[5834] in Athena Bugs
ultrix 3.1 login.c changes for YP, NOENCRYPTION
daemon@ATHENA.MIT.EDU (John T Kohl)
Fri Aug 24 11:51:00 1990
Date: Fri, 24 Aug 90 11:50:35 -0400
From: John T Kohl <jtkohl@ATHENA.MIT.EDU>
To: bugs@ATHENA.MIT.EDU
diffs against athena-ized ultrix login.c
*** /tmp/,RCSt1008895 Fri Aug 24 11:48:03 1990
--- login.c Wed Aug 8 04:18:52 1990
***************
*** 30,39 ****
* *
************************************************************************/
/*
! * $Source: /hecate/u4/lockers/decworld/supplemental/login/RCS/login.c,v $
! * $Author: jtkohl $
* $Locker: $
* $Log: login.c,v $
* Revision 1.1 90/07/18 15:08:19 jtkohl
* Initial revision
*
--- 30,55 ----
* *
************************************************************************/
/*
! * $Source: /u1/athena/supplemental/login/RCS/login.c,v $
! * $Author: root $
* $Locker: $
* $Log: login.c,v $
+ * Revision 1.5 90/08/08 18:18:41 root
+ * fix null-pointer deref problem in some cases when no encryption is in use.
+ *
+ * Revision 1.4 90/08/02 11:56:05 jtkohl
+ * fix some noencryption & hesiod interaction problems,
+ * verify passwd in all cases, fix attach interaction to get useful
+ * error messages to the screen.
+ *
+ * Revision 1.3 90/07/18 17:48:17 jtkohl
+ * use /usr/athena/bin
+ *
+ * Revision 1.2 90/07/18 17:26:02 jtkohl
+ * new prototype dir
+ * add YP changes
+ * add setreuid() for new krb lib changes
+ *
* Revision 1.1 90/07/18 15:08:19 jtkohl
* Initial revision
*
***************
*** 162,168 ****
*/
/*
! static char *rcsid_login_c = "$Header: /hecate/u4/lockers/decworld/supplemental/login/RCS/login.c,v 1.1 90/07/18 15:08:19 jtkohl Exp $";
static char *sccsid = "@(#)login.c 4.34 (Berkeley) 84/05/07";
*/
--- 178,184 ----
*/
/*
! static char *rcsid_login_c = "$Header: /u1/athena/supplemental/login/RCS/login.c,v 1.5 90/08/08 18:18:41 root Exp $";
static char *sccsid = "@(#)login.c 4.34 (Berkeley) 84/05/07";
*/
***************
*** 214,220 ****
#define KRB_TK_DIR "/tmp/tkt_" /* Where to put the ticket */
#define KRBTKLIFETIME 96 /* 8 hours */
! #define PROTOTYPE_DIR "/usr/prototype_user" /* Source for temp files */
#define TEMP_DIR_PERM 0755 /* Permission on temporary directories */
#define MAXPWSIZE 128 /* Biggest key getlongpass will return */
--- 230,236 ----
#define KRB_TK_DIR "/tmp/tkt_" /* Where to put the ticket */
#define KRBTKLIFETIME 96 /* 8 hours */
! #define PROTOTYPE_DIR "/usr/athena/lib/prototype_user" /* Source for temp files */
#define TEMP_DIR_PERM 0755 /* Permission on temporary directories */
#define MAXPWSIZE 128 /* Biggest key getlongpass will return */
***************
*** 235,241 ****
char inhibit[] = "/etc/nocreate";
char noattach[] = "/etc/noattach";
char go_register[] = "/usr/etc/go_register";
! char get_motd[] = "/bin/athena/get_message";
/* uid, gid, etc. used to be -1; guess what setreuid does with that --asp */
struct passwd nouser = {"", "nope", -2, -2, -2, -2, -2, "", "", "", "" };
--- 251,257 ----
char inhibit[] = "/etc/nocreate";
char noattach[] = "/etc/noattach";
char go_register[] = "/usr/etc/go_register";
! char get_motd[] = "/usr/athena/bin/get_message";
/* uid, gid, etc. used to be -1; guess what setreuid does with that --asp */
struct passwd nouser = {"", "nope", -2, -2, -2, -2, -2, "", "", "", "" };
***************
*** 653,669 ****
pp = line;
}
#ifdef ATHENA
! if (!found) /* check if we can create an entry */
! if (inhibitflag)
! invalid = TRUE;
else /* we are allowed to create an entry */
pwd = &newuser;
/* Modifications for Kerberos authentication -- asp */
SCPYN(pp2, pp);
pp[8]='\0';
if (found)
namep = crypt(pp, pwd->pw_passwd);
! #ifndef NOENCRYPTION
else {
int c;
salt = 9 * getpid();
--- 669,695 ----
pp = line;
}
#ifdef ATHENA
! #ifdef YP
! if (!found) /* gotta be in the YP... */
! invalid = TRUE;
! #else /* !YP */
! if (!found) { /* check if we can create an entry */
! if (inhibitflag) {
! invalid = TRUE;
! pwd = &nouser;
! }
else /* we are allowed to create an entry */
pwd = &newuser;
+ }
+ #endif /* YP */
/* Modifications for Kerberos authentication -- asp */
SCPYN(pp2, pp);
pp[8]='\0';
if (found)
namep = crypt(pp, pwd->pw_passwd);
! #ifdef NOENCRYPTION
! else namep = "XXX";
! #else
else {
int c;
salt = 9 * getpid();
***************
*** 685,690 ****
--- 711,717 ----
bzero(line, sizeof(line));
setpriority(PRIO_PROCESS, 0, 0);
if (!invalid && (pwd->pw_uid != 0)) {
+ struct passwd *nspwd;
/* if not root, get Kerberos tickets */
if(krb_get_lrealm(realm, 1) != KSUCCESS) {
SCPYN(realm, KRB_REALM);
***************
*** 691,696 ****
--- 718,729 ----
}
strncpy(lusername, utmp.ut_name, NMAX);
lusername[NMAX] = '\0';
+ #ifndef YP
+ if ((nspwd = hes_getpwnam(lusername)) != NULL) {
+ setreuid(nspwd->pw_uid, 0);
+ } else
+ #endif
+ setreuid(pwd->pw_uid, 0);
krbval = krb_get_pw_in_tkt(lusername, "", realm,
"krbtgt", realm,
KRBTKLIFETIME, pp2);
***************
*** 700,708 ****
administration is
doing */
#endif
switch (krbval) {
case INTK_OK:
! #ifndef NOENCRYPTION
alarm(0); /* Authentic, so don't time out. */
#endif
invalid = FALSE;
--- 733,751 ----
administration is
doing */
#endif
+ setreuid(0, 0);
switch (krbval) {
case INTK_OK:
! #ifdef NOENCRYPTION
! #ifdef YP
! if (strcmp(namep, pwd->pw_passwd)) {
! (void) dest_tkt();
! invalid = TRUE;
! krbflag = FALSE;
! break;
! }
! #endif
! #else
alarm(0); /* Authentic, so don't time out. */
#endif
invalid = FALSE;
***************
*** 711,717 ****
/* create a password entry: first ask the
nameserver to get us finger and shell
info */
- struct passwd *nspwd;
if ((nspwd = hes_getpwnam(lusername)) != NULL) {
#ifdef NOENCRYPTION
pwd->pw_passwd = nspwd->pw_passwd;
--- 754,759 ----
***************
*** 759,766 ****
tmppwflag = TRUE;
}
}
! chown(getenv(KRB_ENVIRON), pwd->pw_uid,
! pwd->pw_gid);
/* If we already have a homedir, use it.
* Otherwise, try to attach. If that fails,
* try to create.
--- 801,818 ----
tmppwflag = TRUE;
}
}
! #ifdef NOENCRYPTION
! else {
! /* was found in local passwd file;
! verify passwd */
! if (strcmp(namep, pwd->pw_passwd)) {
! (void) dest_tkt();
! invalid = TRUE;
! krbflag = FALSE;
! break; /* from the kerberos switch */
! }
! }
! #endif
/* If we already have a homedir, use it.
* Otherwise, try to attach. If that fails,
* try to create.
***************
*** 786,792 ****
attachedflag = TRUE;
}
} else
! puts("\nWarning: Using local home directory.");
break;
case KDC_NULL_KEY:
--- 838,844 ----
attachedflag = TRUE;
}
} else
! puts("\nWarning: Using local home directory.\n");
break;
case KDC_NULL_KEY:
***************
*** 837,843 ****
}
/* if password is good, user is good, no matter what. */
invalid = invalid && strcmp(namep, pwd->pw_passwd);
-
leavethis:
bzero(pp2, MAXPWSIZE+1); /* I ain't got no secrets... */
/*
--- 889,894 ----
***************
*** 844,850 ****
* If our uid < 0, we must be a bogus user.
*/
if(pwd->pw_uid < 0) invalid = TRUE;
! #else /* ! ATHENA */
namep = crypt(pp, pwd->pw_passwd);
/*bzero(line, BUFSIZ); /* 029 - GAG */
--- 895,901 ----
* If our uid < 0, we must be a bogus user.
*/
if(pwd->pw_uid < 0) invalid = TRUE;
! #else /* ! ATHENA */
namep = crypt(pp, pwd->pw_passwd);
/*bzero(line, BUFSIZ); /* 029 - GAG */
***************
*** 853,858 ****
--- 904,910 ----
invalid = TRUE;
#endif
}
+ fflush(stdout);
/*
* If user not super-user, check for logins disabled.
*/
***************
*** 899,909 ****
close(2);
cleanup(10, 1);
}
! } else if(notty) {
! printf("Login succeeded\n");
! fflush(stdout);
! }
! if (*pwd->pw_shell == '\0')
pwd->pw_shell = "/bin/sh";
if (chdir(pwd->pw_dir) < 0 && !invalid ) {
if (chdir("/") < 0) {
--- 951,958 ----
close(2);
cleanup(10, 1);
}
! }
! if (!pwd->pw_shell || *pwd->pw_shell == '\0')
pwd->pw_shell = "/bin/sh";
if (chdir(pwd->pw_dir) < 0 && !invalid ) {
if (chdir("/") < 0) {
***************
*** 926,931 ****
--- 975,985 ----
/* committed to login turn off timeout */
alarm(0);
+ if (notty) {
+ printf("Login succeeded\n");
+ fflush(stdout);
+ }
+
#ifdef ATHENA
if (tmppwflag) {
remove_pwent(pwd);
***************
*** 1467,1472 ****
--- 1521,1528 ----
{
union wait status;
int attachpid;
+ int pipes[2];
+ FILE *pipeinput;
if (!attachable)
return (1);
***************
*** 1479,1492 ****
* of course fails.
*/
if (!(attachpid = fork())) {
setuid(pwd->pw_uid);
! freopen("/dev/null","w",stdout);
! execl("/bin/athena/attach","attach", "-q", lusername,0);
exit (-1);
}
while (wait(&status) != attachpid)
;
if (status.w_retcode == 0) {
chown(pwd->pw_dir, pwd->pw_uid, pwd->pw_gid);
chdir(pwd->pw_dir);
--- 1535,1561 ----
* of course fails.
*/
+ if (pipe(pipes) == -1)
+ return(1);
if (!(attachpid = fork())) {
setuid(pwd->pw_uid);
! dup2(pipes[1],2);
! close(pipes[0]);
! freopen("/dev/null","w", stdout);
! execl("/usr/athena/bin/attach","attach", "-q", lusername,0);
exit (-1);
}
+ close(pipes[1]);
+ pipeinput = fdopen(pipes[0], "r");
while (wait(&status) != attachpid)
;
+ if (pipeinput) {
+ char buf[512];
+ while (fgets(buf, sizeof(buf), pipeinput))
+ fputs(buf, stdout);
+ fclose(pipeinput);
+ }
+ close(pipes[0]);
if (status.w_retcode == 0) {
chown(pwd->pw_dir, pwd->pw_uid, pwd->pw_gid);
chdir(pwd->pw_dir);
***************
*** 1509,1515 ****
setuid(pwd->pw_uid);
freopen("/dev/null","w",stdout);
freopen("/dev/null","w",stderr);
! execl("/bin/athena/detach","detach",lusername,0);
exit (-1);
}
while (wait(&status) != pid)
--- 1578,1584 ----
setuid(pwd->pw_uid);
freopen("/dev/null","w",stdout);
freopen("/dev/null","w",stderr);
! execl("/usr/athena/bin/detach","detach",lusername,0);
exit (-1);
}
while (wait(&status) != pid)
