[321] in Kerberos-V5-bugs
kuserok: .k5login should be ownable by root
daemon@ATHENA.MIT.EDU (Jonathan I. Kamens)
Mon May 24 15:36:20 1993
Date: Mon, 24 May 93 15:36:13 -0400
From: "Jonathan I. Kamens" <jik@GZA.COM>
To: krb5-bugs@Athena.MIT.EDU
I believe that it should be possible for the system administrator of a
machine to set up a home directory that is owned by root, with a
.k5login file that is owned by root, so that he can control who is
allowed to log into the account, but those users can't change who is
allowed to log in.
Therefore, kuserok should allow the .k5login file to be owned by the
user or by root.
This patch fixes this, as well as fixing all of the references to
"klogin" so they refer to "k5login" instead.
jik
*** 5.7 1992/02/23 12:19:28
--- kuserok.c 1993/05/24 19:29:05
***************
*** 1,6 ****
/*
* $Source: /afs/gza.com/project/krb5.B3.alpha/src/lib/os/RCS/kuserok.c,v $
! * $Author: jfc $
*
* Copyright 1990 by the Massachusetts Institute of Technology.
* All Rights Reserved.
--- 1,6 ----
/*
* $Source: /afs/gza.com/project/krb5.B3.alpha/src/lib/os/RCS/kuserok.c,v $
! * $Author: jik $
*
* Copyright 1990 by the Massachusetts Institute of Technology.
* All Rights Reserved.
***************
*** 27,33 ****
#if !defined(lint) && !defined(SABER)
static char rcsid_kuserok_c [] =
! "$Id: kuserok.c,v 5.7 1992/02/23 12:19:28 jfc Exp $";
#endif /* !lint & !SABER */
#include <krb5/krb5.h>
--- 27,33 ----
#if !defined(lint) && !defined(SABER)
static char rcsid_kuserok_c [] =
! "$Id: kuserok.c,v 5.9 1993/05/24 19:28:57 jik Exp $";
#endif /* !lint & !SABER */
#include <krb5/krb5.h>
***************
*** 49,55 ****
/*
* Given a Kerberos principal "principal", and a local username "luser",
* determine whether user is authorized to login according to the
! * authorization file ("~luser/.klogin" by default). Returns TRUE
* if authorized, FALSE if not authorized.
*
* If there is no account for "luser" on the local machine, returns
--- 49,55 ----
/*
* Given a Kerberos principal "principal", and a local username "luser",
* determine whether user is authorized to login according to the
! * authorization file ("~luser/.k5login" by default). Returns TRUE
* if authorized, FALSE if not authorized.
*
* If there is no account for "luser" on the local machine, returns
***************
*** 90,96 ****
if (access(pbuf, F_OK)) { /* not accessible */
/*
! * if he's trying to log in as himself, and there is no .klogin file,
* let him. To find out, call
* krb5_aname_to_localname to convert the principal to a name
* which we can string compare.
--- 90,96 ----
if (access(pbuf, F_OK)) { /* not accessible */
/*
! * if he's trying to log in as himself, and there is no .k5login file,
* let him. To find out, call
* krb5_aname_to_localname to convert the principal to a name
* which we can string compare.
***************
*** 104,116 ****
if (krb5_unparse_name(principal, &princname))
return(FALSE); /* no hope of matching */
! /* open ~/.klogin */
if ((fp = fopen(pbuf, "r")) == NULL) {
free(princname);
return(FALSE);
}
/*
! * security: if the user does not own his own .klogin file,
* do not grant access
*/
if (fstat(fileno(fp), &sbuf)) {
--- 104,116 ----
if (krb5_unparse_name(principal, &princname))
return(FALSE); /* no hope of matching */
! /* open ~/.k5login */
if ((fp = fopen(pbuf, "r")) == NULL) {
free(princname);
return(FALSE);
}
/*
! * security: if the user does not own his own .k5login file,
* do not grant access
*/
if (fstat(fileno(fp), &sbuf)) {
***************
*** 118,124 ****
free(princname);
return(FALSE);
}
! if (sbuf.st_uid != pwd->pw_uid) {
fclose(fp);
free(princname);
return(FALSE);
--- 118,127 ----
free(princname);
return(FALSE);
}
! /* Allow .k5login file to be owned by root, so that machine */
! /* administrators can set up an account that users can log into */
! /* with Kerberos but not change. */
! if ((sbuf.st_uid != pwd->pw_uid) && sbuf.st_uid) {
fclose(fp);
free(princname);
return(FALSE);
