[PATCH] template_user for pam_radius_auth.so

Frank Cusack fcusack at fcusack.com
Sat Sep 30 00:50:37 CEST 2006



On September 29, 2006 4:20:31 PM -0500 Thaddeus Ternes <tternes at gmail.com> wrote:
> After much googling, I was unable to find a solution for Linux like
> BSD has for it's PAM-Radius module for specifying a system username to
> use upon a successful authentication.
>
> Included is my attempt at adding the "template_user" functionality
> from the BSD version of to pam_radius_auth.  Here's what I've used in
> my /etc/pam.conf file:
>
> login  auth  required  /lib/security/pam_radius_auth.so template_user=myname
>
> I haven't been able to do much testing with it yet (as I'm currently
> involved in other PAM integration efforts), but would definitely
> appreciate any feedback on this.  I'm still rather new to Linux
> hacking, so all (positive) criticism is most welcomed.

I thought no Linux applications (including openssh) supported changing
of the username.

You simply copy the argument into the buffer without doing any kind of
bounds check.  Because the current code does so is no reason to continue
with this madness.  At least use strncpy()!

This won't work for applications that do multiple pam auths without
fork/exec.  Each pam auth will have the user pointing to the same
memory location, which might be overwritten.  So, you need to dynamically
allocate the space, which will fix your buffer overflow problem at
the same time.

-frank



More information about the Freeradius-Devel mailing list