48 lines
1.6 KiB
Diff
48 lines
1.6 KiB
Diff
|
diff -up Linux-PAM-1.3.1/modules/pam_unix/passverify.c.pam-unix-shadow-password Linux-PAM-1.3.1/modules/pam_unix/passverify.c
|
||
|
--- Linux-PAM-1.3.1/modules/pam_unix/passverify.c.pam-unix-shadow-password 2024-11-05 13:02:14.637785962 +0100
|
||
|
+++ Linux-PAM-1.3.1/modules/pam_unix/passverify.c 2024-11-05 13:02:14.643785975 +0100
|
||
|
@@ -73,9 +73,13 @@ verify_pwd_hash(const char *p, char *has
|
||
|
|
||
|
strip_hpux_aging(hash);
|
||
|
hash_len = strlen(hash);
|
||
|
- if (!hash_len) {
|
||
|
+
|
||
|
+ if (p && p[0] == '\0' && !nullok) {
|
||
|
+ /* The passed password is empty */
|
||
|
+ retval = PAM_AUTH_ERR;
|
||
|
+ } else if (!hash_len) {
|
||
|
/* the stored password is NULL */
|
||
|
- if (nullok) { /* this means we've succeeded */
|
||
|
+ if (p && p[0] == '\0' && nullok) { /* this means we've succeeded */
|
||
|
D(("user has empty password - access granted"));
|
||
|
retval = PAM_SUCCESS;
|
||
|
} else {
|
||
|
@@ -192,17 +196,21 @@ PAMH_ARG_DECL(int get_account_info,
|
||
|
return PAM_UNIX_RUN_HELPER;
|
||
|
#endif
|
||
|
} else if (is_pwd_shadowed(*pwd)) {
|
||
|
+#ifdef HELPER_COMPILE
|
||
|
/*
|
||
|
- * ...and shadow password file entry for this user,
|
||
|
+ * shadow password file entry for this user,
|
||
|
* if shadowing is enabled
|
||
|
*/
|
||
|
-#ifndef HELPER_COMPILE
|
||
|
- if (geteuid() || SELINUX_ENABLED)
|
||
|
- return PAM_UNIX_RUN_HELPER;
|
||
|
-#endif
|
||
|
- *spwdent = pam_modutil_getspnam(pamh, name);
|
||
|
+ *spwdent = getspnam(name);
|
||
|
if (*spwdent == NULL || (*spwdent)->sp_pwdp == NULL)
|
||
|
return PAM_AUTHINFO_UNAVAIL;
|
||
|
+#else
|
||
|
+ /*
|
||
|
+ * The helper has to be invoked to deal with
|
||
|
+ * the shadow password file entry.
|
||
|
+ */
|
||
|
+ return PAM_UNIX_RUN_HELPER;
|
||
|
+#endif
|
||
|
}
|
||
|
} else {
|
||
|
return PAM_USER_UNKNOWN;
|