From 1d2276c873e56ff9139ba60b427420f7fabd9f8a Mon Sep 17 00:00:00 2001 From: Ed Schouten Date: Thu, 19 Apr 2012 21:12:08 +0000 Subject: [PATCH] Do a better job at determining the username of the login session. When multiple users share the same UID, the old code will simply pick an arbitrary username to attach to the utmpx entries. Make the code a bit more accurate by first checking whether getlogin() returns a username which corresponds to the uid of the calling process. If this fails, simply fall back to picking an arbitrary username. Reported by: saurik on GitHub MFC after: 2 weeks --- libexec/ulog-helper/ulog-helper.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/libexec/ulog-helper/ulog-helper.c b/libexec/ulog-helper/ulog-helper.c index 31b40e9e4a2f..99cd5d2f1fa0 100644 --- a/libexec/ulog-helper/ulog-helper.c +++ b/libexec/ulog-helper/ulog-helper.c @@ -46,6 +46,28 @@ __FBSDID("$FreeBSD$"); * username. It does allow users to log arbitrary hostnames. */ +static const char * +get_username(void) +{ + const struct passwd *pw; + const char *login; + uid_t uid; + + /* + * Attempt to determine the username corresponding to this login + * session. First, validate the results of getlogin() against + * the password database. If getlogin() returns invalid data, + * return an arbitrary username corresponding to this uid. + */ + uid = getuid(); + if ((login = getlogin()) != NULL && (pw = getpwnam(login)) != NULL && + pw->pw_uid == uid) + return (login); + if ((pw = getpwuid(uid)) != NULL) + return (pw->pw_name); + return (NULL); +} + int main(int argc, char *argv[]) { @@ -57,7 +79,7 @@ main(int argc, char *argv[]) if ((argc == 2 || argc == 3) && strcmp(argv[1], "login") == 0) { /* Username. */ - user = user_from_uid(getuid(), 1); + user = get_username(); if (user == NULL) return (EX_OSERR);