D42730.id130454.diff
No OneTemporary
Actions

Size

1 KB

Referenced Files

None

Subscribers

None

D42730.id130454.diff
View Options

	diff --git a/lib/libpam/modules/pam_unix/pam_unix.c b/lib/libpam/modules/pam_unix/pam_unix.c
	--- a/lib/libpam/modules/pam_unix/pam_unix.c
	+++ b/lib/libpam/modules/pam_unix/pam_unix.c
	@@ -108,22 +108,19 @@
	if (pwd != NULL) {
	PAM_LOG("Doing real authentication");
	realpw = pwd->pw_passwd;
	- if (realpw[0] == '\0') {
	+ /*
	+ * An empty password can be stored as an empty saved password
	+ * hash or as a hash generated from an empty password, make
	+ * sure to check both cases here.
	+ */
	+ if (realpw[0] == '\0' \|\|
	+ strcmp(crypt(emptypasswd, realpw), realpw) == 0) {
	if (!(flags & PAM_DISALLOW_NULL_AUTHTOK) &&
	openpam_get_option(pamh, PAM_OPT_NULLOK))
	return (PAM_SUCCESS);
	PAM_LOG("Password is empty, using fake password");
	realpw = "*";
	}
	- /*
	- * Check whether the saved password hash matches the one
	- * generated from an empty password - as opposed to empty
	- * saved password hash, which is handled above.
	- */
	- if (!(flags & PAM_DISALLOW_NULL_AUTHTOK) &&
	- openpam_get_option(pamh, PAM_OPT_EMPTYOK) &&
	- strcmp(crypt(emptypasswd, realpw), realpw) == 0)
	- return (PAM_SUCCESS);
	lc = login_getpwclass(pwd);
	} else {
	PAM_LOG("Doing dummy authentication");