From owner-freebsd-bugs@FreeBSD.ORG Tue Feb 8 13:20:12 2005 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 30BF416A4CE for ; Tue, 8 Feb 2005 13:20:12 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id C962843D5D for ; Tue, 8 Feb 2005 13:20:11 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id j18DKBY7081879 for ; Tue, 8 Feb 2005 13:20:11 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.1/8.13.1/Submit) id j18DKBo0081878; Tue, 8 Feb 2005 13:20:11 GMT (envelope-from gnats) Resent-Date: Tue, 8 Feb 2005 13:20:11 GMT Resent-Message-Id: <200502081320.j18DKBo0081878@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Javier Martín Rueda Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 31FB216A4CF for ; Tue, 8 Feb 2005 13:17:33 +0000 (GMT) Received: from aurora.diatel.upm.es (aurora.diatel.upm.es [138.100.49.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 93D3743D39 for ; Tue, 8 Feb 2005 13:17:32 +0000 (GMT) (envelope-from javier@aurora.diatel.upm.es) Received: from aurora.diatel.upm.es (localhost [127.0.0.1]) by aurora.diatel.upm.es (8.13.1/8.13.1) with ESMTP id j18DHKnw074573; Tue, 8 Feb 2005 14:17:21 +0100 (CET) (envelope-from javier@aurora.diatel.upm.es) Received: (from root@localhost) by aurora.diatel.upm.es (8.13.1/8.13.1/Submit) id j18DHKJt074572; Tue, 8 Feb 2005 14:17:20 +0100 (CET) (envelope-from javier) Message-Id: <200502081317.j18DHKJt074572@aurora.diatel.upm.es> Date: Tue, 8 Feb 2005 14:17:20 +0100 (CET) From: Javier Martín Rueda To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: bin/77261: login doesn't chdir into a group-protected home directory X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Javier Martín Rueda List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2005 13:20:12 -0000 >Number: 77261 >Category: bin >Synopsis: login doesn't chdir into a group-protected home directory >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Feb 08 13:20:11 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Javier Martín Rueda >Release: FreeBSD 5.3-RELEASE i386 >Organization: DIATEL - UPM >Environment: System: FreeBSD aurora.diatel.upm.es 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 5 04:19:18 UTC 2004 root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: When any component of a user's home directory has permissions such that only the members of a certain group can access it, login will not correctly chdir to that directory, and the user will get the message "No home directory. Logging in with home = "/". The user will then start in the root directory. >How-To-Repeat: pw groupadd testgroup mkdir /home/test chgrp testgroup /home/test chmod 750 /home/test echo testpassword | pw useradd testuser -d /home/test/testuser -m -G testgroup -h0 Now login as testuser and you'll get a "No home directory. Logging in with home = "/" message, despite the fact that testuser belongs to testgroup. Actually, the user can then change to his home directory without any problem. You have to login via telnet or a console terminal. sshd or X don't run login. >Fix: This bug is actually acknowledged in the login source code. What I suggest is first trying to chdir to the user's home directory in the traditional way (with superuser privileges). If that doesn't work, it may be because the user's home directory resides on a NFS server that doesn't allow root access, and only then it's when login switches identities and tries to chdir for a second time. Apply the following patch to /usr/src/usr.bin/login/login.c, recompile, and reinstall: --- login.c.orig Mon Jan 26 21:04:47 2004 +++ login.c Wed Jan 26 12:02:03 2005 @@ -161,7 +161,7 @@ struct group *gr; struct stat st; int retries, backoff; - int ask, ch, cnt, quietlog, rootlogin, rval; + int ask, ch, cnt, quietlog, rootlogin, rval, chdir_possible; uid_t uid, euid; gid_t egid; char *term; @@ -358,15 +358,28 @@ quietlog = login_getcapbool(lc, "hushlogin", 0); /* - * Switching needed for NFS with root access disabled. + * We try to chdir() into the user's home directory. + * If that fails, it may be because it resides on a + * NFS filesystem with root access disabled, and so + * we switch credentials and retry. * - * XXX: This change fails to modify the additional groups for the - * process, and as such, may restrict rights normally granted - * through those groups. + * XXX Note that the switch fails to modify the additional + * groups for the process, and as such, may restrict + * rights normally granted through those groups. */ - (void)setegid(pwd->pw_gid); - (void)seteuid(rootlogin ? 0 : pwd->pw_uid); - if (!*pwd->pw_dir || chdir(pwd->pw_dir) < 0) { + if (*pwd->pw_dir) { + chdir_possible = (chdir(pwd->pw_dir) == 0); + if (! chdir_possible) { + (void)setegid(pwd->pw_gid); + (void)seteuid(rootlogin ? 0 : pwd->pw_uid); + chdir_possible = (chdir(pwd->pw_dir) == 0); + (void)seteuid(euid); + (void)setegid(egid); + } + } + else + chdir_possible = 0; + if (! chdir_possible) { if (login_getcapbool(lc, "requirehome", 0)) refused("Home directory not available", "HOMEDIR", 1); if (chdir("/") < 0) @@ -379,9 +392,7 @@ bail(SLEEP_EXIT, 1); } } - (void)seteuid(euid); - (void)setegid(egid); - if (!quietlog) { + else if (!quietlog) { quietlog = access(_PATH_HUSHLOGIN, F_OK) == 0; if (!quietlog) pam_silent = 0; >Release-Note: >Audit-Trail: >Unformatted: