Prevent accepting blank passwords

author: Simo Sorce <ssorce@redhat.com> 2009-05-06 18:12:26 -0400
committer: Simo Sorce <ssorce@redhat.com> 2009-05-18 15:27:48 -0400
commit: 3c9a8417442ea123f431a057821d35a34d7d8363 (patch)
tree: 87e25ba73c0df4f5044b5f0f16f35ae929aa8a7a /server
parent: a15b93a1cb46a4d91666f3b6de2337eb693e833b (diff)
download: sssd-3c9a8417442ea123f431a057821d35a34d7d8363.tar.gz
sssd-3c9a8417442ea123f431a057821d35a34d7d8363.tar.xz
sssd-3c9a8417442ea123f431a057821d35a34d7d8363.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/server/responder/pam/pam_LOCAL_domain.c b/server/responder/pam/pam_LOCAL_domain.c
index 1287c7d9b..614d640e6 100644
--- a/server/responder/pam/pam_LOCAL_domain.c
+++ b/server/responder/pam/pam_LOCAL_domain.c
@@ -230,6 +230,13 @@ static void do_pam_chauthtok(struct LOCAL_request *lreq)
                       lreq->error, ret, done);
     memset(pd->newauthtok, 0, pd->newauthtok_size);
 
+    if (strlen(newauthtok) == 0) {
+        /* TODO: should we allow null passwords via a config option ? */
+        DEBUG(1, ("Empty passwords are not allowed!"));
+        ret = EINVAL;
+        goto done;
+    }
+
     ret = s3crypt_gen_salt(lreq, &salt);
     NEQ_CHECK_OR_JUMP(ret, EOK, ("Salt generation failed.\n"),
                       lreq->error, ret, done);
author	Simo Sorce <ssorce@redhat.com>	2009-05-06 18:12:26 -0400
committer	Simo Sorce <ssorce@redhat.com>	2009-05-18 15:27:48 -0400
commit	3c9a8417442ea123f431a057821d35a34d7d8363 (patch)
tree	87e25ba73c0df4f5044b5f0f16f35ae929aa8a7a /server
parent	a15b93a1cb46a4d91666f3b6de2337eb693e833b (diff)
download	sssd-3c9a8417442ea123f431a057821d35a34d7d8363.tar.gz sssd-3c9a8417442ea123f431a057821d35a34d7d8363.tar.xz sssd-3c9a8417442ea123f431a057821d35a34d7d8363.zip