From: Yngve Svendsen <yngve.svendsen@clustra.com>
To: Milan Zamazal <pdm@zamazal.org>
Cc: gnats-devel@sources.redhat.com
Subject: Re: Encrypted password patch
Date: Tue, 26 Jun 2001 06:13:00 -0000 [thread overview]
Message-ID: <5.1.0.14.2.20010626150605.00bdeeb0@mail.trd.clustra.com> (raw)
In-Reply-To: <87vgllyj84.fsf@blackbird.zamazal.org>
At 17:45 24.06.2001 +0200, Milan Zamazal wrote:
>Please note that patch breaks the compilation if the `crypt' function is
>not present. It should handle the situation reasonably, possibly by
>never matching passwords not starting with $0$; the code must be
>#ifdefed appropriately.
A properly ifdefed patch is attached below. I added in again the ifdefs
that you originally added in order to support MD5. I think we should log a
warning if the password file contains encrypted passwords on systems that
don't support it, so I also added in the original line saying "TODO: log
some warning". I don't know how logging works, so I leave that to someone
else to add.
- Yngve
Index: gnatsd.c
===================================================================
RCS file: /cvs/gnats/gnats/gnats/gnatsd.c,v
retrieving revision 1.41
diff -u -p -r1.41 gnatsd.c
--- gnatsd.c 2001/06/10 17:17:19 1.41
+++ gnatsd.c 2001/06/26 13:03:07
@@ -271,33 +271,29 @@ match (const char *line, const char *pat
}
}
+
/* Return true iff `password' matches `hash'.
`hash' is a possibly encrypted password, according to the $?$
convention. */
static int
password_match (const char *password, const char *hash)
{
- /* TODO: document the facility in the manual */
-
if (! strncmp (hash, "$0$", 3))
{
/* explicit plain-text password */
return ! strcmp (password, hash+3);
}
- else if (! strncmp (hash, "$1$", 3))
+ else
{
- /* MD5 hash of the password */
-#ifdef HAVE_LIBCRYPT
- char *encrypted = crypt (password, hash);
+ /* DES or MD5 password. If crypt supports MD5, it uses MD5 when
+ the salt starts with $1$. If there's no prefix standard DES
+ is assumed */
+#ifdef HAVE_LIBCRYPT
+ char *encrypted = crypt (password, hash);
return encrypted && ! strcmp (encrypted, hash);
#else
/* TODO: log some warning */
return FALSE;
#endif
- }
- else
- {
- /* default password type is plain-text */
- return match (password, hash, TRUE);
}
}
next prev parent reply other threads:[~2001-06-26 6:13 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-06-20 15:24 Yngve Svendsen
2001-06-21 22:54 ` /etc/qnats-db.conf Margaret BRIERTON
2001-06-22 0:11 ` /etc/qnats-db.conf Yngve Svendsen
2001-06-24 11:26 ` Encrypted password patch Milan Zamazal
2001-06-24 11:34 ` Rick Macdonald
2001-06-24 12:06 ` Milan Zamazal
2001-06-24 12:33 ` Rick Macdonald
2001-06-24 15:19 ` Milan Zamazal
2001-06-24 15:05 ` Yngve Svendsen
2001-06-24 15:25 ` Milan Zamazal
2001-06-25 23:29 ` cgi_error Margaret BRIERTON
2001-06-26 1:06 ` cgi_error Yngve Svendsen
2001-06-26 6:13 ` Yngve Svendsen [this message]
2001-06-27 14:45 ` Encrypted password patch Milan Zamazal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5.1.0.14.2.20010626150605.00bdeeb0@mail.trd.clustra.com \
--to=yngve.svendsen@clustra.com \
--cc=gnats-devel@sources.redhat.com \
--cc=pdm@zamazal.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).