Reject user with names that are longer than OPIE is willing to deal with;

otherwise OPIE will happily truncate it.

Spotted by:	ghelmer
MFC after:	2 weeks

1 files changed, 13 insertions, 4 deletions

diff --git a/lib/libpam/modules/pam_opie/pam_opie.c b/lib/libpam/modules/pam_opie/pam_opie.c
index 737b044..bfb875f 100644
--- a/lib/libpam/modules/pam_opie/pam_opie.c
+++ b/lib/libpam/modules/pam_opie/pam_opie.c
@@ -63,7 +63,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 	int retval, i;
 	const char *(promptstr[]) = { "%s\nPassword: ", "%s\nPassword [echo on]: "};
 	char challenge[OPIE_CHALLENGE_MAX];
-	char *user;
+	char principal[OPIE_PRINCIPAL_MAX];
+	const char *user;
 	char *response;
 	int style;
 
@@ -74,7 +75,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 		user = pwd->pw_name;
 	}
 	else {
-		retval = pam_get_user(pamh, (const char **)&user, NULL);
+		retval = pam_get_user(pamh, &user, NULL);
 		if (retval != PAM_SUCCESS)
 			return (retval);
 	}
@@ -82,6 +83,15 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 	PAM_LOG("Got user: %s", user);
 
 	/*
+	 * Watch out: libopie feels entitled to truncate the user name
+	 * passed to it if it's longer than OPIE_PRINCIPAL_MAX, which is
+	 * not uncommon in Windows environments.
+	 */
+	if (strlen(user) >= sizeof(principal))
+		return (PAM_AUTH_ERR);
+	strlcpy(principal, user, sizeof(principal));
+
+	/*
 	 * Don't call the OPIE atexit() handler when our program exits,
 	 * since the module has been unloaded and we will SEGV.
 	 */
@@ -92,8 +102,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
 	 * doesn't have an OPIE key, just fail rather than present the
 	 * user with a bogus OPIE challenge.
 	 */
-	/* XXX generates a const warning because of incorrect prototype */
-	if (opiechallenge(&opie, (char *)user, challenge) != 0 &&
+	if (opiechallenge(&opie, principal, challenge) != 0 &&
 	    openpam_get_option(pamh, PAM_OPT_NO_FAKE_PROMPTS))
 		return (PAM_AUTH_ERR);