Date: Sun, 22 Oct 2000 16:48:59 +0200 (CEST) From: Cyrille Lefevre <clefevre@citeweb.net> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/22212: skeyaccess(3) doesn't for primary group Message-ID: <200010221448.e9MEmx216806@gits.dyndns.org>
next in thread | raw e-mail | index | archive | help
>Number: 22212 >Category: bin >Synopsis: skeyaccess(3) doesn't for primary group >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Oct 22 08:00:00 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Cyrille Lefevre >Release: FreeBSD 4.1-STABLE i386 >Organization: ACME >Environment: FreeBSD gits 4.1-STABLE FreeBSD 4.1-STABLE #3: Sat Sep 23 10:20:30 CEST 2000 root@gits:/disk2/4.0-stable/src/sys/compile/CUSTOM i386 >Description: skeyaccess(3) only check for group members and not for primary group. >How-To-Repeat: /etc/passwd: clefevre:*:2002:2002:Cyrille Lefevre:/home/clefevre:/bin/ksh /etc/group: users:*:2002: /etc/skey.access: permit group users deny ftp ftp://clefevre:XXXX@localhost/ Trying 127.0.0.1... Connected to localhost. 220 gits FTP server (Version 6.00LS) ready. Remote system type is UNIX. Using binary mode to transfer files. 331 Password required for clefevre. 530 Login incorrect. ftp: Login failed. ftp: Can't connect or login to host `localhost' 221 Goodbye. >Fix: Index: skeyaccess.c =================================================================== RCS file: /home/ncvs/src/lib/libskey/skeyaccess.c,v retrieving revision 1.9 diff -u -r1.9 skeyaccess.c --- skeyaccess.c 1998/10/26 11:54:36 1.9 +++ skeyaccess.c 2000/10/22 13:55:38 @@ -32,6 +32,7 @@ #include <arpa/inet.h> #include <stdio.h> #include <grp.h> +#include <pwd.h> #include <ctype.h> #include <syslog.h> #include <unistd.h> @@ -152,7 +153,7 @@ int i; for (i = 0; login_info.internet_addr[i].s_addr; i++) - printf("%s%s", login_info.internet_addr[i].s_addr == -1 ? + printf("%s%s", login_info.internet_addr[i].s_addr == INADDR_NONE ? "(see error log)" : inet_ntoa(login_info.internet_addr[i]), login_info.internet_addr[i + 1].s_addr ? " " : "\n"); } @@ -261,11 +262,15 @@ static int match_group(login_info) struct login_info *login_info; { + struct passwd *passwd; struct group *group; char *tok; char **memp; - if ((tok = need_token()) && (group = getgrnam(tok))) { + if ((tok = need_token()) && + (passwd = getpwnam(login_info->user)) && (group = getgrnam(tok))) { + if (passwd->pw_gid == group->gr_gid) + return (1); for (memp = group->gr_mem; *memp; memp++) if (strcmp(login_info->user, *memp) == 0) return (1); @@ -454,6 +459,7 @@ #ifdef TEST +int main(argc, argv) int argc; char **argv; @@ -469,7 +475,7 @@ exit(0); } if (_PATH_SKEYACCESS[0] != '/') - printf("Warning: this program uses control file: %s\n", KEYACCESS); + printf("Warning: this program uses control file: %s\n", _PATH_SKEYACCESS); openlog("login", LOG_PID, LOG_AUTH); user = argv[1]; >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010221448.e9MEmx216806>