Reject user with names that are longer than OPIE is willing to deal with;

otherwise OPIE will happily truncate it. Spotted by: ghelmer MFC after: 2 weeks
svn path=/head/; revision=162320
2006-09-15 13:42:38 +00:00 · 2006-09-15 13:42:38 +00:00 · f63ebe36f6 · 2020-12-20 02:59:44 +00:00
commit f63ebe36f6
parent 8a70619712
1 changed files with 13 additions and 4 deletions
--- a/lib/libpam/modules/pam_opie/pam_opie.c
+++ b/lib/libpam/modules/pam_opie/pam_opie.c
@ -63,7 +63,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 	int retval, i;
 	const char *(promptstr[]) = { "%s\nPassword: ", "%s\nPassword [echo on]: "};
 	char challenge[OPIE_CHALLENGE_MAX];
-	char *user;
+	char principal[OPIE_PRINCIPAL_MAX];
+	const char *user;
 	char *response;
 	int style;

@ -74,13 +75,22 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 		user = pwd->pw_name;
 	}
 	else {
-		retval = pam_get_user(pamh, (const char **)&user, NULL);
+		retval = pam_get_user(pamh, &user, NULL);
 		if (retval != PAM_SUCCESS)
 			return (retval);
 	}

 	PAM_LOG("Got user: %s", user);

+	/*
+	 * Watch out: libopie feels entitled to truncate the user name
+	 * passed to it if it's longer than OPIE_PRINCIPAL_MAX, which is
+	 * not uncommon in Windows environments.
+	 */
+	if (strlen(user) >= sizeof(principal))
+		return (PAM_AUTH_ERR);
+	strlcpy(principal, user, sizeof(principal));
+
 	/*
 	 * Don't call the OPIE atexit() handler when our program exits,
 	 * since the module has been unloaded and we will SEGV.
@ -92,8 +102,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 	 * doesn't have an OPIE key, just fail rather than present the
 	 * user with a bogus OPIE challenge.
 	 */
-	/* XXX generates a const warning because of incorrect prototype */
-	if (opiechallenge(&opie, (char *)user, challenge) != 0 &&
+	if (opiechallenge(&opie, principal, challenge) != 0 &&
 	    openpam_get_option(pamh, PAM_OPT_NO_FAKE_PROMPTS))
 		return (PAM_AUTH_ERR);