1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
#include "pam_modutil_private.h"
#include <security/pam_ext.h>
#include <stdio.h>
#include <string.h>
#include <syslog.h>
int
pam_modutil_check_user_in_passwd(pam_handle_t *pamh,
const char *user_name,
const char *file_name)
{
int rc;
size_t user_len;
FILE *fp;
char line[BUFSIZ];
/* Validate the user name. */
if ((user_len = strlen(user_name)) == 0) {
pam_syslog(pamh, LOG_NOTICE, "user name is not valid");
return PAM_SERVICE_ERR;
}
if (user_len > sizeof(line) - sizeof(":")) {
pam_syslog(pamh, LOG_NOTICE, "user name is too long");
return PAM_SERVICE_ERR;
}
if (strchr(user_name, ':') != NULL) {
/*
* "root:x" is not a local user name even if the passwd file
* contains a line starting with "root:x:".
*/
return PAM_PERM_DENIED;
}
/* Open the passwd file. */
if (file_name == NULL) {
file_name = "/etc/passwd";
}
if ((fp = fopen(file_name, "r")) == NULL) {
pam_syslog(pamh, LOG_ERR, "error opening %s: %m", file_name);
return PAM_SERVICE_ERR;
}
/*
* Scan the file using fgets() instead of fgetpwent_r() because
* the latter is not flexible enough in handling long lines
* in passwd files.
*/
rc = PAM_PERM_DENIED;
while (fgets(line, sizeof(line), fp) != NULL) {
size_t line_len;
const char *str;
/*
* Does this line start with the user name
* followed by a colon?
*/
if (strncmp(user_name, line, user_len) == 0 &&
line[user_len] == ':') {
rc = PAM_SUCCESS;
/*
* Continue reading the file to avoid timing attacks.
*/
}
/* Has a newline been read? */
line_len = strlen(line);
if (line_len < sizeof(line) - 1 ||
line[line_len - 1] == '\n') {
/* Yes, continue with the next line. */
continue;
}
/* No, read till the end of this line first. */
while ((str = fgets(line, sizeof(line), fp)) != NULL) {
line_len = strlen(line);
if (line_len == 0 ||
line[line_len - 1] == '\n') {
break;
}
}
if (str == NULL) {
/* fgets returned NULL, we are done. */
break;
}
/* Continue with the next line. */
}
fclose(fp);
return rc;
}
|
