Check for correct uid range

master libpam-csc-1.5
David Bartley 15 years ago
parent b2ad8796fb
commit 77002ff66a
  1. 6
      debian/changelog
  2. 11
      pam_csc.c

6
debian/changelog vendored

@ -1,3 +1,9 @@
libpam-csc (1.5) stable testing; urgency=low
* Check for correct uid range
-- David Bartley <dtbartle@csclub.uwaterloo.ca> Mon, 29 Oct 2007 23:17:31 -0400
libpam-csc (1.4) stable testing; urgency=low
* Check that conv and conv->conv are non-null (fixes cron segfault)

@ -26,7 +26,6 @@
#define PAM_CSC_CSCF_PASSWORD_FILE "/etc/security/pam_csc_cscf_password"
#define PAM_CSC_CSCF_SASL_REALM "STUDENT.CS.UWATERLOO.CA"
#define PAM_CSC_LDAP_TIMEOUT 5
#define PAM_CSC_MINIMUM_UID 1000
#define PAM_CSC_ALLOWED_USERNAMES {"nobody"}
#define PAM_CSC_EXPIRED_MSG \
"*****************************************************************************\n" \
@ -190,11 +189,15 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
return PAM_USER_UNKNOWN;
}
/* check uid */
/* check uid range */
pwd = getpwnam(username);
if(pwd && pwd->pw_uid < PAM_CSC_MINIMUM_UID)
if(pwd)
{
return PAM_SUCCESS;
/* these ranges are taken from puppet/documents/id-range */
if(pwd->pw_uid < 500 || (pwd->pw_uid >= 1000 && pwd->pw_uid < 10000))
{
return PAM_SUCCESS;
}
}
/* check username */

Loading…
Cancel
Save