[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-193-gcc217
|
From: |
Mats Erik Andersson |
|
Subject: |
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-193-gcc2173d |
|
Date: |
Fri, 26 Oct 2012 13:08:58 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".
The branch, master has been updated
via cc2173d24f4c905b05c58e61ace0095f0deb1354 (commit)
from 728b8f78c398b64c9e8c87aef883d83391c49482 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=cc2173d24f4c905b05c58e61ace0095f0deb1354
commit cc2173d24f4c905b05c58e61ace0095f0deb1354
Author: Mats Erik Andersson <address@hidden>
Date: Tue Oct 23 19:58:02 2012 +0200
ftpd: PAM messaging robustness.
diff --git a/ChangeLog b/ChangeLog
index b7f87fe..2ff9f4c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,21 @@
+2012-10-23 Mats Erik Andersson <address@hidden>
+
+ ftpd: PAM robustness. Fine tune message passing,
+ since the finite state automata of FTP can choke
+ on some multiline messages.
+
+ * ftpd/extern.h (lreply_multiline): New prototype.
+ * ftpd/ftpd.c (user): Transmit a reply containing
+ only a single line, cutting at the last newline.
+ (pass): If the credential of an authenticated user
+ contains a message, reply using lreply_multiline().
+ (lreply_multiline): New function.
+ * ftpd/pam.c (PAM_conv): Insert a newline character
+ between concatenated message strings. Remove only
+ trailing whitespace, leaving any colon untouched.
+ (pam_doit): Compare message string to `password:',
+ including a colon.
+
2012-10-19 Mats Erik Andersson <address@hidden>
syslogd: Portability of utmp. Disclosed by Solaris 11.
diff --git a/ftpd/extern.h b/ftpd/extern.h
index 7012be6..a10317d 100644
--- a/ftpd/extern.h
+++ b/ftpd/extern.h
@@ -66,6 +66,7 @@ extern FILE *ftpd_popen (char *, const char *);
extern char *getusershell (void);
#endif
extern void lreply (int, const char *, ...);
+extern void lreply_multiline (int n, const char *text);
extern void makedir (const char *);
extern void nack (const char *);
extern void pass (const char *);
diff --git a/ftpd/ftpd.c b/ftpd/ftpd.c
index 5ba5e24..11a69fb 100644
--- a/ftpd/ftpd.c
+++ b/ftpd/ftpd.c
@@ -795,7 +795,20 @@ user (const char *name)
if (cred.message)
{
- reply (331, "%s", cred.message);
+ /* Stacked PAM modules for authentication may have
+ * produced a multiline message at this point.
+ * The FTP protocol does not cope well with this,
+ * so we transfer only the very last line, which
+ * should reflect the active authentication mechanism.
+ */
+ char *msg = strrchr (cred.message, '\n');
+
+ if (msg)
+ msg++; /* Step over separator. */
+ else
+ msg = cred.message;
+
+ reply (331, "%s", msg);
free (cred.message);
cred.message = NULL;
}
@@ -883,6 +896,15 @@ pass (const char *passwd)
}
return;
}
+ if (cred.message)
+ {
+ /* At least PAM might have committed additional messages.
+ * Reply code 230 is used, since at this point the client
+ * has been accepted. */
+ lreply_multiline (230, cred.message);
+ free (cred.message);
+ cred.message = NULL;
+ }
}
cred.logged_in = 1; /* Everything seems to be allright. */
complete_login (&cred);
@@ -1638,6 +1660,42 @@ lreply (int n, const char *fmt, ...)
}
}
+/* Send a possibly multiline reply as individual
+ * lines of message with identical status code.
+ * No format string input!
+ */
+void
+lreply_multiline (int n, const char *text)
+{
+ char *line;
+
+ line = strdup (text);
+ if (line == NULL)
+ return;
+ else
+ {
+ int stop = 0;
+ char *p1 = line, *p2;
+
+ do
+ {
+ p2 = strchrnul (p1, '\n');
+ stop = (*p2 == '\0'); /* End of input string? */
+ *p2 = '\0';
+ printf ("%d- ", n);
+ printf ("%s\r\n", p1);
+ if (debug)
+ {
+ syslog (LOG_DEBUG, "<--- %d- ", n);
+ syslog (LOG_DEBUG, "%s", p1);
+ }
+ p1 = ++p2; /* P1 is used within bounds. */
+ }
+ while (!stop);
+ free (line);
+ }
+}
+
static void
ack (const char *s)
{
diff --git a/ftpd/pam.c b/ftpd/pam.c
index babb48d..ff08a7c 100644
--- a/ftpd/pam.c
+++ b/ftpd/pam.c
@@ -113,11 +113,18 @@ PAM_conv (int num_msg, const struct pam_message **msg,
in the ftpd.c:user() or ftpd.c:pass() check for it and send
a lreply(). But I'm not sure the RFCs allow mutilines replies
for a passwd challenge. Many clients will simply break. */
+ /* XXX: Attempted solution; collect all messages, appended
+ * one after the other, separated by "\n". Then print all
+ * of them in one single run. This will circumvent the hard
+ * coded protocol convention of not allowing continuation
+ * massage to carry a deviating reply code relative to the
+ * final message.
+ */
if (pcred->message) /* XXX: make sure we split newlines correctly */
{
size_t len = strlen (pcred->message);
char *s = realloc (pcred->message, len
- + strlen (msg[count]->msg) + 1);
+ + strlen (msg[count]->msg) + 2);
if (s == NULL)
{
free (pcred->message);
@@ -126,6 +133,7 @@ PAM_conv (int num_msg, const struct pam_message **msg,
else
{
pcred->message = s;
+ strcat (pcred->message, "\n");
strcat (pcred->message, msg[count]->msg);
}
}
@@ -137,10 +145,9 @@ PAM_conv (int num_msg, const struct pam_message **msg,
else
{
char *sp;
- /* FIXME: What's this for ? */
- /* Remove trailing `: ' */
+ /* Remove trailing space only. */
sp = pcred->message + strlen (pcred->message);
- while (sp > pcred->message && strchr (" \t\n:", *--sp))
+ while (sp > pcred->message && strchr (" \t\n", *--sp))
*sp = '\0';
}
}
@@ -180,7 +187,7 @@ pam_doit (struct credentials *pcred)
{
/* Avoid overly terse passwd messages and let the people
upstairs do something sane. */
- if (pcred->message && !strcasecmp (pcred->message, "password"))
+ if (pcred->message && !strcasecmp (pcred->message, "password:"))
{
free (pcred->message);
pcred->message = NULL;
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 18 +++++++++++++++++
ftpd/extern.h | 1 +
ftpd/ftpd.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
ftpd/pam.c | 17 +++++++++++----
4 files changed, 90 insertions(+), 6 deletions(-)
hooks/post-receive
--
GNU Inetutils
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-193-gcc2173d,
Mats Erik Andersson <=