proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-05 04:40:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

vtysh: Account validity should be verified when authenticating users with PAM.

Browse Source 
Description:
	SonarQube detects the following behaviour as a vulanarability.
	When authenticating users using PAM, it is strongly recommended to
	check the validity of the account (not locked, not expired ...),
	otherwise it leads to unauthorized access to resources.

	pam_acct_mgmt() should be called for account validity after
	calling pam_authenticate().

Signed-off-by: Rajesh Girada <rgirada@vmware.com>
This commit is contained in:
rgirada 2022-06-23 07:37:28 -07:00
parent 8a8fd10a47
commit 264a2a273f
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
vtysh/vtysh_user.c
View File

@ -71,6 +71,10 @@ static int vtysh_pam(const char *user)
fprintf(stderr, "vtysh_pam: Failure to initialize pam: %s(%d)",
pam_strerror(pamh, ret), ret);
if (pam_acct_mgmt(pamh, 0) != PAM_SUCCESS)
fprintf(stderr, "%s: Failed in account validation: %s(%d)",
__func__, pam_strerror(pamh, ret), ret);
/* close Linux-PAM */
if (pam_end(pamh, ret) != PAM_SUCCESS) {
pamh = NULL;