[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Encrypted password patch
From: |
Yngve Svendsen |
Subject: |
Re: Encrypted password patch |
Date: |
Tue, 26 Jun 2001 15:10:19 +0200 |
At 17:45 24.06.2001 +0200, Milan Zamazal wrote:
Please note that patch breaks the compilation if the `crypt' function is
not present. It should handle the situation reasonably, possibly by
never matching passwords not starting with $0$; the code must be
#ifdefed appropriately.
A properly ifdefed patch is attached below. I added in again the ifdefs
that you originally added in order to support MD5. I think we should log a
warning if the password file contains encrypted passwords on systems that
don't support it, so I also added in the original line saying "TODO: log
some warning". I don't know how logging works, so I leave that to someone
else to add.
- Yngve
Index: gnatsd.c
===================================================================
RCS file: /cvs/gnats/gnats/gnats/gnatsd.c,v
retrieving revision 1.41
diff -u -p -r1.41 gnatsd.c
--- gnatsd.c 2001/06/10 17:17:19 1.41
+++ gnatsd.c 2001/06/26 13:03:07
@@ -271,33 +271,29 @@ match (const char *line, const char *pat
}
}
+
/* Return true iff `password' matches `hash'.
`hash' is a possibly encrypted password, according to the $?$
convention. */
static int
password_match (const char *password, const char *hash)
{
- /* TODO: document the facility in the manual */
-
if (! strncmp (hash, "$0$", 3))
{
/* explicit plain-text password */
return ! strcmp (password, hash+3);
}
- else if (! strncmp (hash, "$1$", 3))
+ else
{
- /* MD5 hash of the password */
-#ifdef HAVE_LIBCRYPT
- char *encrypted = crypt (password, hash);
+ /* DES or MD5 password. If crypt supports MD5, it uses MD5 when
+ the salt starts with $1$. If there's no prefix standard DES
+ is assumed */
+#ifdef HAVE_LIBCRYPT
+ char *encrypted = crypt (password, hash);
return encrypted && ! strcmp (encrypted, hash);
#else
/* TODO: log some warning */
return FALSE;
#endif
- }
- else
- {
- /* default password type is plain-text */
- return match (password, hash, TRUE);
}
}
Re: Encrypted password patch,
Yngve Svendsen <=