diff options
| author | Charl Botha <cpbotha@cpbotha.net> | 2000-11-08 00:44:19 +0000 | 
|---|---|---|
| committer | Charl Botha <cpbotha@cpbotha.net> | 2000-11-08 00:44:19 +0000 | 
| commit | 89a7576c6df54e25cea4778a1fa83666afdc8fbf (patch) | |
| tree | d8af93aaa66dee5bdf337d17c5e8e87e30416bb3 | |
| parent | 6ef39add32ac07e865d75997a7b117f2bbfdbb80 (diff) | |
| download | libpam-pwdfile-89a7576c6df54e25cea4778a1fa83666afdc8fbf.tar.gz | |
Integrated MD5 patch by warwick@chemeng.uct.ac.za.
| -rw-r--r-- | README | 8 | ||||
| -rw-r--r-- | changelog | 7 | ||||
| -rw-r--r-- | pam_pwdfile.c | 20 | 
3 files changed, 24 insertions, 11 deletions
| @@ -1,8 +1,8 @@  README for pam_pwdfile PAM module - Charl P. Botha <cpbotha@ieee.org> -$Id: README,v 1.2 2000-05-22 20:55:34 cpbotha Exp $ +$Id: README,v 1.3 2000-11-08 00:44:19 cpbotha Exp $  --------------------------------------------------------------------------- -This is version 0.2 of pam_pwdfile. +This is version 0.5 of pam_pwdfile.  This pam module can be used for the authentication service only, in cases  where one wants to use a different set of passwords than those in the main @@ -27,7 +27,9 @@ Example:  auth  required /lib/security/pam_pwdfile.so pwdfile /etc/blah.passwd flock  The ASCII password file is simply a list of lines, each looking like this: -username:crypted_passwd[13] +username:crypted_passwd[13] in the case of vanilla crypted passwords and +username:crypted_passwd[34] in the case of MD5 crypted passwords.  The +latter is thanks to Warwick Duncan <warwick@chemeng.uct.ac.za>.  Note that we still expect users to have accounts in the usual place, as we  make use of the pam_pwdb.so module for the account service.  This module is @@ -1,7 +1,12 @@  changelog for pam_pwdfile PAM module - Charl P. Botha <cpbotha@ieee.org> -$Id: changelog,v 1.3 2000-08-29 07:24:00 cpbotha Exp $ +$Id: changelog,v 1.4 2000-11-08 00:44:19 cpbotha Exp $  --------------------------------------------------------------------------- +0.5: Wed Nov  8 01:39:22 CET 2000 + +* added patch by Warwick Duncan <warwick@chemeng.uct.ac.za> to support MD5  +  crypted passwords as well +  0.4: Tue Aug 29 09:23:23 SAST 2000  * fixed typo in INSTALL (thanks to Quynh Nguyen Anh <quynhna@hotmail.com>) diff --git a/pam_pwdfile.c b/pam_pwdfile.c index 484a42a..f7321e0 100644 --- a/pam_pwdfile.c +++ b/pam_pwdfile.c @@ -1,12 +1,12 @@  /* pam_pwdfile.c copyright 1999 by Charl P. Botha <cpbotha@ieee.org>   * - * $Id: pam_pwdfile.c,v 1.5 2000-08-29 07:23:11 cpbotha Exp $ + * $Id: pam_pwdfile.c,v 1.6 2000-11-08 00:44:19 cpbotha Exp $   *    * pam authentication module that can be pointed at any username/crypted   * text file so that pam using application can use an alternate set of   * passwords than specified in system password database   *  - * version 0.4 + * version 0.5   *   * Copyright (c) Charl P. Botha, 1999. All rights reserved   * @@ -69,7 +69,7 @@ extern char *crypt(const char *key, const char *salt);  #define PWDF_PARAM "pwdfile"  #define FLOCK_PARAM "flock"  #define PWDFN_LEN 256 -#define CRYPTEDPWD_LEN 13 +#define CRYPTEDPWD_LEN 34  #ifdef DEBUG  # define D(a) a; @@ -219,7 +219,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags,     const char *name;     char *password;     char pwdfilename[PWDFN_LEN]; -   char salt[3], crypted_password[CRYPTEDPWD_LEN+1]; +   char salt[12], crypted_password[CRYPTEDPWD_LEN+1];     FILE *pwdfile;     int use_flock = 0; @@ -322,14 +322,20 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags,     /* DEBUG */     D(_pam_log(LOG_ERR,"got crypted password == %s", crypted_password)); -   /* extract the salt */ -   salt[0] = crypted_password[0]; salt[1] = crypted_password[1]; salt[2] = '\0'; +   /* Extract the salt and set the passwd length, depending on MD5 or DES */ +   if (strncmp(crypted_password, "$1$", 3) == 0) { +      strncpy(salt, crypted_password, 11); +      salt[11] = '\0'; +   } else { +      strncpy(salt, crypted_password, 2); +      salt[2] = '\0'; +   } +   crypted_passwd[CRYPTEDPWD_LEN] = '\0';     /* DEBUG */     D(_pam_log(LOG_ERR,"user password crypted is %s", crypt(password,salt)));     /* if things don't match up, complain */ -   crypted_password[CRYPTEDPWD_LEN] = '\0';     if (strcmp(crypt(password,salt),crypted_password)!=0) {        _pam_log(LOG_ERR,"wrong password for user %s",name);        fclose(pwdfile); | 
