Don't use setreuid() to play games with the real uid, since not all

systems have setreuid().  This method of communicating to in_tkt what
the correct owner of the ticket file is completely broken, anyway.  We
skip the setreuid() entirely, and then chown the ticket file to the
correct owner and group afterwards.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5650 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 5 insertions, 19 deletions

diff --git a/src/appl/bsd/login.c b/src/appl/bsd/login.c
index 0b8857b3c..4d618e6db 100644
--- a/src/appl/bsd/login.c
+++ b/src/appl/bsd/login.c
@@ -616,21 +616,8 @@ int main(argc, argv)
 		    _res.retrans = 1;
 #endif /* BIND_HACK */
 
-#ifdef _IBMR2
-		    krbval = setuidx(ID_REAL|ID_EFFECTIVE, pwd->pw_uid);
-#else
-		    krbval = setreuid(pwd->pw_uid, -1);
-#endif
-		    if (krbval) {
-			/* can't set ruid to user! */
-			krbval = -1;
-			fprintf(stderr,
-				"login: Can't set ruid for ticket file.\n");
-		    } else
-			krbval = krb_get_pw_in_tkt(username, "",
-						   realm, "krbtgt",
-						   realm,
-						   DEFAULT_TKT_LIFE, pp2);
+		    krbval = krb_get_pw_in_tkt(username, "", realm, "krbtgt",
+					       realm, DEFAULT_TKT_LIFE, pp2);
 		    memset (pp2, 0, sizeof(pp2));
 #ifdef HAVE_SETPRIORITY
 		    (void) setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET);
@@ -639,6 +626,8 @@ int main(argc, argv)
 		    case INTK_OK:
 			kpass_ok = 1;
 			krbflag = 1;
+			strcpy(tkfile, tkt_string());
+			(void) chown(tkfile, pwd->pw_uid, pwd->pw_gid);
 			break;	
 
 		    /* These errors should be silent */
@@ -798,10 +787,7 @@ bad_login:
 
 	(void)chown(ttyn, pwd->pw_uid,
 	    (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
-#ifdef KRB4
-	if(krbflag)
-	    (void) chown(getenv(KRB_ENVIRON), pwd->pw_uid, pwd->pw_gid);
-#endif
+
 	(void)chmod(ttyn, 0620);
 #ifdef KRB4
 #ifdef SETPAG