diff options
| author | Thorsten Kukuk <kukuk@thkukuk.de> | 2006-10-24 13:07:51 +0000 |
|---|---|---|
| committer | Thorsten Kukuk <kukuk@thkukuk.de> | 2006-10-24 13:07:51 +0000 |
| commit | 06250234a08a5d4a2d381f2308fb4d330917dd7c (patch) | |
| tree | 04cbc04c52cf3aaf0fa2ec81f2b5d684eaef0e08 /modules | |
| parent | d6acfdc38432b660606e43f76f6b78f5455cde33 (diff) | |
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2006-10-24 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/support.c (_unix_verify_password): Try system
crypt() if we don't know the hash alogorithm.
* modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/pam_unix/support.c | 8 | ||||
| -rw-r--r-- | modules/pam_unix/unix_chkpwd.c | 13 |
2 files changed, 17 insertions, 4 deletions
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index b695b8db..e2a30646 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -689,7 +689,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name D(("user has empty password - access denied")); retval = PAM_AUTH_ERR; } - } else if (!p || (*salt == '*') || (salt_len < 13)) { + } else if (!p || (*salt == '*')) { retval = PAM_AUTH_ERR; } else { if (!strncmp(salt, "$1$", 3)) { @@ -698,6 +698,12 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name _pam_delete(pp); pp = Brokencrypt_md5(p, salt); } + } else if (*salt == '$') { + /* + * Ok, we don't know the crypt algorithm, but maybe + * libcrypt nows about it? We should try it. + */ + pp = x_strdup (crypt(p, salt)); } else { pp = bigcrypt(p, salt); } diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c index 407909a4..87d29256 100644 --- a/modules/pam_unix/unix_chkpwd.c +++ b/modules/pam_unix/unix_chkpwd.c @@ -40,9 +40,7 @@ static int selinux_enabled=-1; #include <security/_pam_macros.h> #include "md5.h" - -extern char *crypt(const char *key, const char *salt); -extern char *bigcrypt(const char *key, const char *salt); +#include "bigcrypt.h" /* syslogging function for errors and other information */ @@ -205,6 +203,15 @@ static int _unix_verify_password(const char *name, const char *p, int nullok) if (strcmp(pp, salt) == 0) retval = PAM_SUCCESS; } + } else if (*salt == '$') { + /* + * Ok, we don't know the crypt algorithm, but maybe + * libcrypt nows about it? We should try it. + */ + pp = x_strdup (crypt(p, salt)); + if (strcmp(pp, salt) == 0) { + retval = PAM_SUCCESS; + } } else if ((*salt == '*') || (salt_len < 13)) { retval = PAM_AUTH_ERR; } else { |