version 1.27, 1997/06/23 09:23:12 |
version 1.28, 1997/06/27 06:59:58 |
|
|
#define ARGSTR "-Kflm" |
#define ARGSTR "-Kflm" |
|
|
int use_kerberos = 1; |
int use_kerberos = 1; |
int got_ticket; |
char krbtkfile[MAXPATHLEN]; |
|
char lrealm[REALM_SZ]; |
|
int ksettkfile(char *); |
#else |
#else |
#define ARGSTR "-flm" |
#define ARGSTR "-flm" |
#endif |
#endif |
|
|
enum { UNSET, YES, NO } iscsh = UNSET; |
enum { UNSET, YES, NO } iscsh = UNSET; |
char *user, *shell, *avshell, *username, **np; |
char *user, *shell, *avshell, *username, **np; |
char shellbuf[MAXPATHLEN], avshellbuf[MAXPATHLEN]; |
char shellbuf[MAXPATHLEN], avshellbuf[MAXPATHLEN]; |
#ifdef KERBEROS |
|
char *k; |
|
#endif |
|
|
|
asme = asthem = fastlogin = 0; |
asme = asthem = fastlogin = 0; |
while ((ch = getopt(argc, argv, ARGSTR)) != -1) |
while ((ch = getopt(argc, argv, ARGSTR)) != -1) |
|
|
if ((user = strdup(pwd->pw_name)) == NULL) |
if ((user = strdup(pwd->pw_name)) == NULL) |
err(1, "can't allocate memory"); |
err(1, "can't allocate memory"); |
|
|
|
#if KERBEROS |
|
if (ksettkfile(user)) |
|
use_kerberos = 0; |
|
#endif |
|
|
if (ruid) { |
if (ruid) { |
#ifdef KERBEROS |
#ifdef KERBEROS |
if (!use_kerberos || kerberos(username, user, pwd->pw_uid)) |
if (!use_kerberos || kerberos(username, user, pwd->pw_uid)) |
|
|
if (!asme) { |
if (!asme) { |
if (asthem) { |
if (asthem) { |
p = getenv("TERM"); |
p = getenv("TERM"); |
#ifdef KERBEROS |
|
k = getenv("KRBTKFILE"); |
|
#endif |
|
if ((environ = calloc(1, sizeof (char *))) == NULL) |
if ((environ = calloc(1, sizeof (char *))) == NULL) |
errx(1, "calloc"); |
errx(1, "calloc"); |
(void)setenv("PATH", _PATH_DEFPATH, 1); |
(void)setenv("PATH", _PATH_DEFPATH, 1); |
if (p) |
if (p) |
(void)setenv("TERM", p, 1); |
(void)setenv("TERM", p, 1); |
#ifdef KERBEROS |
|
if (k && got_ticket) |
|
(void)setenv("KRBTKFILE", k, 1); |
|
#endif |
|
|
|
seteuid(pwd->pw_uid); |
seteuid(pwd->pw_uid); |
setegid(pwd->pw_gid); |
setegid(pwd->pw_gid); |
|
|
(void)setenv("SHELL", shell, 1); |
(void)setenv("SHELL", shell, 1); |
} |
} |
|
|
|
#ifdef KERBEROS |
|
if (*krbtkfile) |
|
(void)setenv("KRBTKFILE", krbtkfile, 1); |
|
#endif |
|
|
if (iscsh == YES) { |
if (iscsh == YES) { |
if (fastlogin) |
if (fastlogin) |
*np-- = "-f"; |
*np-- = "-f"; |
|
|
register char *p; |
register char *p; |
int kerno; |
int kerno; |
in_addr_t faddr; |
in_addr_t faddr; |
char lrealm[REALM_SZ], krbtkfile[MAXPATHLEN]; |
|
char hostname[MAXHOSTNAMELEN], savehost[MAXHOSTNAMELEN]; |
char hostname[MAXHOSTNAMELEN], savehost[MAXHOSTNAMELEN]; |
char *ontty(), *krb_get_phost(); |
char *ontty(), *krb_get_phost(); |
|
|
if (krb_get_lrealm(lrealm, 1) != KSUCCESS) |
|
return (1); |
|
if (koktologin(username, lrealm, user) && !uid) { |
if (koktologin(username, lrealm, user) && !uid) { |
(void)fprintf(stderr, "kerberos su: not in %s's ACL.\n", user); |
(void)fprintf(stderr, "kerberos su: not in %s's ACL.\n", user); |
return (1); |
return (1); |
} |
} |
(void)snprintf(krbtkfile, sizeof(krbtkfile), "%s_%s_%u", TKT_ROOT, |
|
user, getuid()); |
|
|
|
(void)setenv("KRBTKFILE", krbtkfile, 1); |
|
(void)krb_set_tkt_string(krbtkfile); |
(void)krb_set_tkt_string(krbtkfile); |
|
|
/* |
/* |
* Set real as well as effective ID to 0 for the moment, |
* Set real as well as effective ID to 0 for the moment, |
* to make the kerberos library do the right thing. |
* to make the kerberos library do the right thing. |
|
|
return (1); |
return (1); |
} |
} |
} |
} |
got_ticket = 1; |
|
return (0); |
return (0); |
} |
} |
|
|
|
|
kdata->prealm[sizeof(kdata->prealm) -1] = '\0'; |
kdata->prealm[sizeof(kdata->prealm) -1] = '\0'; |
|
|
return (kuserok(kdata, toname)); |
return (kuserok(kdata, toname)); |
|
} |
|
|
|
int |
|
ksettkfile(user) |
|
char *user; |
|
{ |
|
if (krb_get_lrealm(lrealm, 1) != KSUCCESS) |
|
return (1); |
|
(void)snprintf(krbtkfile, sizeof(krbtkfile), "%s_%s_%u", TKT_ROOT, |
|
user, getuid()); |
|
return (0); |
} |
} |
#endif |
#endif |