1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2 /* 3 * Copyright (c) 1994 by the University of Southern California 4 * 5 * EXPORT OF THIS SOFTWARE from the United States of America may 6 * require a specific license from the United States Government. 7 * It is the responsibility of any person or organization contemplating 8 * export to obtain such a license before exporting. 9 * 10 * WITHIN THAT CONSTRAINT, permission to copy, modify, and distribute 11 * this software and its documentation in source and binary forms is 12 * hereby granted, provided that any documentation or other materials 13 * related to such distribution or use acknowledge that the software 14 * was developed by the University of Southern California. 15 * 16 * DISCLAIMER OF WARRANTY. THIS SOFTWARE IS PROVIDED "AS IS". The 17 * University of Southern California MAKES NO REPRESENTATIONS OR 18 * WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not 19 * limitation, the University of Southern California MAKES NO 20 * REPRESENTATIONS OR WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY 21 * PARTICULAR PURPOSE. The University of Southern 22 * California shall not be held liable for any liability nor for any 23 * direct, indirect, or consequential damages with respect to any 24 * claim by the user or distributor of the ksu software. 25 * 26 * KSU was written by: Ari Medvinsky, ari@isi.edu 27 */ 28 29 #include "k5-int.h" 30 #include "k5-util.h" 31 #include <stdio.h> 32 #include "com_err.h" 33 #include <sys/types.h> 34 #include <sys/param.h> 35 #include <pwd.h> 36 #include <unistd.h> 37 #include <string.h> 38 #include <syslog.h> 39 /* <stdarg.h> or <varargs.h> is already included by com_err.h. */ 40 41 #define NO_TARGET_FILE '.' 42 #define SOURCE_USER_LOGIN "." 43 44 #define KRB5_DEFAULT_OPTIONS 0 45 #define KRB5_DEFAULT_TKT_LIFE 60*60*12 /* 12 hours */ 46 47 #define KRB5_LOGIN_NAME ".k5login" 48 #define KRB5_USERS_NAME ".k5users" 49 #define USE_DEFAULT_REALM_NAME "." 50 #define PERMIT_ALL_COMMANDS "*" 51 #define KRB5_SEC_BUFFSIZE 80 52 #define NOT_AUTHORIZED 1 53 54 #define CHUNK 3 55 #define CACHE_MODE 0600 56 #define MAX_CMD 2048 /* this is temp, should use realloc instead, 57 as done in most of the code */ 58 59 60 extern int optind; 61 extern char * optarg; 62 63 /* globals */ 64 extern char * prog_name; 65 extern int auth_debug; 66 extern int quiet; 67 extern char k5login_path[MAXPATHLEN]; 68 extern char k5users_path[MAXPATHLEN]; 69 extern char * gb_err; 70 /***********/ 71 72 /* krb_auth_su.c */ 73 extern krb5_boolean krb5_auth_check 74 (krb5_context, krb5_principal, char *, krb5_get_init_creds_opt *, 75 char *, krb5_ccache, int *, uid_t); 76 77 extern krb5_boolean krb5_fast_auth 78 (krb5_context, krb5_principal, krb5_principal, char *, 79 krb5_ccache); 80 81 extern krb5_boolean ksu_get_tgt_via_passwd 82 (krb5_context, 83 krb5_principal, krb5_get_init_creds_opt *, krb5_boolean *, krb5_creds *); 84 85 extern void dump_principal 86 (krb5_context, char *, krb5_principal); 87 88 extern void plain_dump_principal 89 (krb5_context, krb5_principal); 90 91 92 extern krb5_error_code krb5_parse_lifetime 93 (char *, long *); 94 95 extern krb5_error_code get_best_principal 96 (krb5_context, char **, krb5_principal *); 97 98 /* ccache.c */ 99 extern krb5_error_code krb5_ccache_copy 100 (krb5_context, krb5_ccache, krb5_principal, krb5_ccache, 101 krb5_boolean, krb5_principal, krb5_boolean *); 102 103 extern krb5_error_code krb5_store_all_creds 104 (krb5_context, krb5_ccache, krb5_creds **, krb5_creds **); 105 106 extern krb5_error_code krb5_store_all_creds 107 (krb5_context, krb5_ccache, krb5_creds **, krb5_creds **); 108 109 extern krb5_boolean compare_creds 110 (krb5_context, krb5_creds *, krb5_creds *); 111 112 extern krb5_error_code krb5_get_nonexp_tkts 113 (krb5_context, krb5_ccache, krb5_creds ***); 114 115 extern krb5_error_code krb5_check_exp 116 (krb5_context, krb5_ticket_times); 117 118 extern char *flags_string (krb5_creds *); 119 120 extern krb5_error_code krb5_get_login_princ 121 (const char *, char ***); 122 123 extern void show_credential 124 (krb5_context, krb5_creds *, krb5_ccache); 125 126 krb5_error_code gen_sym(krb5_context context, char **sym); 127 128 extern krb5_error_code krb5_ccache_overwrite 129 (krb5_context, krb5_ccache, krb5_ccache, krb5_principal); 130 131 extern krb5_error_code krb5_store_some_creds 132 (krb5_context, krb5_ccache, krb5_creds **, krb5_creds **, 133 krb5_principal, krb5_boolean *); 134 135 extern krb5_boolean ks_ccache_name_is_initialized 136 (krb5_context, const char *); 137 138 extern krb5_boolean ks_ccache_is_initialized 139 (krb5_context, krb5_ccache); 140 141 extern krb5_error_code krb5_ccache_refresh 142 (krb5_context, krb5_ccache); 143 144 extern krb5_error_code krb5_ccache_filter 145 (krb5_context, krb5_ccache, krb5_principal); 146 147 extern krb5_boolean krb5_find_princ_in_cred_list 148 (krb5_context, krb5_creds **, krb5_principal); 149 150 extern krb5_error_code krb5_find_princ_in_cache 151 (krb5_context, krb5_ccache, krb5_principal, krb5_boolean *); 152 153 extern void printtime (krb5_timestamp); 154 155 /* authorization.c */ 156 extern krb5_boolean fowner (FILE *, uid_t); 157 158 extern krb5_error_code krb5_authorization 159 (krb5_context, krb5_principal, const char *, char *, 160 krb5_boolean *, char **); 161 162 extern krb5_error_code k5login_lookup (FILE *, char *, 163 krb5_boolean *); 164 165 extern krb5_error_code k5users_lookup 166 (FILE *, char *, char *, krb5_boolean *, char **); 167 168 extern krb5_boolean fcmd_resolve 169 (char *, char ***, char **); 170 171 extern krb5_boolean cmd_single (char *); 172 173 extern int cmd_arr_cmp_postfix (char **, char *); 174 175 extern int cmd_arr_cmp (char **, char *); 176 177 extern krb5_boolean find_first_cmd_that_exists 178 (char **, char **, char **); 179 180 extern int match_commands 181 (char *, char *, krb5_boolean *, char **, char **); 182 183 extern krb5_error_code get_line (FILE *, char **); 184 185 extern char * get_first_token (char *, char **); 186 187 extern char * get_next_token (char **); 188 189 extern void init_auth_names (char *); 190 191 /* main.c */ 192 extern void usage (void); 193 194 extern int standard_shell (char *); 195 196 extern krb5_error_code get_params (int *, int, char **, char ***); 197 198 /* heuristic.c */ 199 extern krb5_error_code get_all_princ_from_file (FILE *, char ***); 200 201 extern krb5_error_code list_union (char **, char **, char ***); 202 203 extern krb5_error_code filter (FILE *, char *, char **, char ***); 204 205 extern krb5_error_code get_authorized_princ_names 206 (const char *, char *, char ***); 207 208 extern krb5_error_code get_closest_principal 209 (krb5_context, char **, krb5_principal *, krb5_boolean *); 210 211 extern krb5_error_code find_either_ticket 212 (krb5_context, krb5_ccache, krb5_principal, 213 krb5_principal, krb5_boolean *); 214 215 extern krb5_error_code find_ticket 216 (krb5_context, krb5_ccache, krb5_principal, 217 krb5_principal, krb5_boolean *); 218 219 220 extern krb5_error_code find_princ_in_list 221 (krb5_context, krb5_principal, char **, krb5_boolean *); 222 223 extern krb5_error_code get_best_princ_for_target 224 (krb5_context, uid_t, uid_t, char *, char *, krb5_ccache, 225 krb5_get_init_creds_opt *, char *, char *, krb5_principal *, int *); 226 227 extern krb5_error_code ksu_tgtname (krb5_context, const krb5_data *, 228 const krb5_data *, 229 krb5_principal *tgtprinc); 230 231 #ifndef min 232 #define min(a,b) ((a) > (b) ? (b) : (a)) 233 #endif /* min */ 234 235 236 extern char *krb5_lname_file; /* Note: print this out just be sure 237 that it gets set */ 238 239 extern void *xmalloc (size_t), 240 *xrealloc (void *, size_t), 241 *xcalloc (size_t, size_t); 242 extern char *xstrdup (const char *); 243 extern char *xasprintf (const char *format, ...); 244 245 #ifndef HAVE_UNSETENV 246 void unsetenv (char *); 247 #endif 248