diff options
| -rw-r--r-- | ChangeLog | 12 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix_auth.c | 7 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix_passwd.c | 7 |
3 files changed, 15 insertions, 11 deletions
@@ -1,3 +1,9 @@ +2006-12-20 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Forbid + only '+' and '-' as first characters for account names. + * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise. + 2006-12-18 Thorsten Kukuk <kukuk@thkukuk.de> * configure.in: Fix ENOKEY check (specify errno.h as header @@ -16,14 +22,14 @@ * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Localize message printed to user. - + * modules/pam_unix/support.c (_unix_verify_password): Use strncmp only for bigcrypt result. - + * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Switch to new egid first, euid next. Revert euid/egid to old euid/egid and not ruid/rgid. - (pam_sm_open_session): Switch to new rgid first, ruid next. + (pam_sm_open_session): Switch to new rgid first, ruid next. 2006-12-13 Thorsten Kukuk <kukuk@thkukuk.de> diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c index 5cdec27f..3004bee8 100644 --- a/modules/pam_unix/pam_unix_auth.c +++ b/modules/pam_unix/pam_unix_auth.c @@ -124,11 +124,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags if (retval == PAM_SUCCESS) { /* * Various libraries at various times have had bugs related to - * '+' or '-' as the first character of a user name. Don't take - * any chances here. Require that the username starts with an - * alphanumeric character. + * '+' or '-' as the first character of a user name. Don't + * allow this characters here. */ - if (name == NULL || !isalnum(*name)) { + if (name == NULL || name[0] == '-' || name[0] == '+') { pam_syslog(pamh, LOG_ERR, "bad username [%s]", name); retval = PAM_USER_UNKNOWN; AUTH_RETURN; diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index c7ee28c9..8921d1cc 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -1037,11 +1037,10 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, if (retval == PAM_SUCCESS) { /* * Various libraries at various times have had bugs related to - * '+' or '-' as the first character of a user name. Don't take - * any chances here. Require that the username starts with an - * alphanumeric character. + * '+' or '-' as the first character of a user name. Don't + * allow them. */ - if (user == NULL || !isalnum(*user)) { + if (user == NULL || user[0] == '-' || user[0] == '+') { pam_syslog(pamh, LOG_ERR, "bad username [%s]", user); return PAM_USER_UNKNOWN; } |