diff --git a/ChangeLog b/ChangeLog index 35188d8c..05c066ee 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2006-10-24 Thorsten Kukuk + + * modules/pam_unix/support.c (_unix_verify_password): Try system + crypt() if we don't know the hash alogorithm. + * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise. + 2006-10-13 Tomas Mraz * doc/mwg/Linux-PAM_MWG.xml: Add id[s] to section[s]. @@ -12,9 +18,9 @@ * doc/sag/Linux-PAM_SAG.xml: Add id to book. * doc/adg/Linux-PAM_ADG.xml: Add id to book. * doc/mwg/Linux-PAM_MWG.xml: Add id to book. - -2006-10-07 Thorsten Kukuk + +2006-10-07 Thorsten Kukuk * po/hu.po: Updated hungarian translation (from Kalman Kemenczy ) diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index b695b8db..e2a30646 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -689,7 +689,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name D(("user has empty password - access denied")); retval = PAM_AUTH_ERR; } - } else if (!p || (*salt == '*') || (salt_len < 13)) { + } else if (!p || (*salt == '*')) { retval = PAM_AUTH_ERR; } else { if (!strncmp(salt, "$1$", 3)) { @@ -698,6 +698,12 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name _pam_delete(pp); pp = Brokencrypt_md5(p, salt); } + } else if (*salt == '$') { + /* + * Ok, we don't know the crypt algorithm, but maybe + * libcrypt nows about it? We should try it. + */ + pp = x_strdup (crypt(p, salt)); } else { pp = bigcrypt(p, salt); } diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c index 407909a4..87d29256 100644 --- a/modules/pam_unix/unix_chkpwd.c +++ b/modules/pam_unix/unix_chkpwd.c @@ -40,9 +40,7 @@ static int selinux_enabled=-1; #include #include "md5.h" - -extern char *crypt(const char *key, const char *salt); -extern char *bigcrypt(const char *key, const char *salt); +#include "bigcrypt.h" /* syslogging function for errors and other information */ @@ -205,6 +203,15 @@ static int _unix_verify_password(const char *name, const char *p, int nullok) if (strcmp(pp, salt) == 0) retval = PAM_SUCCESS; } + } else if (*salt == '$') { + /* + * Ok, we don't know the crypt algorithm, but maybe + * libcrypt nows about it? We should try it. + */ + pp = x_strdup (crypt(p, salt)); + if (strcmp(pp, salt) == 0) { + retval = PAM_SUCCESS; + } } else if ((*salt == '*') || (salt_len < 13)) { retval = PAM_AUTH_ERR; } else {