diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 2000-07-17 16:43:15 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 2000-07-17 16:43:15 +0000 |
| commit | 0e0c839d305fdcac2c0fdcc9a1de498ad9d65f3c (patch) | |
| tree | 35c4d5518412548b869f2140968c1ff543c06782 /usr.bin | |
| parent | f1b6239891002f9df28cb62194cb2e065d2654e9 (diff) | |
o use strlcpy() where sensible
o when trying to login as root on a non-secure tty always say
"login refused" regardless of whether the password is correct or not
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/login/klogin.c | 7 | ||||
| -rw-r--r-- | usr.bin/login/login.c | 45 |
2 files changed, 28 insertions, 24 deletions
diff --git a/usr.bin/login/klogin.c b/usr.bin/login/klogin.c index 9ae5061029d..4f902b2e701 100644 --- a/usr.bin/login/klogin.c +++ b/usr.bin/login/klogin.c @@ -1,4 +1,4 @@ -/* $OpenBSD: klogin.c,v 1.9 1999/11/24 16:08:18 art Exp $ */ +/* $OpenBSD: klogin.c,v 1.10 2000/07/17 16:43:14 millert Exp $ */ /* $NetBSD: klogin.c,v 1.7 1996/05/21 22:07:04 mrg Exp $ */ /*- @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)klogin.c 8.3 (Berkeley) 4/2/94"; #endif -static char rcsid[] = "$OpenBSD: klogin.c,v 1.9 1999/11/24 16:08:18 art Exp $"; +static char rcsid[] = "$OpenBSD: klogin.c,v 1.10 2000/07/17 16:43:14 millert Exp $"; #endif /* not lint */ #ifdef KERBEROS @@ -158,8 +158,7 @@ klogin(pw, instance, localhost, password) if (chown(TKT_FILE, pw->pw_uid, pw->pw_gid) < 0) syslog(LOG_ERR, "chown tkfile (%s): %m", TKT_FILE); - (void)strncpy(savehost, krb_get_phost(localhost), sizeof(savehost)); - savehost[sizeof(savehost)-1] = NULL; + (void)strlcpy(savehost, krb_get_phost(localhost), sizeof(savehost)); /* * if the "VERIFY_SERVICE" doesn't exist in the KDC for this host, diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c index a9312a63a63..7a685d02845 100644 --- a/usr.bin/login/login.c +++ b/usr.bin/login/login.c @@ -1,4 +1,4 @@ -/* $OpenBSD: login.c,v 1.28 1999/12/30 01:07:23 ericj Exp $ */ +/* $OpenBSD: login.c,v 1.29 2000/07/17 16:43:14 millert Exp $ */ /* $NetBSD: login.c,v 1.13 1996/05/15 23:50:16 jtc Exp $ */ /*- @@ -44,7 +44,7 @@ static char copyright[] = #if 0 static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94"; #endif -static char rcsid[] = "$OpenBSD: login.c,v 1.28 1999/12/30 01:07:23 ericj Exp $"; +static char rcsid[] = "$OpenBSD: login.c,v 1.29 2000/07/17 16:43:14 millert Exp $"; #endif /* not lint */ /* @@ -264,8 +264,7 @@ main(argc, argv) badlogin(tbuf); failures = 0; } - (void)strncpy(tbuf, username, sizeof tbuf-1); - tbuf[sizeof tbuf-1] = '\0'; + (void)strlcpy(tbuf, username, sizeof tbuf); if ((pwd = getpwnam(username))) salt = pwd->pw_passwd; @@ -273,7 +272,7 @@ main(argc, argv) salt = "xx"; /* - * if we have a valid account name, and it doesn't have a + * If we have a valid account name, and it doesn't have a * password, or the -f option was specified and the caller * is root or the caller isn't changing their uid, don't * authenticate. @@ -343,26 +342,31 @@ main(argc, argv) #if defined(KERBEROS) || defined(KERBEROS5) if (authok == 0) #endif - if (pwd && !rval && rootlogin && !rootterm(tty)) { + /* if logging in as root, user must be on a secure tty */ + if (pwd && !rval && (!rootlogin || rootterm(tty))) + break; + + /* + * We don't want to give out info to an attacker trying + * to guess root's password so we always say "login refused" + * in that case, not "Login incorrect". + */ + if (rootlogin && !rootterm(tty)) { (void)fprintf(stderr, "%s login refused on this terminal.\n", - pwd->pw_name); + pwd ? pwd->pw_name : "root"); if (hostname) syslog(LOG_NOTICE, "LOGIN %s REFUSED FROM %s%s%s ON TTY %s", - pwd->pw_name, rusername ? rusername : "", + pwd ? pwd->pw_name : "root", + rusername ? rusername : "", rusername ? "@" : "", hostname, tty); else syslog(LOG_NOTICE, "LOGIN %s REFUSED ON TTY %s", - pwd->pw_name, tty); - continue; - } - - if (pwd && !rval) - break; - - (void)printf("Login incorrect\n"); + pwd ? pwd->pw_name : "root", tty); + } else + (void)printf("Login incorrect\n"); failures++; if (pwd) log_failedlogin(pwd->pw_uid, hostname, rusername, tty); @@ -463,6 +467,8 @@ main(argc, argv) for (cpp2 = cpp = environ; *cpp; cpp++) { if (strncmp(*cpp, "LD_", 3) && + strncmp(*cpp, "ENV=", 4) && + strncmp(*cpp, "BASH_ENV=", 9) && strncmp(*cpp, "IFS=", 4)) *cpp2++ = *cpp; } @@ -471,7 +477,7 @@ main(argc, argv) (void)setenv("HOME", pwd->pw_dir, 1); (void)setenv("SHELL", pwd->pw_shell, 1); if (term[0] == '\0') - (void)strncpy(term, stypeof(tty), sizeof(term)); + (void)strlcpy(term, stypeof(tty), sizeof(term)); (void)setenv("TERM", term, 0); (void)setenv("LOGNAME", pwd->pw_name, 1); (void)setenv("USER", pwd->pw_name, 1); @@ -525,9 +531,8 @@ main(argc, argv) (void)signal(SIGTSTP, SIG_IGN); tbuf[0] = '-'; - (void)strncpy(tbuf + 1, (p = strrchr(pwd->pw_shell, '/')) ? - p + 1 : pwd->pw_shell, sizeof tbuf - 1 - 1); - tbuf[sizeof tbuf - 1] = '\0'; + (void)strlcpy(tbuf + 1, (p = strrchr(pwd->pw_shell, '/')) ? + p + 1 : pwd->pw_shell, sizeof tbuf - 1); if (setlogin(pwd->pw_name) < 0) syslog(LOG_ERR, "setlogin() failure: %m"); |