From 75e78d72a9ddf639505a4eb624cfc6754b11784d Mon Sep 17 00:00:00 2001
From: blueskycs2c <lili.ding@cs2c.com>
Date: Thu, 5 Mar 2020 16:54:32 +0800
Subject: [PATCH] identify empty string as /bin/sh when user shell is empty

---
 ...x-pam-1.3.1-identify-empty-str-to-sh.patch | 49 +++++++++++++++++++
 pam.spec                                      | 10 +++-
 2 files changed, 58 insertions(+), 1 deletion(-)
 create mode 100644 bugfix-pam-1.3.1-identify-empty-str-to-sh.patch

diff --git a/bugfix-pam-1.3.1-identify-empty-str-to-sh.patch b/bugfix-pam-1.3.1-identify-empty-str-to-sh.patch
new file mode 100644
index 0000000..337e57c
--- /dev/null
+++ b/bugfix-pam-1.3.1-identify-empty-str-to-sh.patch
@@ -0,0 +1,49 @@
+From 30432a6e66325862384ecc25c5627f1f975a06b9 Mon Sep 17 00:00:00 2001
+From: blueskycs2c <lili.ding@cs2c.com>
+Date: Thu, 5 Mar 2020 16:37:50 +0800
+Subject: [PATCH] identify empty string to /bin/sh
+
+---
+ modules/pam_shells/pam_shells.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c
+index c8acb9e..1fd1f9e 100644
+--- a/modules/pam_shells/pam_shells.c
++++ b/modules/pam_shells/pam_shells.c
+@@ -1,7 +1,7 @@
+ /* pam_shells module */
+ 
+ #define SHELL_FILE "/etc/shells"
+-
++#define DEFAULT_SHELL "/bin/sh"
+ /*
+  * by Erik Troan <ewt@redhat.com>, Red Hat Software.
+  * August 5, 1996.
+@@ -38,7 +38,7 @@ static int perform_check(pam_handle_t *pamh)
+ {
+     int retval = PAM_AUTH_ERR;
+     const char *userName;
+-    char *userShell;
++    const char *userShell;
+     char shellFileLine[256];
+     struct stat sb;
+     struct passwd * pw;
+@@ -62,10 +62,13 @@ static int perform_check(pam_handle_t *pamh)
+     }
+ 
+     pw = pam_modutil_getpwnam(pamh, userName);
+-    if (!pw) {
++    if (!pw || pw->pw_shell == NULL) {
+ 	return PAM_AUTH_ERR;		/* user doesn't exist */
+     }
+     userShell = pw->pw_shell;
++    if(userShell[0] == '\0')
++	    userShell = DEFAULT_SHELL;
++
+ 
+     if (stat(SHELL_FILE,&sb)) {
+ 	pam_syslog(pamh, LOG_ERR, "Cannot stat %s: %m", SHELL_FILE);
+-- 
+2.24.1
+
diff --git a/pam.spec b/pam.spec
index 1ace7cb..92da7d1 100644
--- a/pam.spec
+++ b/pam.spec
@@ -4,7 +4,7 @@
 %define _pamconfdir %{_sysconfdir}/pam.d
 Name: pam
 Version: 1.3.1
-Release: 8
+Release: 9
 Summary: Pluggable Authentication Modules for Linux
 License: BSD and GPLv2+
 URL: http://www.linux-pam.org/
@@ -23,6 +23,7 @@ Patch7:  pam-1.2.1-faillock-admin-group.patch
 
 Patch6000: bugfix-pam-1.1.8-faillock-failmessages.patch
 Patch6001: bugfix-pam-1.1.8-faillock-systemtime.patch
+Patch6002: bugfix-pam-1.3.1-identify-empty-str-to-sh.patch
 
 BuildRequires: autoconf automake libtool bison flex sed cracklib-devel
 BuildRequires: perl-interpreter pkgconfig gettext-devel libtirpc-devel libnsl2-devel
@@ -167,6 +168,13 @@ fi
 
 
 %changelog
+* Thu Mar 5 2020 lili.ding <lili.ding@cs2c.com.cn> - 1.3.1-9
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:identify empty string as /bin/sh when user shell is empty  
+- patch:bugfix-pam-1.3.1-identify-empty-str-to-sh.patch
+
 * Sun Jan 12 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.3.1-8
 - update config
 
-- 
Gitee