Page MenuHomeFreeBSD
Differential D27569

Do not prompt for password if it's set to empty password
ClosedPublic
Actions

Authored by trasz on Dec 11 2020, 11:35 AM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Jan 24, 5:17 PM
Unknown Object (File)
Wed, Jan 22, 5:22 PM
Unknown Object (File)
Sat, Jan 18, 5:43 PM
Unknown Object (File)
Sat, Jan 18, 5:32 PM
Unknown Object (File)
Sat, Jan 18, 5:30 PM
Unknown Object (File)
Sat, Jan 18, 5:10 PM
Unknown Object (File)
Sat, Jan 11, 7:25 AM
Unknown Object (File)
Wed, Jan 1, 7:08 PM
View All 96 Files
Subscribers
emaste
imp
markj
NetApp

Details

Reviewers
des
markj
Group Reviewers
manpages
Commits
rGbfd8b9b826cb: pam: add option to not prompt for password if it's set to empty
Summary

Make pam_unix(8) not prompt for password, if it's set to an empty
one - just like we don't prompt for password if the hash itself
is empty.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 38180
Build 35069: arc lint + arc unit

Event Timeline

trasz created this revision.Dec 11 2020, 11:35 AM
Herald added a subscriber: imp. · View Herald TranscriptDec 11 2020, 11:35 AM
trasz requested review of this revision.Dec 11 2020, 11:35 AM
Harbormaster completed remote builds in B35341: Diff 80578.Dec 11 2020, 11:35 AM
trasz added a reviewer: des.Dec 11 2020, 11:36 AM
trasz added a subscriber: NetApp.
trasz updated this revision to Diff 80579.Dec 11 2020, 12:04 PM

Fix thinko.

Harbormaster completed remote builds in B35342: Diff 80579.Dec 11 2020, 12:04 PM
emaste added a subscriber: markj.Feb 17 2021, 3:35 PM
emaste added a subscriber: emaste.
trasz updated this revision to Diff 86488.Mar 29 2021, 12:30 PM

Add a separate option, "emptyok", so we can commit it without changing
the default behaviour.

Herald added a reviewer: manpages. · View Herald TranscriptMar 29 2021, 12:30 PM
Harbormaster completed remote builds in B38154: Diff 86488.Mar 29 2021, 12:31 PM
trasz added a reviewer: markj.Mar 29 2021, 1:00 PM
markj added inline comments.Mar 29 2021, 5:11 PM
lib/libpam/modules/pam_unix/pam_unix.c
97

Seems this should really be called emptypasswd.

127

Should we check for the option and flag before calling crypt()?

trasz updated this revision to Diff 86554.Mar 30 2021, 3:11 PM

Address feedback.

Harbormaster completed remote builds in B38180: Diff 86554.Mar 30 2021, 3:11 PM
trasz marked 2 inline comments as done.Mar 30 2021, 3:11 PM
markj accepted this revision.Mar 31 2021, 4:15 PM

Seems ok to me. It would be best if someone more familiar with PAM would look at this.

This revision is now accepted and ready to land.Mar 31 2021, 4:15 PM
trasz added a comment.Apr 3 2021, 12:01 PM

(Tinderboxed.)

Closed by commit rGbfd8b9b826cb: pam: add option to not prompt for password if it's set to empty (authored by trasz). · Explain WhyApr 3 2021, 12:06 PM
This revision was automatically updated to reflect the committed changes.
trasz added a commit: rGbfd8b9b826cb: pam: add option to not prompt for password if it's set to empty.
zirias mentioned this in D42730: pam_unix: Reliably disable empty password auth.Nov 24 2023, 1:37 PM

Revision Contents
Changeset List

PathSize
lib/
libpam/
libpam/
security/
1 line
modules/
pam_unix/
10 lines
10 lines

Diff 86554

View Options

lib/libpam/libpam/security/pam_mod_misc.h

Loading...
View Options

lib/libpam/modules/pam_unix/pam_unix.8

Loading...
View Options

lib/libpam/modules/pam_unix/pam_unix.c

Loading...