From 06250234a08a5d4a2d381f2308fb4d330917dd7c Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <kukuk@thkukuk.de>
Date: Tue, 24 Oct 2006 13:07:51 +0000
Subject: Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2006-10-24  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_unix/support.c (_unix_verify_password): Try system
        crypt() if we don't know the hash alogorithm.
        * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise.
---
 ChangeLog                      | 10 ++++++++--
 modules/pam_unix/support.c     |  8 +++++++-
 modules/pam_unix/unix_chkpwd.c | 13 ++++++++++---
 3 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 35188d8c..05c066ee 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2006-10-24  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	* modules/pam_unix/support.c (_unix_verify_password): Try system
+	crypt() if we don't know the hash alogorithm.
+	* modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise.
+
 2006-10-13  Tomas Mraz <t8m@centrum.cz>
 
 	* doc/mwg/Linux-PAM_MWG.xml: Add id[s] to section[s].
@@ -12,9 +18,9 @@
 	* doc/sag/Linux-PAM_SAG.xml: Add id to book.
 	* doc/adg/Linux-PAM_ADG.xml: Add id to book.
 	* doc/mwg/Linux-PAM_MWG.xml: Add id to book.
-	
 
-2006-10-07  Thorsten Kukuk  <kukuk@suse.de>
+
+2006-10-07  Thorsten Kukuk  <kukuk@thkukuk.de>
 
 	* po/hu.po: Updated hungarian translation (from
 	Kalman Kemenczy <kkemenczy@novell.com>)
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index b695b8db..e2a30646 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -689,7 +689,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 		    D(("user has empty password - access denied"));
 		    retval = PAM_AUTH_ERR;
 		}
-	    } else if (!p || (*salt == '*') || (salt_len < 13)) {
+	    } else if (!p || (*salt == '*')) {
 		retval = PAM_AUTH_ERR;
 	    } else {
 		if (!strncmp(salt, "$1$", 3)) {
@@ -698,6 +698,12 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 			_pam_delete(pp);
 			pp = Brokencrypt_md5(p, salt);
 		    }
+		} else if (*salt == '$') {
+                    /*
+		     * Ok, we don't know the crypt algorithm, but maybe
+		     * libcrypt nows about it? We should try it.
+		     */
+		    pp = x_strdup (crypt(p, salt));
 		} else {
 		    pp = bigcrypt(p, salt);
 		}
diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c
index 407909a4..87d29256 100644
--- a/modules/pam_unix/unix_chkpwd.c
+++ b/modules/pam_unix/unix_chkpwd.c
@@ -40,9 +40,7 @@ static int selinux_enabled=-1;
 #include <security/_pam_macros.h>
 
 #include "md5.h"
-
-extern char *crypt(const char *key, const char *salt);
-extern char *bigcrypt(const char *key, const char *salt);
+#include "bigcrypt.h"
 
 /* syslogging function for errors and other information */
 
@@ -205,6 +203,15 @@ static int _unix_verify_password(const char *name, const char *p, int nullok)
 			if (strcmp(pp, salt) == 0)
 				retval = PAM_SUCCESS;
 		}
+	} else if (*salt == '$') {
+	        /*
+		 * Ok, we don't know the crypt algorithm, but maybe
+		 * libcrypt nows about it? We should try it.
+		 */
+	        pp = x_strdup (crypt(p, salt));
+		if (strcmp(pp, salt) == 0) {
+			retval = PAM_SUCCESS;
+		}
 	} else if ((*salt == '*') || (salt_len < 13)) {
 	    retval = PAM_AUTH_ERR;
 	} else {
-- 
cgit v1.2.3