diff options
Diffstat (limited to 'src/appl/bsd/login.c')
-rw-r--r-- | src/appl/bsd/login.c | 105 |
1 files changed, 63 insertions, 42 deletions
diff --git a/src/appl/bsd/login.c b/src/appl/bsd/login.c index 40af3ce..13e8181 100644 --- a/src/appl/bsd/login.c +++ b/src/appl/bsd/login.c @@ -517,6 +517,7 @@ void k_init (ttyn) if (!getenv(KRB5_ENV_CCNAME)) { sprintf(ccfile, "FILE:/tmp/krb5cc_p%d", getpid()); setenv(KRB5_ENV_CCNAME, ccfile, 1); + krb5_cc_set_default_name(kcontext, ccfile); unlink(ccfile+strlen("FILE:")); } else { /* note it correctly */ @@ -619,9 +620,10 @@ int have_v5_tickets (me) #endif /* KRB5_GET_TICKETS */ #ifdef KRB4_CONVERT -try_convert524 (kcontext, me) - krb5_context kcontext; - krb5_principal me; +try_convert524(kcontext, me, use_ccache) + krb5_context kcontext; + krb5_principal me; + int use_ccache; { krb5_principal kpcserver; krb5_error_code kpccode; @@ -632,38 +634,45 @@ try_convert524 (kcontext, me) /* or do this directly with krb524_convert_creds_kdc */ krb524_init_ets(kcontext); - /* cc->ccache, already set up */ - /* client->me, already set up */ - if ((kpccode = krb5_build_principal(kcontext, - &kpcserver, - krb5_princ_realm(kcontext, me)->length, - krb5_princ_realm(kcontext, me)->data, - "krbtgt", - krb5_princ_realm(kcontext, me)->data, - NULL))) { - com_err("login/v4", kpccode, - "while creating service principal name"); - return 0; - } - memset((char *) &increds, 0, sizeof(increds)); - increds.client = me; - increds.server = kpcserver; - increds.times.endtime = 0; - increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC; - if ((kpccode = krb5_get_credentials(kcontext, 0, - ccache, - &increds, - &v5creds))) { - com_err("login/v4", kpccode, - "getting V5 credentials"); - return 0; - } - if ((kpccode = krb524_convert_creds_kdc(kcontext, - v5creds, - &v4creds))) { - com_err("login/v4", kpccode, - "converting to V4 credentials"); + /* If we have forwarded v5 tickets, retrieve the credentials from + * the cache; otherwise, the v5 credentials are in my_creds. + */ + if (use_ccache) { + /* cc->ccache, already set up */ + /* client->me, already set up */ + kpccode = krb5_build_principal(kcontext, &kpcserver, + krb5_princ_realm(kcontext, me)->length, + krb5_princ_realm(kcontext, me)->data, + "krbtgt", + krb5_princ_realm(kcontext, me)->data, + NULL); + if (kpccode) { + com_err("login/v4", kpccode, + "while creating service principal name"); + return 0; + } + + memset((char *) &increds, 0, sizeof(increds)); + increds.client = me; + increds.server = kpcserver; + increds.times.endtime = 0; + increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC; + kpccode = krb5_get_credentials(kcontext, 0, ccache, + &increds, &v5creds); + krb5_free_principal(kcontext, kpcserver); + increds.server = NULL; + if (kpccode) { + com_err("login/v4", kpccode, "getting V5 credentials"); + return 0; + } + + kpccode = krb524_convert_creds_kdc(kcontext, v5creds, &v4creds); + krb5_free_creds(kcontext, v5creds); + } else + kpccode = krb524_convert_creds_kdc(kcontext, &my_creds, &v4creds); + if (kpccode) { + com_err("login/v4", kpccode, "converting to V4 credentials"); return 0; } /* this is stolen from the v4 kinit */ @@ -913,8 +922,9 @@ afs_login () struct stat st; /* construct the name */ /* get this from profile later */ - strcpy (aklog_path, KPROGDIR); - strcat (aklog_path, "/aklog"); + aklog_path[sizeof(aklog_path) - 1] = '\0'; + strncpy (aklog_path, KPROGDIR, sizeof(aklog_path) - 1); + strncat (aklog_path, "/aklog", sizeof(aklog_path) - 1 - strlen(aklog_path)); /* only run it if we can find it */ if (stat (aklog_path, &st) == 0) { system(aklog_path); @@ -1145,8 +1155,13 @@ int main(argc, argv) } argc -= optind; argv += optind; - if (*argv) - username = *argv; + /* Throw away too-long names, they can't be usernames. */ + if (*argv) { + if (strlen (*argv) <= UT_NAMESIZE) + username = *argv; + else + fprintf (stderr, "login name '%s' too long\n", *argv); + } #if !defined(POSIX_TERMIOS) && defined(TIOCLSET) ioctlval = 0; @@ -1448,7 +1463,7 @@ int main(argc, argv) #if defined(KRB5_GET_TICKETS) && defined(KRB4_CONVERT) if (login_krb4_convert && !got_v4_tickets) { if (got_v5_tickets||forwarded_v5_tickets) - try_convert524 (kcontext, me); + try_convert524(kcontext, me, forwarded_v5_tickets); } #endif @@ -1746,8 +1761,10 @@ int main(argc, argv) #ifdef KRB5_GET_TICKETS /* ccfile[0] is only set if we got tickets above */ - if (login_krb5_get_tickets && ccfile[0]) + if (login_krb5_get_tickets && ccfile[0]) { (void) setenv(KRB5_ENV_CCNAME, ccfile, 1); + krb5_cc_set_default_name(kcontext, ccfile); + } #endif /* KRB5_GET_TICKETS */ if (tty[sizeof("tty")-1] == 'd') @@ -2086,6 +2103,7 @@ void dolastlog(quiet, tty) { #if defined(HAVE_LASTLOG_H) || (defined(BSD) && (BSD >= 199103)) struct lastlog ll; + time_t lltime; int fd; if ((fd = open(LASTLOG, O_RDWR, 0)) >= 0) { @@ -2094,7 +2112,9 @@ void dolastlog(quiet, tty) if ((read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll)) && (ll.ll_time != 0)) { - printf("Last login: %.*s ", 24-5, (char *)ctime(&ll.ll_time)); + /* .ll_time may not be a time_t. */ + lltime = ll.ll_time; + printf("Last login: %.*s ", 24-5, (char *)ctime(&lltime)); if (*ll.ll_host != '\0') printf("from %.*s\n", sizeof(ll.ll_host), ll.ll_host); @@ -2103,7 +2123,8 @@ void dolastlog(quiet, tty) } (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET); } - (void) time(&ll.ll_time); + (void) time(&lltime); + ll.ll_time = lltime; (void) strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); ll.ll_line[sizeof(ll.ll_line) - 1] = '\0'; |