d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove a bogus null password check which assumed that a user with an empty

Browse Source 
password must necessarily have an empty pwd->pw_passwd.  Also add a check
that prevents users from setting a blank password unless the nullok option
was specified.  Root is still allowed to give anyone a blank password.
This commit is contained in:
des 2003-04-24 12:26:25 +00:00
parent 85e31bc1f4
commit 9bee0a595d
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/libpam/modules/pam_unix/pam_unix.c
View File

@ -337,8 +337,10 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
PAM_LOG("Got old password");
/* always encrypt first */
encrypted = crypt(old_pass, pwd->pw_passwd);
if ((old_pass[0] == '\0' && pwd->pw_passwd[0] != '\0') ||
strcmp(encrypted, pwd->pw_passwd) != 0)
if (old_pass[0] == '\0' &&
!pam_test_option(&options, PAM_OPT_NULLOK, NULL))
return (PAM_PERM_DENIED);
if (strcmp(encrypted, pwd->pw_passwd) != 0)
return (PAM_PERM_DENIED);
}
else if (flags & PAM_UPDATE_AUTHTOK) {
@ -364,6 +366,10 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
return (retval);
}
if (getuid() != 0 && new_pass[0] == '\0' &&
!pam_test_option(&options, PAM_OPT_NULLOK, NULL))
return (PAM_PERM_DENIED);
if ((old_pwd = pw_dup(pwd)) == NULL)
return (PAM_BUF_ERR);