===== lib/ncplib.c 1.93 vs edited ===== --- 1.93/lib/ncplib.c 2005-01-13 20:57:58 +01:00 +++ edited/lib/ncplib.c 2005-01-14 02:32:36 +01:00 @@ -2259,6 +2259,10 @@ if (stat(path, &st) != 0) { return errno; } + if (st.st_uid != getuid()) { + *err = EACCES; + return NULL; + } if ((st.st_mode & (S_IRWXO | S_IRWXG)) != 0) { return NCPLIB_INVALID_MODE; } @@ -2367,7 +2371,7 @@ spec->server, spec->user); pwd = getpass(_("Password: ")); - if (strlen(pwd) > sizeof(spec->password)) { + if (strlen(pwd) >= sizeof(spec->password)) { return ENAMETOOLONG; } strcpy(spec->password, pwd); ===== lib/nwclient.c 1.6 vs edited ===== --- 1.6/lib/nwclient.c 2005-01-13 23:35:32 +01:00 +++ edited/lib/nwclient.c 2005-01-14 02:32:36 +01:00 @@ -477,6 +477,10 @@ *err = errno; return NULL; } + if (st.st_uid != getuid()) { + *err = EACCES; + return NULL; + } if ((st.st_mode & (S_IRWXO | S_IRWXG)) != 0) { *err = NCPLIB_INVALID_MODE; return NULL; @@ -816,7 +820,7 @@ static NWDSCCODE __docopy_string (UNUSED(NWDSContextHandle ctx), const void* val, const enum SYNTAX synt, size_t currentSize, char* result, size_t maxSize){ - + int l; #ifdef DEBUG_PRINT printf ("__docopy_string got :%s synt = %d cursize=%d maxsize= %d\n",(char *)val,synt,currentSize,maxSize ); #endif @@ -825,90 +829,63 @@ if (!result) return ERR_NULL_POINTER; switch (synt) { case SYN_DIST_NAME: -#if 0 - { - NWDSCCODE err; - char tmpBuf [MAX_DN_BYTES+1]; - - err = NWDSAbbreviateName(ctx, val, tmpBuf); - if (err) - return err; - strcpy (result,tmpBuf); - } -#else - strcpy(result,val); -#endif - break; case SYN_CI_STRING: case SYN_CE_STRING: case SYN_PR_STRING: case SYN_NU_STRING: case SYN_TEL_NUMBER: case SYN_CLASS_NAME: - strcpy(result,val); - break; + l = snprintf(result, maxSize, "%s", (const char *)val); + break; case SYN_PATH:{ const Path_T* p = (const Path_T*)val; - if (strlen(p->volumeName)+strlen(p->path)+2+2+1>=maxSize) - return NWE_BUFFER_OVERFLOW; - sprintf(result,"%u,%s,%s", p->nameSpaceType,p->volumeName, p->path); + + l = snprintf(result, maxSize, "%u,%s,%s", p->nameSpaceType, p->volumeName, p->path); } break; case SYN_TYPED_NAME:{ const Typed_Name_T* tn = (const Typed_Name_T*)val; - if (strlen(tn->objectName)+8+8+2+1>=maxSize) - return NWE_BUFFER_OVERFLOW; - sprintf(result,"%u,%u,%s", tn->interval,tn->level,tn->objectName); + + l = snprintf(result, maxSize, "%u,%u,%s", tn->interval, tn->level, tn->objectName); } break; case SYN_FAX_NUMBER:{ const Fax_Number_T* fn = (const Fax_Number_T*)val; - if (strlen(fn->telephoneNumber)+2+1+1>=maxSize) - return NWE_BUFFER_OVERFLOW; - sprintf(result,"%s,%u", fn->telephoneNumber,fn->parameters.numOfBits); + + l = snprintf(result, maxSize, "%s,%u", fn->telephoneNumber, fn->parameters.numOfBits); } break; case SYN_EMAIL_ADDRESS:{ const EMail_Address_T* ea = (const EMail_Address_T*)val; /*change the SMTP:aaa@bbbb to SMTP,aaa@bbbb */ char* p=strchr(ea->address,':'); - if (strlen(ea->address)+2+1+1>=maxSize) - return NWE_BUFFER_OVERFLOW; if (p) *p=','; - sprintf(result,"%u,%s", ea->type,ea->address); + l = snprintf(result, maxSize, "%u,%s", ea->type, ea->address); } break; case SYN_PO_ADDRESS:{ const NWDSChar* const* pa = (const NWDSChar* const*)val; - int n; - size_t len=1; - for (n=0;n <5;n++) - len +=strlen(pa[n]+1); - if (len >=maxSize) - return NWE_BUFFER_OVERFLOW; - sprintf(result,"%s,%s,%s,%s,%s,%s",pa[0],pa[1],pa[2],pa[3],pa[4],pa[5]); + + l = snprintf(result, maxSize, "%s,%s,%s,%s,%s,%s", pa[0], pa[1], pa[2], pa[3], pa[4], pa[5]); } break; case SYN_HOLD:{ const Hold_T* h = (const Hold_T*)val; - if (strlen(h->objectName)+8+1+1>=maxSize) - return NWE_BUFFER_OVERFLOW; - sprintf(result,"%u,%s", h->amount, h->objectName); + + l = snprintf(result, maxSize, "%u,%s", h->amount, h->objectName); } break; case SYN_TIMESTAMP:{ const TimeStamp_T* stamp = (const TimeStamp_T*)val; - if (maxSize <=3*9) - return NWE_BUFFER_OVERFLOW; - sprintf(result,"%u,%u,%u",stamp->wholeSeconds, stamp->replicaNum,stamp->eventID); + + l = snprintf(result, maxSize, "%u,%u,%u", stamp->wholeSeconds, stamp->replicaNum, stamp->eventID); } break; case SYN_BACK_LINK:{ const Back_Link_T* bl = (const Back_Link_T*)val; - if (strlen(bl->objectName)+8+1+1 >=maxSize) - return NWE_BUFFER_OVERFLOW; - sprintf(result,"%08X,%s", bl->remoteID, bl->objectName); + + l = snprintf(result, maxSize, "%08X,%s", bl->remoteID, bl->objectName); } break; case SYN_CI_LIST:{ @@ -933,60 +910,67 @@ } *(--aux)=0; } - break; + return 0; case SYN_OCTET_LIST:{ const Octet_List_T* ol = (const Octet_List_T*)val; size_t i; - char aux [4]; - if ((ol->length+1)*3+1 >=maxSize) + char *aux; + + if (20 + (ol->length+1)*3+1 >=maxSize) return NWE_BUFFER_OVERFLOW; - sprintf(result,"%u", ol->length); + sprintf(result, "%u", ol->length); + aux = result + strlen(result); for (i = 0; i < ol->length; i++) { - sprintf(aux,",%02X", ol->data[i]); - strcat(result,aux); + sprintf(aux, ",%02X", ol->data[i]); + aux += 3; } } - break; + return 0; case SYN_OCTET_STRING:{ const Octet_String_T* os = (const Octet_String_T*)val; - char aux [4]; size_t i; + char *aux; #ifdef DEBUG_PRINT printf ("len %d\n",os->length); #endif - if ((os->length+1)*3+1 >=maxSize) + if (20 + (os->length+1)*3+1 >=maxSize) return NWE_BUFFER_OVERFLOW; - sprintf(result,"%u", os->length); + sprintf(result, "%u", os->length); + aux = result + strlen(result); for (i = 0; i < os->length; i++) { - sprintf(aux,",%02X", os->data[i]); - strcat(result,aux); + sprintf(aux, ",%02X", os->data[i]); + aux += 3; } } - break; + return 0; case SYN_NET_ADDRESS:{ const Net_Address_T* na = (const Net_Address_T*)val; size_t z; - char aux[4]; + char *aux; + z=na->addressLength; - if (3*(z+2)+1 >=maxSize) + if (40 + 3*(z+2)+1 >=maxSize) return NWE_BUFFER_OVERFLOW; - sprintf(result,"%u,%u", na->addressType,na->addressLength); + sprintf(result, "%u,%u", na->addressType, na->addressLength); + aux = result + strlen(result); for (z = 0; z < na->addressLength; z++) { - sprintf(aux,",%02X", na->address[z]); - strcat(result,aux); + sprintf(aux, ",%02X", na->address[z]); + aux += 3; } } - break; + return 0; case SYN_OBJECT_ACL:{ const Object_ACL_T* oacl = (const Object_ACL_T*)val; - if (strlen(oacl->protectedAttrName)+strlen(oacl->subjectName)+8+2+1 >=maxSize) - return NWE_BUFFER_OVERFLOW; - sprintf(result,"%s,%s,%08X",oacl->protectedAttrName,oacl->subjectName,oacl->privileges); + + l = snprintf(result, maxSize, "%s,%s,%08X", oacl->protectedAttrName, oacl->subjectName, oacl->privileges); } break; default: return EINVAL; + } + if (l < 0 || (size_t)l >= maxSize) { + return NWE_BUFFER_OVERFLOW; } return 0; } ===== sutil/ncplogin.c 1.18 vs edited ===== --- 1.18/sutil/ncplogin.c 2004-05-30 00:03:03 +02:00 +++ edited/sutil/ncplogin.c 2005-01-14 00:25:46 +01:00 @@ -162,30 +162,34 @@ #endif static int opt_set_volume_after_parsing_all_options(struct ncp_mount_info* info) { - char tmpNWPath[1024]; + char *path; int e; - /* we DID check in main that -V has been specified !*/ - strcpy(tmpNWPath,info->remote_path); - if (info->root_path) { - strcat(tmpNWPath,"/"); - strcat(tmpNWPath,info->root_path); - } + if (info->root_path) { + e = asprintf(&path, "%s/%s", info->remote_path, info->root_path); + } else { + e = asprintf(&path, "%s", info->remote_path); + } + if (e == -1) { + errexit(84, _("Cannot allocate memory for path\n")); + } /* I keep forgeting typing it in uppercase so let's do it here */ - str_upper(tmpNWPath); - info->pathlen = e = ncp_path_to_NW_format(tmpNWPath, info->NWpath, sizeof(info->NWpath)); + str_upper(path); + info->pathlen = e = ncp_path_to_NW_format(path, info->NWpath, sizeof(info->NWpath)); if (e < 0) { - errexit(18, _("Volume path `%s' is invalid: `%s'\n"), tmpNWPath, strerror(-e)); + errexit(18, _("Volume path `%s' is invalid: `%s'\n"), path, strerror(-e)); }; if (info->pathlen == 1) { info->mdata.mounted_vol = ""; info->remote_path = "/"; + free(path); } else if (info->NWpath[0] != 1) { info->mdata.mounted_vol = "dummy"; - } else if (strlen(tmpNWPath) > NCP_VOLNAME_LEN) { - errexit(19, _("Volume name `%s' is too long\n"), tmpNWPath); + free(path); + } else if (strlen(path) > NCP_VOLNAME_LEN) { + errexit(19, _("Volume name `%s' is too long\n"), path); } else { - info->mdata.mounted_vol=info->remote_path; + info->mdata.mounted_vol = path; } return 0; } @@ -201,8 +205,8 @@ } static void opt_set_name_context(struct ncp_mount_info* info, const char* param) { - if (strlen(param)< sizeof(info->context)) - strcpy(info->context,param); + if (strlen(param) < sizeof(info->context)) + strcpy(info->context, param); else{ errexit(19, _("Context name `%s' is too long\n"), param); } @@ -307,7 +311,7 @@ { struct ncp_mount_info info; struct stat st; - char mount_name[256]; + char *mount_name; int result; @@ -340,7 +344,7 @@ init_mount_info(&info); - if (geteuid() != 0) + if (myeuid != 0) { errexit(26, _("%s must be installed suid root\n"), progname); } @@ -807,42 +811,29 @@ info.mdata.mount_point = mount_point; #ifndef NCPMAP - strcpy(mount_name, spec.server); - strcat(mount_name, "/"); - strcat(mount_name, spec.user); -#else - { -/* v 1.05 test for no multiple mount */ - char nwuser[256]=""; -/* struct ncp_conn_spec tmpSpec; */ - - strcpy(mount_name, info.server); - strcat(mount_name, "/"); - if ((err = NWDSWhoAmI(ctx,nwuser))==0) { - /* v 1.05 remove context in /etc/mtab entry */ - NWCXSplitNameAndContext(ctx,nwuser,nwuser,NULL); - str_upper(nwuser); - strcat(mount_name,nwuser); -/* does not work - if current user has another connexion to that server, even to another volume:path - ncp_find_permanent does not care about volume name nor "root path" - memset(&tmpSpec, 0, sizeof(tmpSpec)); - strcpy(tmpSpec.user,nwuser); - strcpy(tmpSpec.server,info.serverName); - tmpSpec.uid=info.mdata.uid; - if ((!info.allow_multiple_connections)&& - ((tmp_mount = ncp_find_permanent(&tmpSpec)) != NULL)) - { - fprintf(stderr, - _("You already have mounted server %s\nas user " - "%s\non mount point %s\n"), tmpSpec.server, tmpSpec.user, - tmp_mount); - exit(35); + if (asprintf(&mount_name, "%s/%s", spec.server, spec.user) < 0) { + NWDSFreeContext(ctx); + errexit(85, _("Cannot allocate memory for mtab entry: %s\n"), strerror(ENOMEM)); + } +#else + { + NWDSChar user[MAX_DN_BYTES]; + + err = NWDSWhoAmI(ctx, user); + if (err) { + NWDSFreeContext(ctx); + errexit(51, _("Cannot retrieve user identity: %s\n"), strnwerror(err)); } -***************/ - } else { + err = NWCXSplitNameAndContext(ctx, user, user, NULL); + if (err) { + NWDSFreeContext(ctx); + errexit(86, _("Cannot parse user name: %s\n"), strnwerror(err)); + } + /* FIXME: str_upper is unwanted! NWCXSplitNameAndContext too, BTW... Just retrieve name from server and do 'NWDSAbbreviateName' on it */ + str_upper(user); + if (asprintf(&mount_name, "%s/%s", info.server, user) < 0) { NWDSFreeContext(ctx); - errexit(51, _("NWDSWhoAmi returned %s\n"), strnwerror(err)); + errexit(85, _("Cannot allocate memory for mtab entry: %s\n"), strerror(ENOMEM)); } } #endif @@ -855,14 +846,16 @@ } else { mycom_err(result, _("failed in mount(2)")); } + free(mount_name); NWDSFreeContext(ctx); /*exit code stays 0 for TCL/tk to be fixed...*/ exit(0); } err = proc_aftermount(&info, &conn); if (err) { + free(mount_name); NWDSFreeContext(ctx); - umount(mount_point); + proc_ncpm_umount(mount_point); exit(err); } #ifndef NCPMAP @@ -875,7 +868,8 @@ mycom_err(err, _("failed in nds login")); fprintf(stderr, _("Login denied.\n")); ncp_close(conn); - umount(mount_point); + proc_ncpm_umount(mount_point); + free(mount_name); NWDSFreeContext(ctx); exit(55); } @@ -893,7 +887,8 @@ mycom_err(err, _("in login")); fprintf(stderr, _("Login denied\n")); ncp_close(conn); - umount(mount_point); + proc_ncpm_umount(mount_point); + free(mount_name); NWDSFreeContext(ctx); exit(56); } @@ -911,34 +906,37 @@ err = NWDSAddConnection(ctx, conn); if (err) { ncp_close(conn); - umount(mount_point); + proc_ncpm_umount(mount_point); + free(mount_name); NWDSFreeContext(ctx); errexit(110, _("Cannot attach connection to context: %s\n"), strnwerror(err)); } err = NWDSAuthenticateConn(ctx, conn); if (err) { ncp_close(conn); - umount(mount_point); -/*one day I will be in trouble here, when NWDSFreeContext() will free all added connections */ + proc_ncpm_umount(mount_point); + free(mount_name); NWDSFreeContext(ctx); errexit(112, _("Cannot authenticate connection: %s\n"), strnwerror(err)); } #endif err = NWSetBroadcastMode(conn,info.bcastmode); /*ignore error for now */ - NWDSFreeContext(ctx); /*free at last no more ifndef NCPMOUNT below */ if ((err = ncp_mount_specific(conn, -1, info.NWpath, info.pathlen)) != 0) { ncp_close(conn); - umount(mount_point); + proc_ncpm_umount(mount_point); + NWDSFreeContext(ctx); errexit(57, _("Cannot access path \"%s\": %s\n"), info.remote_path, strerror(-err)); } NWCCCloseConn(conn); - /*ncpmap, ncplogin must write in /etc/mtab*/ + NWDSFreeContext(ctx); + /* ncpmap, ncplogin must write in /etc/mtab */ { add_mnt_entry(mount_name, mount_point, info.flags); } + free(mount_name); if (info.echo_mnt_pnt) { printf(_("mounted on:%s\n"),mount_point); } ===== sutil/ncpm_common.c 1.15 vs edited ===== --- 1.15/sutil/ncpm_common.c 2004-05-30 00:03:03 +02:00 +++ edited/sutil/ncpm_common.c 2005-01-14 02:30:42 +01:00 @@ -219,8 +219,12 @@ return 1; } else if (pid == 0) { + char *myenv[] = { + "PATH=/sbin:/usr/sbin:/bin:/usr/bin", + NULL + }; /* child */ - execl("/sbin/modprobe", "modprobe", "ncpfs", NULL); + execle("/sbin/modprobe", "modprobe", "ncpfs", NULL, myenv); _exit(127); /* execl error */ } else { @@ -355,6 +359,54 @@ #endif +static inline int ncpm_suser(void) { + return setreuid(-1, 0); +} + +static int ncpm_normal(void) { + int e; + int v; + + e = errno; + v = setreuid(-1, myuid); + errno = e; + return v; +} + +static int proc_ncpm_mount(const char* source, const char* target, const char* filesystem, unsigned long mountflags, const void* data) { + int v; + int e; + + if (ncpm_suser()) { + return errno; + } + v = mount(source, target, filesystem, mountflags, data); + if (ncpm_normal()) { + /* We cannot handle this situation gracefully, so do what we can */ + + e = errno; + /* If mount suceeded, undo it */ + if (v) { + umount(target); + } + errexit(88, _("Cannot relinquish superuser rights: %s\n"), strerror(e)); + } + return v; +} + +int proc_ncpm_umount(const char* target) { + int v; + + if (ncpm_suser()) { + return errno; + } + v = umount(target); + if (ncpm_normal()) { + errexit(89, _("Cannot relinquish superuser rights: %s\n"), strerror(errno)); + } + return v; +} + #ifdef MOUNT2 static int ncp_mount_v2(const char* mount_name, unsigned long flags, const struct ncp_mount_data_independent* data) { struct ncp_mount_data_v2 datav2; @@ -392,7 +444,7 @@ } datav2.file_mode = data->file_mode; datav2.dir_mode = data->dir_mode; - err = mount(mount_name, data->mount_point, "ncpfs", flags, (void*) &datav2); + err = proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, (void*) &datav2); if (err) return errno; return 0; @@ -456,7 +508,7 @@ exit(0); /* Should not return from process_connection */ } close(pp[0]); - err=mount(mount_name, data->mount_point, "ncpfs", flags, (void*) &datav3); + err=proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, (void*) &datav3); if (err) { err = errno; /* Mount unsuccesful so we have to kill daemon */ @@ -507,7 +559,7 @@ sprintf(mountopts, "version=%u,flags=%u,owner=%u,uid=%u,gid=%u,mode=%u,dirmode=%u,timeout=%u,retry=%u,wdogpid=%u,ncpfd=%u,infofd=%u", NCP_MOUNT_VERSION_V5, ncpflags, data->mounted_uid, data->uid, data->gid, data->file_mode, data->dir_mode, data->time_out, data->retry_count, wdog_pid, data->ncp_fd, pp[1]); - err=mount(mount_name, data->mount_point, "ncpfs", flags, mountopts); + err=proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, mountopts); } else { err=-1; } @@ -525,7 +577,7 @@ datav4.file_mode = data->file_mode; datav4.dir_mode = data->dir_mode; datav4.wdog_pid = wdog_pid; - err = mount(mount_name, data->mount_point, "ncpfs", flags, (void*)&datav4); + err = proc_ncpm_mount(mount_name, data->mount_point, "ncpfs", flags, (void*)&datav4); if (err) { err = errno; /* Mount unsuccesful so we have to kill daemon */ @@ -546,9 +598,16 @@ void init_mount_info(struct ncp_mount_info *info) { mode_t um; - memset(info, 0, sizeof(*info)); - myuid = getuid(); + myeuid = geteuid(); + + if (myeuid == 0) { + if (setreuid(-1, myuid)) { + errexit(87, _("Cannot relinquish superuser rights: %s\n"), strerror(errno)); + } + } + + memset(info, 0, sizeof(*info)); info->version = -1; info->flags = MS_MGC_VAL; @@ -649,7 +708,14 @@ sr.name_space = NW_NS_DOS; sr.dirEntNum = DVAL_LH(&dirinfo.Directory.dirEntNum, 0); } + if (ncpm_suser()) { + return -errno; + } result = ioctl(ncp_get_fid(conn), NCP_IOC_SETROOT, &sr); + if (ncpm_normal()) { + /* Just continue, otherwise we cannot unmount directory */ + return result ? -errno : -EPERM; + } if (!result) { return 0; } @@ -665,7 +731,15 @@ #endif return -ENOPKG; } - if (ioctl(ncp_get_fid(conn), NCP_IOC_CONN_LOGGED_IN, NULL) != 0) { + if (ncpm_suser()) { + return -errno; + } + result = ioctl(ncp_get_fid(conn), NCP_IOC_CONN_LOGGED_IN, NULL); + if (ncpm_normal()) { + /* Just continue, otherwise we cannot umount directory */ + return result ? -errno : -EPERM; + } + if (result != 0) { return -errno; } return 0; @@ -798,11 +872,14 @@ return; } { - char xxx[1024]; + char xxx[1024]; /* "cmd=XXXXXXXXXXX, len=XXXXXXXXX, data:" + 3x300 chars */ char* p; sprintf(xxx, "cmd=%u, len=%u, data:", cmd, datalen); p = xxx + strlen(xxx); + if (datalen > 300) { + datalen = 300; + } while (datalen--) { sprintf(p, " %02X", *data++); p += 3; @@ -1358,6 +1435,9 @@ } *p = 0; + if (ncpm_suser()) { + errexit(91, _("Cannot switch to superuser: %s\n"), strerror(errno)); + } if ((fd = open(MOUNTED "~", O_RDWR | O_CREAT | O_EXCL, 0600)) == -1) { errexit(58, _("Can't get %s~ lock file\n"), MOUNTED); @@ -1382,6 +1462,9 @@ { errexit(62, _("Can't remove %s~\n"), MOUNTED); } + if (ncpm_normal()) { + errexit(90, _("Cannot relinquish superuser rights: %s\n"), strerror(EPERM)); + } } static int __proc_option(const struct optinfo* opts, struct ncp_mount_info* info, const char* opt, const char* param) { @@ -1635,6 +1718,10 @@ if ((info->nls_cs.codepage[0] != 0) || (info->nls_cs.iocharset[0] != 0)) { int i; + if (ncpm_suser()) { + fprintf(stderr, _("Cannot switch to superuser: %s\n"), strerror(errno)); + return 90; + } i = ioctl(ncp_get_fid(conn), NCP_IOC_SETCHARSETS, &info->nls_cs); if (i && (errno == EINVAL)) { struct ncp_nls_ioctl_old old_nls; @@ -1645,6 +1732,10 @@ old_nls.codepage = strtoul(p, NULL, 0); strcpy(old_nls.iocharset, info->nls_cs.iocharset); i = ioctl(ncp_get_fid(conn), NCP_IOC_SETCHARSETS_OLD, &old_nls); + } + if (ncpm_normal()) { + fprintf(stderr, _("Cannot relinquish superuser rights: %s\n"), strerror(-errno)); + return 91; } if (i) { if (errno == EINVAL || errno == ENOTTY) { ===== sutil/ncpm_common.h 1.10 vs edited ===== --- 1.10/sutil/ncpm_common.h 2004-05-30 00:03:03 +02:00 +++ edited/sutil/ncpm_common.h 2005-01-14 00:26:46 +01:00 @@ -16,6 +16,7 @@ #include "ncpmount.h" uid_t myuid; +uid_t myeuid; char *progname; char mount_point[MAXPATHLEN + 1]; @@ -118,6 +119,7 @@ void proc_option(const struct optinfo* opts, struct ncp_mount_info* info, const char* opt, const char* param); int proc_buildconn(struct ncp_mount_info* info); int proc_aftermount(const struct ncp_mount_info* info, NWCONN_HANDLE* conn); +int proc_ncpm_umount(const char* dir); #define UNUSED(x) x __attribute__((unused)) ===== sutil/ncpmount.c 1.68 vs edited ===== --- 1.68/sutil/ncpmount.c 2004-05-30 00:03:03 +02:00 +++ edited/sutil/ncpmount.c 2005-01-14 00:25:31 +01:00 @@ -171,7 +171,7 @@ { struct ncp_mount_info info; struct stat st; - char mount_name[256]; + char *mount_name; #ifdef NDS_SUPPORT NWDSContextHandle ctx; NWCONN_HANDLE auth_conn; @@ -350,7 +350,7 @@ if (info.server && info.tree) { errexit(66, _("Both tree and server name were specified. It is not allowed.\n")); } - if (geteuid() != 0) + if (myeuid != 0) { errexit(26, _("%s must be installed suid root\n"), progname); } @@ -594,13 +594,18 @@ info.mdata.mount_point = mount_point; - strcpy(mount_name, spec.server); - strcat(mount_name, "/"); - strcat(mount_name, spec.user); + if (asprintf(&mount_name, "%s/%s", spec.server, spec.user) < 0) { + NWDSFreeContext(ctx); + if (auth_conn) { + NWCCCloseConn(auth_conn); + } + errexit(85, _("Cannot allocate memory for mtab entry: %s\n"), strerror(ENOMEM)); + } result = ncp_mount(mount_name, &info); if (result) { + free(mount_name); NWDSFreeContext(ctx); if (auth_conn) { NWCCCloseConn(auth_conn); @@ -610,7 +615,8 @@ } err = proc_aftermount(&info, &conn); if (err) { - umount(info.mdata.mount_point); + proc_ncpm_umount(info.mdata.mount_point); + free(mount_name); NWDSFreeContext(ctx); if (auth_conn) { NWCCCloseConn(auth_conn); @@ -621,6 +627,8 @@ if (info.auth_src != NULL) { err = NWDSAuthenticateConn(ctx, conn); if (err) { + proc_ncpm_umount(info.mdata.mount_point); + free(mount_name); NWDSFreeContext(ctx); if (auth_conn) { NWCCCloseConn(auth_conn); @@ -636,7 +644,8 @@ mycom_err(err, _("in nds login")); fprintf(stderr, _("Login denied.\n")); ncp_close(conn); - umount(mount_point); + proc_ncpm_umount(mount_point); + free(mount_name); NWDSFreeContext(ctx); if (auth_conn) { NWCCCloseConn(auth_conn); @@ -660,7 +669,8 @@ mycom_err(err, _("in login")); fprintf(stderr, _("Login denied\n")); ncp_close(conn); - umount(mount_point); + proc_ncpm_umount(mount_point); + free(mount_name); NWDSFreeContext(ctx); if (auth_conn) { NWCCCloseConn(auth_conn); @@ -682,6 +692,9 @@ #endif err = NWDSFreeContext(ctx); if (err) { + ncp_close(conn); + proc_ncpm_umount(mount_point); + free(mount_name); if (auth_conn) { NWCCCloseConn(auth_conn); } @@ -694,7 +707,8 @@ if ((err = ncp_mount_specific(conn, -1, info.NWpath, info.pathlen)) != 0) { ncp_close(conn); - umount(mount_point); + proc_ncpm_umount(mount_point); + free(mount_name); errexit(57, _("Cannot access path \"%s\": %s\n"), info.remote_path, strerror(-err)); } ncp_close(conn);