diff options
-rw-r--r-- | usr.bin/login/klogin.c | 34 | ||||
-rw-r--r-- | usr.bin/su/su.c | 27 |
2 files changed, 49 insertions, 12 deletions
diff --git a/usr.bin/login/klogin.c b/usr.bin/login/klogin.c index 4f902b2e701..af273532e01 100644 --- a/usr.bin/login/klogin.c +++ b/usr.bin/login/klogin.c @@ -1,4 +1,4 @@ -/* $OpenBSD: klogin.c,v 1.10 2000/07/17 16:43:14 millert Exp $ */ +/* $OpenBSD: klogin.c,v 1.11 2000/12/02 22:44:36 hin Exp $ */ /* $NetBSD: klogin.c,v 1.7 1996/05/21 22:07:04 mrg Exp $ */ /*- @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)klogin.c 8.3 (Berkeley) 4/2/94"; #endif -static char rcsid[] = "$OpenBSD: klogin.c,v 1.10 2000/07/17 16:43:14 millert Exp $"; +static char rcsid[] = "$OpenBSD: klogin.c,v 1.11 2000/12/02 22:44:36 hin Exp $"; #endif /* not lint */ #ifdef KERBEROS @@ -80,7 +80,7 @@ klogin(pw, instance, localhost, password) struct passwd *pw; char *instance, *localhost, *password; { - int kerror; + int kerror, fd; AUTH_DAT authdata; KTEXT_ST ticket; struct hostent *hp; @@ -97,6 +97,15 @@ klogin(pw, instance, localhost, password) } #endif + /* If no srvtab file exists, fail immediatly. This will make + * login _much_ quicker on systems with sporadical contact with + * the outside world. + * We should really change the semantics for enabling kerberos. + */ + if((fd = open(KEYFILE, O_RDONLY, 0)) < 0) + return 1; + close(fd); + /* * Root logins don't use Kerberos (or at least shouldn't be * sending kerberos passwords around in cleartext), so don't @@ -119,8 +128,8 @@ klogin(pw, instance, localhost, password) */ if (strcmp(instance, "root") != 0) - snprintf(tkt_location, sizeof(tkt_location), "%s%d.%s", - TKT_ROOT, pw->pw_uid, tty); + snprintf(tkt_location, sizeof(tkt_location), "%s%d", + TKT_ROOT, pw->pw_uid); else snprintf(tkt_location, sizeof(tkt_location), "%s_root_%d.%s", TKT_ROOT, pw->pw_uid, tty); @@ -155,8 +164,19 @@ klogin(pw, instance, localhost, password) return (1); } - if (chown(TKT_FILE, pw->pw_uid, pw->pw_gid) < 0) - syslog(LOG_ERR, "chown tkfile (%s): %m", TKT_FILE); + /* + * Set the owner of the ticket file to root but bail if someone + * has nefariously swapped a link in place of the file. + */ + fd = open(TKT_FILE, O_RDWR|O_NOFOLLOW, 0); + if (fd == -1) { + syslog(LOG_ERR, "unable to open ticket file: %m"); + dest_tkt(); + return (1); + } + if (fchown(fd, pw->pw_uid, pw->pw_gid) < 0) + syslog(LOG_ERR, "fchown tkfile (%s): %m", TKT_FILE); + close(fd); (void)strlcpy(savehost, krb_get_phost(localhost), sizeof(savehost)); diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c index 0a0f67e7604..c1cf55defaa 100644 --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -1,4 +1,4 @@ -/* $OpenBSD: su.c,v 1.34 2000/09/15 07:13:50 deraadt Exp $ */ +/* $OpenBSD: su.c,v 1.35 2000/12/02 22:44:49 hin Exp $ */ /* * Copyright (c) 1988 The Regents of the University of California. @@ -41,7 +41,7 @@ char copyright[] = #ifndef lint /*static char sccsid[] = "from: @(#)su.c 5.26 (Berkeley) 7/6/91";*/ -static char rcsid[] = "$OpenBSD: su.c,v 1.34 2000/09/15 07:13:50 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: su.c,v 1.35 2000/12/02 22:44:49 hin Exp $"; #endif /* not lint */ #include <sys/param.h> @@ -59,6 +59,7 @@ static char rcsid[] = "$OpenBSD: su.c,v 1.34 2000/09/15 07:13:50 deraadt Exp $"; #include <string.h> #include <syslog.h> #include <unistd.h> +#include <fcntl.h> #ifdef SKEY #include <skey.h> @@ -358,11 +359,16 @@ kerberos(username, user, uid) KTEXT_ST ticket; AUTH_DAT authdata; struct hostent *hp; - int kerno; + int kerno, fd; in_addr_t faddr; char hostname[MAXHOSTNAMELEN], savehost[MAXHOSTNAMELEN]; char *ontty(), *krb_get_phost(); + /* Don't bother with Kerberos if there is no srvtab file */ + if ((fd = open(KEYFILE, O_RDONLY, 0)) < 0) + return (1); + close(fd); + if (koktologin(username, lrealm, user) && !uid) { (void)fprintf(stderr, "kerberos su: not in %s's ACL.\n", user); return (1); @@ -407,11 +413,22 @@ kerberos(username, user, uid) return (1); } - if (chown(krbtkfile, uid, -1) < 0) { - warn("chown"); + /* + * Set the owner of the ticket file to root but bail if someone + * has nefariously swapped a link in place of the file. + */ + fd = open(krbtkfile, O_RDWR|O_NOFOLLOW, 0); + if (fd == -1) { + warn("unable to open ticket file"); + (void)unlink(krbtkfile); + return (1); + } + if (fchown(fd, uid, -1) < 0) { + warn("fchown"); (void)unlink(krbtkfile); return (1); } + close(fd); (void)setpriority(PRIO_PROCESS, 0, -2); |