summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYASUOKA Masahiko <yasuoka@cvs.openbsd.org>2014-03-22 04:23:18 +0000
committerYASUOKA Masahiko <yasuoka@cvs.openbsd.org>2014-03-22 04:23:18 +0000
commit80acf9d9678579e351e267dcb465d55b26dec699 (patch)
treef7b87f66bef8dcf540ec6b92b2b8d413ca14ef2d
parentb85b88d6b1a5d3332d844dae445d06a5a22c84df (diff)
Fixed a bug in npppd_auth_get_user() which caused segmentation faults after
a user authentication is succeeded in case the authentication config option has `username-suffix' and 'strip-atmark-realm' is yes. Delete `username-prefix' from authentication setting. This config option was mis-leading and useless.
-rw-r--r--usr.sbin/npppd/npppd/npppd.c13
-rw-r--r--usr.sbin/npppd/npppd/npppd.conf.510
-rw-r--r--usr.sbin/npppd/npppd/npppd.h3
-rw-r--r--usr.sbin/npppd/npppd/npppd_auth.c24
-rw-r--r--usr.sbin/npppd/npppd/npppd_auth.h3
-rw-r--r--usr.sbin/npppd/npppd/npppd_auth_local.h4
-rw-r--r--usr.sbin/npppd/npppd/parse.y10
7 files changed, 15 insertions, 52 deletions
diff --git a/usr.sbin/npppd/npppd/npppd.c b/usr.sbin/npppd/npppd/npppd.c
index 3768adc30f8..42c795f92dd 100644
--- a/usr.sbin/npppd/npppd/npppd.c
+++ b/usr.sbin/npppd/npppd/npppd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: npppd.c,v 1.33 2014/03/22 04:21:04 yasuoka Exp $ */
+/* $OpenBSD: npppd.c,v 1.34 2014/03/22 04:23:17 yasuoka Exp $ */
/*-
* Copyright (c) 2005-2008,2009 Internet Initiative Japan Inc.
@@ -29,7 +29,7 @@
* Next pppd(nppd). This file provides a npppd daemon process and operations
* for npppd instance.
* @author Yasuoka Masahiko
- * $Id: npppd.c,v 1.33 2014/03/22 04:21:04 yasuoka Exp $
+ * $Id: npppd.c,v 1.34 2014/03/22 04:23:17 yasuoka Exp $
*/
#include "version.h"
#include <sys/types.h>
@@ -1955,7 +1955,7 @@ npppd_ppp_bind_realm(npppd *_this, npppd_ppp *ppp, const char *username, int
struct confbind *bind;
npppd_auth_base *realm = NULL, *realm0 = NULL, *realm1 = NULL;
char buf1[MAX_USERNAME_LENGTH];
- int lsuffix, lprefix, lusername, lmax;
+ int lsuffix, lusername, lmax;
NPPPD_ASSERT(_this != NULL);
NPPPD_ASSERT(ppp != NULL);
@@ -1996,13 +1996,6 @@ npppd_ppp_bind_realm(npppd *_this, npppd_ppp *ppp, const char *username, int
(lsuffix < lusername && strcmp(username + lusername
- lsuffix, npppd_auth_get_suffix(realm0))
== 0))) {
- /* check prefix */
- lprefix = strlen(npppd_auth_get_prefix(realm0));
- if (lprefix > 0 &&
- strncmp(username, npppd_auth_get_prefix(realm0),
- lprefix) != 0)
- continue;
-
lmax = lsuffix;
realm = realm0;
}
diff --git a/usr.sbin/npppd/npppd/npppd.conf.5 b/usr.sbin/npppd/npppd/npppd.conf.5
index 7e6237d5fec..813f954068b 100644
--- a/usr.sbin/npppd/npppd/npppd.conf.5
+++ b/usr.sbin/npppd/npppd/npppd.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: npppd.conf.5,v 1.11 2013/09/11 05:38:08 yasuoka Exp $
+.\" $OpenBSD: npppd.conf.5,v 1.12 2014/03/22 04:23:17 yasuoka Exp $
.\"
.\" Copyright (c) 2012 YASUOKA Masahiko <yasuoka@openbsd.org>
.\"
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: September 11 2013 $
+.Dd $Mdocdate: March 22 2014 $
.Dt NPPPD.CONF 5
.Os
.Sh NAME
@@ -552,12 +552,6 @@ so that
.Xr npppd 8
selects this authentication setting only for a user who has the username
that matches this suffix pattern.
-.It Ic username-prefix Ar string
-Specify the prefix of the username
-so that
-.Xr npppd 8
-selects this authentication setting only for a user who has the username
-that matches this prefix pattern.
.\" .It Ic eap-capable Ar yes | no
.\" Specify whether this authentcation server is able to use EAP.
.\" Default is `yes'.
diff --git a/usr.sbin/npppd/npppd/npppd.h b/usr.sbin/npppd/npppd/npppd.h
index 453f8027539..2a80777afcb 100644
--- a/usr.sbin/npppd/npppd/npppd.h
+++ b/usr.sbin/npppd/npppd/npppd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: npppd.h,v 1.13 2012/12/05 23:20:26 deraadt Exp $ */
+/* $OpenBSD: npppd.h,v 1.14 2014/03/22 04:23:17 yasuoka Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -150,7 +150,6 @@ struct authconf {
char name[NPPPD_GENERIC_NAME_LEN];
int auth_type;
char *username_suffix;
- char *username_prefix;
bool eap_capable;
bool strip_nt_domain;
bool strip_atmark_realm;
diff --git a/usr.sbin/npppd/npppd/npppd_auth.c b/usr.sbin/npppd/npppd/npppd_auth.c
index 778c2c4f227..0c70ec7824d 100644
--- a/usr.sbin/npppd/npppd/npppd_auth.c
+++ b/usr.sbin/npppd/npppd/npppd_auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: npppd_auth.c,v 1.12 2013/01/31 09:44:21 yasuoka Exp $ */
+/* $OpenBSD: npppd_auth.c,v 1.13 2014/03/22 04:23:17 yasuoka Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -26,7 +26,7 @@
* SUCH DAMAGE.
*/
/**@file authentication realm */
-/* $Id: npppd_auth.c,v 1.12 2013/01/31 09:44:21 yasuoka Exp $ */
+/* $Id: npppd_auth.c,v 1.13 2014/03/22 04:23:17 yasuoka Exp $ */
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
@@ -189,15 +189,11 @@ npppd_auth_reload(npppd_auth_base *base)
if (auth == NULL)
return 1;
- base->pppprefix[0] = '\0';
base->pppsuffix[0] = '\0';
if (auth != NULL) {
if (auth->username_suffix != NULL)
strlcpy(base->pppsuffix, auth->username_suffix,
sizeof(base->pppsuffix));
- if (auth->username_prefix != NULL)
- strlcpy(base->pppprefix, auth->username_prefix,
- sizeof(base->pppprefix));
base->eap_capable = auth->eap_capable;
base->strip_nt_domain = auth->strip_nt_domain;
base->strip_atmark_realm = auth->strip_atmark_realm;
@@ -450,12 +446,6 @@ npppd_auth_get_suffix(npppd_auth_base *base)
}
const char *
-npppd_auth_get_prefix(npppd_auth_base *base)
-{
- return base->pppprefix;
-}
-
-const char *
npppd_auth_username_for_auth(npppd_auth_base *base, const char *username,
char *username_buffer)
{
@@ -494,12 +484,10 @@ npppd_auth_get_user(npppd_auth_base *base, const char *username)
un = username;
lsuffix = strlen(base->pppsuffix);
- if (lsuffix > 0) {
- /* Strip the suffix */
- lusername = strlen(username);
- NPPPD_AUTH_ASSERT(lusername + 1 < sizeof(buf));
- if (lusername + 1 >= sizeof(buf))
- return NULL;
+ lusername = strlen(username);
+ if (lsuffix > 0 && lusername > lsuffix &&
+ strcmp(username + lusername - lsuffix, base->pppsuffix) == 0 &&
+ lusername - lsuffix < sizeof(buf)) {
memcpy(buf, username, lusername - lsuffix);
buf[lusername - lsuffix] = '\0';
un = buf;
diff --git a/usr.sbin/npppd/npppd/npppd_auth.h b/usr.sbin/npppd/npppd/npppd_auth.h
index 138674726cc..caca5e830eb 100644
--- a/usr.sbin/npppd/npppd/npppd_auth.h
+++ b/usr.sbin/npppd/npppd/npppd_auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: npppd_auth.h,v 1.6 2012/09/18 13:14:08 yasuoka Exp $ */
+/* $OpenBSD: npppd_auth.h,v 1.7 2014/03/22 04:23:17 yasuoka Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -78,7 +78,6 @@ int npppd_auth_is_disposing (npppd_auth_base *);
int npppd_auth_is_eap_capable (npppd_auth_base *);
const char *npppd_auth_get_name (npppd_auth_base *);
const char *npppd_auth_get_suffix (npppd_auth_base *);
-const char *npppd_auth_get_prefix (npppd_auth_base *);
const char *npppd_auth_username_for_auth (npppd_auth_base *, const char *, char *);
void *npppd_auth_radius_get_radius_auth_setting (npppd_auth_radius *);
void *npppd_auth_radius_get_radius_acct_setting (npppd_auth_radius *);
diff --git a/usr.sbin/npppd/npppd/npppd_auth_local.h b/usr.sbin/npppd/npppd/npppd_auth_local.h
index d1947b77640..d027b7ff65f 100644
--- a/usr.sbin/npppd/npppd/npppd_auth_local.h
+++ b/usr.sbin/npppd/npppd/npppd_auth_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: npppd_auth_local.h,v 1.6 2012/09/18 13:14:08 yasuoka Exp $ */
+/* $OpenBSD: npppd_auth_local.h,v 1.7 2014/03/22 04:23:17 yasuoka Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -35,8 +35,6 @@ struct _npppd_auth_base {
int type;
/** PPP suffix */
char pppsuffix[64];
- /** PPP prefix */
- char pppprefix[64];
uint32_t
/** whether initialized or not */
initialized:1,
diff --git a/usr.sbin/npppd/npppd/parse.y b/usr.sbin/npppd/npppd/parse.y
index 261dc051999..c291836b79f 100644
--- a/usr.sbin/npppd/npppd/parse.y
+++ b/usr.sbin/npppd/npppd/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.7 2013/11/25 12:58:17 benno Exp $ */
+/* $OpenBSD: parse.y,v 1.8 2014/03/22 04:23:17 yasuoka Exp $ */
/*
* Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -604,9 +604,6 @@ authopt_l : /* empty */
authopt : USERNAME_SUFFIX STRING {
curr_authconf->username_suffix = $2;
}
- | USERNAME_PREFIX STRING {
- curr_authconf->username_prefix = $2;
- }
| EAP_CAPABLE yesno {
curr_authconf->eap_capable = $2;
}
@@ -1037,7 +1034,6 @@ lookup(char *s)
{ "tunnel", TUNNEL},
{ "type", TYPE},
{ "user-max-session", USER_MAX_SESSION},
- { "username-prefix", USERNAME_PREFIX},
{ "username-suffix", USERNAME_SUFFIX},
{ "users-file", USERS_FILE},
{ "yes", YES}
@@ -1479,10 +1475,6 @@ authconf_fini(struct authconf *auth)
free(auth->username_suffix);
auth->username_suffix = NULL;
- if (auth->username_prefix != NULL)
- free(auth->username_prefix);
- auth->username_prefix = NULL;
-
switch (auth->auth_type) {
case NPPPD_AUTH_TYPE_RADIUS:
radconf_fini(&auth->data.radius.auth);