bb login.c

walter harms wharms at bfs.de
Tue Feb 3 15:24:04 UTC 2009 


Denys Vlasenko schrieb:
> On Sunday 01 February 2009 20:47, walter harms wrote:
>> Denys Vlasenko schrieb:
>>> On Saturday 31 January 2009 18:37, walter harms wrote:
>>>> Hi Denis,
>>>> i have broken down my patch to login.c into several pieces (4).
>>>> Shall i send the diff or the .c ?
>>> Please send diffs
>> attached all patches should apply on top of each other. The patches are based
>> on the login.c i send to the list end of last year.
>>
>> v0-v1: basicly moves SELINUX and LOGIN_SCRIPTS out of the way
> 
> -#if ENABLE_SELINUX
> -       if (is_selinux_enabled()) {
> -               security_context_t old_tty_sid, new_tty_sid;
> +       USE_SELINUX(initselinux(username, full_tty, &user_sid));
> 
> -               if (get_default_context(username, NULL, &user_sid)) {
> 
> but then
> 
> +static void initselinux(char *username, char *full_tty,
> +                                               security_context_t * user_sid)
> +{
> +       security_context_t old_tty_sid, new_tty_sid;
> +
> +       if (get_default_context(username, NULL, user_sid)) {
> +               bb_error_msg_and_die("cannot get SID for %s", username);
> +       }
> 
> You lost "if (is_selinux_enabled()) ..." part
> 


investigated: i am not sure that is_selinux_enabled() i correct in the first place
libbb has a  selinux_or_die(void).
If the !ENABLE_SELINUX case is removed we could that add to every function and
be happy. It may also be helpful with some function inside selinux/*.c



> 
>> v1-v2: rework the get ttynam() part, move from array to pointer
> 
> +       full_tty = ttyname(STDIN_FILENO);
> +       if (!full_tty || strncmp(full_tty, "/dev/", 5)) {
> +               full_tty = (char *) "UNKNOWN";
> +               short_tty = full_tty;
> +       } else {
> +               short_tty = full_tty + 5;
> 
> If ttyname does not start with "/dev/", you set it to "UNKNOWN".
> This is wrong.
> 

are there really cases where a tty is not inside /dev ?
and why not report UNKNOWN then ?


>> v2-v3: move pswd check for PAM and !PAM into check_pswd()
>> 	- fix getpwnam_r buffer size
> 
> +static
> +struct passwd *bb_getpwnam_r(char *username)
> +{
> +       struct passwd *pwdstruct,*ptr;
> +       struct passwd *pwd1;
> +       size_t len = 1024;
> +       long int initlen = sysconf(_SC_GETPW_R_SIZE_MAX);
> +
> +       if (initlen > 0)
> +               len = (size_t) initlen;
> 
> what if sysconf() return a value which doesn't fit in size_t?
> 
> +
> +       /*
> +          pwdstruct is a list of pointers to
> 
> no, it isn't
> 
> +          data stored in pwdbuf
> 
> stored where?
> 
> +        */
> +
> +       pwdstruct= xmalloc(len+sizeof(*pwdstruct));
> +       ptr=pwdstruct+len;
> 
> Bug. pwdstruct + n moves ptr n * sizeof(struct passwd) bytes!
> 

Investigated:
yes but not deadly. the realy bug is that len should be sizeof(*pwdstruct) :)
the bug occured when i changed char * for struct passwd *

in your patch you do check the return value of getpwnam_r(), intentionally ?

> 
> +       /*
> +         pwd1 will become NULL on not found
> +          getpwnam_r will become 0 on eror
> 
> getpwnam does not "become", it "returns".
> 
	and write error with 2*r

> 
> +/*
> +  this is a special case
> +*/
> +       if (!pamuser || !pamuser[0])
> +               goto auth_failed;
> 
> Does this comment actually explain something? If it says
> 'NULL or "" username is considered a failure', well,
> that's obvious from the code.
> 
> 
>         if (option_mask32 & LOGIN_OPT_f)
> ...
> ...
> ...
>                 opt &= ~LOGIN_OPT_f;
> 
> You forgot to copy updated flags to option_mask32.
> 
> 
> 
> I think check_pswd() can be better implemented as:
> 
> struct passwd *check_pswd(const char *username)
> 
> instead of
> 
> static int check_pswd(char *username, int userlen, struct passwd **pw2)

the username stuff has a problem the size should not be hardcode but discovered
by _SC_LOGIN_NAME_MAX


> 
> 
> When these issues are addressed:
> 
> function                                             old     new   delta
> login_main                                          1552    1584     +32
> 
> :(
> 
> I applied patches 1 and 2, thanks! Please look at attached patch.
> It's a cleaned up version of patch 3. I hesitate to apply it
> to svn, there might be more unexploded ordnance there.
> 
> If it would be at least not bigger with the patch according
> to "make bloatcheck", then maybe...

the "real" savings occur when you can think about the rest independently.

i noticed the only pw->pw_shell is needed in calling run_shell().
Does run_shell free buffers allocated by login() ?


re,
 wh

> --
> vda

More information about the busybox mailing list