Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.bin/su repair, simplify, and improve the Kerberos part
details: https://anonhg.NetBSD.org/src/rev/afdfafdf5a71
branches: trunk
changeset: 494644:afdfafdf5a71
user: assar <assar%NetBSD.org@localhost>
date: Mon Jul 10 01:45:24 2000 +0000
description:
repair, simplify, and improve the Kerberos part
diffstat:
usr.bin/su/su.c | 50 ++++++++++++++++++++++++++++++++------------------
1 files changed, 32 insertions(+), 18 deletions(-)
diffs (91 lines):
diff -r 9b246b2594c9 -r afdfafdf5a71 usr.bin/su/su.c
--- a/usr.bin/su/su.c Mon Jul 10 01:15:17 2000 +0000
+++ b/usr.bin/su/su.c Mon Jul 10 01:45:24 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: su.c,v 1.39 2000/02/11 00:30:07 abs Exp $ */
+/* $NetBSD: su.c,v 1.40 2000/07/10 01:45:24 assar Exp $ */
/*
* Copyright (c) 1988 The Regents of the University of California.
@@ -44,7 +44,7 @@
#if 0
static char sccsid[] = "@(#)su.c 8.3 (Berkeley) 4/2/94";*/
#else
-__RCSID("$NetBSD: su.c,v 1.39 2000/02/11 00:30:07 abs Exp $");
+__RCSID("$NetBSD: su.c,v 1.40 2000/07/10 01:45:24 assar Exp $");
#endif
#endif /* not lint */
@@ -452,8 +452,7 @@
char lrealm[REALM_SZ], krbtkfile[MAXPATHLEN];
char hostname[MAXHOSTNAMELEN + 1], savehost[MAXHOSTNAMELEN + 1];
- if (krb_get_lrealm(lrealm, 1) != KSUCCESS ||
- strcmp(lrealm, KRB_REALM) == 0)
+ if (krb_get_lrealm(lrealm, 1) != KSUCCESS)
return (1);
if (koktologin(username, lrealm, user) && !uid) {
warnx("kerberos: not in %s's ACL.", user);
@@ -483,9 +482,30 @@
* We should have a way to set the ticket lifetime,
* with a system default for root.
*/
- kerno = krb_get_pw_in_tkt((uid == 0 ? username : user),
- (uid == 0 ? "root" : ""), lrealm,
- "krbtgt", lrealm, DEFAULT_TKT_LIFE, 0);
+ {
+ char prompt[128];
+ char passw[256];
+
+ (void)snprintf (prompt, sizeof(prompt),
+ "%s's Password: ",
+ krb_unparse_name_long ((uid == 0 ? username : user),
+ (uid == 0 ? "root" : ""),
+ lrealm));
+ if (des_read_pw_string (passw, sizeof (passw), prompt, 0)) {
+ memset (passw, 0, sizeof (passw));
+ return (1);
+ }
+ if (strlen(passw) == 0)
+ return (1); /* Empty passwords are not allowed */
+
+ kerno = krb_get_pw_in_tkt((uid == 0 ? username : user),
+ (uid == 0 ? "root" : ""), lrealm,
+ KRB_TICKET_GRANTING_TICKET,
+ lrealm,
+ DEFAULT_TKT_LIFE,
+ passw);
+ memset (passw, 0, strlen (passw));
+ }
if (kerno != KSUCCESS) {
if (kerno == KDC_PR_UNKNOWN) {
@@ -516,7 +536,7 @@
}
hostname[sizeof(hostname) - 1] = '\0';
- (void)strncpy(savehost, krb_get_phost(hostname), sizeof(savehost));
+ (void)strlcpy(savehost, krb_get_phost(hostname), sizeof(savehost));
savehost[sizeof(savehost) - 1] = '\0';
kerno = krb_mk_req(&ticket, "rcmd", savehost, lrealm, 33);
@@ -559,15 +579,9 @@
koktologin(name, realm, toname)
char *name, *realm, *toname;
{
- AUTH_DAT *kdata;
- AUTH_DAT kdata_st;
-
- kdata = &kdata_st;
- memset((char *)kdata, 0, sizeof(*kdata));
- (void)strncpy(kdata->pname, name, sizeof(kdata->pname) - 1);
- (void)strncpy(kdata->pinst,
- ((strcmp(toname, "root") == 0) ? "root" : ""), sizeof(kdata->pinst) - 1);
- (void)strncpy(kdata->prealm, realm, sizeof(kdata->prealm) - 1);
- return (kuserok(kdata, toname));
+ return krb_kuserok(name,
+ strcmp (toname, "root") == 0 ? "root" : "",
+ realm,
+ toname);
}
#endif
Home |
Main Index |
Thread Index |
Old Index