diff options
| author | Tomas Mraz <tm@t8m.info> | 2008-01-24 16:42:58 +0000 |
|---|---|---|
| committer | Tomas Mraz <tm@t8m.info> | 2008-01-24 16:42:58 +0000 |
| commit | 18844525b681b18eec1f18bbfaeb5577c96b28c0 (patch) | |
| tree | c8be26715848e99c32372a0ad116706922c1dfb1 /modules/pam_unix/passverify.c | |
| parent | 459e97431e99fa2c32e30e957993f95794b98dd0 (diff) | |
| download | pam-18844525b681b18eec1f18bbfaeb5577c96b28c0.tar.gz pam-18844525b681b18eec1f18bbfaeb5577c96b28c0.tar.bz2 pam-18844525b681b18eec1f18bbfaeb5577c96b28c0.zip | |
Relevant BUGIDs: 1836981
Purpose of commit: bugfix
Commit summary:
---------------
2008-01-24 Tomas Mraz <t8m@centrum.cz>
* modules/pam_unix/bigcrypt.c (bigcrypt): Use crypt_r() when
available.
* modules/pam_unix/passverify.c (strip_hpux_aging): New function
to strip HP/UX aging info from password hash.
(verify_pwd_hash): Call strip_hpux_aging(), use crypt_r() when
available.
Diffstat (limited to 'modules/pam_unix/passverify.c')
| -rw-r--r-- | modules/pam_unix/passverify.c | 38 |
1 files changed, 35 insertions, 3 deletions
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 6fc4dcce..9b9f0a42 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -19,6 +19,9 @@ #include <sys/time.h> #include <sys/stat.h> #include <fcntl.h> +#ifdef HAVE_CRYPT_H +#include <crypt.h> +#endif #include "md5.h" #include "bigcrypt.h" @@ -44,14 +47,32 @@ # include "./lckpwdf.-c" #endif +static void +strip_hpux_aging(char *hash) +{ + static const char valid[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" + "0123456789./"; + if ((*hash != '$') && (strlen(hash) > 13)) { + for (hash += 13; *hash != '\0'; hash++) { + if (strchr(valid, *hash) == NULL) { + *hash = '\0'; + break; + } + } + } +} + int -verify_pwd_hash(const char *p, const char *hash, unsigned int nullok) +verify_pwd_hash(const char *p, char *hash, unsigned int nullok) { - size_t hash_len = strlen(hash); + size_t hash_len; char *pp = NULL; int retval; D(("called")); + strip_hpux_aging(hash); + hash_len = strlen(hash); if (!hash_len) { /* the stored password is NULL */ if (nullok) { /* this means we've succeeded */ @@ -78,9 +99,20 @@ verify_pwd_hash(const char *p, const char *hash, unsigned int nullok) } else { /* * Ok, we don't know the crypt algorithm, but maybe - * libcrypt nows about it? We should try it. + * libcrypt knows about it? We should try it. */ +#ifdef HAVE_CRYPT_R + struct crypt_data *cdata; + cdata = malloc(sizeof(*cdata)); + if (cdata != NULL) { + cdata->initialized = 0; + pp = x_strdup(crypt_r(p, hash, cdata)); + memset(cdata, '\0', sizeof(*cdata)); + free(cdata); + } +#else pp = x_strdup(crypt(p, hash)); +#endif } p = NULL; /* no longer needed here */ |