[src/trunk]: src/lib/libtelnet Don't perform a check for "secure" tty for roo...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/lib/libtelnet Don't perform a check for "secure" tty for roo...
From: lukem <lukem%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 17:10:59 +0000

details:   https://anonhg.NetBSD.org/src/rev/888fbfac5f4d
branches:  trunk
changeset: 580718:888fbfac5f4d
user:      lukem <lukem%NetBSD.org@localhost>
date:      Thu May 05 23:21:58 2005 +0000

description:
Don't perform a check for "secure" tty for root logins when using PAM;
that is what we provide pam_securetty(8) for.

Fix the -DNOPAM build option by allowing it to compile
(even though we don't use this source file when USE_PAM=no).

diffstat:

 lib/libtelnet/sra.c |  21 +++++++++++----------
 1 files changed, 11 insertions(+), 10 deletions(-)

diffs (85 lines):

diff -r b41b88cfdc5c -r 888fbfac5f4d lib/libtelnet/sra.c
--- a/lib/libtelnet/sra.c       Thu May 05 22:43:56 2005 +0000
+++ b/lib/libtelnet/sra.c       Thu May 05 23:21:58 2005 +0000
@@ -32,7 +32,7 @@
 #ifdef notdef
 __FBSDID("$FreeBSD: src/contrib/telnet/libtelnet/sra.c,v 1.16 2002/05/06 09:48:02 markm Exp $");
 #else
-__RCSID("$NetBSD: sra.c,v 1.5 2005/05/05 22:43:56 lukem Exp $");
+__RCSID("$NetBSD: sra.c,v 1.6 2005/05/05 23:21:58 lukem Exp $");
 #endif
 
 #ifdef SRA
@@ -419,6 +419,7 @@
        }
 }
 
+#ifdef NOPAM
 static int
 isroot(const char *usr)
 {
@@ -444,11 +445,11 @@
        return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE);
 }
 
-#ifdef NOPAM
 static int
 check_user(char *name, char *cred)
 {
-       char *cp;
+       struct passwd pws, *pw;
+       char pwbuf[1024];
        char *xpasswd, *salt;
 
        if (isroot(name) && !rootterm(line))
@@ -457,25 +458,23 @@
                return(0);
        }
 
-       if (pw = sgetpwnam(name)) {
+       if (getpwnam_r(name, &pws, pwbuf, sizeof(pwbuf), &pw) == 0 &&
+           pw != NULL) {
                if (pw->pw_shell == NULL) {
-                       pw = (struct passwd *) NULL;
                        return(0);
                }
 
                salt = pw->pw_passwd;
                xpasswd = crypt(cred, salt);
                /* The strcmp does not catch null passwords! */
-               if (pw == NULL || *pw->pw_passwd == '\0' ||
-                       strcmp(xpasswd, pw->pw_passwd)) {
-                       pw = (struct passwd *) NULL;
+               if (*pw->pw_passwd == '\0' || strcmp(xpasswd, pw->pw_passwd)) {
                        return(0);
                }
                return(1);
        }
        return(0);
 }
-#else
+#else  /* !NOPAM */
 
 /*
  * The following is stolen from ftpd, which stole it from the imap-uw
@@ -584,9 +583,11 @@
                } else
                        syslog(LOG_ERR, "Couldn't get PAM_USER: %s",
                        pam_strerror(pamh, e));
+#if 0  /* pam_securetty(8) should be used to enforce this */
                if (isroot(name) && !rootterm(line))
                        rval = 0;
                else
+#endif
                        rval = 1;
                break;
 
@@ -609,7 +610,7 @@
        return rval;
 }
 
-#endif
+#endif /* !NOPAM */
 
 #endif /* ENCRYPTION */
 #endif /* SRA */

Prev by Date: [src/trunk]: src/sys/arch/x86/x86 Move declaration of error variable to avoid...
Next by Date: [src/trunk]: src/gnu/usr.bin/gettext Add build glue via an import.
Previous by Thread: [src/trunk]: src/sys/arch/x86/x86 Move declaration of error variable to avoid...
Next by Thread: [src/trunk]: src/gnu/usr.bin/gettext Add build glue via an import.
Indexes:

Home | Main Index | Thread Index | Old Index