diff options
| author | Thorsten Kukuk <kukuk@thkukuk.de> | 2004-10-06 13:42:36 +0000 |
|---|---|---|
| committer | Thorsten Kukuk <kukuk@thkukuk.de> | 2004-10-06 13:42:36 +0000 |
| commit | 3f42e813b61a2492f5b58d514aacf459f0799cdf (patch) | |
| tree | 7d45281025891630178becc1d3b222e993832f74 /modules/pam_unix/unix_chkpwd.c | |
| parent | b651aa8d81ecf3072cc52dcd0192905b686d17b1 (diff) | |
Relevant BUGIDs:
Purpose of commit:
Commit summary:
---------------
bugfix: Last part of fixes from Red Hat
Diffstat (limited to 'modules/pam_unix/unix_chkpwd.c')
| -rw-r--r-- | modules/pam_unix/unix_chkpwd.c | 37 |
1 files changed, 29 insertions, 8 deletions
diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c index dd07960c..e65728d8 100644 --- a/modules/pam_unix/unix_chkpwd.c +++ b/modules/pam_unix/unix_chkpwd.c @@ -57,6 +57,24 @@ static void _log_err(int err, const char *format,...) closelog(); } +static int _unix_shadowed(const struct passwd *pwd) +{ + char hashpass[1024]; + if (pwd != NULL) { + if (strcmp(pwd->pw_passwd, "x") == 0) { + return 1; + } + if (strlen(pwd->pw_name) < sizeof(hashpass) - 2) { + strcpy(hashpass, "##"); + strcpy(hashpass + 2, pwd->pw_name); + if (strcmp(pwd->pw_passwd, hashpass) == 0) { + return 1; + } + } + } + return 0; +} + static void su_sighandler(int sig) { if (sig > 0) { @@ -87,7 +105,7 @@ static void setup_signals(void) (void) sigaction(SIGQUIT, &action, NULL); } -static int _unix_verify_password(const char *name, const char *p, int opt) +static int _unix_verify_password(const char *name, const char *p, int nullok) { struct passwd *pwd = NULL; struct spwd *spwdent = NULL; @@ -101,7 +119,7 @@ static int _unix_verify_password(const char *name, const char *p, int opt) pwd = getpwnam(name); /* Get password file entry... */ endpwent(); if (pwd != NULL) { - if (strcmp(pwd->pw_passwd, "x") == 0) { + if (_unix_shadowed(pwd)) { /* * ...and shadow password file entry for this user, * if shadowing is enabled @@ -136,7 +154,10 @@ static int _unix_verify_password(const char *name, const char *p, int opt) salt_len = strlen(salt); if (salt_len == 0) { - return (opt == 0) ? UNIX_FAILED : UNIX_PASSED; + return (nullok == 0) ? UNIX_FAILED : UNIX_PASSED; + } + if (p == NULL) { + return UNIX_FAILED; } /* the moment of truth -- do we agree with the password? */ @@ -202,7 +223,7 @@ int main(int argc, char *argv[]) { char pass[MAXPASS + 1]; char option[8]; - int npass, opt; + int npass, nullok; int force_failure = 0; int retval = UNIX_FAILED; char *user; @@ -255,9 +276,9 @@ int main(int argc, char *argv[]) } else { option[7] = '\0'; if (strncmp(option, "nullok", 8) == 0) - opt = 1; + nullok = 1; else - opt = 0; + nullok = 0; } /* read the password from stdin (a pipe from the pam_unix module) */ @@ -276,13 +297,13 @@ int main(int argc, char *argv[]) if (npass == 0) { /* the password is NULL */ - retval = _unix_verify_password(user, NULL, opt); + retval = _unix_verify_password(user, NULL, nullok); } else { /* does pass agree with the official one? */ pass[npass] = '\0'; /* NUL terminate */ - retval = _unix_verify_password(user, pass, opt); + retval = _unix_verify_password(user, pass, nullok); } } |