sshd/winbind wrong GID redux

Hans Petter Jansson hpj at cl.no
Thu May 28 05:34:41 AEST 2020


On Wed, 2020-05-27 at 16:27 +0930, David Newall wrote:
> On 27/5/20 12:41 am, Hans Petter Jansson wrote:

> > https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-February/037556.html
> 
> I have two comments:
> First, in the patch, I think it's insufficient to free(s->pw) as s-
> >pw probably has copies of strings.  See end of pwcopy() in misc.c. 
> Second, might userauth_finish() in auth2.c be a better place to
> reload the struct passwd?
> It does seem like something which deserves to be fixed.  Don't let it
> drop.

auth2.c:userauth_finish() does seem like a good place. I tried that
first, but privsep complicates it somewhat. I wasn't able to figure out
a way to do it without adding monitor code for getpwnam(); as far as I
can tell, getpwnamallow() is only meant to be called once, and it also
does quite a bit of extra work (config parsing etc) that we don't need
the second time around.

-- 
Hans Petter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20200527/d9b4434f/attachment.asc>


More information about the openssh-unix-dev mailing list