DES pointed out that the PAM layer may change the target user name
during authentication. Thus we need to call getpwnam *after* the user has been authenticated. Colin mentioned that we should also move the check for root in that case.
This commit is contained in:
parent
bbccd83251
commit
5251901c93
@ -86,6 +86,8 @@ char default_shell[] = _PATH_BSHELL;
|
||||
static void doit(struct sockaddr *);
|
||||
static void getstr(char *, int, const char *);
|
||||
static void error(const char *fmt, ...);
|
||||
static struct passwd *xgetpwnam(const char *, struct passwd *, char **,
|
||||
size_t *);
|
||||
|
||||
int no_uid_0 = 1;
|
||||
|
||||
@ -192,25 +194,16 @@ doit(struct sockaddr *fromp)
|
||||
getstr(cmdbuf, maxcmdlen, "command");
|
||||
(void) alarm(0);
|
||||
|
||||
pwdbuflen = BUFSIZ;
|
||||
pwdbuflen = 0;
|
||||
pwdbuf = NULL;
|
||||
pwd = NULL;
|
||||
r = ERANGE;
|
||||
while (pwd == NULL && r == ERANGE) {
|
||||
pwdbuflen <<= 1;
|
||||
if ((pwdbuf = reallocf(pwdbuf, pwdbuflen)) == NULL) {
|
||||
syslog(LOG_ERR, "Cannot allocate memory");
|
||||
error("Cannot allocate memory.\n");
|
||||
exit(1);
|
||||
}
|
||||
r = getpwnam_r(user, &pwd_storage, pwdbuf, pwdbuflen, &pwd);
|
||||
}
|
||||
if (pwd == NULL || (pwd->pw_uid == 0 && no_uid_0) ||
|
||||
!pam_ok(pam_start("rexecd", user, &pamc, &pamh)) ||
|
||||
if (!pam_ok(pam_start("rexecd", user, &pamc, &pamh)) ||
|
||||
!pam_ok(pam_set_item(pamh, PAM_RHOST, remote)) ||
|
||||
!pam_ok(pam_set_item(pamh, PAM_AUTHTOK, pass)) ||
|
||||
!pam_ok(pam_authenticate(pamh, pam_flags)) ||
|
||||
!pam_ok(pam_acct_mgmt(pamh, pam_flags))) {
|
||||
!pam_ok(pam_acct_mgmt(pamh, pam_flags)) ||
|
||||
!pam_ok(pam_get_item(pamh, PAM_USER, (const void **)&user)) ||
|
||||
(pwd = xgetpwnam(user, &pwd_storage, &pwdbuf,
|
||||
&pwdbuflen)) == NULL || (pwd->pw_uid == 0 && no_uid_0)) {
|
||||
syslog(LOG_ERR, "%s LOGIN REFUSED from %s", user, remote);
|
||||
error("Login incorrect.\n");
|
||||
exit(1);
|
||||
@ -335,3 +328,27 @@ getstr(char *buf, int cnt, const char *field)
|
||||
}
|
||||
} while (c != 0);
|
||||
}
|
||||
|
||||
static struct passwd *
|
||||
xgetpwnam(const char *user, struct passwd *pwd_storage, char **pwdbuf,
|
||||
size_t *pwdbuflen)
|
||||
{
|
||||
struct passwd *pwd;
|
||||
size_t needed;
|
||||
int rv;
|
||||
|
||||
needed = (*pwdbuflen == 0) ? BUFSIZ : *pwdbuflen;
|
||||
pwd = NULL;
|
||||
do {
|
||||
if (needed != *pwdbuflen) {
|
||||
if ((*pwdbuf = reallocf(*pwdbuf, needed)) == NULL) {
|
||||
syslog(LOG_ERR, "Cannot allocate memory");
|
||||
error("Cannot allocate memory.\n");
|
||||
exit(1);
|
||||
} else
|
||||
*pwdbuflen = needed;
|
||||
}
|
||||
rv = getpwnam_r(user, pwd_storage, *pwdbuf, *pwdbuflen, &pwd);
|
||||
} while (pwd == NULL && rv == ERANGE && (needed <<= 1));
|
||||
return pwd;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user