1 #include <fcntl.h>
2 #include <unistd.h>
3 #include <sys/stat.h>
4 #include <ctype.h>
5 #include <pthread.h>
6 #include "pwf.h"
7
8 /* This implementation support Openwall-style TCB passwords in place of
9 * traditional shadow, if the appropriate directories and files exist.
10 * Thus, it is careful to avoid following symlinks or blocking on fifos
11 * which a malicious user might create in place of his or her TCB shadow
12 * file. It also avoids any allocation to prevent memory-exhaustion
13 * attacks via huge TCB shadow files. */
14
xatol(char ** s)15 static long xatol(char **s)
16 {
17 long x;
18 int sign;
19 if (**s == ':' || **s == '\n') return -1;
20 sign = (int)(unsigned char)**s;
21 if (sign == '-' || sign == '+') {
22 ++*s;
23 }
24 for (x=0; **s-'0'<10U; ++*s) x=10*x+(**s-'0');
25 if (sign == '-') {
26 return -x;
27 }
28 return x;
29 }
30
__parsespent(char * s,struct spwd * sp)31 int __parsespent(char *s, struct spwd *sp)
32 {
33 sp->sp_namp = s;
34 if (!(s = strchr(s, ':'))) return -1;
35 *s = 0;
36
37 sp->sp_pwdp = ++s;
38 if (!(s = strchr(s, ':'))) return -1;
39 *s = 0;
40
41 s++; sp->sp_lstchg = xatol(&s);
42 if (*s != ':') return -1;
43
44 s++; sp->sp_min = xatol(&s);
45 if (*s != ':') return -1;
46
47 s++; sp->sp_max = xatol(&s);
48 if (*s != ':') return -1;
49
50 s++; sp->sp_warn = xatol(&s);
51 if (*s != ':') return -1;
52
53 s++; sp->sp_inact = xatol(&s);
54 if (*s != ':') return -1;
55
56 s++; sp->sp_expire = xatol(&s);
57 if (*s != ':') return -1;
58
59 s++; sp->sp_flag = xatol(&s);
60 if (*s != '\n') return -1;
61 return 0;
62 }
63
cleanup(void * p)64 static void cleanup(void *p)
65 {
66 fclose(p);
67 }
68
getspnam_r(const char * name,struct spwd * sp,char * buf,size_t size,struct spwd ** res)69 int getspnam_r(const char *name, struct spwd *sp, char *buf, size_t size, struct spwd **res)
70 {
71 char path[20+NAME_MAX];
72 FILE *f = 0;
73 int rv = 0;
74 int fd;
75 size_t k, l = strlen(name);
76 int skip = 0;
77 int cs;
78 int orig_errno = errno;
79
80 *res = 0;
81
82 /* Disallow potentially-malicious user names */
83 if (*name=='.' || strchr(name, '/') || !l)
84 return errno = EINVAL;
85
86 /* Buffer size must at least be able to hold name, plus some.. */
87 if (size < l+100)
88 return errno = ERANGE;
89
90 /* Protect against truncation */
91 if (snprintf(path, sizeof path, "/etc/tcb/%s/shadow", name) >= sizeof path)
92 return errno = EINVAL;
93
94 fd = open(path, O_RDONLY|O_NOFOLLOW|O_NONBLOCK|O_CLOEXEC);
95 if (fd >= 0) {
96 struct stat st = { 0 };
97 errno = EINVAL;
98 if (fstat(fd, &st) || !S_ISREG(st.st_mode) || !(f = fdopen(fd, "rb"))) {
99 pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs);
100 close(fd);
101 pthread_setcancelstate(cs, 0);
102 return errno;
103 }
104 } else {
105 if (errno != ENOENT && errno != ENOTDIR)
106 return errno;
107 f = fopen("/etc/shadow", "rbe");
108 if (!f) {
109 if (errno != ENOENT && errno != ENOTDIR)
110 return errno;
111 return 0;
112 }
113 }
114
115 pthread_cleanup_push(cleanup, f);
116 while (fgets(buf, size, f) && (k=strlen(buf))>0) {
117 if (skip || strncmp(name, buf, l) || buf[l]!=':') {
118 skip = buf[k-1] != '\n';
119 continue;
120 }
121 if (buf[k-1] != '\n') {
122 rv = ERANGE;
123 break;
124 }
125
126 if (__parsespent(buf, sp) < 0) continue;
127 *res = sp;
128 break;
129 }
130 pthread_cleanup_pop(1);
131 errno = rv ? rv : orig_errno;
132 return rv;
133 }
134