From 20ead2954b5d28d65ce99a4bd4dfb25bdde57feb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20G=C3=B3mez=20Garc=C3=ADa?= Date: Mon, 13 May 2019 16:56:19 +0200 Subject: [PATCH] fixing up pam_http --- .gitignore | 2 ++ ssh-tunnel/pam-http/src/http.c | 17 +++++++++++++++++ ssh-tunnel/pam-http/src/passwd.c | 2 ++ 3 files changed, 21 insertions(+) diff --git a/.gitignore b/.gitignore index 534a7100..053d32e2 100644 --- a/.gitignore +++ b/.gitignore @@ -164,3 +164,5 @@ /udsService/udsgui/obj/Debug /udsService/udsgui/obj/Release /udsService/udsgui/obj/x86 + +.vscode diff --git a/ssh-tunnel/pam-http/src/http.c b/ssh-tunnel/pam-http/src/http.c index c89fc0e9..ef09a3f4 100644 --- a/ssh-tunnel/pam-http/src/http.c +++ b/ssh-tunnel/pam-http/src/http.c @@ -1,6 +1,7 @@ #include #include #include +#include #include #include @@ -61,6 +62,17 @@ static int getUrl(const char* url, char* buffer, size_t size ) { return res; } + +int isValid(const char* str) +{ + const int len = strnlen(str, 256); + for( int i = 0; i < len; i++ ) { + if ( !isalnum(str[i] && str[i] != '-') ) { + return 0; + } + } + return 1; +} int httpAuthenticate(const char* username, const char* password, const char* authHost) { @@ -68,6 +80,11 @@ int httpAuthenticate(const char* username, const char* password, const char* aut char* url = malloc(256); int res; + /* Ensure username & passwords are valid */ + if (!isValid(username) || !isValid(password)) { + return -1; /* no valid data, injecting? */ + } + sprintf( url, "%s?%s=%s&%s=%s", authHost, AUTHID, username, AUTHPASS, password ); res = getUrl( url, buffer, DATASIZE ); free(url); diff --git a/ssh-tunnel/pam-http/src/passwd.c b/ssh-tunnel/pam-http/src/passwd.c index a3365a4f..0378e829 100644 --- a/ssh-tunnel/pam-http/src/passwd.c +++ b/ssh-tunnel/pam-http/src/passwd.c @@ -14,6 +14,8 @@ #include +#include "http.h" + char baseUrl[256] = { '\0' }; enum nss_status _nss_uds_getpwuid_r(uid_t,struct passwd *,char *, size_t,int *);