From 1814aec611a5f9e03eceee81237ad3a3f51c954a Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Wed, 26 Oct 2011 23:56:54 +0000 Subject: Fix whitespace issues Cleanup trailing whitespaces, indentation that uses spaces before tabs, and blank lines at EOF. Make the project free of warnings reported by git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD --- modules/pam_unix/passverify.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'modules/pam_unix/passverify.c') diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 5199a690..089f4b83 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -89,17 +89,17 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok) } else { if (!strncmp(hash, "$1$", 3)) { pp = Goodcrypt_md5(p, hash); - if (pp && strcmp(pp, hash) != 0) { + if (pp && strcmp(pp, hash) != 0) { _pam_delete(pp); pp = Brokencrypt_md5(p, hash); - } + } } else if (*hash != '$' && hash_len >= 13) { - pp = bigcrypt(p, hash); - if (pp && hash_len == 13 && strlen(pp) > hash_len) { + pp = bigcrypt(p, hash); + if (pp && hash_len == 13 && strlen(pp) > hash_len) { _pam_overwrite(pp + hash_len); - } + } } else { - /* + /* * Ok, we don't know the crypt algorithm, but maybe * libcrypt knows about it? We should try it. */ @@ -448,12 +448,12 @@ unix_selinux_confined(void) char tempfile[]="/etc/.pwdXXXXXX"; if (confined != -1) - return confined; + return confined; /* cannot be confined without SELinux enabled */ if (!SELINUX_ENABLED){ - confined = 0; - return confined; + confined = 0; + return confined; } /* let's try opening shadow read only */ @@ -633,7 +633,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, char *sptr = NULL; found = 1; if (howmany == 0) - continue; + continue; buf[strlen(buf) - 1] = '\0'; s_luser = strtok_r(buf, ":", &sptr); s_uid = strtok_r(NULL, ":", &sptr); -- cgit v1.2.3 From 0baf28fa03dfa46482e13390fd9a7545c30ccd7f Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 3 Jan 2012 12:30:43 +0100 Subject: Fix matching of usernames in the pam_unix remember feature. * modules/pam_unix/pam_unix_passwd.c (check_old_password): Make sure we match only the whole username in opasswd entry. * modules/pam_unix/passverify.c (save_old_password): Likewise make sure we match only the whole username in opasswd entry. --- modules/pam_unix/pam_unix_passwd.c | 4 +++- modules/pam_unix/passverify.c | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'modules/pam_unix/passverify.c') diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 6ba2c2e6..498a81c6 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -280,13 +280,15 @@ static int check_old_password(const char *forwho, const char *newpass) char *s_luser, *s_uid, *s_npas, *s_pas; int retval = PAM_SUCCESS; FILE *opwfile; + size_t len = strlen(forwho); opwfile = fopen(OLD_PASSWORDS_FILE, "r"); if (opwfile == NULL) return PAM_ABORT; while (fgets(buf, 16380, opwfile)) { - if (!strncmp(buf, forwho, strlen(forwho))) { + if (!strncmp(buf, forwho, len) && (buf[len] == ':' || + buf[len] == ',')) { char *sptr; buf[strlen(buf) - 1] = '\0'; s_luser = strtok_r(buf, ":,", &sptr); diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 089f4b83..52899552 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -562,6 +562,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, int found = 0; struct passwd *pwd = NULL; struct stat st; + size_t len = strlen(forwho); #ifdef WITH_SELINUX security_context_t prev_context=NULL; #endif @@ -629,7 +630,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, } while (fgets(buf, 16380, opwfile)) { - if (!strncmp(buf, forwho, strlen(forwho))) { + if (!strncmp(buf, forwho, len) && strchr(":,\n", buf[len]) != NULL) { char *sptr = NULL; found = 1; if (howmany == 0) -- cgit v1.2.3 From 1329c68b19daa6d5793dd672db73ebe85465eea9 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Wed, 11 Apr 2012 21:13:14 +0200 Subject: Check for crypt() failure returning NULL. * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Adjust syslog message. * modules/pam_unix/passverify.c (create_password_hash): Check for crypt() returning NULL. --- modules/pam_unix/pam_unix_passwd.c | 2 +- modules/pam_unix/passverify.c | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'modules/pam_unix/passverify.c') diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index e9059d3c..9e1302d5 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -800,7 +800,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) tpass = create_password_hash(pamh, pass_new, ctrl, rounds); if (tpass == NULL) { pam_syslog(pamh, LOG_CRIT, - "out of memory for password"); + "crypt() failure or out of memory for password"); pass_new = pass_old = NULL; /* tidy up */ unlock_pwdf(); return PAM_BUF_ERR; diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 52899552..4840bb2d 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -424,7 +424,7 @@ PAMH_ARG_DECL(char * create_password_hash, } #endif sp = crypt(password, salt); - if (strncmp(algoid, sp, strlen(algoid)) != 0) { + if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) { /* libxcrypt/libc doesn't know the algorithm, use MD5 */ pam_syslog(pamh, LOG_ERR, "Algo %s not supported by the crypto backend, " @@ -432,7 +432,9 @@ PAMH_ARG_DECL(char * create_password_hash, on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" : on(UNIX_SHA256_PASS, ctrl) ? "sha256" : on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid); - memset(sp, '\0', strlen(sp)); + if(sp) { + memset(sp, '\0', strlen(sp)); + } return crypt_md5_wrapper(password); } -- cgit v1.2.3