LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
20272 Commits
1 Branch
46 MiB
Tree: 245720750b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '245720750b'
${ noResults }
openwrt-packages-dist/libs/libpam/patches/020-fgetpwent_r.patch

110 lines
2.7 KiB
Raw Normal View History

libpam: update to 1.4.0 Remove upstreamed patch and add a new one to fix compilation. Add some more configure options. Signed-off-by: Rosen Penev <rosenp@gmail.com>
4 years ago
 
  1. --- a/modules/pam_faillock/pam_faillock.c

  2. +++ b/modules/pam_faillock/pam_faillock.c

  3. @@ -348,42 +348,81 @@ set_conf_opt(pam_handle_t *pamh, struct options *opts, const char *name, const c

  4.  static int
  5.  check_local_user (pam_handle_t *pamh, const char *user)
  6.  {
  7. -	struct passwd pw, *pwp;

  8. -	char buf[16384];

  9. -	int found = 0;

  10. +	int rc;

  11. +	size_t user_len;

  12.  	FILE *fp;
  13. -	int errn;

  14. +	char line[BUFSIZ];

  15.  
  16. -	fp = fopen(PATH_PASSWD, "r");

  17. -	if (fp == NULL) {

  18. -		pam_syslog(pamh, LOG_ERR, "unable to open %s: %m",

  19. -			   PATH_PASSWD);

  20. -		return -1;

  21. +	/* Validate the user name.  */

  22. +	if ((user_len = strlen(user)) == 0) {

  23. +		pam_syslog(pamh, LOG_NOTICE, "user name is not valid");

  24. +		return PAM_SERVICE_ERR;

  25. +	}

  26. +

  27. +	if (user_len > sizeof(line) - sizeof(":")) {

  28. +		pam_syslog(pamh, LOG_NOTICE, "user name is too long");

  29. +		return PAM_SERVICE_ERR;

  30. +	}

  31. +

  32. +	if (strchr(user, ':') != NULL) {

  33. +		/*

  34. +		 * "root:x" is not a local user name even if the passwd file

  35. +		 * contains a line starting with "root:x:".

  36. +		 */

  37. +		return PAM_PERM_DENIED;

  38.  	}
  39.  
  40. -	for (;;) {

  41. -		errn = fgetpwent_r(fp, &pw, buf, sizeof (buf), &pwp);

  42. -		if (errn == ERANGE) {

  43. -			pam_syslog(pamh, LOG_WARNING, "%s contains very long lines; corrupted?",

  44. -				   PATH_PASSWD);

  45. +	/* Open the passwd file.  */

  46. +	FILE *file_name = "/etc/passwd";

  47. +	if ((fp = fopen(file_name, "r")) == NULL) {

  48. +		pam_syslog(pamh, LOG_ERR, "error opening %s: %m", file_name);

  49. +		return PAM_SERVICE_ERR;

  50. +	}

  51. +

  52. +	/*

  53. +	 * Scan the file using fgets() instead of fgetpwent_r() because

  54. +	 * the latter is not flexible enough in handling long lines

  55. +	 * in passwd files.

  56. +	 */

  57. +	rc = PAM_PERM_DENIED;

  58. +	while (fgets(line, sizeof(line), fp) != NULL) {

  59. +		size_t line_len;

  60. +		const char *str;

  61. +

  62. +		/*

  63. +		 * Does this line start with the user name

  64. +		 * followed by a colon?

  65. +		 */

  66. +		if (strncmp(user, line, user_len) == 0 &&

  67. +		    line[user_len] == ':') {

  68. +			rc = PAM_SUCCESS;

  69.  			break;
  70.  		}
  71. -		if (errn != 0)

  72. -			break;

  73. -		if (strcmp(pwp->pw_name, user) == 0) {

  74. -			found = 1;

  75. +		/* Has a newline been read?  */

  76. +		line_len = strlen(line);

  77. +		if (line_len < sizeof(line) - 1 ||

  78. +		    line[line_len - 1] == '\n') {

  79. +			/* Yes, continue with the next line.  */

  80. +			continue;

  81. +		}

  82. +

  83. +		/* No, read till the end of this line first.  */

  84. +		while ((str = fgets(line, sizeof(line), fp)) != NULL) {

  85. +			line_len = strlen(line);

  86. +			if (line_len == 0 ||

  87. +			    line[line_len - 1] == '\n') {

  88. +				break;

  89. +			}

  90. +		}

  91. +		if (str == NULL) {

  92. +			/* fgets returned NULL, we are done.  */

  93.  			break;
  94.  		}
  95. +		/* Continue with the next line.  */

  96.  	}
  97.  
  98. -	fclose (fp);

  99. -

  100. -	if (errn != 0 && errn != ENOENT) {

  101. -		pam_syslog(pamh, LOG_ERR, "unable to enumerate local accounts: %m");

  102. -		return -1;

  103. -	} else {

  104. -		return found;

  105. -	}

  106. +	fclose(fp);

  107. +	return rc;

  108.  }
  109.  
  110.  static int