Changeset 24122

Show
Ignore:
Timestamp:
10/23/09 14:09:57 (5 weeks ago)
Author:
andersk
Message:

In libnss-nonlocal:

  • New upstream version.
    • Disallow numeric nonlocal user/group names that look like local uid/gids.
Location:
trunk/debathena/debathena/libnss-nonlocal
Files:
5 modified

Legend:

Unmodified
Added
Removed

  • trunk/debathena/debathena/libnss-nonlocal/configure.ac

    r23829 r24122  
    1 AC_INIT([nss_nonlocal], [1.9], [andersk@mit.edu]) 
     1AC_INIT([nss_nonlocal], [1.10], [andersk@mit.edu]) 
    22AC_CANONICAL_TARGET 
    33AM_INIT_AUTOMAKE([-Wall -Werror foreign]) 
     4m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])]) 
    45 
    56AC_PREFIX_DEFAULT([/]) 

  • trunk/debathena/debathena/libnss-nonlocal/debian/changelog

    r23880 r24122  
     1libnss-nonlocal (1.10-0debathena1) unstable; urgency=low 
     2 
     3  * New upstream version. 
     4    - Disallow numeric nonlocal user/group names that look like local 
     5      uid/gids. 
     6 
     7 -- Anders Kaseorg <andersk@mit.edu>  Fri, 23 Oct 2009 13:49:43 -0400 
     8 
    19libnss-nonlocal (1.9-0debathena2) unstable; urgency=low 
    210 

  • trunk/debathena/debathena/libnss-nonlocal/nonlocal-group.c

    r23829 r24122  
    8282    int old_errno = errno; 
    8383 
    84     int buflen = sysconf(_SC_GETGR_R_SIZE_MAX); 
     84    size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX); 
    8585    char *buf = malloc(buflen); 
    8686    if (buf == NULL) { 
     
    128128 
    129129enum nss_status 
     130check_nonlocal_group(const char *user, struct group *grp, int *errnop) 
     131{ 
     132    enum nss_status status = NSS_STATUS_SUCCESS; 
     133    int old_errno = errno; 
     134    char *end; 
     135    unsigned long gid; 
     136 
     137    errno = 0; 
     138    gid = strtoul(grp->gr_name, &end, 10); 
     139    if (errno == 0 && *end == '\0' && (gid_t)gid == gid) 
     140        status = check_nonlocal_gid(user, gid, errnop); 
     141    errno = old_errno; 
     142    if (status != NSS_STATUS_SUCCESS) 
     143        return status; 
     144 
     145    return check_nonlocal_gid(user, grp->gr_gid, errnop); 
     146} 
     147 
     148enum nss_status 
    130149get_local_group(const char *name, struct group *grp, char **buffer, int *errnop) 
    131150{ 
     
    281300                status = DL_CALL_FCT(grent_fct.l, (grp, buffer, buflen, errnop)); 
    282301            while (status == NSS_STATUS_SUCCESS && 
    283                    check_nonlocal_gid("(unknown)", grp->gr_gid, &nonlocal_errno) != NSS_STATUS_SUCCESS); 
     302                   check_nonlocal_group("(unknown)", grp, &nonlocal_errno) != NSS_STATUS_SUCCESS); 
    284303        } 
    285304        if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) 
     
    330349        return status; 
    331350 
    332     return check_nonlocal_gid(name, grp->gr_gid, errnop); 
     351    if (strcmp(name, grp->gr_name) != 0) { 
     352        syslog(LOG_ERR, "nss_nonlocal: discarding group %s from lookup for group %s\n", grp->gr_name, name); 
     353        return NSS_STATUS_NOTFOUND; 
     354    } 
     355 
     356    return check_nonlocal_group(name, grp, errnop); 
    333357} 
    334358 
     
    368392        return status; 
    369393 
    370     return check_nonlocal_gid(grp->gr_name, grp->gr_gid, errnop); 
     394    return check_nonlocal_group(grp->gr_name, grp, errnop); 
    371395} 
    372396 
     
    391415    int is_local = 0; 
    392416    char *buffer; 
     417    int old_errno; 
     418    int in, out, i; 
    393419 
    394420    /* Check that the user is a nonlocal user before adding any groups. */ 
     
    399425        is_local = 1; 
    400426 
    401     int old_errno = errno; 
     427    old_errno = errno; 
    402428 
    403429    status = get_local_group(MAGIC_LOCAL_GROUPNAME, 
     
    462488        return NSS_STATUS_SUCCESS; 
    463489 
    464     int in = *start, out = *start, i; 
     490    in = out = *start; 
    465491 
    466492    nip = nss_group_nonlocal_database(); 

  • trunk/debathena/debathena/libnss-nonlocal/nonlocal-passwd.c

    r23829 r24122  
    8080    int old_errno = errno; 
    8181 
    82     int buflen = sysconf(_SC_GETPW_R_SIZE_MAX); 
     82    size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX); 
    8383    char *buf = malloc(buflen); 
    8484    if (buf == NULL) { 
     
    126126 
    127127enum nss_status 
     128check_nonlocal_passwd(const char *user, struct passwd *pwd, int *errnop) 
     129{ 
     130    enum nss_status status = NSS_STATUS_SUCCESS; 
     131    int old_errno = errno; 
     132    char *end; 
     133    unsigned long uid; 
     134 
     135    errno = 0; 
     136    uid = strtoul(pwd->pw_name, &end, 10); 
     137    if (errno == 0 && *end == '\0' && (uid_t)uid == uid) 
     138        status = check_nonlocal_uid(user, uid, errnop); 
     139    errno = old_errno; 
     140    if (status != NSS_STATUS_SUCCESS) 
     141        return status; 
     142 
     143    return check_nonlocal_uid(user, pwd->pw_uid, errnop); 
     144} 
     145 
     146enum nss_status 
    128147check_nonlocal_user(const char *user, int *errnop) 
    129148{ 
     
    141160    int old_errno = errno; 
    142161 
    143     int buflen = sysconf(_SC_GETPW_R_SIZE_MAX); 
     162    size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX); 
    144163    char *buf = malloc(buflen); 
    145164    if (buf == NULL) { 
     
    280299                status = DL_CALL_FCT(pwent_fct.l, (pwd, buffer, buflen, errnop)); 
    281300            while (status == NSS_STATUS_SUCCESS && 
    282                    check_nonlocal_uid(pwd->pw_name, pwd->pw_uid, &nonlocal_errno) != NSS_STATUS_SUCCESS); 
     301                   check_nonlocal_passwd(pwd->pw_name, pwd, &nonlocal_errno) != NSS_STATUS_SUCCESS); 
    283302        } 
    284303        if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) 
     
    330349        return status; 
    331350 
    332     status = check_nonlocal_uid(name, pwd->pw_uid, errnop); 
     351    if (strcmp(name, pwd->pw_name) != 0) { 
     352        syslog(LOG_ERR, "nss_nonlocal: discarding user %s from lookup for user %s\n", pwd->pw_name, name); 
     353        return NSS_STATUS_NOTFOUND; 
     354    } 
     355 
     356    status = check_nonlocal_passwd(name, pwd, errnop); 
    333357    if (status != NSS_STATUS_SUCCESS) 
    334358        return status; 
     
    376400        return status; 
    377401 
    378     status = check_nonlocal_uid(pwd->pw_name, pwd->pw_uid, errnop); 
     402    status = check_nonlocal_passwd(pwd->pw_name, pwd, errnop); 
    379403    if (status != NSS_STATUS_SUCCESS) 
    380404        return status; 

  • trunk/debathena/debathena/libnss-nonlocal/nonlocal-shadow.c

    r22686 r24122  
    3434#include <dlfcn.h> 
    3535#include <stdio.h> 
     36#include <syslog.h> 
    3637#include <errno.h> 
    3738#include <shadow.h> 
     
    180181            break; 
    181182    } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0); 
    182     return status; 
     183    if (status != NSS_STATUS_SUCCESS) 
     184        return status; 
     185 
     186    if (strcmp(name, pwd->sp_namp) != 0) { 
     187        syslog(LOG_ERR, "nss_nonlocal: discarding shadow %s from lookup for shadow %s\n", pwd->sp_namp, name); 
     188        return NSS_STATUS_NOTFOUND; 
     189    } 
     190 
     191    return NSS_STATUS_SUCCESS; 
    183192}