From javier@aurora.diatel.upm.es  Tue Feb  8 13:17:33 2005
Return-Path: <javier@aurora.diatel.upm.es>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 31FB216A4CF
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  8 Feb 2005 13:17:33 +0000 (GMT)
Received: from aurora.diatel.upm.es (aurora.diatel.upm.es [138.100.49.70])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 93D3743D39
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  8 Feb 2005 13:17:32 +0000 (GMT)
	(envelope-from javier@aurora.diatel.upm.es)
Received: from aurora.diatel.upm.es (localhost [127.0.0.1])
	by aurora.diatel.upm.es (8.13.1/8.13.1) with ESMTP id j18DHKnw074573;
	Tue, 8 Feb 2005 14:17:21 +0100 (CET)
	(envelope-from javier@aurora.diatel.upm.es)
Received: (from root@localhost)
	by aurora.diatel.upm.es (8.13.1/8.13.1/Submit) id j18DHKJt074572;
	Tue, 8 Feb 2005 14:17:20 +0100 (CET)
	(envelope-from javier)
Message-Id: <200502081317.j18DHKJt074572@aurora.diatel.upm.es>
Date: Tue, 8 Feb 2005 14:17:20 +0100 (CET)
From: Javier Martn Rueda <jmrueda@diatel.upm.es>
Reply-To: Javier Martn Rueda <jmrueda@diatel.upm.es>
To: FreeBSD-gnats-submit@freebsd.org
Subject: login doesn't chdir into a group-protected home directory
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         77261
>Category:       bin
>Synopsis:       login(1) doesn't chdir into a group-protected home directory
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 08 13:20:11 GMT 2005
>Closed-Date:    
>Last-Modified:  Sat May 24 23:07:27 UTC 2008
>Originator:     Javier Martn Rueda
>Release:        FreeBSD 5.3-RELEASE i386
>Organization:
DIATEL - UPM
>Environment:
System: FreeBSD aurora.diatel.upm.es 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 5 04:19:18 UTC 2004 root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386


	
>Description:
When any component of a user's home directory has permissions such that only
the members of a certain group can access it, login will not correctly chdir
to that directory, and the user will get the message "No home directory.
Logging in with home = "/". The user will then start in the root directory.

>How-To-Repeat:

pw groupadd testgroup
mkdir /home/test
chgrp testgroup /home/test
chmod 750 /home/test
echo testpassword | pw useradd testuser -d /home/test/testuser -m -G testgroup -h0

Now login as testuser and you'll get a "No home directory. Logging in with home = "/" message,
despite the fact that testuser belongs to testgroup. Actually, the user can then change to
his home directory without any problem.

You have to login via telnet or a console terminal. sshd or X don't run login.

>Fix:

This bug is actually acknowledged in the login source code. What I suggest is first trying
to chdir to the user's home directory in the traditional way (with superuser privileges).
If that doesn't work, it may be because the user's home directory resides on a NFS server
that doesn't allow root access, and only then it's when login switches identities and tries
to chdir for a second time.

Apply the following patch to /usr/src/usr.bin/login/login.c, recompile, and reinstall:


--- login.c.orig	Mon Jan 26 21:04:47 2004
+++ login.c	Wed Jan 26 12:02:03 2005
@@ -161,7 +161,7 @@
 	struct group *gr;
 	struct stat st;
 	int retries, backoff;
-	int ask, ch, cnt, quietlog, rootlogin, rval;
+	int ask, ch, cnt, quietlog, rootlogin, rval, chdir_possible;
 	uid_t uid, euid;
 	gid_t egid;
 	char *term;
@@ -358,15 +358,28 @@
 	quietlog = login_getcapbool(lc, "hushlogin", 0);
 
 	/*
-	 * Switching needed for NFS with root access disabled.
+	 * We try to chdir() into the user's home directory.
+	 * If that fails, it may be because it resides on a
+	 * NFS filesystem with root access disabled, and so
+	 * we switch credentials and retry.
 	 *
-	 * XXX: This change fails to modify the additional groups for the
-	 * process, and as such, may restrict rights normally granted
-	 * through those groups.
+	 * XXX Note that the switch fails to modify the additional
+	 * groups for the process, and as such, may restrict
+	 * rights normally granted through those groups.
 	 */
-	(void)setegid(pwd->pw_gid);
-	(void)seteuid(rootlogin ? 0 : pwd->pw_uid);
-	if (!*pwd->pw_dir || chdir(pwd->pw_dir) < 0) {
+	if (*pwd->pw_dir) {
+		chdir_possible = (chdir(pwd->pw_dir) == 0);
+		if (! chdir_possible) {
+			(void)setegid(pwd->pw_gid);
+			(void)seteuid(rootlogin ? 0 : pwd->pw_uid);
+			chdir_possible = (chdir(pwd->pw_dir) == 0);
+			(void)seteuid(euid);
+			(void)setegid(egid);
+		}
+	}
+	else
+		chdir_possible = 0;
+	if (! chdir_possible) {
 		if (login_getcapbool(lc, "requirehome", 0))
 			refused("Home directory not available", "HOMEDIR", 1);
 		if (chdir("/") < 0)
@@ -379,9 +392,7 @@
 			bail(SLEEP_EXIT, 1);
 		}
 	}
-	(void)seteuid(euid);
-	(void)setegid(egid);
-	if (!quietlog) {
+	else if (!quietlog) {
 		quietlog = access(_PATH_HUSHLOGIN, F_OK) == 0;
 		if (!quietlog)
 			pam_silent = 0;

>Release-Note:
>Audit-Trail:
>Unformatted:
