diff options
-rw-r--r-- | libexec/rexecd/rexecd.c | 45 |
1 files changed, 8 insertions, 37 deletions
diff --git a/libexec/rexecd/rexecd.c b/libexec/rexecd/rexecd.c index 05470ff..b056528 100644 --- a/libexec/rexecd/rexecd.c +++ b/libexec/rexecd/rexecd.c @@ -86,8 +86,6 @@ char default_shell[] = _PATH_BSHELL; static void doit(struct sockaddr *); static void getstr(char *, int, const char *); static void error(const char *fmt, ...); -static struct passwd *xgetpwnam(const char *, struct passwd *, char **, - size_t *); int no_uid_0 = 1; @@ -136,10 +134,9 @@ doit(struct sockaddr *fromp) { char *cmdbuf, *cp; int maxcmdlen; - char userbuf[16], pass[16]; - struct passwd *pwd, pwd_storage; - char *pwdbuf, *user; - size_t pwdbuflen; + char user[16], pass[16]; + struct passwd *pwd; + const void *item; int fd, r, sd; u_short port; int pv[2], pid, cc, nfds; @@ -189,22 +186,20 @@ doit(struct sockaddr *fromp) if (connect(sd, fromp, fromp->sa_len) < 0) exit(1); } - user = userbuf; - getstr(userbuf, sizeof(userbuf), "username"); + getstr(user, sizeof(user), "username"); getstr(pass, sizeof(pass), "password"); getstr(cmdbuf, maxcmdlen, "command"); (void) alarm(0); - pwdbuflen = 0; - pwdbuf = NULL; if (!pam_ok(pam_start("rexecd", user, &pamc, &pamh)) || !pam_ok(pam_set_item(pamh, PAM_RHOST, remote)) || !pam_ok(pam_set_item(pamh, PAM_AUTHTOK, pass)) || !pam_ok(pam_authenticate(pamh, pam_flags)) || !pam_ok(pam_acct_mgmt(pamh, pam_flags)) || - !pam_ok(pam_get_item(pamh, PAM_USER, (const void **)&user)) || - (pwd = xgetpwnam(user, &pwd_storage, &pwdbuf, - &pwdbuflen)) == NULL || (pwd->pw_uid == 0 && no_uid_0)) { + !pam_ok(pam_get_item(pamh, PAM_USER, &item)) || item == NULL || + strlen(item) >= sizeof(user) || strcpy(user, item) == NULL || + (pwd = getpwnam(user)) == NULL || + (pwd->pw_uid == 0 && no_uid_0)) { syslog(LOG_ERR, "%s LOGIN REFUSED from %s", user, remote); error("Login incorrect.\n"); exit(1); @@ -329,27 +324,3 @@ getstr(char *buf, int cnt, const char *field) } } while (c != 0); } - -static struct passwd * -xgetpwnam(const char *user, struct passwd *pwd_storage, char **pwdbuf, - size_t *pwdbuflen) -{ - struct passwd *pwd; - size_t needed; - int rv; - - needed = (*pwdbuflen == 0) ? BUFSIZ : *pwdbuflen; - pwd = NULL; - do { - if (needed != *pwdbuflen) { - if ((*pwdbuf = reallocf(*pwdbuf, needed)) == NULL) { - syslog(LOG_ERR, "Cannot allocate memory"); - error("Cannot allocate memory.\n"); - exit(1); - } else - *pwdbuflen = needed; - } - rv = getpwnam_r(user, pwd_storage, *pwdbuf, *pwdbuflen, &pwd); - } while (pwd == NULL && rv == ERANGE && (needed <<= 1)); - return pwd; -} |