From: tholo Date: Tue, 18 Feb 1997 20:07:56 +0000 (+0000) Subject: Undo last changes; it makes it impossible to suspect su in Kerberos mode, X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=88e914491d23108912ee5a033b77a5dca03cf2df;p=openbsd Undo last changes; it makes it impossible to suspect su in Kerberos mode, and also interferes with multiple sessions by removing tickets potentially in use by those other sessions. --- diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c index feb9d373bc0..caec3264bc0 100644 --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -1,4 +1,4 @@ -/* $OpenBSD: su.c,v 1.20 1997/02/11 18:26:32 millert Exp $ */ +/* $OpenBSD: su.c,v 1.21 1997/02/18 20:07:56 tholo Exp $ */ /* * Copyright (c) 1988 The Regents of the University of California. @@ -41,7 +41,7 @@ char copyright[] = #ifndef lint /*static char sccsid[] = "from: @(#)su.c 5.26 (Berkeley) 7/6/91";*/ -static char rcsid[] = "$OpenBSD: su.c,v 1.20 1997/02/11 18:26:32 millert Exp $"; +static char rcsid[] = "$OpenBSD: su.c,v 1.21 1997/02/18 20:07:56 tholo Exp $"; #endif /* not lint */ #include @@ -67,16 +67,10 @@ static char rcsid[] = "$OpenBSD: su.c,v 1.20 1997/02/11 18:26:32 millert Exp $"; #include #include #include -#include -#include #define ARGSTR "-Kflm" -void kdestroy __P((void)); -void dofork __P((void)); - int use_kerberos = 1; -char krbtkfile[MAXPATHLEN]; #else #define ARGSTR "-flm" #endif @@ -84,30 +78,6 @@ char krbtkfile[MAXPATHLEN]; char *ontty __P((void)); int chshell __P((char *)); -#ifdef KERBEROS -void -dofork() -{ - pid_t child; - - if (!(child = fork())) - return; /* Child process */ - - /* Setup stuff? This would be things we could do in parallel with login */ - (void) chdir("/"); /* Let's not keep the fs busy... */ - - /* If we're the parent, watch the child until it dies */ - while (wait(0) != child) - ; - - /* Run kdestroy to destroy tickets */ - kdestroy(); - - /* Leave */ - exit(0); -} -#endif - int main(argc, argv) int argc; @@ -189,8 +159,7 @@ main(argc, argv) if (ruid) { #ifdef KERBEROS - if (use_kerberos == 0 || - (use_kerberos = !kerberos(username, user, pwd->pw_uid)) == 0) + if (!use_kerberos || kerberos(username, user, pwd->pw_uid)) #endif { /* only allow those in group zero to su to root. */ @@ -250,12 +219,6 @@ badlogin: if (iscsh == UNSET) iscsh = strcmp(avshell, "csh") ? NO : YES; -#if defined(KERBEROS) || defined(KERBEROS5) - /* Fork so that we can call kdestroy */ - if (use_kerberos) - dofork(); -#endif - /* set permissions */ if (setegid(pwd->pw_gid) < 0) err(1, "setegid"); @@ -359,7 +322,7 @@ kerberos(username, user, uid) register char *p; int kerno; u_long faddr; - char lrealm[REALM_SZ]; + char lrealm[REALM_SZ], krbtkfile[MAXPATHLEN]; char hostname[MAXHOSTNAMELEN], savehost[MAXHOSTNAMELEN]; char *ontty(), *krb_get_phost(); @@ -485,61 +448,4 @@ koktologin(name, realm, toname) return (kuserok(kdata, toname)); } - -void -kdestroy() -{ - char *file = krbtkfile; - int i, fd; - extern int errno; - struct stat statb; - char buf[BUFSIZ]; -#ifdef TKT_SHMEM - char shmidname[MAXPATHLEN]; -#endif /* TKT_SHMEM */ - - if (use_kerberos == 0) - return; - - errno = 0; - if (lstat(file, &statb) < 0) - goto out; - - if (!(statb.st_mode & S_IFREG) -#ifdef notdef - || statb.st_mode & 077 -#endif - ) - goto out; - - if ((fd = open(file, O_RDWR, 0)) < 0) - goto out; - - bzero(buf, BUFSIZ); - - for (i = 0; i < statb.st_size; i += BUFSIZ) - if (write(fd, buf, BUFSIZ) != BUFSIZ) { - (void) fsync(fd); - (void) close(fd); - goto out; - } - - (void) fsync(fd); - (void) close(fd); - - (void) unlink(file); - -out: - if (errno != 0) return; -#ifdef TKT_SHMEM - /* - * handle the shared memory case - */ - (void) strcpy(shmidname, file); - (void) strcat(shmidname, ".shm"); - if (krb_shm_dest(shmidname) != KSUCCESS) - return; -#endif /* TKT_SHMEM */ - return; -} #endif