diff options
| -rw-r--r-- | CHANGELOG | 4 | ||||
| -rw-r--r-- | libpam/pam_start.c | 5 | ||||
| -rw-r--r-- | modules/pam_unix/support.c | 2 |
3 files changed, 10 insertions, 1 deletions
@@ -82,6 +82,10 @@ BerliOS Bugs are marked with (BerliOS #XXXX). (patch by "Dmitry V. Levin" <ldv@altlinux.org>) (Bug 812567 - baggins). * doc/modules/pam_mkhomedir.sgml: Remove wrong debug options (Bug 591605 - kukuk) +* pam_unix: Call password checking helper whenever the password field + contains only one character (Bug 1027903 - kukuk) +* libpam/pam_start.c: All service names should be files below /etc/pam.d + and nothing else. Forbid paths. (Bug 1027912 - kukuk) 0.77: Mon Sep 23 10:25:42 PDT 2002 diff --git a/libpam/pam_start.c b/libpam/pam_start.c index ef1dae1d..f8955854 100644 --- a/libpam/pam_start.c +++ b/libpam/pam_start.c @@ -34,6 +34,11 @@ int pam_start ( return (PAM_BUF_ERR); } + /* All service names should be files below /etc/pam.d and nothing + else. Forbid paths. */ + if (strrchr(service_name, '/') != NULL) + service_name = strrchr(service_name, '/') + 1; + /* Mark the caller as the application - permission to do certain things is limited to a module or an application */ diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 1b55d23b..5486e12f 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -554,7 +554,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name } retval = PAM_SUCCESS; - if (pwd == NULL || salt == NULL || !strcmp(salt, "x")) { + if (pwd == NULL || salt == NULL || strlen(salt) == 1) { if (geteuid()) { /* we are not root perhaps this is the reason? Run helper */ D(("running helper binary")); |