security

diff --git a/kerberosIV/krb/in_tkt.c b/kerberosIV/krb/in_tkt.c
index d34f105..6bea0ff 100644 (file)
--- a/kerberosIV/krb/in_tkt.c
+++ b/kerberosIV/krb/in_tkt.c
@@ -100,7 +100,7 @@ in_tkt(pname, pinst)
            if (krb_debug)
                printf("swapped UID's %d and %d\n",(int)metoo,(int)me);
     }
-    if ((tktfile = creat(file,0600)) < 0) {
+    if ((tktfile = open (file,O_CREAT|O_EXCL|O_WRONLY,0600)) < 0) {
        if (krb_debug)
            fprintf(stderr,"Error initializing %s",TKT_FILE);
         return(KFAILURE);

diff --git a/usr.bin/login/klogin.c b/usr.bin/login/klogin.c
index 893e745..aef1761 100644 (file)
--- a/usr.bin/login/klogin.c
+++ b/usr.bin/login/klogin.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: klogin.c,v 1.3 1996/06/26 05:36:00 deraadt Exp $      */
+/*     $OpenBSD: klogin.c,v 1.4 1997/01/27 20:44:16 dm Exp $   */
 /*     $NetBSD: klogin.c,v 1.7 1996/05/21 22:07:04 mrg Exp $   */
 
 /*-
@@ -38,7 +38,7 @@
 #if 0
 static char sccsid[] = "@(#)klogin.c   8.3 (Berkeley) 4/2/94";
 #endif
-static char rcsid[] = "$OpenBSD: klogin.c,v 1.3 1996/06/26 05:36:00 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: klogin.c,v 1.4 1997/01/27 20:44:16 dm Exp $";
 #endif /* not lint */
 
 #ifdef KERBEROS
@@ -97,15 +97,18 @@ klogin(pw, instance, localhost, password)
 #endif
 
        /*
-        * Root logins don't use Kerberos.
+        * Root logins don't use Kerberos (or at least shouldn't be
+        * sending kerberos passwords around in cleartext), so don't
+        * allow any root logins here (keeping in mind that we only
+        * get here with a password).
+        *
         * If we have a realm, try getting a ticket-granting ticket
         * and using it to authenticate.  Otherwise, return
         * failure so that we can try the normal passwd file
         * for a password.  If that's ok, log the user in
         * without issuing any tickets.
         */
-       if (strcmp(pw->pw_name, "root") == 0 ||
-           krb_get_lrealm(realm, 0) != KSUCCESS)
+       if (pw->pw_uid == 0 || krb_get_lrealm(realm, 0) != KSUCCESS)
                return (1);
 
        /*
@@ -178,7 +181,9 @@ klogin(pw, instance, localhost, password)
                  dest_tkt();
                  return (1);
                }
-               return (0);
+               /* Otherwise, leave ticket around, but make sure
+                * password matches the Unix password. */
+               return (1);
        }
 
        if (kerror != KSUCCESS) {

diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c
index e64d600..59f556a 100644 (file)
--- a/usr.bin/login/login.c
+++ b/usr.bin/login/login.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: login.c,v 1.16 1997/01/15 23:43:03 millert Exp $      */
+/*     $OpenBSD: login.c,v 1.17 1997/01/27 20:44:14 dm Exp $   */
 /*     $NetBSD: login.c,v 1.13 1996/05/15 23:50:16 jtc Exp $   */
 
 /*-
@@ -44,7 +44,7 @@ static char copyright[] =
 #if 0
 static char sccsid[] = "@(#)login.c    8.4 (Berkeley) 4/2/94";
 #endif
-static char rcsid[] = "$OpenBSD: login.c,v 1.16 1997/01/15 23:43:03 millert Exp $";
+static char rcsid[] = "$OpenBSD: login.c,v 1.17 1997/01/27 20:44:14 dm Exp $";
 #endif /* not lint */
 
 /*
@@ -221,6 +221,9 @@ main(argc, argv)
                        getloginname();
                }
                rootlogin = 0;
+#if 1 /* Why should anyone with a root instance be able to be root here? */
+               instance = "";
+#else
 #ifdef KERBEROS
                if ((instance = strchr(username, '.')) != NULL) {
                        if (strncmp(instance, ".root", 5) == 0)
@@ -236,6 +239,7 @@ main(argc, argv)
                        *instance++ = '\0';
                } else
                        instance = "";
+#endif
 #endif
                if (strlen(username) > UT_NAMESIZE)
                        username[UT_NAMESIZE] = '\0';