Hello community,
here is the log from the commit of package resmgr
checked in at Wed Dec 6 12:03:18 CET 2006.
--------
--- resmgr/resmgr.changes 2006-10-27 11:51:24.000000000 +0200
+++ /mounts/work_src_done/STABLE/resmgr/resmgr.changes 2006-11-30 13:17:03.000000000 +0100
@@ -1,0 +2,10 @@
+Thu Nov 30 13:16:53 CET 2006 - lnussel@suse.de
+
+- also fix quoting in pam module
+
+-------------------------------------------------------------------
+Wed Nov 29 14:54:05 CET 2006 - lnussel@suse.de
+
+- properly quote user names that contain backslashes (#223664)
+
+-------------------------------------------------------------------
New:
----
resmgr-r128.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ resmgr.spec ++++++
--- /var/tmp/diff_new_pack.zA6Hph/_old 2006-12-06 12:03:08.000000000 +0100
+++ /var/tmp/diff_new_pack.zA6Hph/_new 2006-12-06 12:03:08.000000000 +0100
@@ -12,10 +12,10 @@
Name: resmgr
BuildRequires: pam-devel
-License: GNU General Public License (GPL) - all versions
+License: GNU General Public License (GPL)
Group: System/Daemons
Version: 1.1.0_SVNr123
-Release: 1
+Release: 9
Summary: A program to track when users log in and out
Source: resmgr-%{version}.tar.bz2
Source1: resmgr.init
@@ -28,6 +28,7 @@
%endif
URL: http://forge.novell.com/modules/xfmod/project/?resmgr
PreReq: %insserv_prereq %fillup_prereq
+Patch: resmgr-r128.diff
%description
resmgr tracks when users log in and out via PAM module. It then
@@ -42,6 +43,7 @@
%prep
%setup
+%patch
%build
CFLAGS="%{optflags}" \
@@ -114,6 +116,10 @@
%dir /var/run/resmgr/classes
%changelog -n resmgr
+* Thu Nov 30 2006 - lnussel@suse.de
+- also fix quoting in pam module
+* Wed Nov 29 2006 - lnussel@suse.de
+- properly quote user names that contain backslashes (#223664)
* Fri Oct 27 2006 - lnussel@suse.de
- set version to 1.1.0
- declare experimental library symbols as final
++++++ resmgr-r128.diff ++++++
Index: src/resmgr.c
===================================================================
--- src/resmgr.c (Revision 124)
+++ src/resmgr.c (Revision 128)
@@ -13,6 +13,7 @@
#include
#include
#include "protocol.h"
+#include "utils.h"
static int opt_terse = 0;
@@ -128,8 +129,8 @@
while (optind < argc) {
int want;
- /* 3 == ' ' plus '\n' plus '\0' */
- want = strlen(argv[optind]) + 3;
+ /* 5 == ' ' plus '\n' plus '\0' + '"' */
+ want = strlen(argv[optind]) + 4;
if (slen + want >= sizeof(buffer)) {
fprintf(stderr, "Argument string too long\n");
return 1;
@@ -137,7 +138,13 @@
if (buffer[0])
strcat(buffer, " ");
- strcat(buffer, argv[optind++]);
+ strcat(buffer, "\"");
+ // -1 due to next strcat
+ if(res_quote_dblquote_backslash(buffer+strlen(buffer), argv[optind++], sizeof(buffer)-strlen(buffer) - 1) == -1) {
+ fprintf(stderr, "Argument string too long\n");
+ return 1;
+ }
+ strcat(buffer, "\"");
slen = strlen(buffer);
}
strcat(buffer, "\n");
Index: src/utils.c
===================================================================
--- src/utils.c (Revision 124)
+++ src/utils.c (Revision 128)
@@ -496,3 +496,55 @@
return p-dst;
}
+
+int res_quote_dblquote_backslash(char* dst, const char* src, size_t dstlen)
+{
+ const char* s;
+ char* p;
+ size_t len = 0;
+ int needquote = 0;
+
+ for(s = src; *s; ++s)
+ {
+ switch(*s)
+ {
+ case '"':
+ case '\\':
+ len += 2;
+ needquote = 1;
+ break;
+ default:
+ ++len;
+ break;
+ }
+ }
+
+ if(len >= dstlen)
+ return -1;
+
+ if(!needquote)
+ {
+ memcpy(dst, src, len+1);
+ return 0;
+ }
+
+ for(s = src, p = dst; *s; ++s)
+ {
+ switch(*s)
+ {
+ case '"':
+ case '\\':
+ p[0] = '\\';
+ p[1] = *s;
+ p += 2;
+ break;
+ default:
+ *p++ = *s;
+ break;
+ }
+ }
+
+ *p = 0;
+
+ return p-dst;
+}
Index: src/utils.h
===================================================================
--- src/utils.h (Revision 124)
+++ src/utils.h (Revision 128)
@@ -29,4 +29,7 @@
/** quote non-ascii, / and % characters url style with %<HEX VALUE> */
extern int res_quote(char* dst, const char* src, size_t dstlen);
+/** quote \ and " with \ */
+extern int res_quote_dblquote_backslash(char* dst, const char* src, size_t dstlen);
+
#endif /* UTILS_H */
Index: src/client.c
===================================================================
--- src/client.c (Revision 124)
+++ src/client.c (Revision 128)
@@ -202,12 +202,15 @@
int
rsm_login(const char *user, const char *tty)
{
- if (!sane_user(user) || !sane(tty)) {
+ char buf[PATH_MAX];
+
+ if (!sane_user(user) || !sane(tty)
+ || res_quote_dblquote_backslash(buf, user, sizeof(buf)) == -1) {
errno = EINVAL;
return -1;
}
- return rsm_command(NULL, "login \"%s\" %s", user, tty);
+ return rsm_command(NULL, "login \"%s\" %s", buf, tty);
}
int
@@ -224,25 +227,31 @@
int
rsm_grant(const char *user, const char *classname)
{
- if (!sane(user) || !sane(classname)) {
+ char buf[PATH_MAX];
+
+ if (!sane(user) || !sane(classname)
+ || res_quote_dblquote_backslash(buf, user, sizeof(buf)) == -1) {
errno = EINVAL;
return -1;
}
- return rsm_command(NULL, "grant %s %s", user, classname);
+ return rsm_command(NULL, "grant \"%s\" %s", buf, classname);
}
int
rsm_revoke(const char *user, const char *classname)
{
- if (!sane_user(user) || (classname && !sane(classname))) {
+ char buf[PATH_MAX];
+
+ if (!sane_user(user) || (classname && !sane(classname))
+ || res_quote_dblquote_backslash(buf, user, sizeof(buf)) == -1) {
errno = EINVAL;
return -1;
}
if (classname)
- return rsm_command(NULL, "revoke \"%s\" %s", user, classname);
- return rsm_command(NULL, "revoke %s", user);
+ return rsm_command(NULL, "revoke \"%s\" %s", buf, classname);
+ return rsm_command(NULL, "revoke \"%s\"", buf);
}
int
@@ -317,16 +326,20 @@
char ** rsm_list_classes(const char* user)
{
+ char buf[PATH_MAX];
char **result = NULL;
struct conn *conn;
+ if(user && res_quote_dblquote_backslash(buf, user, sizeof(buf)) == -1)
+ goto out;
+
if (!(conn = the_connection)
&& !(conn = rsm_connect_to(_PATH_RESMGR_SOCKET))) {
syslog(LOG_NOTICE, "resmgr: unable to connect to resmgrd: %m");
goto out;
}
- if(rsm_printf(conn, "classes %s", user?user:"") >= 0) {
+ if(rsm_printf(conn, "classes \"%s\"", user?user:"") >= 0) {
result = rsm_recv_multiline(conn, NULL, NULL);
}
Index: src/Makefile.am
===================================================================
--- src/Makefile.am (Revision 124)
+++ src/Makefile.am (Revision 128)
@@ -14,7 +14,7 @@
endif
resmgr_DEPENDENCIES = libresmgr.so
-resmgr_SOURCES = resmgr.c
+resmgr_SOURCES = resmgr.c utils.c
resmgr_LDADD = -L$(top_builddir)/src -lresmgr
resmgr_LDFLAGS = -Wl,--as-needed
@@ -59,10 +59,10 @@
if BUILD_LIB
pam_resmgr_so_DEPENDENCIES = libresmgr.so
endif
-pam_resmgr_so_SOURCES = pam_resmgr.c
+pam_resmgr_so_SOURCES = pam_resmgr.c utils.c
pam_resmgr_so_LDFLAGS = -shared -Wl,-soname,pam_resmgr.so -Wl,--as-needed
pam_resmgr_so_CFLAGS = -fPIC -DPIC
-pam_resmgr_so_LDADD = -L$(top_builddir)/src -lresmgr
+pam_resmgr_so_LDADD = -L$(top_builddir)/src -lresmgr -lpam
EXTRA_DIST = libresmgr.map
Index: src/pam_resmgr.c
===================================================================
--- src/pam_resmgr.c (Revision 124)
+++ src/pam_resmgr.c (Revision 128)
@@ -14,6 +14,7 @@
#include
#include "protocol.h"
+#include "utils.h"
#define warn(fmt, args...) \
syslog(LOG_WARNING, "pam_resmgr: " fmt, ##args)
@@ -56,6 +57,7 @@
int
pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
+ char userbuf[PATH_MAX];
char namebuf[64];
char *tty, *user;
char *rhost, *service;
@@ -145,10 +147,11 @@
}
}
- if(!sane_user(user)) {
+ if(!sane_user(user) || res_quote_dblquote_backslash(userbuf, user, sizeof(userbuf)) == -1) {
warn("user name contains invalid characters");
return PAM_SUCCESS;
}
+
if(!sane(tty)) {
warn("tty contains invalid characters");
return PAM_SUCCESS;
@@ -165,7 +168,7 @@
}
if(rsm_command(NULL, "login \"%s\" %s service=%s%s%s",
- user,
+ userbuf,
tty,
service, rhost?" rhost=":"",
rhost?rhost:"") < 0) {
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org