4
* Copyright 1985, 1986, 1987, 1988, 2000, 2001 by the Massachusetts
5
* Institute of Technology. All Rights Reserved.
7
* Export of this software from the United States of America may
8
* require a specific license from the United States Government.
9
* It is the responsibility of any person or organization contemplating
10
* export to obtain such a license before exporting.
12
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13
* distribute this software and its documentation for any purpose and
14
* without fee is hereby granted, provided that the above copyright
15
* notice appear in all copies and that both that copyright notice and
16
* this permission notice appear in supporting documentation, and that
17
* the name of M.I.T. not be used in advertising or publicity pertaining
18
* to distribution of the software without specific, written prior
19
* permission. Furthermore if you modify this software you must label
20
* your software as modified software and not distribute it in such a
21
* fashion that it might be confused with the original M.I.T. software.
22
* M.I.T. makes no representations about the suitability of
23
* this software for any purpose. It is provided "as is" without express
24
* or implied warranty.
35
#include <sys/param.h>
44
* in_tkt() is used to initialize the ticket store. It creates the
45
* file to contain the tickets and writes the given user's name "pname"
46
* and instance "pinst" in the file. in_tkt() returns KSUCCESS on
47
* success, or KFAILURE if something goes wrong.
51
#define do_seteuid krb5_seteuid
63
uid_t me, metoo, getuid(), geteuid();
64
struct stat statpre, statpost;
66
const char *file = TKT_FILE;
72
char shmidname[MAXPATHLEN];
73
#endif /* TKT_SHMEM */
75
/* If ticket cache selector is null, use default cache. */
81
if (lstat(file, &statpre) == 0) {
82
if (statpre.st_uid != me || !(statpre.st_mode & S_IFREG)
83
|| statpre.st_nlink != 1 || statpre.st_mode & 077) {
85
fprintf(stderr,"Error initializing %s",file);
89
* Yes, we do uid twiddling here. It's not optimal, but some
90
* applications may expect that the ruid is what should really
91
* own the ticket file, e.g. setuid applications.
93
if (me != metoo && do_seteuid(me) < 0)
95
/* file already exists, and permissions appear ok, so nuke it */
96
fd = open(file, O_RDWR|O_SYNC, 0);
98
if (me != metoo && do_seteuid(metoo) < 0)
101
goto out; /* can't zero it, but we can still try truncating it */
105
* Do some additional paranoid things. The worst-case
106
* situation is that a user may be fooled into opening a
107
* non-regular file briefly if the file is in a directory with
108
* improper permissions.
110
if (fstat(fd, &statpost) < 0) {
114
if (statpre.st_dev != statpost.st_dev
115
|| statpre.st_ino != statpost.st_ino) {
121
memset(charbuf, 0, sizeof(charbuf));
123
for (i = 0; i < statpost.st_size; i += sizeof(charbuf))
124
if (write(fd, charbuf, sizeof(charbuf)) != sizeof(charbuf)) {
138
/* arrange so the file is owned by the ruid
139
(swap real & effective uid if necessary).
140
This isn't a security problem, since the ticket file, if it already
141
exists, has the right uid (== ruid) and mode. */
143
if (do_seteuid(me) < 0) {
144
/* can't switch??? barf! */
146
perror("in_tkt: seteuid");
150
printf("swapped UID's %d and %d\n",(int) metoo, (int) me);
152
/* Set umask to ensure that we have write access on the created
155
tktfile = open(file, O_RDWR|O_SYNC|O_CREAT|O_EXCL, 0600);
158
if (do_seteuid(metoo) < 0) {
159
/* can't switch??? barf! */
161
perror("in_tkt: seteuid2");
165
printf("swapped UID's %d and %d\n", (int) me, (int) metoo);
169
fprintf(stderr,"Error initializing %s",TKT_FILE);
172
count = strlen(pname)+1;
173
if (write(tktfile,pname,count) != count) {
174
(void) close(tktfile);
177
count = strlen(pinst)+1;
178
if (write(tktfile,pinst,count) != count) {
179
(void) close(tktfile);
182
(void) close(tktfile);
184
(void) strncpy(shmidname, file, sizeof(shmidname) - 1);
185
shmidname[sizeof(shmidname) - 1] = '\0';
186
(void) strncat(shmidname, ".shm", sizeof(shmidname) - 1 - strlen(shmidname));
187
return(krb_shm_create(shmidname));
188
#else /* !TKT_SHMEM */
190
#endif /* TKT_SHMEM */
194
krb_in_tkt(pname, pinst, prealm)
199
return in_tkt(pname, pinst);