From root@gits.dyndns.org  Sun Oct 22 07:50:25 2000
Return-Path: <root@gits.dyndns.org>
Received: from lafontaine.cybercable.fr (lafontaine.cybercable.fr [212.198.0.202])
	by hub.freebsd.org (Postfix) with SMTP id 21CE637B479
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 22 Oct 2000 07:49:15 -0700 (PDT)
Received: (qmail 1138946 invoked from network); 22 Oct 2000 14:49:01 -0000
Received: from r227m167.cybercable.tm.fr (HELO gits.dyndns.org) ([195.132.227.167]) (envelope-sender <root@gits.dyndns.org>)
          by lafontaine.cybercable.fr (qmail-ldap-1.03) with SMTP
          for <FreeBSD-gnats-submit@freebsd.org>; 22 Oct 2000 14:49:01 -0000
Received: (from root@localhost)
	by gits.dyndns.org (8.11.0/8.11.0) id e9MEmx216806;
	Sun, 22 Oct 2000 16:48:59 +0200 (CEST)
	(envelope-from root)
Message-Id: <200010221448.e9MEmx216806@gits.dyndns.org>
Date: Sun, 22 Oct 2000 16:48:59 +0200 (CEST)
From: Cyrille Lefevre <clefevre@citeweb.net>
Sender: root@gits.dyndns.org
Reply-To: clefevre@citeweb.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: skeyaccess(3) doesn't for primary group
X-Send-Pr-Version: 3.2

>Number:         22212
>Category:       bin
>Synopsis:       skeyaccess(3) doesn't for primary group
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Oct 22 08:00:00 PDT 2000
>Closed-Date:    Mon Aug 12 12:49:31 PDT 2002
>Last-Modified:  Mon Aug 12 12:49:31 PDT 2002
>Originator:     Cyrille Lefevre
>Release:        FreeBSD 4.1-STABLE i386
>Organization:
ACME
>Environment:

FreeBSD gits 4.1-STABLE FreeBSD 4.1-STABLE #3: Sat Sep 23 10:20:30 CEST 2000     root@gits:/disk2/4.0-stable/src/sys/compile/CUSTOM  i386

>Description:

	skeyaccess(3) only check for group members and not for primary group.

>How-To-Repeat:

	/etc/passwd:
	clefevre:*:2002:2002:Cyrille Lefevre:/home/clefevre:/bin/ksh

	/etc/group:
	users:*:2002:

	/etc/skey.access:
	permit group users
	deny

	ftp ftp://clefevre:XXXX@localhost/
	Trying 127.0.0.1...
	Connected to localhost.
	220 gits FTP server (Version 6.00LS) ready.
	Remote system type is UNIX.
	Using binary mode to transfer files.
	331 Password required for clefevre.
	530 Login incorrect.
	ftp: Login failed.
	ftp: Can't connect or login to host `localhost'
	221 Goodbye.

>Fix:


Index: skeyaccess.c
===================================================================
RCS file: /home/ncvs/src/lib/libskey/skeyaccess.c,v
retrieving revision 1.9
diff -u -r1.9 skeyaccess.c
--- skeyaccess.c	1998/10/26 11:54:36	1.9
+++ skeyaccess.c	2000/10/22 13:55:38
@@ -32,6 +32,7 @@
 #include <arpa/inet.h>
 #include <stdio.h>
 #include <grp.h>
+#include <pwd.h>
 #include <ctype.h>
 #include <syslog.h>
 #include <unistd.h>
@@ -152,7 +153,7 @@
 	int     i;
 
 	for (i = 0; login_info.internet_addr[i].s_addr; i++)
-	    printf("%s%s", login_info.internet_addr[i].s_addr == -1 ?
+	    printf("%s%s", login_info.internet_addr[i].s_addr == INADDR_NONE ?
 		 "(see error log)" : inet_ntoa(login_info.internet_addr[i]),
 		   login_info.internet_addr[i + 1].s_addr ? " " : "\n");
     }
@@ -261,11 +262,15 @@
 static int match_group(login_info)
 struct login_info *login_info;
 {
+    struct passwd *passwd;
     struct group *group;
     char   *tok;
     char  **memp;
 
-    if ((tok = need_token()) && (group = getgrnam(tok))) {
+    if ((tok = need_token()) &&
+	(passwd = getpwnam(login_info->user)) && (group = getgrnam(tok))) {
+	if (passwd->pw_gid == group->gr_gid)
+	    return (1);
 	for (memp = group->gr_mem; *memp; memp++)
 	    if (strcmp(login_info->user, *memp) == 0)
 		return (1);
@@ -454,6 +459,7 @@
 
 #ifdef TEST
 
+int
 main(argc, argv)
 int     argc;
 char  **argv;
@@ -469,7 +475,7 @@
 	exit(0);
     }
     if (_PATH_SKEYACCESS[0] != '/')
-	printf("Warning: this program uses control file: %s\n", KEYACCESS);
+	printf("Warning: this program uses control file: %s\n", _PATH_SKEYACCESS);
     openlog("login", LOG_PID, LOG_AUTH);
 
     user = argv[1];

>Release-Note:
>Audit-Trail:

From: Cyrille Lefevre <root@gits.dyndns.org>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: bin/22212: skeyaccess(3) doesn't for primary group
Date: Wed, 3 Jan 2001 06:30:21 +0100 (CET)

 hi and HNY,
 
 anybody to commit http://www.FreeBSD.org/cgi/query-pr.cgi?pr=22212 ?
 
 thanks.
 
 Cyrille.
 --
 home: mailto:clefevre@citeweb.net work: mailto:Cyrille.Lefevre@edf.fr
 
State-Changed-From-To: open->closed 
State-Changed-By: iedowse 
State-Changed-When: Mon Aug 12 12:47:15 PDT 2002 
State-Changed-Why:  

Fixed in revision 1.9.6.2 of skeyaccess.c, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=22212 
>Unformatted:
