emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

* src/login.c: Added comments.

Browse Source 
* src/login.c: Close the user and group files before dropping root
	privileges.
This commit is contained in:
nekral-guest 2009-04-20 12:27:27 +00:00
parent 3508f7dccc
commit 61c1d100dc
2 changed files with 26 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,3 +1,9 @@
2009-04-20 Nicolas François <nicolas.francois@centraliens.net>
* src/login.c: Added comments.
* src/login.c: Close the user and group files before dropping root
privileges.
2009-04-20 Nicolas François <nicolas.francois@centraliens.net> 2009-04-20 Nicolas François <nicolas.francois@centraliens.net>
* src/login.c: We do not need to keep the old umask. Discard the * src/login.c: We do not need to keep the old umask. Discard the

28
src/login.c
View File

@ -2,7 +2,7 @@
* Copyright (c) 1989 - 1994, Julianne Frances Haugh * Copyright (c) 1989 - 1994, Julianne Frances Haugh
* Copyright (c) 1996 - 2001, Marek Michałkiewicz * Copyright (c) 1996 - 2001, Marek Michałkiewicz
* Copyright (c) 2001 - 2006, Tomasz Kłoczko * Copyright (c) 2001 - 2006, Tomasz Kłoczko
* Copyright (c) 2007 - 2008, Nicolas François * Copyright (c) 2007 - 2009, Nicolas François
* All rights reserved. * All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
@ -838,6 +838,10 @@ int main (int argc, char **argv)
exit (1); exit (1);
} }
/* This set up the process credential (group) and initialize the
* supplementary group access list.
* This has to be done before pam_setcred
*/
if (setup_groups (pwd) != 0) { if (setup_groups (pwd) != 0) {
exit (1); exit (1);
} }
@ -1156,10 +1160,24 @@ int main (int argc, char **argv)
} }
} }
/* We call set_groups() above because this clobbers pam_groups.so */
/*
* Close all the files so that unauthorized access won't occur.
*/
endpwent (); /* stop access to password file */
endgrent (); /* stop access to group file */
endspent (); /* stop access to shadow passwd file */
#ifdef SHADOWGRP
endsgent (); /* stop access to shadow group file */
#endif
/* Drop root privileges */
#ifndef USE_PAM #ifndef USE_PAM
if (setup_uid_gid (&pwent, is_console)) if (setup_uid_gid (&pwent, is_console))
#else #else
/* The group privileges were already dropped.
* See setup_groups() above.
*/
if (change_uid (&pwent)) if (change_uid (&pwent))
#endif #endif
{ {
@ -1247,12 +1265,6 @@ int main (int argc, char **argv)
(void) signal (SIGHUP, SIG_DFL); /* added this. --marekm */ (void) signal (SIGHUP, SIG_DFL); /* added this. --marekm */
(void) signal (SIGINT, SIG_DFL); /* default interrupt signal */ (void) signal (SIGINT, SIG_DFL); /* default interrupt signal */
endpwent (); /* stop access to password file */
endgrent (); /* stop access to group file */
endspent (); /* stop access to shadow passwd file */
#ifdef SHADOWGRP
endsgent (); /* stop access to shadow group file */
#endif
if (0 == pwent.pw_uid) { if (0 == pwent.pw_uid) {
SYSLOG ((LOG_NOTICE, "ROOT LOGIN %s", fromhost)); SYSLOG ((LOG_NOTICE, "ROOT LOGIN %s", fromhost));
} else if (getdef_bool ("LOG_OK_LOGINS")) { } else if (getdef_bool ("LOG_OK_LOGINS")) {