Hi Kev,
Thanks, I added this to devel branch.
The other issue with the threads should go away. I'm planning to
remove the threads from sesman because it does a bunch for forking.
Jay
On Sun, Oct 26, 2014 at 1:48 PM, Ken Milmore <ken.milm...@gmail.com> wrote:
> Hello,
>
> I am using xrdp without PAM, and have been looking at the recently
> modified shadow authentication code in sesman/verify_user.c.
>
> I have noticed that sesman segfaults when attempting to authenticate a
> user account which has been locked by "passwd -l username". In fact the
> segfault occurs whenever the contents of the shadow password field do
> not match any of the hash formats expected by GNU crypt().
>
> The problem lies in verify_user.c, function auth_user_pass(). The
> return value of crypt() will be NULL if the account happens to be locked
> or if the enctrypted password is in an unexpected format. So I would
> suggest that the code at the end of auth_user_pass() should go something
> like this:
>
> epass = crypt(pass, encr);
> if (epass == 0)
> {
> /* possibly a locked account */
> return 0;
> }
> return (strcmp(encr, epass) == 0);
> }
>
> Another point: auth_user_pass() seems to get called from a thread spun
> off a listening socket, but calls getpwnam, getspnam and crypt which re
> not re-entrant. Shoudln't there be a mutex or something similar
> protecting this whole function? Apologies if I've missed some reason
> why it can't be re-entered.
>
> Best wishes,
>
> Ken Milmore.
>
>
>
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> xrdp-devel mailing list
> xrdp-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xrdp-devel
------------------------------------------------------------------------------
_______________________________________________
xrdp-devel mailing list
xrdp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xrdp-devel
