- drop privs before running krb5 code

- avoid calling krb5_get_init_creds_password(3) with principal == NULL
- try to change the kerberos password if there is a ticket file

help from millert@, ok beck@

2 files changed, 32 insertions, 10 deletions

diff --git a/usr.bin/passwd/krb5_passwd.c b/usr.bin/passwd/krb5_passwd.c
index af83baa73a1..2f608c28ae9 100644
--- a/usr.bin/passwd/krb5_passwd.c
+++ b/usr.bin/passwd/krb5_passwd.c
@@ -65,6 +65,12 @@ krb5_passwd(int argc, char **argv)
 	char pwbuf[BUFSIZ];
 	krb5_creds cred;
 	int result_code;
+	uid_t uid;
+
+	uid = getuid();
+	if (setresuid(uid, uid, uid)) {
+		errx(1, "can't drop privileges\n");
+	}
 
 	krb5_get_init_creds_opt_init (&opt);
 
@@ -78,10 +84,13 @@ krb5_passwd(int argc, char **argv)
 
 	if (argv[0]) {
 		ret = krb5_parse_name(context, argv[0], &principal);
-	if (ret)
-		krb5_err(context, 1, ret, "krb5_parse_name");
-	} else
-		principal = NULL;
+		if (ret)
+			krb5_err(context, 1, ret, "krb5_parse_name");
+	} else {
+		ret = krb5_get_default_principal (context, &principal);
+		if (ret)
+			krb5_err (context, 1, ret, "krb5_get_default_principal");
+        }
 
 	ret = krb5_get_init_creds_password (context, &cred,
 	    principal, NULL, krb5_prompter_posix, NULL, 0,
diff --git a/usr.bin/passwd/passwd.c b/usr.bin/passwd/passwd.c
index 896002a0b75..fae31c3e260 100644
--- a/usr.bin/passwd/passwd.c
+++ b/usr.bin/passwd/passwd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: passwd.c,v 1.22 2005/12/18 12:29:26 biorn Exp $	*/
+/*	$OpenBSD: passwd.c,v 1.23 2006/01/22 06:04:28 biorn Exp $	*/
 
 /*
  * Copyright (c) 1988 The Regents of the University of California.
@@ -37,7 +37,7 @@ char copyright[] =
 
 #ifndef lint
 /*static const char sccsid[] = "from: @(#)passwd.c	5.5 (Berkeley) 7/6/91";*/
-static const char rcsid[] = "$OpenBSD: passwd.c,v 1.22 2005/12/18 12:29:26 biorn Exp $";
+static const char rcsid[] = "$OpenBSD: passwd.c,v 1.23 2006/01/22 06:04:28 biorn Exp $";
 #endif /* not lint */
 
 #include <stdio.h>
@@ -47,6 +47,10 @@ static const char rcsid[] = "$OpenBSD: passwd.c,v 1.22 2005/12/18 12:29:26 biorn
 #include <err.h>
 #include <rpcsvc/ypclnt.h>
 
+#if defined(KRB5)
+#include <sys/stat.h>
+#endif
+
 /*
  * Note on configuration:
  *      Generally one would not use both Kerberos and YP
@@ -76,11 +80,16 @@ main(int argc, char **argv)
 #ifdef	YP
 	int status = 0;
 #endif
+#if defined(KRB5)
+	char *ccfile;
+	struct stat sb;
 
-#if defined(KERBEROS5)
-	extern char realm[];
+	if (!(ccfile = getenv("KRB5CCNAME")))
+		if (asprintf(&ccfile, "/tmp/krb5cc_%u", (unsigned)getuid()) ==
+		    -1)
+			errx(1, "out of memory");
 
-	if (krb_get_lrealm(realm,1) == KSUCCESS)
+	if ((stat(ccfile, &sb) == 0) && (sb.st_uid == getuid()))
 		use_kerberos = 1;
 #endif
 #ifdef	YP
@@ -101,7 +110,7 @@ main(int argc, char **argv)
 			use_yp = 0;
 			break;
 		case 'K':
-#ifdef KRB5
+#if defined(KRB5)
 			/* Skip programname and '-K' option */
 			argc -= 2;
 			argv += 2;
@@ -147,6 +156,10 @@ main(int argc, char **argv)
 		usage(1);
 	}
 
+#if defined(KRB5)
+	if (use_kerberos)
+		exit(krb5_passwd(argc, argv));
+#endif
 #ifdef	YP
 	if (force_yp || ((status = local_passwd(username, 0)) && use_yp))
 		exit(yp_passwd(username));