+2010-08-12 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * modules/pam_mail/pam_mail.c: Check for mail only with user
+ privilegs.
+
+ * modules/pam_xauth/pam_xauth.c (run_coprocess): Check return
+ value of setgid, setgroups and setuid.
+
+ * modules/pam_xauth/pam_xauth.c (check_acl): Save errno for
+ later usage.
+
+ * modules/pam_env/pam_env.c (handle_env): Check if user exists,
+ read local user config only with user privilegs.`
+
2010-08-09 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_tally/pam_tally.8.xml: Document that pam_tally is
#include <string.h>
#include <syslog.h>
#include <sys/stat.h>
+#include <sys/fsuid.h>
#include <sys/types.h>
#include <unistd.h>
if(user_readenv && retval == PAM_SUCCESS) {
char *envpath = NULL;
- struct passwd *user_entry;
+ struct passwd *user_entry = NULL;
const char *username;
struct stat statbuf;
username = _pam_get_item_byname(pamh, "PAM_USER");
- user_entry = pam_modutil_getpwnam (pamh, username);
+ if (username)
+ user_entry = pam_modutil_getpwnam (pamh, username);
if (!user_entry) {
pam_syslog(pamh, LOG_ERR, "No such user!?");
}
return PAM_BUF_ERR;
}
if (stat(envpath, &statbuf) == 0) {
+ uid_t euid = geteuid();
+ setfsuid (user_entry->pw_uid);
retval = _parse_config_file(pamh, envpath);
+ setfsuid (euid);
if (retval == PAM_IGNORE)
retval = PAM_SUCCESS;
}
#include <syslog.h>
#include <sys/stat.h>
#include <sys/types.h>
+#include <sys/fsuid.h>
#include <unistd.h>
#include <dirent.h>
#include <errno.h>
static int
get_folder(pam_handle_t *pamh, int ctrl,
- const char *path_mail, char **folder_p, size_t hashcount)
+ const char *path_mail, char **folder_p, size_t hashcount,
+ const struct passwd *pwd)
{
int retval;
- const char *user, *path;
+ const char *path;
char *folder = NULL;
- const struct passwd *pwd = NULL;
-
- retval = pam_get_user(pamh, &user, NULL);
- if (retval != PAM_SUCCESS || user == NULL) {
- pam_syslog(pamh, LOG_ERR, "cannot determine username");
- retval = PAM_USER_UNKNOWN;
- goto get_folder_cleanup;
- }
if (ctrl & PAM_NEW_MAIL_DIR) {
path = path_mail;
if (*path == '~') { /* support for $HOME delivery */
- pwd = pam_modutil_getpwnam(pamh, user);
- if (pwd == NULL) {
- pam_syslog(pamh, LOG_ERR, "user unknown");
- retval = PAM_USER_UNKNOWN;
- goto get_folder_cleanup;
- }
/*
* "~/xxx" and "~xxx" are treated as same
*/
/* put folder together */
- hashcount = hashcount < strlen(user) ? hashcount : strlen(user);
+ hashcount = hashcount < strlen(pwd->pw_name) ?
+ hashcount : strlen(pwd->pw_name);
retval = PAM_BUF_ERR;
if (ctrl & PAM_HOME_MAIL) {
- if (pwd == NULL) {
- pwd = pam_modutil_getpwnam(pamh, user);
- if (pwd == NULL) {
- pam_syslog(pamh, LOG_ERR, "user unknown");
- retval = PAM_USER_UNKNOWN;
- goto get_folder_cleanup;
- }
- }
if (asprintf(&folder, MAIL_FILE_FORMAT, pwd->pw_dir, "", path) < 0)
goto get_folder_cleanup;
} else {
for (i = 0; i < hashcount; i++) {
hash[2 * i] = '/';
- hash[2 * i + 1] = user[i];
+ hash[2 * i + 1] = pwd->pw_name[i];
}
hash[2 * i] = '\0';
- rc = asprintf(&folder, MAIL_FILE_FORMAT, path, hash, user);
+ rc = asprintf(&folder, MAIL_FILE_FORMAT, path, hash, pwd->pw_name);
_pam_overwrite(hash);
_pam_drop(hash);
if (rc < 0)
/* tidy up */
get_folder_cleanup:
- user = NULL;
path = NULL;
*folder_p = folder;
int retval, ctrl, type;
size_t hashcount;
char *folder = NULL;
+ const char *user;
const char *path_mail = NULL;
+ const struct passwd *pwd = NULL;
/*
* this module (un)sets the MAIL environment variable, and checks if
ctrl = _pam_parse(pamh, flags, argc, argv, &path_mail, &hashcount);
+ retval = pam_get_user(pamh, &user, NULL);
+ if (retval != PAM_SUCCESS || user == NULL) {
+ pam_syslog(pamh, LOG_ERR, "cannot determine username");
+ return PAM_USER_UNKNOWN;
+ }
+
+ pwd = pam_modutil_getpwnam (pamh, user);
+ if (pwd == NULL) {
+ pam_syslog(pamh, LOG_ERR, "user unknown");
+ return PAM_USER_UNKNOWN;
+ }
+
/* which folder? */
- retval = get_folder(pamh, ctrl, path_mail, &folder, hashcount);
+ retval = get_folder(pamh, ctrl, path_mail, &folder, hashcount, pwd);
if (retval != PAM_SUCCESS) {
D(("failed to find folder"));
return retval;
if ((est && !(ctrl & PAM_NO_LOGIN))
|| (!est && (ctrl & PAM_LOGOUT_TOO))) {
+ uid_t euid = geteuid();
+
+ setfsuid (pwd->pw_uid);
type = get_mail_status(pamh, ctrl, folder);
+ setfsuid (euid);
+
if (type != 0) {
retval = report_mail(pamh, ctrl, type, folder);
type = 0;
/* Run a given command (with a NULL-terminated argument list), feeding it the
* given input on stdin, and storing any output it generates. */
static int
-run_coprocess(const char *input, char **output,
+run_coprocess(pam_handle_t *pamh, const char *input, char **output,
uid_t uid, gid_t gid, const char *command, ...)
{
int ipipe[2], opipe[2], i;
const char *tmp;
int maxopened;
/* Drop privileges. */
- setgid(gid);
- setgroups(0, NULL);
- setuid(uid);
+ if (setgid(gid) == -1)
+ {
+ int err = errno;
+ pam_syslog (pamh, LOG_ERR, "setgid(%lu) failed: %m",
+ (unsigned long) getegid ());
+ _exit (err);
+ }
+ if (setgroups(0, NULL) == -1)
+ {
+ int err = errno;
+ pam_syslog (pamh, LOG_ERR, "setgroups() failed: %m");
+ _exit (err);
+ }
+ if (setuid(uid) == -1)
+ {
+ int err = errno;
+ pam_syslog (pamh, LOG_ERR, "setuid(%lu) failed: %m",
+ (unsigned long) geteuid ());
+ _exit (err);
+ }
/* Initialize the argument list. */
memset(args, 0, sizeof(args));
/* Set the pipe descriptors up as stdin and stdout, and close
char path[PATH_MAX];
struct passwd *pwd;
FILE *fp;
- int i;
+ int i, save_errno;
uid_t euid;
/* Check this user's <sense> file. */
pwd = pam_modutil_getpwnam(pamh, this_user);
euid = geteuid();
setfsuid(pwd->pw_uid);
fp = fopen(path, "r");
+ save_errno = errno;
setfsuid(euid);
if (fp != NULL) {
char buf[LINE_MAX], *tmp;
return PAM_PERM_DENIED;
} else {
/* Default to okay if the file doesn't exist. */
+ errno = save_errno;
switch (errno) {
case ENOENT:
if (noent_code == PAM_SUCCESS) {
xauth, "-f", cookiefile, "nlist", display,
(unsigned long) getuid(), (unsigned long) getgid());
}
- if (run_coprocess(NULL, &cookie,
+ if (run_coprocess(pamh, NULL, &cookie,
getuid(), getgid(),
xauth, "-f", cookiefile, "nlist", display,
NULL) == 0) {
(unsigned long) getuid(),
(unsigned long) getgid());
}
- run_coprocess(NULL, &cookie,
+ run_coprocess(pamh, NULL, &cookie,
getuid(), getgid(),
xauth, "-f", cookiefile,
"nlist", t, NULL);
(unsigned long) tpwd->pw_uid,
(unsigned long) tpwd->pw_gid);
}
- run_coprocess(cookie, &tmp,
+ run_coprocess(pamh, cookie, &tmp,
tpwd->pw_uid, tpwd->pw_gid,
xauth, "-f", cookiefile, "nmerge", "-", NULL);