1 #include <fcntl.h>
2 #include <unistd.h>
3 #include <sys/stat.h>
4 #include <ctype.h>
5 #include <pthread.h>
6 #include "pwf.h"
7
8 /* This implementation support Openwall-style TCB passwords in place of
9 * traditional shadow, if the appropriate directories and files exist.
10 * Thus, it is careful to avoid following symlinks or blocking on fifos
11 * which a malicious user might create in place of his or her TCB shadow
12 * file. It also avoids any allocation to prevent memory-exhaustion
13 * attacks via huge TCB shadow files. */
14
xatol(char ** s)15 static long xatol(char **s)
16 {
17 long x;
18 int sign;
19 if (**s == ':' || **s == '\n') return -1;
20
21 sign = (int)(unsigned char)**s;
22 if (sign == '-' || sign == '+') ++*s;
23
24 for (x=0; **s-'0'<10U; ++*s) x=10*x+(**s-'0');
25
26 if (sign == '-') return -x;
27 return x;
28 }
29
__parsespent(char * s,struct spwd * sp)30 int __parsespent(char *s, struct spwd *sp)
31 {
32 sp->sp_namp = s;
33 if (!(s = strchr(s, ':'))) return -1;
34 *s = 0;
35
36 sp->sp_pwdp = ++s;
37 if (!(s = strchr(s, ':'))) return -1;
38 *s = 0;
39
40 s++; sp->sp_lstchg = xatol(&s);
41 if (*s != ':') return -1;
42
43 s++; sp->sp_min = xatol(&s);
44 if (*s != ':') return -1;
45
46 s++; sp->sp_max = xatol(&s);
47 if (*s != ':') return -1;
48
49 s++; sp->sp_warn = xatol(&s);
50 if (*s != ':') return -1;
51
52 s++; sp->sp_inact = xatol(&s);
53 if (*s != ':') return -1;
54
55 s++; sp->sp_expire = xatol(&s);
56 if (*s != ':') return -1;
57
58 s++; sp->sp_flag = xatol(&s);
59 if (*s != '\n') return -1;
60 return 0;
61 }
62
cleanup(void * p)63 static void cleanup(void *p)
64 {
65 fclose(p);
66 }
67
getspnam_r(const char * name,struct spwd * sp,char * buf,size_t size,struct spwd ** res)68 int getspnam_r(const char *name, struct spwd *sp, char *buf, size_t size, struct spwd **res)
69 {
70 char path[20+NAME_MAX];
71 FILE *f = 0;
72 int rv = 0;
73 int fd;
74 size_t k, l = strlen(name);
75 int skip = 0;
76 int cs;
77 int orig_errno = errno;
78
79 *res = 0;
80
81 /* Disallow potentially-malicious user names */
82 if (*name=='.' || strchr(name, '/') || !l)
83 return errno = EINVAL;
84
85 /* Buffer size must at least be able to hold name, plus some.. */
86 if (size < l+100)
87 return errno = ERANGE;
88
89 /* Protect against truncation */
90 if (snprintf(path, sizeof path, "/etc/tcb/%s/shadow", name) >= sizeof path)
91 return errno = EINVAL;
92
93 fd = open(path, O_RDONLY|O_NOFOLLOW|O_NONBLOCK|O_CLOEXEC);
94 if (fd >= 0) {
95 struct stat st = { 0 };
96 errno = EINVAL;
97 if (fstat(fd, &st) || !S_ISREG(st.st_mode) || !(f = fdopen(fd, "rb"))) {
98 pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs);
99 close(fd);
100 pthread_setcancelstate(cs, 0);
101 return errno;
102 }
103 } else {
104 if (errno != ENOENT && errno != ENOTDIR)
105 return errno;
106 f = fopen("/etc/shadow", "rbe");
107 if (!f) {
108 if (errno != ENOENT && errno != ENOTDIR)
109 return errno;
110 return 0;
111 }
112 }
113
114 pthread_cleanup_push(cleanup, f);
115 while (fgets(buf, size, f) && (k=strlen(buf))>0) {
116 if (skip || strncmp(name, buf, l) || buf[l]!=':') {
117 skip = buf[k-1] != '\n';
118 continue;
119 }
120 if (buf[k-1] != '\n') {
121 rv = ERANGE;
122 break;
123 }
124
125 if (__parsespent(buf, sp) < 0) continue;
126 *res = sp;
127 break;
128 }
129 pthread_cleanup_pop(1);
130 errno = rv ? rv : orig_errno;
131 return rv;
132 }
133