1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2 /* 3 * Copyright (c) 1994 by the University of Southern California 4 * 5 * EXPORT OF THIS SOFTWARE from the United States of America may 6 * require a specific license from the United States Government. 7 * It is the responsibility of any person or organization contemplating 8 * export to obtain such a license before exporting. 9 * 10 * WITHIN THAT CONSTRAINT, permission to copy, modify, and distribute 11 * this software and its documentation in source and binary forms is 12 * hereby granted, provided that any documentation or other materials 13 * related to such distribution or use acknowledge that the software 14 * was developed by the University of Southern California. 15 * 16 * DISCLAIMER OF WARRANTY. THIS SOFTWARE IS PROVIDED "AS IS". The 17 * University of Southern California MAKES NO REPRESENTATIONS OR 18 * WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not 19 * limitation, the University of Southern California MAKES NO 20 * REPRESENTATIONS OR WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY 21 * PARTICULAR PURPOSE. The University of Southern 22 * California shall not be held liable for any liability nor for any 23 * direct, indirect, or consequential damages with respect to any 24 * claim by the user or distributor of the ksu software. 25 * 26 * KSU was written by: Ari Medvinsky, ari@isi.edu 27 */ 28 29 #include "k5-int.h" 30 #include "k5-util.h" 31 #include <stdio.h> 32 #include "com_err.h" 33 #include <sys/types.h> 34 #include <sys/param.h> 35 #include <pwd.h> 36 #include <unistd.h> 37 #include <string.h> 38 #include <syslog.h> 39 /* <stdarg.h> or <varargs.h> is already included by com_err.h. */ 40 41 #define NO_TARGET_FILE '.' 42 #define SOURCE_USER_LOGIN "." 43 44 #define KRB5_DEFAULT_OPTIONS 0 45 #define KRB5_DEFAULT_TKT_LIFE 60*60*12 /* 12 hours */ 46 47 #define KRB5_LOGIN_NAME ".k5login" 48 #define KRB5_USERS_NAME ".k5users" 49 #define USE_DEFAULT_REALM_NAME "." 50 #define PERMIT_ALL_COMMANDS "*" 51 #define KRB5_SEC_BUFFSIZE 80 52 #define NOT_AUTHORIZED 1 53 54 #define CHUNK 3 55 #define CACHE_MODE 0600 56 #define MAX_CMD 2048 /* this is temp, should use realloc instead, 57 as done in most of the code */ 58 59 60 extern int optind; 61 extern char * optarg; 62 63 /* globals */ 64 extern char * prog_name; 65 extern int auth_debug; 66 extern int quiet; 67 extern char k5login_path[MAXPATHLEN]; 68 extern char k5users_path[MAXPATHLEN]; 69 extern char * gb_err; 70 /***********/ 71 72 /* krb_auth_su.c */ 73 extern krb5_boolean krb5_auth_check 74 (krb5_context, krb5_principal, char *, krb5_get_init_creds_opt *, 75 char *, krb5_ccache, int *, uid_t); 76 77 extern krb5_boolean krb5_fast_auth 78 (krb5_context, krb5_principal, krb5_principal, char *, 79 krb5_ccache); 80 81 extern krb5_boolean ksu_get_tgt_via_passwd 82 (krb5_context, 83 krb5_principal, krb5_get_init_creds_opt *, krb5_boolean *, krb5_creds *); 84 85 extern void dump_principal 86 (krb5_context, char *, krb5_principal); 87 88 extern void plain_dump_principal 89 (krb5_context, krb5_principal); 90 91 92 extern krb5_error_code krb5_parse_lifetime 93 (char *, long *); 94 95 /* ccache.c */ 96 extern krb5_error_code krb5_ccache_copy 97 (krb5_context, krb5_ccache, krb5_principal, krb5_ccache, 98 krb5_boolean, krb5_principal, krb5_boolean *); 99 100 extern krb5_error_code krb5_store_all_creds 101 (krb5_context, krb5_ccache, krb5_creds **, krb5_creds **); 102 103 extern krb5_error_code krb5_store_all_creds 104 (krb5_context, krb5_ccache, krb5_creds **, krb5_creds **); 105 106 extern krb5_boolean compare_creds 107 (krb5_context, krb5_creds *, krb5_creds *); 108 109 extern krb5_error_code krb5_get_nonexp_tkts 110 (krb5_context, krb5_ccache, krb5_creds ***); 111 112 extern krb5_error_code krb5_check_exp 113 (krb5_context, krb5_ticket_times); 114 115 extern char *flags_string (krb5_creds *); 116 117 extern void show_credential 118 (krb5_context, krb5_creds *, krb5_ccache); 119 120 krb5_error_code gen_sym(krb5_context context, char **sym); 121 122 extern krb5_error_code krb5_ccache_overwrite 123 (krb5_context, krb5_ccache, krb5_ccache, krb5_principal); 124 125 extern krb5_error_code krb5_store_some_creds 126 (krb5_context, krb5_ccache, krb5_creds **, krb5_creds **, 127 krb5_principal, krb5_boolean *); 128 129 extern krb5_boolean ks_ccache_name_is_initialized 130 (krb5_context, const char *); 131 132 extern krb5_boolean ks_ccache_is_initialized 133 (krb5_context, krb5_ccache); 134 135 extern krb5_error_code krb5_ccache_refresh 136 (krb5_context, krb5_ccache); 137 138 extern krb5_error_code krb5_ccache_filter 139 (krb5_context, krb5_ccache, krb5_principal); 140 141 extern krb5_boolean krb5_find_princ_in_cred_list 142 (krb5_context, krb5_creds **, krb5_principal); 143 144 extern krb5_error_code krb5_find_princ_in_cache 145 (krb5_context, krb5_ccache, krb5_principal, krb5_boolean *); 146 147 extern void printtime (krb5_timestamp); 148 149 /* authorization.c */ 150 extern krb5_boolean fowner (FILE *, uid_t); 151 152 extern krb5_error_code krb5_authorization 153 (krb5_context, krb5_principal, const char *, char *, 154 krb5_boolean *, char **); 155 156 extern krb5_error_code k5login_lookup (FILE *, char *, 157 krb5_boolean *); 158 159 extern krb5_error_code k5users_lookup 160 (FILE *, char *, char *, krb5_boolean *, char **); 161 162 extern krb5_boolean fcmd_resolve 163 (char *, char ***, char **); 164 165 extern krb5_boolean cmd_single (char *); 166 167 extern int cmd_arr_cmp_postfix (char **, char *); 168 169 extern int cmd_arr_cmp (char **, char *); 170 171 extern krb5_boolean find_first_cmd_that_exists 172 (char **, char **, char **); 173 174 extern int match_commands 175 (char *, char *, krb5_boolean *, char **, char **); 176 177 extern krb5_error_code get_line (FILE *, char **); 178 179 extern char * get_first_token (char *, char **); 180 181 extern char * get_next_token (char **); 182 183 extern void init_auth_names (char *); 184 185 /* main.c */ 186 extern void usage (void); 187 188 extern int standard_shell (char *); 189 190 extern krb5_error_code get_params (int *, int, char **, char ***); 191 192 /* heuristic.c */ 193 extern krb5_error_code get_all_princ_from_file (FILE *, char ***); 194 195 extern krb5_error_code list_union (char **, char **, char ***); 196 197 extern krb5_error_code filter (FILE *, char *, char **, char ***); 198 199 extern krb5_error_code get_authorized_princ_names 200 (const char *, char *, char ***); 201 202 extern krb5_error_code get_closest_principal 203 (krb5_context, char **, krb5_principal *, krb5_boolean *); 204 205 extern krb5_error_code find_either_ticket 206 (krb5_context, krb5_ccache, krb5_principal, 207 krb5_principal, krb5_boolean *); 208 209 extern krb5_error_code find_ticket 210 (krb5_context, krb5_ccache, krb5_principal, 211 krb5_principal, krb5_boolean *); 212 213 214 extern krb5_error_code find_princ_in_list 215 (krb5_context, krb5_principal, char **, krb5_boolean *); 216 217 extern krb5_error_code get_best_princ_for_target 218 (krb5_context, uid_t, uid_t, char *, char *, krb5_ccache, 219 krb5_get_init_creds_opt *, char *, char *, krb5_principal *, int *); 220 221 extern krb5_error_code ksu_tgtname (krb5_context, const krb5_data *, 222 const krb5_data *, 223 krb5_principal *tgtprinc); 224 225 #ifndef min 226 #define min(a,b) ((a) > (b) ? (b) : (a)) 227 #endif /* min */ 228 229 230 extern char *krb5_lname_file; /* Note: print this out just be sure 231 that it gets set */ 232 233 extern void *xmalloc (size_t), 234 *xrealloc (void *, size_t), 235 *xcalloc (size_t, size_t); 236 extern char *xstrdup (const char *); 237 extern char *xasprintf (const char *format, ...); 238 239 #ifndef HAVE_UNSETENV 240 void unsetenv (char *); 241 #endif 242