emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

login & su: Treat an empty passwd field as invalid (#315)

Browse Source 
* login & su: Treat an empty passwd field as invalid

Otherwise it's treated like the “require no password” clause while it probably
should be treated like a normal su that can't validate anyway.

A similar change should be done for USE_PAM.

* su & login: Introduce PREVENT_NO_AUTH
This commit is contained in:
Haelwenn Monnier 2021-03-29 05:16:03 +02:00 committed by GitHub
parent 697901a328
commit b865e14f25
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
etc/login.defs
View File

@ -458,3 +458,12 @@ USERGROUPS_ENAB yes
# primary group. # primary group.
# #
#GRANT_AUX_GROUP_SUBIDS yes #GRANT_AUX_GROUP_SUBIDS yes
#
# Prevents an empty password field to be interpreted as "no authentication
# required".
# Set to "yes" to prevent for all accounts
# Set to "superuser" to prevent for UID 0 / root (default)
# Set to "no" to not prevent for any account (dangerous, historical default)
PREVENT_NO_AUTH superuser

1
lib/getdef.c
View File

@ -164,6 +164,7 @@ static struct itemdef def_table[] = {
#endif #endif
{"FORCE_SHADOW", NULL}, {"FORCE_SHADOW", NULL},
{"GRANT_AUX_GROUP_SUBIDS", NULL}, {"GRANT_AUX_GROUP_SUBIDS", NULL},
{"PREVENT_NO_AUTH", NULL},
{NULL, NULL} {NULL, NULL}
}; };

13
src/login.c
View File

@ -978,6 +978,19 @@ int main (int argc, char **argv)
|| ('*' == user_passwd[0])) { || ('*' == user_passwd[0])) {
failed = true; failed = true;
} }
if (strcmp (user_passwd, "") == 0) {
char *prevent_no_auth = getdef_str("PREVENT_NO_AUTH");
if(prevent_no_auth == NULL) {
prevent_no_auth = "superuser";
}
if(strcmp(prevent_no_auth, "yes") == 0) {
failed = true;
} else if( (pwd->pw_uid == 0)
&& (strcmp(prevent_no_auth, "superuser") == 0)) {
failed = true;
}
}
} }
if (strcmp (user_passwd, SHADOW_PASSWD_STRING) == 0) { if (strcmp (user_passwd, SHADOW_PASSWD_STRING) == 0) {

15
src/su.c
View File

@ -505,6 +505,21 @@ static void check_perms_nopam (const struct passwd *pw)
return; return;
} }
if (strcmp (pw->pw_passwd, "") == 0) {
char *prevent_no_auth = getdef_str("PREVENT_NO_AUTH");
if(prevent_no_auth == NULL) {
prevent_no_auth = "superuser";
}
if(strcmp(prevent_no_auth, "yes") == 0) {
fprintf(stderr, _("Password field is empty, this is forbidden for all accounts.\n"));
exit(1);
} else if( (pw->pw_uid == 0)
&& (strcmp(prevent_no_auth, "superuser") == 0)) {
fprintf(stderr, _("Password field is empty, this is forbidden for super-user.\n"));
exit(1);
}
}
/* /*
* BSD systems only allow "wheel" to SU to root. USG systems don't, * BSD systems only allow "wheel" to SU to root. USG systems don't,
* so we make this a configurable option. * so we make this a configurable option.