Add a new group, "tokenadm" and make login_token setgid tokenadm instead

of setuid root.  deraadt@ OK

3 files changed, 28 insertions, 10 deletions

diff --git a/libexec/login_token/Makefile b/libexec/login_token/Makefile
index 713bbbc6a27..6e372bb4700 100644
--- a/libexec/login_token/Makefile
+++ b/libexec/login_token/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.2 2002/03/11 11:47:51 mpech Exp $
+#	$OpenBSD: Makefile,v 1.3 2002/11/21 22:00:49 millert Exp $
 
 PROG=	login_token
 SRCS=	login_token.c init.c token.c tokendb.c
@@ -20,8 +20,8 @@ afterinstall:
 	done
 
 BINOWN=	root
-BINGRP=	auth
-BINMODE=4555
+BINGRP=	tokenadm
+BINMODE=2555
 BINDIR=	/usr/libexec/auth
 
 .include <bsd.prog.mk>
diff --git a/libexec/login_token/tokendb.c b/libexec/login_token/tokendb.c
index 75f0f46c06f..3d6e4cd5b64 100644
--- a/libexec/login_token/tokendb.c
+++ b/libexec/login_token/tokendb.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tokendb.c,v 1.4 2002/06/23 03:11:09 deraadt Exp $	*/
+/*	$OpenBSD: tokendb.c,v 1.5 2002/11/21 22:00:49 millert Exp $	*/
 
 /*-
  * Copyright (c) 1995 Migration Associates Corp. All Rights Reserved
@@ -44,6 +44,7 @@
 #include <db.h>
 #include <errno.h>
 #include <fcntl.h>
+#include <grp.h>
 #include <limits.h>
 #include <stdio.h>
 #include <syslog.h>
@@ -164,14 +165,26 @@ static	int
 tokendb_open(void)
 {
 	int	must_set_perms = 0;
+	int	must_set_mode = 0;
+	struct	group	*grp;
 	struct	stat	statb;
 
+	if ((grp = getgrnam(TOKEN_GROUP)) == NULL) {
+		printf("Missing %s group, authentication disabled\n",
+		    TOKEN_GROUP);
+		fflush(stdout);
+		syslog(LOG_ALERT,
+		    "the %s group is missing, token authentication disabled",
+		    TOKEN_GROUP);
+		return (-1);
+	}
+
 	if (stat(tt->db, &statb) < 0) {
 		if (errno != ENOENT)
 			return (-1);
 		must_set_perms++;
 	} else {
-		if (statb.st_uid != 0 || statb.st_gid != 0) {
+		if (statb.st_uid != 0 || statb.st_gid != grp->gr_gid) {
 #ifdef PARANOID
 			printf("Authentication disabled\n");
 			fflush(stdout);
@@ -183,7 +196,7 @@ tokendb_open(void)
 			must_set_perms++;
 #endif
 		}
-		if ((statb.st_mode & 0777) != 0600) {
+		if ((statb.st_mode & 0777) != 0620) {
 #ifdef PARANOID
 			printf("Authentication disabled\n");
 			fflush(stdout);
@@ -192,21 +205,24 @@ tokendb_open(void)
 			    tt->db, statb.st_mode);
 			return (-1);
 #else
-			must_set_perms++;
+			must_set_mode++;
 #endif
 		}
 	}
 	if (!(tokendb =
-	    dbopen(tt->db, O_CREAT | O_RDWR, 0600, DB_BTREE, 0)) )
+	    dbopen(tt->db, O_CREAT | O_RDWR, 0620, DB_BTREE, 0)) )
 		return (-1);
 
 	if (flock((tokendb->fd)(tokendb), LOCK_SH)) {
 		(tokendb->close)(tokendb);
 		return (-1);
 	}
-	if (must_set_perms && chown(tt->db, 0, 0))
+	if (must_set_perms && fchown((tokendb->fd)(tokendb), 0, grp->gr_gid))
 		syslog(LOG_INFO,
 		    "Can't set owner/group of %s errno=%m", tt->db);
+	if (must_set_mode && fchmod((tokendb->fd)(tokendb), 0620))
+		syslog(LOG_INFO,
+		    "Can't set mode of %s errno=%m", tt->db);
 
 	return (0);
 }
diff --git a/libexec/login_token/tokendb.h b/libexec/login_token/tokendb.h
index 9479ff6de7b..d5bb6efb119 100644
--- a/libexec/login_token/tokendb.h
+++ b/libexec/login_token/tokendb.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tokendb.h,v 1.2 2000/12/20 01:52:12 millert Exp $	*/
+/*	$OpenBSD: tokendb.h,v 1.3 2002/11/21 22:00:50 millert Exp $	*/
 
 /*-
  * Copyright (c) 1995 Migration Associates Corp. All Rights Reserved
@@ -65,6 +65,8 @@ typedef	struct	{
 #define	TOKEN_PHONEMODE	0x4		/* allow phone book results */
 #define	TOKEN_RIM	0x8		/* reduced imput mode */
 
+#define	TOKEN_GROUP	"tokenadm"	/* group that owns token database */
+
 /*
  * Function prototypes for routines which manipulate the 
  * database for the token.  These routines have no knowledge