Check for correct uid range

2007-10-29 23:23:01 -04:00 · 2007-10-29 23:23:01 -04:00 · 77002ff66a
parent b2ad8796fb
commit 77002ff66a
2 changed files with 13 additions and 4 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,9 @@
+libpam-csc (1.5) stable testing; urgency=low
+
+  * Check for correct uid range
+
+ -- David Bartley <dtbartle@csclub.uwaterloo.ca>  Mon, 29 Oct 2007 23:17:31 -0400
+
 libpam-csc (1.4) stable testing; urgency=low

  * Check that conv and conv->conv are non-null (fixes cron segfault)
--- a/pam_csc.c
+++ b/pam_csc.c
@ -26,7 +26,6 @@
 #define PAM_CSC_CSCF_PASSWORD_FILE  "/etc/security/pam_csc_cscf_password"
 #define PAM_CSC_CSCF_SASL_REALM     "STUDENT.CS.UWATERLOO.CA"
 #define PAM_CSC_LDAP_TIMEOUT        5
-#define PAM_CSC_MINIMUM_UID         1000
 #define PAM_CSC_ALLOWED_USERNAMES   {"nobody"}
 #define PAM_CSC_EXPIRED_MSG \
    "*****************************************************************************\n" \
@ -190,11 +189,15 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const c
        return PAM_USER_UNKNOWN;
    }

-    /* check uid */
+    /* check uid range */
    pwd = getpwnam(username);
-    if(pwd && pwd->pw_uid < PAM_CSC_MINIMUM_UID)
+    if(pwd)
    {
-        return PAM_SUCCESS;
+        /* these ranges are taken from puppet/documents/id-range */
+        if(pwd->pw_uid < 500 || (pwd->pw_uid >= 1000 && pwd->pw_uid < 10000))
+        {
+            return PAM_SUCCESS;
+        }
    }

    /* check username */