1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
|
/*
* This software may now be redistributed outside the US.
*
* $Source: /cvs/OpenBSD/src/kerberosIV/krb/Attic/kuserok.c,v $
*
* $Locker: $
*/
/*
Copyright (C) 1989 by the Massachusetts Institute of Technology
Export of this software from the United States of America is assumed
to require a specific license from the United States Government.
It is the responsibility of any person or organization contemplating
export to obtain such a license before exporting.
WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
distribute this software and its documentation for any purpose and
without fee is hereby granted, provided that the above copyright
notice appear in all copies and that both that copyright notice and
this permission notice appear in supporting documentation, and that
the name of M.I.T. not be used in advertising or publicity pertaining
to distribution of the software without specific, written prior
permission. M.I.T. makes no representations about the suitability of
this software for any purpose. It is provided "as is" without express
or implied warranty.
*/
/*
* kuserok: check if a kerberos principal has
* access to a local account
*/
#include "krb_locl.h"
#include <pwd.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/file.h>
#define OK 0
#define NOTOK 1
#define MAX_USERNAME 10
/*
* Given a Kerberos principal "kdata", and a local username "luser",
* determine whether user is authorized to login according to the
* authorization file ("~luser/.klogin" by default). Returns OK
* if authorized, NOTOK if not authorized.
*
* If there is no account for "luser" on the local machine, returns
* NOTOK. If there is no authorization file, and the given Kerberos
* name "kdata" translates to the same name as "luser" (using
* krb_kntoln()), returns OK. Otherwise, if the authorization file
* can't be accessed, returns NOTOK. Otherwise, the file is read for
* a matching principal name, instance, and realm. If one is found,
* returns OK, if none is found, returns NOTOK.
*
* The file entries are in the format:
*
* name.instance@realm
*
* one entry per line.
*
* The ATHENA_COMPAT code supports old-style Athena ~luser/.klogin
* file entries. See the file "kparse.c".
*/
#ifdef ATHENA_COMPAT
#include <kparse.h>
/*
* The parmtable defines the keywords we will recognize with their
* default values, and keeps a pointer to the found value. The found
* value should be filled in with strsave(), since FreeParameterSet()
* will release memory for all non-NULL found strings.
*
*** NOTE WELL! ***
*
* The table below is very nice, but we cannot hard-code a default for the
* realm: we have to get the realm via krb_get_lrealm(). Even though the
* default shows as "from krb_get_lrealm, below", it gets changed in
* kuserok to whatever krb_get_lrealm() tells us. That code assumes that
* the realm will be the entry number in the table below, so if you
* change the order of the entries below, you have to change the
* #definition of REALM_SCRIPT to reflect it.
*/
#define REALM_SUBSCRIPT 1
parmtable kparm[] = {
/* keyword default found value */
{"user", "", (char *) NULL},
{"realm", "see krb_get_lrealm, below", (char *) NULL},
{"instance", "", (char *) NULL},
};
#define KPARMS kparm,PARMCOUNT(kparm)
#endif /* ATHENA_COMPAT */
int
kuserok(kdata, luser)
AUTH_DAT *kdata;
char *luser;
{
struct stat sbuf;
struct passwd *pwd;
char pbuf[MAXPATHLEN];
int isok = NOTOK, rc;
FILE *fp;
char kuser[MAX_USERNAME];
char principal[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ];
char linebuf[BUFSIZ];
char *newline;
int gobble;
#ifdef ATHENA_COMPAT
char local_realm[REALM_SZ];
#endif /* ATHENA_COMPAT */
/* no account => no access */
if ((pwd = getpwnam(luser)) == NULL) {
return(NOTOK);
}
snprintf(pbuf, sizeof pbuf, "%s/.klogin", pwd->pw_dir);
if (access(pbuf, F_OK)) { /* not accessible */
/*
* if he's trying to log in as himself, and there is no .klogin file,
* let him. To find out, call
* krb_kntoln to convert the triple in kdata to a name which we can
* string compare.
*/
if (!krb_kntoln(kdata, kuser) && (strcmp(kuser, luser) == 0)) {
return(OK);
}
}
/* open ~/.klogin */
if ((fp = fopen(pbuf, "r")) == NULL) {
return(NOTOK);
}
/*
* security: if the user does not own his own .klogin file,
* do not grant access
*/
if (fstat(fileno(fp), &sbuf)) {
fclose(fp);
return(NOTOK);
}
if (sbuf.st_uid != pwd->pw_uid) {
fclose(fp);
return(NOTOK);
}
#ifdef ATHENA_COMPAT
/* Accept old-style .klogin files */
/*
* change the default realm from the hard-coded value to the
* accepted realm that Kerberos specifies.
*/
rc = krb_get_lrealm(local_realm, 1);
if (rc == KSUCCESS)
kparm[REALM_SUBSCRIPT].defvalue = local_realm;
else
return (rc);
/* check each line */
while ((isok != OK) && (rc = fGetParameterSet(fp, KPARMS)) != PS_EOF) {
switch (rc) {
case PS_BAD_KEYWORD:
case PS_SYNTAX:
while (((gobble = fGetChar(fp)) != EOF) && (gobble != '\n'));
break;
case PS_OKAY:
isok = (ParmCompare(KPARMS, "user", kdata->pname) ||
ParmCompare(KPARMS, "instance", kdata->pinst) ||
ParmCompare(KPARMS, "realm", kdata->prealm));
break;
default:
break;
}
FreeParameterSet(kparm, PARMCOUNT(kparm));
}
/* reset the stream for parsing new-style names, if necessary */
rewind(fp);
#endif /* ATHENA_COMPAT */
/* check each line */
while ((isok != OK) && (fgets(linebuf, BUFSIZ, fp) != NULL)) {
/* null-terminate the input string */
linebuf[BUFSIZ-1] = '\0';
newline = NULL;
/* nuke the newline if it exists */
if ((newline = strchr(linebuf, '\n')))
*newline = '\0';
rc = kname_parse(principal, inst, realm, linebuf);
if (rc == KSUCCESS) {
isok = (strncmp(kdata->pname, principal, ANAME_SZ) ||
strncmp(kdata->pinst, inst, INST_SZ) ||
strncmp(kdata->prealm, realm, REALM_SZ));
}
/* clean up the rest of the line if necessary */
if (!newline)
while (((gobble = getc(fp)) != EOF) && gobble != '\n');
}
fclose(fp);
return(isok);
}
|
