From owner-freebsd-bugs Sun Oct 22 8: 0: 6 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id EA65737B4CF for ; Sun, 22 Oct 2000 08:00:00 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id IAA03949; Sun, 22 Oct 2000 08:00:00 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from lafontaine.cybercable.fr (lafontaine.cybercable.fr [212.198.0.202]) by hub.freebsd.org (Postfix) with SMTP id 21CE637B479 for ; Sun, 22 Oct 2000 07:49:15 -0700 (PDT) Received: (qmail 1138946 invoked from network); 22 Oct 2000 14:49:01 -0000 Received: from r227m167.cybercable.tm.fr (HELO gits.dyndns.org) ([195.132.227.167]) (envelope-sender ) by lafontaine.cybercable.fr (qmail-ldap-1.03) with SMTP for ; 22 Oct 2000 14:49:01 -0000 Received: (from root@localhost) by gits.dyndns.org (8.11.0/8.11.0) id e9MEmx216806; Sun, 22 Oct 2000 16:48:59 +0200 (CEST) (envelope-from root) Message-Id: <200010221448.e9MEmx216806@gits.dyndns.org> Date: Sun, 22 Oct 2000 16:48:59 +0200 (CEST) From: Cyrille Lefevre Reply-To: clefevre@citeweb.net To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: bin/22212: skeyaccess(3) doesn't for primary group Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 22212 >Category: bin >Synopsis: skeyaccess(3) doesn't for primary group >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Oct 22 08:00:00 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Cyrille Lefevre >Release: FreeBSD 4.1-STABLE i386 >Organization: ACME >Environment: FreeBSD gits 4.1-STABLE FreeBSD 4.1-STABLE #3: Sat Sep 23 10:20:30 CEST 2000 root@gits:/disk2/4.0-stable/src/sys/compile/CUSTOM i386 >Description: skeyaccess(3) only check for group members and not for primary group. >How-To-Repeat: /etc/passwd: clefevre:*:2002:2002:Cyrille Lefevre:/home/clefevre:/bin/ksh /etc/group: users:*:2002: /etc/skey.access: permit group users deny ftp ftp://clefevre:XXXX@localhost/ Trying 127.0.0.1... Connected to localhost. 220 gits FTP server (Version 6.00LS) ready. Remote system type is UNIX. Using binary mode to transfer files. 331 Password required for clefevre. 530 Login incorrect. ftp: Login failed. ftp: Can't connect or login to host `localhost' 221 Goodbye. >Fix: Index: skeyaccess.c =================================================================== RCS file: /home/ncvs/src/lib/libskey/skeyaccess.c,v retrieving revision 1.9 diff -u -r1.9 skeyaccess.c --- skeyaccess.c 1998/10/26 11:54:36 1.9 +++ skeyaccess.c 2000/10/22 13:55:38 @@ -32,6 +32,7 @@ #include #include #include +#include #include #include #include @@ -152,7 +153,7 @@ int i; for (i = 0; login_info.internet_addr[i].s_addr; i++) - printf("%s%s", login_info.internet_addr[i].s_addr == -1 ? + printf("%s%s", login_info.internet_addr[i].s_addr == INADDR_NONE ? "(see error log)" : inet_ntoa(login_info.internet_addr[i]), login_info.internet_addr[i + 1].s_addr ? " " : "\n"); } @@ -261,11 +262,15 @@ static int match_group(login_info) struct login_info *login_info; { + struct passwd *passwd; struct group *group; char *tok; char **memp; - if ((tok = need_token()) && (group = getgrnam(tok))) { + if ((tok = need_token()) && + (passwd = getpwnam(login_info->user)) && (group = getgrnam(tok))) { + if (passwd->pw_gid == group->gr_gid) + return (1); for (memp = group->gr_mem; *memp; memp++) if (strcmp(login_info->user, *memp) == 0) return (1); @@ -454,6 +459,7 @@ #ifdef TEST +int main(argc, argv) int argc; char **argv; @@ -469,7 +475,7 @@ exit(0); } if (_PATH_SKEYACCESS[0] != '/') - printf("Warning: this program uses control file: %s\n", KEYACCESS); + printf("Warning: this program uses control file: %s\n", _PATH_SKEYACCESS); openlog("login", LOG_PID, LOG_AUTH); user = argv[1]; >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message