![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to in_tkt.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / krb|
Return to in_tkt.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / krb |
1.1 ! root 1: /* ! 2: * $Source: /usr/src/kerberosIV/krb/RCS/in_tkt.c,v $ ! 3: * $Author: kfall $ ! 4: * ! 5: * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute ! 6: * of Technology. ! 7: * ! 8: * For copying and distribution information, please see the file ! 9: * <mit-copyright.h>. ! 10: */ ! 11: ! 12: #ifndef lint ! 13: static char *rcsid_in_tkt_c = ! 14: "$Id: in_tkt.c,v 4.10 90/06/25 20:56:26 kfall Exp $"; ! 15: #endif /* lint */ ! 16: ! 17: #include <mit-copyright.h> ! 18: #include <stdio.h> ! 19: #include <des.h> ! 20: #include <krb.h> ! 21: #include <sys/file.h> ! 22: #include <sys/types.h> ! 23: #include <sys/stat.h> ! 24: #ifdef TKT_SHMEM ! 25: #include <sys/param.h> ! 26: #endif ! 27: ! 28: extern int krb_debug; ! 29: ! 30: /* ! 31: * in_tkt() is used to initialize the ticket store. It creates the ! 32: * file to contain the tickets and writes the given user's name "pname" ! 33: * and instance "pinst" in the file. in_tkt() returns KSUCCESS on ! 34: * success, or KFAILURE if something goes wrong. ! 35: */ ! 36: ! 37: in_tkt(pname,pinst) ! 38: char *pname; ! 39: char *pinst; ! 40: { ! 41: int tktfile, creat(); ! 42: uid_t me, metoo, getuid(), geteuid(); ! 43: struct stat buf; ! 44: int count; ! 45: char *file = TKT_FILE; ! 46: int fd; ! 47: register int i; ! 48: char charbuf[BUFSIZ]; ! 49: #ifdef TKT_SHMEM ! 50: char shmidname[MAXPATHLEN]; ! 51: #endif /* TKT_SHMEM */ ! 52: ! 53: me = getuid (); ! 54: metoo = geteuid(); ! 55: if (lstat(file,&buf) == 0) { ! 56: if (buf.st_uid != me || !(buf.st_mode & S_IFREG) || ! 57: buf.st_mode & 077) { ! 58: if (krb_debug) ! 59: fprintf(stderr,"Error initializing %s",file); ! 60: return(KFAILURE); ! 61: } ! 62: /* file already exists, and permissions appear ok, so nuke it */ ! 63: if ((fd = open(file, O_RDWR, 0)) < 0) ! 64: goto out; /* can't zero it, but we can still try truncating it */ ! 65: ! 66: bzero(charbuf, sizeof(charbuf)); ! 67: ! 68: for (i = 0; i < buf.st_size; i += sizeof(charbuf)) ! 69: if (write(fd, charbuf, sizeof(charbuf)) != sizeof(charbuf)) { ! 70: (void) fsync(fd); ! 71: (void) close(fd); ! 72: goto out; ! 73: } ! 74: ! 75: (void) fsync(fd); ! 76: (void) close(fd); ! 77: } ! 78: out: ! 79: /* arrange so the file is owned by the ruid ! 80: (swap real & effective uid if necessary). ! 81: This isn't a security problem, since the ticket file, if it already ! 82: exists, has the right uid (== ruid) and mode. */ ! 83: if (me != metoo) { ! 84: if (setreuid(metoo, me) < 0) { ! 85: /* can't switch??? barf! */ ! 86: if (krb_debug) ! 87: perror("in_tkt: setreuid"); ! 88: return(KFAILURE); ! 89: } else ! 90: if (krb_debug) ! 91: printf("swapped UID's %d and %d\n",metoo,me); ! 92: } ! 93: if ((tktfile = creat(file,0600)) < 0) { ! 94: if (krb_debug) ! 95: fprintf(stderr,"Error initializing %s",TKT_FILE); ! 96: return(KFAILURE); ! 97: } ! 98: if (me != metoo) { ! 99: if (setreuid(me, metoo) < 0) { ! 100: /* can't switch??? barf! */ ! 101: if (krb_debug) ! 102: perror("in_tkt: setreuid2"); ! 103: return(KFAILURE); ! 104: } else ! 105: if (krb_debug) ! 106: printf("swapped UID's %d and %d\n",me,metoo); ! 107: } ! 108: if (lstat(file,&buf) < 0) { ! 109: if (krb_debug) ! 110: fprintf(stderr,"Error initializing %s",TKT_FILE); ! 111: return(KFAILURE); ! 112: } ! 113: ! 114: if (buf.st_uid != me || !(buf.st_mode & S_IFREG) || ! 115: buf.st_mode & 077) { ! 116: if (krb_debug) ! 117: fprintf(stderr,"Error initializing %s",TKT_FILE); ! 118: return(KFAILURE); ! 119: } ! 120: ! 121: count = strlen(pname)+1; ! 122: if (write(tktfile,pname,count) != count) { ! 123: (void) close(tktfile); ! 124: return(KFAILURE); ! 125: } ! 126: count = strlen(pinst)+1; ! 127: if (write(tktfile,pinst,count) != count) { ! 128: (void) close(tktfile); ! 129: return(KFAILURE); ! 130: } ! 131: (void) close(tktfile); ! 132: #ifdef TKT_SHMEM ! 133: (void) strcpy(shmidname, file); ! 134: (void) strcat(shmidname, ".shm"); ! 135: return(krb_shm_create(shmidname)); ! 136: #else /* !TKT_SHMEM */ ! 137: return(KSUCCESS); ! 138: #endif /* TKT_SHMEM */ ! 139: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.