[3235] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

krb5-appl/980: login.krb5 doesn't fetch tickets for root?

daemon@ATHENA.MIT.EDU (david@smyrph.net)
Thu Jul 19 22:12:03 2001

Resent-From: gnats@rt-11.mit.edu (GNATS Management)
Resent-To: krb5-unassigned@rt-11.mit.edu
Resent-Reply-To: krb5-bugs@MIT.EDU, david@smyrph.net
Message-Id: <200107200211.f6K2BGK03448@inception.smyrph.net>
Date: Thu, 19 Jul 2001 22:11:16 -0400
From: david@smyrph.net
Reply-To: david@smyrph.net
To: krb5-bugs@mit.edu


>Number:         980
>Category:       krb5-appl
>Synopsis:       login.krb5 doesn't fetch tickets for root?
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    krb5-unassigned
>State:          open
>Class:          change-request
>Submitter-Id:   unknown
>Arrival-Date:   Thu Jul 19 22:12:00 EDT 2001
>Last-Modified:
>Originator:     me?
>Organization:
	just my personal things - smyrph.net
>Release:        krb5-1.2.2
>Environment:
	Linux, slackware 7.1, Intel P3
System: Linux inception.smyrph.net 2.4.5-ac21 #2 Thu Jun 28 23:13:43 EDT 2001 i686 unknown
Architecture: i686

>Description:
	sometimes annoying how login.krb5 doesn't fetch tickets for root.
>How-To-Repeat:
	set login.krb5 for your /bin/login (symlink...), login as root, then try
	running klist - which won't show any tickets!
>Fix:
	This patch lets you add "kinit_root = 1" to [login] in krb5.conf to
	request login.krb5 to attempt fetching tickets even for root.  I left
	the default for kinit_root not attempt fetching root tickets - to
	comply with existing behavior. (the patch also corrects an annoyance w/
	login.krb5 clearing struct winsize on linux - sent a separate PR)
diff -u --new-file --recursive krb5-1.2.2/src/appl/bsd/login.c krb5-1.2.2.noclearwinsize/src/appl/bsd/login.c
--- krb5-1.2.2/src/appl/bsd/login.c	Wed Feb 28 17:06:43 2001
+++ krb5-1.2.2.noclearwinsize/src/appl/bsd/login.c	Thu Jul 19 21:41:22 2001
@@ -60,6 +60,8 @@
 
 int login_accept_passwd = 0;
 
+int login_kinit_root = 0;
+
 /*
  * login [ name ]
  * login -r hostname	(for rlogind)
@@ -113,6 +115,7 @@
  * initializing these values anyway -- tcgetattr *should* give
  * them reasonable defaults... */
 #define NO_INIT_CC
+#define NO_SET_TIOCSWINSZ
 #endif
 
 #include <errno.h>
@@ -348,6 +351,7 @@
     "krb4_get_tickets", &login_krb4_get_tickets,
     "krb4_convert", &login_krb4_convert,
     "krb4_run_aklog", &login_krb_run_aklog,
+    "kinit_root", &login_kinit_root,
 #endif /* KRB5_KRB4_COMPAT */
 };
 
@@ -1291,7 +1295,7 @@
 
 	    lpass_ok = unix_passwd_okay(user_pwstring);
 
-	    if (pwd->pw_uid != 0) { /* Don't get tickets for root */
+	    if (pwd->pw_uid != 0 || login_kinit_root) { /* Don't get tickets for root */
 		try_krb5(&me, user_pwstring);
 
 #ifdef KRB4_GET_TICKETS
@@ -1438,11 +1442,13 @@
     quietlog = access(HUSHLOGIN, F_OK) == 0;
     dolastlog(quietlog, tty);
 
+#ifndef NO_SET_TIOCSWINSZ
     if (!hflag && !rflag && !kflag && !Kflag && !eflag) {	/* XXX */
 	static struct winsize win = { 0, 0, 0, 0 };
 
 	(void)ioctl(0, TIOCSWINSZ, (char *)&win);
     }
+#endif
 
     (void)chown(ttyn, pwd->pw_uid,
 		(gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
>Audit-Trail:
>Unformatted:
home help back first fref pref prev next nref lref last post