From 18844525b681b18eec1f18bbfaeb5577c96b28c0 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 24 Jan 2008 16:42:58 +0000 Subject: Relevant BUGIDs: 1836981 Purpose of commit: bugfix Commit summary: --------------- 2008-01-24 Tomas Mraz * modules/pam_unix/bigcrypt.c (bigcrypt): Use crypt_r() when available. * modules/pam_unix/passverify.c (strip_hpux_aging): New function to strip HP/UX aging info from password hash. (verify_pwd_hash): Call strip_hpux_aging(), use crypt_r() when available. --- modules/pam_unix/passverify.c | 38 +++++++++++++++++++++++++++++++++++--- 1 file changed, 35 insertions(+), 3 deletions(-) (limited to 'modules/pam_unix/passverify.c') diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 6fc4dcce..9b9f0a42 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -19,6 +19,9 @@ #include #include #include +#ifdef HAVE_CRYPT_H +#include +#endif #include "md5.h" #include "bigcrypt.h" @@ -44,14 +47,32 @@ # include "./lckpwdf.-c" #endif +static void +strip_hpux_aging(char *hash) +{ + static const char valid[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" + "0123456789./"; + if ((*hash != '$') && (strlen(hash) > 13)) { + for (hash += 13; *hash != '\0'; hash++) { + if (strchr(valid, *hash) == NULL) { + *hash = '\0'; + break; + } + } + } +} + int -verify_pwd_hash(const char *p, const char *hash, unsigned int nullok) +verify_pwd_hash(const char *p, char *hash, unsigned int nullok) { - size_t hash_len = strlen(hash); + size_t hash_len; char *pp = NULL; int retval; D(("called")); + strip_hpux_aging(hash); + hash_len = strlen(hash); if (!hash_len) { /* the stored password is NULL */ if (nullok) { /* this means we've succeeded */ @@ -78,9 +99,20 @@ verify_pwd_hash(const char *p, const char *hash, unsigned int nullok) } else { /* * Ok, we don't know the crypt algorithm, but maybe - * libcrypt nows about it? We should try it. + * libcrypt knows about it? We should try it. */ +#ifdef HAVE_CRYPT_R + struct crypt_data *cdata; + cdata = malloc(sizeof(*cdata)); + if (cdata != NULL) { + cdata->initialized = 0; + pp = x_strdup(crypt_r(p, hash, cdata)); + memset(cdata, '\0', sizeof(*cdata)); + free(cdata); + } +#else pp = x_strdup(crypt(p, hash)); +#endif } p = NULL; /* no longer needed here */ -- cgit v1.2.3