1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
| | #include <fcntl.h>
#include <unistd.h>
#include <sys/stat.h>
#include <ctype.h>
#include <pthread.h>
#include "pwf.h"
/* This implementation support Openwall-style TCB passwords in place of
* traditional shadow, if the appropriate directories and files exist.
* Thus, it is careful to avoid following symlinks or blocking on fifos
* which a malicious user might create in place of his or her TCB shadow
* file. It also avoids any allocation to prevent memory-exhaustion
* attacks via huge TCB shadow files. */
static void cleanup(void *p)
{
fclose(p);
}
int getspnam_r(const char *name, struct spwd *sp, char *buf, size_t size, struct spwd **res)
{
char path[20+NAME_MAX];
FILE *f = 0;
int rv = 0;
int fd;
size_t k, l = strlen(name);
int skip = 0;
int cs;
*res = 0;
/* Disallow potentially-malicious user names */
if (*name=='.' || strchr(name, '/') || !l)
return EINVAL;
/* Buffer size must at least be able to hold name, plus some.. */
if (size < l+100) return ERANGE;
/* Protect against truncation */
if (snprintf(path, sizeof path, "/etc/tcb/%s/shadow", name) >= sizeof path)
return EINVAL;
fd = open(path, O_RDONLY|O_NOFOLLOW|O_NONBLOCK|O_CLOEXEC);
if (fd >= 0) {
struct stat st = { 0 };
errno = EINVAL;
if (fstat(fd, &st) || !S_ISREG(st.st_mode) || !(f = fdopen(fd, "rb"))) {
pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs);
close(fd);
pthread_setcancelstate(cs, 0);
return errno;
}
} else {
f = fopen("/etc/shadow", "rbe");
if (!f) return errno;
}
pthread_cleanup_push(cleanup, f);
while (fgets(buf, size, f) && (k=strlen(buf))>0) {
if (skip || strncmp(name, buf, l)) {
skip = buf[k-1] != '\n';
continue;
}
if (buf[k-1] != '\n') {
rv = ERANGE;
break;
}
if (__parsespent(buf, sp) < 0) continue;
*res = sp;
break;
}
pthread_cleanup_pop(1);
return rv;
}
|