cvs commit: src/libexec/rexecd rexecd.c
Stefan Farfeleder
stefanf at FreeBSD.org
Thu Apr 7 02:01:57 PDT 2005
On Tue, Apr 05, 2005 at 02:55:33PM +0000, Jacques Vidrine wrote:
> nectar 2005-04-05 14:55:33 UTC
>
> FreeBSD src repository
>
> Modified files:
> libexec/rexecd rexecd.c
> Log:
> DES pointed out that the PAM layer may change the target user name
> during authentication. Thus we need to call getpwnam *after* the user
> has been authenticated. Colin mentioned that we should also move the
> check for root in that case.
static void
doit(struct sockaddr *fromp)
{
char *cmdbuf, *cp;
int maxcmdlen;
char user[16], pass[16];
...
if (!pam_ok(pam_start("rexecd", user, &pamc, &pamh)) ||
!pam_ok(pam_set_item(pamh, PAM_RHOST, remote)) ||
!pam_ok(pam_set_item(pamh, PAM_AUTHTOK, pass)) ||
!pam_ok(pam_authenticate(pamh, pam_flags)) ||
!pam_ok(pam_acct_mgmt(pamh, pam_flags)) ||
!pam_ok(pam_get_item(pamh, PAM_USER, (const void **)&user)) ||
I don't know anything about PAM, but apparently pam_get_item() stores a pointer
into *item. Here the pointer value is written into the first few bytes of the
array `user' (assuming it is correctly aligned).
Stefan
More information about the cvs-src
mailing list