From e9898ef81f6abb033c5380780d2089e246ceceb3 Mon Sep 17 00:00:00 2001 From: Thomas Osterried Date: Sat, 10 Dec 2005 12:39:57 +0000 Subject: - fdlock(): fixed potential lock due to return without unlock - new password methods (read pwcheck for more info) - mode for homedirectory: new config option secure_home. if not set, new homedirectories become drwxr-xr-x if set, new homedirectories become drwx-----x. other=x, because otherwise uses would be iritating that for e.g. their public_html is not accessable.. --- ax25/axspawn.c | 74 +++++++++++++++++++++++++++++++++++++++++++++-------- ax25/axspawn.conf | 16 +++++++++++- ax25/axspawn.conf.5 | 16 ++++++++++++ 3 files changed, 94 insertions(+), 12 deletions(-) (limited to 'ax25') diff --git a/ax25/axspawn.c b/ax25/axspawn.c index 101763b..9e88a4c 100644 --- a/ax25/axspawn.c +++ b/ax25/axspawn.c @@ -1,6 +1,6 @@ /* * - * $Id: axspawn.c,v 1.3 2005/10/30 10:54:54 dl9sau Exp $ + * $Id: axspawn.c,v 1.4 2005/12/10 12:39:57 dl9sau Exp $ * * axspawn.c - run a program from ax25d. * @@ -57,6 +57,18 @@ * # mail) [default no] * create_empty_password no * + * # pwcheck method: password or call or group [default: password] + * # "password" means, that passwords with '+' force a login without + * # prompting for a password (old behaviour; backward compatibility). + * # "call" means, that ham calls via ax25/netrom/rose/.. should be able + * # to login without password, even if it's set (for e.g. to secure + * # from abuse of inet connections) + * # "group" means, that if the gid of the user matches the configured + * # default user_gid, then the login is granted without password. + * #pwcheck call + * #pwcheck group + * #pwcheck password + * * # create with system utility useradd(8)? [default no] * create_with_useradd no * @@ -75,6 +87,9 @@ * # where to add the home directory for the new user * home /home/hams * + * # secure homedirectories (g-rwx) + * #secure_home yes + * * # user's shell * shell /bin/bash * @@ -416,6 +431,8 @@ char policy_add_empty_password = 0; char policy_add_prog_useradd = 0; char policy_guest = 1; char policy_associate = 0; +char pwcheck = 1; +char secure_home = 0; gid_t user_gid = 400; char *user_shell = "/bin/bash"; @@ -1015,6 +1032,7 @@ void new_user(char *newuser) unsigned char *p, *q; struct stat fst; int fd_a, fd_b, fd_l; + mode_t homedir_mode = S_IRUSR|S_IWUSR|S_IXUSR|S_IXOTH|(secure_home ? 0 : (S_IRGRP|S_IXGRP)); /* * build path for home directory @@ -1042,7 +1060,7 @@ retry: } if (uid >= 65535 || uid < start_uid) - return; + goto out; /* * build directories for home @@ -1074,15 +1092,15 @@ retry: if (q == NULL) { chown(p, uid, user_gid); - chmod(p, S_IRUSR|S_IWUSR|S_IXUSR); + chmod(p, homedir_mode); } } else - return; + goto out; } if (chdir(p) < 0) - return; + goto out; p = q; } @@ -1095,11 +1113,11 @@ retry: ((policy_add_empty_password) ? "" : "+"), username, userdir, uid, user_gid, newuser); if (system(command) != 0) - return; + goto out; } else { fp = fopen(PASSWDFILE, "a+"); if (fp == NULL) - return; + goto out; pw.pw_name = newuser; pw.pw_passwd = ((policy_add_empty_password) ? "" : "+"); @@ -1112,9 +1130,8 @@ retry: if (getpwuid(uid) != NULL) goto retry; /* oops?! */ if (putpwent(&pw, fp) < 0) - return; + goto out; - flock(fd_l, LOCK_UN); fclose(fp); } @@ -1129,7 +1146,7 @@ retry: fd_b = open(USERPROFILE, O_CREAT|O_WRONLY, S_IRUSR|S_IWUSR|S_IXUSR); if (fd_b < 0) - return; + goto out; while ( (cnt = read(fd_a, &buf, sizeof(buf))) > 0 ) write(fd_b, &buf, cnt); @@ -1137,6 +1154,8 @@ retry: close(fd_a); chown(USERPROFILE, uid, user_gid); } +out: + flock(fd_l, LOCK_UN); } void read_config(void) @@ -1169,6 +1188,14 @@ void read_config(void) if (!strncmp(cmd, "create_with_useradd", 19)) policy_add_prog_useradd = (param[0] == 'y'); else + if (!strncmp(cmd, "pwcheck", 7)) { + if (!strncmp(param, "pass", 4)) + pwcheck = 1; + else if (!strncmp(param, "call", 4)) + pwcheck = 2; + else if (!strncmp(param, "group", 5)) + pwcheck = 3; + } else if (!strncmp(cmd, "guest", 5)) { if (!strcmp(param, "no")) @@ -1210,6 +1237,9 @@ void read_config(void) start_home = (char *) malloc(strlen(param)+1); strcpy(start_home, param); } else + if (!strncmp(cmd, "secure_home", 11)) { + secure_home = (param[0] == 'y'); + } else if (!strncmp(cmd, "assoc", 5)) { if (!strcmp(param, "yes")) @@ -1263,6 +1293,7 @@ int main(int argc, char **argv) struct sockaddr_rose rose; } sockaddr; char *protocol; + char is_guest = 0; digits = letters = invalid = ssid = ssidcnt = 0; @@ -1388,6 +1419,7 @@ int main(int argc, char **argv) { strcpy(real_user,guest); pw = getpwnam(guest); + is_guest = 1; if (! (pw && pw->pw_uid && pw->pw_gid) ) { @@ -1475,7 +1507,27 @@ int main(int argc, char **argv) chargc = 0; chargv[chargc++] = "/bin/login"; chargv[chargc++] = "-p"; - if (!strcmp(pw->pw_passwd, "+")) + /* there exist several conectps: + * Historicaly, the special character '+' in the password + * field indicated that users may login via ax25, netrom, rose, + * etc.. - but not via other protocols like telnet. + * This secures the digipeater from abuse by inet access of + * non-hams. + * On the other hand, this leads to the problem that telent + * via HF, pop3, etc.. do not work. + * The "pwcheck == 2 method means, that the password is used on + * every login mechanism other than this axspawn program; + * here we do not rely on the password - the ax25 call of + * the ham is enough. We have already checked above, that + * the call of the user is valid (and not root, httpd, etc..); + * thus this method is safe here. + * Another mechanism (pwcheck == 3) is to check if the gid + * equals to user_gid preference. I prefer this way, because + * this approach gives the chance to temporary lock a user + * out (abuse, ..) by changing his gid in passwd to for e.g. + * 65534 (nogroup). + */ + if (pwcheck == 2 || (pwcheck == 3 && (pw->pw_gid == user_gid || is_guest)) || !strcmp(pw->pw_passwd, "+")) chargv[chargc++] = "-f"; chargv[chargc++] = real_user; chargv[chargc] = NULL; diff --git a/ax25/axspawn.conf b/ax25/axspawn.conf index 3f4db4a..5935d34 100644 --- a/ax25/axspawn.conf +++ b/ax25/axspawn.conf @@ -9,7 +9,18 @@ create_empty_password no # create with system utility useradd(8)? [default no] #create_with_useradd no create_with_useradd yes - +# +# pwcheck method: password or call or group [default: password] +# "password" means, that passwords with '+' force a login without +# prompting for a password (old behaviour; backward compatibility). +# "call" means, that ham calls via ax25/netrom/rose/.. should be able +# to login without password, even if it's set (for e.g. to secure +# from abuse of inet connections) +# "group" means, that if the gid of the user matches the configured +# default user_gid, then the login is granted without password. +#pwcheck call +#pwcheck group +#pwcheck password # # guest user if above is 'no' or everything else fails. Disable with "no" #guest ax25 @@ -29,6 +40,9 @@ max_uid 2000 #home /home/ax25 home /home/hams # +# secure homedirectories (g-rwx) +#secure_home yes +# # user shell shell /bin/bash # diff --git a/ax25/axspawn.conf.5 b/ax25/axspawn.conf.5 index 190d4c2..cb33d9a 100644 --- a/ax25/axspawn.conf.5 +++ b/ax25/axspawn.conf.5 @@ -31,6 +31,16 @@ create_with_useradd yes .br # .br +# pwcheck method: password or call or group. [default: password] +.br +#pwcheck call +.br +#pwcheck group +.br +pwcheck password +.br +# +.br # guest user if above is 'no' or everything else .br # fails. Disable with "no" @@ -63,6 +73,12 @@ home /home/hams .br # .br +# secure homedirectories (g-rwx) +.br +#secure_home yes +.br +# +.br # user's shell .br shell /bin/bash -- cgit v1.2.3