More tests to avoid Linux security holes.

More logging. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9054 ec53bebd-3082-4978-b11e-865c3cabbd6b
2000-09-13 13:25:51 +00:00
parent 3875e9050e
commit a5d2d67b83
1 changed files with 48 additions and 30 deletions
--- a/lib/auth/pam/pam.c
+++ b/lib/auth/pam/pam.c
@@ -60,7 +60,7 @@ RCSID("$Id$");
 #endif
 static void
-log_error(int level, const char *format, ...)
+psyslog(int level, const char *format, ...)
 {
  va_list args;
  va_start(args, format);
@@ -115,7 +115,7 @@ parse_ctrl(int argc, const char **argv)
 	  break;
      if (j >= KRB4_CTRLS)
-	log_error(LOG_ALERT, "unrecognized option [%s]", *argv);
+	psyslog(LOG_ALERT, "unrecognized option [%s]", *argv);
      else
 	ctrl_flags |= krb4_args[j].flag;
    }
@@ -134,7 +134,7 @@ pdeb(const char *format, ...)
  closelog();
 }
-#define ENTRY(f) pdeb("%s() ruid = %d euid = %d", f, getuid(), geteuid())
+#define ENTRY(func) pdeb("%s() flags = %d ruid = %d euid = %d", func, flags, getuid(), geteuid())
 static void
 set_tkt_string(uid_t uid)
@@ -182,9 +182,14 @@ verify_pass(pam_handle_t *pamh,
  old_euid = geteuid();
  setreuid(0, 0);
  ret = krb_verify_user(name, inst, realm, pass, krb_verify, NULL);
-  if (setreuid(old_ruid, old_euid) != 0)
+  pdeb("krb_verify_user(`%s', `%s', `%s', pw, %d, NULL) returns %s",
       name, inst, realm, krb_verify,
       krb_get_err_text(ret));
  if (setreuid(old_ruid, old_euid) != 0
      ||  getuid() != old_ruid
      || geteuid() != old_euid)
    {
-      log_error(LOG_ALERT , "setreuid(%d, %d) failed", old_ruid, old_euid);
+      psyslog(LOG_ALERT , "setreuid(%d, %d) failed", old_ruid, old_euid);
      exit(1);
    }
@@ -220,7 +225,7 @@ krb4_auth(pam_handle_t *pamh,
      ret = pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass);
      if (ret != PAM_SUCCESS)
        {
-          log_error(LOG_ERR , "pam_get_item returned error to get-password");
+          psyslog(LOG_ERR , "pam_get_item returned error to get-password");
          return ret;
        }
      else if (pass != 0 && verify_pass(pamh, name, inst, pass) == PAM_SUCCESS)
@@ -271,9 +276,11 @@ pam_sm_authenticate(pam_handle_t *pamh,
  struct passwd *pw;
  uid_t uid = -1;
  const char *name, *inst;
  char realm[REALM_SZ];
  realm[0] = 0;
  parse_ctrl(argc, argv);
  ENTRY("pam_sm_authenticate");
  parse_ctrl(argc, argv);
  ret = pam_get_user(pamh, &user, "login: ");
  if (ret != PAM_SUCCESS)
@@ -316,11 +323,9 @@ pam_sm_authenticate(pam_handle_t *pamh,
   */
  if (ret == PAM_SUCCESS && inst[0] != 0)
    {
      char realm[REALM_SZ];
      uid_t old_euid = geteuid();
      uid_t old_ruid = getuid();
      realm[0] = 0;
      setreuid(0, 0);		/* To read ticket file. */
      if (krb_get_tf_fullname(tkt_string(), 0, 0, realm) != KSUCCESS)
 	ret = PAM_SERVICE_ERR;
@@ -334,37 +339,52 @@ pam_sm_authenticate(pam_handle_t *pamh,
      if (ret != PAM_SUCCESS)
 	{
 	  dest_tkt();		/* Passwd known, ok to kill ticket. */
-	  log_error(LOG_NOTICE,
+	  psyslog(LOG_NOTICE,
-		    "%s.%s@%s is not allowed to log in as %s",
+		  "%s.%s@%s is not allowed to log in as %s",
-		    name, inst, realm, user);
+		  name, inst, realm, user);
 	}
-      if (setreuid(old_ruid, old_euid) != 0)
+      if (setreuid(old_ruid, old_euid) != 0
 	  ||  getuid() != old_ruid
 	  || geteuid() != old_ruid)
 	{
-	  log_error(LOG_ALERT , "setreuid(%d, %d) failed", old_ruid, old_euid);
+	  psyslog(LOG_ALERT , "setreuid(%d, %d) failed", old_ruid, old_euid);
 	  exit(1);
 	}
    }
  if (ret == PAM_SUCCESS)
-    chown(tkt_string(), uid, -1);
+    {
-
+      psyslog(LOG_INFO,
-  /* Sun dtlogin unlock screen does not call any other pam_* funcs. */
+	      "%s.%s@%s authenticated as user %s",
-  if (ret == PAM_SUCCESS
+	      name, inst, realm, user);
-      && ctrl_on(KRB4_REAFSLOG)
+      if (chown(tkt_string(), uid, -1) == -1)
-      && k_hasafs()
+	{
-      && (pw = getpwnam(user)) != 0)
+	  dest_tkt();
-    krb_afslog_uid_home(/*cell*/ 0,/*realm_hint*/ 0, pw->pw_uid, pw->pw_dir);
+	  psyslog(LOG_ALERT , "chown(%s, %d, -1) failed", tkt_string(), uid);
 	  exit(1);
 	}
    }
  /*
   * Kludge alert!!! Sun dtlogin unlock screen fails to call
   * pam_setcred(3) with PAM_REFRESH_CRED after a successful
   * authentication attempt, sic.
   *
   * This hack is designed as a workaround to that problem.
   */
  if (ctrl_on(KRB4_REAFSLOG))
    if (ret == PAM_SUCCESS)
      pam_sm_setcred(pamh, PAM_REFRESH_CRED, argc, argv);
  return ret;
 }
 int 
 pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
  parse_ctrl(argc, argv);
  ENTRY("pam_sm_setcred");
-  pdeb("flags = 0x%x", flags);
+  parse_ctrl(argc, argv);
  switch (flags & ~PAM_SILENT) {
  case 0:
@@ -393,7 +413,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
      k_unlog();
    break;
  default:
-    log_error(LOG_ALERT , "pam_sm_setcred: unknown flags 0x%x", flags);
+    psyslog(LOG_ALERT , "pam_sm_setcred: unknown flags 0x%x", flags);
    break;
  }
@@ -403,8 +423,8 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
 int
 pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
  parse_ctrl(argc, argv);
  ENTRY("pam_sm_open_session");
  parse_ctrl(argc, argv);
  return PAM_SUCCESS;
 }
@@ -413,13 +433,11 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
 int
 pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char**argv)
 {
  parse_ctrl(argc, argv);
  ENTRY("pam_sm_close_session");
  parse_ctrl(argc, argv);
  /* This isn't really kosher, but it's handy. */
-  dest_tkt();
+  pam_sm_setcred(pamh, PAM_DELETE_CRED, argc, argv);
  if (k_hasafs())
    k_unlog();
  return PAM_SUCCESS;
 }