summaryrefslogtreecommitdiff
path: root/modules/pam_unix/support.c
diff options
context:
space:
mode:
authorAndrew G. Morgan <morgan@kernel.org>2002-09-23 17:33:22 +0000
committerAndrew G. Morgan <morgan@kernel.org>2002-09-23 17:33:22 +0000
commita8490a0122f3be5e5613a8cd3a57e873c31cc682 (patch)
tree9ace51fd9b77cb378f3f9ac224ffef270fcac6f6 /modules/pam_unix/support.c
parente9f1b93a7bdf0894f73ba3c250fb8264fd6291f2 (diff)
Relevant BUGIDs: 521314
Purpose of commit: bugfix Commit summary: --------------- This code is needed to complete this bugfix.
Diffstat (limited to 'modules/pam_unix/support.c')
-rw-r--r--modules/pam_unix/support.c75
1 files changed, 38 insertions, 37 deletions
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 98536d21..68f59a92 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -609,47 +609,48 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
retval = PAM_AUTHINFO_UNAVAIL;
}
} else {
- if (!strlen(salt)) {
- /* the stored password is NULL */
- if (off(UNIX__NONULL, ctrl)) { /* this means we've succeeded */
- D(("user has empty password - access granted"));
- retval = PAM_SUCCESS;
- } else {
- D(("user has empty password - access denied"));
- retval = PAM_AUTH_ERR;
- }
- } else if (!p) {
- retval = PAM_AUTH_ERR;
+ int salt_len = strlen(salt);
+ if (!salt_len) {
+ /* the stored password is NULL */
+ if (off(UNIX__NONULL, ctrl)) {/* this means we've succeeded */
+ D(("user has empty password - access granted"));
+ retval = PAM_SUCCESS;
} else {
- if (!strncmp(salt, "$1$", 3)) {
- pp = Goodcrypt_md5(p, salt);
- if (strcmp(pp, salt) != 0) {
- _pam_delete(pp);
- pp = Brokencrypt_md5(p, salt);
- }
- } else {
- pp = bigcrypt(p, salt);
- }
- p = NULL; /* no longer needed here */
+ D(("user has empty password - access denied"));
+ retval = PAM_AUTH_ERR;
+ }
+ } else if (!p || (*salt == '*') || (salt_len < 13)) {
+ retval = PAM_AUTH_ERR;
+ } else {
+ if (!strncmp(salt, "$1$", 3)) {
+ pp = Goodcrypt_md5(p, salt);
+ if (strcmp(pp, salt) != 0) {
+ _pam_delete(pp);
+ pp = Brokencrypt_md5(p, salt);
+ }
+ } else {
+ pp = bigcrypt(p, salt);
+ }
+ p = NULL; /* no longer needed here */
- /* the moment of truth -- do we agree with the password? */
- D(("comparing state of pp[%s] and salt[%s]", pp, salt));
+ /* the moment of truth -- do we agree with the password? */
+ D(("comparing state of pp[%s] and salt[%s]", pp, salt));
- /*
- * Note, we are comparing the bigcrypt of the password with
- * the contents of the password field. If the latter was
- * encrypted with regular crypt (and not bigcrypt) it will
- * have been truncated for storage relative to the output
- * of bigcrypt here. As such we need to compare only the
- * stored string with the subset of bigcrypt's result.
- * Bug 521314: The strncmp comparison is for legacy support.
- */
- if (strncmp(pp, salt, strlen(salt)) == 0) {
- retval = PAM_SUCCESS;
- } else {
- retval = PAM_AUTH_ERR;
- }
+ /*
+ * Note, we are comparing the bigcrypt of the password with
+ * the contents of the password field. If the latter was
+ * encrypted with regular crypt (and not bigcrypt) it will
+ * have been truncated for storage relative to the output
+ * of bigcrypt here. As such we need to compare only the
+ * stored string with the subset of bigcrypt's result.
+ * Bug 521314: The strncmp comparison is for legacy support.
+ */
+ if (strncmp(pp, salt, salt_len) == 0) {
+ retval = PAM_SUCCESS;
+ } else {
+ retval = PAM_AUTH_ERR;
}
+ }
}
if (retval == PAM_SUCCESS) {