oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

setuid(0) before calling krb_kuserok()

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@4171 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
1997-12-08 23:34:23 +00:00
parent 970c137f3a
commit cc4a9f5f80
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
lib/auth/sia/sia.c
View File

@@ -202,13 +202,13 @@ common_auth(sia_collect_func_t *collect,
{ {
char realm[REALM_SZ]; char realm[REALM_SZ];
int ret; int ret;
struct passwd pw, *pwd, fpw, *fpwd; struct passwd pw, *pwd, fpw, *fpwd;
char pwbuf[1024], fpwbuf[1024]; char pwbuf[1024], fpwbuf[1024];
struct state *s = (struct state*)entity->mech[pkgind]; struct state *s = (struct state*)entity->mech[pkgind];
if(getpwnam_r(entity->name, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0) if(getpwnam_r(entity->name, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0)
return SIADFAIL; return SIADFAIL;
snprintf(s->ticket, sizeof(s->ticket), snprintf(s->ticket, sizeof(s->ticket),
TKT_ROOT "%u_%u", (unsigned)pwd->pw_uid, (unsigned)getpid()); TKT_ROOT "%u_%u", (unsigned)pwd->pw_uid, (unsigned)getpid());
krb_get_lrealm(realm, 1); krb_get_lrealm(realm, 1);
@@ -221,8 +221,7 @@ common_auth(sia_collect_func_t *collect,
#else #else
ouid = getuid(); ouid = getuid();
#endif #endif
if(getpwuid_r(ouid, &fpw, if(getpwuid_r(ouid, &fpw, fpwbuf, sizeof(fpwbuf), &fpwd) != 0)
fpwbuf, sizeof(fpwbuf), &fpwd) != 0)
return SIADFAIL; return SIADFAIL;
snprintf(s->ticket, sizeof(s->ticket), TKT_ROOT "_%s_to_%s_%d", snprintf(s->ticket, sizeof(s->ticket), TKT_ROOT "_%s_to_%s_%d",
fpwd->pw_name, pwd->pw_name, getpid()); fpwd->pw_name, pwd->pw_name, getpid());
@@ -231,9 +230,10 @@ common_auth(sia_collect_func_t *collect,
toinst = pwd->pw_name; toinst = pwd->pw_name;
} }
} }
krb_set_tkt_string(s->ticket); krb_set_tkt_string(s->ticket);
setuid(0); /* XXX fix for fix in tf_util.c */
if(krb_kuserok(toname, toinst, realm, entity->name)) if(krb_kuserok(toname, toinst, realm, entity->name))
return SIADFAIL; return SIADFAIL;
ret = krb_verify_user(toname, toinst, realm, ret = krb_verify_user(toname, toinst, realm,