diff options
Diffstat (limited to 'content/posts/WIP-how-bsd-authentication-works/notes.org')
| -rw-r--r-- | content/posts/WIP-how-bsd-authentication-works/notes.org | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/content/posts/WIP-how-bsd-authentication-works/notes.org b/content/posts/WIP-how-bsd-authentication-works/notes.org new file mode 100644 index 0000000..9bd67d4 --- /dev/null +++ b/content/posts/WIP-how-bsd-authentication-works/notes.org @@ -0,0 +1,83 @@ +* Notes + https://web.archive.org/web/20170327150148/http://www.penzin.net/bsdauth/ + - In the man page for [[https://man.openbsd.org/auth_subr.3#auth_call][=auth_call=]] it says + #+begin_src text + path The full path name of the login script to run. The call will + fail if path does not pass the requirements of the secure_path(3) + function. + #+end_src + + However I don't see this enforced anywhere, I even wrote a small test + script to prove it. + + #+CAPTION: =authfail.c= + #+begin_src c + #include <sys/types.h> + #include <login_cap.h> + #include <bsd_auth.h> + #include <stdio.h> + + int main(void) { + auth_session_t *as; + + as = auth_open(); + auth_call(as, "/home/dante/auth_tests/authtest/test", "hello", NULL); + auth_close(as); + } + #+end_src + + Changing ="/home/dante/auth_tests/authtest/test"= to the location + of the =test= binary. + + #+CAPTION: =test.c= + #+begin_src c + #include <stdio.h> + + int main(void) { + printf("Hello! I don't have a secure path!\n"); + return 0; + } + #+end_src + + #+CAPTION: =Makefile= + #+begin_src makefile + CFLAGS = -Wall -Wextra + + run: authfail test + ./authfail + + authfail: authfail.c + $(CC) -o $@ $(CFLAGS) $< + + test: test.c + $(CC) -o $@ $(CFLAGS) $< + #+end_src + + Which results in the following: + + #+begin_src text + $ pwd && ls -l && make + /home/dante/auth_tests/authtest + total 12 + -rw-r--r-- 1 dante dante 143 May 30 19:20 Makefile + -rw-r--r-- 1 dante dante 248 May 29 19:30 authfail.c + -rw-r--r-- 1 dante dante 115 May 29 19:22 test.c + cc -o authfail -Wall -Wextra authfail.c + cc -o test -Wall -Wextra test.c + ./authfail + Hello! I don't have a secure path! + #+end_src + + - The manpage also says the path is limited to =/bin/= and =/usr/bin=, + which is also not the case. + + - The man page describes the interface for =auth_getitem= is in the + format of =AUTH_<item>=, but in reality it is =AUTHV_<item>=. + + # Ask jcs about the file descriptor situation, I don't understand it + # after reading both the man page and source. + + - The [[#auth_getchallenge][=auth_getchallenge=]] function in the [[https://man.openbsd.org/auth_subr.3#auth_getchallenge][=auth_subr(3)=]] man page + doesn't seem to exist in the source code. + +** TODO How are these configured in login.conf? |