[Bug 1710] New: aix_setauthdb/aix_restoredb are not called in getpwnamallow() causing permanently_set_uid() to fail

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Feb 2 05:48:16 EST 2010


https://bugzilla.mindrot.org/show_bug.cgi?id=1710

           Summary: aix_setauthdb/aix_restoredb are not called in
                    getpwnamallow() causing permanently_set_uid() to fail
           Product: Portable OpenSSH
           Version: 5.3p1
          Platform: PPC
        OS/Version: AIX
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: letourneau.alexandre at gmail.com


Created an attachment (id=1787)
 --> (https://bugzilla.mindrot.org/attachment.cgi?id=1787)
A patch fixing this issue

We are using a bunch of diffrent LAMs to authenticate users, and
while qualifying openSSH5.3p1 on aix 5.3 and 6.1 we discovered 
a small bug.

In auth.c inside the function getpwnamallow(const char *user)
getpwnam(user) is called w/o setting the authdb first.

This results in the wrong authdb being used to retrieve the
user's passwd structure: it uses the default LAM. 
(ie: the first one it finds in /usr/lib/security/methods.cfg)

setauthdb() is called during the authentication phase
(which is very good), but it is also necessary to make 
the call before using getpwnam/getpwuid/etc.

This is easly fixed by wrapping aix_setauthdb()/aix_restoredb [from
port-aix.c] around the getpwnam(user) call [in auth.c]

I attached a patch, that I tested on aix 5.3 and aix 6.1, fixing this
issue.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list