1130b656e5
This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
389 lines
8.9 KiB
C
389 lines
8.9 KiB
C
/*
|
|
* $FreeBSD$
|
|
* $Source: /home/ncvs/src/eBones/libexec/rkinitd/krb.c,v $
|
|
* $Author: gibbs $
|
|
*
|
|
* This file contains all of the kerberos part of rkinitd.
|
|
*/
|
|
|
|
#if !defined(lint) && !defined(SABER) && !defined(LOCORE) && defined(RCS_HDRS)
|
|
static char *rcsid = "$FreeBSD$";
|
|
#endif /* lint || SABER || LOCORE || RCS_HDRS */
|
|
|
|
#include <stdio.h>
|
|
#include <sys/types.h>
|
|
#include <errno.h>
|
|
#include <syslog.h>
|
|
#include <netinet/in.h>
|
|
#include <setjmp.h>
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
#include <pwd.h>
|
|
#include <krb.h>
|
|
#include <des.h>
|
|
|
|
#include <rkinit.h>
|
|
#include <rkinit_private.h>
|
|
#include <rkinit_err.h>
|
|
|
|
#include "rkinitd.h"
|
|
|
|
#define FAILURE (!RKINIT_SUCCESS)
|
|
|
|
extern int errno;
|
|
|
|
static char errbuf[BUFSIZ];
|
|
|
|
typedef struct {
|
|
jmp_buf env;
|
|
} rkinitd_intkt_info;
|
|
|
|
|
|
#if defined(_AIX) && defined(_IBMR2)
|
|
|
|
#include <sys/id.h>
|
|
|
|
/*
|
|
* The RIOS has bizzarre ideas about changing uids around. They are
|
|
* such that the seteuid and setruid calls here fail. For this reason
|
|
* we are replacing the seteuid and setruid calls.
|
|
*
|
|
* The bizzarre ideas are as follows:
|
|
*
|
|
* The effective ID may be changed only to the current real or
|
|
* saved IDs.
|
|
*
|
|
* The saved uid may be set only if the real and effective
|
|
* uids are being set to the same value.
|
|
*
|
|
* The real uid may be set only if the effective
|
|
* uid is being set to the same value.
|
|
*/
|
|
|
|
#ifdef __STDC__
|
|
static int setruid(uid_t ruid)
|
|
#else
|
|
static int setruid(ruid)
|
|
uid_t ruid;
|
|
#endif /* __STDC__ */
|
|
{
|
|
uid_t euid;
|
|
|
|
euid = geteuid();
|
|
|
|
if (setuidx(ID_REAL | ID_EFFECTIVE, ruid) == -1)
|
|
return (-1);
|
|
|
|
return (setuidx(ID_EFFECTIVE, euid));
|
|
}
|
|
|
|
|
|
#ifdef __STDC__
|
|
static int seteuid(uid_t euid)
|
|
#else
|
|
static int seteuid(euid)
|
|
uid_t euid;
|
|
#endif /* __STDC__ */
|
|
{
|
|
uid_t ruid;
|
|
|
|
ruid = getuid();
|
|
|
|
if (setuidx(ID_SAVED | ID_REAL | ID_EFFECTIVE, euid) == -1)
|
|
return (-1);
|
|
|
|
return (setruid(ruid));
|
|
}
|
|
|
|
|
|
#ifdef __STDC__
|
|
static int setreuid(uid_t ruid, uid_t euid)
|
|
#else
|
|
static int setreuid(ruid, euid)
|
|
uid_t ruid;
|
|
uid_t euid;
|
|
#endif /* __STDC__ */
|
|
{
|
|
if (seteuid(euid) == -1)
|
|
return (-1);
|
|
|
|
return (setruid(ruid));
|
|
}
|
|
|
|
|
|
#ifdef __STDC__
|
|
static int setuid(uid_t uid)
|
|
#else
|
|
static int setuid(uid)
|
|
uid_t uid;
|
|
#endif /* __STDC__ */
|
|
{
|
|
return (setreuid(uid, uid));
|
|
}
|
|
|
|
#endif /* RIOS */
|
|
|
|
|
|
#ifdef __STDC__
|
|
static void this_phost(char *host, int hostlen)
|
|
#else
|
|
static void this_phost(host, hostlen)
|
|
char *host;
|
|
int hostlen;
|
|
#endif /* __STDC__ */
|
|
{
|
|
char this_host[MAXHOSTNAMELEN + 1];
|
|
|
|
BCLEAR(this_host);
|
|
|
|
if (gethostname(this_host, sizeof(this_host)) < 0) {
|
|
sprintf(errbuf, "gethostname: %s", sys_errlist[errno]);
|
|
rkinit_errmsg(errbuf);
|
|
error();
|
|
exit(1);
|
|
}
|
|
|
|
strncpy(host, krb_get_phost(this_host), hostlen - 1);
|
|
}
|
|
|
|
#ifdef __STDC__
|
|
static int decrypt_tkt(char *user, char *instance, char *realm, char *arg,
|
|
int (*key_proc)(), KTEXT *cipp)
|
|
#else
|
|
static int decrypt_tkt(user, instance, realm, arg, key_proc, cipp)
|
|
char *user;
|
|
char *instance;
|
|
char *realm;
|
|
char *arg;
|
|
int (*key_proc)();
|
|
KTEXT *cipp;
|
|
#endif /* __STDC__ */
|
|
{
|
|
MSG_DAT msg_data; /* Message data containing decrypted data */
|
|
KTEXT_ST auth; /* Authenticator */
|
|
AUTH_DAT auth_dat; /* Authentication data */
|
|
KTEXT cip = *cipp;
|
|
MSG_DAT scip;
|
|
int status = 0;
|
|
des_cblock key;
|
|
des_key_schedule sched;
|
|
char phost[MAXHOSTNAMELEN + 1];
|
|
struct sockaddr_in caddr; /* client internet address */
|
|
struct sockaddr_in saddr; /* server internet address */
|
|
|
|
rkinitd_intkt_info *rii = (rkinitd_intkt_info *)arg;
|
|
|
|
u_char enc_data[MAX_KTXT_LEN];
|
|
|
|
SBCLEAR(auth);
|
|
SBCLEAR(auth_dat);
|
|
SBCLEAR(scip);
|
|
BCLEAR(enc_data);
|
|
|
|
scip.app_data = enc_data;
|
|
|
|
/*
|
|
* Exchange with the client our response from the KDC (ticket encrypted
|
|
* in user's private key) for the same ticket encrypted in our
|
|
* (not yet known) session key.
|
|
*/
|
|
|
|
rpc_exchange_tkt(cip, &scip);
|
|
|
|
/*
|
|
* Get the authenticator
|
|
*/
|
|
|
|
SBCLEAR(auth);
|
|
|
|
rpc_getauth(&auth, &caddr, &saddr);
|
|
|
|
/*
|
|
* Decode authenticator and extract session key. The first zero
|
|
* means we don't care what host this comes from. This needs to
|
|
* be done with euid of root so that /etc/srvtab can be read.
|
|
*/
|
|
|
|
BCLEAR(phost);
|
|
this_phost(phost, sizeof(phost));
|
|
|
|
/*
|
|
* This function has to use longjmp to return to the caller
|
|
* because the kerberos library routine that calls it doesn't
|
|
* pay attention to the return value it gives. That means that
|
|
* if any of these routines failed, the error returned to the client
|
|
* would be "password incorrect".
|
|
*/
|
|
|
|
if ((status = krb_rd_req(&auth, KEY, phost, caddr.sin_addr.s_addr,
|
|
&auth_dat, KEYFILE))) {
|
|
sprintf(errbuf, "krb_rd_req: %s", krb_err_txt[status]);
|
|
rkinit_errmsg(errbuf);
|
|
longjmp(rii->env, status);
|
|
}
|
|
|
|
bcopy(auth_dat.session, key, sizeof(key));
|
|
if (des_key_sched(&key, sched)) {
|
|
sprintf(errbuf, "Error in des_key_sched");
|
|
rkinit_errmsg(errbuf);
|
|
longjmp(rii->env, RKINIT_DES);
|
|
}
|
|
|
|
/* Decrypt the data. */
|
|
if ((status =
|
|
krb_rd_priv((u_char *)scip.app_data, scip.app_length,
|
|
sched, key, &caddr, &saddr, &msg_data)) == KSUCCESS) {
|
|
cip->length = msg_data.app_length;
|
|
bcopy(msg_data.app_data, cip->dat, msg_data.app_length);
|
|
cip->dat[cip->length] = 0;
|
|
}
|
|
else {
|
|
sprintf(errbuf, "krb_rd_priv: %s", krb_err_txt[status]);
|
|
rkinit_errmsg(errbuf);
|
|
longjmp(rii->env, status);
|
|
}
|
|
|
|
return(status);
|
|
}
|
|
|
|
#ifdef __STDC__
|
|
static int validate_user(char *aname, char *inst, char *realm,
|
|
char *username, char *errmsg)
|
|
#else
|
|
static int validate_user(aname, inst, realm, username, errmsg)
|
|
char *aname;
|
|
char *inst;
|
|
char *realm;
|
|
char *username;
|
|
char *errmsg;
|
|
#endif /* __STDC__ */
|
|
{
|
|
struct passwd *pwnam; /* For access_check and uid */
|
|
AUTH_DAT auth_dat;
|
|
int kstatus = KSUCCESS;
|
|
|
|
SBCLEAR(auth_dat);
|
|
|
|
if ((pwnam = getpwnam(username)) == NULL) {
|
|
sprintf(errmsg, "%s does not exist on the remote host.", username);
|
|
return(FAILURE);
|
|
}
|
|
|
|
strcpy(auth_dat.pname, aname);
|
|
strcpy(auth_dat.pinst, inst);
|
|
strcpy(auth_dat.prealm, realm);
|
|
|
|
if (seteuid(pwnam->pw_uid) < 0) {
|
|
sprintf(errmsg, "Failure setting euid to %d: %s\n", pwnam->pw_uid,
|
|
sys_errlist[errno]);
|
|
strcpy(errbuf, errmsg);
|
|
error();
|
|
return(FAILURE);
|
|
}
|
|
kstatus = kuserok(&auth_dat, username);
|
|
if (seteuid(0) < 0) {
|
|
sprintf(errmsg, "Failure setting euid to 0: %s\n",
|
|
sys_errlist[errno]);
|
|
strcpy(errbuf, errmsg);
|
|
error();
|
|
return(FAILURE);
|
|
}
|
|
|
|
if (kstatus != KSUCCESS) {
|
|
sprintf(errmsg, "%s has not allowed you to log in with", username);
|
|
if (strlen(auth_dat.pinst))
|
|
sprintf(errmsg, "%s %s.%s", errmsg, auth_dat.pname,
|
|
auth_dat.pinst);
|
|
else
|
|
sprintf(errmsg, "%s %s", errmsg, auth_dat.pname);
|
|
sprintf(errmsg, "%s@%s tickets.", errmsg, auth_dat.prealm);
|
|
return(FAILURE);
|
|
}
|
|
|
|
/*
|
|
* Set real uid to owner of ticket file. The library takes care
|
|
* of making the appropriate change.
|
|
*/
|
|
if (setruid(pwnam->pw_uid) < 0) {
|
|
sprintf(errmsg, "Failure setting ruid to %d: %s\n", pwnam->pw_uid,
|
|
sys_errlist[errno]);
|
|
strcpy(errbuf, errmsg);
|
|
error();
|
|
return(FAILURE);
|
|
}
|
|
|
|
return(RKINIT_SUCCESS);
|
|
}
|
|
|
|
#ifdef __STDC__
|
|
int get_tickets(int version)
|
|
#else
|
|
int get_tickets(version)
|
|
int version;
|
|
#endif /* __STDC__ */
|
|
{
|
|
rkinit_info info;
|
|
AUTH_DAT auth_dat;
|
|
|
|
int status;
|
|
char errmsg[BUFSIZ]; /* error message for client */
|
|
|
|
rkinitd_intkt_info rii;
|
|
|
|
SBCLEAR(info);
|
|
SBCLEAR(auth_dat);
|
|
BCLEAR(errmsg);
|
|
SBCLEAR(rii);
|
|
|
|
rpc_get_rkinit_info(&info);
|
|
|
|
/*
|
|
* The validate_user routine makes sure that the principal in question
|
|
* is allowed to log in as username, and if so, does a setuid(localuid).
|
|
* If there is an access violation or an error in setting the uid,
|
|
* an error is returned and the string errmsg is initialized with
|
|
* an error message that will be sent back to the client.
|
|
*/
|
|
if ((status = validate_user(info.aname, info.inst, info.realm,
|
|
info.username, errmsg)) != RKINIT_SUCCESS) {
|
|
rpc_send_error(errmsg);
|
|
exit(0);
|
|
}
|
|
else
|
|
rpc_send_success();
|
|
|
|
/*
|
|
* If the name of a ticket file was specified, set it; otherwise,
|
|
* just use the default.
|
|
*/
|
|
if (strlen(info.tktfilename))
|
|
krb_set_tkt_string(info.tktfilename);
|
|
|
|
/*
|
|
* Call internal kerberos library routine so that we can supply
|
|
* our own ticket decryption routine.
|
|
*/
|
|
|
|
/*
|
|
* We need a setjmp here because krb_get_in_tkt ignores the
|
|
* return value of decrypt_tkt. Thus if we want any of its
|
|
* return values to reach the client, we have to jump out of
|
|
* the routine.
|
|
*/
|
|
|
|
if (setjmp(rii.env) == 0) {
|
|
if ((status = krb_get_in_tkt(info.aname, info.inst, info.realm,
|
|
info.sname, info.sinst, info.lifetime,
|
|
NULL, decrypt_tkt, (char *)&rii))) {
|
|
strcpy(errmsg, krb_err_txt[status]);
|
|
rpc_send_error(errmsg);
|
|
}
|
|
else
|
|
rpc_send_success();
|
|
}
|
|
else
|
|
rpc_send_error(errbuf);
|
|
|
|
return(RKINIT_SUCCESS);
|
|
}
|