From 67df1415e3ce6a6792a11e58155fe1276cd7cd5d Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <kukuk@thkukuk.de>
Date: Wed, 20 Dec 2006 14:56:08 +0000
Subject: Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

Don't be more restrictive than useradd for account names:

2006-12-20  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Forbid
        only '+' and '-' as first characters for account names.
        * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.
---
 modules/pam_unix/pam_unix_passwd.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'modules/pam_unix/pam_unix_passwd.c')

diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index c7ee28c9..8921d1cc 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -1037,11 +1037,10 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
 	if (retval == PAM_SUCCESS) {
 		/*
 		 * Various libraries at various times have had bugs related to
-		 * '+' or '-' as the first character of a user name. Don't take
-		 * any chances here. Require that the username starts with an
-		 * alphanumeric character.
+		 * '+' or '-' as the first character of a user name. Don't
+		 * allow them.
 		 */
-		if (user == NULL || !isalnum(*user)) {
+		if (user == NULL || user[0] == '-' || user[0] == '+') {
 			pam_syslog(pamh, LOG_ERR, "bad username [%s]", user);
 			return PAM_USER_UNKNOWN;
 		}
-- 
cgit v1.2.3