[Bug 1710] New: aix_setauthdb/aix_restoredb are not called in getpwnamallow() causing permanently_set_uid() to fail
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Feb 2 05:48:16 EST 2010
https://bugzilla.mindrot.org/show_bug.cgi?id=1710
Summary: aix_setauthdb/aix_restoredb are not called in
getpwnamallow() causing permanently_set_uid() to fail
Product: Portable OpenSSH
Version: 5.3p1
Platform: PPC
OS/Version: AIX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: letourneau.alexandre at gmail.com
Created an attachment (id=1787)
--> (https://bugzilla.mindrot.org/attachment.cgi?id=1787)
A patch fixing this issue
We are using a bunch of diffrent LAMs to authenticate users, and
while qualifying openSSH5.3p1 on aix 5.3 and 6.1 we discovered
a small bug.
In auth.c inside the function getpwnamallow(const char *user)
getpwnam(user) is called w/o setting the authdb first.
This results in the wrong authdb being used to retrieve the
user's passwd structure: it uses the default LAM.
(ie: the first one it finds in /usr/lib/security/methods.cfg)
setauthdb() is called during the authentication phase
(which is very good), but it is also necessary to make
the call before using getpwnam/getpwuid/etc.
This is easly fixed by wrapping aix_setauthdb()/aix_restoredb [from
port-aix.c] around the getpwnam(user) call [in auth.c]
I attached a patch, that I tested on aix 5.3 and aix 6.1, fixing this
issue.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list