version 1.18, 1997/01/15 23:43:16 |
version 1.19, 1997/02/11 05:00:55 |
|
|
#include <kerberosIV/des.h> |
#include <kerberosIV/des.h> |
#include <kerberosIV/krb.h> |
#include <kerberosIV/krb.h> |
#include <netdb.h> |
#include <netdb.h> |
|
#include <fcntl.h> |
|
#include <sys/stat.h> |
|
|
#define ARGSTR "-Kflm" |
#define ARGSTR "-Kflm" |
|
|
|
void kdestroy __P((void)); |
|
void dofork __P((void)); |
|
|
int use_kerberos = 1; |
int use_kerberos = 1; |
|
char krbtkfile[MAXPATHLEN]; |
#else |
#else |
#define ARGSTR "-flm" |
#define ARGSTR "-flm" |
#endif |
#endif |
|
|
char *ontty __P((void)); |
char *ontty __P((void)); |
int chshell __P((char *)); |
int chshell __P((char *)); |
|
|
|
#ifdef KERBEROS |
|
void |
|
dofork() |
|
{ |
|
pid_t child; |
|
|
|
if (!(child = fork())) |
|
return; /* Child process */ |
|
|
|
/* Setup stuff? This would be things we could do in parallel with login */ |
|
(void) chdir("/"); /* Let's not keep the fs busy... */ |
|
|
|
/* If we're the parent, watch the child until it dies */ |
|
while (wait(0) != child) |
|
; |
|
|
|
/* Run kdestroy to destroy tickets */ |
|
kdestroy(); |
|
|
|
/* Leave */ |
|
exit(0); |
|
} |
|
#endif |
|
|
int |
int |
main(argc, argv) |
main(argc, argv) |
int argc; |
int argc; |
|
|
if (!use_kerberos || kerberos(username, user, pwd->pw_uid)) |
if (!use_kerberos || kerberos(username, user, pwd->pw_uid)) |
#endif |
#endif |
{ |
{ |
|
use_kerberos = 0; |
/* only allow those in group zero to su to root. */ |
/* only allow those in group zero to su to root. */ |
if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0)) |
if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0)) |
&& gr->gr_mem && *(gr->gr_mem)) |
&& gr->gr_mem && *(gr->gr_mem)) |
|
|
if (iscsh == UNSET) |
if (iscsh == UNSET) |
iscsh = strcmp(avshell, "csh") ? NO : YES; |
iscsh = strcmp(avshell, "csh") ? NO : YES; |
|
|
|
#if defined(KERBEROS) || defined(KERBEROS5) |
|
/* Fork so that we can call kdestroy */ |
|
if (use_kerberos) |
|
dofork(); |
|
#endif |
|
|
/* set permissions */ |
/* set permissions */ |
if (setegid(pwd->pw_gid) < 0) |
if (setegid(pwd->pw_gid) < 0) |
err(1, "setegid"); |
err(1, "setegid"); |
|
|
register char *p; |
register char *p; |
int kerno; |
int kerno; |
u_long faddr; |
u_long faddr; |
char lrealm[REALM_SZ], krbtkfile[MAXPATHLEN]; |
char lrealm[REALM_SZ]; |
char hostname[MAXHOSTNAMELEN], savehost[MAXHOSTNAMELEN]; |
char hostname[MAXHOSTNAMELEN], savehost[MAXHOSTNAMELEN]; |
char *ontty(), *krb_get_phost(); |
char *ontty(), *krb_get_phost(); |
|
|
|
|
kdata->prealm[sizeof(kdata->prealm) -1] = '\0'; |
kdata->prealm[sizeof(kdata->prealm) -1] = '\0'; |
|
|
return (kuserok(kdata, toname)); |
return (kuserok(kdata, toname)); |
|
} |
|
|
|
void |
|
kdestroy() |
|
{ |
|
char *file = krbtkfile; |
|
int i, fd; |
|
extern int errno; |
|
struct stat statb; |
|
char buf[BUFSIZ]; |
|
#ifdef TKT_SHMEM |
|
char shmidname[MAXPATHLEN]; |
|
#endif /* TKT_SHMEM */ |
|
|
|
if (use_kerberos == 0) |
|
return; |
|
|
|
errno = 0; |
|
if (lstat(file, &statb) < 0) |
|
goto out; |
|
|
|
if (!(statb.st_mode & S_IFREG) |
|
#ifdef notdef |
|
|| statb.st_mode & 077 |
|
#endif |
|
) |
|
goto out; |
|
|
|
if ((fd = open(file, O_RDWR, 0)) < 0) |
|
goto out; |
|
|
|
bzero(buf, BUFSIZ); |
|
|
|
for (i = 0; i < statb.st_size; i += BUFSIZ) |
|
if (write(fd, buf, BUFSIZ) != BUFSIZ) { |
|
(void) fsync(fd); |
|
(void) close(fd); |
|
goto out; |
|
} |
|
|
|
(void) fsync(fd); |
|
(void) close(fd); |
|
|
|
(void) unlink(file); |
|
|
|
out: |
|
if (errno != 0) return; |
|
#ifdef TKT_SHMEM |
|
/* |
|
* handle the shared memory case |
|
*/ |
|
(void) strcpy(shmidname, file); |
|
(void) strcat(shmidname, ".shm"); |
|
if (krb_shm_dest(shmidname) != KSUCCESS) |
|
return; |
|
#endif /* TKT_SHMEM */ |
|
return; |
} |
} |
#endif |
#endif |