From: Ezra Peisach Date: Fri, 6 Oct 1995 20:30:54 +0000 (+0000) Subject: * ksu.M: Document authorization changes X-Git-Tag: krb5-1.0-beta6~925 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=e9c3f6f01a312c577a2265073c37c84a3454dfe9;p=krb5.git * ksu.M: Document authorization changes * ksu.1: Remove as was out of date. * Makefile.in (DEFINES): Remove LOCAL_REALM definition. * ksu.h: Remove local_realm from krb5_authorization. * authorization.c (krb5_authorization): Remove old copied code that is in krb5 library and is out of date. Use the configurable aname to localname methods. * main.c (main): Add krb5_secure_config_files so that users cannot override system config files. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6943 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/clients/ksu/ChangeLog b/src/clients/ksu/ChangeLog index 0c2b63748..9ec6eddc7 100644 --- a/src/clients/ksu/ChangeLog +++ b/src/clients/ksu/ChangeLog @@ -1,3 +1,21 @@ +Thu Oct 5 11:23:21 1995 Ezra Peisach + + * ksu.M: Document authorization changes. + + * ksu.1: Remove as was out of date. + + * Makefile.in (DEFINES): Remove LOCAL_REALM definition. + + * ksu.h: Remove local_realm from krb5_authorization. + + * authorization.c (krb5_authorization): Remove old copied code + that is in krb5 library and is out of date. Use the + configurable aname to localname methods. + + * main.c (main): Add krb5_secure_config_files so that users cannot + override system config files. + + Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu) * krb_auth_su.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g diff --git a/src/clients/ksu/Makefile.in b/src/clients/ksu/Makefile.in index 43a312565..f58c699a1 100644 --- a/src/clients/ksu/Makefile.in +++ b/src/clients/ksu/Makefile.in @@ -1,4 +1,4 @@ -DEFINES = -DLOCAL_REALM='"."' -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"' +DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"' CFLAGS = $(CCOPTS) $(DEFINES) $(DEFS) $(LOCALINCLUDE) SRCS = \ @@ -24,4 +24,4 @@ clean:: install:: $(INSTALL_SETUID) ksu ${DESTDIR}$(CLIENT_BINDIR)/ksu - $(INSTALL_DATA) $(srcdir)/ksu.1 ${DESTDIR}$(CLIENT_MANDIR)/ksu.1 + $(INSTALL_DATA) $(srcdir)/ksu.M ${DESTDIR}$(CLIENT_MANDIR)/ksu.1 diff --git a/src/clients/ksu/authorization.c b/src/clients/ksu/authorization.c index c5ca25454..ec2dce8cf 100644 --- a/src/clients/ksu/authorization.c +++ b/src/clients/ksu/authorization.c @@ -27,10 +27,6 @@ #include "ksu.h" -static krb5_error_code _dbm_an_to_ln PROTOTYPE((krb5_context, - krb5_const_principal, const int, char *)); -static krb5_error_code _username_an_to_ln PROTOTYPE((krb5_context, - krb5_const_principal, const int, char *, char *)); static void auth_cleanup PROTOTYPE((int, FILE *, int, FILE *, char *)); krb5_boolean fowner(fp, uid) @@ -64,13 +60,12 @@ return(TRUE); * */ -krb5_error_code krb5_authorization(context, principal, luser, local_realm_name, +krb5_error_code krb5_authorization(context, principal, luser, cmd, ok, out_fcmd) /* IN */ krb5_context context; krb5_principal principal; const char *luser; - char *local_realm_name; char *cmd; /* OUT */ krb5_boolean *ok; @@ -181,44 +176,14 @@ krb5_error_code krb5_authorization(context, principal, luser, local_realm_name, if ( k5login_flag && k5users_flag){ char * kuser = (char *) calloc (strlen(princname), sizeof(char)); - -#ifdef DEBUG - printf("krb5_lname_file %s\n", krb5_lname_file); -#endif - - if (!stat(krb5_lname_file, &statbuf)){ - if ((! _dbm_an_to_ln(context, principal, strlen(princname), kuser)) && - (strcmp(kuser, luser) == 0)){ - retbool = TRUE; /* found the right one in db */ - } + if (!(krb5_aname_to_localname(context, principal, + strlen(princname), kuser)) + && (strcmp(kuser, luser) == 0)) { + retbool = TRUE; } - - if (local_realm_name && (retbool == FALSE)){ - char * realm; - int used_def = 0; - - if (!strcmp(local_realm_name, USE_DEFAULT_REALM_NAME)){ - - if (retval = krb5_get_default_realm(context, &realm)) { - auth_cleanup(k5users_flag,users_fp, - k5login_flag,login_fp, princname); - free(kuser); - return(retval); - } - used_def =1; - } - else{ realm = local_realm_name; } - - if((! _username_an_to_ln(context, principal, strlen(princname), - kuser, realm)) - && (strcmp(kuser,luser) == 0)){ - retbool = TRUE; - } - if (used_def) free (realm); - } free(kuser); - } + } *ok =retbool; auth_cleanup(k5users_flag,users_fp, k5login_flag,login_fp, princname); @@ -730,106 +695,6 @@ char * lptr, * out_ptr; return out_ptr; } -/******************************************************************** - * Implementation: This version uses a DBM database, indexed by aname, - * to generate a lname. - * - * The entries in the database are normal C strings, and include the trailing - * null in the DBM datum.size. - ********************************************************************/ -static krb5_error_code -_dbm_an_to_ln(context, aname, lnsize, lname) - krb5_context context; - krb5_const_principal aname; - const int lnsize; - char *lname; -{ - DBM *db; - krb5_error_code retval; - datum key, contents; - char *princ_name; - - if (retval = krb5_unparse_name(context, aname, &princ_name)) - return(retval); - key.dptr = princ_name; - key.dsize = strlen(princ_name)+1; /* need to store the NULL for - decoding */ - - db = dbm_open(krb5_lname_file, O_RDONLY, 0600); - if (!db) { - krb5_xfree(princ_name); - return KRB5_LNAME_CANTOPEN; - } - - contents = dbm_fetch(db, key); - - krb5_xfree(princ_name); - - if (contents.dptr == NULL) { - retval = KRB5_LNAME_NOTRANS; - } else { - strncpy(lname, contents.dptr, lnsize); - if (lnsize < contents.dsize) - retval = KRB5_CONFIG_NOTENUFSPACE; - else if (lname[contents.dsize-1] != '\0') - retval = KRB5_LNAME_BADFORMAT; - else - retval = 0; - } - /* can't close until we copy the contents. */ - (void) dbm_close(db); - return retval; -} - -/***************************************************************** - * Implementation: This version checks the realm to see if it is the - * realm passed in; if so, and there is exactly one non-realm - * component to the name, that name is returned as the lname. - ************************************************************/ - -static krb5_error_code -_username_an_to_ln (context, aname, lnsize, lname, realm) - krb5_context context; - krb5_const_principal aname; - const int lnsize; - char *lname; - char *realm; -{ - krb5_error_code retval; - int realm_length; - - realm_length = krb5_princ_realm(context, aname)->length; - - if ((realm_length != strlen(realm)) || - (memcmp(realm, krb5_princ_realm(context, aname)->data, realm_length))) { - return KRB5_LNAME_NOTRANS; - } - - if (krb5_princ_size(context, aname) != 1) { - if (krb5_princ_size(context, aname) == 2 ) { - /* Check to see if 2nd component is the local realm. */ - if ( strncmp(krb5_princ_component(context, aname,1)->data,realm, - realm_length) || - realm_length != krb5_princ_component(context, aname,1)->length) - return KRB5_LNAME_NOTRANS; - } - else - /* no components or more than one component to non-realm part of name - --no translation. */ - return KRB5_LNAME_NOTRANS; - } - - strncpy(lname, krb5_princ_component(context, aname,0)->data, - min(krb5_princ_component(context, aname,0)->length,lnsize)); - if (lnsize < krb5_princ_component(context, aname,0)->length ) { - retval = KRB5_CONFIG_NOTENUFSPACE; - } else { - lname[krb5_princ_component(context, aname,0)->length] = '\0'; - retval = 0; - } - return retval; -} - static void auth_cleanup(k5users_flag, users_fp, k5login_flag, login_fp, princname) int k5users_flag; diff --git a/src/clients/ksu/ksu.1 b/src/clients/ksu/ksu.1 deleted file mode 100644 index eb5e61dc6..000000000 --- a/src/clients/ksu/ksu.1 +++ /dev/null @@ -1,480 +0,0 @@ -.\" Copyright (c) 1994 by the University of Southern California -.\" -.\" EXPORT OF THIS SOFTWARE from the United States of America may -.\" require a specific license from the United States Government. -.\" It is the responsibility of any person or organization contemplating -.\" export to obtain such a license before exporting. -.\" -.\" WITHIN THAT CONSTRAINT, permission to copy, modify, and distribute -.\" this software and its documentation in source and binary forms is -.\" hereby granted, provided that any documentation or other materials -.\" related to such distribution or use acknowledge that the software -.\" was developed by the University of Southern California. -.\" -.\" DISCLAIMER OF WARRANTY. THIS SOFTWARE IS PROVIDED "AS IS". The -.\" University of Southern California MAKES NO REPRESENTATIONS OR -.\" WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not -.\" limitation, the University of Southern California MAKES NO -.\" REPRESENTATIONS OR WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY -.\" PARTICULAR PURPOSE. The University of Southern -.\" California shall not be held liable for any liability nor for any -.\" direct, indirect, or consequential damages with respect to any -.\" claim by the user or distributor of the ksu software. -.\" -.\" KSU was writen by: Ari Medvinsky, ari@isi.edu -.TH KSU 1 "Kerberos Version 5.3" -.SH NAME -ksu \- Kerberized super-user -.SH SYNOPSIS -.B ksu -[ -.I target_user -] [ -.B \-n -.I target_principal_name -] [ -.B \-c -.I source_cache_name -] [ -.B \-C -.I target_cache_name -] [ -.B \-k -] [ -.B \-D -] [ -.B \-r -.I time -] [ -.B \-pf -] [ -.B \-l -.I lifetime -] [ -.B \-zZ -] [ -.B \-e -.I command -[ -.I args ... -] ] [ -.B \-a -[ -.I args ... -] ] -.br -.SH REQUIREMENTS -Must have Kerberos version 5 installed, to compile ksu. -Must have a Kerberos version 5 server running to use ksu. -.br -.SH DESCRIPTION -.I ksu -is a Kerberized version of the su program that has two missions: -one is to securely change the real and effective user ID to that -of the target user, the other is to create a new security context. -For the sake of clarity all references to, and attributes of -the user invoking the program will start with 'source' (e.g. -source user, source cache, etc.). Likewise all references -to and attributes of the target account, will start with 'target'. -.br -.SH AUTHENTICATION -To fulfill the first mission, ksu operates in two phases: authentication -and authorization. Resolving the target principal name is the -first step in authentication. The user -can either specify his principal name with the -.B \-n -option -(e.g. -.B \-n -jqpublic@USC.EDU) or a default principal name will be assigned -using a heuristic described in the OPTIONS section (see -.B \-n -option). -The target user name must be the first argument to ksu, if not specified -root is the default. If the source user is root no authentication -or authorization takes place. Otherwise, ksu looks for an appropriate -Kerberos ticket in the source cache. -.PP -The ticket can either be for -the end-server -or a ticket granting ticket (TGT) for the target principal's realm. If the -ticket for the end server is already in the cache, it's, decrypted and -verified. If it's not in the cache but the TGT is, TGT is used to -obtain the ticket for the end-server. The end-server ticket is then -verified. If neither ticket is in the cache, but ksu is compiled -with the GET_TGT_VIA_PASSWD define, the user will be prompted -for a Kerberos password which will then be used to get a TGT. -If the user is logged in remotely and -does not have a secure channel, the password may be exposed. -If neither ticket is in the cache and GET_TGT_VIA_PASSWD is not defined, -authentication fails. -.br -.SH AUTHORIZATION -This section describes authorization of the source user when ksu -is invoked without the -.B \-e -option. -For a description of the -.B \-e -option, see the OPTIONS section. -.PP -Upon successful authentication, ksu checks whether the target principal -is authorized to access the target account. -In the target user's home directory, ksu attempts to access -two authorization files: .k5login and .k5users. In the .k5login -file each line contains the name of a -principal that is authorized to access the account. -.TP 12 -For example: -jqpublic@USC.EDU -.br -jqpublic/secure@USC.EDU -.br -jqpublic/admin@USC.EDU -.PP -The format of .k5users is the same, accept the -principal name may be followed by a list of commands that -the principal is authorized to execute. (see the -.B \-e -option in the OPTIONS section for details). -.PP -Thus if the target principal -name is found in the .k5login file the source user is authorized to access -the target account. Otherwise ksu looks in the .k5users file. -If the target principal name is found without any trailing commands -or followed only by '*' then the source user is authorized. -If either .k5login or .k5users exist but an appropriate entry for the target -principal does not exist then access is denied. If neither -file exists then a database of local principal names is -consulted.(the name of this database is defined in Kerberos osconf.h -file by DEFAULT_LNAME_FILENAME macro). If the target principal name is -found then the source user is authorized to access the account. -If it's not found, and ksu was compiled with LOCAL_REALM macro undefined, -authorization fails. If LOCAL_REALM is defined, and it matches -the target principal's realm and the first component of the -target principal name translates to the target account name then -authorization is successful. Otherwise, authorization fails. -.br -.SH EXECUTION OF THE TARGET SHELL -Upon successful authentication and authorization, ksu -proceeds in a similar fashion to su. The environment -is unmodified with the exception of USER, HOME and SHELL variables. -If the target user is not root, USER gets set to the target user -name. Otherwise USER remains unchanged. Both HOME and SHELL are -set to the target login's default values. -In addition, the environment variable KRB5CCNAME gets set to the -name of the target cache. -The real and effective user ID are changed to that of the -target user. The target user's shell is then invoked -(the shell name is specified in the password file). -Upon termination of the shell, ksu deletes the target cache (unless -ksu is invoked with -.B \-k - or ' -.B \-C .' options). -This is implemented by first doing a fork and then an exec, instead -of just exec, as done by su. -.br -.SH CREATING A NEW SECURITY CONTEXT -.PP -Ksu can be used to create a new security context for the -target program (either the target -shell, or command specified via the -e option). -The target program inherits a set -of credentials from the source user. -By default, this set includes all of the credentials -in the source cache plus any -additional credentials obtained during authentication. -The source user is able to limit the credentials in this set -by using -z or -Z option. --z restricts the copy of tickets from the source cache -to the target cache to only the tickets where client == -the target principal name. The -Z option -provides the target user with a fresh target cache -(no creds in the cache). Note that for security reasons, -when the source user is root and target user is non-root, --z option is the default mode of operation. In this -case if -n is specified and no credentials can be copied -to the target cache, the source user is prompted for -a Kerberos password (unless -Z specified or GET_TGT_VIA_PASSWD is -undefined). If successful, a TGT is obtained -from the Kerberos server and stored in the target cache. -Otherwise, ksu continues in a normal mode of operation, but -the destination cache will remain empty. -.PP -\fISide Note:\fP during authentication, only the tickets that could be -obtained without providing a password are cached in -in the source cache. -.SH OPTIONS -.TP 10 -\fB\-n \fItarget_principal_name -Specify a Kerberos target principal name. -Used in authentication and authorization -phases of ksu. - -If ksu is invoked without -.B \-n, -a default principal name is -assigned via the following heuristic: - -\fICase 1:\fP source user is non-root. -.br -If neither ~/target_user/.k5users -nor ~/target_user/.k5login exist then -the default principal name is -target_user_login_name@local_realm. Otherwise, -starting with the first principal listed below, -ksu checks if the principal is authorized -to access the target account and whether -there is a legitimate ticket for that principal -in the source cache. If both conditions are met -that principal becomes the default target principal, -otherwise go to the next principal. - -a) default principal of the source cache -.br -b) target_user@local_realm -.br -c) source_user@local_realm - -If a-c fails try any principal for which there is -a ticket in the source cache and that is -authorized to access the target account. -If that fails select the first principal that -is authorized to access the target account from -the following list: - -a) default principal of the source cache -.br -b) if ksu is configured with PRINC_LOOK_AHEAD -.br - turned on, the principal with the same -.br - realm name as a) and has the first part -.br - of the principal name equal to prefix of a). -.br -c) target_user@local_realm -.br -d) source_user@local_realm - -If all fails select the first authorized principal -(from .k5login, .k5users file). - -\fICase 2:\fP source user is root. -.br -If the target user is non-root then the -default principal name is target_user@local_realm. -Else, if the source cache exists the default -principal name is set to the default principal -of the source cache. If the source cache does not -exist, default principal name is set to -root@local_realm. -.TP 10 -\fB\-c \fIsource_cache_name -Specify source cache name (e.g. -.B \-c -FILE:/tmp/my_cache). -If -.B \-c -option is not used then the -name is obtained from KRB5CCNAME environment variable. -If KRB5CCNAME is not defined the source cache name -is set to krb5cc_. -.TP 10 -\fB\-C \fItarget_cache_name -Specify the target cache name (e.g. -.B \-C -FILE:/tmp/target_cache). -If '.' is specified (e.g. ksu -\-C .) ksu uses the source -cache and does not create a new target cache. Note: -this case requires both source and target user -to have read and write permissions for the source cache. -If -.B \-C -option is not used, the default target cache name is -set to krb5cc_.(gen_sym()), -where gen_sim generates a new number such that -the resulting cache does not already exist. -.br -For example: krb5cc_1984.2 -.TP 10 -\fB\-k -Do not delete the target cache upon termination of the -target shell or a command ( -.B \-e -command). -Without -.B \-k, -ksu deletes the target cache upon termination -of the source cache unless the '-C .' option was used. -.TP 10 -\fB\-D -turn on debug mode. -.TP 10 -\fITicket granting ticket options: -l lifetime -r time -pf\fP -The ticket granting ticket options only apply to the -case where there are no appropriate tickets in -the cache to authenticate the source user. In this case -if ksu is configured to prompt users for a -Kerberos password (GET_TGT_VIA_PASSWD is defined), -the ticket granting -ticket options that are specified will be used -when getting a ticket granting ticket from the Kerberos -server. -.TP 10 -\fB\-l \fIlifetime -option specifies the lifetime (in hours) to be -requested for the ticket; if this option is not -specified, the default ticket lifetime -(configured by each site) is used instead. -.TP 10 -\fB\-r \fItime -option specifies that the RENEWABLE option -should be requested for the ticket, and specifies -(in hours) the desired total lifetime of the ticket. -.TP 10 -\fB\-p -option specifies that the PROXIABLE option should be -requested for the ticket. -.TP 10 -\fB\-f -option specifies that the FORWARDABLE option should -be requested for the ticket. -.TP 10 -\fB\-z -restrict the copy of tickets from the source cache -to the target cache to only the tickets where client == -the target principal name. Use the -.B \-n -option -if you want the tickets for other then the default -principal. Note that the -.B \-z -option is mutually -exclusive with '-C .' and -Z options. -.TP 10 -\fB\-Z -Don't copy any tickets from the source cache to the -target cache. Just create a fresh target cache, -where the default principal name of the cache is -initialized to the target principal name. Note that -.B \-Z -option is mutually -exclusive with '-C .' and -z options. -.TP 10 -\fB\-e \fIcommand [args ...] -ksu proceeds exactly the same as if it was invoked without the -.B \-e -option, -except instead of executing the target shell, ksu executes the -specified command (Example of usage: ksu bob -.B \-e -ls -.B \-lag). - -\fIThe authorization algorithm for -e is as follows:\fP - -If the source user is root, no authorization takes place and -the command is executed. If source user id != 0, and .k5users -file does not exist, authorization fails. -Otherwise, .k5users file must have an -appropriate entry for target principal -to get authorized. - -\fIThe .k5users file format:\fP - -A single principal entry on each line -that may be followed by a list of commands that -the principal is authorized to execute. -A principal name followed by a '*' means -that the user is authorized to execute -any command. Thus, in the following example: - -jqpublic@USC.EDU ls mail /local/kerberos/klist -.br -jqpublic/secure@USC.EDU * -.br -jqpublic/admin@USC.EDU - -jqpublic@USC.EDU is only authorized to execute ls, mail -and klist commands. jqpublic/secure@USC.EDU is authorized -to execute any command. jqpublic/admin@USC.EDU is not -authorized to execute any command. Note, that -jqpublic/admin@USC.EDU is authorized to execute -the target shell (regular ksu, without the -.B \-e -option) but jqpublic@USC.EDU is not. - -The commands listed after the principal name must -be either a full path names or just the program name. -In the second case, CMD_PATH specifying the location -of authorized programs, must be defined at the -compilation time of ksu. - -\fIWhich command gets executed ?\fP - -If the source user is root or the user -is authorized to execute any command ('*' entry) -then command can be either a full or a relative -path leading to the target program. -Otherwise, the user must specify either a full -path or just the program name. -.TP 10 -\fB\-a \fIargs -specify arguments to be passed to the target shell. -Note: that all flags and parameters following -a -will be passed to the shell, thus all options -intended for ksu must precede -.B \-a. -.B \-a -option can be used to simulate the -.B \-e -option if used as follows: -.B \-a -.B \-c -[command [arguments]]. -.B \-c -is interpreted by the c-shell to execute the command. -.PP -.SH INSTALLATION INSTRUCTIONS -ksu can be compiled with the following flags (see the makefile): -.TP 10 -\fILOCAL_REALM\fP -possible values: the name of the local realm -or '.' in which case krb.conf is used to get -up the local realm name. -.TP 10 -\fIGET_TGT_VIA_PASSWD\fP -in case no appropriate tickets are found in the source -cache, the user will be prompted for a Kerberos -password. The password is then used to get a -ticket granting ticket from the Kerberos server. -The danger of configuring ksu with this macro is -if the source user is loged in remotely and does not -have a secure channel, the password may get exposed. -.TP 10 -\fIPRINC_LOOK_AHEAD\fP -during the resolution of the default principal name, -PRINC_LOOK_AHEAD enables ksu to find principal names -in the .k5users file that have a common prefix with -the default principal of the source cache. -.TP 10 -\fICMD_PATH\fP -specifies a list of directories containing programs -that users are authorized to execute (via .k5users file). -.TP 10 -SAMPLE CONFIGURATION: -KSU_OPTS = -DLOCAL_REALM='"ISI.EDU"' -DGET_TGT_VIA_PASSWD --DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /usr/ucb /local/bin" -.TP 10 -PERMISSIONS FOR KSU -ksu should be owned by root and have the set user id bit turned on. -.TP 10 -END-SERVER ENTRY -ksu attempts to get a ticket for the end server just as -Kerberized telnet and rlogin. Thus, there must be -an entry for the server in the Kerberos database -(e.g. host/nii.isi.edu@ISI.EDU). k5srvtab must be in -an appropriate location. diff --git a/src/clients/ksu/ksu.M b/src/clients/ksu/ksu.M index 704d43116..cb80bffc2 100644 --- a/src/clients/ksu/ksu.M +++ b/src/clients/ksu/ksu.M @@ -149,15 +149,11 @@ If the target principal name is found without any trailing commands or followed only by '*' then the source user is authorized. If either .k5login or .k5users exist but an appropriate entry for the target principal does not exist then access is denied. If neither -file exists then a database of local principal names is -consulted (the name of this database is defined in Kerberos osconf.h -file by DEFAULT_LNAME_FILENAME macro). If the target principal name is -found then the source user is authorized to access the account. -If it's not found, and ksu was compiled with LOCAL_REALM macro undefined, -authorization fails. If LOCAL_REALM is defined, and it matches -the target principal's realm and the first component of the -target principal name translates to the target account name then -authorization is successful. Otherwise, authorization fails. +file exists then the principal will be granted access +to the account according to the aname\->lname mapping rules (see +.IR krb5_anadd(8) +for more details). +Otherwise, authorization fails. .br .SH EXECUTION OF THE TARGET SHELL Upon successful authentication and authorization, ksu @@ -456,11 +452,6 @@ is interpreted by the c-shell to execute the command. .SH INSTALLATION INSTRUCTIONS ksu can be compiled with the following 5 flags (see the Imakefile): .TP 10 -\fILOCAL_REALM\fP -possible values: the name of the local realm -or '.' in which case krb.conf is used to look -up the local realm name. -.TP 10 \fIGET_TGT_VIA_PASSWD\fP in case no appropriate tickets are found in the source cache, the user will be prompted for a Kerberos @@ -488,7 +479,7 @@ the names of "legal shells". Note that the target user's shell is obtained from the passwd file. .TP 10 SAMPLE CONFIGURATION: -KSU_OPTS = -DLOCAL_REALM='"ISI.EDU"' -DGET_TGT_VIA_PASSWD +KSU_OPTS = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /usr/ucb /local/bin" .TP 10 PERMISSIONS FOR KSU diff --git a/src/clients/ksu/ksu.h b/src/clients/ksu/ksu.h index 4315ed85e..fd8232fb2 100644 --- a/src/clients/ksu/ksu.h +++ b/src/clients/ksu/ksu.h @@ -161,7 +161,7 @@ extern void printtime PROTOTYPE((time_t)); extern krb5_boolean fowner PROTOTYPE((FILE *, int)); extern krb5_error_code krb5_authorization - PROTOTYPE((krb5_context, krb5_principal, const char *, char *, char *, + PROTOTYPE((krb5_context, krb5_principal, const char *, char *, krb5_boolean *, char **)); extern krb5_error_code k5login_lookup PROTOTYPE((FILE *, char *, diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c index d06a669ff..582c772cb 100644 --- a/src/clients/ksu/main.c +++ b/src/clients/ksu/main.c @@ -84,7 +84,6 @@ krb5_context ksu_context; char * cc_target_tag = NULL; char * target_user = NULL; char * source_user; -char * local_realm_name = NULL; krb5_ccache cc_source = NULL; char * cc_source_tag = NULL; @@ -125,11 +124,7 @@ char * dir_of_cc_source; krb5_init_context(&ksu_context); krb5_init_ets(ksu_context); /* initialize kerberos error tables */ - -#ifdef LOCAL_REALM - local_realm_name = LOCAL_REALM ; -#endif - + krb5_secure_config_files(ksu_context); if (strrchr(argv[0], '/')) argv[0] = strrchr(argv[0], '/')+1; @@ -624,7 +619,7 @@ char * dir_of_cc_source; source_user,ontty()); if ((retval = krb5_authorization(ksu_context, client,target_user, - local_realm_name, cmd, &authorization_val, &exec_cmd))){ + cmd, &authorization_val, &exec_cmd))){ com_err(prog_name,retval,"while checking authorization"); sweep_up(ksu_context, use_source_cache, cc_target); exit(1);