Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-1187

In pamCredValidator.c, pam_end() is not called if authentication fails.

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • None
    • 0.7.0
    • Ranger
    • None

    Description

      In main method of C file "\incubator-ranger\unixauthpam\src\main\c\pamCredValidator.c",
      when authentication fails, pam_end() is not called before exit(1),
      which result in PAM transaction is not closed.
      The pam_end() function terminates a PAM transaction and destroys the
      corresponding PAM context, releasing all resources allocated to it.

      int main(int ac, char **av, char **ev)
      {
      char username[64] ;
      char password[64] ;
      char line[512] ;

      int retval;
      pam_handle_t *pamh = NULL;

      fgets(line,512,stdin) ;
      sscanf(line, "LOGIN:%s %s",username,password) ;
      conv.appdata_ptr = (char *) password;

      retval = pam_start("ranger-remote", username, &conv, &pamh);
      if (retval != PAM_SUCCESS)

      { /* why expose this? */ fprintf(stdout, "FAILED: [%s] does not exists.\n", username) ; exit(1); }

      retval = pam_authenticate(pamh, 0);
      if (retval != PAM_SUCCESS)

      { fprintf(stdout, "FAILED: Password did not match.\n") ; exit(1); }

      /* authorize */
      retval = pam_acct_mgmt(pamh, 0);
      if (retval != PAM_SUCCESS)

      { fprintf(stdout, "FAILED: [%s] is not authorized.\n", username) ; exit(1); }

      /* establish the requested credentials */
      if ((retval = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS)

      { fprintf(stdout, "FAILED: Error setting credentials for [%s].\n", username) ; exit(1); }

      /* not opening a session, as logout has not been implemented as a remote service */
      fprintf(stdout, "OK:\n") ;

      if (pamh)

      { pam_end(pamh, retval); }

      exit(0) ;
      }

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            zhangqiang2 Qiang Zhang
            zhangqiangzte zhangqiang
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 24h
                24h
                Remaining:
                Remaining Estimate - 24h
                24h
                Logged:
                Time Spent - Not Specified
                Not Specified

                Slack

                  Issue deployment