diff options
| author | Dmitry V. Levin <ldv@altlinux.org> | 2020-05-01 21:44:59 +0000 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@altlinux.org> | 2020-05-21 16:51:52 +0000 |
| commit | bd3cdf24ee83ea4c4551c6aaf6966e720d957577 (patch) | |
| tree | 87e148035dc0049109f45e85335536a98a08ac56 | |
| parent | 6da2d665f735e957315be129734f5ae24efbf590 (diff) | |
pam_localuser: reject user names containing a colon
"root:x" is not a local user name even if the passwd file contains
a line starting with "root:x:".
* modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Return
PAM_PERM_DENIED if the user name contains a colon.
| -rw-r--r-- | modules/pam_localuser/pam_localuser.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/modules/pam_localuser/pam_localuser.c b/modules/pam_localuser/pam_localuser.c index 6f4f8aea..4e05350e 100644 --- a/modules/pam_localuser/pam_localuser.c +++ b/modules/pam_localuser/pam_localuser.c @@ -106,6 +106,15 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, return PAM_SYSTEM_ERR; } + if (strchr(user, ':') != NULL) { + /* + * "root:x" is not a local user name even if the passwd file + * contains a line starting with "root:x:". + */ + fclose(fp); + return PAM_PERM_DENIED; + } + /* scan the file, using fgets() instead of fgetpwent() because i * don't want to mess with applications which call fgetpwent() */ ret = PAM_PERM_DENIED; |