diff options
Diffstat (limited to 'crypto/kerberosIV/appl/bsd')
-rw-r--r-- | crypto/kerberosIV/appl/bsd/bsd_locl.h | 6 | ||||
-rw-r--r-- | crypto/kerberosIV/appl/bsd/kcmd.c | 10 | ||||
-rw-r--r-- | crypto/kerberosIV/appl/bsd/login.c | 34 | ||||
-rw-r--r-- | crypto/kerberosIV/appl/bsd/rcmd_util.c | 20 | ||||
-rw-r--r-- | crypto/kerberosIV/appl/bsd/rcp.c | 8 | ||||
-rw-r--r-- | crypto/kerberosIV/appl/bsd/rlogin.c | 8 | ||||
-rw-r--r-- | crypto/kerberosIV/appl/bsd/rlogind.c | 13 | ||||
-rw-r--r-- | crypto/kerberosIV/appl/bsd/rsh.c | 16 | ||||
-rw-r--r-- | crypto/kerberosIV/appl/bsd/rshd.c | 28 | ||||
-rw-r--r-- | crypto/kerberosIV/appl/bsd/su.c | 57 |
10 files changed, 151 insertions, 49 deletions
diff --git a/crypto/kerberosIV/appl/bsd/bsd_locl.h b/crypto/kerberosIV/appl/bsd/bsd_locl.h index e39bc36..f742d63 100644 --- a/crypto/kerberosIV/appl/bsd/bsd_locl.h +++ b/crypto/kerberosIV/appl/bsd/bsd_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: bsd_locl.h,v 1.111 1999/12/02 16:58:28 joda Exp $ */ +/* $Id: bsd_locl.h,v 1.111.2.1 2000/06/23 02:34:20 assar Exp $ */ #define LOGALL #define KERBEROS @@ -395,3 +395,5 @@ void prepare_utmp (struct utmp *utmp, char *tty, char *username, #endif int do_osfc2_magic(uid_t); + +void paranoid_setuid (uid_t uid); diff --git a/crypto/kerberosIV/appl/bsd/kcmd.c b/crypto/kerberosIV/appl/bsd/kcmd.c index af20357..93b2b70 100644 --- a/crypto/kerberosIV/appl/bsd/kcmd.c +++ b/crypto/kerberosIV/appl/bsd/kcmd.c @@ -33,7 +33,7 @@ #include "bsd_locl.h" -RCSID("$Id: kcmd.c,v 1.20 1998/07/13 13:54:07 assar Exp $"); +RCSID("$Id: kcmd.c,v 1.20.4.1 2000/10/10 12:55:55 assar Exp $"); #define START_PORT 5120 /* arbitrary */ @@ -185,6 +185,14 @@ kcmd(int *sock, { fd_set fds; FD_ZERO(&fds); + if (s >= FD_SETSIZE || s2 >= FD_SETSIZE) { + warnx("file descriptor too large"); + close(s); + close(s2); + status = -1; + goto bad; + } + FD_SET(s, &fds); FD_SET(s2, &fds); status = select(FD_SETSIZE, &fds, NULL, NULL, NULL); diff --git a/crypto/kerberosIV/appl/bsd/login.c b/crypto/kerberosIV/appl/bsd/login.c index 0d29ebe..f2f0873 100644 --- a/crypto/kerberosIV/appl/bsd/login.c +++ b/crypto/kerberosIV/appl/bsd/login.c @@ -45,7 +45,7 @@ #include <sys/capability.h> #endif -RCSID("$Id: login.c,v 1.125 1999/11/30 19:24:01 bg Exp $"); +RCSID("$Id: login.c,v 1.125.2.2 2000/06/23 02:33:07 assar Exp $"); #ifdef OTP #include <otp.h> @@ -596,22 +596,28 @@ main(int argc, char **argv) if (pwd->pw_change || pwd->pw_expire) gettimeofday(&tp, (struct timezone *)NULL); - if (pwd->pw_change) + if (pwd->pw_change) { + time_t t; + if (tp.tv_sec >= pwd->pw_change) { printf("Sorry -- your password has expired.\n"); changepass=1; } else if (pwd->pw_change - tp.tv_sec < - 2 * DAYSPERWEEK * SECSPERDAY && !quietlog) + 2 * DAYSPERWEEK * SECSPERDAY && !quietlog) { + t = pwd->pw_change; printf("Warning: your password expires on %s", - ctime(&pwd->pw_change)); + ctime(&t)); + } if (pwd->pw_expire) if (tp.tv_sec >= pwd->pw_expire) { printf("Sorry -- your account has expired.\n"); sleepexit(1); } else if (pwd->pw_expire - tp.tv_sec < - 2 * DAYSPERWEEK * SECSPERDAY && !quietlog) + 2 * DAYSPERWEEK * SECSPERDAY && !quietlog) { + t = pwd->pw_expire; printf("Warning: your account expires on %s", - ctime(&pwd->pw_expire)); + ctime(&t)); + } #endif /* defined(HAVE_PASSWD_CHANGE) && defined(HAVE_PASSWD_EXPIRE) */ /* Nothing else left to fail -- really log in. */ @@ -788,6 +794,11 @@ main(int argc, char **argv) if(!rootlogin) exit(1); } + if (uid != 0 && setuid(0) != -1) { + syslog(LOG_ALERT | LOG_AUTH, + "Failed to drop privileges for user %d", uid); + errx(1, "Sorry"); + } } @@ -953,6 +964,7 @@ dolastlog(int quiet) #if defined(HAVE_LASTLOG_H) || defined(HAVE_LOGIN_H) struct lastlog ll; int fd; + time_t t; if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) { lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET); @@ -966,8 +978,8 @@ dolastlog(int quiet) sleepexit(1); } if (!quiet) { - printf("Last login: %.*s ", - 24-5, ctime(&ll.ll_time)); + t = ll.ll_time; + printf("Last login: %.*s ", 24-5, ctime(&t)); if (*ll.ll_host != '\0') { printf("from %.*s\n", (int)sizeof(ll.ll_host), @@ -983,8 +995,8 @@ dolastlog(int quiet) if (!quiet) { if (read(fd, &ll, sizeof(ll)) == sizeof(ll) && ll.ll_time != 0) { - printf("Last login: %.*s ", - 24-5, ctime(&ll.ll_time)); + t = ll.ll_time; + printf("Last login: %.*s ", 24-5, ctime(&t)); if (*ll.ll_host != '\0') printf("from %.*s\n", (int)sizeof(ll.ll_host), @@ -998,7 +1010,7 @@ dolastlog(int quiet) } #endif /* SYSV_SHADOW */ memset(&ll, 0, sizeof(ll)); - time(&ll.ll_time); + ll.ll_time = time(NULL); strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); if (hostname) strncpy(ll.ll_host, hostname, sizeof(ll.ll_host)); diff --git a/crypto/kerberosIV/appl/bsd/rcmd_util.c b/crypto/kerberosIV/appl/bsd/rcmd_util.c index 1dfb46d..cd431e3 100644 --- a/crypto/kerberosIV/appl/bsd/rcmd_util.c +++ b/crypto/kerberosIV/appl/bsd/rcmd_util.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "bsd_locl.h" -RCSID("$Id: rcmd_util.c,v 1.19 1999/12/02 16:58:28 joda Exp $"); +RCSID("$Id: rcmd_util.c,v 1.19.2.1 2000/06/23 02:34:48 assar Exp $"); int get_login_port(int kerberos, int encryption) @@ -245,3 +245,19 @@ warning(const char *fmt, ...) } va_end(args); } + +/* + * setuid but work-around Linux 2.2.15 bug with setuid and capabilities + */ + +void +paranoid_setuid (uid_t uid) +{ + if (setuid (uid) < 0) + err (1, "setuid"); + if (uid != 0 && setuid (0) == 0) { + syslog(LOG_ALERT | LOG_AUTH, + "Failed to drop privileges for uid %u", (unsigned)uid); + err (1, "setuid"); + } +} diff --git a/crypto/kerberosIV/appl/bsd/rcp.c b/crypto/kerberosIV/appl/bsd/rcp.c index be87097..660be91 100644 --- a/crypto/kerberosIV/appl/bsd/rcp.c +++ b/crypto/kerberosIV/appl/bsd/rcp.c @@ -33,7 +33,7 @@ #include "bsd_locl.h" -RCSID("$Id: rcp.c,v 1.52 1999/11/16 16:54:16 bg Exp $"); +RCSID("$Id: rcp.c,v 1.52.2.1 2000/06/23 02:35:16 assar Exp $"); /* Globals */ static char dst_realm_buf[REALM_SZ]; @@ -415,7 +415,7 @@ kerberos(char **host, char *bp, char *locuser, char *user) int sock = -1, err; if (use_kerberos) { - setuid(getuid()); + paranoid_setuid(getuid()); rem = KSUCCESS; errno = 0; if (dest_realm == NULL) @@ -559,7 +559,7 @@ toremote(char *targ, int argc, char **argv) if (response() < 0) exit(1); free(bp); - setuid(userid); + paranoid_setuid(userid); } source(1, argv+i); } @@ -1002,7 +1002,7 @@ main(int argc, char **argv) response(); if(do_osfc2_magic(pwd->pw_uid)) exit(1); - setuid(userid); + paranoid_setuid(userid); if (k_hasafs()) { /* Sometimes we will need cell specific tokens * to be able to read and write files, thus, diff --git a/crypto/kerberosIV/appl/bsd/rlogin.c b/crypto/kerberosIV/appl/bsd/rlogin.c index d057ede..60bed67 100644 --- a/crypto/kerberosIV/appl/bsd/rlogin.c +++ b/crypto/kerberosIV/appl/bsd/rlogin.c @@ -36,7 +36,7 @@ */ #include "bsd_locl.h" -RCSID("$Id: rlogin.c,v 1.67 1999/11/13 06:13:02 assar Exp $"); +RCSID("$Id: rlogin.c,v 1.67.2.2 2000/10/10 12:54:26 assar Exp $"); CREDENTIALS cred; Key_schedule schedule; @@ -241,6 +241,8 @@ reader(void) rcvcnt = 0; FD_ZERO (&readfds); + if (rem >= FD_SETSIZE) + errx (1, "fd too large"); FD_SET (rem, &readfds); FD_ZERO (&exceptfds); if (kludgep) @@ -641,7 +643,7 @@ main(int argc, char **argv) get_window_size(0, &winsize); if (use_kerberos) { - setuid(getuid()); + paranoid_setuid(getuid()); rem = KSUCCESS; errno = 0; if (dest_realm == NULL) @@ -703,7 +705,7 @@ main(int argc, char **argv) #endif /* IP_TOS */ #endif /* HAVE_SETSOCKOPT */ - setuid(uid); + paranoid_setuid(uid); doit(); return 0; } diff --git a/crypto/kerberosIV/appl/bsd/rlogind.c b/crypto/kerberosIV/appl/bsd/rlogind.c index 927ffc5..eae2dd6 100644 --- a/crypto/kerberosIV/appl/bsd/rlogind.c +++ b/crypto/kerberosIV/appl/bsd/rlogind.c @@ -42,7 +42,7 @@ #include "bsd_locl.h" -RCSID("$Id: rlogind.c,v 1.109 1999/11/25 05:27:38 assar Exp $"); +RCSID("$Id: rlogind.c,v 1.109.2.2 2000/06/23 02:37:06 assar Exp $"); extern int __check_rhosts_file; @@ -257,7 +257,7 @@ rlogind_logout(const char *line) ut.ut_exit.e_exit = 0; #endif #endif - time(&ut.ut_time); + ut.ut_time = time(NULL); fseek(fp, (long)-sizeof(struct utmp), SEEK_CUR); fwrite(&ut, sizeof(struct utmp), 1, fp); fseek(fp, (long)0, SEEK_CUR); @@ -297,7 +297,7 @@ logwtmp(const char *line, const char *name, const char *host) else ut.ut_type = DEAD_PROCESS; #endif - time(&ut.ut_time); + ut.ut_time = time(NULL); if (write(fd, &ut, sizeof(struct utmp)) != sizeof(struct utmp)) ftruncate(fd, buf.st_size); @@ -491,6 +491,13 @@ doit(int f, struct sockaddr_in *fromp) execl(new_login, "login", "-p", "-h", hostname, "-f", "--", lusername, 0); + } else if (use_kerberos) { + fprintf(stderr, "User `%s' is not authorized to login as `%s'!\n", + krb_unparse_name_long(kdata->pname, + kdata->pinst, + kdata->prealm), + lusername); + exit(1); } else execl(new_login, "login", "-p", "-h", hostname, "--", lusername, 0); diff --git a/crypto/kerberosIV/appl/bsd/rsh.c b/crypto/kerberosIV/appl/bsd/rsh.c index 87fe1fe..a18f775 100644 --- a/crypto/kerberosIV/appl/bsd/rsh.c +++ b/crypto/kerberosIV/appl/bsd/rsh.c @@ -33,7 +33,7 @@ #include "bsd_locl.h" -RCSID("$Id: rsh.c,v 1.43 1999/11/13 06:13:34 assar Exp $"); +RCSID("$Id: rsh.c,v 1.43.2.2 2000/10/10 12:53:50 assar Exp $"); CREDENTIALS cred; Key_schedule schedule; @@ -107,7 +107,10 @@ talk(int nflag, sigset_t omask, int pid, int rem) goto done; bp = buf; - rewrite: FD_ZERO(&rembits); + rewrite: + FD_ZERO(&rembits); + if (rem >= FD_SETSIZE) + errx(1, "fd too large"); FD_SET(rem, &rembits); if (select(rem + 1, 0, &rembits, 0, 0) < 0) { if (errno != EINTR) @@ -140,6 +143,8 @@ talk(int nflag, sigset_t omask, int pid, int rem) if (sigprocmask(SIG_SETMASK, &omask, 0) != 0) warn("sigprocmask"); FD_ZERO(&readfrom); + if (rem >= FD_SETSIZE || rfd2 >= FD_SETSIZE) + errx(1, "fd too large"); FD_SET(rem, &readfrom); FD_SET(rfd2, &readfrom); do { @@ -253,7 +258,7 @@ main(int argc, char **argv) /* if no further arguments, must have been called as rlogin. */ if (!argv[optind]) { *argv = "rlogin"; - setuid(getuid()); + paranoid_setuid (getuid ()); execv(_PATH_RLOGIN, argv); err(1, "can't exec %s", _PATH_RLOGIN); } @@ -282,7 +287,7 @@ main(int argc, char **argv) sv_port = get_shell_port(use_kerberos, doencrypt); if (use_kerberos) { - setuid(getuid()); + paranoid_setuid(getuid()); rem = KSUCCESS; errno = 0; if (dest_realm == NULL) @@ -342,7 +347,7 @@ main(int argc, char **argv) } #endif - setuid(uid); + paranoid_setuid(uid); { sigset_t sigmsk; sigemptyset(&sigmsk); @@ -358,6 +363,7 @@ main(int argc, char **argv) signal(SIGQUIT, sendsig); if (signal(SIGTERM, SIG_IGN) != SIG_IGN) signal(SIGTERM, sendsig); + signal(SIGPIPE, SIG_IGN); if (!nfork) { pid = fork(); diff --git a/crypto/kerberosIV/appl/bsd/rshd.c b/crypto/kerberosIV/appl/bsd/rshd.c index b750e72..496fa88 100644 --- a/crypto/kerberosIV/appl/bsd/rshd.c +++ b/crypto/kerberosIV/appl/bsd/rshd.c @@ -42,7 +42,7 @@ #include "bsd_locl.h" -RCSID("$Id: rshd.c,v 1.60 1999/11/13 06:13:53 assar Exp $"); +RCSID("$Id: rshd.c,v 1.60.2.3 2000/10/18 20:39:12 assar Exp $"); extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */ extern int __check_rhosts_file; @@ -200,6 +200,8 @@ doit(struct sockaddr_in *fromp) char *cp, sig, buf[DES_RW_MAXWRITE]; char cmdbuf[NCARGS+1], locuser[16], remuser[16]; char remotehost[2 * MaxHostNameLen + 1]; + uid_t uid; + char shell_path[MAXPATHLEN]; AUTH_DAT *kdata; KTEXT ticket; @@ -433,6 +435,11 @@ doit(struct sockaddr_in *fromp) close(2); close(pv[1]); + if (s >= FD_SETSIZE || pv[0] >= FD_SETSIZE) { + error ("fd too large\n"); + exit (1); + } + FD_ZERO(&readfrom); FD_SET(s, &readfrom); FD_SET(pv[0], &readfrom); @@ -441,6 +448,11 @@ doit(struct sockaddr_in *fromp) else nfd = s; if (doencrypt) { + if (pv2[1] >= FD_SETSIZE || pv1[0] >= FD_SETSIZE) { + error ("fd too large\n"); + exit (1); + } + FD_ZERO(&writeto); FD_SET(pv2[1], &writeto); FD_SET(pv1[0], &readfrom); @@ -571,14 +583,16 @@ doit(struct sockaddr_in *fromp) snprintf(path, sizeof(path), "PATH=%s:%s", BINDIR, _PATH_DEFPATH); strlcat(shell, pwd->pw_shell, sizeof(shell)); + strlcpy(shell_path, pwd->pw_shell, sizeof(shell_path)); strlcat(username, pwd->pw_name, sizeof(username)); + uid = pwd->pw_uid; cp = strrchr(pwd->pw_shell, '/'); if (cp) cp++; else cp = pwd->pw_shell; endpwent(); - if (log_success || pwd->pw_uid == 0) { + if (log_success || uid == 0) { if (use_kerberos) syslog(LOG_INFO|LOG_AUTH, "Kerberos shell from %s on %s as %s, cmd='%.80s'", @@ -591,12 +605,16 @@ doit(struct sockaddr_in *fromp) remuser, remotehost, locuser, cmdbuf); } if (k_hasafs()) { + char cell[64]; + if (new_pag) k_setpag(); /* Put users process in an new pag */ - krb_afslog(0, 0); + if (k_afs_cell_of_file (homedir, cell, sizeof(cell)) == 0) + krb_afslog_uid_home (cell, NULL, uid, homedir); + krb_afslog_uid_home(NULL, NULL, uid, homedir); } - execle(pwd->pw_shell, cp, "-c", cmdbuf, 0, envinit); - err(1, "%s", pwd->pw_shell); + execle(shell_path, cp, "-c", cmdbuf, 0, envinit); + err(1, "%s", shell_path); } /* diff --git a/crypto/kerberosIV/appl/bsd/su.c b/crypto/kerberosIV/appl/bsd/su.c index cb24591..7fc63ee 100644 --- a/crypto/kerberosIV/appl/bsd/su.c +++ b/crypto/kerberosIV/appl/bsd/su.c @@ -33,20 +33,20 @@ #include "bsd_locl.h" -RCSID ("$Id: su.c,v 1.70 1999/11/13 06:14:11 assar Exp $"); +RCSID ("$Id: su.c,v 1.70.2.2 2000/12/07 14:04:19 assar Exp $"); #ifdef SYSV_SHADOW #include "sysv_shadow.h" #endif -static int kerberos (char *username, char *user, int uid); +static int kerberos (char *username, char *user, char *realm, int uid); static int chshell (char *sh); static char *ontty (void); static int koktologin (char *name, char *realm, char *toname); static int chshell (char *sh); /* Handle '-' option after all the getopt options */ -#define ARGSTR "Kflmti:" +#define ARGSTR "Kkflmti:r:" int destroy_tickets = 0; static int use_kerberos = 1; @@ -63,15 +63,22 @@ main (int argc, char **argv) enum { UNSET, YES, NO } iscsh = UNSET; char *user, *shell, *avshell, *username, **np; char shellbuf[MaxPathLen], avshellbuf[MaxPathLen]; + char *realm = NULL; set_progname (argv[0]); + if (getuid() == 0) + use_kerberos = 0; + asme = asthem = fastlogin = 0; while ((ch = getopt (argc, argv, ARGSTR)) != -1) switch ((char) ch) { case 'K': use_kerberos = 0; break; + case 'k': + use_kerberos = 1; + break; case 'f': fastlogin = 1; break; @@ -89,10 +96,13 @@ main (int argc, char **argv) case 'i': root_inst = optarg; break; + case 'r': + realm = optarg; + break; case '?': default: fprintf (stderr, - "usage: su [-Kflmt] [-i root-instance] [-] [login]\n"); + "usage: su [-Kkflmt] [-i root-instance] [-r realm] [-] [login]\n"); exit (1); } /* Don't handle '-' option with getopt */ @@ -150,7 +160,7 @@ main (int argc, char **argv) syslog (LOG_ALERT, "NIS attack, user %s has uid 0", user); errx (1, "unknown login %s", user); } - if (!use_kerberos || kerberos (username, user, pwd->pw_uid)) { + if (!use_kerberos || kerberos (username, user, realm, pwd->pw_uid)) { #ifndef PASSWD_FALLBACK errx (1, "won't use /etc/passwd authentication"); #endif @@ -225,12 +235,22 @@ main (int argc, char **argv) if (setgid (pwd->pw_gid) < 0) err (1, "setgid"); - if (initgroups (user, pwd->pw_gid)) - errx (1, "initgroups failed."); + if (initgroups (user, pwd->pw_gid)) { + if (errno == E2BIG) /* Member of too many groups! */ + warn("initgroups failed."); + else + errx(1, "initgroups failed."); + } if (setuid (pwd->pw_uid) < 0) err (1, "setuid"); + if (pwd->pw_uid != 0 && setuid(0) != -1) { + syslog(LOG_ALERT | LOG_AUTH, + "Failed to drop privileges for user %s", pwd->pw_name); + errx(1, "Sorry"); + } + if (!asme) { if (asthem) { char *k = getenv ("KRBTKFILE"); @@ -321,19 +341,26 @@ ontty (void) } static int -kerberos (char *username, char *user, int uid) +kerberos (char *username, char *user, char *lrealm, int uid) { KTEXT_ST ticket; AUTH_DAT authdata; struct hostent *hp; int kerno; u_long faddr; - char lrealm[REALM_SZ], krbtkfile[MaxPathLen]; + char tmp_realm[REALM_SZ], krbtkfile[MaxPathLen]; char hostname[MaxHostNameLen], savehost[MaxHostNameLen]; + int n; + int allowed = 0; - if (krb_get_lrealm (lrealm, 1) != KSUCCESS) - return (1); - if (koktologin (username, lrealm, user) && !uid) { + if (lrealm != NULL) { + allowed = koktologin (username, lrealm, user) == 0; + } else { + for (n = 1; !allowed && krb_get_lrealm (tmp_realm, n) == KSUCCESS; ++n) + allowed = koktologin (username, tmp_realm, user) == 0; + lrealm = tmp_realm; + } + if (!allowed && !uid) { #ifndef PASSWD_FALLBACK warnx ("not in %s's ACL.", user); #endif @@ -416,7 +443,11 @@ kerberos (char *username, char *user, int uid) } strlcpy (savehost, krb_get_phost (hostname), sizeof (savehost)); - kerno = krb_mk_req (&ticket, "rcmd", savehost, lrealm, 33); + for (n = 1; krb_get_lrealm (tmp_realm, n) == KSUCCESS; ++n) { + kerno = krb_mk_req (&ticket, "rcmd", savehost, tmp_realm, 33); + if (kerno == 0) + break; + } if (kerno == KDC_PR_UNKNOWN) { warnx ("Warning: TGT not verified."); |