summaryrefslogtreecommitdiff
path: root/modules/pam_unix/support.c
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_unix/support.c')
-rw-r--r--modules/pam_unix/support.c64
1 files changed, 2 insertions, 62 deletions
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 1472b966..60acc958 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -26,9 +26,8 @@
#include <security/pam_ext.h>
#include <security/pam_modutil.h>
-#include "md5.h"
#include "support.h"
-#include "bigcrypt.h"
+#include "passverify.h"
#ifdef WITH_SELINUX
#include <selinux/selinux.h>
#define SELINUX_ENABLED is_selinux_enabled()>0
@@ -579,7 +578,6 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
struct passwd *pwd = NULL;
struct spwd *spwdent = NULL;
char *salt = NULL;
- char *pp = NULL;
char *data_name;
int retval;
@@ -679,48 +677,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
}
}
} else {
- size_t salt_len = strlen(salt);
- if (!salt_len) {
- /* the stored password is NULL */
- if (off(UNIX__NONULL, ctrl)) {/* this means we've succeeded */
- D(("user has empty password - access granted"));
- retval = PAM_SUCCESS;
- } else {
- D(("user has empty password - access denied"));
- retval = PAM_AUTH_ERR;
- }
- } else if (!p || *salt == '*' || *salt == '!') {
- retval = PAM_AUTH_ERR;
- } else {
- if (!strncmp(salt, "$1$", 3)) {
- pp = Goodcrypt_md5(p, salt);
- if (pp && strcmp(pp, salt) != 0) {
- _pam_delete(pp);
- pp = Brokencrypt_md5(p, salt);
- }
- } else if (*salt != '$' && salt_len >= 13) {
- pp = bigcrypt(p, salt);
- if (pp && salt_len == 13 && strlen(pp) > salt_len) {
- _pam_overwrite(pp + salt_len);
- }
- } else {
- /*
- * Ok, we don't know the crypt algorithm, but maybe
- * libcrypt nows about it? We should try it.
- */
- pp = x_strdup (crypt(p, salt));
- }
- p = NULL; /* no longer needed here */
-
- /* the moment of truth -- do we agree with the password? */
- D(("comparing state of pp[%s] and salt[%s]", pp, salt));
-
- if (pp && strcmp(pp, salt) == 0) {
- retval = PAM_SUCCESS;
- } else {
- retval = PAM_AUTH_ERR;
- }
- }
+ retval = verify_pwd_hash(p, salt, off(UNIX__NONULL, ctrl));
}
if (retval == PAM_SUCCESS) {
@@ -809,8 +766,6 @@ cleanup:
_pam_delete(data_name);
if (salt)
_pam_delete(salt);
- if (pp)
- _pam_delete(pp);
D(("done [%d].", retval));
@@ -971,21 +926,6 @@ int _unix_read_password(pam_handle_t * pamh
return PAM_SUCCESS;
}
-int _unix_shadowed(const struct passwd *pwd)
-{
- if (pwd != NULL) {
- if (strcmp(pwd->pw_passwd, "x") == 0) {
- return 1;
- }
- if ((pwd->pw_passwd[0] == '#') &&
- (pwd->pw_passwd[1] == '#') &&
- (strcmp(pwd->pw_name, pwd->pw_passwd + 2) == 0)) {
- return 1;
- }
- }
- return 0;
-}
-
/* ****************************************************************** *
* Copyright (c) Jan RÍkorajski 1999.
* Copyright (c) Andrew G. Morgan 1996-8.