rpms / pam

Clone
Source Code
GIT

Files

  1.   71ab958a92158315776d38e538686aedb42d8e78
  2.   pam-0.78-unix-hpux-aging.patch
Blob Blame History Raw 
o For non-extensible-style hashes, strip off anything after the 13th character
  which would not be valid as part of a hash.  On HP/UX, this clips off a comma
  followed by encoded aging information.

  The real problem is a complete lack of any standard for storing password
  aging information (actually, for anything having to do with password aging)
  for users across operating systems, but there's nothing we can do about that
  here.
  
--- Linux-PAM-0.78/modules/pam_unix/support.c.unix-hpux-aging	2004-10-06 16:05:17.000000000 +0200
+++ Linux-PAM-0.78/modules/pam_unix/support.c	2004-11-23 14:55:27.885063264 +0100
@@ -611,6 +611,21 @@
     return retval;
 }
 
+static void strip_hpux_aging(char *p)
+{
+	const char *valid = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+			    "abcdefghijklmnopqrstuvwxyz"
+			    "0123456789./";
+	if ((*p != '$') && (strlen(p) > 13)) {
+		for (p += 13; *p != '\0'; p++) {
+			if (strchr(valid, *p) == NULL) {
+				*p = '\0';
+				break;
+			}
+		}
+	}
+}
+
 int _unix_verify_password(pam_handle_t * pamh, const char *name
 			  ,const char *p, unsigned int ctrl)
 {
@@ -712,7 +727,9 @@
 			retval = PAM_AUTHINFO_UNAVAIL;
 		}
 	} else {
-	    int salt_len = strlen(salt);
+	    int salt_len;
+	    strip_hpux_aging(salt);
+	    salt_len = strlen(salt);
 	    if (!salt_len) {
 		/* the stored password is NULL */
 		if (off(UNIX__NONULL, ctrl)) {/* this means we've succeeded */
--- Linux-PAM-0.78/modules/pam_unix/unix_chkpwd.c.unix-hpux-aging	2004-11-18 14:41:20.000000000 +0100
+++ Linux-PAM-0.78/modules/pam_unix/unix_chkpwd.c	2004-11-23 15:03:43.979169586 +0100
@@ -112,6 +112,21 @@
 	(void) sigaction(SIGQUIT, &action, NULL);
 }
 
+static void strip_hpux_aging(char *p)
+{
+	const char *valid = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+			    "abcdefghijklmnopqrstuvwxyz"
+			    "0123456789./";
+	if ((*p != '$') && (strlen(p) > 13)) {
+		for (p += 13; *p != '\0'; p++) {
+			if (strchr(valid, *p) == NULL) {
+				*p = '\0';
+				break;
+			}
+		}
+	}
+}
+
 static int _unix_verify_password(const char *name, const char *p, int nullok)
 {
 	struct passwd *pwd = NULL;
@@ -159,6 +174,7 @@
 		return retval;
 	}
 
+	strip_hpux_aging(salt);
 	salt_len = strlen(salt);
 	if (salt_len == 0)
 		return (nullok == 0) ? UNIX_FAILED : UNIX_PASSED;
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.