problem with kerberos telnetd on AIX
Donn Cave
donn at u.washington.edu
Fri Apr 25 13:59:13 EDT 2003
Quoth David McWilliams <davem at ncsa.uiuc.edu>:
...
| Does anyone know if there is a version of kerberos telnetd with a call to
| setpcred? If not, do any of you telnetd experts have any suggestions for
| how to modify it?
As Jeffrey Altman pointed out, this goes in appl/bsd/login.c
I'm appending a little wad of junk from our login.c, where my
extensive changes have been mostly but not entirely devoted to
accommodating AIX peculiarities. It is excerpted from a context
diff, but will not work as input for "patch".
There is a little documentation in comments. If I remember right,
the last change allows /etc/environment to set PATH.
Donn Cave, University Computing Services, University of Washington
donn at u.washington.edu
-----------------------------
*** 223,231 ****
#ifdef _IBMR2
#include <usersec.h>
#include <sys/id.h>
#endif
! #if defined(_AIX)
#define PRIO_OFFSET 20
#else
#define PRIO_OFFSET 0
--- 228,237 ----
#ifdef _IBMR2
#include <usersec.h>
#include <sys/id.h>
+ #include <uinfo.h>
#endif
! #if defined(_AIX) && !defined(_AIX41)
#define PRIO_OFFSET 20
#else
#define PRIO_OFFSET 0
***************
*** anywhere ****
+ #ifdef _AIX
+ /*
+ ** More AIXisms.
+ ** usrinfo() sets a privileged version of the environment.
+ ** It's hard to say how important these are, but one known
+ ** application is getlogin(), which is called from ftp.
+ ** Without the following, this will erroneously conclude
+ ** that you are "root". (Harmless but annoying.)
+ ** The data is concatenated NUL terminated strings, with
+ ** an extra NUL to terminate the list.
+ */
+ static void
+ aixpenv(const char *name, const char *ttyn)
+ {
+ char stuff[512], *cp;
+ int len;
+ cp = stuff;
+ memcpy(cp, "LOGNAME=", 8); cp += 8;
+ len = strlen(pwd->pw_name);
+ if (len > 16)
+ len = 16;
+ memcpy(cp, pwd->pw_name, len); cp += len;
+ *cp++ = 0;
+ memcpy(cp, "NAME=", 5); cp += 5;
+ memcpy(cp, pwd->pw_name, len); cp += len;
+ *cp++ = 0;
+ memcpy(cp, "TTY=", 4); cp += 4;
+ len = strlen(ttyn);
+ if (len > 16)
+ len = 16;
+ memcpy(cp, ttyn, len); cp += len;
+ *cp++ = 0;
+ *cp++ = 0;
+ usrinfo(SETUINFO, stuff, cp - stuff);
+ }
+ #endif
+
***************
*** 1483,1489 ****
/* this will set the PGID to the PID. */
#ifdef HAVE_SETPGID
! if (setpgid(p,p) < 0)
perror("login.krb5: setpgid");
#elif defined(SETPGRP_TWOARG)
if (setpgrp(p,p) < 0)
--- 1676,1683 ----
/* this will set the PGID to the PID. */
#ifdef HAVE_SETPGID
! /* AIX 4.3 complains ... possibly because p is session leader?? DC */
! if (getpgid(0) != p && setpgid(p,p) < 0)
perror("login.krb5: setpgid");
#elif defined(SETPGRP_TWOARG)
if (setpgrp(p,p) < 0)
***************
*** 1609,1614 ****
--- 1803,1812 ----
if (setlogin(pwd->pw_name) < 0)
syslog(LOG_ERR, "setlogin() failure %d",errno);
#endif
+ #ifdef _AIX
+ aixpenv(pwd->pw_name, ttyn);
+ setpcred(pwd->pw_name, 0);
+ #endif
#ifdef HAVE_SETLUID
/*
***************
*** 1737,1743 ****
setenv("KRB5CCNAME", ccname, 1);
setenv("HOME", pwd->pw_dir, 1);
! setenv("PATH", LPATH, 1);
setenv("USER", pwd->pw_name, 1);
setenv("SHELL", pwd->pw_shell, 1);
--- 1935,1941 ----
setenv("KRB5CCNAME", ccname, 1);
setenv("HOME", pwd->pw_dir, 1);
! setenv("PATH", LPATH, 0);
setenv("USER", pwd->pw_name, 1);
setenv("SHELL", pwd->pw_shell, 1);
More information about the krbdev
mailing list