diff options
| author | Thorsten Kukuk <kukuk@thkukuk.de> | 2006-12-20 14:56:08 +0000 |
|---|---|---|
| committer | Thorsten Kukuk <kukuk@thkukuk.de> | 2006-12-20 14:56:08 +0000 |
| commit | 67df1415e3ce6a6792a11e58155fe1276cd7cd5d (patch) | |
| tree | 41d55c7340dad69898a8bae5555b04f1fbad355f /modules | |
| parent | 5446d7c0392279696b941b65f21b383e7c01511c (diff) | |
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
Don't be more restrictive than useradd for account names:
2006-12-20 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Forbid
only '+' and '-' as first characters for account names.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/pam_unix/pam_unix_auth.c | 7 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix_passwd.c | 7 |
2 files changed, 6 insertions, 8 deletions
diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c index 5cdec27f..3004bee8 100644 --- a/modules/pam_unix/pam_unix_auth.c +++ b/modules/pam_unix/pam_unix_auth.c @@ -124,11 +124,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags if (retval == PAM_SUCCESS) { /* * Various libraries at various times have had bugs related to - * '+' or '-' as the first character of a user name. Don't take - * any chances here. Require that the username starts with an - * alphanumeric character. + * '+' or '-' as the first character of a user name. Don't + * allow this characters here. */ - if (name == NULL || !isalnum(*name)) { + if (name == NULL || name[0] == '-' || name[0] == '+') { pam_syslog(pamh, LOG_ERR, "bad username [%s]", name); retval = PAM_USER_UNKNOWN; AUTH_RETURN; diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index c7ee28c9..8921d1cc 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -1037,11 +1037,10 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, if (retval == PAM_SUCCESS) { /* * Various libraries at various times have had bugs related to - * '+' or '-' as the first character of a user name. Don't take - * any chances here. Require that the username starts with an - * alphanumeric character. + * '+' or '-' as the first character of a user name. Don't + * allow them. */ - if (user == NULL || !isalnum(*user)) { + if (user == NULL || user[0] == '-' || user[0] == '+') { pam_syslog(pamh, LOG_ERR, "bad username [%s]", user); return PAM_USER_UNKNOWN; } |