7f16b85d54
- add inactive account lock out functionality to pam_lastlog - fix pam_unix remember user name matching - add gecoscheck and maxclassrepeat functionality to pam_cracklib - correctly check for crypt() returning NULL in pam_unix - pam_unix - do not fallback to MD5 on password change if requested algorithm not supported by crypt() (#818741)
60 lines
2.1 KiB
Diff
60 lines
2.1 KiB
Diff
From 0baf28fa03dfa46482e13390fd9a7545c30ccd7f Mon Sep 17 00:00:00 2001
|
|
From: Tomas Mraz <tmraz@fedoraproject.org>
|
|
Date: Tue, 3 Jan 2012 12:30:43 +0100
|
|
Subject: [PATCH] Fix matching of usernames in the pam_unix remember feature.
|
|
|
|
* modules/pam_unix/pam_unix_passwd.c (check_old_password): Make
|
|
sure we match only the whole username in opasswd entry.
|
|
* modules/pam_unix/passverify.c (save_old_password): Likewise make
|
|
sure we match only the whole username in opasswd entry.
|
|
---
|
|
modules/pam_unix/pam_unix_passwd.c | 4 +++-
|
|
modules/pam_unix/passverify.c | 3 ++-
|
|
2 files changed, 5 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
|
|
index 6ba2c2e..498a81c 100644
|
|
--- a/modules/pam_unix/pam_unix_passwd.c
|
|
+++ b/modules/pam_unix/pam_unix_passwd.c
|
|
@@ -280,13 +280,15 @@ static int check_old_password(const char *forwho, const char *newpass)
|
|
char *s_luser, *s_uid, *s_npas, *s_pas;
|
|
int retval = PAM_SUCCESS;
|
|
FILE *opwfile;
|
|
+ size_t len = strlen(forwho);
|
|
|
|
opwfile = fopen(OLD_PASSWORDS_FILE, "r");
|
|
if (opwfile == NULL)
|
|
return PAM_ABORT;
|
|
|
|
while (fgets(buf, 16380, opwfile)) {
|
|
- if (!strncmp(buf, forwho, strlen(forwho))) {
|
|
+ if (!strncmp(buf, forwho, len) && (buf[len] == ':' ||
|
|
+ buf[len] == ',')) {
|
|
char *sptr;
|
|
buf[strlen(buf) - 1] = '\0';
|
|
s_luser = strtok_r(buf, ":,", &sptr);
|
|
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
|
|
index 089f4b8..5289955 100644
|
|
--- a/modules/pam_unix/passverify.c
|
|
+++ b/modules/pam_unix/passverify.c
|
|
@@ -562,6 +562,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass,
|
|
int found = 0;
|
|
struct passwd *pwd = NULL;
|
|
struct stat st;
|
|
+ size_t len = strlen(forwho);
|
|
#ifdef WITH_SELINUX
|
|
security_context_t prev_context=NULL;
|
|
#endif
|
|
@@ -629,7 +630,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass,
|
|
}
|
|
|
|
while (fgets(buf, 16380, opwfile)) {
|
|
- if (!strncmp(buf, forwho, strlen(forwho))) {
|
|
+ if (!strncmp(buf, forwho, len) && strchr(":,\n", buf[len]) != NULL) {
|
|
char *sptr = NULL;
|
|
found = 1;
|
|
if (howmany == 0)
|
|
--
|
|
1.7.7.6
|
|
|