Relevant BUGIDs:

Purpose of commit:

Commit summary:
---------------

bugfix: Bug 1027903 and 1027912

3 files changed, 10 insertions, 1 deletions

diff --git a/CHANGELOG b/CHANGELOG
index 6ae4daa1..e510a164 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -82,6 +82,10 @@ BerliOS Bugs are marked with (BerliOS #XXXX).
   (patch by "Dmitry V. Levin" <ldv@altlinux.org>) (Bug 812567 - baggins).
 * doc/modules/pam_mkhomedir.sgml: Remove wrong debug options 
   (Bug 591605 - kukuk)
+* pam_unix: Call password checking helper whenever the password field
+  contains only one character (Bug 1027903 - kukuk)
+* libpam/pam_start.c: All service names should be files below /etc/pam.d
+  and nothing else. Forbid paths. (Bug 1027912 - kukuk)
 
 
 0.77: Mon Sep 23 10:25:42 PDT 2002
diff --git a/libpam/pam_start.c b/libpam/pam_start.c
index ef1dae1d..f8955854 100644
--- a/libpam/pam_start.c
+++ b/libpam/pam_start.c
@@ -34,6 +34,11 @@ int pam_start (
 	return (PAM_BUF_ERR);
     }
 
+    /* All service names should be files below /etc/pam.d and nothing
+       else. Forbid paths. */
+    if (strrchr(service_name, '/') != NULL)
+	service_name = strrchr(service_name, '/') + 1;
+    
     /* Mark the caller as the application - permission to do certain
        things is limited to a module or an application */
 
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 1b55d23b..5486e12f 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -554,7 +554,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 	}
 
 	retval = PAM_SUCCESS;
-	if (pwd == NULL || salt == NULL || !strcmp(salt, "x")) {
+	if (pwd == NULL || salt == NULL || strlen(salt) == 1) {
 		if (geteuid()) {
 			/* we are not root perhaps this is the reason? Run helper */
 			D(("running helper binary"));