1 | #include <fcntl.h>
|
---|
2 | #include <unistd.h>
|
---|
3 | #include <sys/stat.h>
|
---|
4 | #include <ctype.h>
|
---|
5 | #include <pthread.h>
|
---|
6 | #include "pwf.h"
|
---|
7 |
|
---|
8 | /* This implementation support Openwall-style TCB passwords in place of
|
---|
9 | * traditional shadow, if the appropriate directories and files exist.
|
---|
10 | * Thus, it is careful to avoid following symlinks or blocking on fifos
|
---|
11 | * which a malicious user might create in place of his or her TCB shadow
|
---|
12 | * file. It also avoids any allocation to prevent memory-exhaustion
|
---|
13 | * attacks via huge TCB shadow files. */
|
---|
14 |
|
---|
15 | static long xatol(char **s)
|
---|
16 | {
|
---|
17 | long x;
|
---|
18 | if (**s == ':' || **s == '\n') return -1;
|
---|
19 | for (x=0; **s-'0'<10U; ++*s) x=10*x+(**s-'0');
|
---|
20 | return x;
|
---|
21 | }
|
---|
22 |
|
---|
23 | int __parsespent(char *s, struct spwd *sp)
|
---|
24 | {
|
---|
25 | sp->sp_namp = s;
|
---|
26 | if (!(s = strchr(s, ':'))) return -1;
|
---|
27 | *s = 0;
|
---|
28 |
|
---|
29 | sp->sp_pwdp = ++s;
|
---|
30 | if (!(s = strchr(s, ':'))) return -1;
|
---|
31 | *s = 0;
|
---|
32 |
|
---|
33 | s++; sp->sp_lstchg = xatol(&s);
|
---|
34 | if (*s != ':') return -1;
|
---|
35 |
|
---|
36 | s++; sp->sp_min = xatol(&s);
|
---|
37 | if (*s != ':') return -1;
|
---|
38 |
|
---|
39 | s++; sp->sp_max = xatol(&s);
|
---|
40 | if (*s != ':') return -1;
|
---|
41 |
|
---|
42 | s++; sp->sp_warn = xatol(&s);
|
---|
43 | if (*s != ':') return -1;
|
---|
44 |
|
---|
45 | s++; sp->sp_inact = xatol(&s);
|
---|
46 | if (*s != ':') return -1;
|
---|
47 |
|
---|
48 | s++; sp->sp_expire = xatol(&s);
|
---|
49 | if (*s != ':') return -1;
|
---|
50 |
|
---|
51 | s++; sp->sp_flag = xatol(&s);
|
---|
52 | if (*s != '\n') return -1;
|
---|
53 | return 0;
|
---|
54 | }
|
---|
55 |
|
---|
56 | static void cleanup(void *p)
|
---|
57 | {
|
---|
58 | fclose(p);
|
---|
59 | }
|
---|
60 |
|
---|
61 | int getspnam_r(const char *name, struct spwd *sp, char *buf, size_t size, struct spwd **res)
|
---|
62 | {
|
---|
63 | char path[20+NAME_MAX];
|
---|
64 | FILE *f = 0;
|
---|
65 | int rv = 0;
|
---|
66 | int fd;
|
---|
67 | size_t k, l = strlen(name);
|
---|
68 | int skip = 0;
|
---|
69 | int cs;
|
---|
70 |
|
---|
71 | *res = 0;
|
---|
72 |
|
---|
73 | /* Disallow potentially-malicious user names */
|
---|
74 | if (*name=='.' || strchr(name, '/') || !l)
|
---|
75 | return errno = EINVAL;
|
---|
76 |
|
---|
77 | /* Buffer size must at least be able to hold name, plus some.. */
|
---|
78 | if (size < l+100)
|
---|
79 | return errno = ERANGE;
|
---|
80 |
|
---|
81 | /* Protect against truncation */
|
---|
82 | if (snprintf(path, sizeof path, "/etc/tcb/%s/shadow", name) >= sizeof path)
|
---|
83 | return errno = EINVAL;
|
---|
84 |
|
---|
85 | fd = open(path, O_RDONLY|O_NOFOLLOW|O_NONBLOCK|O_CLOEXEC);
|
---|
86 | if (fd >= 0) {
|
---|
87 | struct stat st = { 0 };
|
---|
88 | errno = EINVAL;
|
---|
89 | if (fstat(fd, &st) || !S_ISREG(st.st_mode) || !(f = fdopen(fd, "rb"))) {
|
---|
90 | pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs);
|
---|
91 | close(fd);
|
---|
92 | pthread_setcancelstate(cs, 0);
|
---|
93 | return errno;
|
---|
94 | }
|
---|
95 | } else {
|
---|
96 | f = fopen("/etc/shadow", "rbe");
|
---|
97 | if (!f) return errno;
|
---|
98 | }
|
---|
99 |
|
---|
100 | pthread_cleanup_push(cleanup, f);
|
---|
101 | while (fgets(buf, size, f) && (k=strlen(buf))>0) {
|
---|
102 | if (skip || strncmp(name, buf, l) || buf[l]!=':') {
|
---|
103 | skip = buf[k-1] != '\n';
|
---|
104 | continue;
|
---|
105 | }
|
---|
106 | if (buf[k-1] != '\n') {
|
---|
107 | rv = ERANGE;
|
---|
108 | break;
|
---|
109 | }
|
---|
110 |
|
---|
111 | if (__parsespent(buf, sp) < 0) continue;
|
---|
112 | *res = sp;
|
---|
113 | break;
|
---|
114 | }
|
---|
115 | pthread_cleanup_pop(1);
|
---|
116 | if (rv) errno = rv;
|
---|
117 | return rv;
|
---|
118 | }
|
---|