aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCharl Botha <cpbotha@cpbotha.net>2003-12-20 19:21:19 +0000
committerCharl Botha <cpbotha@cpbotha.net>2003-12-20 19:21:19 +0000
commitd7c3e32076b97cf7e52d02808b5093a32b82685b (patch)
treefe3c22f3e835a13dd56597907118f2beb5884ac7
parentdc44785e001a70bc4222bd8084fc4ee7191ef049 (diff)
downloadlibpam-pwdfile-d7c3e32076b97cf7e52d02808b5093a32b82685b.tar.gz
Integrated bigcrypt/crypt patch by Greg Norris. Getting ready for release
0.99.
-rw-r--r--README10
-rw-r--r--changelog5
-rw-r--r--pam_pwdfile.c31
3 files changed, 28 insertions, 18 deletions
diff --git a/README b/README
index 8962ae4..532f230 100644
--- a/README
+++ b/README
@@ -1,8 +1,8 @@
README for pam_pwdfile PAM module - Charl P. Botha <cpbotha@ieee.org>
-$Id: README,v 1.11 2002-06-10 21:51:04 cpbotha Exp $
+$Id: README,v 1.12 2003-12-20 19:21:19 cpbotha Exp $
---------------------------------------------------------------------------
-This is version 0.98 of pam_pwdfile.
+This is version 0.99 of pam_pwdfile.
This pam module can be used for the authentication service only, in cases
where one wants to use a different set of passwords than those in the main
@@ -34,7 +34,8 @@ to Ethan Benson for this patch.
The ASCII password file is simply a list of lines, each looking like this:
username:crypted_passwd[13] in the case of vanilla crypted passwords and
username:crypted_passwd[34] in the case of MD5 crypted passwords. The
-latter is thanks to Warwick Duncan <warwick@chemeng.uct.ac.za>.
+latter is thanks to Warwick Duncan <warwick@chemeng.uct.ac.za>. pam_pwdfile
+also handles bigcrypt passwords.
Warwick has also written a utility for managing the password files that
pam_pwdfile uses. Please see: http://eclipse.che.uct.ac.za/chpwdfile/
@@ -45,6 +46,3 @@ just so that one can have multiple sets of passwords for different services,
e.g. with our /etc/imap.passwd. It is however possible with certain
applications patched for pam (Cyrus IMAP server e.g.) that one does not need
the users to exist in the system database.
-
-Thanks to Michael-John Turner <mj@debian.org> pam_pwdfile is available as a
-debian package (libpam-pwdfile) from potato onwards.
diff --git a/changelog b/changelog
index 7dba557..6e11a72 100644
--- a/changelog
+++ b/changelog
@@ -1,5 +1,5 @@
changelog for pam_pwdfile PAM module - Charl P. Botha <cpbotha@ieee.org>
-$Id: changelog,v 1.18 2003-07-07 15:09:35 cpbotha Exp $
+$Id: changelog,v 1.19 2003-12-20 19:21:19 cpbotha Exp $
---------------------------------------------------------------------------
0.99 :
@@ -8,6 +8,9 @@ $Id: changelog,v 1.18 2003-07-07 15:09:35 cpbotha Exp $
setup Cyrus IMAPD + pam_pwdfile so that one does not have to create system
accounts for imapd users
* added Makefile.standalone by Gerald Richter to the contrib files.
+* integrated patch by Greg Norris for better handling of bigcrypt/crypt
+ switcheroos. Greg Norris in the current Debian maintainer.
+* The 't' key on my home linux workstation is going.
0.98 : Mon Jun 10 23:49:46 CEST 2002
diff --git a/pam_pwdfile.c b/pam_pwdfile.c
index 1b45116..2d020a9 100644
--- a/pam_pwdfile.c
+++ b/pam_pwdfile.c
@@ -1,14 +1,14 @@
-/* pam_pwdfile.c copyright 1999-2001 by Charl P. Botha <cpbotha@ieee.org>
+/* pam_pwdfile.c copyright 1999-2003 by Charl P. Botha <cpbotha@ieee.org>
*
- * $Id: pam_pwdfile.c,v 1.17 2002-06-10 21:51:04 cpbotha Exp $
+ * $Id: pam_pwdfile.c,v 1.18 2003-12-20 19:21:19 cpbotha Exp $
*
* pam authentication module that can be pointed at any username/crypted
* text file so that pam using application can use an alternate set of
* passwords than specified in system password database
*
- * version 0.98
+ * version 0.99
*
- * Copyright (c) Charl P. Botha, 1999-2002. All rights reserved
+ * Copyright (c) Charl P. Botha, 1999-2003. All rights reserved
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -61,7 +61,7 @@
#include <security/pam_modules.h>
#include "md5.h"
-/*extern char *crypt(const char *key, const char *salt);*/
+extern char *crypt(const char *key, const char *salt);
extern char *bigcrypt(const char *key, const char *salt);
#define PWDF_PARAM "pwdfile"
@@ -70,6 +70,7 @@ extern char *bigcrypt(const char *key, const char *salt);
#define PWDFN_LEN 256
#define CRYPTED_DESPWD_LEN 13
#define CRYPTED_MD5PWD_LEN 34
+#define CRYPTED_BCPWD_LEN 178
#ifdef DEBUG
# define D(a) a;
@@ -210,8 +211,8 @@ static int fgetpwnam(FILE *stream, const char *name, char *password) {
/* get the password and put it in its place */
curpass = strsep(&tpointer,":");
if (curpass != NULL) {
- /* we use md5 pwd len, as this is just a safe maximum */
- strncpy(password,curpass,CRYPTED_MD5PWD_LEN+1);
+ /* we use bigcrypt pwd len, as this is just a safe maximum */
+ strncpy(password,curpass,CRYPTED_BCPWD_LEN+1);
pwdfound = 1;
} /* if (curpass... */
} /* if (strcmp(curname... */
@@ -227,7 +228,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags,
const char *name;
char *password;
char pwdfilename[PWDFN_LEN];
- char salt[12], stored_crypted_password[CRYPTED_MD5PWD_LEN+1];
+ char salt[12], stored_crypted_password[CRYPTED_BCPWD_LEN+1];
char *crypted_password;
FILE *pwdfile;
int use_flock = 0;
@@ -348,6 +349,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags,
/* Extract the salt and set the passwd length, depending on MD5 or DES */
if (strncmp(stored_crypted_password, "$1$", 3) == 0) {
+ D(_pam_log(LOG_ERR,"password hash type is 'md5'"));
/* get out the salt into "salt" */
strncpy(salt, stored_crypted_password, 11);
salt[11] = '\0';
@@ -370,9 +372,16 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags,
/* get the salt out into "salt" */
strncpy(salt, stored_crypted_password, 2);
salt[2] = '\0';
- stored_crypted_password[CRYPTED_DESPWD_LEN] = '\0';
-
- crypted_password = bigcrypt(password, salt);
+ stored_crypted_password[CRYPTED_BCPWD_LEN] = '\0';
+
+ if (strlen(stored_crypted_password) <= CRYPTED_DESPWD_LEN) {
+ D(_pam_log(LOG_ERR,"password hash type is 'crypt'"));
+ crypted_password = crypt(password, salt);
+ } else {
+ D(_pam_log(LOG_ERR,"password hash type is 'bigcrypt'"));
+ crypted_password = bigcrypt(password, salt);
+ }
+
if (strcmp(crypted_password, stored_crypted_password) == 0)
{
temp_result = 1;