source: trunk/server/common/patches/krb5-kuserok-scripts.patch @ 1191

Last change on this file since 1191 was 1069, checked in by mitchb, 15 years ago
Updates to the build system for krb5 Allow us to build with patches for CVE-2009-0844 through CVE-2009-0847
File size: 3.8 KB
  • krb5-1.6.3/src/lib/krb5/os/kuserok.c

    # scripts.mit.edu krb5 kuserok patch
    # Copyright (C) 2006  Tim Abbott <tabbott@mit.edu>
    #
    # This program is free software; you can redistribute it and/or
    # modify it under the terms of the GNU General Public License
    # as published by the Free Software Foundation; either version 2
    # of the License, or (at your option) any later version.
    #
    # This program is distributed in the hope that it will be useful,
    # but WITHOUT ANY WARRANTY; without even the implied warranty of
    # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    # GNU General Public License for more details.
    #
    # You should have received a copy of the GNU General Public License
    # along with this program; if not, write to the Free Software
    # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
    #
    # See /COPYRIGHT in this repository for more information.
    #
    old new  
    3131#if !defined(_WIN32)            /* Not yet for Windows */
    3232#include <stdio.h>
    3333#include <pwd.h>
     34#include <sys/wait.h>
    3435
    3536#if defined(_AIX) && defined(_IBMR2)
    3637#include <sys/access.h>
     
    7172{
    7273    struct stat sbuf;
    7374    struct passwd *pwd;
    74     char pbuf[MAXPATHLEN];
    7575    krb5_boolean isok = FALSE;
    7676    FILE *fp;
    7777    char kuser[MAX_USERNAME];
     
    7979    char linebuf[BUFSIZ];
    8080    char *newline;
    8181    int gobble;
     82    int pid, status;
    8283
    8384    /* no account => no access */
    8485    char pwbuf[BUFSIZ];
    8586    struct passwd pwx;
    8687    if (k5_getpwnam_r(luser, &pwx, pwbuf, sizeof(pwbuf), &pwd) != 0)
    8788        return(FALSE);
    88     (void) strncpy(pbuf, pwd->pw_dir, sizeof(pbuf) - 1);
    89     pbuf[sizeof(pbuf) - 1] = '\0';
    90     (void) strncat(pbuf, "/.k5login", sizeof(pbuf) - 1 - strlen(pbuf));
    91 
    92     if (access(pbuf, F_OK)) {    /* not accessible */
    93         /*
    94          * if he's trying to log in as himself, and there is no .k5login file,
    95          * let him.  To find out, call
    96          * krb5_aname_to_localname to convert the principal to a name
    97          * which we can string compare.
    98          */
    99         if (!(krb5_aname_to_localname(context, principal,
    100                                       sizeof(kuser), kuser))
    101             && (strcmp(kuser, luser) == 0)) {
    102             return(TRUE);
    103         }
    104     }
    10589    if (krb5_unparse_name(context, principal, &princname))
    10690        return(FALSE);                  /* no hope of matching */
    10791
    108     /* open ~/.k5login */
    109     if ((fp = fopen(pbuf, "r")) == NULL) {
    110         free(princname);
    111         return(FALSE);
    112     }
    113     /*
    114      * For security reasons, the .k5login file must be owned either by
    115      * the user himself, or by root.  Otherwise, don't grant access.
    116      */
    117     if (fstat(fileno(fp), &sbuf)) {
    118         fclose(fp);
    119         free(princname);
    120         return(FALSE);
     92    if ((pid = fork()) == -1) {
     93       free(princname);
     94       return(FALSE);
    12195    }
    122     if (sbuf.st_uid != pwd->pw_uid && !FILE_OWNER_OK(sbuf.st_uid)) {
    123         fclose(fp);
    124         free(princname);
    125         return(FALSE);
     96    if (pid == 0) {
     97       char *args[4];
     98#define ADMOF_PATH "/usr/local/sbin/ssh-admof"
     99       args[0] = ADMOF_PATH;
     100       args[1] = (char *) luser;
     101       args[2] = princname;
     102       args[3] = NULL;
     103       execv(ADMOF_PATH, args);
     104       exit(1);
    126105    }
    127 
    128     /* check each line */
    129     while (!isok && (fgets(linebuf, BUFSIZ, fp) != NULL)) {
    130         /* null-terminate the input string */
    131         linebuf[BUFSIZ-1] = '\0';
    132         newline = NULL;
    133         /* nuke the newline if it exists */
    134         if ((newline = strchr(linebuf, '\n')))
    135             *newline = '\0';
    136         if (!strcmp(linebuf, princname)) {
    137             isok = TRUE;
    138             continue;
    139         }
    140         /* clean up the rest of the line if necessary */
    141         if (!newline)
    142             while (((gobble = getc(fp)) != EOF) && gobble != '\n');
     106    if (waitpid(pid, &status, 0) > 0 && WIFEXITED(status) && WEXITSTATUS(status) == 33) {
     107       isok=TRUE;
    143108    }
     109   
    144110    free(princname);
    145     fclose(fp);
    146111    return(isok);
    147112}
    148113
Note: See TracBrowser for help on using the repository browser.