Attachment #674839 for bug #756361

View | Details | Raw Unified | Return to bug 756361
Collapse All | Expand All




	char *salt = NULL;
	int daysleft;
	int retval;
	int blank = 0;
	int execloop;
	int nonexistent_check = 1;

	D(("called"));


	 * are equal, making it more difficult to differentiate existing from
	 * non-existing users.
	 */
	for (execloop = 0; execloop < 2; ++execloop) {
		retval = get_pwd_hash(pamh, name, &pwd, &salt);

		if (retval == PAM_UNIX_RUN_HELPER) {
			execloop = 0;
			if(nonexistent) {
				get_pwd_hash(pamh, "pam_unix_non_existent:", &pwd, &salt);
			}
			/* salt will not be set here so we can return immediately */
			if (_unix_run_helper_binary(pamh, NULL, ctrl, name) == PAM_SUCCESS)
				blank = nonexistent_check;
			else
				return 0;
		} else if (retval == PAM_USER_UNKNOWN) {
			name = "root";
			nonexistent_check = 0;
			continue;
		} else if (salt != NULL) {
			if (strlen(salt) == 0)
				blank = nonexistent_check;
		}
		name = "pam_unix_non_existent:";
		/* non-existent user check will not affect the blank value */
	/* Does this user have a password? */
	if (salt == NULL) {
		retval = 0;
	} else {
		if (strlen(salt) == 0)
			retval = 1;
		else
			retval = 0;
	}

	/* tidy up */

	if (salt)
		_pam_delete(salt);

	return blank;
}

int _unix_verify_password(pam_handle_t * pamh, const char *name

Return to bug 756361

Lines 601-608 _unix_blankpasswd (pam_handle_t pamh, unsigned long long ctrl, const char name Link Here

(-)a/modules/pam_unix/support.c (-26 / +13 lines)
601	char *salt = NULL;	601	char *salt = NULL;
602	int daysleft;	602	int daysleft;
603	int retval;	603	int retval;
604	int execloop = 1;	604	int blank = 0;
605	int nonexistent = 1;	605	int execloop;
		606	int nonexistent_check = 1;
606		607
607	D(("called"));	608	D(("called"));
608		609
Lines 632-674 _unix_blankpasswd (pam_handle_t pamh, unsigned long long ctrl, const char name Link Here
632	* are equal, making it more difficult to differentiate existing from	633	* are equal, making it more difficult to differentiate existing from
633	* non-existing users.	634	* non-existing users.
634	*/	635	*/
635	while (execloop) {	636	for (execloop = 0; execloop < 2; ++execloop) {
636	retval = get_pwd_hash(pamh, name, &pwd, &salt);	637	retval = get_pwd_hash(pamh, name, &pwd, &salt);
637		638
638	if (retval == PAM_UNIX_RUN_HELPER) {	639	if (retval == PAM_UNIX_RUN_HELPER) {
639	execloop = 0;
640	if(nonexistent) {
641	get_pwd_hash(pamh, "pam_unix_non_existent:", &pwd, &salt);
642	}
643	/* salt will not be set here so we can return immediately */
644	if (_unix_run_helper_binary(pamh, NULL, ctrl, name) == PAM_SUCCESS)	640	if (_unix_run_helper_binary(pamh, NULL, ctrl, name) == PAM_SUCCESS)
645	return 1;	641	blank = nonexistent_check;
646	else
647	return 0;
648	} else if (retval == PAM_USER_UNKNOWN) {	642	} else if (retval == PAM_USER_UNKNOWN) {
649	name = "root";	643	name = "root";
650	nonexistent = 0;	644	nonexistent_check = 0;
651	} else {	645	continue;
652	execloop = 0;	646	} else if (salt != NULL) {
		647	if (strlen(salt) == 0)
		648	blank = nonexistent_check;
653	}	649	}
654	}	650	name = "pam_unix_non_existent:";
655		651	/* non-existent user check will not affect the blank value */
656	/* Does this user have a password? */
657	if (salt == NULL) {
658	retval = 0;
659	} else {
660	if (strlen(salt) == 0)
661	retval = 1;
662	else
663	retval = 0;
664	}	652	}
665		653
666	/* tidy up */	654	/* tidy up */
667
668	if (salt)	655	if (salt)
669	_pam_delete(salt);	656	_pam_delete(salt);
670		657
671	return retval;	658	return blank;
672	}	659	}
673		660
674	int _unix_verify_password(pam_handle_t * pamh, const char *name	661	int _unix_verify_password(pam_handle_t * pamh, const char *name