diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2001-02-11 06:33:53 +0000 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2001-02-11 06:33:53 +0000 |
| commit | 4e4d6bb78e3bd6430838d854832c58f104d5f559 (patch) | |
| tree | 9f3223c9b38717da4db165ad13720367c76b6fbf /modules/pam_unix/unix_chkpwd.c | |
| parent | 25188cef4bd88edeb68c1bd3c7b54c38e18ad151 (diff) | |
Relevant BUGIDs: 112540
Purpose of commit: minor security bugfix
Commit summary:
---------------
Fixes for the password helper binaries.
Before, there was no check that the password entered was actually that
of the intended user being authenticated. Instead, the password was
checked for the requesting user. While this disstinction sounds like a
security hole, its actually not been a problem in practice. The helper
binaries have only been used in the case that the application is not
setuid-0 and as such even if an improper authentication succeeded, the
application could not change its uid from that of the requesting user.
Diffstat (limited to 'modules/pam_unix/unix_chkpwd.c')
| -rw-r--r-- | modules/pam_unix/unix_chkpwd.c | 34 |
1 files changed, 14 insertions, 20 deletions
diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c index 6e7d3b28..5b9ed43e 100644 --- a/modules/pam_unix/unix_chkpwd.c +++ b/modules/pam_unix/unix_chkpwd.c @@ -165,22 +165,6 @@ static int _unix_verify_password(const char *name, const char *p, int opt) static char *getuidname(uid_t uid) { struct passwd *pw; -#if 0 - char *envname; - - envname = getenv("LOGNAME"); - if (envname == NULL) - return NULL; - - pw = getpwuid(uid); - if (pw == NULL) - return NULL; - - if (strcmp(envname, pw->pw_name)) - return NULL; - - return envname; -#else static char username[32]; pw = getpwuid(uid); @@ -192,7 +176,6 @@ static char *getuidname(uid_t uid) username[31] = '\0'; return username; -#endif } int main(int argc, char *argv[]) @@ -200,6 +183,7 @@ int main(int argc, char *argv[]) char pass[MAXPASS + 1]; char option[8]; int npass, opt; + int force_failure = 0; int retval = UNIX_FAILED; char *user; @@ -228,12 +212,18 @@ int main(int argc, char *argv[]) sleep(10); /* this should discourage/annoy the user */ return UNIX_FAILED; } + /* * determine the current user's name is - * 1. supplied as a environment variable as LOGNAME - * 2. the uid has to match the one associated with the LOGNAME. */ user = getuidname(getuid()); + if (argc == 2) { + /* if the caller specifies the username, verify that user + matches it */ + if (strcmp(user, argv[1])) { + force_failure = 1; + } + } /* read the nollok/nonull option */ @@ -281,7 +271,11 @@ int main(int argc, char *argv[]) /* return pass or fail */ - return retval; + if ((retval != UNIX_PASSED) || force_failure) { + return UNIX_FAILED; + } else { + return UNIX_PASSED; + } } /* |