summaryrefslogtreecommitdiff
path: root/modules/pam_unix/passverify.c
diff options
context:
space:
mode:
authorTomas Mraz <tm@t8m.info>2008-01-24 16:42:58 +0000
committerTomas Mraz <tm@t8m.info>2008-01-24 16:42:58 +0000
commit18844525b681b18eec1f18bbfaeb5577c96b28c0 (patch)
treec8be26715848e99c32372a0ad116706922c1dfb1 /modules/pam_unix/passverify.c
parent459e97431e99fa2c32e30e957993f95794b98dd0 (diff)
Relevant BUGIDs: 1836981
Purpose of commit: bugfix Commit summary: --------------- 2008-01-24 Tomas Mraz <t8m@centrum.cz> * modules/pam_unix/bigcrypt.c (bigcrypt): Use crypt_r() when available. * modules/pam_unix/passverify.c (strip_hpux_aging): New function to strip HP/UX aging info from password hash. (verify_pwd_hash): Call strip_hpux_aging(), use crypt_r() when available.
Diffstat (limited to 'modules/pam_unix/passverify.c')
-rw-r--r--modules/pam_unix/passverify.c38
1 files changed, 35 insertions, 3 deletions
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 6fc4dcce..9b9f0a42 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -19,6 +19,9 @@
#include <sys/time.h>
#include <sys/stat.h>
#include <fcntl.h>
+#ifdef HAVE_CRYPT_H
+#include <crypt.h>
+#endif
#include "md5.h"
#include "bigcrypt.h"
@@ -44,14 +47,32 @@
# include "./lckpwdf.-c"
#endif
+static void
+strip_hpux_aging(char *hash)
+{
+ static const char valid[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz"
+ "0123456789./";
+ if ((*hash != '$') && (strlen(hash) > 13)) {
+ for (hash += 13; *hash != '\0'; hash++) {
+ if (strchr(valid, *hash) == NULL) {
+ *hash = '\0';
+ break;
+ }
+ }
+ }
+}
+
int
-verify_pwd_hash(const char *p, const char *hash, unsigned int nullok)
+verify_pwd_hash(const char *p, char *hash, unsigned int nullok)
{
- size_t hash_len = strlen(hash);
+ size_t hash_len;
char *pp = NULL;
int retval;
D(("called"));
+ strip_hpux_aging(hash);
+ hash_len = strlen(hash);
if (!hash_len) {
/* the stored password is NULL */
if (nullok) { /* this means we've succeeded */
@@ -78,9 +99,20 @@ verify_pwd_hash(const char *p, const char *hash, unsigned int nullok)
} else {
/*
* Ok, we don't know the crypt algorithm, but maybe
- * libcrypt nows about it? We should try it.
+ * libcrypt knows about it? We should try it.
*/
+#ifdef HAVE_CRYPT_R
+ struct crypt_data *cdata;
+ cdata = malloc(sizeof(*cdata));
+ if (cdata != NULL) {
+ cdata->initialized = 0;
+ pp = x_strdup(crypt_r(p, hash, cdata));
+ memset(cdata, '\0', sizeof(*cdata));
+ free(cdata);
+ }
+#else
pp = x_strdup(crypt(p, hash));
+#endif
}
p = NULL; /* no longer needed here */