problem with kerberos telnetd on AIX
David McWilliams
davem at ncsa.uiuc.edu
Mon Apr 28 16:58:16 EDT 2003
Donn,
Thanks for your source changes.
Please pardon my ignorance, but how do these AIX fixes get into the source
tree?
Dave McWilliams
NCSA
----------------------------
At 10:59 AM 4/25/2003 -0700, Donn Cave wrote:
>Quoth David McWilliams <davem at ncsa.uiuc.edu>:
>...
>| Does anyone know if there is a version of kerberos telnetd with a call to
>| setpcred? If not, do any of you telnetd experts have any suggestions for
>| how to modify it?
>
>As Jeffrey Altman pointed out, this goes in appl/bsd/login.c
>
>I'm appending a little wad of junk from our login.c, where my
>extensive changes have been mostly but not entirely devoted to
>accommodating AIX peculiarities. It is excerpted from a context
>diff, but will not work as input for "patch".
>
>There is a little documentation in comments. If I remember right,
>the last change allows /etc/environment to set PATH.
>
> Donn Cave, University Computing Services, University of Washington
> donn at u.washington.edu
>-----------------------------
>*** 223,231 ****
> #ifdef _IBMR2
> #include <usersec.h>
> #include <sys/id.h>
> #endif
>
>! #if defined(_AIX)
> #define PRIO_OFFSET 20
> #else
> #define PRIO_OFFSET 0
>--- 228,237 ----
> #ifdef _IBMR2
> #include <usersec.h>
> #include <sys/id.h>
>+ #include <uinfo.h>
> #endif
>
>! #if defined(_AIX) && !defined(_AIX41)
> #define PRIO_OFFSET 20
> #else
> #define PRIO_OFFSET 0
>***************
>*** anywhere ****
>+ #ifdef _AIX
>+ /*
>+ ** More AIXisms.
>+ ** usrinfo() sets a privileged version of the environment.
>+ ** It's hard to say how important these are, but one known
>+ ** application is getlogin(), which is called from ftp.
>+ ** Without the following, this will erroneously conclude
>+ ** that you are "root". (Harmless but annoying.)
>+ ** The data is concatenated NUL terminated strings, with
>+ ** an extra NUL to terminate the list.
>+ */
>+ static void
>+ aixpenv(const char *name, const char *ttyn)
>+ {
>+ char stuff[512], *cp;
>+ int len;
>+ cp = stuff;
>+ memcpy(cp, "LOGNAME=", 8); cp += 8;
>+ len = strlen(pwd->pw_name);
>+ if (len > 16)
>+ len = 16;
>+ memcpy(cp, pwd->pw_name, len); cp += len;
>+ *cp++ = 0;
>+ memcpy(cp, "NAME=", 5); cp += 5;
>+ memcpy(cp, pwd->pw_name, len); cp += len;
>+ *cp++ = 0;
>+ memcpy(cp, "TTY=", 4); cp += 4;
>+ len = strlen(ttyn);
>+ if (len > 16)
>+ len = 16;
>+ memcpy(cp, ttyn, len); cp += len;
>+ *cp++ = 0;
>+ *cp++ = 0;
>+ usrinfo(SETUINFO, stuff, cp - stuff);
>+ }
>+ #endif
>+
>***************
>*** 1483,1489 ****
>
> /* this will set the PGID to the PID. */
> #ifdef HAVE_SETPGID
>! if (setpgid(p,p) < 0)
> perror("login.krb5: setpgid");
> #elif defined(SETPGRP_TWOARG)
> if (setpgrp(p,p) < 0)
>--- 1676,1683 ----
>
> /* this will set the PGID to the PID. */
> #ifdef HAVE_SETPGID
>! /* AIX 4.3 complains ... possibly because p is session leader?? DC */
>! if (getpgid(0) != p && setpgid(p,p) < 0)
> perror("login.krb5: setpgid");
> #elif defined(SETPGRP_TWOARG)
> if (setpgrp(p,p) < 0)
>***************
>*** 1609,1614 ****
>--- 1803,1812 ----
> if (setlogin(pwd->pw_name) < 0)
> syslog(LOG_ERR, "setlogin() failure %d",errno);
> #endif
>+ #ifdef _AIX
>+ aixpenv(pwd->pw_name, ttyn);
>+ setpcred(pwd->pw_name, 0);
>+ #endif
>
> #ifdef HAVE_SETLUID
> /*
>***************
>*** 1737,1743 ****
> setenv("KRB5CCNAME", ccname, 1);
>
> setenv("HOME", pwd->pw_dir, 1);
>! setenv("PATH", LPATH, 1);
> setenv("USER", pwd->pw_name, 1);
> setenv("SHELL", pwd->pw_shell, 1);
>
>--- 1935,1941 ----
> setenv("KRB5CCNAME", ccname, 1);
>
> setenv("HOME", pwd->pw_dir, 1);
>! setenv("PATH", LPATH, 0);
> setenv("USER", pwd->pw_name, 1);
> setenv("SHELL", pwd->pw_shell, 1);
More information about the krbdev
mailing list