[5184] in Athena Bugs
rkinitd
daemon@ATHENA.MIT.EDU (qjb@ATHENA.MIT.EDU)
Thu Jun 14 08:46:22 1990
From: qjb@ATHENA.MIT.EDU
Date: Thu, 14 Jun 90 08:46:02 -0400
To: bugs@ATHENA.MIT.EDU
This patch fixes an obscure bug in rkinitd. Rkinitd assumes
that if anyone can read the user's .klogin file, root can. This
means that if a user has a .klogin unreadable by root (such as
in an NFS directory), rkinit may fail. Thanks to jfc for
pointing this out. Apparently, the same bug exists in rlogin.
Can this make 7.1? I've tested the fix.
Jay
*** /tmp/,RCSt1010025 Thu Jun 14 08:43:41 1990
--- /tmp/,RCSt2010025 Thu Jun 14 08:43:42 1990
***************
*** 1,5 ****
/*
! * $Header: /afs/athena.mit.edu/user/q/qjb/source/rkinit/rkinitd/RCS/krb.c,v 1.1 89/11/12 19:35:48 qjb Exp $
* $Source: /afs/athena.mit.edu/user/q/qjb/source/rkinit/rkinitd/RCS/krb.c,v $
* $Author: qjb $
*
--- 1,5 ----
/*
! * $Header: /afs/athena.mit.edu/user/q/qjb/source/rkinit/rkinitd/RCS/krb.c,v 1.2 90/06/14 08:40:41 qjb Exp $
* $Source: /afs/athena.mit.edu/user/q/qjb/source/rkinit/rkinitd/RCS/krb.c,v $
* $Author: qjb $
*
***************
*** 7,13 ****
*/
#if !defined(lint) && !defined(SABER)
! static char *rcsid = "$Header: /afs/athena.mit.edu/user/q/qjb/source/rkinit/rkinitd/RCS/krb.c,v 1.1 89/11/12 19:35:48 qjb Exp $";
#endif lint || SABER
#include <stdio.h>
--- 7,13 ----
*/
#if !defined(lint) && !defined(SABER)
! static char *rcsid = "$Header: /afs/athena.mit.edu/user/q/qjb/source/rkinit/rkinitd/RCS/krb.c,v 1.2 90/06/14 08:40:41 qjb Exp $";
#endif lint || SABER
#include <stdio.h>
***************
*** 157,162 ****
--- 157,163 ----
{
struct passwd *pwnam; /* For access_check and uid */
AUTH_DAT auth_dat;
+ int kstatus = KSUCCESS;
SBCLEAR(auth_dat);
***************
*** 169,175 ****
strcpy(auth_dat.pinst, inst);
strcpy(auth_dat.prealm, realm);
! if (kuserok(&auth_dat, username) != KSUCCESS) {
sprintf(errmsg, "%s has not allowed you to log in with", username);
if (strlen(auth_dat.pinst))
sprintf(errmsg, "%s %s.%s", errmsg, auth_dat.pname,
--- 170,192 ----
strcpy(auth_dat.pinst, inst);
strcpy(auth_dat.prealm, realm);
! if (seteuid(pwnam->pw_uid) < 0) {
! sprintf(errmsg, "Failure setting euid to %d: %s\n", pwnam->pw_uid,
! sys_errlist[errno]);
! strcpy(errbuf, errmsg);
! error();
! return(FAILURE);
! }
! kstatus = kuserok(&auth_dat, username);
! if (seteuid(0) < 0) {
! sprintf(errmsg, "Failure setting euid to 0: %s\n",
! sys_errlist[errno]);
! strcpy(errbuf, errmsg);
! error();
! return(FAILURE);
! }
!
! if (kstatus != KSUCCESS) {
sprintf(errmsg, "%s has not allowed you to log in with", username);
if (strlen(auth_dat.pinst))
sprintf(errmsg, "%s %s.%s", errmsg, auth_dat.pname,
***************
*** 185,192 ****
* of making the appropriate change.
*/
if (setruid(pwnam->pw_uid) < 0) {
! sprintf(errmsg,
! "Failure setting ruid to %d: %s\n", sys_errlist[errno]);
strcpy(errbuf, errmsg);
error();
return(FAILURE);
--- 202,209 ----
* of making the appropriate change.
*/
if (setruid(pwnam->pw_uid) < 0) {
! sprintf(errmsg, "Failure setting ruid to %d: %s\n", pwnam->pw_uid,
! sys_errlist[errno]);
strcpy(errbuf, errmsg);
error();
return(FAILURE);
