From: dm Date: Mon, 27 Jan 1997 20:44:12 +0000 (+0000) Subject: security X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=9374fd97c92df0be64a75416ecd88c6275ea6135;p=openbsd security --- diff --git a/kerberosIV/krb/in_tkt.c b/kerberosIV/krb/in_tkt.c index d34f1058b8d..6bea0ff6f56 100644 --- a/kerberosIV/krb/in_tkt.c +++ b/kerberosIV/krb/in_tkt.c @@ -100,7 +100,7 @@ in_tkt(pname, pinst) if (krb_debug) printf("swapped UID's %d and %d\n",(int)metoo,(int)me); } - if ((tktfile = creat(file,0600)) < 0) { + if ((tktfile = open (file,O_CREAT|O_EXCL|O_WRONLY,0600)) < 0) { if (krb_debug) fprintf(stderr,"Error initializing %s",TKT_FILE); return(KFAILURE); diff --git a/usr.bin/login/klogin.c b/usr.bin/login/klogin.c index 893e745e007..aef17616ef8 100644 --- a/usr.bin/login/klogin.c +++ b/usr.bin/login/klogin.c @@ -1,4 +1,4 @@ -/* $OpenBSD: klogin.c,v 1.3 1996/06/26 05:36:00 deraadt Exp $ */ +/* $OpenBSD: klogin.c,v 1.4 1997/01/27 20:44:16 dm Exp $ */ /* $NetBSD: klogin.c,v 1.7 1996/05/21 22:07:04 mrg Exp $ */ /*- @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)klogin.c 8.3 (Berkeley) 4/2/94"; #endif -static char rcsid[] = "$OpenBSD: klogin.c,v 1.3 1996/06/26 05:36:00 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: klogin.c,v 1.4 1997/01/27 20:44:16 dm Exp $"; #endif /* not lint */ #ifdef KERBEROS @@ -97,15 +97,18 @@ klogin(pw, instance, localhost, password) #endif /* - * Root logins don't use Kerberos. + * Root logins don't use Kerberos (or at least shouldn't be + * sending kerberos passwords around in cleartext), so don't + * allow any root logins here (keeping in mind that we only + * get here with a password). + * * If we have a realm, try getting a ticket-granting ticket * and using it to authenticate. Otherwise, return * failure so that we can try the normal passwd file * for a password. If that's ok, log the user in * without issuing any tickets. */ - if (strcmp(pw->pw_name, "root") == 0 || - krb_get_lrealm(realm, 0) != KSUCCESS) + if (pw->pw_uid == 0 || krb_get_lrealm(realm, 0) != KSUCCESS) return (1); /* @@ -178,7 +181,9 @@ klogin(pw, instance, localhost, password) dest_tkt(); return (1); } - return (0); + /* Otherwise, leave ticket around, but make sure + * password matches the Unix password. */ + return (1); } if (kerror != KSUCCESS) { diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c index e64d6003472..59f556a9b8a 100644 --- a/usr.bin/login/login.c +++ b/usr.bin/login/login.c @@ -1,4 +1,4 @@ -/* $OpenBSD: login.c,v 1.16 1997/01/15 23:43:03 millert Exp $ */ +/* $OpenBSD: login.c,v 1.17 1997/01/27 20:44:14 dm Exp $ */ /* $NetBSD: login.c,v 1.13 1996/05/15 23:50:16 jtc Exp $ */ /*- @@ -44,7 +44,7 @@ static char copyright[] = #if 0 static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94"; #endif -static char rcsid[] = "$OpenBSD: login.c,v 1.16 1997/01/15 23:43:03 millert Exp $"; +static char rcsid[] = "$OpenBSD: login.c,v 1.17 1997/01/27 20:44:14 dm Exp $"; #endif /* not lint */ /* @@ -221,6 +221,9 @@ main(argc, argv) getloginname(); } rootlogin = 0; +#if 1 /* Why should anyone with a root instance be able to be root here? */ + instance = ""; +#else #ifdef KERBEROS if ((instance = strchr(username, '.')) != NULL) { if (strncmp(instance, ".root", 5) == 0) @@ -236,6 +239,7 @@ main(argc, argv) *instance++ = '\0'; } else instance = ""; +#endif #endif if (strlen(username) > UT_NAMESIZE) username[UT_NAMESIZE] = '\0';