile) + (void)setenv("KRBTKFILE", krbtkfile, 1); +#endif + if (iscsh == YES) { if (fastlogin) *np-- = "-f"; @@ -333,21 +335,15 @@ kerberos(username, user, uid) register char *p; int kerno; in_addr_t faddr; - char lrealm[REALM_SZ], krbtkfile[MAXPATHLEN]; char hostname[MAXHOSTNAMELEN], savehost[MAXHOSTNAMELEN]; char *ontty(), *krb_get_phost(); - if (krb_get_lrealm(lrealm, 1) != KSUCCESS) - return (1); if (koktologin(username, lrealm, user) && !uid) { (void)fprintf(stderr, "kerberos su: not in %s's ACL.\n", user); return (1); } - (void)snprintf(krbtkfile, sizeof(krbtkfile), "%s_%s_%u", TKT_ROOT, - user, getuid()); - - (void)setenv("KRBTKFILE", krbtkfile, 1); (void)krb_set_tkt_string(krbtkfile); + /* * Set real as well as effective ID to 0 for the moment, * to make the kerberos library do the right thing. @@ -435,7 +431,6 @@ kerberos(username, user, uid) return (1); } } - got_ticket = 1; return (0); } @@ -460,4 +455,15 @@ koktologin(name, realm, toname) return (kuserok(kdata, toname)); } + +int +ksettkfile(user) + char *user; +{ + if (krb_get_lrealm(lrealm, 1) != KSUCCESS) + return (1); + (void)snprintf(krbtkfile, sizeof(krbtkfile), "%s_%s_%u", TKT_ROOT, + user, getuid()); + return (0); +} #endif |