head	1.6;
access;
symbols
	RELEASE_4_3_0:1.4
	RELEASE_4_2_0:1.3;
locks; strict;
comment	@# @;


1.6
date	2001.07.24.17.14.44;	author nectar;	state dead;
branches;
next	1.5;

1.5
date	2001.06.11.18.38.46;	author nectar;	state Exp;
branches;
next	1.4;

1.4
date	2001.01.24.20.36.33;	author nectar;	state Exp;
branches;
next	1.3;

1.3
date	2000.11.06.20.00.02;	author nectar;	state Exp;
branches;
next	1.2;

1.2
date	2000.11.06.19.56.21;	author nectar;	state Exp;
branches;
next	1.1;

1.1
date	2000.11.06.19.01.43;	author nectar;	state Exp;
branches;
next	;


desc
@@


1.6
log
@Update pam_krb5 1.0 -> 1.0.1.
Change MASTER_SITES.

NB: This  versioning is  bogus.  Unfortunately,  there is  no official
release of  pam_krb5 yet,  but it has  substantially changed.   I made
this release based on what is in CVS.
@
text
@--- pam_krb5_auth.c.orig	Tue Jan  4 19:08:51 2000
+++ pam_krb5_auth.c	Mon Jun 11 13:22:45 2001
@@@@ -7,18 +7,22 @@@@
 
 static const char rcsid[] = "$Id: pam_krb5_auth.c,v 1.18 2000/01/04 08:44:08 fcusack Exp $";
 
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <errno.h>
 #include <limits.h>	/* PATH_MAX */
 #include <pwd.h>	/* getpwnam */
 #include <stdio.h>	/* tmpnam */
+#include <stdlib.h>	/* malloc  */
 #include <strings.h>	/* strchr */
 #include <syslog.h>	/* syslog */
 #include <unistd.h>	/* chown */
-#include <sys/types.h>	/* chown */
 
 #include <security/pam_appl.h>
 #include <security/pam_modules.h>
 
 #include <krb5.h>
+#include <com_err.h>
 #include "pam_krb5.h"
 
 extern krb5_cc_ops krb5_mcc_ops;
@@@@ -42,7 +46,7 @@@@
     krb5_get_init_creds_opt opts;
 
     int			pamret, i;
-    char		*name, *name2;
+    const char		*name;
     char		*princ_name = NULL;
     char		*pass = NULL, *service = NULL;
     char		*prompt = NULL;
@@@@ -74,13 +78,13 @@@@
     }
 
     /* Get service name */
-    (void) pam_get_item(pamh, PAM_SERVICE, (void **) &service);
+    (void) pam_get_item(pamh, PAM_SERVICE, (const void **) &service);
     if (!service)
 	service = "unknown";
 
     DLOG("entry", "");
 
-    if (krb5_init_context(&pam_context)) {
+    if ((krbret = krb5_init_context(&pam_context)) != 0) {
 	DLOG("krb5_init_context()", error_message(krbret));
 	return PAM_SERVICE_ERR;
     }
@@@@ -93,7 +97,7 @@@@
 	krb5_get_init_creds_opt_set_forwardable(&opts, 1);
 
     /* For CNS */
-    if (krbret = krb5_cc_register(pam_context, &krb5_mcc_ops, FALSE)) {
+    if ((krbret = krb5_cc_register(pam_context, &krb5_mcc_ops, FALSE)) != 0) {
 	/* Solaris dtlogin doesn't call pam_end() on failure */
 	if (krbret != KRB5_CC_TYPE_EXISTS) {
 	    DLOG("krb5_cc_register()", error_message(krbret));
@@@@ -103,14 +107,14 @@@@
     }
 
     /* Get principal name */
-    if (krbret = krb5_parse_name(pam_context, name, &princ)) {
+    if ((krbret = krb5_parse_name(pam_context, name, &princ)) != 0) {
 	DLOG("krb5_parse_name()", error_message(krbret));
 	pamret = PAM_SERVICE_ERR;
 	goto cleanup3;
     }
 
     /* Now convert the principal name into something human readable */
-    if (krbret = krb5_unparse_name(pam_context, princ, &princ_name)) {
+    if ((krbret = krb5_unparse_name(pam_context, princ, &princ_name)) != 0) {
 	DLOG("krb5_unparse_name()", error_message(krbret));
 	pamret = PAM_SERVICE_ERR;
 	goto cleanup2;
@@@@ -126,18 +130,19 @@@@
     (void) sprintf(prompt, "Password for %s: ", princ_name);
 
     if (try_first_pass || use_first_pass)
-	(void) pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass);
+	(void) pam_get_item(pamh, PAM_AUTHTOK, (const void **) &pass);
 
 get_pass:
     if (!pass) {
 	try_first_pass = 0;
-	if (pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF, &pass)) {
+	if ((pamret = get_user_info(pamh, prompt, PAM_PROMPT_ECHO_OFF,
+	  &pass)) != 0) {
 	    DLOG("get_user_info()", pam_strerror(pamh, pamret));
 	    pamret = PAM_SERVICE_ERR;
 	    goto cleanup2;
 	}
 	/* We have to free pass. */
-	if (pamret = pam_set_item(pamh, PAM_AUTHTOK, pass)) {
+	if ((pamret = pam_set_item(pamh, PAM_AUTHTOK, pass)) != 0) {
 	    DLOG("pam_set_item()", pam_strerror(pamh, pamret));
 	    free(pass);
 	    pamret = PAM_SERVICE_ERR;
@@@@ -145,25 +150,26 @@@@
 	}
 	free(pass);
 	/* Now we get it back from the library. */
-	(void) pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass);
+	(void) pam_get_item(pamh, PAM_AUTHTOK, (const void **) &pass);
     }
 
     /* Verify the local user exists (AFTER getting the password) */
     if (strchr(name, '@@')) {
 	/* get a local account name for this principal */
-	if (krbret = krb5_aname_to_localname(pam_context, princ,
-					     sizeof(lname), lname)) {
+	if ((krbret = krb5_aname_to_localname(pam_context, princ, 
+	  sizeof(lname), lname)) != 0) {
 	    DLOG("krb5_aname_to_localname()", error_message(krbret));
 	    pamret = PAM_USER_UNKNOWN;
 	    goto cleanup2;
 	}
 	DLOG("changing PAM_USER to", lname);
-	if (pamret = pam_set_item(pamh, PAM_USER, lname)) {
+	if ((pamret = pam_set_item(pamh, PAM_USER, lname)) != 0) {
 	    DLOG("pam_set_item()", pam_strerror(pamh, pamret));
 	    pamret = PAM_SERVICE_ERR;
 	    goto cleanup2;
 	}
-	if (pamret = pam_get_item(pamh, PAM_USER, (void **) &name)) {
+	if ((pamret = pam_get_item(pamh, PAM_USER, (const void **) &name)
+	  != 0)) {
 	    DLOG("pam_get_item()", pam_strerror(pamh, pamret));
 	    pamret = PAM_SERVICE_ERR;
 	    goto cleanup2;
@@@@ -177,9 +183,8 @@@@
     }
 
     /* Get a TGT */
-    if (krbret = krb5_get_init_creds_password(pam_context, &creds, princ,
-					      pass, pam_prompter, pamh,
-					      0, NULL, &opts)) {
+    if ((krbret = krb5_get_init_creds_password(pam_context, &creds, princ,
+      pass, pam_prompter, pamh, 0, NULL, &opts)) != 0) {
 	DLOG("krb5_get_init_creds_password()", error_message(krbret));
 	if (try_first_pass && krbret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
 	    pass = NULL;
@@@@ -193,17 +198,17 @@@@
     strcpy(cache_name, "MEMORY:");
     (void) tmpnam(&cache_name[7]);
 
-    if (krbret = krb5_cc_resolve(pam_context, cache_name, &ccache)) {
+    if ((krbret = krb5_cc_resolve(pam_context, cache_name, &ccache)) != 0) {
 	DLOG("krb5_cc_resolve()", error_message(krbret));
 	pamret = PAM_SERVICE_ERR;
 	goto cleanup;
     }
-    if (krbret = krb5_cc_initialize(pam_context, ccache, princ)) {
+    if ((krbret = krb5_cc_initialize(pam_context, ccache, princ)) != 0) {
 	DLOG("krb5_cc_initialize()", error_message(krbret));
 	pamret = PAM_SERVICE_ERR;
  	goto cleanup;
     }
-    if (krbret = krb5_cc_store_cred(pam_context, ccache, &creds)) {
+    if ((krbret = krb5_cc_store_cred(pam_context, ccache, &creds)) != 0) {
 	DLOG("krb5_cc_store_cred()", error_message(krbret));
 	(void) krb5_cc_destroy(pam_context, ccache);
 	pamret = PAM_SERVICE_ERR;
@@@@ -211,7 +216,7 @@@@
     }
 
     /* Verify it */
-    if (verify_krb_v5_tgt(pam_context, ccache, debug) == -1) {
+    if (verify_krb_v5_tgt(pam_context, ccache, service, debug) == -1) {
 	(void) krb5_cc_destroy(pam_context, ccache);
 	pamret = PAM_AUTH_ERR;
 	goto cleanup;
@@@@ -224,7 +229,7 @@@@
 	pamret = PAM_AUTH_ERR;
 	goto cleanup;
     }
-    if (pamret = pam_set_data(pamh, "ccache", ccache, cleanup_cache)) {
+    if ((pamret = pam_set_data(pamh, "ccache", ccache, cleanup_cache)) != 0) {
 	DLOG("pam_set_data()", pam_strerror(pamh, pamret));
 	(void) krb5_cc_destroy(pam_context, ccache);
 	pamret = PAM_SERVICE_ERR;
@@@@ -275,6 +280,7 @@@@
 
     int		debug = 0;
     uid_t	euid;
+    gid_t	egid;
 
     if (flags == PAM_REINITIALIZE_CRED)
 	return PAM_SUCCESS; /* XXX Incorrect behavior */
@@@@ -288,30 +294,32 @@@@
 	else if (strcmp(argv[i], "no_ccache") == 0)
 	    return PAM_SUCCESS;
 	else if (strstr(argv[i], "ccache=") == argv[i])
-	    cache_name = &argv[i][7]; /* save for later */
+	    cache_name = (char *) &argv[i][7]; /* save for later */
     }
 
     /* Get username */
-    if (pam_get_item(pamh, PAM_USER, (void **) &name)) {
+    if (pam_get_item(pamh, PAM_USER, (const void **) &name)) {
 	return PAM_SERVICE_ERR;
     }
 
     /* Get service name */
-    (void) pam_get_item(pamh, PAM_SERVICE, (void **) &service);
+    (void) pam_get_item(pamh, PAM_SERVICE, (const void **) &service);
     if (!service)
 	service = "unknown";
 
     DLOG("entry", "");
 
-    if (krb5_init_context(&pam_context)) {
+    if ((krbret = krb5_init_context(&pam_context)) != 0) {
 	DLOG("krb5_init_context()", error_message(krbret));
 	return PAM_SERVICE_ERR;
     }
 
     euid = geteuid(); /* Usually 0 */
+    egid = getegid();
 
     /* Retrieve the cache name */
-    if (pamret = pam_get_data(pamh, "ccache", (const void **) &ccache_temp)) {
+    if ((pamret = pam_get_data(pamh, "ccache", (const void **) &ccache_temp)) 
+      != 0) {
 	DLOG("pam_get_data()", pam_strerror(pamh, pamret));
 	pamret = PAM_CRED_UNAVAIL;
 	goto cleanup3;
@@@@ -326,6 +334,11 @@@@
     }
 
     /* Avoid following a symlink as root */
+    if (setegid(pw->pw_gid)) {
+	DLOG("setegid()", name); /* XXX should really log group name or id */
+	pamret = PAM_SERVICE_ERR;
+	goto cleanup3;
+    }
     if (seteuid(pw->pw_uid)) {
 	DLOG("seteuid()", name);
 	pamret = PAM_SERVICE_ERR;
@@@@ -340,7 +353,7 @@@@
 	    pamret = PAM_BUF_ERR;
 	    goto cleanup3;
 	}
-	sprintf(cache_name, "FILE:/tmp/krb5cc_%ld", pw->pw_uid);
+	sprintf(cache_name, "FILE:/tmp/krb5cc_%d", pw->pw_uid);
     } else {
 	/* cache_name was supplied */
 	char *p = calloc(PATH_MAX + 10, 1); /* should be plenty */
@@@@ -357,10 +370,10 @@@@
 	    if (*q == '%') {
 		q++;
 		if (*q == 'u') {
-		    sprintf(p, "%ld", pw->pw_uid);
+		    sprintf(p, "%d", pw->pw_uid);
 		    p += strlen(p);
 		} else if (*q == 'p') {
-		    sprintf(p, "%ld", getpid());
+		    sprintf(p, "%d", getpid());
 		    p += strlen(p);
 		} else {
 		    /* Not a special token */
@@@@ -375,24 +388,27 @@@@
     }
 
     /* Initialize the new ccache */
-    if (krbret = krb5_cc_get_principal(pam_context, ccache_temp, &princ)) {
+    if ((krbret = krb5_cc_get_principal(pam_context, ccache_temp, &princ)) 
+      != 0) {
 	DLOG("krb5_cc_get_principal()", error_message(krbret));
 	pamret = PAM_SERVICE_ERR;
 	goto cleanup3;
     }
-    if (krbret = krb5_cc_resolve(pam_context, cache_name, &ccache_perm)) {
+    if ((krbret = krb5_cc_resolve(pam_context, cache_name, &ccache_perm)) 
+      != 0) {
 	DLOG("krb5_cc_resolve()", error_message(krbret));
 	pamret = PAM_SERVICE_ERR;
 	goto cleanup2;
     }
-    if (krbret = krb5_cc_initialize(pam_context, ccache_perm, princ)) {
+    if ((krbret = krb5_cc_initialize(pam_context, ccache_perm, princ)) != 0) {
 	DLOG("krb5_cc_initialize()", error_message(krbret));
 	pamret = PAM_SERVICE_ERR;
  	goto cleanup2;
     }
 
     /* Prepare for iteration over creds */
-    if (krbret = krb5_cc_start_seq_get(pam_context, ccache_temp, &cursor)) {
+    if ((krbret = krb5_cc_start_seq_get(pam_context, ccache_temp, &cursor)) 
+      != 0) {
 	DLOG("krb5_cc_start_seq_get()", error_message(krbret));
 	(void) krb5_cc_destroy(pam_context, ccache_perm);
 	pamret = PAM_SERVICE_ERR;
@@@@ -401,8 +417,9 @@@@
 
     /* Copy the creds (should be two of them) */
     while ((krbret = krb5_cc_next_cred(pam_context, ccache_temp,
-				       &cursor, &creds) == 0)) {
-	if (krbret = krb5_cc_store_cred(pam_context, ccache_perm, &creds)) {
+	&cursor, &creds) == 0)) {
+	    if ((krbret = krb5_cc_store_cred(pam_context, ccache_perm, 
+		&creds)) != 0) {
 	    DLOG("krb5_cc_store_cred()", error_message(krbret));
 	    (void) krb5_cc_destroy(pam_context, ccache_perm);
 	    krb5_free_cred_contents(pam_context, &creds);
@@@@ -420,6 +437,12 @@@@
 	    pamret = PAM_SERVICE_ERR;	
 	    goto cleanup2;
 	}
+	if (chmod(&cache_name[5], (S_IRUSR|S_IWUSR)) == -1) {
+	    DLOG("chmod()", strerror(errno));
+	    (void) krb5_cc_destroy(pam_context, ccache_perm);
+	    pamret = PAM_SERVICE_ERR;
+	    goto cleanup2;
+	}
     }
     (void) krb5_cc_close(pam_context, ccache_perm);
 
@@@@ -432,7 +455,7 @@@@
     }
 
     sprintf(cache_env_name, "KRB5CCNAME=%s", cache_name);
-    if (pamret = pam_putenv(pamh, cache_env_name)) {
+    if ((pamret = pam_putenv(pamh, cache_env_name)) != 0) {
 	DLOG("pam_putenv()", pam_strerror(pamh, pamret));
 	(void) krb5_cc_destroy(pam_context, ccache_perm);
 	pamret = PAM_SERVICE_ERR;
@@@@ -445,6 +468,7 @@@@
     krb5_free_context(pam_context);
     DLOG("exit", pamret ? "failure" : "success");
     (void) seteuid(euid);
+    (void) setegid(egid);
     return pamret;
 }
 
@


1.5
log
@Update for heimdal-0.3f interface changes.
@
text
@@


1.4
log
@Bug fixes and paranoia:

compat_heimdal.c:
   = Stop shooting at feet when freeing a particular chunk of memory.
     Found by complaints from free(), and pinpointed with MALLOC_OPTIONS=A.
pam_krb5_auth.c:
   = In addition to dropping and restoring uid when delving in /tmp,
     drop and restore gid.
   = Explicitly set permissions on the credentials cache for good measure.

The following was
Obtained from:	Sam Hartman <hartmans@@mit.edu> via bugs.debian.org

support.c:
   = verify_krb_v5_tgt: Do a little more to prevent KDC spoofing.
     Allow for a key separate from the host key to use only for PAM.
@
text
@d2 1
a2 1
+++ pam_krb5_auth.c	Wed Jan 24 14:08:18 2001
d296 1
a296 2
@@@@ -400,9 +416,10 @@@@
     }
d299 1
a299 1
-    while ((krbret = krb5_cc_next_cred(pam_context, ccache_temp,
a301 1
+    while ((krbret = compat_cc_next_cred(pam_context, ccache_temp,
@


1.3
log
@(forced commit)

Double oops.  I initially added a version of this port that was a bit
dated.  The last commit brings it up to date: in particular, MIT Kerberos
support was broken in theory (though not in practice).
@
text
@d2 2
a3 2
+++ pam_krb5_auth.c	Mon Nov  6 13:45:48 2000
@@@@ -7,9 +7,11 @@@@
d7 2
d17 3
a19 1
@@@@ -19,6 +21,7 @@@@
d27 1
a27 1
@@@@ -42,7 +45,7 @@@@
d36 1
a36 1
@@@@ -74,13 +77,13 @@@@
d52 1
a52 1
@@@@ -93,7 +96,7 @@@@
d61 1
a61 1
@@@@ -103,14 +106,14 @@@@
d78 1
a78 1
@@@@ -126,18 +129,19 @@@@
d101 1
a101 1
@@@@ -145,25 +149,26 @@@@
d133 1
a133 1
@@@@ -177,9 +182,8 @@@@
d145 1
a145 1
@@@@ -193,17 +197,17 @@@@
d166 10
a175 1
@@@@ -224,7 +228,7 @@@@
d184 9
a192 1
@@@@ -288,22 +292,22 @@@@
d219 1
a219 1
@@@@ -311,7 +315,8 @@@@
d221 1
d230 13
a242 1
@@@@ -340,7 +345,7 @@@@
d251 1
a251 1
@@@@ -357,10 +362,10 @@@@
d264 1
a264 1
@@@@ -375,24 +380,27 @@@@
d296 1
a296 1
@@@@ -400,9 +408,10 @@@@
d310 14
a323 1
@@@@ -432,7 +441,7 @@@@
d332 8
@


1.2
log
@Oops,
@
text
@@


1.1
log
@A Pluggable Authentication Module for Kerberos 5.
@
text
@d2 1
a2 1
+++ pam_krb5_auth.c	Mon Nov  6 10:46:08 2000
d15 1
a15 1
@@@@ -19,7 +21,9 @@@@
a20 1
+#include "krb5compat.h"
d23 1
a23 2
 
@@@@ -42,7 +46,7 @@@@
d32 1
a32 1
@@@@ -74,13 +78,13 @@@@
d48 1
a48 1
@@@@ -93,7 +97,7 @@@@
d57 1
a57 1
@@@@ -103,14 +107,14 @@@@
d74 1
a74 1
@@@@ -126,18 +130,19 @@@@
d97 1
a97 1
@@@@ -145,25 +150,26 @@@@
d129 1
a129 1
@@@@ -177,9 +183,8 @@@@
d141 1
a141 1
@@@@ -193,17 +198,17 @@@@
d162 1
a162 1
@@@@ -224,7 +229,7 @@@@
d171 1
a171 1
@@@@ -288,22 +293,22 @@@@
d198 1
a198 1
@@@@ -311,7 +316,8 @@@@
d208 1
a208 1
@@@@ -340,7 +346,7 @@@@
d217 1
a217 1
@@@@ -357,10 +363,10 @@@@
d230 1
a230 1
@@@@ -375,24 +381,27 @@@@
d262 1
a262 1
@@@@ -400,9 +409,10 @@@@
d276 1
a276 1
@@@@ -432,7 +442,7 @@@@
@

