Add the "nullok" option that causes this module to succeed if the Unix

password is empty/null.
author: markm <markm@FreeBSD.org> 2001-06-04 19:16:57 +0000
committer: markm <markm@FreeBSD.org> 2001-06-04 19:16:57 +0000
commit: cafc16591fdfbb7077a31baf1a054e351eda6382 (patch)
tree: 60f964101cd5b85f63e559b882ae0029b13e3240 /lib/libpam
parent: c5ba97baf9465d5e1545ca07a5bbb988a82c68e5 (diff)
download: FreeBSD-src-cafc16591fdfbb7077a31baf1a054e351eda6382.zip
FreeBSD-src-cafc16591fdfbb7077a31baf1a054e351eda6382.tar.gz
1 files changed, 11 insertions, 3 deletions
diff --git a/lib/libpam/modules/pam_unix/pam_unix.c b/lib/libpam/modules/pam_unix/pam_unix.c
index c8ddde7..cc97ad9 100644
--- a/lib/libpam/modules/pam_unix/pam_unix.c
+++ b/lib/libpam/modules/pam_unix/pam_unix.c
@@ -69,10 +69,18 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
 			return retval;
 		pwd = getpwnam(user);
 	}
-	if ((retval = pam_get_pass(pamh, &password, PASSWORD_PROMPT,
-	    options)) != PAM_SUCCESS)
-		return retval;
 	if (pwd != NULL) {
+		if (pwd->pw_passwd[0] == '\0' && (options & PAM_OPT_NULLOK))
+			/*
+			 * No password case. XXX Are we giving too much away
+			 * by not prompting for a password?
+			 */
+			return PAM_SUCCESS;
+		else {
+			if ((retval = pam_get_pass(pamh, &password,
+			    PASSWORD_PROMPT, options)) != PAM_SUCCESS)
+				return retval;
+		}
 		encrypted = crypt(password, pwd->pw_passwd);
 		if (password[0] == '\0' && pwd->pw_passwd[0] != '\0')
 			encrypted = ":";
author	markm <markm@FreeBSD.org>	2001-06-04 19:16:57 +0000
committer	markm <markm@FreeBSD.org>	2001-06-04 19:16:57 +0000
commit	cafc16591fdfbb7077a31baf1a054e351eda6382 (patch)
tree	60f964101cd5b85f63e559b882ae0029b13e3240 /lib/libpam
parent	c5ba97baf9465d5e1545ca07a5bbb988a82c68e5 (diff)
download	FreeBSD-src-cafc16591fdfbb7077a31baf1a054e351eda6382.zip FreeBSD-src-cafc16591fdfbb7077a31baf1a054e351eda6382.tar.gz