77 lines
2.2 KiB
Diff
77 lines
2.2 KiB
Diff
o For non-extensible-style hashes, strip off anything after the 13th character
|
|
which would not be valid as part of a hash. On HP/UX, this clips off a comma
|
|
followed by encoded aging information.
|
|
|
|
The real problem is a complete lack of any standard for storing password
|
|
aging information (actually, for anything having to do with password aging)
|
|
for users across operating systems, but there's nothing we can do about that
|
|
here.
|
|
|
|
--- Linux-PAM-0.78/modules/pam_unix/support.c.unix-hpux-aging 2004-10-06 16:05:17.000000000 +0200
|
|
+++ Linux-PAM-0.78/modules/pam_unix/support.c 2004-11-23 14:55:27.885063264 +0100
|
|
@@ -611,6 +611,21 @@
|
|
return retval;
|
|
}
|
|
|
|
+static void strip_hpux_aging(char *p)
|
|
+{
|
|
+ const char *valid = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
|
+ "abcdefghijklmnopqrstuvwxyz"
|
|
+ "0123456789./";
|
|
+ if ((*p != '$') && (strlen(p) > 13)) {
|
|
+ for (p += 13; *p != '\0'; p++) {
|
|
+ if (strchr(valid, *p) == NULL) {
|
|
+ *p = '\0';
|
|
+ break;
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+}
|
|
+
|
|
int _unix_verify_password(pam_handle_t * pamh, const char *name
|
|
,const char *p, unsigned int ctrl)
|
|
{
|
|
@@ -712,7 +727,9 @@
|
|
retval = PAM_AUTHINFO_UNAVAIL;
|
|
}
|
|
} else {
|
|
- int salt_len = strlen(salt);
|
|
+ int salt_len;
|
|
+ strip_hpux_aging(salt);
|
|
+ salt_len = strlen(salt);
|
|
if (!salt_len) {
|
|
/* the stored password is NULL */
|
|
if (off(UNIX__NONULL, ctrl)) {/* this means we've succeeded */
|
|
--- Linux-PAM-0.78/modules/pam_unix/unix_chkpwd.c.unix-hpux-aging 2004-11-18 14:41:20.000000000 +0100
|
|
+++ Linux-PAM-0.78/modules/pam_unix/unix_chkpwd.c 2004-11-23 15:03:43.979169586 +0100
|
|
@@ -112,6 +112,21 @@
|
|
(void) sigaction(SIGQUIT, &action, NULL);
|
|
}
|
|
|
|
+static void strip_hpux_aging(char *p)
|
|
+{
|
|
+ const char *valid = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
|
+ "abcdefghijklmnopqrstuvwxyz"
|
|
+ "0123456789./";
|
|
+ if ((*p != '$') && (strlen(p) > 13)) {
|
|
+ for (p += 13; *p != '\0'; p++) {
|
|
+ if (strchr(valid, *p) == NULL) {
|
|
+ *p = '\0';
|
|
+ break;
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+}
|
|
+
|
|
static int _unix_verify_password(const char *name, const char *p, int nullok)
|
|
{
|
|
struct passwd *pwd = NULL;
|
|
@@ -159,6 +174,7 @@
|
|
return retval;
|
|
}
|
|
|
|
+ strip_hpux_aging(salt);
|
|
salt_len = strlen(salt);
|
|
if (salt_len == 0)
|
|
return (nullok == 0) ? UNIX_FAILED : UNIX_PASSED;
|