Add missing code needed for the detection of IPSec packet replays. [1]

Correctly identify the user running opiepasswd(1) when the login name differs from the account name. [2] Security: FreeBSD-SA-06:11.ipsec [1] Security: FreeBSD-SA-06:12.opie [2]
author: cperciva <cperciva@FreeBSD.org> 2006-03-22 16:00:42 +0000
committer: cperciva <cperciva@FreeBSD.org> 2006-03-22 16:00:42 +0000
commit: e66460b8942afc349793d018627b403bbd4eaad0 (patch)
tree: 505281ed70ef5587153603a305cee43608da2925 /contrib/opie
parent: d663b33f930b54b91e851c202bd44ddd3e110361 (diff)
download: FreeBSD-src-e66460b8942afc349793d018627b403bbd4eaad0.zip
FreeBSD-src-e66460b8942afc349793d018627b403bbd4eaad0.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/contrib/opie/opiepasswd.c b/contrib/opie/opiepasswd.c
index 2e2358a..cd4ff01 100644
--- a/contrib/opie/opiepasswd.c
+++ b/contrib/opie/opiepasswd.c
@@ -118,11 +118,18 @@ int main FUNCTION((argc, argv), int argc AND char *argv[])
   struct opie opie;
   int rval, n = 499, i, mode = MODE_DEFAULT, force = 0;
   char seed[OPIE_SEED_MAX+1];
+  char *username;
+  uid_t ruid;
   struct passwd *pp;
 
   memset(seed, 0, sizeof(seed));
 
-  if (!(pp = getpwnam(getlogin()))) {
+  ruid = getuid();
+  username = getlogin();
+  pp = getpwnam(username);
+  if (username == NULL || pp == NULL || pp->pw_uid != ruid)
+    pp = getpwuid(ruid);
+  if (pp == NULL) {
     fprintf(stderr, "Who are you?");
     return 1;
   }
author	cperciva <cperciva@FreeBSD.org>	2006-03-22 16:00:42 +0000
committer	cperciva <cperciva@FreeBSD.org>	2006-03-22 16:00:42 +0000
commit	e66460b8942afc349793d018627b403bbd4eaad0 (patch)
tree	505281ed70ef5587153603a305cee43608da2925 /contrib/opie
parent	d663b33f930b54b91e851c202bd44ddd3e110361 (diff)
download	FreeBSD-src-e66460b8942afc349793d018627b403bbd4eaad0.zip FreeBSD-src-e66460b8942afc349793d018627b403bbd4eaad0.tar.gz