From ded28e1fbc4c936882b9fc26f74d42c3f436b209 Mon Sep 17 00:00:00 2001 From: Nuno Paiva Date: Wed, 4 May 2016 12:11:31 +0100 Subject: [PATCH] Robustness changes: 1) Makefile: make fails if no git-revision file is already created 2) elogd.c: typos, creation of logdir with appropriated user/group, missing LDAP checks and robustness of show_change_pwd_page 3) auth.c: robustness of auth_verify_password --- Makefile | 6 +++--- src/auth.c | 7 +++++++ src/elogd.c | 27 ++++++++++++++++++++++----- 3 files changed, 32 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index 929a92c6..ee4e1965 100644 --- a/Makefile +++ b/Makefile @@ -116,8 +116,8 @@ endif all: $(EXECS) # put current GIT revision into header file to be included by programs -$(GIT_REVISION): src/elogd.c - echo \#define GIT_REVISION \"`git log -n 1 --pretty=format:"%ad - %h"`\" > $(GIT_REVISION) +$(GIT_REVISION): src/elogd.c src/elog.c + type git &> /dev/null; if [ $$? -eq 1 ]; then REV="unknown" ;else REV=`git log -n 1 --pretty=format:"%ad - %h"`; fi; echo \#define GIT_REVISION \"$$REV\" > $(GIT_REVISION) regex.o: src/regex.c src/regex.h $(CC) $(CFLAGS) -w -c -o regex.o src/regex.c @@ -137,7 +137,7 @@ strlcpy.o: src/strlcpy.c src/strlcpy.h elogd: src/elogd.c regex.o crypt.o auth.o mxml.o $(GIT_REVISION) $(CC) $(CFLAGS) -o elogd src/elogd.c crypt.o auth.o regex.o mxml.o $(OBJS) $(LIBS) -elog: src/elog.c crypt.o $(OBJS) +elog: src/elog.c crypt.o $(OBJS) $(GIT_REVISION) $(CC) $(CFLAGS) -o elog src/elog.c crypt.o $(OBJS) $(LIBS) debug: src/elogd.c regex.o crypt.o auth.o mxml.o diff --git a/src/auth.c b/src/auth.c index 03fde985..55453792 100644 --- a/src/auth.c +++ b/src/auth.c @@ -470,6 +470,13 @@ int auth_verify_password(LOGBOOK * lbs, const char *user, const char *password, error_str[0] = 0; verified = FALSE; + + /* otherwise calls with null lbs which make this procedure crash */ + if (lbs == NULL) + lbs = get_first_lbs_with_global_passwd(); + + if (lbs == NULL) + return FALSE; getcfg(lbs->name, "Authentication", str, sizeof(str)); #ifdef HAVE_KRB5 diff --git a/src/elogd.c b/src/elogd.c index 619184c5..5ae6d3b2 100755 --- a/src/elogd.c +++ b/src/elogd.c @@ -1718,12 +1718,14 @@ int setegroup(char *str) gr = getgrnam(str); - if (gr != NULL) + if (gr != NULL) { + chown(logbook_dir, -1, gr->gr_gid); if (setregid(-1, gr->gr_gid) >= 0 && initgroups(gr->gr_name, gr->gr_gid) >= 0) return 0; else { eprintf("Cannot set effective GID to group \"%s\"\n", gr->gr_name); eprintf("setgroup: %s\n", strerror(errno)); + } } else eprintf("Group \"%s\" not found\n", str); @@ -1741,12 +1743,14 @@ int seteuser(char *str) pw = getpwnam(str); - if (pw != NULL) + if (pw != NULL) { + chown(logbook_dir, pw->pw_uid, -1); if (setreuid(-1, pw->pw_uid) >= 0) { return 0; } else { eprintf("Cannot set effective UID to user \"%s\"\n", str); eprintf("setuser: %s\n", strerror(errno)); + } } else eprintf("User \"%s\" not found\n", str); @@ -8902,7 +8906,12 @@ void show_change_pwd_page(LOGBOOK * lbs) { char str[256], config[256], old_pwd[256], new_pwd[256], new_pwd2[256], user[256], auth[32], error_str[256]; int wrong_pwd; + /* otherwise calls with null lbs which make this procedure crash */ + if (lbs == NULL) + lbs = get_first_lbs_with_global_passwd(); + if (lbs == NULL) + return; getcfg(lbs->name, "Authentication", auth, sizeof(auth)); old_pwd[0] = new_pwd[0] = new_pwd2[0] = 0; @@ -27397,7 +27406,7 @@ void interprete(char *lbook, char *path) /* check if user has access to logbook */ if (!check_login_user(lbs, getparam("uname"))) { - show_error("Use has no access to this logbook"); + show_error("User has no access to this logbook"); return; } @@ -29712,13 +29721,21 @@ void server_loop(void) #ifndef HAVE_KRB5 /* check for Kerberos authentication */ - getcfg("gloabl", "Authentication", str, sizeof(str)); + getcfg("global", "Authentication", str, sizeof(str)); if (stristr(str, "Kerberos")) { eprintf("Kerberos authentication not compiled into this version of elogd.\n"); exit(EXIT_FAILURE); } #endif - +#ifndef HAVE_LDAP + /* check for Kerberos authentication */ + /* NPA change */ + getcfg("global", "Authentication", str, sizeof(str)); + if (stristr(str, "LDAP")) { + eprintf("LDAP authentication not compiled into this version of elogd.\n"); + exit(EXIT_FAILURE); + } +#endif /* listen for connection */ status = listen(lsock, SOMAXCONN); if (status < 0) {