Site Navigation

Date:      Sun, 9 Jul 1995 00:10:01 -0700
From:      mpp@legarto.minn.net
To:        freebsd-bugs
Subject:   bin/604: Various commands allow access to expired accounts
Message-ID:  <199507090710.AAA19807@freefall.cdrom.com>
In-Reply-To: Your message of Sun, 9 Jul 1995 01:55:50 -0500 <199507090655.BAA15567@mpp>

---

index | next in thread | previous in thread | raw e-mail

---

>Number:         604
>Category:       bin
>Synopsis:       Various commands allow access to expired accounts
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs (FreeBSD bugs mailing list)
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jul  9 00:10:00 1995
>Originator:     Mike Pritchard
>Organization:
>Release:        FreeBSD 2.0-BUILT-19950628 i386
>Environment:

>Description:

Various commands allow access to accounts that are expired, namely:

ftpd, rshd, rexecd, uucpd, su, atrun, cron, pppd

See also: PR# bin/603 - I don't think that got mailed out due
to the mailing list problems over this weekend.

>How-To-Repeat:

Setup an expired account and use any of the above commands to 
gain access to the account.

>Fix:
	
Here are patches for all of the above commands to make them 
not allow access to expired accounts.

------cut here------
patch directory: /usr/src/libexec/atrun
--- orig/atrun.c	Sat Jul  8 12:35:49 1995
+++ ./atrun.c	Sat Jul  8 15:14:58 1995
@@ -164,6 +164,13 @@
 
     PRIV_END
 
+    if (pentry->pw_expire && time(NULL) >= pentry->pw_expire)
+    {
+	syslog(LOG_ERR, "Userid %lu is expired - aborting job %s",
+		(unsigned long) uid, filename);
+	exit(EXIT_FAILURE);
+    }
+
     if (stream == NULL)
 	perr("Cannot open input file");
 

------cut here------
patch directory: /usr/src/usr.bin/cron
--- lib/orig/entry.c	Sat Jul  8 12:53:26 1995
+++ lib/entry.c	Sat Jul  8 12:55:47 1995
@@ -241,6 +241,11 @@
 		Debug(DPARS, ("load_entry()...uid %d, gid %d\n",e->uid,e->gid))
 	}
 
+	if (pw->pw_expire && time(NULL) >= pw->pw_expire) {
+		ecode = e_username;
+		goto eof;
+	}
+
 	e->uid = pw->pw_uid;
 	e->gid = pw->pw_gid;
 

------cut here------
patch directory: /usr/src/libexec/ftpd
--- orig/ftpd.c	Sat Jul  8 12:03:25 1995
+++ ./ftpd.c	Sat Jul  8 12:11:50 1995
@@ -574,6 +574,7 @@
 #endif
 		/* The strcmp does not catch null passwords! */
 		if (pw == NULL || *pw->pw_passwd == '\0' ||
+		    (pw->pw_expire && time(NULL) >= pw->pw_expire) ||
 		    strcmp(xpasswd, pw->pw_passwd)) {
 			reply(530, "Login incorrect.");
 			if (logging)

------cut here------
patch directory: /usr/src/usr.sbin/pppd
--- orig/auth.c	Sat Jul  8 12:33:29 1995
+++ ./auth.c	Sat Jul  8 12:34:36 1995
@@ -456,6 +456,9 @@
 	return (UPAP_AUTHNAK);
     }
 
+    if (pw->pw_expire && time(NULL) >= pw->pw_expire)
+	return (UPAP_AUTHNAK);
+
     /*
      * XXX If no passwd, let them login without one.
      */

------cut here------
patch directory: /usr/src/libexec/rexecd
--- orig/rexecd.c	Sat Jul  8 12:24:36 1995
+++ ./rexecd.c	Sat Jul  8 12:25:00 1995
@@ -188,7 +188,8 @@
 		}
 	}
 
-	if (pwd->pw_uid == 0 || *pwd->pw_passwd == '\0') {
+	if (pwd->pw_uid == 0 || *pwd->pw_passwd == '\0' ||
+	    (pwd->pw_expire && time(NULL) >= pwd->pw_expire)) {
 		syslog(LOG_ERR, "%s LOGIN REFUSED from %s", user, remote);
 		error("Login incorrect.\n");
 		exit(1);

------cut here------
patch directory: /usr/src/libexec/rshd
--- orig/rshd.c	Sat Jul  8 12:21:04 1995
+++ ./rshd.c	Sat Jul  8 12:18:39 1995
@@ -445,9 +445,10 @@
 #endif
 
 		if (errorstr ||
-		    pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' &&
+		    (pwd->pw_expire && time(NULL) >= pwd->pw_expire) ||
+		    (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' &&
 		    iruserok(fromp->sin_addr.s_addr, pwd->pw_uid == 0,
-		    remuser, locuser) < 0) {
+		    remuser, locuser) < 0)) {
 			if (__rcmd_errstr)
 				syslog(LOG_INFO|LOG_AUTH,
 			    "%s@%s as %s: permission denied (%s). cmd='%.80s'",

------cut here------
patch directory: /usr/src/usr.bin/su
--- orig/su.c	Sat Jul  8 13:10:02 1995
+++ ./su.c	Sat Jul  8 13:15:51 1995
@@ -184,6 +184,13 @@
 				exit(1);
 			}
 		}
+		if (pwd->pw_expire && time(NULL) >= pwd->pw_expire) {
+			fprintf(stderr, "Sorry - account expired\n");
+			syslog(LOG_AUTH|LOG_WARNING,
+				"BAD SU %s to %s%s", username,
+				user, ontty());
+			exit(1);
+		}
 	    }
 	}
 

------cut here------
patch directory: /usr/src/libexec/uucpd
--- orig/uucpd.c	Sat Jul  8 12:27:27 1995
+++ ./uucpd.c	Sat Jul  8 12:29:34 1995
@@ -159,6 +159,8 @@
 		login_incorrect(user, sinp);
 	if (strcmp(pw->pw_shell, _PATH_UUCICO))
 		login_incorrect(user, sinp);
+	if (pw->pw_expire && time(NULL) >= pw->pw_expire)
+		login_incorrect(user, sinp);
 	if (pw->pw_passwd && *pw->pw_passwd != '\0') {
 		printf("Password: "); fflush(stdout);
 		if (readline(passwd, sizeof passwd, 1) < 0) {


----end of patches------
>Audit-Trail:
>Unformatted:

help

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199507090710.AAA19807>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact