/* * This software may now be redistributed outside the US. * * $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/in_tkt.c,v $ * * $Locker: $ */ /* Copyright (C) 1989 by the Massachusetts Institute of Technology Export of this software from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting. WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. */ #include "krb_locl.h" #include #include #include #ifdef TKT_SHMEM #include #endif /* * in_tkt() is used to initialize the ticket store. It creates the * file to contain the tickets and writes the given user's name "pname" * and instance "pinst" in the file. in_tkt() returns KSUCCESS on * success, or KFAILURE if something goes wrong. */ int in_tkt(pname, pinst) char *pname; char *pinst; { int tktfile; uid_t me, metoo; struct stat buf; int count; char *file = TKT_FILE; int fd; register int i; char charbuf[BUFSIZ]; #ifdef TKT_SHMEM char shmidname[MaxPathLen]; #endif /* TKT_SHMEM */ me = getuid (); metoo = geteuid(); if (lstat(file,&buf) == 0) { if (buf.st_uid != me || !(buf.st_mode & S_IFREG) || buf.st_mode & 077 || buf.st_nlink != 1) { if (krb_debug) fprintf(stderr,"Error initializing %s",file); return(KFAILURE); } /* file already exists, and permissions appear ok, so nuke it */ if ((fd = open(file, O_RDWR, 0)) < 0) goto out; /* can't zero it, but we can still try truncating it */ bzero(charbuf, sizeof(charbuf)); for (i = 0; i < buf.st_size; i += sizeof(charbuf)) if (write(fd, charbuf, sizeof(charbuf)) != sizeof(charbuf)) break; (void) fsync(fd); (void) close(fd); (void) unlink (file); } out: /* arrange so the file is owned by the ruid (swap real & effective uid if necessary). This isn't a security problem, since the ticket file, if it already exists, has the right uid (== ruid) and mode. */ if (me != metoo) { if (seteuid(me) < 0) { /* can't switch??? barf! */ if (krb_debug) perror("in_tkt: seteuid"); return(KFAILURE); } else if (krb_debug) printf("swapped UID's %d and %d\n",(int)metoo,(int)me); } if ((tktfile = open (file,O_CREAT|O_EXCL|O_WRONLY,0600)) < 0) { if (krb_debug) fprintf(stderr,"Error initializing %s",TKT_FILE); return(KFAILURE); } if (me != metoo) { if (seteuid(metoo) < 0) { /* can't switch??? barf! */ if (krb_debug) perror("in_tkt: seteuid2"); return(KFAILURE); } else if (krb_debug) printf("swapped UID's %d and %d\n",(int)me,(int)metoo); } if (lstat(file,&buf) < 0) { if (krb_debug) fprintf(stderr,"Error initializing %s",TKT_FILE); return(KFAILURE); } if (buf.st_uid != me || !(buf.st_mode & S_IFREG) || buf.st_mode & 077) { if (krb_debug) fprintf(stderr,"Error initializing %s",TKT_FILE); return(KFAILURE); } count = strlen(pname)+1; if (write(tktfile,pname,count) != count) { (void) close(tktfile); return(KFAILURE); } count = strlen(pinst)+1; if (write(tktfile,pinst,count) != count) { (void) close(tktfile); return(KFAILURE); } (void) close(tktfile); #ifdef TKT_SHMEM (void) strcpy(shmidname, file); (void) strcat(shmidname, ".shm"); return(krb_shm_create(shmidname)); #else /* !TKT_SHMEM */ return(KSUCCESS); #endif /* TKT_SHMEM */ }