Check for correct uid range libpam-csc-1.5
authorDavid Bartley <dtbartle@csclub.uwaterloo.ca>
Tue, 30 Oct 2007 03:23:01 +0000 (23:23 -0400)
committerDavid Bartley <dtbartle@csclub.uwaterloo.ca>
Tue, 30 Oct 2007 03:23:01 +0000 (23:23 -0400)
debian/changelog
pam_csc.c

index 1d48cc6..bea0be1 100644 (file)
@@ -1,3 +1,9 @@
+libpam-csc (1.5) stable testing; urgency=low
+
+  * Check for correct uid range
+
+ -- David Bartley <dtbartle@csclub.uwaterloo.ca>  Mon, 29 Oct 2007 23:17:31 -0400
+
 libpam-csc (1.4) stable testing; urgency=low
 
   * Check that conv and conv->conv are non-null (fixes cron segfault)
 libpam-csc (1.4) stable testing; urgency=low
 
   * Check that conv and conv->conv are non-null (fixes cron segfault)
index bd7ca34..8c7bee6 100644 (file)
--- a/pam_csc.c
+++ b/pam_csc.c
@@ -26,7 +26,6 @@
 #define PAM_CSC_CSCF_PASSWORD_FILE  "/etc/security/pam_csc_cscf_password"
 #define PAM_CSC_CSCF_SASL_REALM     "STUDENT.CS.UWATERLOO.CA"
 #define PAM_CSC_LDAP_TIMEOUT        5
 #define PAM_CSC_CSCF_PASSWORD_FILE  "/etc/security/pam_csc_cscf_password"
 #define PAM_CSC_CSCF_SASL_REALM     "STUDENT.CS.UWATERLOO.CA"
 #define PAM_CSC_LDAP_TIMEOUT        5
-#define PAM_CSC_MINIMUM_UID         1000
 #define PAM_CSC_ALLOWED_USERNAMES   {"nobody"}
 #define PAM_CSC_EXPIRED_MSG \
     "*****************************************************************************\n" \
 #define PAM_CSC_ALLOWED_USERNAMES   {"nobody"}
 #define PAM_CSC_EXPIRED_MSG \
     "*****************************************************************************\n" \
@@ -190,11 +189,15 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
         return PAM_USER_UNKNOWN;
     }
 
         return PAM_USER_UNKNOWN;
     }
 
-    /* check uid */
+    /* check uid range */
     pwd = getpwnam(username);
     pwd = getpwnam(username);
-    if(pwd && pwd->pw_uid < PAM_CSC_MINIMUM_UID)
+    if(pwd)
     {
     {
-        return PAM_SUCCESS;
+        /* these ranges are taken from puppet/documents/id-range */
+        if(pwd->pw_uid < 500 || (pwd->pw_uid >= 1000 && pwd->pw_uid < 10000))
+        {
+            return PAM_SUCCESS;
+        }
     }
 
     /* check username */
     }
 
     /* check username */