From: Leon P Smith leon@melding-monads.com
As it was, this module was nearly useless, as it assumed DES-crypted passwords. Now it can make use of 18-year old technology. --- modules/pam_userdb/pam_userdb.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c index c075c4b..de8b5b1 100644 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -214,17 +214,13 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, /* crypt(3) password storage */
char *cryptpw; - char salt[2];
- if (data.dsize != 13) { + if (data.dsize < 13) { compare = -2; } else if (ctrl & PAM_ICASE_ARG) { compare = -2; } else { - salt[0] = *data.dptr; - salt[1] = *(data.dptr + 1); - - cryptpw = crypt (pass, salt); + cryptpw = crypt (pass, data.dptr);
if (cryptpw) { compare = strncasecmp (data.dptr, cryptpw, data.dsize);
On Wed, 2013-02-06 at 09:13 -0500, Leon P Smith wrote:
From: Leon P Smith leon@melding-monads.com
As it was, this module was nearly useless, as it assumed DES-crypted passwords. Now it can make use of 18-year old technology.
modules/pam_userdb/pam_userdb.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c index c075c4b..de8b5b1 100644 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -214,17 +214,13 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, /* crypt(3) password storage */
char *cryptpw;
char salt[2];
if (data.dsize != 13) {
} else if (ctrl & PAM_ICASE_ARG) { compare = -2; } else {if (data.dsize < 13) { compare = -2;
salt[0] = *data.dptr;
salt[1] = *(data.dptr + 1);
cryptpw = crypt (pass, salt);
cryptpw = crypt (pass, data.dptr); if (cryptpw) { compare = strncasecmp (data.dptr, cryptpw, data.dsize);
Yes, this is fine and I will commit it to the repository.
pam-developers@lists.fedorahosted.org