diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2003-01-14 05:43:07 +0000 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2003-01-14 05:43:07 +0000 |
| commit | 7050b307e9e712471d987e0c5f8dd1cb2260511c (patch) | |
| tree | 5bf06d87cc804cb3255e12d0cb1b47064a2d1755 /modules/pammodutil/modutil_getlogin.c | |
| parent | 2b71955aec63541e4b071c12eae9fba76e7085fa (diff) | |
Relevant BUGIDs: 667584 664290
Purpose of commit: bugfix
Commit summary:
---------------
Two bug fixes in one: don't trust getlogin() and sanely lower the
time the password databases are locked in pam_unix.
Diffstat (limited to 'modules/pammodutil/modutil_getlogin.c')
| -rw-r--r-- | modules/pammodutil/modutil_getlogin.c | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/modules/pammodutil/modutil_getlogin.c b/modules/pammodutil/modutil_getlogin.c new file mode 100644 index 00000000..b624def1 --- /dev/null +++ b/modules/pammodutil/modutil_getlogin.c @@ -0,0 +1,71 @@ +/* + * $Id$ + * + * A central point for invoking getlogin(). Hopefully, this is a + * little harder to spoof than all the other versions that are out + * there. + */ + +#include <stdlib.h> +#include <unistd.h> +#include <utmp.h> + +#include "pammodutil.h" + +#define _PAMMODUTIL_GETLOGIN "_pammodutil_getlogin" + +const char *_pammodutil_getlogin(pam_handle_t *pamh) +{ + int status; + const char *logname, *curr_tty; + char *curr_user; + struct utmp *ut, line; + + status = pam_get_data(pamh, _PAMMODUTIL_GETLOGIN, + (const void **) &logname); + if (status == PAM_SUCCESS) { + return logname; + } + + status = pam_get_item(pamh, PAM_TTY, (const void **) &curr_tty); + if ((status != PAM_SUCCESS) || (curr_tty == NULL)) { + curr_tty = ttyname(0); + } + + if ((curr_tty == NULL) || memcmp(curr_tty, "/dev/", 5)) { + return NULL; + } + + curr_tty += 5; /* strlen("/dev/") */ + logname = NULL; + + setutent(); + strncpy(line.ut_line, curr_tty, sizeof(line.ut_line)); + + if ((ut = getutline(&line)) == NULL) { + goto clean_up_and_go_home; + } + + curr_user = calloc(sizeof(line.ut_user)+1, 1); + if (curr_user == NULL) { + goto clean_up_and_go_home; + } + + strncpy(curr_user, ut->ut_user, sizeof(ut->ut_user)); + curr_user[sizeof(line.ut_user)] = '\0'; + + status = pam_set_data(pamh, _PAMMODUTIL_GETLOGIN, logname, + _pammodutil_cleanup); + if (status != PAM_SUCCESS) { + free(curr_user); + goto clean_up_and_go_home; + } + + logname = curr_user; + +clean_up_and_go_home: + + endutent(); + + return logname; +} |