From: Paul Park Date: Mon, 19 Jun 1995 17:37:55 +0000 (+0000) Subject: Use setluid() where appropriate (e.g. OSF/1) X-Git-Tag: krb5-1.0-beta6~1721 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=436b2f983a3ecae1c94a16213a9dadc466e60a0c;p=krb5.git Use setluid() where appropriate (e.g. OSF/1) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6092 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog index fecd108fe..7aac25ac2 100644 --- a/src/appl/bsd/ChangeLog +++ b/src/appl/bsd/ChangeLog @@ -1,4 +1,12 @@ +Mon Jun 19 13:34:23 EDT 1995 Paul Park (pjpark@mit.edu) + * login.c - Change setluid call to check for luid and then set it if + it fails, also make this logic conditional under HAVE_SETLUID. + * configure.in - For OSF/1 systems where libsecurity is present, set + HAVE_SETLUID. We'll need to determine similar tests for other + extended security systems that we are to support in the future. + + Thu Jun 15 17:32:20 EDT 1995 Paul Park (pjpark@mit.edu) * Makefile.in - Change explicit library names to -l form, and change target link line to use $(LD) and associated flags. diff --git a/src/appl/bsd/configure.in b/src/appl/bsd/configure.in index 463a4345d..28e36ec4f 100644 --- a/src/appl/bsd/configure.in +++ b/src/appl/bsd/configure.in @@ -12,6 +12,19 @@ AC_CHECK_LIB(odm,main, AC_CHECK_LIB(cfg,main, LOGINLIBS="-lodm -ls -lcfg" ))) +dnl +dnl Make our operating system-specific security checks and definitions for +dnl login. +dnl +case $krb5_cv_host in +alpha-dec-osf*) + AC_CHECK_LIB(security,main, + AC_DEFINE(HAVE_SETLUID) + LOGINLIBS="$LOGINLIBS -lsecurity" + ) + ;; +esac +dnl AC_SUBST(LOGINLIBS) dnl AC_VFORK diff --git a/src/appl/bsd/login.c b/src/appl/bsd/login.c index ae80134e1..12fe73d70 100644 --- a/src/appl/bsd/login.c +++ b/src/appl/bsd/login.c @@ -818,10 +818,16 @@ bad_login: syslog(LOG_ERR, "setlogin() failure %d",errno); #endif -#ifdef __SCO__ - /* this is necessary when C2 mode is enabled, but not otherwise */ - setluid((uid_t) pwd->pw_uid); -#endif +#ifdef HAVE_SETLUID + /* + * If we're on a system which keeps track of login uids, then + * attempt to set the login uid, but don't get too unhappy when/if + * it doesn't succeed. + */ + if ((uid_t) getluid() < (uid_t) 0) { + setluid((uid_t) pwd->pw_uid); + } +#endif /* HAVE_SETLUID */ /* This call MUST succeed */ #ifdef _IBMR2 setuidx(ID_LOGIN, pwd->pw_uid);