[5386] in Kerberos
Re: "su: may not be called from rc script" under eklogin, OSF/1
daemon@ATHENA.MIT.EDU (Scott Hutton)
Wed Jun 14 23:23:48 1995
To: kerberos@MIT.EDU
Date: 15 Jun 1995 03:03:37 GMT
From: shutton@habanero.ucs.indiana.edu (Scott Hutton)
eichin@cygnus.com (Mark W. Eichin) wrote:
| Does that imply that the addition of a setluid() call in login.krb
| would suffice? (CNS has similar code for SCO already:
|
| src/appl/bsd/login.c:825:
| #ifdef __SCO__
| /* this is necessary when C2 mode is enabled, but not otherwise */
| setluid((uid_type) pwd->pw_uid);
| #endif
|
| but the OSF 1/v3.0 man pages indicate that -lsecurity is probably
| needed when using this feature...)
|
| Perhaps you could try it, and let us know if it works.
| _Mark_ <eichin@cygnus.com>
| Cygnus Support
| Cygnus Network Security <network-security@cygnus.com>
| http://www.cygnus.com/data/cns/
Bingo--I just changed the #ifdef to include __alpha, linked with
-lsecurity, and I'm in business. Thanks much!
BTW, another bug cropped up on our Alphas that we fixed (and should
probably be incorporated back into the source). There was a "long"
where there should've been a KRB_INT32 in src/lib/krb/rd_req.c. I've
attached a patch that worked for us.
-Scott
*** rd_req.c.orig Wed Jun 14 22:01:18 1995
--- rd_req.c Wed Jun 14 22:02:48 1995
***************
*** 124,130 ****
register KTEXT authent; /* The received message */
char *service; /* Service name */
char *instance; /* Service instance */
! long from_addr; /* Net address of originating host */
AUTH_DAT *ad; /* Structure to be filled in */
char *fn; /* Filename to get keys from */
{
--- 124,130 ----
register KTEXT authent; /* The received message */
char *service; /* Service name */
char *instance; /* Service instance */
! KRB_INT32 from_addr; /* Net address of originating host */
AUTH_DAT *ad; /* Structure to be filled in */
char *fn; /* Filename to get keys from */
{
***************
*** 348,354 ****
if (krb_ap_req_debug)
log("Address: %d %d",ad->address,from_addr);
#endif
! if (!krb_ignore_ip_address && from_addr && (ad->address != from_addr))
return(RD_AP_BADD);
/* All seems OK */
--- 348,355 ----
if (krb_ap_req_debug)
log("Address: %d %d",ad->address,from_addr);
#endif
! if (!krb_ignore_ip_address && from_addr &&
! (ad->address != (KRB_INT32) from_addr))
return(RD_AP_BADD);
/* All seems OK */
