From d46ff3c8d486b6927d03637e9e625318db28e826 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Mon, 30 Sep 1996 21:22:45 +0000 Subject: [PATCH] * Use login.krb5 -f from klogind * Allow login.krb5 -f to authorize root login. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9135 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/bsd/ChangeLog | 11 +++++++++++ src/appl/bsd/krlogind.c | 24 ++++++++---------------- src/appl/bsd/login.M | 2 +- src/appl/bsd/login.c | 39 +++++++++++++++++---------------------- 4 files changed, 37 insertions(+), 39 deletions(-) diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog index 7c6ef6278..44453312c 100644 --- a/src/appl/bsd/ChangeLog +++ b/src/appl/bsd/ChangeLog @@ -1,3 +1,14 @@ +Mon Sep 30 17:15:14 1996 Sam Hartman + + * login.c: Allow login -f to let you log in as root. + +Mon Sep 30 16:22:48 1996 Sam Hartman + + * login.c (stypeof): If TERM environment variable set, use it. + + * krlogind.c (doit): Do not use login -E; no one supports it + besides login.krb5which also supports -f. + Sun Sep 29 20:49:47 1996 Sam Hartman * login.c: Fix so it works with --without-krb4 option diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c index 2327ba85a..d878e1eba 100644 --- a/src/appl/bsd/krlogind.c +++ b/src/appl/bsd/krlogind.c @@ -45,7 +45,7 @@ char copyright[] = * 3) Prompt for password if any checks fail, or if so configured. * Allow login if all goes well either by calling the accompanying * login.krb5 or /bin/login, according to the definition of - * DO_NOT_USE_K_LOGIN. + * DO_NOT_USE_K_LOGIN.l * * The configuration is done either by command-line arguments passed by * inetd, or by the name of the daemon. If command-line arguments are @@ -94,7 +94,7 @@ char copyright[] = */ #define LOG_REMOTE_REALM #define CRYPT - +#define USE_LOGIN_F #ifdef HAVE_UNISTD_H #include @@ -507,8 +507,8 @@ struct winsize win = { 0, 0, 0, 0 }; int pid; /* child process id */ void doit(f, fromp) - int f; - struct sockaddr_in *fromp; + int f; + struct sockaddr_in *fromp; { int p, t, on = 1; register struct hostent *hp; @@ -622,7 +622,7 @@ int syncpipe[2]; #if defined(POSIX_TERMIOS) && !defined(ultrix) tcgetattr(t,&new_termio); -#if !(defined(DO_NOT_USE_K_LOGIN)&&defined(USE_LOGIN_F)) +#if !defined(USE_LOGIN_F) new_termio.c_lflag &= ~(ICANON|ECHO|ISIG|IEXTEN); new_termio.c_iflag &= ~(IXON|IXANY|BRKINT|INLCR|ICRNL); #else @@ -714,7 +714,6 @@ int syncpipe[2]; } #endif -#ifdef DO_NOT_USE_K_LOGIN #ifdef USE_LOGIN_F /* use the vendors login, which has -p and -f. Tested on * AIX 4.1.4 and HPUX 10 @@ -735,12 +734,6 @@ int syncpipe[2]; #else /* USE_LOGIN_F */ execl(login_program, "login", "-r", rhost_name, 0); #endif /* USE_LOGIN_F */ -#else - if (passwd_req) - execl(login_program, "login","-h", rhost_name, lusername, 0); - else - execl(login_program, "login", "-h", rhost_name, "-e", lusername, 0); -#endif fatalperror(2, login_program); /*NOTREACHED*/ @@ -791,12 +784,10 @@ int syncpipe[2]; #endif -#if defined(DO_NOT_USE_K_LOGIN)&&!defined(USE_LOGIN_F) +#if!defined(USE_LOGIN_F) /* Pass down rusername and lusername to login. */ (void) write(p, rusername, strlen(rusername) +1); (void) write(p, lusername, strlen(lusername) +1); -#endif -#if !defined(DO_NOT_USE_K_LOGIN) || !defined(USE_LOGIN_F) /* stuff term info down to login */ if ((write(p, term, strlen(term)+1) != (int) strlen(term)+1)) { /* @@ -805,7 +796,8 @@ int syncpipe[2]; sprintf(buferror,"Cannot write slave pty %s ",line); fatalperror(f,buferror); } -#endif /* DO_NOT_USE_K_LOGIN && USE_LOGIN_F */ + +#endif protocol(f, p); signal(SIGCHLD, SIG_IGN); cleanup(); diff --git a/src/appl/bsd/login.M b/src/appl/bsd/login.M index b6ea951d3..0603d16bd 100644 --- a/src/appl/bsd/login.M +++ b/src/appl/bsd/login.M @@ -39,7 +39,7 @@ pass hostname to rlogind. pass hostname to telnetd, etc. .TP \fB\-f\fP \fIname\fP -Perform pre-authenticated login, e.g., datakit, xterm, etc.; does not +Perform pre-authenticated login, e.g., datakit, xterm, etc.; allow preauthenticated login as root. .TP \fB\-F\fP \fIname\fP diff --git a/src/appl/bsd/login.c b/src/appl/bsd/login.c index 93573a48c..7514310cf 100644 --- a/src/appl/bsd/login.c +++ b/src/appl/bsd/login.c @@ -63,7 +63,7 @@ int login_accept_passwd = 0; * login -r hostname (for rlogind) * login -h hostname (for telnetd, etc.) * login -f name (for pre-authenticated login: datakit, xterm, etc., - * does not allow preauthenticated login as root) + * does allow preauthenticated login as root) * login -F name (for pre-authenticated login: datakit, xterm, etc., * allows preauthenticated login as root) * login -e name (for pre-authenticated encrypted, must do term @@ -1078,7 +1078,7 @@ afs_cleanup () } /* Main routines */ -#define EXCL_AUTH_TEST if (rflag || kflag || Kflag || eflag || fflag || Fflag ) { \ +#define EXCL_AUTH_TEST if (rflag || kflag || Kflag || eflag || fflag ) { \ fprintf(stderr, \ "login: only one of -r, -k, -K, -e, -F, and -f allowed.\n"); \ exit(1);\ @@ -1148,7 +1148,7 @@ int main(argc, argv) struct group *gr; int ch; char *p; - int fflag, hflag, pflag, rflag, Fflag, cnt; + int fflag, hflag, pflag, rflag, cnt; int kflag, Kflag, eflag; int quietlog, passwd_req, ioctlval; sigtype timedout(); @@ -1199,7 +1199,7 @@ int rewrite_ccache = 1; /*try to write out ccache*/ (void)gethostname(tbuf, sizeof(tbuf)); domain = strchr(tbuf, '.'); - Fflag = fflag = hflag = pflag = rflag = kflag = Kflag = eflag = 0; + fflag = hflag = pflag = rflag = kflag = Kflag = eflag = 0; passwd_req = 1; while ((ch = getopt(argc, argv, "Ffeh:pr:k:K:")) != EOF) switch (ch) { @@ -1209,7 +1209,7 @@ int rewrite_ccache = 1; /*try to write out ccache*/ break; case 'F': EXCL_AUTH_TEST; - Fflag = 1; + fflag = 1; break; case 'h': EXCL_HOST_TEST; @@ -1364,7 +1364,7 @@ int rewrite_ccache = 1; /*try to write out ccache*/ #endif /* KRB5_GET_TICKETS */ if (username == NULL) { - fflag = Fflag = 0; + fflag = 0; getloginname(); } @@ -1374,23 +1374,13 @@ int rewrite_ccache = 1; /*try to write out ccache*/ if (pwd == NULL || pwd->pw_uid) checknologin(); - /* - * Disallow automatic login to root. - * If not invoked by root, disallow if the uid's differ. - */ - if (fflag && pwd) { - int uid = (int) getuid(); - - passwd_req = - (pwd->pw_uid == 0 || (uid && uid != pwd->pw_uid)); - } /* * Allows automatic login by root. * If not invoked by root, disallow if the uid's differ. */ - if (Fflag && pwd) { + if (fflag && pwd) { int uid = (int) getuid(); passwd_req = (uid && uid != pwd->pw_uid); } @@ -1906,7 +1896,7 @@ int rewrite_ccache = 1; /*try to write out ccache*/ if (!quietlog) { #ifdef KRB4_KLOGIN - if (!krbflag && !fflag && !Fflag && !eflag ) + if (!krbflag && !fflag && !eflag ) printf("\nWarning: No Kerberos tickets obtained.\n\n"); #endif /* KRB4_KLOGIN */ motd (); @@ -2223,14 +2213,19 @@ void dolastlog(quiet, tty) char * stypeof(ttyid) - char *ttyid; + char *ttyid; { +char *cp = getenv("term"); + #ifndef HAVE_TTYENT_H - return(UNKNOWN); +if (cp) + return cp; +else return(UNKNOWN); #else struct ttyent *t; - - return(ttyid && (t = getttynam(ttyid)) ? t->ty_type : UNKNOWN); + if (cp) + return cp; + else return(ttyid && (t = getttynam(ttyid)) ? t->ty_type : UNKNOWN); #endif } -- 2.26.2