]> git.saurik.com Git - apple/system_cmds.git/blob - login.tproj/klogin.c
projects / apple / system_cmds.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
system_cmds-300.tar.gz
[apple/system_cmds.git] / login.tproj / klogin.c
1 /*
2 * Copyright (c) 1999 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved.
7 *
8 * This file contains Original Code and/or Modifications of Original Code
9 * as defined in and that are subject to the Apple Public Source License
10 * Version 2.0 (the 'License'). You may not use this file except in
11 * compliance with the License. Please obtain a copy of the License at
12 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * file.
14 *
15 * The Original Code and all software distributed under the License are
16 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
17 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
18 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
20 * Please see the License for the specific language governing rights and
21 * limitations under the License.
22 *
23 * @APPLE_LICENSE_HEADER_END@
24 */
25 /*-
26 * Copyright (c) 1990, 1993, 1994
27 * The Regents of the University of California. All rights reserved.
28 *
29 * Redistribution and use in source and binary forms, with or without
30 * modification, are permitted provided that the following conditions
31 * are met:
32 * 1. Redistributions of source code must retain the above copyright
33 * notice, this list of conditions and the following disclaimer.
34 * 2. Redistributions in binary form must reproduce the above copyright
35 * notice, this list of conditions and the following disclaimer in the
36 * documentation and/or other materials provided with the distribution.
37 * 3. All advertising materials mentioning features or use of this software
38 * must display the following acknowledgement:
39 * This product includes software developed by the University of
40 * California, Berkeley and its contributors.
41 * 4. Neither the name of the University nor the names of its contributors
42 * may be used to endorse or promote products derived from this software
43 * without specific prior written permission.
44 *
45 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
48 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55 * SUCH DAMAGE.
56 */
57
58 #ifdef KERBEROS
59 #include <sys/param.h>
60 #include <sys/syslog.h>
61 #include <kerberosIV/des.h>
62 #include <kerberosIV/krb.h>
63
64 #include <err.h>
65 #include <netdb.h>
66 #include <pwd.h>
67 #include <stdio.h>
68 #include <stdlib.h>
69 #include <string.h>
70 #include <unistd.h>
71
72 #define INITIAL_TICKET "krbtgt"
73 #define VERIFY_SERVICE "rcmd"
74
75 extern int notickets;
76 extern char *krbtkfile_env;
77
78 /*
79 * Attempt to log the user in using Kerberos authentication
80 *
81 * return 0 on success (will be logged in)
82 * 1 if Kerberos failed (try local password in login)
83 */
84 int
85 klogin(pw, instance, localhost, password)
86 struct passwd *pw;
87 char *instance, *localhost, *password;
88 {
89 int kerror;
90 AUTH_DAT authdata;
91 KTEXT_ST ticket;
92 struct hostent *hp;
93 unsigned long faddr;
94 char realm[REALM_SZ], savehost[MAXHOSTNAMELEN];
95 char tkt_location[MAXPATHLEN];
96 char *krb_get_phost();
97
98 /*
99 * Root logins don't use Kerberos.
100 * If we have a realm, try getting a ticket-granting ticket
101 * and using it to authenticate. Otherwise, return
102 * failure so that we can try the normal passwd file
103 * for a password. If that's ok, log the user in
104 * without issuing any tickets.
105 */
106 if (strcmp(pw->pw_name, "root") == 0 ||
107 krb_get_lrealm(realm, 0) != KSUCCESS)
108 return (1);
109
110 /*
111 * get TGT for local realm
112 * tickets are stored in a file named TKT_ROOT plus uid
113 * except for user.root tickets.
114 */
115
116 if (strcmp(instance, "root") != 0)
117 (void)sprintf(tkt_location, "%s%d", TKT_ROOT, pw->pw_uid);
118 else {
119 (void)sprintf(tkt_location, "%s_root_%d", TKT_ROOT, pw->pw_uid);
120 krbtkfile_env = tkt_location;
121 }
122 (void)krb_set_tkt_string(tkt_location);
123
124 /*
125 * Set real as well as effective ID to 0 for the moment,
126 * to make the kerberos library do the right thing.
127 */
128 if (setuid(0) < 0) {
129 warnx("setuid");
130 return (1);
131 }
132 kerror = krb_get_pw_in_tkt(pw->pw_name, instance,
133 realm, INITIAL_TICKET, realm, DEFAULT_TKT_LIFE, password);
134 /*
135 * If we got a TGT, get a local "rcmd" ticket and check it so as to
136 * ensure that we are not talking to a bogus Kerberos server.
137 *
138 * There are 2 cases where we still allow a login:
139 * 1: the VERIFY_SERVICE doesn't exist in the KDC
140 * 2: local host has no srvtab, as (hopefully) indicated by a
141 * return value of RD_AP_UNDEC from krb_rd_req().
142 */
143 if (kerror != INTK_OK) {
144 if (kerror != INTK_BADPW && kerror != KDC_PR_UNKNOWN) {
145 syslog(LOG_ERR, "Kerberos intkt error: %s",
146 krb_err_txt[kerror]);
147 dest_tkt();
148 }
149 return (1);
150 }
151
152 if (chown(TKT_FILE, pw->pw_uid, pw->pw_gid) < 0)
153 syslog(LOG_ERR, "chown tkfile (%s): %m", TKT_FILE);
154
155 (void)strncpy(savehost, krb_get_phost(localhost), sizeof(savehost));
156 savehost[sizeof(savehost)-1] = NULL;
157
158 /*
159 * if the "VERIFY_SERVICE" doesn't exist in the KDC for this host,
160 * still allow login with tickets, but log the error condition.
161 */
162
163 kerror = krb_mk_req(&ticket, VERIFY_SERVICE, savehost, realm, 33);
164 if (kerror == KDC_PR_UNKNOWN) {
165 syslog(LOG_NOTICE,
166 "warning: TGT not verified (%s); %s.%s not registered, or srvtab is wrong?",
167 krb_err_txt[kerror], VERIFY_SERVICE, savehost);
168 notickets = 0;
169 return (0);
170 }
171
172 if (kerror != KSUCCESS) {
173 warnx("unable to use TGT: (%s)", krb_err_txt[kerror]);
174 syslog(LOG_NOTICE, "unable to use TGT: (%s)",
175 krb_err_txt[kerror]);
176 dest_tkt();
177 return (1);
178 }
179
180 if (!(hp = gethostbyname(localhost))) {
181 syslog(LOG_ERR, "couldn't get local host address");
182 dest_tkt();
183 return (1);
184 }
185
186 memmove((void *)&faddr, (void *)hp->h_addr, sizeof(faddr));
187
188 kerror = krb_rd_req(&ticket, VERIFY_SERVICE, savehost, faddr,
189 &authdata, "");
190
191 if (kerror == KSUCCESS) {
192 notickets = 0;
193 return (0);
194 }
195
196 /* undecipherable: probably didn't have a srvtab on the local host */
197 if (kerror = RD_AP_UNDEC) {
198 syslog(LOG_NOTICE, "krb_rd_req: (%s)\n", krb_err_txt[kerror]);
199 dest_tkt();
200 return (1);
201 }
202 /* failed for some other reason */
203 warnx("unable to verify %s ticket: (%s)", VERIFY_SERVICE,
204 krb_err_txt[kerror]);
205 syslog(LOG_NOTICE, "couldn't verify %s ticket: %s", VERIFY_SERVICE,
206 krb_err_txt[kerror]);
207 dest_tkt();
208 return (1);
209 }
210 #endif
mirror of system_cmds