The special characters '!' and '*' in /etc/shadow are
used to disable password login for a specific account.
The character 'x' has no special meaning, but should not
be interpreted as an empty password.
However, rpcd did treat these special characters like no
password was set, which allows access even though the account
is disabled.
By removing the additional checks for these characters, the
encrypted password string is passed to crypt, which returns NULL
if the salt has an invalid format and therefore access is denied.
Fixes: FS#2634
Signed-off-by: Fabian Bläse <fabian@blaese.de>
The crypt() function may return NULL with errno ENOSYS when an attempt
was made to crypt the plaintext password using a salt requesting an
unsupported cipher.
Avoid triggering segmentation faults in the subsequent strcmp() operation
by checking for a non-NULL hash value.
Fixes: FS#2291
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When restoring session information from blob data, only consider the
embedded username attribute if it is a string value.
Other types may cause invalid memory accesses when attempting to strcmp()
the attribute value.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Reclaim the pending apply session upon login when the username matches the
current login.
This is required to support apply-confirm-rollback workflow for ubus browser
clients, since changing IPs requires re-login to the device due to cross
domain restrictions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The given const char *key was used to look up the blob attribute, while
the blob attributes internal name was used to store it in the avl tree.
This leads to confusion and potential memory leaks when the given key name
does not match the blob attributes internal name.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This change allows excluding specific groups after a wildcard expression.
The following example would grant read access to any acl group except the
group named "example".
list read '*'
list read '!example'