mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2025-01-22 16:44:32 +01:00
Changes for KTH KerberosIV.
Quieten -Wall a bit. From Joe Traister: The previous patch did not propogate the KRBTKFILE environment variable into the new environment when -l is given to su, making it impossible for kdestroy to find the ticket file. This patch corrects that problem as well as the original segfault problem. (Fixes PR 3903)
This commit is contained in:
parent
7f80a02080
commit
301afdb85c
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=29923
@ -19,8 +19,8 @@ COPTS+= -DWHEELSU
|
||||
.endif
|
||||
CFLAGS+= -Wall
|
||||
|
||||
.if exists(${DESTDIR}/usr/lib/libkrb.a) && (defined(MAKE_KERBEROS) \
|
||||
|| defined(MAKE_EBONES)) && !defined(LC_AUTH)
|
||||
.if exists(${DESTDIR}/usr/lib/libkrb.a) && defined(MAKE_KERBEROS4) \
|
||||
&& !defined(LC_AUTH)
|
||||
CFLAGS+=-DKERBEROS
|
||||
DPADD+= ${LIBKRB} ${LIBDES}
|
||||
LDADD+= -lkrb -ldes
|
||||
|
@ -42,7 +42,7 @@ static const char copyright[] =
|
||||
static char sccsid[] = "@(#)su.c 8.3 (Berkeley) 4/2/94";
|
||||
#endif
|
||||
static const char rcsid[] =
|
||||
"$Id: su.c,v 1.21 1997/08/12 06:45:43 charnier Exp $";
|
||||
"$Id$";
|
||||
#endif /* not lint */
|
||||
|
||||
#include <sys/param.h>
|
||||
@ -74,7 +74,7 @@ static const char rcsid[] =
|
||||
|
||||
#ifdef KERBEROS
|
||||
#include <des.h>
|
||||
#include <kerberosIV/krb.h>
|
||||
#include <krb.h>
|
||||
#include <netdb.h>
|
||||
|
||||
#define ARGSTR "-Kflm"
|
||||
@ -102,7 +102,7 @@ main(argc, argv)
|
||||
char *targetpass;
|
||||
int iswheelsu;
|
||||
#endif /* WHEELSU */
|
||||
char *p, **g, *user, *shell=NULL, *username, *cleanenv[20], **nargv, **np;
|
||||
char *p, **g, *user, *shell=NULL, *username, **cleanenv, **nargv, **np;
|
||||
struct group *gr;
|
||||
uid_t ruid;
|
||||
int asme, ch, asthem, fastlogin, prio, i;
|
||||
@ -113,6 +113,9 @@ main(argc, argv)
|
||||
#ifdef LOGIN_CAP_AUTH
|
||||
char *style, *approvep, *auth_method = NULL;
|
||||
#endif
|
||||
#endif
|
||||
#ifdef KERBEROS
|
||||
char *k;
|
||||
#endif
|
||||
char shellbuf[MAXPATHLEN];
|
||||
|
||||
@ -366,6 +369,11 @@ main(argc, argv)
|
||||
if (!asme) {
|
||||
if (asthem) {
|
||||
p = getenv("TERM");
|
||||
#ifdef KERBEROS
|
||||
k = getenv("KRBTKFILE");
|
||||
#endif
|
||||
if ((cleanenv = calloc(20, sizeof(char*))) == NULL)
|
||||
errx(1, "calloc");
|
||||
cleanenv[0] = NULL;
|
||||
environ = cleanenv;
|
||||
#ifdef LOGIN_CAP
|
||||
@ -376,6 +384,10 @@ main(argc, argv)
|
||||
#endif
|
||||
if (p)
|
||||
(void)setenv("TERM", p, 1);
|
||||
#ifdef KERBEROS
|
||||
if (k)
|
||||
(void)setenv("KRBTKFILE", k, 1);
|
||||
#endif
|
||||
if (chdir(pwd->pw_dir) < 0)
|
||||
errx(1, "no directory");
|
||||
}
|
||||
@ -445,15 +457,14 @@ kerberos(username, user, uid, pword)
|
||||
int uid;
|
||||
char *pword;
|
||||
{
|
||||
extern char *krb_err_txt[];
|
||||
KTEXT_ST ticket;
|
||||
AUTH_DAT authdata;
|
||||
int kerno;
|
||||
u_long faddr;
|
||||
struct sockaddr_in local_addr;
|
||||
char lrealm[REALM_SZ], krbtkfile[MAXPATHLEN];
|
||||
char hostname[MAXHOSTNAMELEN], savehost[MAXHOSTNAMELEN];
|
||||
char *krb_get_phost();
|
||||
struct hostent *hp;
|
||||
|
||||
if (krb_get_lrealm(lrealm, 1) != KSUCCESS)
|
||||
return (1);
|
||||
@ -531,13 +542,13 @@ kerberos(username, user, uid, pword)
|
||||
dest_tkt();
|
||||
return (1);
|
||||
} else {
|
||||
if ((kerno = krb_get_local_addr(&local_addr)) != KSUCCESS) {
|
||||
warnx("Unable to get our local address: %s",
|
||||
krb_err_txt[kerno]);
|
||||
if (!(hp = gethostbyname(hostname))) {
|
||||
warnx("can't get addr of %s", hostname);
|
||||
dest_tkt();
|
||||
return (1);
|
||||
}
|
||||
faddr = local_addr.sin_addr.s_addr;
|
||||
memmove((char *)&faddr, (char *)hp->h_addr, sizeof(faddr));
|
||||
|
||||
if ((kerno = krb_rd_req(&ticket, "rcmd", savehost, faddr,
|
||||
&authdata, "")) != KSUCCESS) {
|
||||
warnx("kerberos: unable to verify rcmd ticket: %s\n",
|
||||
|
Loading…
Reference in New Issue
Block a user