mirrors/pam-modules
1
0
Fork 0
mirror of git://git.gnu.org.ua/pam-modules.git synced 2025-04-26 16:39:53 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

* pam_fshadow/pam_fshadow.c, pam_sql/pam_mysql.c,

Browse source 
pam_sql/pam_sql.c, pam_regex/pam_regex.c: Ensure passwords might
get divulged only at debugging level 100.


git-svn-id: file:///svnroot/pam-modules/trunk@87 56984be4-0537-0410-a56c-fcb268c96130
This commit is contained in:
Sergey Poznyakoff 2008-03-16 22:12:43 +00:00
parent f5f42d1c7b
commit d3b8bcfd1f
5 changed files with 29 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

23
pam_fshadow/pam_fshadow.c
View file

@ -135,7 +135,7 @@ _pam_get_password(pam_handle_t *pamh, char **password, const char *prompt)
struct pam_response *resp;
int i, replies;
DEBUG(100,("enter _pam_get_password"));
DEBUG(90,("enter _pam_get_password"));
if (cntl_flags & CNTL_AUTHTOK) {
/*
@ -176,7 +176,7 @@ _pam_get_password(pam_handle_t *pamh, char **password, const char *prompt)
if (resp != NULL) {
if (retval == PAM_SUCCESS) { /* a good conversation */
token = XSTRDUP(resp[i - replies].resp);
DEBUG(10,("app returned [%s]", token));
DEBUG(100,("app returned [%s]", token));
PAM_DROP_REPLY(resp, 1);
} else {
_pam_log(LOG_ERR, "conversation error: %s",
@ -211,7 +211,7 @@ _pam_get_password(pam_handle_t *pamh, char **password, const char *prompt)
pam_strerror(pamh, retval));
}
DEBUG(100,("exit _pam_get_password: %d", retval));
DEBUG(90,("exit _pam_get_password: %d", retval));
return retval;
}
@ -274,9 +274,13 @@ verify_user_pass(const char *confdir, const char *username,
FILE *fp;
int retval = PAM_AUTH_ERR;
char *shadow = mkfilename(confdir, "shadow");
DEBUG(10,("Verifying user `%s' with password `%s' in `%s'",
username, password, shadow));
if (debug_level == 100)
_pam_debug("Verifying user `%s' with password `%s' in `%s'",
username, password, shadow);
else if (debug_level >= 10)
_pam_debug("Verifying user `%s' in `%s'",
username, password, shadow);
fp = fopen(shadow, "r");
if (!fp) {
@ -376,7 +380,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
/* Get the username */
retval = pam_get_user(pamh, &username, NULL);
if (retval != PAM_SUCCESS || !username) {
_pam_log(LOG_DEBUG,"can not get the username");
DEBUG(1,("can not get the username"));
return PAM_SERVICE_ERR;
}
@ -397,11 +401,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
pam_set_data(pamh, "CONFDIR",
(void *)confdir, gray_cleanup_string);
} else {
_pam_log(LOG_DEBUG,
"user name `%s' does not match regular "
DEBUG(1,("user name `%s' does not match regular "
"expression `%s'",
username,
regex_str);
regex_str));
}
}