d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

DES pointed out that the PAM layer may change the target user name

Browse Source 
during authentication.  Thus we need to call getpwnam *after* the user
has been authenticated.  Colin mentioned that we should also move the
check for root in that case.
This commit is contained in:
Jacques Vidrine 2005-04-05 14:55:33 +00:00
parent bbccd83251
commit 5251901c93
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=144668
1 changed files with 32 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
libexec/rexecd/rexecd.c
View File

@ -86,6 +86,8 @@ char default_shell[] = _PATH_BSHELL;
static void doit(struct sockaddr *);
static void getstr(char *, int, const char *);
static void error(const char *fmt, ...);
static struct passwd *xgetpwnam(const char *, struct passwd *, char **,
size_t *);
int no_uid_0 = 1;
@ -192,25 +194,16 @@ doit(struct sockaddr *fromp)
getstr(cmdbuf, maxcmdlen, "command");
(void) alarm(0);
pwdbuflen = BUFSIZ;
pwdbuflen = 0;
pwdbuf = NULL;
pwd = NULL;
r = ERANGE;
while (pwd == NULL && r == ERANGE) {
pwdbuflen <<= 1;
if ((pwdbuf = reallocf(pwdbuf, pwdbuflen)) == NULL) {
syslog(LOG_ERR, "Cannot allocate memory");
error("Cannot allocate memory.\n");
exit(1);
}
r = getpwnam_r(user, &pwd_storage, pwdbuf, pwdbuflen, &pwd);
}
if (pwd == NULL || (pwd->pw_uid == 0 && no_uid_0) ||
!pam_ok(pam_start("rexecd", user, &pamc, &pamh)) ||
if (!pam_ok(pam_start("rexecd", user, &pamc, &pamh)) ||
!pam_ok(pam_set_item(pamh, PAM_RHOST, remote)) ||
!pam_ok(pam_set_item(pamh, PAM_AUTHTOK, pass)) ||
!pam_ok(pam_authenticate(pamh, pam_flags)) ||
!pam_ok(pam_acct_mgmt(pamh, pam_flags))) {
!pam_ok(pam_acct_mgmt(pamh, pam_flags)) ||
!pam_ok(pam_get_item(pamh, PAM_USER, (const void **)&user)) ||
(pwd = xgetpwnam(user, &pwd_storage, &pwdbuf,
&pwdbuflen)) == NULL || (pwd->pw_uid == 0 && no_uid_0)) {
syslog(LOG_ERR, "%s LOGIN REFUSED from %s", user, remote);
error("Login incorrect.\n");
exit(1);
@ -335,3 +328,27 @@ getstr(char *buf, int cnt, const char *field)
}
} while (c != 0);
}
static struct passwd *
xgetpwnam(const char *user, struct passwd *pwd_storage, char **pwdbuf,
size_t *pwdbuflen)
{
struct passwd *pwd;
size_t needed;
int rv;
needed = (*pwdbuflen == 0) ? BUFSIZ : *pwdbuflen;
pwd = NULL;
do {
if (needed != *pwdbuflen) {
if ((*pwdbuf = reallocf(*pwdbuf, needed)) == NULL) {
syslog(LOG_ERR, "Cannot allocate memory");
error("Cannot allocate memory.\n");
exit(1);
} else
*pwdbuflen = needed;
}
rv = getpwnam_r(user, pwd_storage, *pwdbuf, *pwdbuflen, &pwd);
} while (pwd == NULL && rv == ERANGE && (needed <<= 1));
return pwd;
}