A very little Display Manager and an obstacle

[vaisarger]

Hi!

I wrote a very little and home-made Display Manager.
https://sites.google.com/view/easydisplaymanager/home
It's got a limited set of features, and it's only a proof of concept.

The obstacle (for me) is that I (as a bash scripter with bare C know-how) can check user password only with "shadow.h" header (that is a linuxism).

How to check passwords in BSD?

[ASX]

please redo the tar file and avoid to use a path that start with .. is it considered bad practice, often used by malicious software, in fact bsdtar refuse to extract the files.

"../../../home/vittorio/Programmi/EasyDM/... "

[kraileth]

Hi vaisarger,

just wanted to give your DM a try on a spare machine. Unfortunately the tarball that you uploaded is messed up: You've somehow managed to include relative paths into it ("/../../../home/vittorio/Programmi/") which prevents tar from extracting it normally. The engrampa archive manager that comes with GhostBSD/MATE also fails on this. It claims to have extracted the files but actually hasn't.

I had one such file in the past and somehow managed to extract files from it... But I don't remember exactly how I did it (it was a major pain, though). So you probably want to rebuild your tarball to just include the EasyDM directory? I'll give it a shot then.

[ASX]

The obstacle (for me) is that I (as a bash scripter with bare C know-how) can check user password only with "shadow.h" header (that is a linuxism).

How to check passwords in BSD?

see " man getpwent " and related funtions.
I would expect that to be portable, being under POSIX compliance

[vaisarger]

Thank you both for your tips.

Kraileth, I'm sorry, I just used "Compress the directory" option in File Manager menu, like "Extract here". I was not aware of this problem. Anyway I've just uploaded an other tarball without that issue, I used "tar" command in a terminal, to avoid such a joke.
Please consider my program is very basic and doesn't support many features you would expect from a DM (e.g. the current time displayed, or the locals/keymaps). Nonetheless it has those basic features which I need (all users displayed and ready to click, and some other basic settings) Furthermore, it's in far early stage of development: more, it's really a baby!
Thank you anyway to give it a try, I look forward to listen your opinions/suggestions on it.



ASX, I already saw that library, but I would prefer (if possible) a bare and direct C source, since my C knowledge is so limited. I know " 'shadow.h' way" just because I copied and modified it from an other open source project to sort out a certain situation at work.
I apologize, I'm basically just a shell scripter...

[ASX]

ok, the tarball is now OK, downloaded it and took a fast look.

hmm ...

Code: Select all

  
        ...                      
         char parola_da_cryptare[100];
         char utente[100];
         struct spwd * dati_da_etc_passwd ;
         char *puntatore_a_parola_da_cryptare ;

         sprintf(parola_da_cryptare,"%s",argv[1]);
         sprintf(utente,"%s",argv[2]);
         dati_da_etc_passwd=getspnam(utente);
         ...     

It would be very easy to make your program crash upon the first snprint() call, just type in a string longer than 100 chars ... for something that has to deal with security and access control is not a good start, please see snprintf().

getspnam() is a GNU extension and is not part of POSIX, and in fact is not implemented in freebsd, you have to change approach and if portability is desired you have to crosscheck the functions you are using are implemented on all system you are going to support. (or you can use conditional statements to allow for different code depending on OS),

please check this for a start:
http://pubs.opengroup.org/onlinepubs/9699919799/ search for "getpwent", you will find code example for many functions too.

[vaisarger]

ASX, thank you very much for your tip!

I at last managed to check password in *BSD too!

Actually, it was so trivial... sometimes I'm surprised in BSD world by this: my mind is used to complicate itself, but things are so easy, why make them more complicate? (It's difficult to explain this sensation... ).

Anyway, POSIX authentication is very similar to "shadow" GNU way, the only difference is you have to fetch data through a loop:

Code: Select all

while((pwd = getpwent()) != NULL) 
		{
		if (strcmp(pwd->pw_name,user)==0) 
			{
              ....
              ....

and in the structure "pwd" (struct passwd * pwd ) there is everything: user name, uid, and so forth, and , obviously the user password.

Now I can implement this in my little, home made, Display Manager "EasyDM".

It would be very easy to make your program crash upon the first snprint() call, just type in a string longer than 100 chars ... for something that has to deal with security and access control is not a good start, please see snprintf().

Well... I didn't notice that vulnerability. I'll increase char memory allocation to 1000 chars.
It might be a safer limit, isn't it?

Kraileth, did you look at my DM? Have you suggestions about, to make it better?

[ASX]

ASX, thank you very much for your tip!

very welcome, and nice to see you are progressing!

Well... I didn't notice that vulnerability. I'll increase char memory allocation to 1000 chars.
It might be a safer limit, isn't it?

No, by extending the buffer size, you only change the amount of chars needed to overflow the buffer, it will be still vulnerable.
What is needed here is to deal safely with any unexpected input string, specifically you need to copy into the buffer only N-1 byte, where N is the buffer size.

snprintf(parola_da_cryptare, N-1, "%s",argv[1]);

This way only N-1 bytes will be copied into the buffer 'parola_da_cryptare' , no matter how long will be argv[1]

[vaisarger]

Very interesting...

But... (maybe a stupid question) if arg1 is "12345", then N-1, "parola_da_cryptare" now is: "1234“?
Or is the last char considered the special final char ("\0")?

[ASX]

Very interesting...

But... (maybe a stupid question) if arg1 is "12345", then N-1, "parola_da_cryptare" now is: "1234“?
Or is the last char considered the special final char ("\0")?

back to your own code:

Code: Select all

        ...                      
         char parola_da_cryptare[100];    <<<<<=======-  N = 100
         char utente[100];
         struct spwd * dati_da_etc_passwd ;
         char *puntatore_a_parola_da_cryptare ;

         sprintf(parola_da_cryptare,"%s",argv[1]);
         sprintf(utente,"%s",argv[2]);
         dati_da_etc_passwd=getspnam(utente);
 

parola_da_cryptare is the buffer, you defined it as an array of 100 chars, thus N=100 in your code.
using

Code: Select all

snprintf(parola_da_cryptare, 100-1, argv[1]);

you will make sure that whatver lenght is argv[1], only the first 99 bytes will be copied, and you have room for the terminating '\0'.
That is, you will never exceed the 100 bytes lenght, which is the size of your buffer.

Of course, same thing may apply to your other char array 'utente'.

Hope that is clearer.