Bug#380078: libpam-modules: pam_unix fails to call helper "unix_pwdchk" when used with libnss_ldap > 246

Thu, 27 Jul 2006 05:09:43 -0700 

Package: libpam-modules
Version: 0.79-3.1
Severity: important
Tags: patch


Since version 246, a change has been made to libnss_ldap, whose
functions getspnam() and getspnam_r() now return "*" instead
of "x" previously, in the sp_pwdp member of a spwd struct.

This introduces an incompatibility with the present version of
libpam-modules, as the "*" case is not handled by the code in
"support.c" (line 741), thus resulting in the helper program
"unix_chkpwd" never being called.

As a consequence, all the programs relying on libpam-modules to
authenticate a user in an LDAP environment may fail. "kcheckpass" is an
example of such a program.

Proposed patch:

$ diff -u support.c support.c.new
--- support.c   2006-07-27 13:17:04.000000000 +0200
+++ support.c.new       2006-07-27 13:17:39.000000000 +0200
@@ -738,7 +738,7 @@
        }

        retval = PAM_SUCCESS;
-       if (pwd == NULL || salt == NULL || !strcmp(salt, "x") || ((salt[0] == 
'#') && (salt[1] == '#') && !strcmp(salt + 2, name))) {
+       if (pwd == NULL || salt == NULL || !strcmp(salt, "x") || !strcmp(salt, 
"*") || ((salt[0] == '#') && (salt[1] == '#') && !strcmp(salt + 2, name))) {

                if (geteuid() || SELINUX_ENABLED) {
                        /* we are not root perhaps this is the reason?  * Run 
helper */



-- System Information:
Debian Release: testing/unstable
  APT prefers testing-proposed-updates
  APT policy: (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15.6
Locale: LANG=C, LC_CTYPE=fr_FR (charmap=ISO-8859-1)

Versions of packages libpam-modules depends on:
ii  libc6                         2.3.6-15   GNU C Library: Shared libraries
ii  libcap1                       1:1.10-14  support for getting/setting POSIX.
ii  libdb4.3                      4.3.29-4.1 Berkeley v4.3 Database Libraries [
ii  libpam0g                      0.79-3.1   Pluggable Authentication Modules l
ii  libselinux1                   1.30-1     SELinux shared libraries

libpam-modules recommends no packages.

-- no debconf information

-- 
-- Service Hydrographique et Oceanographique de la Marine ---  EPSHOM/CIS/MIC
--     13, rue du Chatellier ---  BP 30316  --- 29603 Brest Cedex, FRANCE
--        Phone: +33 2 98 22 17 49  ---  Email: [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to