* Use login.krb5 -f from klogind

* Allow login.krb5 -f to authorize root login. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9135 dc483132-0cff-0310-8789-dd5450dbe970
author: Sam Hartman <hartmans@mit.edu> 1996-09-30 21:22:45 +0000
committer: Sam Hartman <hartmans@mit.edu> 1996-09-30 21:22:45 +0000
commit: d46ff3c8d486b6927d03637e9e625318db28e826 (patch)
tree: 21e02c13e5abc072068c83ce3da9698906303405 /src
parent: 604f893487b2e572833db835a2388ff9d41e0e49 (diff)
download: krb5-d46ff3c8d486b6927d03637e9e625318db28e826.tar.gz
krb5-d46ff3c8d486b6927d03637e9e625318db28e826.tar.xz
krb5-d46ff3c8d486b6927d03637e9e625318db28e826.zip
4 files changed, 37 insertions, 39 deletions
diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog
index 7c6ef6278..44453312c 100644
--- a/src/appl/bsd/ChangeLog
+++ b/src/appl/bsd/ChangeLog
@@ -1,3 +1,14 @@
+Mon Sep 30 17:15:14 1996  Sam Hartman  <hartmans@mit.edu>
+
+	* login.c: Allow login -f to let you log in as root.
+
+Mon Sep 30 16:22:48 1996  Sam Hartman  <hartmans@tertius.mit.edu>
+
+	* login.c (stypeof): If TERM environment variable set, use it.
+
+	* krlogind.c (doit): Do not use login -E; no one supports it
+        besides login.krb5which also supports -f.
+
 Sun Sep 29 20:49:47 1996  Sam Hartman  <hartmans@mit.edu>
 
 	* login.c: Fix so it works with --without-krb4 option
diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c
index 2327ba85a..d878e1eba 100644
--- a/src/appl/bsd/krlogind.c
+++ b/src/appl/bsd/krlogind.c
@@ -45,7 +45,7 @@ char copyright[] =
  * 3) Prompt for password if any checks fail, or if so configured.
  * Allow login if all goes well either by calling the accompanying 
  * login.krb5 or /bin/login, according to the definition of 
- * DO_NOT_USE_K_LOGIN.
+ * DO_NOT_USE_K_LOGIN.l
  * 
  * The configuration is done either by command-line arguments passed by 
  * inetd, or by the name of the daemon. If command-line arguments are
@@ -94,7 +94,7 @@ char copyright[] =
  */
 #define LOG_REMOTE_REALM
 #define CRYPT
-
+#define USE_LOGIN_F
 
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
@@ -507,8 +507,8 @@ struct winsize win = { 0, 0, 0, 0 };
 int pid; /* child process id */
 
 void doit(f, fromp)
-     int f;
-     struct sockaddr_in *fromp;
+  int f;
+  struct sockaddr_in *fromp;
 {
     int p, t, on = 1;
     register struct hostent *hp;
@@ -622,7 +622,7 @@ int syncpipe[2];
 
 #if defined(POSIX_TERMIOS) && !defined(ultrix)
 	tcgetattr(t,&new_termio);
-#if !(defined(DO_NOT_USE_K_LOGIN)&&defined(USE_LOGIN_F))
+#if !defined(USE_LOGIN_F)
 	new_termio.c_lflag &=  ~(ICANON|ECHO|ISIG|IEXTEN);
 	new_termio.c_iflag &= ~(IXON|IXANY|BRKINT|INLCR|ICRNL);
 #else
@@ -714,7 +714,6 @@ int syncpipe[2];
 	}
 #endif
 
-#ifdef DO_NOT_USE_K_LOGIN
 #ifdef USE_LOGIN_F
 /* use the vendors login, which has -p and -f. Tested on 
  * AIX 4.1.4 and HPUX 10 
@@ -735,12 +734,6 @@ int syncpipe[2];
 #else /* USE_LOGIN_F */
 	execl(login_program, "login", "-r", rhost_name, 0);
 #endif /* USE_LOGIN_F */
-#else
-	if (passwd_req)
-	  execl(login_program, "login","-h", rhost_name, lusername, 0);
-	else
-	  execl(login_program, "login", "-h", rhost_name, "-e", lusername, 0);
-#endif
 	
 	fatalperror(2, login_program);
 	/*NOTREACHED*/
@@ -791,12 +784,10 @@ int syncpipe[2];
 #endif
 
     
-#if defined(DO_NOT_USE_K_LOGIN)&&!defined(USE_LOGIN_F)
+#if!defined(USE_LOGIN_F)
     /* Pass down rusername and lusername to login. */
     (void) write(p, rusername, strlen(rusername) +1);
     (void) write(p, lusername, strlen(lusername) +1);
-#endif
-#if !defined(DO_NOT_USE_K_LOGIN) || !defined(USE_LOGIN_F) 
     /* stuff term info down to login */
     if ((write(p, term, strlen(term)+1) != (int) strlen(term)+1)) {
 	/*
@@ -805,7 +796,8 @@ int syncpipe[2];
 	sprintf(buferror,"Cannot write slave pty %s ",line);
 	fatalperror(f,buferror);
     }
-#endif /* DO_NOT_USE_K_LOGIN && USE_LOGIN_F */
+
+#endif
     protocol(f, p);
     signal(SIGCHLD, SIG_IGN);
     cleanup();
diff --git a/src/appl/bsd/login.M b/src/appl/bsd/login.M
index b6ea951d3..0603d16bd 100644
--- a/src/appl/bsd/login.M
+++ b/src/appl/bsd/login.M
@@ -39,7 +39,7 @@ pass hostname to rlogind.
 pass hostname to telnetd, etc.
 .TP
 \fB\-f\fP \fIname\fP
-Perform pre-authenticated login, e.g., datakit, xterm, etc.; does not
+Perform pre-authenticated login, e.g., datakit, xterm, etc.; 
 allow preauthenticated login as root.
 .TP
 \fB\-F\fP \fIname\fP
diff --git a/src/appl/bsd/login.c b/src/appl/bsd/login.c
index 93573a48c..7514310cf 100644
--- a/src/appl/bsd/login.c
+++ b/src/appl/bsd/login.c
@@ -63,7 +63,7 @@ int login_accept_passwd = 0;
  * login -r hostname	(for rlogind)
  * login -h hostname	(for telnetd, etc.)
  * login -f name	(for pre-authenticated login: datakit, xterm, etc.,
- *			 does not allow preauthenticated login as root)
+ *			 does allow preauthenticated login as root)
  * login -F name	(for pre-authenticated login: datakit, xterm, etc.,
  *			 allows preauthenticated login as root)
  * login -e name	(for pre-authenticated encrypted, must do term
@@ -1078,7 +1078,7 @@ afs_cleanup ()
 }
 
 /* Main routines */
-#define EXCL_AUTH_TEST if (rflag || kflag || Kflag || eflag || fflag || Fflag ) { \
+#define EXCL_AUTH_TEST if (rflag || kflag || Kflag || eflag || fflag ) { \
 				fprintf(stderr, \
 				    "login: only one of -r, -k, -K, -e, -F, and -f allowed.\n"); \
 				exit(1);\
@@ -1148,7 +1148,7 @@ int main(argc, argv)
 	struct group *gr;
 	int ch;
 	char *p;
-	int fflag, hflag, pflag, rflag, Fflag, cnt;
+	int fflag, hflag, pflag, rflag, cnt;
 	int kflag, Kflag, eflag;
 	int quietlog, passwd_req, ioctlval;
 	sigtype timedout();
@@ -1199,7 +1199,7 @@ int rewrite_ccache = 1; /*try to write out ccache*/
 	(void)gethostname(tbuf, sizeof(tbuf));
 	domain = strchr(tbuf, '.');
 
-	Fflag = fflag = hflag = pflag = rflag = kflag = Kflag = eflag = 0;
+	 fflag = hflag = pflag = rflag = kflag = Kflag = eflag = 0;
 	passwd_req = 1;
 	while ((ch = getopt(argc, argv, "Ffeh:pr:k:K:")) != EOF)
 		switch (ch) {
@@ -1209,7 +1209,7 @@ int rewrite_ccache = 1; /*try to write out ccache*/
 			break;
 		case 'F':
 			EXCL_AUTH_TEST;
-			Fflag = 1;
+			fflag = 1;
 			break;
 		case 'h':
 			EXCL_HOST_TEST;
@@ -1364,7 +1364,7 @@ int rewrite_ccache = 1; /*try to write out ccache*/
 #endif /* KRB5_GET_TICKETS */
 
 		if (username == NULL) {
-			fflag = Fflag = 0;
+			fflag = 0;
 			getloginname();
 		}
 
@@ -1374,23 +1374,13 @@ int rewrite_ccache = 1; /*try to write out ccache*/
 		if (pwd == NULL || pwd->pw_uid)
 			checknologin();
 
-		/*
-		 * Disallow automatic login to root.
-		 * If not invoked by root, disallow if the uid's differ.
-		 */
-		if (fflag && pwd) {
-			int uid = (int) getuid();
-
-			passwd_req =
-			    (pwd->pw_uid == 0 || (uid && uid != pwd->pw_uid));
-		}
 
 		/*
 		 * Allows automatic login by root.
 		 * If not invoked by root, disallow if the uid's differ.
 		 */
 
-		if (Fflag && pwd) {
+		if (fflag && pwd) {
 			int uid = (int) getuid();
 			passwd_req = (uid && uid != pwd->pw_uid);
 		}
@@ -1906,7 +1896,7 @@ int rewrite_ccache = 1; /*try to write out ccache*/
 
 	if (!quietlog) {
 #ifdef KRB4_KLOGIN
-		if (!krbflag && !fflag && !Fflag && !eflag )
+		if (!krbflag && !fflag && !eflag )
 		    printf("\nWarning: No Kerberos tickets obtained.\n\n");
 #endif /* KRB4_KLOGIN */
 		motd ();
@@ -2223,14 +2213,19 @@ void dolastlog(quiet, tty)
 
 char *
 stypeof(ttyid)
-	char *ttyid;
+  char *ttyid;
 {
+char *cp = getenv("term");
+
 #ifndef HAVE_TTYENT_H
-	return(UNKNOWN);
+if (cp)
+  return cp;
+else return(UNKNOWN);
 #else
 	struct ttyent *t;
-
-	return(ttyid && (t = getttynam(ttyid)) ? t->ty_type : UNKNOWN);
+	if (cp)
+	  return cp;
+ else return(ttyid && (t = getttynam(ttyid)) ? t->ty_type : UNKNOWN);
 #endif
 }
author	Sam Hartman <hartmans@mit.edu>	1996-09-30 21:22:45 +0000
committer	Sam Hartman <hartmans@mit.edu>	1996-09-30 21:22:45 +0000
commit	d46ff3c8d486b6927d03637e9e625318db28e826 (patch)
tree	21e02c13e5abc072068c83ce3da9698906303405 /src
parent	604f893487b2e572833db835a2388ff9d41e0e49 (diff)
download	krb5-d46ff3c8d486b6927d03637e9e625318db28e826.tar.gz krb5-d46ff3c8d486b6927d03637e9e625318db28e826.tar.xz krb5-d46ff3c8d486b6927d03637e9e625318db28e826.zip