summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThorsten Kukuk <kukuk@thkukuk.de>2006-10-24 13:07:51 +0000
committerThorsten Kukuk <kukuk@thkukuk.de>2006-10-24 13:07:51 +0000
commit06250234a08a5d4a2d381f2308fb4d330917dd7c (patch)
tree04cbc04c52cf3aaf0fa2ec81f2b5d684eaef0e08
parentd6acfdc38432b660606e43f76f6b78f5455cde33 (diff)
Relevant BUGIDs:
Purpose of commit: bugfix Commit summary: --------------- 2006-10-24 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/support.c (_unix_verify_password): Try system crypt() if we don't know the hash alogorithm. * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise.
-rw-r--r--ChangeLog10
-rw-r--r--modules/pam_unix/support.c8
-rw-r--r--modules/pam_unix/unix_chkpwd.c13
3 files changed, 25 insertions, 6 deletions
diff --git a/ChangeLog b/ChangeLog
index 35188d8c..05c066ee 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2006-10-24 Thorsten Kukuk <kukuk@thkukuk.de>
+
+ * modules/pam_unix/support.c (_unix_verify_password): Try system
+ crypt() if we don't know the hash alogorithm.
+ * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise.
+
2006-10-13 Tomas Mraz <t8m@centrum.cz>
* doc/mwg/Linux-PAM_MWG.xml: Add id[s] to section[s].
@@ -12,9 +18,9 @@
* doc/sag/Linux-PAM_SAG.xml: Add id to book.
* doc/adg/Linux-PAM_ADG.xml: Add id to book.
* doc/mwg/Linux-PAM_MWG.xml: Add id to book.
-
-2006-10-07 Thorsten Kukuk <kukuk@suse.de>
+
+2006-10-07 Thorsten Kukuk <kukuk@thkukuk.de>
* po/hu.po: Updated hungarian translation (from
Kalman Kemenczy <kkemenczy@novell.com>)
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index b695b8db..e2a30646 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -689,7 +689,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
D(("user has empty password - access denied"));
retval = PAM_AUTH_ERR;
}
- } else if (!p || (*salt == '*') || (salt_len < 13)) {
+ } else if (!p || (*salt == '*')) {
retval = PAM_AUTH_ERR;
} else {
if (!strncmp(salt, "$1$", 3)) {
@@ -698,6 +698,12 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
_pam_delete(pp);
pp = Brokencrypt_md5(p, salt);
}
+ } else if (*salt == '$') {
+ /*
+ * Ok, we don't know the crypt algorithm, but maybe
+ * libcrypt nows about it? We should try it.
+ */
+ pp = x_strdup (crypt(p, salt));
} else {
pp = bigcrypt(p, salt);
}
diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c
index 407909a4..87d29256 100644
--- a/modules/pam_unix/unix_chkpwd.c
+++ b/modules/pam_unix/unix_chkpwd.c
@@ -40,9 +40,7 @@ static int selinux_enabled=-1;
#include <security/_pam_macros.h>
#include "md5.h"
-
-extern char *crypt(const char *key, const char *salt);
-extern char *bigcrypt(const char *key, const char *salt);
+#include "bigcrypt.h"
/* syslogging function for errors and other information */
@@ -205,6 +203,15 @@ static int _unix_verify_password(const char *name, const char *p, int nullok)
if (strcmp(pp, salt) == 0)
retval = PAM_SUCCESS;
}
+ } else if (*salt == '$') {
+ /*
+ * Ok, we don't know the crypt algorithm, but maybe
+ * libcrypt nows about it? We should try it.
+ */
+ pp = x_strdup (crypt(p, salt));
+ if (strcmp(pp, salt) == 0) {
+ retval = PAM_SUCCESS;
+ }
} else if ((*salt == '*') || (salt_len < 13)) {
retval = PAM_AUTH_ERR;
} else {