version 1.10, 2000/07/17 16:43:14 |
version 1.11, 2000/12/02 22:44:36 |
|
|
struct passwd *pw; |
struct passwd *pw; |
char *instance, *localhost, *password; |
char *instance, *localhost, *password; |
{ |
{ |
int kerror; |
int kerror, fd; |
AUTH_DAT authdata; |
AUTH_DAT authdata; |
KTEXT_ST ticket; |
KTEXT_ST ticket; |
struct hostent *hp; |
struct hostent *hp; |
|
|
} |
} |
#endif |
#endif |
|
|
|
/* If no srvtab file exists, fail immediatly. This will make |
|
* login _much_ quicker on systems with sporadical contact with |
|
* the outside world. |
|
* We should really change the semantics for enabling kerberos. |
|
*/ |
|
if((fd = open(KEYFILE, O_RDONLY, 0)) < 0) |
|
return 1; |
|
close(fd); |
|
|
/* |
/* |
* Root logins don't use Kerberos (or at least shouldn't be |
* Root logins don't use Kerberos (or at least shouldn't be |
* sending kerberos passwords around in cleartext), so don't |
* sending kerberos passwords around in cleartext), so don't |
|
|
*/ |
*/ |
|
|
if (strcmp(instance, "root") != 0) |
if (strcmp(instance, "root") != 0) |
snprintf(tkt_location, sizeof(tkt_location), "%s%d.%s", |
snprintf(tkt_location, sizeof(tkt_location), "%s%d", |
TKT_ROOT, pw->pw_uid, tty); |
TKT_ROOT, pw->pw_uid); |
else |
else |
snprintf(tkt_location, sizeof(tkt_location), "%s_root_%d.%s", |
snprintf(tkt_location, sizeof(tkt_location), "%s_root_%d.%s", |
TKT_ROOT, pw->pw_uid, tty); |
TKT_ROOT, pw->pw_uid, tty); |
|
|
return (1); |
return (1); |
} |
} |
|
|
if (chown(TKT_FILE, pw->pw_uid, pw->pw_gid) < 0) |
/* |
syslog(LOG_ERR, "chown tkfile (%s): %m", TKT_FILE); |
* Set the owner of the ticket file to root but bail if someone |
|
* has nefariously swapped a link in place of the file. |
|
*/ |
|
fd = open(TKT_FILE, O_RDWR|O_NOFOLLOW, 0); |
|
if (fd == -1) { |
|
syslog(LOG_ERR, "unable to open ticket file: %m"); |
|
dest_tkt(); |
|
return (1); |
|
} |
|
if (fchown(fd, pw->pw_uid, pw->pw_gid) < 0) |
|
syslog(LOG_ERR, "fchown tkfile (%s): %m", TKT_FILE); |
|
close(fd); |
|
|
(void)strlcpy(savehost, krb_get_phost(localhost), sizeof(savehost)); |
(void)strlcpy(savehost, krb_get_phost(localhost), sizeof(savehost)); |
|
|