From fc9d6df599183b27792a8ddf3fda4c12f8792e4b Mon Sep 17 00:00:00 2001 From: Charl Botha Date: Sat, 11 Nov 2000 22:52:41 +0000 Subject: Fixed DES bug (I introduced when integrating MD5 patch) --- changelog | 7 ++++++- pam_pwdfile.c | 16 ++++++++++------ 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/changelog b/changelog index 38d406e..be1dd9a 100644 --- a/changelog +++ b/changelog @@ -1,7 +1,12 @@ changelog for pam_pwdfile PAM module - Charl P. Botha -$Id: changelog,v 1.4 2000-11-08 00:44:19 cpbotha Exp $ +$Id: changelog,v 1.5 2000-11-11 22:52:41 cpbotha Exp $ --------------------------------------------------------------------------- +0.6: Sat Nov 11 23:51:32 CET 2000 + +* fixed a stupid bug I introduced when integrating Warwick's patch; tested + fine with both DES and MD5 crypts + 0.5: Wed Nov 8 01:39:22 CET 2000 * added patch by Warwick Duncan to support MD5 diff --git a/pam_pwdfile.c b/pam_pwdfile.c index 17b925d..33b4da6 100644 --- a/pam_pwdfile.c +++ b/pam_pwdfile.c @@ -1,12 +1,12 @@ /* pam_pwdfile.c copyright 1999 by Charl P. Botha * - * $Id: pam_pwdfile.c,v 1.7 2000-11-08 00:54:16 cpbotha Exp $ + * $Id: pam_pwdfile.c,v 1.8 2000-11-11 22:52:41 cpbotha Exp $ * * pam authentication module that can be pointed at any username/crypted * text file so that pam using application can use an alternate set of * passwords than specified in system password database * - * version 0.5 + * version 0.6 * * Copyright (c) Charl P. Botha, 1999. All rights reserved * @@ -69,7 +69,9 @@ extern char *crypt(const char *key, const char *salt); #define PWDF_PARAM "pwdfile" #define FLOCK_PARAM "flock" #define PWDFN_LEN 256 -#define CRYPTEDPWD_LEN 34 +#define CRYPTED_DESPWD_LEN 13 +#define CRYPTED_MD5PWD_LEN 34 + #ifdef DEBUG # define D(a) a; @@ -203,7 +205,8 @@ static int fgetpwnam(FILE *stream, const char *name, char *password) { /* get the password and put it in its place */ curpass = strsep(&tpointer,":"); if (curpass != NULL) { - strncpy(password,curpass,CRYPTEDPWD_LEN+1); + /* we use md5 pwd len, as this is just a safe maximum */ + strncpy(password,curpass,CRYPTED_MD5PWD_LEN+1); pwdfound = 1; } /* if (curpass... */ } /* if (strcmp(curname... */ @@ -219,7 +222,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, const char *name; char *password; char pwdfilename[PWDFN_LEN]; - char salt[12], crypted_password[CRYPTEDPWD_LEN+1]; + char salt[12], crypted_password[CRYPTED_MD5PWD_LEN+1]; FILE *pwdfile; int use_flock = 0; @@ -326,11 +329,12 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, if (strncmp(crypted_password, "$1$", 3) == 0) { strncpy(salt, crypted_password, 11); salt[11] = '\0'; + crypted_password[CRYPTED_MD5PWD_LEN] = '\0'; } else { strncpy(salt, crypted_password, 2); salt[2] = '\0'; + crypted_password[CRYPTED_DESPWD_LEN] = '\0'; } - crypted_password[CRYPTEDPWD_LEN] = '\0'; /* DEBUG */ D(_pam_log(LOG_ERR,"user password crypted is %s", crypt(password,salt))); -- cgit v1.2.3