diff options
| author | Steve Langasek <vorlon@debian.org> | 2019-01-22 14:54:11 -0800 |
|---|---|---|
| committer | Steve Langasek <vorlon@debian.org> | 2019-01-22 14:54:11 -0800 |
| commit | f00afb1ef201b2eef7f9ddbe5a0c6ca802cf49bb (patch) | |
| tree | 402838c53047b0e21466a653ae88d86a8e4b7b65 /modules/pam_timestamp/pam_timestamp.c | |
| parent | 795badba7f95e737f979917859cd32c9bd47bcad (diff) | |
| parent | 1cad9fb2a0d729c5b5e5aa7297c521df7d5a2d33 (diff) | |
| download | pam-f00afb1ef201b2eef7f9ddbe5a0c6ca802cf49bb.tar.gz pam-f00afb1ef201b2eef7f9ddbe5a0c6ca802cf49bb.tar.bz2 pam-f00afb1ef201b2eef7f9ddbe5a0c6ca802cf49bb.zip | |
New upstream version 1.3.0
Diffstat (limited to 'modules/pam_timestamp/pam_timestamp.c')
| -rw-r--r-- | modules/pam_timestamp/pam_timestamp.c | 39 |
1 files changed, 18 insertions, 21 deletions
diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c index 51937333..b18efdfd 100644 --- a/modules/pam_timestamp/pam_timestamp.c +++ b/modules/pam_timestamp/pam_timestamp.c @@ -58,6 +58,7 @@ #include <unistd.h> #include <utmp.h> #include <syslog.h> +#include <paths.h> #include "hmacsha1.h" #include <security/pam_modules.h> @@ -69,7 +70,7 @@ * for the timestamp_timeout parameter. */ #define DEFAULT_TIMESTAMP_TIMEOUT (5 * 60) #define MODULE "pam_timestamp" -#define TIMESTAMPDIR "/var/run/sudo" +#define TIMESTAMPDIR _PATH_VARRUN "/" MODULE #define TIMESTAMPKEY TIMESTAMPDIR "/_pam_timestamp_key" /* Various buffers we use need to be at least as large as either PATH_MAX or @@ -158,7 +159,7 @@ check_tty(const char *tty) tty = strrchr(tty, '/') + 1; } /* Make sure the tty wasn't actually a directory (no basename). */ - if (strlen(tty) == 0) { + if (!strlen(tty) || !strcmp(tty, ".") || !strcmp(tty, "..")) { return NULL; } return tty; @@ -243,6 +244,17 @@ get_ruser(pam_handle_t *pamh, char *ruserbuf, size_t ruserbuflen) if (pwd != NULL) { ruser = pwd->pw_name; } + } else { + /* + * This ruser is used by format_timestamp_name as a component + * of constructed timestamp pathname, so ".", "..", and '/' + * are disallowed to avoid potential path traversal issues. + */ + if (!strcmp(ruser, ".") || + !strcmp(ruser, "..") || + strchr(ruser, '/')) { + ruser = NULL; + } } if (ruser == NULL || strlen(ruser) >= ruserbuflen) { *ruserbuf = '\0'; @@ -345,7 +357,7 @@ verbose_success(pam_handle_t *pamh, long diff) pam_info(pamh, _("Access granted (last access was %ld seconds ago)."), diff); } -PAM_EXTERN int +int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { struct stat st; @@ -535,13 +547,13 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) return PAM_AUTH_ERR; } -PAM_EXTERN int +int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } -PAM_EXTERN int +int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { char path[BUFLEN], subdir[BUFLEN], *text, *p; @@ -658,27 +670,12 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char * return PAM_SUCCESS; } -PAM_EXTERN int +int pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } -#ifdef PAM_STATIC -/* static module data */ - -struct pam_module _pam_timestamp_modstruct = { - "pam_timestamp", - pam_sm_authenticate, - pam_sm_setcred, - NULL, - pam_sm_open_session, - pam_sm_close_session, - NULL -}; -#endif - - #else /* PAM_TIMESTAMP_MAIN */ #define USAGE "Usage: %s [[-k] | [-d]] [target user]\n" |