Re: Encrypted password patch

help-gnats

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Encrypted password patch

From:	Yngve Svendsen
Subject:	Re: Encrypted password patch
Date:	Tue, 26 Jun 2001 15:10:19 +0200

At 17:45 24.06.2001 +0200, Milan Zamazal wrote:

Please note that patch breaks the compilation if the `crypt' function is
not present.  It should handle the situation reasonably, possibly by
never matching passwords not starting with $0$; the code must be
#ifdefed appropriately.

A properly ifdefed patch is attached below. I added in again the ifdefsthat you originally added in order to support MD5. I think we should log awarning if the password file contains encrypted passwords on systems thatdon't support it, so I also added in the original line saying "TODO: logsome warning". I don't know how logging works, so I leave that to someoneelse to add.


- Yngve


Index: gnatsd.c
===================================================================
RCS file: /cvs/gnats/gnats/gnats/gnatsd.c,v
retrieving revision 1.41
diff -u -p -r1.41 gnatsd.c
--- gnatsd.c    2001/06/10 17:17:19     1.41
+++ gnatsd.c    2001/06/26 13:03:07
@@ -271,33 +271,29 @@ match (const char *line, const char *pat
     }
 }

+
 /* Return true iff `password' matches `hash'.

`hash' is a possibly encrypted password, according to the $?$convention. */

 static int
 password_match (const char *password, const char *hash)
 {
-  /* TODO: document the facility in the manual */
-
   if (! strncmp (hash, "$0$", 3))
     {
       /* explicit plain-text password */
       return ! strcmp (password, hash+3);
     }
-  else if (! strncmp (hash, "$1$", 3))
+  else
     {
-      /* MD5 hash of the password */
-#ifdef HAVE_LIBCRYPT
-      char *encrypted = crypt (password, hash);
+      /* DES or MD5 password. If crypt supports MD5, it uses MD5 when
+         the salt starts with $1$. If there's no prefix standard DES
+         is assumed */
+#ifdef HAVE_LIBCRYPT
+         char *encrypted = crypt (password, hash);
       return encrypted && ! strcmp (encrypted, hash);
 #else
       /* TODO: log some warning */
       return FALSE;
 #endif
-    }
-  else
-    {
-      /* default password type is plain-text */
-      return match (password, hash, TRUE);
     }
 }

[Prev in Thread]

Current Thread

[Next in Thread]

Re: /etc/qnats-db.conf, (continued)
- Re: Encrypted password patch, Milan Zamazal, 2001/06/24
  - Re: Encrypted password patch, Rick Macdonald, 2001/06/24
    - Re: Encrypted password patch, Milan Zamazal, 2001/06/24
    - Re: Encrypted password patch, Rick Macdonald, 2001/06/24
    - Re: Encrypted password patch, Milan Zamazal, 2001/06/24
  - Re: Encrypted password patch, Yngve Svendsen, 2001/06/24
    - Re: Encrypted password patch, Milan Zamazal, 2001/06/24
    - cgi_error, Margaret BRIERTON, 2001/06/26
    - Re: cgi_error, Yngve Svendsen, 2001/06/26
  - Re: Encrypted password patch, Yngve Svendsen <=
    - Re: Encrypted password patch, Milan Zamazal, 2001/06/27

Prev by Date: Re: cgi_error
Next by Date: GNATS password management
Previous by thread: Re: cgi_error
Next by thread: Re: Encrypted password patch
Index(es):
- Date
- Thread