09b44afcb6
- pam_unix: split out passwd change to a new helper binary (#236316) - pam_namespace: add support for temporary logons (#241226)
78 lines
2.1 KiB
Diff
78 lines
2.1 KiB
Diff
o For non-extensible-style hashes, strip off anything after the 13th character
|
|
which would not be valid as part of a hash. On HP/UX, this clips off a comma
|
|
followed by encoded aging information.
|
|
|
|
The real problem is a complete lack of any standard for storing password
|
|
aging information (actually, for anything having to do with password aging)
|
|
for users across operating systems, but there's nothing we can do about that
|
|
here.
|
|
|
|
--- Linux-PAM-0.99.7.1/modules/pam_unix/support.c.unix-hpux-aging 2007-06-01 15:21:08.000000000 +0200
|
|
+++ Linux-PAM-0.99.7.1/modules/pam_unix/support.c 2007-06-01 15:24:32.000000000 +0200
|
|
@@ -573,6 +573,21 @@
|
|
return retval;
|
|
}
|
|
|
|
+static void strip_hpux_aging(char *p)
|
|
+{
|
|
+ const char *valid = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
|
+ "abcdefghijklmnopqrstuvwxyz"
|
|
+ "0123456789./";
|
|
+ if ((*p != '$') && (strlen(p) > 13)) {
|
|
+ for (p += 13; *p != '\0'; p++) {
|
|
+ if (strchr(valid, *p) == NULL) {
|
|
+ *p = '\0';
|
|
+ break;
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+}
|
|
+
|
|
int _unix_verify_password(pam_handle_t * pamh, const char *name
|
|
,const char *p, unsigned int ctrl)
|
|
{
|
|
@@ -679,7 +694,9 @@
|
|
}
|
|
}
|
|
} else {
|
|
- size_t salt_len = strlen(salt);
|
|
+ size_t salt_len;
|
|
+ strip_hpux_aging(salt);
|
|
+ salt_len = strlen(salt);
|
|
if (!salt_len) {
|
|
/* the stored password is NULL */
|
|
if (off(UNIX__NONULL, ctrl)) {/* this means we've succeeded */
|
|
--- Linux-PAM-0.99.7.1/modules/pam_unix/passverify.c.unix-hpux-aging 2007-06-01 15:21:08.000000000 +0200
|
|
+++ Linux-PAM-0.99.7.1/modules/pam_unix/passverify.c 2007-06-01 15:26:26.000000000 +0200
|
|
@@ -146,6 +146,22 @@
|
|
return i;
|
|
}
|
|
|
|
+static void
|
|
+strip_hpux_aging(char *p)
|
|
+{
|
|
+ const char *valid = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
|
+ "abcdefghijklmnopqrstuvwxyz"
|
|
+ "0123456789./";
|
|
+ if ((*p != '$') && (strlen(p) > 13)) {
|
|
+ for (p += 13; *p != '\0'; p++) {
|
|
+ if (strchr(valid, *p) == NULL) {
|
|
+ *p = '\0';
|
|
+ break;
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+}
|
|
+
|
|
int
|
|
_unix_verify_password(const char *name, const char *p, int nullok)
|
|
{
|
|
@@ -194,6 +210,7 @@
|
|
return PAM_USER_UNKNOWN;
|
|
}
|
|
|
|
+ strip_hpux_aging(salt);
|
|
salt_len = strlen(salt);
|
|
if (salt_len == 0) {
|
|
return (nullok == 0) ? PAM_AUTH_ERR : PAM_SUCCESS;
|