aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCharl Botha <cpbotha@cpbotha.net>2000-11-08 00:44:19 +0000
committerCharl Botha <cpbotha@cpbotha.net>2000-11-08 00:44:19 +0000
commit89a7576c6df54e25cea4778a1fa83666afdc8fbf (patch)
treed8af93aaa66dee5bdf337d17c5e8e87e30416bb3
parent6ef39add32ac07e865d75997a7b117f2bbfdbb80 (diff)
downloadlibpam-pwdfile-89a7576c6df54e25cea4778a1fa83666afdc8fbf.tar.gz
Integrated MD5 patch by warwick@chemeng.uct.ac.za.
-rw-r--r--README8
-rw-r--r--changelog7
-rw-r--r--pam_pwdfile.c20
3 files changed, 24 insertions, 11 deletions
diff --git a/README b/README
index 3d65e7c..6a7977e 100644
--- a/README
+++ b/README
@@ -1,8 +1,8 @@
README for pam_pwdfile PAM module - Charl P. Botha <cpbotha@ieee.org>
-$Id: README,v 1.2 2000-05-22 20:55:34 cpbotha Exp $
+$Id: README,v 1.3 2000-11-08 00:44:19 cpbotha Exp $
---------------------------------------------------------------------------
-This is version 0.2 of pam_pwdfile.
+This is version 0.5 of pam_pwdfile.
This pam module can be used for the authentication service only, in cases
where one wants to use a different set of passwords than those in the main
@@ -27,7 +27,9 @@ Example:
auth required /lib/security/pam_pwdfile.so pwdfile /etc/blah.passwd flock
The ASCII password file is simply a list of lines, each looking like this:
-username:crypted_passwd[13]
+username:crypted_passwd[13] in the case of vanilla crypted passwords and
+username:crypted_passwd[34] in the case of MD5 crypted passwords. The
+latter is thanks to Warwick Duncan <warwick@chemeng.uct.ac.za>.
Note that we still expect users to have accounts in the usual place, as we
make use of the pam_pwdb.so module for the account service. This module is
diff --git a/changelog b/changelog
index de13293..38d406e 100644
--- a/changelog
+++ b/changelog
@@ -1,7 +1,12 @@
changelog for pam_pwdfile PAM module - Charl P. Botha <cpbotha@ieee.org>
-$Id: changelog,v 1.3 2000-08-29 07:24:00 cpbotha Exp $
+$Id: changelog,v 1.4 2000-11-08 00:44:19 cpbotha Exp $
---------------------------------------------------------------------------
+0.5: Wed Nov 8 01:39:22 CET 2000
+
+* added patch by Warwick Duncan <warwick@chemeng.uct.ac.za> to support MD5
+ crypted passwords as well
+
0.4: Tue Aug 29 09:23:23 SAST 2000
* fixed typo in INSTALL (thanks to Quynh Nguyen Anh <quynhna@hotmail.com>)
diff --git a/pam_pwdfile.c b/pam_pwdfile.c
index 484a42a..f7321e0 100644
--- a/pam_pwdfile.c
+++ b/pam_pwdfile.c
@@ -1,12 +1,12 @@
/* pam_pwdfile.c copyright 1999 by Charl P. Botha <cpbotha@ieee.org>
*
- * $Id: pam_pwdfile.c,v 1.5 2000-08-29 07:23:11 cpbotha Exp $
+ * $Id: pam_pwdfile.c,v 1.6 2000-11-08 00:44:19 cpbotha Exp $
*
* pam authentication module that can be pointed at any username/crypted
* text file so that pam using application can use an alternate set of
* passwords than specified in system password database
*
- * version 0.4
+ * version 0.5
*
* Copyright (c) Charl P. Botha, 1999. All rights reserved
*
@@ -69,7 +69,7 @@ extern char *crypt(const char *key, const char *salt);
#define PWDF_PARAM "pwdfile"
#define FLOCK_PARAM "flock"
#define PWDFN_LEN 256
-#define CRYPTEDPWD_LEN 13
+#define CRYPTEDPWD_LEN 34
#ifdef DEBUG
# define D(a) a;
@@ -219,7 +219,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags,
const char *name;
char *password;
char pwdfilename[PWDFN_LEN];
- char salt[3], crypted_password[CRYPTEDPWD_LEN+1];
+ char salt[12], crypted_password[CRYPTEDPWD_LEN+1];
FILE *pwdfile;
int use_flock = 0;
@@ -322,14 +322,20 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags,
/* DEBUG */
D(_pam_log(LOG_ERR,"got crypted password == %s", crypted_password));
- /* extract the salt */
- salt[0] = crypted_password[0]; salt[1] = crypted_password[1]; salt[2] = '\0';
+ /* Extract the salt and set the passwd length, depending on MD5 or DES */
+ if (strncmp(crypted_password, "$1$", 3) == 0) {
+ strncpy(salt, crypted_password, 11);
+ salt[11] = '\0';
+ } else {
+ strncpy(salt, crypted_password, 2);
+ salt[2] = '\0';
+ }
+ crypted_passwd[CRYPTEDPWD_LEN] = '\0';
/* DEBUG */
D(_pam_log(LOG_ERR,"user password crypted is %s", crypt(password,salt)));
/* if things don't match up, complain */
- crypted_password[CRYPTEDPWD_LEN] = '\0';
if (strcmp(crypt(password,salt),crypted_password)!=0) {
_pam_log(LOG_ERR,"wrong password for user %s",name);
fclose(pwdfile);