svn commit: r251188 - head/contrib/telnet/telnetd

[Marcel Moolenaar]

Author: marcel
Date: Fri May 31 17:30:12 2013
New Revision: 251188
URL: http://svnweb.freebsd.org/changeset/base/251188

Log:
  Fix "automatic" login, broken by revision 69825 (12 years, 5 months ago).
  The "automatic" login feature is described as follows:
  The USER environment variable holds the name of the person telnetting in.
  This is the username of the person on the client machine. The traditional
  behaviour is to execute login(1) with this username first, meaning that
  login(1) will prompt for the password only. If login fails, login(1) will
  retry, but now prompt for the username before prompting for the password.
  
  This feature got broken by how the environment got scrubbed. Before the
  change in r69825 we removed variables that we deemed dangerous. Starting
  with r69825 we only keep those variable we know to be safe.
  
  The USER environment variable fell through the cracks. It suddenly got
  scrubbed (i.e. removed from the environment) while still being checked
  for. It also got explicitly removed from the environment to handle the
  failed login case.
  
  The fix is to obtain the value of the USER environment variable before
  we scrub the environment and used the "cached" in subsequent checks.
  This guarantees that the environment does not contain the USER variable
  in the end, while still being able to implement "automatic" login.
  
  Obtained from:	Juniper Networks, Inc.

Modified:
  head/contrib/telnet/telnetd/sys_term.c

Modified: head/contrib/telnet/telnetd/sys_term.c
==============================================================================
--- head/contrib/telnet/telnetd/sys_term.c	Fri May 31 17:27:44 2013	(r251187)
+++ head/contrib/telnet/telnetd/sys_term.c	Fri May 31 17:30:12 2013	(r251188)
@@ -1,4 +1,4 @@
- /*
+/*
  * Copyright (c) 1989, 1993
  *	The Regents of the University of California.  All rights reserved.
  *
@@ -1026,6 +1026,10 @@ void
 start_login(char *host undef1, int autologin undef1, char *name undef1)
 {
 	char **argv;
+	char *user;
+
+	user = getenv("USER");
+	user = (user != NULL) ? strdup(user) : NULL;
 
 	scrub_env();
 
@@ -1160,9 +1164,9 @@ start_login(char *host undef1, int autol
 # endif
 	} else
 #endif
-	if (getenv("USER")) {
+	if (user != NULL) {
  		argv = addarg(argv, "--");
-		argv = addarg(argv, getenv("USER"));
+		argv = addarg(argv, user);
 #if	defined(LOGIN_ARGS) && defined(NO_LOGIN_P)
 		{
 			char **cpp;
@@ -1170,17 +1174,6 @@ start_login(char *host undef1, int autol
 				argv = addarg(argv, *cpp);
 		}
 #endif
-		/*
-		 * Assume that login will set the USER variable
-		 * correctly.  For SysV systems, this means that
-		 * USER will no longer be set, just LOGNAME by
-		 * login.  (The problem is that if the auto-login
-		 * fails, and the user then specifies a different
-		 * account name, he can get logged in with both
-		 * LOGNAME and USER in his environment, but the
-		 * USER value will be wrong.
-		 */
-		unsetenv("USER");
 	}
 #ifdef	AUTHENTICATION
 #if	defined(NO_LOGIN_F) && defined(LOGIN_R)
@@ -1190,6 +1183,9 @@ start_login(char *host undef1, int autol
 #endif /* AUTHENTICATION */
 	closelog();
 
+	if (user != NULL)
+		free(user);
+
 	if (altlogin == NULL) {
 		altlogin = _PATH_LOGIN;
 	}