version 1.34, 2000/09/15 07:13:50 |
version 1.34.2.1, 2000/12/08 09:03:15 |
|
|
#include <string.h> |
#include <string.h> |
#include <syslog.h> |
#include <syslog.h> |
#include <unistd.h> |
#include <unistd.h> |
|
#include <fcntl.h> |
|
|
#ifdef SKEY |
#ifdef SKEY |
#include <skey.h> |
#include <skey.h> |
|
|
KTEXT_ST ticket; |
KTEXT_ST ticket; |
AUTH_DAT authdata; |
AUTH_DAT authdata; |
struct hostent *hp; |
struct hostent *hp; |
int kerno; |
int kerno, fd; |
in_addr_t faddr; |
in_addr_t faddr; |
char hostname[MAXHOSTNAMELEN], savehost[MAXHOSTNAMELEN]; |
char hostname[MAXHOSTNAMELEN], savehost[MAXHOSTNAMELEN]; |
char *ontty(), *krb_get_phost(); |
char *ontty(), *krb_get_phost(); |
|
|
|
/* Don't bother with Kerberos if there is no srvtab file */ |
|
if ((fd = open(KEYFILE, O_RDONLY, 0)) < 0) |
|
return (1); |
|
close(fd); |
|
|
if (koktologin(username, lrealm, user) && !uid) { |
if (koktologin(username, lrealm, user) && !uid) { |
(void)fprintf(stderr, "kerberos su: not in %s's ACL.\n", user); |
(void)fprintf(stderr, "kerberos su: not in %s's ACL.\n", user); |
return (1); |
return (1); |
|
|
return (1); |
return (1); |
} |
} |
|
|
if (chown(krbtkfile, uid, -1) < 0) { |
/* |
warn("chown"); |
* Set the owner of the ticket file to root but bail if someone |
|
* has nefariously swapped a link in place of the file. |
|
*/ |
|
fd = open(krbtkfile, O_RDWR|O_NOFOLLOW, 0); |
|
if (fd == -1) { |
|
warn("unable to open ticket file"); |
(void)unlink(krbtkfile); |
(void)unlink(krbtkfile); |
return (1); |
return (1); |
} |
} |
|
if (fchown(fd, uid, -1) < 0) { |
|
warn("fchown"); |
|
(void)unlink(krbtkfile); |
|
return (1); |
|
} |
|
close(fd); |
|
|
(void)setpriority(PRIO_PROCESS, 0, -2); |
(void)setpriority(PRIO_PROCESS, 0, -2); |
|
|