Hello community, here is the log from the commit of package resmgr checked in at Wed Dec 6 12:03:18 CET 2006. -------- --- resmgr/resmgr.changes 2006-10-27 11:51:24.000000000 +0200 +++ /mounts/work_src_done/STABLE/resmgr/resmgr.changes 2006-11-30 13:17:03.000000000 +0100 @@ -1,0 +2,10 @@ +Thu Nov 30 13:16:53 CET 2006 - lnussel@suse.de + +- also fix quoting in pam module + +------------------------------------------------------------------- +Wed Nov 29 14:54:05 CET 2006 - lnussel@suse.de + +- properly quote user names that contain backslashes (#223664) + +------------------------------------------------------------------- New: ---- resmgr-r128.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ resmgr.spec ++++++ --- /var/tmp/diff_new_pack.zA6Hph/_old 2006-12-06 12:03:08.000000000 +0100 +++ /var/tmp/diff_new_pack.zA6Hph/_new 2006-12-06 12:03:08.000000000 +0100 @@ -12,10 +12,10 @@ Name: resmgr BuildRequires: pam-devel -License: GNU General Public License (GPL) - all versions +License: GNU General Public License (GPL) Group: System/Daemons Version: 1.1.0_SVNr123 -Release: 1 +Release: 9 Summary: A program to track when users log in and out Source: resmgr-%{version}.tar.bz2 Source1: resmgr.init @@ -28,6 +28,7 @@ %endif URL: http://forge.novell.com/modules/xfmod/project/?resmgr PreReq: %insserv_prereq %fillup_prereq +Patch: resmgr-r128.diff %description resmgr tracks when users log in and out via PAM module. It then @@ -42,6 +43,7 @@ %prep %setup +%patch %build CFLAGS="%{optflags}" \ @@ -114,6 +116,10 @@ %dir /var/run/resmgr/classes %changelog -n resmgr +* Thu Nov 30 2006 - lnussel@suse.de +- also fix quoting in pam module +* Wed Nov 29 2006 - lnussel@suse.de +- properly quote user names that contain backslashes (#223664) * Fri Oct 27 2006 - lnussel@suse.de - set version to 1.1.0 - declare experimental library symbols as final ++++++ resmgr-r128.diff ++++++ Index: src/resmgr.c =================================================================== --- src/resmgr.c (Revision 124) +++ src/resmgr.c (Revision 128) @@ -13,6 +13,7 @@ #include <pwd.h> #include <grp.h> #include "protocol.h" +#include "utils.h" static int opt_terse = 0; @@ -128,8 +129,8 @@ while (optind < argc) { int want; - /* 3 == ' ' plus '\n' plus '\0' */ - want = strlen(argv[optind]) + 3; + /* 5 == ' ' plus '\n' plus '\0' + '"' */ + want = strlen(argv[optind]) + 4; if (slen + want >= sizeof(buffer)) { fprintf(stderr, "Argument string too long\n"); return 1; @@ -137,7 +138,13 @@ if (buffer[0]) strcat(buffer, " "); - strcat(buffer, argv[optind++]); + strcat(buffer, "\""); + // -1 due to next strcat + if(res_quote_dblquote_backslash(buffer+strlen(buffer), argv[optind++], sizeof(buffer)-strlen(buffer) - 1) == -1) { + fprintf(stderr, "Argument string too long\n"); + return 1; + } + strcat(buffer, "\""); slen = strlen(buffer); } strcat(buffer, "\n"); Index: src/utils.c =================================================================== --- src/utils.c (Revision 124) +++ src/utils.c (Revision 128) @@ -496,3 +496,55 @@ return p-dst; } + +int res_quote_dblquote_backslash(char* dst, const char* src, size_t dstlen) +{ + const char* s; + char* p; + size_t len = 0; + int needquote = 0; + + for(s = src; *s; ++s) + { + switch(*s) + { + case '"': + case '\\': + len += 2; + needquote = 1; + break; + default: + ++len; + break; + } + } + + if(len >= dstlen) + return -1; + + if(!needquote) + { + memcpy(dst, src, len+1); + return 0; + } + + for(s = src, p = dst; *s; ++s) + { + switch(*s) + { + case '"': + case '\\': + p[0] = '\\'; + p[1] = *s; + p += 2; + break; + default: + *p++ = *s; + break; + } + } + + *p = 0; + + return p-dst; +} Index: src/utils.h =================================================================== --- src/utils.h (Revision 124) +++ src/utils.h (Revision 128) @@ -29,4 +29,7 @@ /** quote non-ascii, / and % characters url style with %<HEX VALUE> */ extern int res_quote(char* dst, const char* src, size_t dstlen); +/** quote \ and " with \ */ +extern int res_quote_dblquote_backslash(char* dst, const char* src, size_t dstlen); + #endif /* UTILS_H */ Index: src/client.c =================================================================== --- src/client.c (Revision 124) +++ src/client.c (Revision 128) @@ -202,12 +202,15 @@ int rsm_login(const char *user, const char *tty) { - if (!sane_user(user) || !sane(tty)) { + char buf[PATH_MAX]; + + if (!sane_user(user) || !sane(tty) + || res_quote_dblquote_backslash(buf, user, sizeof(buf)) == -1) { errno = EINVAL; return -1; } - return rsm_command(NULL, "login \"%s\" %s", user, tty); + return rsm_command(NULL, "login \"%s\" %s", buf, tty); } int @@ -224,25 +227,31 @@ int rsm_grant(const char *user, const char *classname) { - if (!sane(user) || !sane(classname)) { + char buf[PATH_MAX]; + + if (!sane(user) || !sane(classname) + || res_quote_dblquote_backslash(buf, user, sizeof(buf)) == -1) { errno = EINVAL; return -1; } - return rsm_command(NULL, "grant %s %s", user, classname); + return rsm_command(NULL, "grant \"%s\" %s", buf, classname); } int rsm_revoke(const char *user, const char *classname) { - if (!sane_user(user) || (classname && !sane(classname))) { + char buf[PATH_MAX]; + + if (!sane_user(user) || (classname && !sane(classname)) + || res_quote_dblquote_backslash(buf, user, sizeof(buf)) == -1) { errno = EINVAL; return -1; } if (classname) - return rsm_command(NULL, "revoke \"%s\" %s", user, classname); - return rsm_command(NULL, "revoke %s", user); + return rsm_command(NULL, "revoke \"%s\" %s", buf, classname); + return rsm_command(NULL, "revoke \"%s\"", buf); } int @@ -317,16 +326,20 @@ char ** rsm_list_classes(const char* user) { + char buf[PATH_MAX]; char **result = NULL; struct conn *conn; + if(user && res_quote_dblquote_backslash(buf, user, sizeof(buf)) == -1) + goto out; + if (!(conn = the_connection) && !(conn = rsm_connect_to(_PATH_RESMGR_SOCKET))) { syslog(LOG_NOTICE, "resmgr: unable to connect to resmgrd: %m"); goto out; } - if(rsm_printf(conn, "classes %s", user?user:"") >= 0) { + if(rsm_printf(conn, "classes \"%s\"", user?user:"") >= 0) { result = rsm_recv_multiline(conn, NULL, NULL); } Index: src/Makefile.am =================================================================== --- src/Makefile.am (Revision 124) +++ src/Makefile.am (Revision 128) @@ -14,7 +14,7 @@ endif resmgr_DEPENDENCIES = libresmgr.so -resmgr_SOURCES = resmgr.c +resmgr_SOURCES = resmgr.c utils.c resmgr_LDADD = -L$(top_builddir)/src -lresmgr resmgr_LDFLAGS = -Wl,--as-needed @@ -59,10 +59,10 @@ if BUILD_LIB pam_resmgr_so_DEPENDENCIES = libresmgr.so endif -pam_resmgr_so_SOURCES = pam_resmgr.c +pam_resmgr_so_SOURCES = pam_resmgr.c utils.c pam_resmgr_so_LDFLAGS = -shared -Wl,-soname,pam_resmgr.so -Wl,--as-needed pam_resmgr_so_CFLAGS = -fPIC -DPIC -pam_resmgr_so_LDADD = -L$(top_builddir)/src -lresmgr +pam_resmgr_so_LDADD = -L$(top_builddir)/src -lresmgr -lpam EXTRA_DIST = libresmgr.map Index: src/pam_resmgr.c =================================================================== --- src/pam_resmgr.c (Revision 124) +++ src/pam_resmgr.c (Revision 128) @@ -14,6 +14,7 @@ #include <security/pam_modules.h> #include "protocol.h" +#include "utils.h" #define warn(fmt, args...) \ syslog(LOG_WARNING, "pam_resmgr: " fmt, ##args) @@ -56,6 +57,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { + char userbuf[PATH_MAX]; char namebuf[64]; char *tty, *user; char *rhost, *service; @@ -145,10 +147,11 @@ } } - if(!sane_user(user)) { + if(!sane_user(user) || res_quote_dblquote_backslash(userbuf, user, sizeof(userbuf)) == -1) { warn("user name contains invalid characters"); return PAM_SUCCESS; } + if(!sane(tty)) { warn("tty contains invalid characters"); return PAM_SUCCESS; @@ -165,7 +168,7 @@ } if(rsm_command(NULL, "login \"%s\" %s service=%s%s%s", - user, + userbuf, tty, service, rhost?" rhost=":"", rhost?rhost:"") < 0) { ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org