|
|
2bc5a13 |
Index: appl/gssftp/ftpd/ftpd.c
|
|
|
2bc5a13 |
===================================================================
|
|
|
d859fd0 |
*** appl/gssftp/ftpd/ftpd.c (revision 18440)
|
|
|
2bc5a13 |
--- appl/gssftp/ftpd/ftpd.c (working copy)
|
|
|
2bc5a13 |
***************
|
|
|
2bc5a13 |
*** 1367,1373 ****
|
|
|
2bc5a13 |
goto bad;
|
|
|
2bc5a13 |
sleep(tries);
|
|
|
2bc5a13 |
}
|
|
|
2bc5a13 |
! (void) krb5_seteuid((uid_t)pw->pw_uid);
|
|
|
2bc5a13 |
#ifdef IP_TOS
|
|
|
2bc5a13 |
#ifdef IPTOS_THROUGHPUT
|
|
|
2bc5a13 |
on = IPTOS_THROUGHPUT;
|
|
|
2bc5a13 |
--- 1367,1375 ----
|
|
|
2bc5a13 |
goto bad;
|
|
|
2bc5a13 |
sleep(tries);
|
|
|
2bc5a13 |
}
|
|
|
2bc5a13 |
! if (krb5_seteuid((uid_t)pw->pw_uid)) {
|
|
|
2bc5a13 |
! fatal("seteuid user");
|
|
|
2bc5a13 |
! }
|
|
|
2bc5a13 |
#ifdef IP_TOS
|
|
|
2bc5a13 |
#ifdef IPTOS_THROUGHPUT
|
|
|
2bc5a13 |
on = IPTOS_THROUGHPUT;
|
|
|
2bc5a13 |
***************
|
|
|
2bc5a13 |
*** 1377,1383 ****
|
|
|
2bc5a13 |
#endif
|
|
|
2bc5a13 |
return (fdopen(s, fmode));
|
|
|
2bc5a13 |
bad:
|
|
|
2bc5a13 |
! (void) krb5_seteuid((uid_t)pw->pw_uid);
|
|
|
2bc5a13 |
(void) close(s);
|
|
|
2bc5a13 |
return (NULL);
|
|
|
2bc5a13 |
}
|
|
|
2bc5a13 |
--- 1379,1387 ----
|
|
|
2bc5a13 |
#endif
|
|
|
2bc5a13 |
return (fdopen(s, fmode));
|
|
|
2bc5a13 |
bad:
|
|
|
2bc5a13 |
! if (krb5_seteuid((uid_t)pw->pw_uid)) {
|
|
|
2bc5a13 |
! fatal("seteuid user");
|
|
|
2bc5a13 |
! }
|
|
|
2bc5a13 |
(void) close(s);
|
|
|
2bc5a13 |
return (NULL);
|
|
|
2bc5a13 |
}
|
|
|
2bc5a13 |
***************
|
|
|
2bc5a13 |
*** 2186,2192 ****
|
|
|
2bc5a13 |
(void) krb5_seteuid((uid_t)pw->pw_uid);
|
|
|
2bc5a13 |
goto pasv_error;
|
|
|
2bc5a13 |
}
|
|
|
2bc5a13 |
! (void) krb5_seteuid((uid_t)pw->pw_uid);
|
|
|
2bc5a13 |
len = sizeof(pasv_addr);
|
|
|
2bc5a13 |
if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0)
|
|
|
2bc5a13 |
goto pasv_error;
|
|
|
2bc5a13 |
--- 2190,2198 ----
|
|
|
2bc5a13 |
(void) krb5_seteuid((uid_t)pw->pw_uid);
|
|
|
2bc5a13 |
goto pasv_error;
|
|
|
2bc5a13 |
}
|
|
|
2bc5a13 |
! if (krb5_seteuid((uid_t)pw->pw_uid)) {
|
|
|
2bc5a13 |
! fatal("seteuid user");
|
|
|
2bc5a13 |
! }
|
|
|
2bc5a13 |
len = sizeof(pasv_addr);
|
|
|
2bc5a13 |
if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0)
|
|
|
2bc5a13 |
goto pasv_error;
|
|
|
2bc5a13 |
Index: appl/bsd/v4rcp.c
|
|
|
2bc5a13 |
===================================================================
|
|
|
d859fd0 |
*** appl/bsd/v4rcp.c (revision 18440)
|
|
|
2bc5a13 |
--- appl/bsd/v4rcp.c (working copy)
|
|
|
2bc5a13 |
***************
|
|
|
2bc5a13 |
*** 436,442 ****
|
|
|
2bc5a13 |
kstream_set_buffer_mode (krem, 0);
|
|
|
2bc5a13 |
#endif /* KERBEROS && !NOENCRYPTION */
|
|
|
2bc5a13 |
(void) response();
|
|
|
2bc5a13 |
! (void) setuid(userid);
|
|
|
2bc5a13 |
source(--argc, ++argv);
|
|
|
2bc5a13 |
exit(errs);
|
|
|
2bc5a13 |
|
|
|
2bc5a13 |
--- 436,445 ----
|
|
|
2bc5a13 |
kstream_set_buffer_mode (krem, 0);
|
|
|
2bc5a13 |
#endif /* KERBEROS && !NOENCRYPTION */
|
|
|
2bc5a13 |
(void) response();
|
|
|
2bc5a13 |
! if (setuid(userid)) {
|
|
|
2bc5a13 |
! error("rcp: can't setuid(user)\n");
|
|
|
2bc5a13 |
! exit(1);
|
|
|
2bc5a13 |
! }
|
|
|
2bc5a13 |
source(--argc, ++argv);
|
|
|
2bc5a13 |
exit(errs);
|
|
|
2bc5a13 |
|
|
|
2bc5a13 |
***************
|
|
|
2bc5a13 |
*** 452,458 ****
|
|
|
2bc5a13 |
krem = kstream_create_from_fd (rem, 0, 0);
|
|
|
2bc5a13 |
kstream_set_buffer_mode (krem, 0);
|
|
|
2bc5a13 |
#endif /* KERBEROS && !NOENCRYPTION */
|
|
|
2bc5a13 |
! (void) setuid(userid);
|
|
|
2bc5a13 |
sink(--argc, ++argv);
|
|
|
2bc5a13 |
exit(errs);
|
|
|
2bc5a13 |
|
|
|
2bc5a13 |
--- 455,464 ----
|
|
|
2bc5a13 |
krem = kstream_create_from_fd (rem, 0, 0);
|
|
|
2bc5a13 |
kstream_set_buffer_mode (krem, 0);
|
|
|
2bc5a13 |
#endif /* KERBEROS && !NOENCRYPTION */
|
|
|
2bc5a13 |
! if (setuid(userid)) {
|
|
|
2bc5a13 |
! error("rcp: can't setuid(user)\n");
|
|
|
2bc5a13 |
! exit(1);
|
|
|
2bc5a13 |
! }
|
|
|
2bc5a13 |
sink(--argc, ++argv);
|
|
|
2bc5a13 |
exit(errs);
|
|
|
2bc5a13 |
|
|
|
2bc5a13 |
Index: appl/bsd/krcp.c
|
|
|
2bc5a13 |
===================================================================
|
|
|
d859fd0 |
*** appl/bsd/krcp.c (revision 18440)
|
|
|
2bc5a13 |
--- appl/bsd/krcp.c (working copy)
|
|
|
2bc5a13 |
***************
|
|
|
2bc5a13 |
*** 620,626 ****
|
|
|
2bc5a13 |
|
|
|
2bc5a13 |
euid = geteuid();
|
|
|
2bc5a13 |
if (euid == 0) {
|
|
|
2bc5a13 |
! (void) setuid(0);
|
|
|
2bc5a13 |
if(krb5_seteuid(userid)) {
|
|
|
2bc5a13 |
perror("rcp seteuid user"); errs++; exit(errs);
|
|
|
2bc5a13 |
}
|
|
|
2bc5a13 |
--- 620,628 ----
|
|
|
2bc5a13 |
|
|
|
2bc5a13 |
euid = geteuid();
|
|
|
2bc5a13 |
if (euid == 0) {
|
|
|
2bc5a13 |
! if (setuid(0)) {
|
|
|
2bc5a13 |
! perror("rcp setuid 0"); errs++; exit(errs);
|
|
|
2bc5a13 |
! }
|
|
|
2bc5a13 |
if(krb5_seteuid(userid)) {
|
|
|
2bc5a13 |
perror("rcp seteuid user"); errs++; exit(errs);
|
|
|
2bc5a13 |
}
|
|
|
2bc5a13 |
***************
|
|
|
2bc5a13 |
*** 638,648 ****
|
|
|
2bc5a13 |
continue;
|
|
|
2bc5a13 |
rcmd_stream_init_normal();
|
|
|
2bc5a13 |
#ifdef HAVE_SETREUID
|
|
|
2bc5a13 |
! (void) setreuid(0, userid);
|
|
|
2bc5a13 |
sink(1, argv+argc-1);
|
|
|
2bc5a13 |
! (void) setreuid(userid, 0);
|
|
|
2bc5a13 |
#else
|
|
|
2bc5a13 |
! (void) setuid(0);
|
|
|
2bc5a13 |
if(seteuid(userid)) {
|
|
|
2bc5a13 |
perror("rcp seteuid user"); errs++; exit(errs);
|
|
|
2bc5a13 |
}
|
|
|
2bc5a13 |
--- 640,656 ----
|
|
|
2bc5a13 |
continue;
|
|
|
2bc5a13 |
rcmd_stream_init_normal();
|
|
|
2bc5a13 |
#ifdef HAVE_SETREUID
|
|
|
2bc5a13 |
! if (setreuid(0, userid)) {
|
|
|
2bc5a13 |
! perror("rcp setreuid 0,user"); errs++; exit(errs);
|
|
|
2bc5a13 |
! }
|
|
|
2bc5a13 |
sink(1, argv+argc-1);
|
|
|
2bc5a13 |
! if (setreuid(userid, 0)) {
|
|
|
2bc5a13 |
! perror("rcp setreuid user,0"); errs++; exit(errs);
|
|
|
2bc5a13 |
! }
|
|
|
2bc5a13 |
#else
|
|
|
2bc5a13 |
! if (setuid(0)) {
|
|
|
2bc5a13 |
! perror("rcp setuid 0"); errs++; exit(errs);
|
|
|
2bc5a13 |
! }
|
|
|
2bc5a13 |
if(seteuid(userid)) {
|
|
|
2bc5a13 |
perror("rcp seteuid user"); errs++; exit(errs);
|
|
|
2bc5a13 |
}
|
|
|
2bc5a13 |
Index: appl/bsd/login.c
|
|
|
2bc5a13 |
===================================================================
|
|
|
d859fd0 |
*** appl/bsd/login.c (revision 18440)
|
|
|
2bc5a13 |
--- appl/bsd/login.c (working copy)
|
|
|
2bc5a13 |
***************
|
|
|
2bc5a13 |
*** 1648,1654 ****
|
|
|
2bc5a13 |
}
|
|
|
2bc5a13 |
#endif /* HAVE_SETLUID */
|
|
|
2bc5a13 |
#ifdef _IBMR2
|
|
|
2bc5a13 |
! setuidx(ID_LOGIN, pwd->pw_uid);
|
|
|
2bc5a13 |
#endif
|
|
|
2bc5a13 |
|
|
|
2bc5a13 |
/* This call MUST succeed */
|
|
|
2bc5a13 |
--- 1648,1657 ----
|
|
|
2bc5a13 |
}
|
|
|
2bc5a13 |
#endif /* HAVE_SETLUID */
|
|
|
2bc5a13 |
#ifdef _IBMR2
|
|
|
2bc5a13 |
! if (setuidx(ID_LOGIN, pwd->pw_uid) < 0) {
|
|
|
2bc5a13 |
! perror("setuidx");
|
|
|
2bc5a13 |
! sleepexit(1);
|
|
|
2bc5a13 |
! };
|
|
|
2bc5a13 |
#endif
|
|
|
2bc5a13 |
|
|
|
2bc5a13 |
/* This call MUST succeed */
|
|
|
2bc5a13 |
Index: appl/bsd/krshd.c
|
|
|
2bc5a13 |
===================================================================
|
|
|
d859fd0 |
*** appl/bsd/krshd.c (revision 18440)
|
|
|
2bc5a13 |
--- appl/bsd/krshd.c (working copy)
|
|
|
2bc5a13 |
***************
|
|
|
2bc5a13 |
*** 1403,1411 ****
|
|
|
2bc5a13 |
* If we're on a system which keeps track of login uids, then
|
|
|
2bc5a13 |
* set the login uid.
|
|
|
2bc5a13 |
*/
|
|
|
2bc5a13 |
! setluid((uid_t) pwd->pw_uid);
|
|
|
2bc5a13 |
#endif /* HAVE_SETLUID */
|
|
|
2bc5a13 |
! (void) setuid((uid_t)pwd->pw_uid);
|
|
|
2bc5a13 |
/* if TZ is set in the parent, drag it in */
|
|
|
2bc5a13 |
{
|
|
|
2bc5a13 |
char **findtz = environ;
|
|
|
2bc5a13 |
--- 1403,1417 ----
|
|
|
2bc5a13 |
* If we're on a system which keeps track of login uids, then
|
|
|
2bc5a13 |
* set the login uid.
|
|
|
2bc5a13 |
*/
|
|
|
2bc5a13 |
! if (setluid((uid_t) pwd->pw_uid) < 0) {
|
|
|
2bc5a13 |
! perror("setluid");
|
|
|
2bc5a13 |
! _exit(1);
|
|
|
2bc5a13 |
! }
|
|
|
2bc5a13 |
#endif /* HAVE_SETLUID */
|
|
|
2bc5a13 |
! if (setuid((uid_t)pwd->pw_uid) < 0) {
|
|
|
2bc5a13 |
! perror("setuid");
|
|
|
2bc5a13 |
! _exit(1);
|
|
|
2bc5a13 |
! }
|
|
|
2bc5a13 |
/* if TZ is set in the parent, drag it in */
|
|
|
2bc5a13 |
{
|
|
|
2bc5a13 |
char **findtz = environ;
|
|
|
2bc5a13 |
Index: clients/ksu/main.c
|
|
|
2bc5a13 |
===================================================================
|
|
|
d859fd0 |
*** clients/ksu/main.c (revision 18440)
|
|
|
2bc5a13 |
--- clients/ksu/main.c (working copy)
|
|
|
2bc5a13 |
***************
|
|
|
d859fd0 |
*** 893,900 ****
|
|
|
2bc5a13 |
struct stat st_temp;
|
|
|
2bc5a13 |
|
|
|
d859fd0 |
krb5_seteuid(0);
|
|
|
2bc5a13 |
! krb5_seteuid(target_uid);
|
|
|
2bc5a13 |
!
|
|
|
2bc5a13 |
cc_name = krb5_cc_get_name(context, cc);
|
|
|
2bc5a13 |
if ( ! stat(cc_name, &st_temp)){
|
|
|
2bc5a13 |
if ((retval = krb5_cc_destroy(context, cc))){
|
|
|
d859fd0 |
--- 893,904 ----
|
|
|
2bc5a13 |
struct stat st_temp;
|
|
|
2bc5a13 |
|
|
|
d859fd0 |
krb5_seteuid(0);
|
|
|
d859fd0 |
! if (krb5_seteuid(target_uid) < 0) {
|
|
|
2bc5a13 |
! com_err(prog_name, errno,
|
|
|
d859fd0 |
! "while changing to target uid for destroying ccache");
|
|
|
2bc5a13 |
! exit(1);
|
|
|
2bc5a13 |
! }
|
|
|
2bc5a13 |
!
|
|
|
2bc5a13 |
cc_name = krb5_cc_get_name(context, cc);
|
|
|
2bc5a13 |
if ( ! stat(cc_name, &st_temp)){
|
|
|
2bc5a13 |
if ((retval = krb5_cc_destroy(context, cc))){
|
|
|
2bc5a13 |
Index: lib/krb4/kuserok.c
|
|
|
2bc5a13 |
===================================================================
|
|
|
d859fd0 |
*** lib/krb4/kuserok.c (revision 18440)
|
|
|
2bc5a13 |
--- lib/krb4/kuserok.c (working copy)
|
|
|
2bc5a13 |
***************
|
|
|
2bc5a13 |
*** 159,167 ****
|
|
|
2bc5a13 |
*/
|
|
|
2bc5a13 |
if(getuid() == 0) {
|
|
|
2bc5a13 |
uid_t old_euid = geteuid();
|
|
|
2bc5a13 |
! seteuid(pwd->pw_uid);
|
|
|
2bc5a13 |
fp = fopen(pbuf, "r");
|
|
|
2bc5a13 |
! seteuid(old_euid);
|
|
|
2bc5a13 |
if ((fp) == NULL) {
|
|
|
2bc5a13 |
return(NOTOK);
|
|
|
2bc5a13 |
}
|
|
|
2bc5a13 |
--- 159,169 ----
|
|
|
2bc5a13 |
*/
|
|
|
2bc5a13 |
if(getuid() == 0) {
|
|
|
2bc5a13 |
uid_t old_euid = geteuid();
|
|
|
2bc5a13 |
! if (seteuid(pwd->pw_uid) < 0)
|
|
|
2bc5a13 |
! return NOTOK;
|
|
|
2bc5a13 |
fp = fopen(pbuf, "r");
|
|
|
2bc5a13 |
! if (seteuid(old_euid) < 0)
|
|
|
2bc5a13 |
! return NOTOK;
|
|
|
2bc5a13 |
if ((fp) == NULL) {
|
|
|
2bc5a13 |
return(NOTOK);
|
|
|
2bc5a13 |
}
|