diff options
| author | Thorsten Kukuk <kukuk@thkukuk.de> | 2006-12-20 14:56:08 +0000 |
|---|---|---|
| committer | Thorsten Kukuk <kukuk@thkukuk.de> | 2006-12-20 14:56:08 +0000 |
| commit | 67df1415e3ce6a6792a11e58155fe1276cd7cd5d (patch) | |
| tree | 41d55c7340dad69898a8bae5555b04f1fbad355f | |
| parent | 5446d7c0392279696b941b65f21b383e7c01511c (diff) | |
| download | pam-67df1415e3ce6a6792a11e58155fe1276cd7cd5d.tar.gz pam-67df1415e3ce6a6792a11e58155fe1276cd7cd5d.tar.bz2 pam-67df1415e3ce6a6792a11e58155fe1276cd7cd5d.zip | |
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
Don't be more restrictive than useradd for account names:
2006-12-20 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Forbid
only '+' and '-' as first characters for account names.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.
| -rw-r--r-- | ChangeLog | 12 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix_auth.c | 7 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix_passwd.c | 7 |
3 files changed, 15 insertions, 11 deletions
@@ -1,3 +1,9 @@ +2006-12-20 Thorsten Kukuk <kukuk@thkukuk.de> + + * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Forbid + only '+' and '-' as first characters for account names. + * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise. + 2006-12-18 Thorsten Kukuk <kukuk@thkukuk.de> * configure.in: Fix ENOKEY check (specify errno.h as header @@ -16,14 +22,14 @@ * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Localize message printed to user. - + * modules/pam_unix/support.c (_unix_verify_password): Use strncmp only for bigcrypt result. - + * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Switch to new egid first, euid next. Revert euid/egid to old euid/egid and not ruid/rgid. - (pam_sm_open_session): Switch to new rgid first, ruid next. + (pam_sm_open_session): Switch to new rgid first, ruid next. 2006-12-13 Thorsten Kukuk <kukuk@thkukuk.de> diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c index 5cdec27f..3004bee8 100644 --- a/modules/pam_unix/pam_unix_auth.c +++ b/modules/pam_unix/pam_unix_auth.c @@ -124,11 +124,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags if (retval == PAM_SUCCESS) { /* * Various libraries at various times have had bugs related to - * '+' or '-' as the first character of a user name. Don't take - * any chances here. Require that the username starts with an - * alphanumeric character. + * '+' or '-' as the first character of a user name. Don't + * allow this characters here. */ - if (name == NULL || !isalnum(*name)) { + if (name == NULL || name[0] == '-' || name[0] == '+') { pam_syslog(pamh, LOG_ERR, "bad username [%s]", name); retval = PAM_USER_UNKNOWN; AUTH_RETURN; diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index c7ee28c9..8921d1cc 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -1037,11 +1037,10 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, if (retval == PAM_SUCCESS) { /* * Various libraries at various times have had bugs related to - * '+' or '-' as the first character of a user name. Don't take - * any chances here. Require that the username starts with an - * alphanumeric character. + * '+' or '-' as the first character of a user name. Don't + * allow them. */ - if (user == NULL || !isalnum(*user)) { + if (user == NULL || user[0] == '-' || user[0] == '+') { pam_syslog(pamh, LOG_ERR, "bad username [%s]", user); return PAM_USER_UNKNOWN; } |