diff options
author | Charl Botha <cpbotha@cpbotha.net> | 2000-11-08 00:44:19 +0000 |
---|---|---|
committer | Charl Botha <cpbotha@cpbotha.net> | 2000-11-08 00:44:19 +0000 |
commit | 89a7576c6df54e25cea4778a1fa83666afdc8fbf (patch) | |
tree | d8af93aaa66dee5bdf337d17c5e8e87e30416bb3 | |
parent | 6ef39add32ac07e865d75997a7b117f2bbfdbb80 (diff) | |
download | libpam-pwdfile-89a7576c6df54e25cea4778a1fa83666afdc8fbf.tar.gz |
Integrated MD5 patch by warwick@chemeng.uct.ac.za.
-rw-r--r-- | README | 8 | ||||
-rw-r--r-- | changelog | 7 | ||||
-rw-r--r-- | pam_pwdfile.c | 20 |
3 files changed, 24 insertions, 11 deletions
@@ -1,8 +1,8 @@ README for pam_pwdfile PAM module - Charl P. Botha <cpbotha@ieee.org> -$Id: README,v 1.2 2000-05-22 20:55:34 cpbotha Exp $ +$Id: README,v 1.3 2000-11-08 00:44:19 cpbotha Exp $ --------------------------------------------------------------------------- -This is version 0.2 of pam_pwdfile. +This is version 0.5 of pam_pwdfile. This pam module can be used for the authentication service only, in cases where one wants to use a different set of passwords than those in the main @@ -27,7 +27,9 @@ Example: auth required /lib/security/pam_pwdfile.so pwdfile /etc/blah.passwd flock The ASCII password file is simply a list of lines, each looking like this: -username:crypted_passwd[13] +username:crypted_passwd[13] in the case of vanilla crypted passwords and +username:crypted_passwd[34] in the case of MD5 crypted passwords. The +latter is thanks to Warwick Duncan <warwick@chemeng.uct.ac.za>. Note that we still expect users to have accounts in the usual place, as we make use of the pam_pwdb.so module for the account service. This module is @@ -1,7 +1,12 @@ changelog for pam_pwdfile PAM module - Charl P. Botha <cpbotha@ieee.org> -$Id: changelog,v 1.3 2000-08-29 07:24:00 cpbotha Exp $ +$Id: changelog,v 1.4 2000-11-08 00:44:19 cpbotha Exp $ --------------------------------------------------------------------------- +0.5: Wed Nov 8 01:39:22 CET 2000 + +* added patch by Warwick Duncan <warwick@chemeng.uct.ac.za> to support MD5 + crypted passwords as well + 0.4: Tue Aug 29 09:23:23 SAST 2000 * fixed typo in INSTALL (thanks to Quynh Nguyen Anh <quynhna@hotmail.com>) diff --git a/pam_pwdfile.c b/pam_pwdfile.c index 484a42a..f7321e0 100644 --- a/pam_pwdfile.c +++ b/pam_pwdfile.c @@ -1,12 +1,12 @@ /* pam_pwdfile.c copyright 1999 by Charl P. Botha <cpbotha@ieee.org> * - * $Id: pam_pwdfile.c,v 1.5 2000-08-29 07:23:11 cpbotha Exp $ + * $Id: pam_pwdfile.c,v 1.6 2000-11-08 00:44:19 cpbotha Exp $ * * pam authentication module that can be pointed at any username/crypted * text file so that pam using application can use an alternate set of * passwords than specified in system password database * - * version 0.4 + * version 0.5 * * Copyright (c) Charl P. Botha, 1999. All rights reserved * @@ -69,7 +69,7 @@ extern char *crypt(const char *key, const char *salt); #define PWDF_PARAM "pwdfile" #define FLOCK_PARAM "flock" #define PWDFN_LEN 256 -#define CRYPTEDPWD_LEN 13 +#define CRYPTEDPWD_LEN 34 #ifdef DEBUG # define D(a) a; @@ -219,7 +219,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, const char *name; char *password; char pwdfilename[PWDFN_LEN]; - char salt[3], crypted_password[CRYPTEDPWD_LEN+1]; + char salt[12], crypted_password[CRYPTEDPWD_LEN+1]; FILE *pwdfile; int use_flock = 0; @@ -322,14 +322,20 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, /* DEBUG */ D(_pam_log(LOG_ERR,"got crypted password == %s", crypted_password)); - /* extract the salt */ - salt[0] = crypted_password[0]; salt[1] = crypted_password[1]; salt[2] = '\0'; + /* Extract the salt and set the passwd length, depending on MD5 or DES */ + if (strncmp(crypted_password, "$1$", 3) == 0) { + strncpy(salt, crypted_password, 11); + salt[11] = '\0'; + } else { + strncpy(salt, crypted_password, 2); + salt[2] = '\0'; + } + crypted_passwd[CRYPTEDPWD_LEN] = '\0'; /* DEBUG */ D(_pam_log(LOG_ERR,"user password crypted is %s", crypt(password,salt))); /* if things don't match up, complain */ - crypted_password[CRYPTEDPWD_LEN] = '\0'; if (strcmp(crypt(password,salt),crypted_password)!=0) { _pam_log(LOG_ERR,"wrong password for user %s",name); fclose(pwdfile); |