![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to in_tkt.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / krb|
Return to in_tkt.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / krb |
1.1 root 1: /*
2: * $Source: /usr/src/kerberosIV/krb/RCS/in_tkt.c,v $
3: * $Author: kfall $
4: *
5: * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
6: * of Technology.
7: *
8: * For copying and distribution information, please see the file
9: * <mit-copyright.h>.
10: */
11:
12: #ifndef lint
13: static char *rcsid_in_tkt_c =
14: "$Id: in_tkt.c,v 4.10 90/06/25 20:56:26 kfall Exp $";
15: #endif /* lint */
16:
17: #include <mit-copyright.h>
18: #include <stdio.h>
19: #include <des.h>
20: #include <krb.h>
21: #include <sys/file.h>
22: #include <sys/types.h>
23: #include <sys/stat.h>
24: #ifdef TKT_SHMEM
25: #include <sys/param.h>
26: #endif
27:
28: extern int krb_debug;
29:
30: /*
31: * in_tkt() is used to initialize the ticket store. It creates the
32: * file to contain the tickets and writes the given user's name "pname"
33: * and instance "pinst" in the file. in_tkt() returns KSUCCESS on
34: * success, or KFAILURE if something goes wrong.
35: */
36:
37: in_tkt(pname,pinst)
38: char *pname;
39: char *pinst;
40: {
41: int tktfile, creat();
42: uid_t me, metoo, getuid(), geteuid();
43: struct stat buf;
44: int count;
45: char *file = TKT_FILE;
46: int fd;
47: register int i;
48: char charbuf[BUFSIZ];
49: #ifdef TKT_SHMEM
50: char shmidname[MAXPATHLEN];
51: #endif /* TKT_SHMEM */
52:
53: me = getuid ();
54: metoo = geteuid();
55: if (lstat(file,&buf) == 0) {
56: if (buf.st_uid != me || !(buf.st_mode & S_IFREG) ||
57: buf.st_mode & 077) {
58: if (krb_debug)
59: fprintf(stderr,"Error initializing %s",file);
60: return(KFAILURE);
61: }
62: /* file already exists, and permissions appear ok, so nuke it */
63: if ((fd = open(file, O_RDWR, 0)) < 0)
64: goto out; /* can't zero it, but we can still try truncating it */
65:
66: bzero(charbuf, sizeof(charbuf));
67:
68: for (i = 0; i < buf.st_size; i += sizeof(charbuf))
69: if (write(fd, charbuf, sizeof(charbuf)) != sizeof(charbuf)) {
70: (void) fsync(fd);
71: (void) close(fd);
72: goto out;
73: }
74:
75: (void) fsync(fd);
76: (void) close(fd);
77: }
78: out:
79: /* arrange so the file is owned by the ruid
80: (swap real & effective uid if necessary).
81: This isn't a security problem, since the ticket file, if it already
82: exists, has the right uid (== ruid) and mode. */
83: if (me != metoo) {
84: if (setreuid(metoo, me) < 0) {
85: /* can't switch??? barf! */
86: if (krb_debug)
87: perror("in_tkt: setreuid");
88: return(KFAILURE);
89: } else
90: if (krb_debug)
91: printf("swapped UID's %d and %d\n",metoo,me);
92: }
93: if ((tktfile = creat(file,0600)) < 0) {
94: if (krb_debug)
95: fprintf(stderr,"Error initializing %s",TKT_FILE);
96: return(KFAILURE);
97: }
98: if (me != metoo) {
99: if (setreuid(me, metoo) < 0) {
100: /* can't switch??? barf! */
101: if (krb_debug)
102: perror("in_tkt: setreuid2");
103: return(KFAILURE);
104: } else
105: if (krb_debug)
106: printf("swapped UID's %d and %d\n",me,metoo);
107: }
108: if (lstat(file,&buf) < 0) {
109: if (krb_debug)
110: fprintf(stderr,"Error initializing %s",TKT_FILE);
111: return(KFAILURE);
112: }
113:
114: if (buf.st_uid != me || !(buf.st_mode & S_IFREG) ||
115: buf.st_mode & 077) {
116: if (krb_debug)
117: fprintf(stderr,"Error initializing %s",TKT_FILE);
118: return(KFAILURE);
119: }
120:
121: count = strlen(pname)+1;
122: if (write(tktfile,pname,count) != count) {
123: (void) close(tktfile);
124: return(KFAILURE);
125: }
126: count = strlen(pinst)+1;
127: if (write(tktfile,pinst,count) != count) {
128: (void) close(tktfile);
129: return(KFAILURE);
130: }
131: (void) close(tktfile);
132: #ifdef TKT_SHMEM
133: (void) strcpy(shmidname, file);
134: (void) strcat(shmidname, ".shm");
135: return(krb_shm_create(shmidname));
136: #else /* !TKT_SHMEM */
137: return(KSUCCESS);
138: #endif /* TKT_SHMEM */
139: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.