Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
pam.17268
encryption_method_nis.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File encryption_method_nis.diff of Package pam.17268
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 0cfc0f4..2239206 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -796,6 +796,29 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) * rebuild the password database file. */ + + /* if it is a NIS account, check for special hash algo */ + if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1)) { + /* preset encryption method with value from /etc/login.defs */ + int j; + char *val = _unix_search_key ("ENCRYPT_METHOD_NIS", LOGIN_DEFS); + if (val) { + for (j = 0; j < UNIX_CTRLS_; ++j) { + if (unix_args[j].token && unix_args[j].is_hash_algo + && !strncasecmp(val, unix_args[j].token, strlen(unix_args[j].token))) { + break; + } + } + if (j >= UNIX_CTRLS_) { + pam_syslog(pamh, LOG_WARNING, "unrecognized ENCRYPT_METHOD_NIS value [%s]", val); + } else { + ctrl &= unix_args[j].mask; /* for turning things off */ + ctrl |= unix_args[j].flag; /* for turning things on */ + } + free (val); + } + } + /* * First we encrypt the new password. */ diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 19d72e6..dafa9f0 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -37,8 +37,8 @@ #define SELINUX_ENABLED 0 #endif -static char * -search_key (const char *key, const char *filename) +char * +_unix_search_key (const char *key, const char *filename) { FILE *fp; char *buf = NULL; @@ -159,7 +159,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, } /* preset encryption method with value from /etc/login.defs */ - val = search_key ("ENCRYPT_METHOD", LOGIN_DEFS); + val = _unix_search_key ("ENCRYPT_METHOD", LOGIN_DEFS); if (val) { for (j = 0; j < UNIX_CTRLS_; ++j) { if (unix_args[j].token && unix_args[j].is_hash_algo @@ -177,7 +177,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, /* read number of rounds for crypt algo */ if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) { - val=search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); + val=_unix_search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); if (val) { *rounds = strtol(val, NULL, 10); diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h index 6f5b2eb..a35a8a8 100644 --- a/modules/pam_unix/support.h +++ b/modules/pam_unix/support.h @@ -174,4 +174,5 @@ extern int _unix_read_password(pam_handle_t * pamh extern int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, const char *user, int *daysleft); +extern char *_unix_search_key(const char *key, const char *filename); #endif /* _PAM_UNIX_SUPPORT_H */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor