[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

patch for pwdb and unix modules



 
Below is a patch for pwdb and unix modules which prevents
pam_set_credentials() from returning PAM_SUCCESS unless user is already
authenticated. Patch is against 0.64. 


-Ros



diff -ru modules.stock/pam_pwdb/pam_unix_auth.-c modules/pam_pwdb/pam_unix_auth.-c
--- modules.stock/pam_pwdb/pam_unix_auth.-c	Wed Jun 17 18:24:54 1998
+++ modules/pam_pwdb/pam_unix_auth.-c	Wed Jun 17 18:26:32 1998
@@ -51,8 +51,10 @@
     /* if this user does not have a password... */
 
     if ( _unix_blankpasswd(ctrl, name) ) {
+	int success=1;
 	D(("user '%s' has blank passwd", name));
 	name = NULL;
+	pam_set_data(pamh,"pwdb_auth_succeded",(void *)&success,NULL);
 	return PAM_SUCCESS;
     }
 
@@ -71,7 +73,10 @@
 
     retval = _unix_verify_password(pamh, name, p, ctrl);
     name = p = NULL;
-
+    if(retval == PAM_SUCCESS) {
+	int success=1;
+	pam_set_data(pamh,"pwdb_auth_succeded",(void *)&success,NULL);
+    }	
     return retval;
 }
 
@@ -85,9 +90,14 @@
 
 static int _unix_set_credentials(pam_handle_t *pamh, unsigned int ctrl)
 {
-    D(("called <empty function> returning."));
-
-    return PAM_SUCCESS;
+  int *success;
+  int retval;
+  retval=pam_get_data(pamh,"pwdb_auth_succeded",(void *)&success);
+  if(retval != PAM_SUCCESS)
+    return PAM_CRED_ERR;
+  if(*success)
+    	return PAM_SUCCESS;
+  return PAM_CRED_ERR;
 }
 
 /********************************************************************
diff -ru modules.stock/pam_unix/pam_unix_auth.c modules/pam_unix/pam_unix_auth.c
--- modules.stock/pam_unix/pam_unix_auth.c	Wed Jun 17 18:25:04 1998
+++ modules/pam_unix/pam_unix_auth.c	Wed Jun 17 18:25:50 1998
@@ -227,16 +227,21 @@
 		   error code for non-existant users -- alex */
 		
 	if ( ( !pw->pw_passwd ) && ( !p ) )
-		if ( flags && PAM_DISALLOW_NULL_AUTHTOK )
-			return PAM_SUCCESS;
+		if ( flags && PAM_DISALLOW_NULL_AUTHTOK ) {
+		  int success=1;
+		  pam_set_data(pamh,"unix_auth_succeded",(void *)&success,NULL);
+		  return PAM_SUCCESS;
+		}
 		else
 			return PAM_AUTH_ERR;
 				
 	pp = crypt(p, salt);
 	
-	if ( strcmp( pp, salt ) == 0 ) 
-		return	PAM_SUCCESS;
-
+	if ( strcmp( pp, salt ) == 0 ) {
+	   int success=1;
+           pam_set_data(pamh,"unix_auth_succeded",(void *)&success,NULL);
+	   return	PAM_SUCCESS;
+	}	
   	return PAM_AUTH_ERR;
 }
 
@@ -254,13 +259,16 @@
 					int argc,
 					const char **argv )
 
-{	/* FIX ME: incorrect error code */
+{
+  int *success;
+  int retval;
+  retval=pam_get_data(pamh,"unix_auth_succeded",(void *)&success);
+  if(retval != PAM_SUCCESS)
+        return PAM_CRED_ERR;
+  if(*success)
+        return PAM_SUCCESS;
+  return PAM_CRED_ERR;
 
-	return	PAM_SUCCESS;	/* This is a wrong result code. From what I
-				   remember from reafing one of the guides
-				   there's an error-level saying 'N/A func'
-				   	-- AOY
-				 */
 }
 
 /*



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []