diff options
| author | Christof Schmitt <cs@samba.org> | 2020-07-08 20:03:44 -0700 |
|---|---|---|
| committer | Christof Schmitt <cs@samba.org> | 2020-07-17 17:12:33 +0000 |
| commit | fd364b01e2defb5f48238db64d3ef7f6d828c517 (patch) | |
| tree | 2c58e58d93662379ca7c1d4487ecdf983bb07d15 /nsswitch | |
| parent | 71b7140fd0a33e7e8c5bf37c2897cea8224b3f01 (diff) | |
| download | samba-fd364b01e2defb5f48238db64d3ef7f6d828c517.tar.gz | |
pam_winbind: Fix CID 242274 Time of check time of use
Always issue the mkdir call to avoid the TOCTOU issue. Only if there is
already an object with the requested name, check whether it is a
directory.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'nsswitch')
| -rw-r--r-- | nsswitch/pam_winbind.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c index 61ce4fd6b21..aee45bfe9bc 100644 --- a/nsswitch/pam_winbind.c +++ b/nsswitch/pam_winbind.c @@ -1582,14 +1582,23 @@ static int _pam_create_homedir(struct pwb_context *ctx, const char *dirname, mode_t mode) { - struct stat sbuf; + int ret; - if (stat(dirname, &sbuf) == 0) { - return PAM_SUCCESS; - } + ret = mkdir(dirname, mode); + if (ret != 0 && errno == EEXIST) { + struct stat sbuf; - if (mkdir(dirname, mode) != 0) { + ret = stat(dirname, &sbuf); + if (ret != 0) { + return PAM_PERM_DENIED; + } + + if (!S_ISDIR(sbuf.st_mode)) { + return PAM_PERM_DENIED; + } + } + if (ret != 0) { _make_remark_format(ctx, PAM_TEXT_INFO, _("Creating directory: %s failed: %s"), dirname, strerror(errno)); |