diff options
author | Simo Sorce <ssorce@redhat.com> | 2009-05-06 18:12:26 -0400 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2009-05-18 15:27:48 -0400 |
commit | 3c9a8417442ea123f431a057821d35a34d7d8363 (patch) | |
tree | 87e25ba73c0df4f5044b5f0f16f35ae929aa8a7a /server | |
parent | a15b93a1cb46a4d91666f3b6de2337eb693e833b (diff) | |
download | sssd-3c9a8417442ea123f431a057821d35a34d7d8363.tar.gz sssd-3c9a8417442ea123f431a057821d35a34d7d8363.tar.bz2 sssd-3c9a8417442ea123f431a057821d35a34d7d8363.zip |
Prevent accepting blank passwords
Diffstat (limited to 'server')
-rw-r--r-- | server/responder/pam/pam_LOCAL_domain.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/server/responder/pam/pam_LOCAL_domain.c b/server/responder/pam/pam_LOCAL_domain.c index 1287c7d9..614d640e 100644 --- a/server/responder/pam/pam_LOCAL_domain.c +++ b/server/responder/pam/pam_LOCAL_domain.c @@ -230,6 +230,13 @@ static void do_pam_chauthtok(struct LOCAL_request *lreq) lreq->error, ret, done); memset(pd->newauthtok, 0, pd->newauthtok_size); + if (strlen(newauthtok) == 0) { + /* TODO: should we allow null passwords via a config option ? */ + DEBUG(1, ("Empty passwords are not allowed!")); + ret = EINVAL; + goto done; + } + ret = s3crypt_gen_salt(lreq, &salt); NEQ_CHECK_OR_JUMP(ret, EOK, ("Salt generation failed.\n"), lreq->error, ret, done); |