Bug#416628: My patch

Wed, 25 Apr 2007 03:52:01 -0700 

Hi anyone,

I am not C & PAM profi programmer, but I think I found a two bugs in PAM source
code regarding to this functionality bug. Both bugs are in the
Linux-PAM/modules/pam_unix/pam_unix_acct.c in the function PAM_EXTERN int
pam_sm_acct_mgmt:

1) in the code, there is a condition "if (!strcmp( pwent->pw_passwd, "*NP*" ))
{ /* NIS+ */" for NIS records. If the system do not use NIS, then next
condition "else if (_unix_shadowed (pwent))" check if the pwent has shadow
record. If shadow record exists, it reads it "spent = _pammodutil_getspnam
(pamh, uname);". But if the shadow record does not exist, it returns success
(which is IMHO the bug, because on next lines is the test for option
"broken_shadow" to get success even if broken shadow record). Therefore I have
disabled the "else return PAM_SUCCESS" code. BUT this leads into the next
error, because spent is never initialized (see bug (2))

2) there is not initialized struct spwd *spent; and if there is condition "not
NIS and not _unix_shadowed (pwent)", then spent is never initialized, but later
it is tested in "if (!spent)" conditions. I think there is possibility, that
the value of spent is sometimes NULL and sometimes anything else and therefore
the conditions "if (!spent)" sometimes passed.

Could you please check it? Thank you very much.

Wolf.

---------------------------------------------------------------------------

My patch to resolve pam_unix account bug

My patch applied to Debian version of PAM-Linux 0.79-4 to deny access for users
without shadow record.

###########################################################################
Index: pam_unix_acct.c
===================================================================
--- pam_unix_acct.c (revision 147)
+++ pam_unix_acct.c (working copy)
@@ -187,7 +187,7 @@
  const char *uname;
  int retval, daysleft;
  time_t curdays;
- struct spwd *spent;
+ struct spwd *spent=NULL; // set spent to NULL by default
  struct passwd *pwent;
  char buf[80];
 
@@ -239,8 +239,11 @@
 
  } else if (_unix_shadowed (pwent))
    spent = _pammodutil_getspnam (pamh, uname);
+/***
+**** if unix_shadow record not found, continue testing ( no success return )
  else
    return PAM_SUCCESS;
+***/
 
  if (!spent && SELINUX_ENABLED ) 
      spent = _unix_run_verify_binary(pamh, ctrl, uname);
###########################################################################


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to