diff options
Diffstat (limited to 'crypto/heimdal/appl/login/login.c')
-rw-r--r-- | crypto/heimdal/appl/login/login.c | 57 |
1 files changed, 43 insertions, 14 deletions
diff --git a/crypto/heimdal/appl/login/login.c b/crypto/heimdal/appl/login/login.c index 1531eec..cc41097 100644 --- a/crypto/heimdal/appl/login/login.c +++ b/crypto/heimdal/appl/login/login.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -38,8 +38,11 @@ #ifdef HAVE_SYS_CAPABILITY_H #include <sys/capability.h> #endif +#ifdef HAVE_CRYPT_H +#include <crypt.h> +#endif -RCSID("$Id: login.c,v 1.59.2.1 2004/09/08 09:15:39 joda Exp $"); +RCSID("$Id: login.c 16498 2006-01-09 16:26:25Z joda $"); static int login_timeout = 60; @@ -118,7 +121,8 @@ exec_shell(const char *shell, int fallback) p++; else p = shell; - asprintf(&sh, "-%s", p); + if (asprintf(&sh, "-%s", p) == -1) + errx(1, "Out of memory"); execle(shell, sh, NULL, env); if(fallback){ warnx("Can't exec %s, trying %s", @@ -131,6 +135,10 @@ exec_shell(const char *shell, int fallback) static enum { NONE = 0, AUTH_KRB4 = 1, AUTH_KRB5 = 2, AUTH_OTP = 3 } auth; +#ifdef KRB4 +static krb5_boolean get_v4_tgt = FALSE; +#endif + #ifdef OTP static OtpContext otp_ctx; @@ -179,8 +187,6 @@ krb5_to4 (krb5_ccache id) krb5_error_code ret; krb5_principal princ; - int get_v4_tgt; - ret = krb5_cc_get_principal(context, id, &princ); if(ret == 0) { krb5_appdefault_boolean(context, "login", @@ -203,6 +209,8 @@ krb5_to4 (krb5_ccache id) krb5_error_code ret; krb5_principal princ; + krb5_cc_clear_mcred(&mcred); + ret = krb5_cc_get_principal (context, id, &princ); if (ret) return ret; @@ -212,9 +220,11 @@ krb5_to4 (krb5_ccache id) "krbtgt", princ->realm, NULL); - krb5_free_principal (context, princ); - if (ret) + if (ret) { + krb5_free_principal(context, princ); return ret; + } + mcred.client = princ; ret = krb5_cc_retrieve_cred(context, id, 0, &mcred, &cred); if(ret == 0) { @@ -226,9 +236,12 @@ krb5_to4 (krb5_ccache id) tf_setup(&c, c.pname, c.pinst); } memset(&c, 0, sizeof(c)); - krb5_free_creds_contents(context, &cred); + krb5_free_cred_contents(context, &cred); } + if (ret != 0) + get_v4_tgt = FALSE; krb5_free_principal(context, mcred.server); + krb5_free_principal(context, mcred.client); } return 0; } @@ -476,6 +489,14 @@ do_login(const struct passwd *pwd, char *tty, char *ttyn) exit(1); } #endif + if(rootlogin == 0) { + const char *file = login_conf_get_string("limits"); + if(file == NULL) + file = _PATH_LIMITS_CONF; + + read_limits_conf(file, pwd); + } + #ifdef HAVE_SETPCRED if (setpcred (pwd->pw_name, NULL) == -1) warn("setpcred(%s)", pwd->pw_name); @@ -598,7 +619,8 @@ do_login(const struct passwd *pwd, char *tty, char *ttyn) #endif /* KRB5 */ #ifdef KRB4 - krb4_get_afs_tokens (pwd); + if (auth == AUTH_KRB4 || get_v4_tgt) + krb4_get_afs_tokens (pwd); #endif /* KRB4 */ add_env("PATH", _PATH_DEFPATH); @@ -700,7 +722,7 @@ main(int argc, char **argv) int try; char username[32]; - int optind = 0; + int optidx = 0; int ask = 1; struct sigaction sa; @@ -717,13 +739,13 @@ main(int argc, char **argv) } #endif - openlog("login", LOG_ODELAY, LOG_AUTH); + openlog("login", LOG_ODELAY | LOG_PID, LOG_AUTH); if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, - &optind)) + &optidx)) usage (1); - argc -= optind; - argv += optind; + argc -= optidx; + argv += optidx; if(help_flag) usage(0); @@ -850,6 +872,13 @@ main(int argc, char **argv) syslog(LOG_NOTICE, "%s LOGIN REFUSED ON %s", pwd->pw_name, tty); exit (1); + } else { + if (remote_host) + syslog(LOG_NOTICE, "%s LOGIN ACCEPTED FROM %s ppid=%d", + pwd->pw_name, remote_host, (int) getppid()); + else + syslog(LOG_NOTICE, "%s LOGIN ACCEPTED ON %s ppid=%d", + pwd->pw_name, tty, (int) getppid()); } alarm(0); do_login(pwd, tty, ttyn); |