oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

clean-up and more paranoia

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@6495 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
1999-07-23 21:38:54 +00:00
parent 9062b8ad31
commit 8b1b51391f
1 changed files with 53 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
appl/kf/kfd.c
View File

@@ -49,7 +49,7 @@ int do_inetd = 0;
static struct getargs args[] = { static struct getargs args[] = {
{ "port", 'p', arg_string, &port_str, "port to listen to", "port" }, { "port", 'p', arg_string, &port_str, "port to listen to", "port" },
{ "inetd",'i',arg_flag,&do_inetd, { "inetd",'i',arg_flag, &do_inetd,
"Not started from inetd", NULL }, "Not started from inetd", NULL },
{ "help", 'h', arg_flag, &help_flag }, { "help", 'h', arg_flag, &help_flag },
{ "version", 0, arg_flag, &version_flag } { "version", 0, arg_flag, &version_flag }
@@ -210,15 +210,15 @@ proto (int sock, const char *service)
krb5_get_err_text(context, status)); krb5_get_err_text(context, status));
status=krb5_read_message (context, &sock, &remotename); status=krb5_read_message (context, &sock, &remotename);
if (status) if (status) {
{syslog_and_die("krb5_read_message: %s", syslog_and_die("krb5_read_message: %s",
krb5_get_err_text(context, status)); krb5_get_err_text(context, status));
} }
status=krb5_read_message (context, &sock, &tk_file); status=krb5_read_message (context, &sock, &tk_file);
if (status) if (status) {
{syslog_and_die("krb5_read_message: %s", syslog_and_die("krb5_read_message: %s",
krb5_get_err_text(context, status)); krb5_get_err_text(context, status));
} }
krb5_data_zero (&data); krb5_data_zero (&data);
krb5_data_zero (&packet); krb5_data_zero (&packet);
@@ -236,65 +236,71 @@ proto (int sock, const char *service)
&packet, &packet,
&data, &data,
NULL); NULL);
if (status) if (status) {
{syslog_and_cont("krb5_rd_priv: %s", syslog_and_cont("krb5_rd_priv: %s",
krb5_get_err_text(context, status)); krb5_get_err_text(context, status));
goto out; goto out;
} }
pwd = getpwnam ((char *)(remotename.data)); pwd = getpwnam ((char *)(remotename.data));
if (pwd == NULL) if (pwd == NULL) {
{status=1; status=1;
syslog_and_cont("getpwnam: %s failed",(char *)(remotename.data)); syslog_and_cont("getpwnam: %s failed",(char *)(remotename.data));
goto out; goto out;
} }
if(!krb5_kuserok (context, if(!krb5_kuserok (context,
ticket->client, ticket->client,
(char *)(remotename.data))) (char *)(remotename.data))) {
{status=1; status=1;
syslog_and_cont("krb5_kuserok: permission denied"); syslog_and_cont("krb5_kuserok: permission denied");
goto out; goto out;
} }
setgid(pwd->pw_gid); if (setgid(pwd->pw_gid) < 0) {
setuid(pwd->pw_uid); syslog_and_cont ("setgid: %s", strerror(errno));
goto out;
}
if (setuid(pwd->pw_uid) < 0) {
syslog_and_cont ("setuid: %s", strerror(errno));
goto out;
}
if (tk_file.length != 1) if (tk_file.length != 1)
snprintf (ccname, sizeof(ccname), "%s", (char *)(tk_file.data)); snprintf (ccname, sizeof(ccname), "%s", (char *)(tk_file.data));
else else
snprintf (ccname, sizeof(ccname), "FILE:/tmp/krb5cc_%u",pwd->pw_uid); snprintf (ccname, sizeof(ccname), "FILE:/tmp/krb5cc_%u",pwd->pw_uid);
status = krb5_cc_resolve (context, ccname, &ccache); status = krb5_cc_resolve (context, ccname, &ccache);
if (status) if (status) {
{syslog_and_cont("krb5_cc_resolve: %s", syslog_and_cont("krb5_cc_resolve: %s",
krb5_get_err_text(context, status)); krb5_get_err_text(context, status));
goto out; goto out;
} }
status = krb5_cc_initialize (context, ccache, ticket->client); status = krb5_cc_initialize (context, ccache, ticket->client);
if (status) if (status) {
{syslog_and_cont("krb5_cc_initialize: %s", syslog_and_cont("krb5_cc_initialize: %s",
krb5_get_err_text(context, status)); krb5_get_err_text(context, status));
goto out; goto out;
} }
status = krb5_rd_cred (context, auth_context, ccache, &data); status = krb5_rd_cred (context, auth_context, ccache, &data);
krb5_cc_close (context, ccache); krb5_cc_close (context, ccache);
if (status) if (status) {
{syslog_and_cont("krb5_cc_initialize: %s", syslog_and_cont("krb5_cc_initialize: %s",
krb5_get_err_text(context, status)); krb5_get_err_text(context, status));
goto out; goto out;
} }
syslog_and_cont("%s forwarded ticket to %s,%s", syslog_and_cont("%s forwarded ticket to %s,%s",
name, name,
(char *)(remotename.data),ccname); (char *)(remotename.data),ccname);
out: out:
if (status) if (status) {
{strcpy(ret_string,"no"); strcpy(ret_string, "no");
syslog_and_cont("failed"); syslog_and_cont("failed");
} } else {
else strcpy(ret_string,"ok"); strcpy(ret_string, "ok");
}
krb5_data_free (&tk_file); krb5_data_free (&tk_file);
krb5_data_free (&remotename); krb5_data_free (&remotename);
@@ -308,13 +314,14 @@ out:
return 1; return 1;
if (krb5_net_write (context, &sock, ret_string, len) != len) if (krb5_net_write (context, &sock, ret_string, len) != len)
return 1; return 1;
return 0 ; return 0;
} }
static int static int
doit (int port, const char *service) doit (int port, const char *service)
{ {
if (do_inetd) mini_inetd(port); if (do_inetd)
mini_inetd(port);
return proto (STDIN_FILENO, service); return proto (STDIN_FILENO, service);
} }
@@ -327,7 +334,7 @@ main(int argc, char **argv)
set_progname (argv[0]); set_progname (argv[0]);
roken_openlog (argv[0], LOG_ODELAY | LOG_PID,LOG_AUTH); roken_openlog (argv[0], LOG_ODELAY | LOG_PID,LOG_AUTH);
port = server_setup(&context, argc, argv); port = server_setup(&context, argc, argv);
ret=doit (port, service); ret = doit (port, service);
closelog(); closelog();
return ret; return ret;
} }