summaryrefslogtreecommitdiff
path: root/source/a/pam/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch
diff options
context:
space:
mode:
Diffstat (limited to 'source/a/pam/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch')
-rw-r--r--source/a/pam/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch73
1 files changed, 73 insertions, 0 deletions
diff --git a/source/a/pam/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch b/source/a/pam/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch
new file mode 100644
index 00000000..5cbc35b0
--- /dev/null
+++ b/source/a/pam/fedora-patches/pam-1.3.1-unix-checksalt_syslog.patch
@@ -0,0 +1,73 @@
+From 86eed7ca01864b9fd17099e57f10f2b9b6b568a1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
+Date: Mon, 26 Nov 2018 22:33:17 +0100
+Subject: [PATCH] pam_unix: Report unusable hashes found by checksalt to
+ syslog.
+
+libxcrypt can be build-time configured to support (or not support)
+various hashing methods. Future versions will also have support for
+runtime configuration by the system's vendor and/or administrator.
+
+For that reason adminstrator should be notified by pam if users cannot
+log into their account anymore because of such a change in the system's
+configuration of libxcrypt.
+
+Also check for malformed hashes, like descrypt hashes starting with
+"$2...", which might have been generated by unsafe base64 encoding
+functions as used in glibc <= 2.16.
+Such hashes are likely to be rejected by many recent implementations
+of libcrypt.
+
+* modules/pam_unix/passverify.c (verify_pwd_hash): Report unusable
+hashes found by checksalt to syslog.
+---
+ modules/pam_unix/passverify.c | 36 +++++++++++++++++++++++++++++++++++
+ 1 file changed, 36 insertions(+)
+
+diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
+index eb2444bb..2c808eb5 100644
+--- a/modules/pam_unix/passverify.c
++++ b/modules/pam_unix/passverify.c
+@@ -103,6 +103,42 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok)
+ * Ok, we don't know the crypt algorithm, but maybe
+ * libcrypt knows about it? We should try it.
+ */
++#if defined(CRYPT_CHECKSALT_AVAILABLE) && CRYPT_CHECKSALT_AVAILABLE
++ /* Get the status of the hash from checksalt */
++ int retval_checksalt = crypt_checksalt(hash);
++
++ /*
++ * Check for hashing methods that are disabled by
++ * libcrypt configuration and/or system preset.
++ */
++ if (retval_checksalt == CRYPT_SALT_METHOD_DISABLED) {
++ /*
++ * pam_syslog() needs a pam handle,
++ * but that's not available here.
++ */
++ helper_log_err(LOG_ERR,
++ "pam_unix(verify_pwd_hash): The method "
++ "for computing the hash \"%.6s\" has been "
++ "disabled in libcrypt by the preset from "
++ "the system's vendor and/or administrator.",
++ hash);
++ }
++ /*
++ * Check for malformed hashes, like descrypt hashes
++ * starting with "$2...", which might have been
++ * generated by unsafe base64 encoding functions
++ * as used in glibc <= 2.16.
++ * Such hashes are likely to be rejected by many
++ * recent implementations of libcrypt.
++ */
++ if (retval_checksalt == CRYPT_SALT_INVALID) {
++ helper_log_err(LOG_ERR,
++ "pam_unix(verify_pwd_hash): The hash \"%.6s\""
++ "does not use a method known by the version "
++ "of libcrypt this system is supplied with.",
++ hash);
++ }
++#endif
+ #ifdef HAVE_CRYPT_R
+ struct crypt_data *cdata;
+ cdata = malloc(sizeof(*cdata));