diff options
author | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2014-03-22 04:23:18 +0000 |
---|---|---|
committer | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2014-03-22 04:23:18 +0000 |
commit | 80acf9d9678579e351e267dcb465d55b26dec699 (patch) | |
tree | f7b87f66bef8dcf540ec6b92b2b8d413ca14ef2d | |
parent | b85b88d6b1a5d3332d844dae445d06a5a22c84df (diff) |
Fixed a bug in npppd_auth_get_user() which caused segmentation faults after
a user authentication is succeeded in case the authentication config option
has `username-suffix' and 'strip-atmark-realm' is yes. Delete
`username-prefix' from authentication setting. This config option was
mis-leading and useless.
-rw-r--r-- | usr.sbin/npppd/npppd/npppd.c | 13 | ||||
-rw-r--r-- | usr.sbin/npppd/npppd/npppd.conf.5 | 10 | ||||
-rw-r--r-- | usr.sbin/npppd/npppd/npppd.h | 3 | ||||
-rw-r--r-- | usr.sbin/npppd/npppd/npppd_auth.c | 24 | ||||
-rw-r--r-- | usr.sbin/npppd/npppd/npppd_auth.h | 3 | ||||
-rw-r--r-- | usr.sbin/npppd/npppd/npppd_auth_local.h | 4 | ||||
-rw-r--r-- | usr.sbin/npppd/npppd/parse.y | 10 |
7 files changed, 15 insertions, 52 deletions
diff --git a/usr.sbin/npppd/npppd/npppd.c b/usr.sbin/npppd/npppd/npppd.c index 3768adc30f8..42c795f92dd 100644 --- a/usr.sbin/npppd/npppd/npppd.c +++ b/usr.sbin/npppd/npppd/npppd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: npppd.c,v 1.33 2014/03/22 04:21:04 yasuoka Exp $ */ +/* $OpenBSD: npppd.c,v 1.34 2014/03/22 04:23:17 yasuoka Exp $ */ /*- * Copyright (c) 2005-2008,2009 Internet Initiative Japan Inc. @@ -29,7 +29,7 @@ * Next pppd(nppd). This file provides a npppd daemon process and operations * for npppd instance. * @author Yasuoka Masahiko - * $Id: npppd.c,v 1.33 2014/03/22 04:21:04 yasuoka Exp $ + * $Id: npppd.c,v 1.34 2014/03/22 04:23:17 yasuoka Exp $ */ #include "version.h" #include <sys/types.h> @@ -1955,7 +1955,7 @@ npppd_ppp_bind_realm(npppd *_this, npppd_ppp *ppp, const char *username, int struct confbind *bind; npppd_auth_base *realm = NULL, *realm0 = NULL, *realm1 = NULL; char buf1[MAX_USERNAME_LENGTH]; - int lsuffix, lprefix, lusername, lmax; + int lsuffix, lusername, lmax; NPPPD_ASSERT(_this != NULL); NPPPD_ASSERT(ppp != NULL); @@ -1996,13 +1996,6 @@ npppd_ppp_bind_realm(npppd *_this, npppd_ppp *ppp, const char *username, int (lsuffix < lusername && strcmp(username + lusername - lsuffix, npppd_auth_get_suffix(realm0)) == 0))) { - /* check prefix */ - lprefix = strlen(npppd_auth_get_prefix(realm0)); - if (lprefix > 0 && - strncmp(username, npppd_auth_get_prefix(realm0), - lprefix) != 0) - continue; - lmax = lsuffix; realm = realm0; } diff --git a/usr.sbin/npppd/npppd/npppd.conf.5 b/usr.sbin/npppd/npppd/npppd.conf.5 index 7e6237d5fec..813f954068b 100644 --- a/usr.sbin/npppd/npppd/npppd.conf.5 +++ b/usr.sbin/npppd/npppd/npppd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: npppd.conf.5,v 1.11 2013/09/11 05:38:08 yasuoka Exp $ +.\" $OpenBSD: npppd.conf.5,v 1.12 2014/03/22 04:23:17 yasuoka Exp $ .\" .\" Copyright (c) 2012 YASUOKA Masahiko <yasuoka@openbsd.org> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: September 11 2013 $ +.Dd $Mdocdate: March 22 2014 $ .Dt NPPPD.CONF 5 .Os .Sh NAME @@ -552,12 +552,6 @@ so that .Xr npppd 8 selects this authentication setting only for a user who has the username that matches this suffix pattern. -.It Ic username-prefix Ar string -Specify the prefix of the username -so that -.Xr npppd 8 -selects this authentication setting only for a user who has the username -that matches this prefix pattern. .\" .It Ic eap-capable Ar yes | no .\" Specify whether this authentcation server is able to use EAP. .\" Default is `yes'. diff --git a/usr.sbin/npppd/npppd/npppd.h b/usr.sbin/npppd/npppd/npppd.h index 453f8027539..2a80777afcb 100644 --- a/usr.sbin/npppd/npppd/npppd.h +++ b/usr.sbin/npppd/npppd/npppd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: npppd.h,v 1.13 2012/12/05 23:20:26 deraadt Exp $ */ +/* $OpenBSD: npppd.h,v 1.14 2014/03/22 04:23:17 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -150,7 +150,6 @@ struct authconf { char name[NPPPD_GENERIC_NAME_LEN]; int auth_type; char *username_suffix; - char *username_prefix; bool eap_capable; bool strip_nt_domain; bool strip_atmark_realm; diff --git a/usr.sbin/npppd/npppd/npppd_auth.c b/usr.sbin/npppd/npppd/npppd_auth.c index 778c2c4f227..0c70ec7824d 100644 --- a/usr.sbin/npppd/npppd/npppd_auth.c +++ b/usr.sbin/npppd/npppd/npppd_auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: npppd_auth.c,v 1.12 2013/01/31 09:44:21 yasuoka Exp $ */ +/* $OpenBSD: npppd_auth.c,v 1.13 2014/03/22 04:23:17 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -26,7 +26,7 @@ * SUCH DAMAGE. */ /**@file authentication realm */ -/* $Id: npppd_auth.c,v 1.12 2013/01/31 09:44:21 yasuoka Exp $ */ +/* $Id: npppd_auth.c,v 1.13 2014/03/22 04:23:17 yasuoka Exp $ */ #include <sys/types.h> #include <sys/stat.h> #include <sys/socket.h> @@ -189,15 +189,11 @@ npppd_auth_reload(npppd_auth_base *base) if (auth == NULL) return 1; - base->pppprefix[0] = '\0'; base->pppsuffix[0] = '\0'; if (auth != NULL) { if (auth->username_suffix != NULL) strlcpy(base->pppsuffix, auth->username_suffix, sizeof(base->pppsuffix)); - if (auth->username_prefix != NULL) - strlcpy(base->pppprefix, auth->username_prefix, - sizeof(base->pppprefix)); base->eap_capable = auth->eap_capable; base->strip_nt_domain = auth->strip_nt_domain; base->strip_atmark_realm = auth->strip_atmark_realm; @@ -450,12 +446,6 @@ npppd_auth_get_suffix(npppd_auth_base *base) } const char * -npppd_auth_get_prefix(npppd_auth_base *base) -{ - return base->pppprefix; -} - -const char * npppd_auth_username_for_auth(npppd_auth_base *base, const char *username, char *username_buffer) { @@ -494,12 +484,10 @@ npppd_auth_get_user(npppd_auth_base *base, const char *username) un = username; lsuffix = strlen(base->pppsuffix); - if (lsuffix > 0) { - /* Strip the suffix */ - lusername = strlen(username); - NPPPD_AUTH_ASSERT(lusername + 1 < sizeof(buf)); - if (lusername + 1 >= sizeof(buf)) - return NULL; + lusername = strlen(username); + if (lsuffix > 0 && lusername > lsuffix && + strcmp(username + lusername - lsuffix, base->pppsuffix) == 0 && + lusername - lsuffix < sizeof(buf)) { memcpy(buf, username, lusername - lsuffix); buf[lusername - lsuffix] = '\0'; un = buf; diff --git a/usr.sbin/npppd/npppd/npppd_auth.h b/usr.sbin/npppd/npppd/npppd_auth.h index 138674726cc..caca5e830eb 100644 --- a/usr.sbin/npppd/npppd/npppd_auth.h +++ b/usr.sbin/npppd/npppd/npppd_auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: npppd_auth.h,v 1.6 2012/09/18 13:14:08 yasuoka Exp $ */ +/* $OpenBSD: npppd_auth.h,v 1.7 2014/03/22 04:23:17 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -78,7 +78,6 @@ int npppd_auth_is_disposing (npppd_auth_base *); int npppd_auth_is_eap_capable (npppd_auth_base *); const char *npppd_auth_get_name (npppd_auth_base *); const char *npppd_auth_get_suffix (npppd_auth_base *); -const char *npppd_auth_get_prefix (npppd_auth_base *); const char *npppd_auth_username_for_auth (npppd_auth_base *, const char *, char *); void *npppd_auth_radius_get_radius_auth_setting (npppd_auth_radius *); void *npppd_auth_radius_get_radius_acct_setting (npppd_auth_radius *); diff --git a/usr.sbin/npppd/npppd/npppd_auth_local.h b/usr.sbin/npppd/npppd/npppd_auth_local.h index d1947b77640..d027b7ff65f 100644 --- a/usr.sbin/npppd/npppd/npppd_auth_local.h +++ b/usr.sbin/npppd/npppd/npppd_auth_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: npppd_auth_local.h,v 1.6 2012/09/18 13:14:08 yasuoka Exp $ */ +/* $OpenBSD: npppd_auth_local.h,v 1.7 2014/03/22 04:23:17 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -35,8 +35,6 @@ struct _npppd_auth_base { int type; /** PPP suffix */ char pppsuffix[64]; - /** PPP prefix */ - char pppprefix[64]; uint32_t /** whether initialized or not */ initialized:1, diff --git a/usr.sbin/npppd/npppd/parse.y b/usr.sbin/npppd/npppd/parse.y index 261dc051999..c291836b79f 100644 --- a/usr.sbin/npppd/npppd/parse.y +++ b/usr.sbin/npppd/npppd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.7 2013/11/25 12:58:17 benno Exp $ */ +/* $OpenBSD: parse.y,v 1.8 2014/03/22 04:23:17 yasuoka Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -604,9 +604,6 @@ authopt_l : /* empty */ authopt : USERNAME_SUFFIX STRING { curr_authconf->username_suffix = $2; } - | USERNAME_PREFIX STRING { - curr_authconf->username_prefix = $2; - } | EAP_CAPABLE yesno { curr_authconf->eap_capable = $2; } @@ -1037,7 +1034,6 @@ lookup(char *s) { "tunnel", TUNNEL}, { "type", TYPE}, { "user-max-session", USER_MAX_SESSION}, - { "username-prefix", USERNAME_PREFIX}, { "username-suffix", USERNAME_SUFFIX}, { "users-file", USERS_FILE}, { "yes", YES} @@ -1479,10 +1475,6 @@ authconf_fini(struct authconf *auth) free(auth->username_suffix); auth->username_suffix = NULL; - if (auth->username_prefix != NULL) - free(auth->username_prefix); - auth->username_prefix = NULL; - switch (auth->auth_type) { case NPPPD_AUTH_TYPE_RADIUS: radconf_fini(&auth->data.radius.auth); |