Page MenuHomeFreeBSD
Differential D27569

Do not prompt for password if it's set to empty password
ClosedPublic
Actions

Authored by trasz on Dec 11 2020, 11:35 AM.
Tags
None
Referenced Files
Unknown Object (File)
Mar 22 2024, 3:30 PM
Unknown Object (File)
Mar 22 2024, 3:30 PM
Unknown Object (File)
Mar 22 2024, 3:30 PM
Unknown Object (File)
Mar 8 2024, 8:16 AM
Unknown Object (File)
Feb 10 2024, 6:34 AM
Unknown Object (File)
Dec 20 2023, 4:10 AM
Unknown Object (File)
Dec 17 2023, 10:04 AM
Unknown Object (File)
Dec 12 2023, 2:11 PM
View All 24 Files
Subscribers
emaste
imp
markj
NetApp

Details

Reviewers
des
markj
Group Reviewers
manpages
Commits
rGbfd8b9b826cb: pam: add option to not prompt for password if it's set to empty
Summary

Make pam_unix(8) not prompt for password, if it's set to an empty
one - just like we don't prompt for password if the hash itself
is empty.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

trasz created this revision.Dec 11 2020, 11:35 AM
Herald added a subscriber: imp. · View Herald TranscriptDec 11 2020, 11:35 AM
trasz requested review of this revision.Dec 11 2020, 11:35 AM
Harbormaster completed remote builds in B35341: Diff 80578.Dec 11 2020, 11:35 AM
trasz added a reviewer: des.Dec 11 2020, 11:36 AM
trasz added a subscriber: NetApp.
trasz updated this revision to Diff 80579.Dec 11 2020, 12:04 PM

Fix thinko.

Harbormaster completed remote builds in B35342: Diff 80579.Dec 11 2020, 12:04 PM
emaste added a subscriber: markj.Feb 17 2021, 3:35 PM
emaste added a subscriber: emaste.
trasz updated this revision to Diff 86488.Mar 29 2021, 12:30 PM

Add a separate option, "emptyok", so we can commit it without changing
the default behaviour.

Herald added a reviewer: manpages. · View Herald TranscriptMar 29 2021, 12:30 PM
Harbormaster completed remote builds in B38154: Diff 86488.Mar 29 2021, 12:31 PM
trasz added a reviewer: markj.Mar 29 2021, 1:00 PM
markj added inline comments.Mar 29 2021, 5:11 PM
lib/libpam/modules/pam_unix/pam_unix.c
97

Seems this should really be called emptypasswd.

127

Should we check for the option and flag before calling crypt()?

trasz updated this revision to Diff 86554.Mar 30 2021, 3:11 PM

Address feedback.

Harbormaster completed remote builds in B38180: Diff 86554.Mar 30 2021, 3:11 PM
trasz marked 2 inline comments as done.Mar 30 2021, 3:11 PM
markj accepted this revision.Mar 31 2021, 4:15 PM

Seems ok to me. It would be best if someone more familiar with PAM would look at this.

This revision is now accepted and ready to land.Mar 31 2021, 4:15 PM
trasz added a comment.Apr 3 2021, 12:01 PM

(Tinderboxed.)

Closed by commit rGbfd8b9b826cb: pam: add option to not prompt for password if it's set to empty (authored by trasz). · Explain WhyApr 3 2021, 12:06 PM
This revision was automatically updated to reflect the committed changes.
trasz added a commit: rGbfd8b9b826cb: pam: add option to not prompt for password if it's set to empty.
zirias mentioned this in D42730: pam_unix: Reliably disable empty password auth.Nov 24 2023, 1:37 PM

Revision Contents
Changeset List

PathSize
lib/
libpam/
libpam/
security/
1 line
modules/
pam_unix/
12 lines
10 lines

Diff 86784

View Options

lib/libpam/libpam/security/pam_mod_misc.h

Loading...
View Options

lib/libpam/modules/pam_unix/pam_unix.8

Loading...
View Options

lib/libpam/modules/pam_unix/pam_unix.c

Loading...