From 89a7576c6df54e25cea4778a1fa83666afdc8fbf Mon Sep 17 00:00:00 2001 From: Charl Botha Date: Wed, 8 Nov 2000 00:44:19 +0000 Subject: Integrated MD5 patch by warwick@chemeng.uct.ac.za. --- README | 8 +++++--- changelog | 7 ++++++- pam_pwdfile.c | 20 +++++++++++++------- 3 files changed, 24 insertions(+), 11 deletions(-) diff --git a/README b/README index 3d65e7c..6a7977e 100644 --- a/README +++ b/README @@ -1,8 +1,8 @@ README for pam_pwdfile PAM module - Charl P. Botha -$Id: README,v 1.2 2000-05-22 20:55:34 cpbotha Exp $ +$Id: README,v 1.3 2000-11-08 00:44:19 cpbotha Exp $ --------------------------------------------------------------------------- -This is version 0.2 of pam_pwdfile. +This is version 0.5 of pam_pwdfile. This pam module can be used for the authentication service only, in cases where one wants to use a different set of passwords than those in the main @@ -27,7 +27,9 @@ Example: auth required /lib/security/pam_pwdfile.so pwdfile /etc/blah.passwd flock The ASCII password file is simply a list of lines, each looking like this: -username:crypted_passwd[13] +username:crypted_passwd[13] in the case of vanilla crypted passwords and +username:crypted_passwd[34] in the case of MD5 crypted passwords. The +latter is thanks to Warwick Duncan . Note that we still expect users to have accounts in the usual place, as we make use of the pam_pwdb.so module for the account service. This module is diff --git a/changelog b/changelog index de13293..38d406e 100644 --- a/changelog +++ b/changelog @@ -1,7 +1,12 @@ changelog for pam_pwdfile PAM module - Charl P. Botha -$Id: changelog,v 1.3 2000-08-29 07:24:00 cpbotha Exp $ +$Id: changelog,v 1.4 2000-11-08 00:44:19 cpbotha Exp $ --------------------------------------------------------------------------- +0.5: Wed Nov 8 01:39:22 CET 2000 + +* added patch by Warwick Duncan to support MD5 + crypted passwords as well + 0.4: Tue Aug 29 09:23:23 SAST 2000 * fixed typo in INSTALL (thanks to Quynh Nguyen Anh ) diff --git a/pam_pwdfile.c b/pam_pwdfile.c index 484a42a..f7321e0 100644 --- a/pam_pwdfile.c +++ b/pam_pwdfile.c @@ -1,12 +1,12 @@ /* pam_pwdfile.c copyright 1999 by Charl P. Botha * - * $Id: pam_pwdfile.c,v 1.5 2000-08-29 07:23:11 cpbotha Exp $ + * $Id: pam_pwdfile.c,v 1.6 2000-11-08 00:44:19 cpbotha Exp $ * * pam authentication module that can be pointed at any username/crypted * text file so that pam using application can use an alternate set of * passwords than specified in system password database * - * version 0.4 + * version 0.5 * * Copyright (c) Charl P. Botha, 1999. All rights reserved * @@ -69,7 +69,7 @@ extern char *crypt(const char *key, const char *salt); #define PWDF_PARAM "pwdfile" #define FLOCK_PARAM "flock" #define PWDFN_LEN 256 -#define CRYPTEDPWD_LEN 13 +#define CRYPTEDPWD_LEN 34 #ifdef DEBUG # define D(a) a; @@ -219,7 +219,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, const char *name; char *password; char pwdfilename[PWDFN_LEN]; - char salt[3], crypted_password[CRYPTEDPWD_LEN+1]; + char salt[12], crypted_password[CRYPTEDPWD_LEN+1]; FILE *pwdfile; int use_flock = 0; @@ -322,14 +322,20 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, /* DEBUG */ D(_pam_log(LOG_ERR,"got crypted password == %s", crypted_password)); - /* extract the salt */ - salt[0] = crypted_password[0]; salt[1] = crypted_password[1]; salt[2] = '\0'; + /* Extract the salt and set the passwd length, depending on MD5 or DES */ + if (strncmp(crypted_password, "$1$", 3) == 0) { + strncpy(salt, crypted_password, 11); + salt[11] = '\0'; + } else { + strncpy(salt, crypted_password, 2); + salt[2] = '\0'; + } + crypted_passwd[CRYPTEDPWD_LEN] = '\0'; /* DEBUG */ D(_pam_log(LOG_ERR,"user password crypted is %s", crypt(password,salt))); /* if things don't match up, complain */ - crypted_password[CRYPTEDPWD_LEN] = '\0'; if (strcmp(crypt(password,salt),crypted_password)!=0) { _pam_log(LOG_ERR,"wrong password for user %s",name); fclose(pwdfile); -- cgit v1.2.3