[2826] in Kerberos-V5-bugs
krb5-libs/505: patch to make krb5 consistently use one set-effective-uid function
daemon@ATHENA.MIT.EDU (evanc@synapse.net)
Sun Nov 23 01:05:12 1997
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, evanc@synapse.net
Date: 23 Nov 1997 06:04:49 -0000
From: evanc@synapse.net
To: krb5-bugs@MIT.EDU
Cc: evanc@synapse.net
>Number: 505
>Category: krb5-libs
>Synopsis: patch to make krb5 consistently use one set-effective-uid fn
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Sun Nov 23 01:05:01 EST 1997
>Last-Modified:
>Originator: Evan Champion
>Organization:
>Release: krb5-1.0.3
>Environment:
System: FreeBSD cello.synapse.net 3.0-CURRENT FreeBSD 3.0-CURRENT #0: Fri Nov 21 11:09:40 EST 1997 evanc@cello.synapse.net:/usr/src/sys/compile/CELLO i386
>Description:
Kerberos is a little indiscriminant in which set-effective-uid
function it uses. Sometimes it is seteuid(), sometimes setreuid().
On platforms where one of the two is broken, this can cause
some grief as some things work and others don't... Even in the
best case, it means you're using two functions where one could
have done the job.
Of the 3 set-effective-uid choices, seteuid() is the only one
that is POSIX-approved, so I chose to implement everything
in terms of seteuid. From Kerberos' perspective, seteuid()
is completely sufficient in all cases.
Portability to platforms that do not contain seteuid() and
setegid() is maintained through the inclusion of
src/include/seteuid.h. This header includes almost verbatim
code that was already in existing modules to redefine
seteuid() based on the most appropriate alternate function.
Placing the redefinitions in a separate header file ensures
consistent implementation. It would probably be a good idea
to include these #defines in k5-int.h instead, but you will
have to wrap the whole thing with something like:
#if defined(HAVE_SETEUID) || defined(HAVE_SETREUID) ||
defined(HAVE_SETRESUID)
as very few makefiles actually define HAVE_SET*UID.
krb5_seteuid() is now unused and was removed.
These patches have been tested on FreeBSD 3.0 and BSD/OS 3.1.
As they only standardise the use of definitions already in
Kerberos, I do not expect problems with other platforms beyond
what may already exist.
>How-To-Repeat:
>Fix:
Diffs plus a new header file, src/include/seteuid.h.
The diffs also include a minor patch to do shared libraries on
FreeBSD the same way as on NetBSD.
-----------------
krb5-seteuid.diff
-----------------
diff -r -c 1/krb5-1.0.3/src/appl/bsd/krcp.c krb5-1.0.3/src/appl/bsd/krcp.c
*** 1/krb5-1.0.3/src/appl/bsd/krcp.c Mon Nov 17 22:45:37 1997
--- krb5-1.0.3/src/appl/bsd/krcp.c Sat Nov 22 23:48:32 1997
***************
*** 66,77 ****
#include <varargs.h>
#endif
! #ifdef HAVE_SETRESUID
! #ifndef HAVE_SETREUID
! #define HAVE_SETREUID
! #define setreuid(r,e) setresuid(r,e,-1)
! #endif
! #endif
#ifndef roundup
#define roundup(x,y) ((((x)+(y)-1)/(y))*(y))
#endif
--- 66,73 ----
#include <varargs.h>
#endif
! #include "seteuid.h"
!
#ifndef roundup
#define roundup(x,y) ((((x)+(y)-1)/(y))*(y))
#endif
***************
*** 546,558 ****
}
euid = geteuid();
- #ifdef HAVE_SETREUID
- if (euid == 0)
- (void) setreuid(0, userid);
- sink(1, argv+argc-1);
- if (euid == 0)
- (void) setreuid(userid, 0);
- #else
if (euid == 0) {
(void) setuid(0);
if(seteuid(userid)) {
--- 542,547 ----
***************
*** 565,581 ****
perror("rcp seteuid 0"); errs++; exit(errs);
}
}
- #endif
#else
rem = rcmd(&host, port, pwd->pw_name, suser,
buf, 0);
if (rem < 0)
continue;
- #ifdef HAVE_SETREUID
- (void) setreuid(0, userid);
- sink(1, argv+argc-1);
- (void) setreuid(userid, 0);
- #else
(void) setuid(0);
if(seteuid(userid)) {
perror("rcp seteuid user"); errs++; exit(errs);
--- 554,564 ----
***************
*** 584,590 ****
if(seteuid(0)) {
perror("rcp seteuid 0"); errs++; exit(errs);
}
- #endif
#endif /* KERBEROS */
(void) close(rem);
rem = -1;
--- 567,572 ----
diff -r -c 1/krb5-1.0.3/src/appl/bsd/v4rcp.c krb5-1.0.3/src/appl/bsd/v4rcp.c
*** 1/krb5-1.0.3/src/appl/bsd/v4rcp.c Mon Nov 17 22:45:38 1997
--- krb5-1.0.3/src/appl/bsd/v4rcp.c Sat Nov 22 22:40:20 1997
***************
*** 265,276 ****
#define vfork fork
#endif
- #ifdef hpux
- #define setreuid(r,e) setresuid(r,e,-1)
- #endif
- #ifdef __svr4__
- #define setreuid(r,e) setuid(r)
- #endif
#ifndef roundup
#define roundup(x,y) ((((x)+(y)-1)/(y))*(y))
#endif
--- 265,270 ----
diff -r -c 1/krb5-1.0.3/src/appl/gssftp/ftpd/ftpd.c krb5-1.0.3/src/appl/gssftp/ftpd/ftpd.c
*** 1/krb5-1.0.3/src/appl/gssftp/ftpd/ftpd.c Mon Nov 17 22:45:46 1997
--- krb5-1.0.3/src/appl/gssftp/ftpd/ftpd.c Sat Nov 22 23:50:28 1997
***************
*** 101,112 ****
extern char *mktemp ();
! #ifndef HAVE_SETEUID
! #ifdef HAVE_SETRESUID
! #define seteuid(e) setresuid(-1,e,-1)
! #define setegid(e) setresgid(-1,e,-1)
! #endif
! #endif
#ifdef STDARG
extern reply(int, char *, ...);
--- 101,107 ----
extern char *mktemp ();
! #include "seteuid.h"
#ifdef STDARG
extern reply(int, char *, ...);
diff -r -c 1/krb5-1.0.3/src/clients/ksu/ccache.c krb5-1.0.3/src/clients/ksu/ccache.c
*** 1/krb5-1.0.3/src/clients/ksu/ccache.c Mon Nov 17 22:46:18 1997
--- krb5-1.0.3/src/clients/ksu/ccache.c Sat Nov 22 22:57:28 1997
***************
*** 28,33 ****
--- 28,35 ----
#include "ksu.h"
#include "adm_proto.h"
+ #include "seteuid.h"
+
/******************************************************************
krb5_cache_copy
***************
*** 93,99 ****
return EINVAL;
}
! if (krb5_seteuid(0)||krb5_seteuid(target_uid)) {
return errno;
}
--- 95,101 ----
return EINVAL;
}
! if (seteuid(0)||seteuid(target_uid)) {
return errno;
}
***************
*** 681,687 ****
return EINVAL;
}
! if (krb5_seteuid(0)||krb5_seteuid(target_uid)) {
return errno;
}
--- 683,689 ----
return EINVAL;
}
! if (seteuid(0)||seteuid(target_uid)) {
return errno;
}
diff -r -c 1/krb5-1.0.3/src/clients/ksu/configure krb5-1.0.3/src/clients/ksu/configure
*** 1/krb5-1.0.3/src/clients/ksu/configure Mon Nov 17 22:52:52 1997
--- krb5-1.0.3/src/clients/ksu/configure Sat Nov 22 23:24:43 1997
***************
*** 531,537 ****
fi
! ac_reltopdir=../../.
case "$ac_reltopdir" in
/*)
echo "Configure script built with absolute localdir pathname"
--- 531,537 ----
fi
! ac_reltopdir=./../..
case "$ac_reltopdir" in
/*)
echo "Configure script built with absolute localdir pathname"
***************
*** 1181,1187 ****
fi
! for ac_func in getusershell lstat
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
--- 1181,1187 ----
fi
! for ac_func in getusershell lstat seteuid setreuid setresuid
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
***************
*** 1328,1336 ****
done
- kutil_deplib="\$(TOPLIBD)/libkrb5util.a"
- kutil_lib=-lkrb5util
-
save_LIBS="$LIBS"
LIBS=-lgen
for ac_func in compile step
--- 1328,1333 ----
***************
*** 1340,1346 ****
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
! #line 1344 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
--- 1337,1343 ----
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
! #line 1341 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
***************
*** 1364,1370 ****
; return 0; }
EOF
! if { (eval echo configure:1368: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
--- 1361,1367 ----
; return 0; }
EOF
! if { (eval echo configure:1365: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
diff -r -c 1/krb5-1.0.3/src/clients/ksu/configure.in krb5-1.0.3/src/clients/ksu/configure.in
*** 1/krb5-1.0.3/src/clients/ksu/configure.in Mon Nov 17 22:46:18 1997
--- krb5-1.0.3/src/clients/ksu/configure.in Sat Nov 22 23:16:16 1997
***************
*** 3,11 ****
AC_PROG_INSTALL
USE_ANAME
AC_HEADER_STDARG
! AC_CHECK_FUNCS(getusershell lstat )
AC_CHECK_HEADERS(unistd.h)
- USE_KRB5UTIL_LIBRARY
KRB5_LIBRARIES
V5_USE_SHARED_LIB
V5_AC_OUTPUT_MAKEFILE
--- 3,10 ----
AC_PROG_INSTALL
USE_ANAME
AC_HEADER_STDARG
! AC_CHECK_FUNCS(getusershell lstat seteuid setreuid setresuid)
AC_CHECK_HEADERS(unistd.h)
KRB5_LIBRARIES
V5_USE_SHARED_LIB
V5_AC_OUTPUT_MAKEFILE
diff -r -c 1/krb5-1.0.3/src/clients/ksu/heuristic.c krb5-1.0.3/src/clients/ksu/heuristic.c
*** 1/krb5-1.0.3/src/clients/ksu/heuristic.c Mon Nov 17 22:46:18 1997
--- krb5-1.0.3/src/clients/ksu/heuristic.c Sat Nov 22 23:55:44 1997
***************
*** 27,37 ****
#include "ksu.h"
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
-
/*******************************************************************
get_all_princ_from_file - retrieves all principal names
from file pointed to by fp.
--- 27,38 ----
#include "ksu.h"
+ #include "seteuid.h"
+
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
/*******************************************************************
get_all_princ_from_file - retrieves all principal names
from file pointed to by fp.
***************
*** 596,602 ****
}
/* Become root, then target for looking at .k5login.*/
! if (krb5_seteuid(0) || krb5_seteuid(target_uid) ) {
return errno;
}
--- 597,603 ----
}
/* Become root, then target for looking at .k5login.*/
! if (seteuid(0) || seteuid(target_uid) ) {
return errno;
}
diff -r -c 1/krb5-1.0.3/src/clients/ksu/krb_auth_su.c krb5-1.0.3/src/clients/ksu/krb_auth_su.c
*** 1/krb5-1.0.3/src/clients/ksu/krb_auth_su.c Mon Nov 17 22:46:19 1997
--- krb5-1.0.3/src/clients/ksu/krb_auth_su.c Sat Nov 22 22:57:46 1997
***************
*** 26,31 ****
--- 26,33 ----
*/
#include "ksu.h"
+
+ #include "seteuid.h"
static krb5_error_code krb5_verify_tkt_def
PROTOTYPE((krb5_context,
***************
*** 144,150 ****
if (! got_it){
#ifdef GET_TGT_VIA_PASSWD
! if (krb5_seteuid(0)||krb5_seteuid(target_uid)) {
com_err("ksu", errno, "while switching to target uid");
return FALSE;
}
--- 146,152 ----
if (! got_it){
#ifdef GET_TGT_VIA_PASSWD
! if (seteuid(0)||seteuid(target_uid)) {
com_err("ksu", errno, "while switching to target uid");
return FALSE;
}
***************
*** 156,167 ****
/*get the ticket granting ticket, via passwd(promt for passwd)*/
if (krb5_get_tkt_via_passwd (context, &cc, client, tgtq.server,
options, & zero_password) == FALSE){
! krb5_seteuid(0);
return FALSE;
}
*path_passwd = 1;
! if (krb5_seteuid(0)) {
com_err("ksu", errno, "while reclaiming root uid");
return FALSE;
}
--- 158,169 ----
/*get the ticket granting ticket, via passwd(promt for passwd)*/
if (krb5_get_tkt_via_passwd (context, &cc, client, tgtq.server,
options, & zero_password) == FALSE){
! seteuid(0);
return FALSE;
}
*path_passwd = 1;
! if (seteuid(0)) {
com_err("ksu", errno, "while reclaiming root uid");
return FALSE;
}
diff -r -c 1/krb5-1.0.3/src/clients/ksu/main.c krb5-1.0.3/src/clients/ksu/main.c
*** 1/krb5-1.0.3/src/clients/ksu/main.c Mon Nov 17 22:46:19 1997
--- krb5-1.0.3/src/clients/ksu/main.c Sat Nov 22 22:58:03 1997
***************
*** 26,31 ****
--- 26,34 ----
*/
#include "ksu.h"
+
+ #include "seteuid.h"
+
#include "adm_proto.h"
#include <sys/types.h>
#include <sys/wait.h>
***************
*** 382,388 ****
if (cc_source_tag_tmp == (char *) 1)
cc_source_tag_tmp = cc_source_tag;
}
! if (krb5_seteuid(source_uid)) {
com_err ( prog_name, errno, "while setting euid to source user");
exit(1);
}
--- 385,391 ----
if (cc_source_tag_tmp == (char *) 1)
cc_source_tag_tmp = cc_source_tag;
}
! if (seteuid(source_uid)) {
com_err ( prog_name, errno, "while setting euid to source user");
exit(1);
}
***************
*** 410,416 ****
/* We may be running as either source or target, depending on
what happened; become source.*/
if ( geteuid() != source_uid) {
! if (krb5_seteuid(0) || krb5_seteuid(source_uid) ) {
com_err(prog_name, errno, "while returning to source uid after finding best principal");
exit(1);
}
--- 413,419 ----
/* We may be running as either source or target, depending on
what happened; become source.*/
if ( geteuid() != source_uid) {
! if (seteuid(0) || seteuid(source_uid) ) {
com_err(prog_name, errno, "while returning to source uid after finding best principal");
exit(1);
}
***************
*** 542,548 ****
}
/* Become root for authentication*/
! if (krb5_seteuid(0)) {
com_err(prog_name, errno, "while reclaiming root uid");
exit(1);
}
--- 545,551 ----
}
/* Become root for authentication*/
! if (seteuid(0)) {
com_err(prog_name, errno, "while reclaiming root uid");
exit(1);
}
***************
*** 641,647 ****
source_user,ontty());
/* Run authorization as target.*/
! if (krb5_seteuid(target_uid)) {
com_err(prog_name, errno, "whiel switching to target for authorization check");
sweep_up(ksu_context, use_source_cache, cc_target);
exit(1);
--- 644,650 ----
source_user,ontty());
/* Run authorization as target.*/
! if (seteuid(target_uid)) {
com_err(prog_name, errno, "whiel switching to target for authorization check");
sweep_up(ksu_context, use_source_cache, cc_target);
exit(1);
***************
*** 650,661 ****
if ((retval = krb5_authorization(ksu_context, client,target_user,
cmd, &authorization_val, &exec_cmd))){
com_err(prog_name,retval,"while checking authorization");
! krb5_seteuid(0); /*So we have some chance of sweeping up*/
sweep_up(ksu_context, use_source_cache, cc_target);
exit(1);
}
! if (krb5_seteuid(0)) {
com_err(prog_name, errno, "while switching back from target after authorization check");
sweep_up(ksu_context, use_source_cache, cc_target);
exit(1);
--- 653,664 ----
if ((retval = krb5_authorization(ksu_context, client,target_user,
cmd, &authorization_val, &exec_cmd))){
com_err(prog_name,retval,"while checking authorization");
! seteuid(0); /*So we have some chance of sweeping up*/
sweep_up(ksu_context, use_source_cache, cc_target);
exit(1);
}
! if (seteuid(0)) {
com_err(prog_name, errno, "while switching back from target after authorization check");
sweep_up(ksu_context, use_source_cache, cc_target);
exit(1);
***************
*** 935,942 ****
char * cc_name;
struct stat st_temp;
! krb5_seteuid(0);
! krb5_seteuid(target_uid);
if (! use_source_cache){
cc_name = krb5_cc_get_name(context, cc);
--- 938,945 ----
char * cc_name;
struct stat st_temp;
! seteuid(0);
! seteuid(target_uid);
if (! use_source_cache){
cc_name = krb5_cc_get_name(context, cc);
diff -r -c 1/krb5-1.0.3/src/configure krb5-1.0.3/src/configure
*** 1/krb5-1.0.3/src/configure Mon Nov 17 22:51:57 1997
--- krb5-1.0.3/src/configure Sat Nov 22 22:49:16 1997
***************
*** 1156,1163 ****
enableval="$enable_shared"
case $krb5_cv_host in
! *-*-netbsd*)
! echo "Enabling shared libraries for NetBSD...."
krb5_cv_shlibs_cflags=-fpic
krb5_cv_shlibs_ext=so
krb5_cv_noshlibs_ext=a
--- 1156,1163 ----
enableval="$enable_shared"
case $krb5_cv_host in
! *-*-netbsd*|*-*-freebsd*)
! echo "Enabling shared libraries for NetBSD/FreeBSD...."
krb5_cv_shlibs_cflags=-fpic
krb5_cv_shlibs_ext=so
krb5_cv_noshlibs_ext=a
diff -r -c 1/krb5-1.0.3/src/include/k5-int.h krb5-1.0.3/src/include/k5-int.h
*** 1/krb5-1.0.3/src/include/k5-int.h Mon Nov 17 22:46:27 1997
--- krb5-1.0.3/src/include/k5-int.h Sat Nov 22 22:54:05 1997
***************
*** 1358,1365 ****
#define KRB5_VERIFY_MAGIC(structure,magic_number) \
if ((structure)->magic != (magic_number)) return (magic_number);
- int krb5_seteuid KRB5_PROTOTYPE((int));
-
int krb5_setenv KRB5_PROTOTYPE((const char *, const char *, int));
void krb5_unsetenv KRB5_PROTOTYPE((const char *));
--- 1358,1363 ----
diff -r -c 1/krb5-1.0.3/src/lib/krb4/in_tkt.c krb5-1.0.3/src/lib/krb4/in_tkt.c
*** 1/krb5-1.0.3/src/lib/krb4/in_tkt.c Mon Nov 17 22:48:49 1997
--- krb5-1.0.3/src/lib/krb4/in_tkt.c Sat Nov 22 23:51:36 1997
***************
*** 28,42 ****
* success, or KFAILURE if something goes wrong.
*/
! #ifndef HAVE_SETREUID
! #ifdef HAVE_SETRESUID
! /* for hpux */
! #define setreuid(r,e) setresuid(r,e,-1)
! #else
! /* for svr4 */
! #define setreuid(r,e) setuid(r)
! #endif
! #endif
#ifndef O_SYNC
#define O_SYNC 0
--- 28,34 ----
* success, or KFAILURE if something goes wrong.
*/
! #include "seteuid.h"
#ifndef O_SYNC
#define O_SYNC 0
***************
*** 98,107 ****
This isn't a security problem, since the ticket file, if it already
exists, has the right uid (== ruid) and mode. */
if (me != metoo) {
! if (setreuid(metoo, me) < 0) {
/* can't switch??? barf! */
if (krb_debug)
! perror("in_tkt: setreuid");
return(KFAILURE);
} else
if (krb_debug)
--- 90,99 ----
This isn't a security problem, since the ticket file, if it already
exists, has the right uid (== ruid) and mode. */
if (me != metoo) {
! if (seteuid(me) < 0) {
/* can't switch??? barf! */
if (krb_debug)
! perror("in_tkt: seteuid");
return(KFAILURE);
} else
if (krb_debug)
***************
*** 118,127 ****
}
umask(mask);
if (me != metoo) {
! if (setreuid(me, metoo) < 0) {
/* can't switch??? barf! */
if (krb_debug)
! perror("in_tkt: setreuid2");
return(KFAILURE);
} else
if (krb_debug)
--- 110,119 ----
}
umask(mask);
if (me != metoo) {
! if (seteuid(metoo) < 0) {
/* can't switch??? barf! */
if (krb_debug)
! perror("in_tkt: seteuid2");
return(KFAILURE);
} else
if (krb_debug)
diff -r -c 1/krb5-1.0.3/src/lib/krb4/kuserok.c krb5-1.0.3/src/lib/krb4/kuserok.c
*** 1/krb5-1.0.3/src/lib/krb4/kuserok.c Mon Nov 17 22:48:50 1997
--- krb5-1.0.3/src/lib/krb4/kuserok.c Sat Nov 22 22:58:20 1997
***************
*** 27,38 ****
#include <sys/unistd.h>
#endif
! #ifndef HAVE_SETEUID
! #ifdef HAVE_SETRESUID
! #define seteuid(e) setresuid(-1,e,-1)
! #define setegid(e) setresgid(-1,e,-1)
! #endif
! #endif
#define OK 0
#define NOTOK 1
--- 27,33 ----
#include <sys/unistd.h>
#endif
! #include "seteuid.h"
#define OK 0
#define NOTOK 1
diff -r -c 1/krb5-1.0.3/src/lib/krb4/tf_shm.c krb5-1.0.3/src/lib/krb4/tf_shm.c
*** 1/krb5-1.0.3/src/lib/krb4/tf_shm.c Mon Nov 17 22:48:54 1997
--- krb5-1.0.3/src/lib/krb4/tf_shm.c Sat Nov 22 22:58:24 1997
***************
*** 22,27 ****
--- 22,29 ----
#define MAX_BUFF sizeof(des_cblock)*1000 /* room for 1k keys */
+ #include "seteuid.h"
+
extern int krb_debug;
/*
***************
*** 71,80 ****
/* arrange so the file is owned by the ruid
(swap real & effective uid if necessary). */
if (me != metoo) {
! if (setreuid(metoo, me) < 0) {
/* can't switch??? barf! */
if (krb_debug)
! perror("krb_shm_create: setreuid");
(void) shmctl(shmid, IPC_RMID, 0);
return(KFAILURE);
} else
--- 73,82 ----
/* arrange so the file is owned by the ruid
(swap real & effective uid if necessary). */
if (me != metoo) {
! if (seteuid(me) < 0) {
/* can't switch??? barf! */
if (krb_debug)
! perror("krb_shm_create: seteuid");
(void) shmctl(shmid, IPC_RMID, 0);
return(KFAILURE);
} else
***************
*** 94,103 ****
return(KFAILURE); /* XXX */
}
if (me != metoo) {
! if (setreuid(me, metoo) < 0) {
/* can't switch??? barf! */
if (krb_debug)
! perror("krb_shm_create: setreuid2");
(void) shmctl(shmid, IPC_RMID, 0);
return(KFAILURE);
} else
--- 96,105 ----
return(KFAILURE); /* XXX */
}
if (me != metoo) {
! if (seteuid(metoo) < 0) {
/* can't switch??? barf! */
if (krb_debug)
! perror("krb_shm_create: seteuid2");
(void) shmctl(shmid, IPC_RMID, 0);
return(KFAILURE);
} else
diff -r -c 1/krb5-1.0.3/src/lib/krb5util/Makefile.in krb5-1.0.3/src/lib/krb5util/Makefile.in
*** 1/krb5-1.0.3/src/lib/krb5util/Makefile.in Mon Nov 17 22:49:40 1997
--- krb5-1.0.3/src/lib/krb5util/Makefile.in Sat Nov 22 22:42:06 1997
***************
*** 6,14 ****
.c.o:
$(CC) $(CFLAGS) -c $(srcdir)/$*.c
! OBJS= compat_recv.$(OBJEXT) seteuid.$(OBJEXT)
! SRCS= $(srcdir)/compat_recv.c $(srcdir)/seteuid.c
LIB_SUBDIRS= .
LIBDONE= DONE
--- 6,14 ----
.c.o:
$(CC) $(CFLAGS) -c $(srcdir)/$*.c
! OBJS= compat_recv.$(OBJEXT)
! SRCS= $(srcdir)/compat_recv.c
LIB_SUBDIRS= .
LIBDONE= DONE
diff -r -c 1/krb5-1.0.3/src/util/makeshlib.sh krb5-1.0.3/src/util/makeshlib.sh
*** 1/krb5-1.0.3/src/util/makeshlib.sh Mon Nov 17 22:50:24 1997
--- krb5-1.0.3/src/util/makeshlib.sh Sat Nov 22 22:49:30 1997
***************
*** 17,23 ****
VERSION="$1" ; shift
case $host in
! *-*-netbsd*)
FILES=`for i
do
sed -e "s;^;$i/shared/;" -e "s; ; $i/shared/;g" -e "s;^$i/shared/\$;;" $i/DONE
--- 17,23 ----
VERSION="$1" ; shift
case $host in
! *-*-netbsd*|*-*-freebsd*)
FILES=`for i
do
sed -e "s;^;$i/shared/;" -e "s; ; $i/shared/;g" -e "s;^$i/shared/\$;;" $i/DONE
-----------------
seteuid.h
-----------------
/*
* if seteuid()/setegid() are not available, emulate them using
* setreuid() or setresuid().
*/
#ifndef __SETEUID__
#define __SETEUID__
#ifndef HAVE_SETEUID
#define HAVE_SETEUID
#if defined(HAVE_SETREUID)
#define seteuid(e) setreuid(-1,e)
#define setegid(e) setregid(-1,e)
#elif defined(HAVE_SETRESUID)
#define seteuid(e) setresuid(-1,e,-1)
#define seteuid(e) setresgid(-1,e,-1)
#else
/*
* You are running a very wierd OS and will have to
* code your own seteuid() and setegid() functions.
*/
#endif /* HAVE_SETREUID */
#endif /* HAVE_SETEUID */
#endif /* __SETEUID__ */
>Audit-Trail:
>Unformatted:
