Don't use setreuid() to play games with the real uid, since not all
authorTheodore Tso <tytso@mit.edu>
Sat, 29 Apr 1995 00:36:13 +0000 (00:36 +0000)
committerTheodore Tso <tytso@mit.edu>
Sat, 29 Apr 1995 00:36:13 +0000 (00:36 +0000)
systems have setreuid().  This method of communicating to in_tkt what
the correct owner of the ticket file is completely broken, anyway.  We
skip the setreuid() entirely, and then chown the ticket file to the
correct owner and group afterwards.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5650 dc483132-0cff-0310-8789-dd5450dbe970

src/appl/bsd/ChangeLog
src/appl/bsd/login.c

index 59155fd255f82e346b725be9e668a18fcfe74e14..4936f43567ba1beb30697f7f8e35c44892fb2aa5 100644 (file)
@@ -1,3 +1,12 @@
+Fri Apr 28 20:33:06 1995  Theodore Y. Ts'o  <tytso@dcl>
+
+       * login.c (main): Don't use setreuid() to play games with the real
+               uid, since not all systems have setreuid().  This method
+               of communicating to in_tkt what the correct owner of the
+               ticket file is completely broken, anyway.  We skip the
+               setreuid() entirely, and then chown the ticket file to the
+               correct owner and group afterwards.
+
 Fri Apr 28 17:59:19 1995  Mark Eichin  <eichin@cygnus.com>
 
        * Makefile.in (KLIB): include KRB4_LIB directly, to satisfy both
index 0b8857b3ce0a906e8a4b03604a5e2020b34e9228..4d618e6dbee63322d9cc15fbfaf95cf7ef842723 100644 (file)
@@ -616,21 +616,8 @@ int main(argc, argv)
                    _res.retrans = 1;
 #endif /* BIND_HACK */
 
-#ifdef _IBMR2
-                   krbval = setuidx(ID_REAL|ID_EFFECTIVE, pwd->pw_uid);
-#else
-                   krbval = setreuid(pwd->pw_uid, -1);
-#endif
-                   if (krbval) {
-                       /* can't set ruid to user! */
-                       krbval = -1;
-                       fprintf(stderr,
-                               "login: Can't set ruid for ticket file.\n");
-                   } else
-                       krbval = krb_get_pw_in_tkt(username, "",
-                                                  realm, "krbtgt",
-                                                  realm,
-                                                  DEFAULT_TKT_LIFE, pp2);
+                   krbval = krb_get_pw_in_tkt(username, "", realm, "krbtgt",
+                                              realm, DEFAULT_TKT_LIFE, pp2);
                    memset (pp2, 0, sizeof(pp2));
 #ifdef HAVE_SETPRIORITY
                    (void) setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET);
@@ -639,6 +626,8 @@ int main(argc, argv)
                    case INTK_OK:
                        kpass_ok = 1;
                        krbflag = 1;
+                       strcpy(tkfile, tkt_string());
+                       (void) chown(tkfile, pwd->pw_uid, pwd->pw_gid);
                        break;  
 
                    /* These errors should be silent */
@@ -798,10 +787,7 @@ bad_login:
 
        (void)chown(ttyn, pwd->pw_uid,
            (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
-#ifdef KRB4
-       if(krbflag)
-           (void) chown(getenv(KRB_ENVIRON), pwd->pw_uid, pwd->pw_gid);
-#endif
+
        (void)chmod(ttyn, 0620);
 #ifdef KRB4
 #ifdef SETPAG