Lines 542-547
pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
Link Here
|
542 |
if (reinit) { |
542 |
if (reinit) { |
543 |
const char *name, *k5name; |
543 |
const char *name, *k5name; |
544 |
|
544 |
|
|
|
545 |
/* |
546 |
* Solaris su calls pam_setcred as root with PAM_REINITIALIZE_CREDS, |
547 |
* preserving the user-supplied environment. An xlock program may |
548 |
* also do this if it's setuid root and doesn't drop credentials |
549 |
* before calling pam_setcred. |
550 |
* |
551 |
* There isn't any safe way of reinitializing the exiting ticket cache |
552 |
* for the user if we're setuid without calling setreuid(). Calling |
553 |
* setreuid() is possible, but if the calling application is threaded, |
554 |
* it will change credentials for the whole application, with possibly |
555 |
* bizarre and unintended (and insecure) results. Trying to verify |
556 |
* ownership of the existing ticket cache before using it fails under |
557 |
* various race conditions (for example, having one of the elements of |
558 |
* the path be a symlink and changing the target of that symlink |
559 |
* between our check and the call to krb5_cc_resolve. Without calling |
560 |
* setreuid(), we run the risk of replacing a file owned by another |
561 |
* user with a credential cache. |
562 |
* |
563 |
* We could fail with an error in the setuid case, which would be |
564 |
* maximally safe, but it would prevent use of the module for |
565 |
* authentication with programs such as Solaris su. Failure to |
566 |
* reinitialize the cache is normally not a serious problem, just a |
567 |
* missing feature. We therefore log an error and exit with |
568 |
* PAM_SUCCESS for the setuid case. |
569 |
*/ |
570 |
if (getuid() != geteuid() || getgid() != getegid()) { |
571 |
pamk5_error(args, "credential reinitialization in a setuid" |
572 |
" context ignored"); |
573 |
pamret = PAM_SUCCESS; |
574 |
goto done; |
575 |
} |
545 |
name = get_krb5ccname(args, "KRB5CCNAME"); |
576 |
name = get_krb5ccname(args, "KRB5CCNAME"); |
546 |
if (name == NULL) |
577 |
if (name == NULL) |
547 |
name = krb5_cc_default_name(ctx->context); |
578 |
name = krb5_cc_default_name(ctx->context); |