public inbox for gnats-devel@sourceware.org
 help / color / mirror / Atom feed
* Encrypted password patch
@ 2001-06-20 15:24 Yngve Svendsen
  2001-06-21 22:54 ` /etc/qnats-db.conf Margaret BRIERTON
  2001-06-24 11:26 ` Encrypted password patch Milan Zamazal
  0 siblings, 2 replies; 14+ messages in thread
From: Yngve Svendsen @ 2001-06-20 15:24 UTC (permalink / raw)
  To: Milan Zamazal; +Cc: gnats-devel

The following patch against current version 4 CVS implements the following 
password system:

- If the password in gnatsd.access is prefixed with $0$, the password is 
assumed to be explicit plaintext.
- If it is prefixed with $1$, it is assumed to be in MD5 format.
- If it has no prefix, it is assumed to be in standard DES crypt format.

I have tested this both on Linux and Solaris, and it works just as expected.

I'll amend the manual tomorrow (I won't commit the changes to the manual 
until the pending move of the manual in the directory tree is done) and 
then write a Perl script to convert old password files.

Yngve Svendsen


Index: gnatsd.c
===================================================================
RCS file: /cvs/gnats/gnats/gnats/gnatsd.c,v
retrieving revision 1.41
diff -u -p -r1.41 gnatsd.c
--- gnatsd.c	2001/06/10 17:17:19	1.41
+++ gnatsd.c	2001/06/20 22:11:50
@@ -276,28 +276,18 @@ match (const char *line, const char *pat
  static int
  password_match (const char *password, const char *hash)
  {
-  /* TODO: document the facility in the manual */
-
    if (! strncmp (hash, "$0$", 3))
      {
        /* explicit plain-text password */
        return ! strcmp (password, hash+3);
      }
-  else if (! strncmp (hash, "$1$", 3))
+  else
      {
-      /* MD5 hash of the password */
-#ifdef HAVE_LIBCRYPT
+	  /* DES or MD5 password. If crypt supports MD5, it uses MD5 when
+         the salt starts with $1$. If there's no prefix standard DES
+         is assumed */
        char *encrypted = crypt (password, hash);
        return encrypted && ! strcmp (encrypted, hash);
-#else
-      /* TODO: log some warning */
-      return FALSE;
-#endif
-    }
-  else
-    {
-      /* default password type is plain-text */
-      return match (password, hash, TRUE);
      }
  }
  

^ permalink raw reply	[flat|nested] 14+ messages in thread

end of thread, other threads:[~2001-06-27 14:45 UTC | newest]

Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-06-20 15:24 Encrypted password patch Yngve Svendsen
2001-06-21 22:54 ` /etc/qnats-db.conf Margaret BRIERTON
2001-06-22  0:11   ` /etc/qnats-db.conf Yngve Svendsen
2001-06-24 11:26 ` Encrypted password patch Milan Zamazal
2001-06-24 11:34   ` Rick Macdonald
2001-06-24 12:06     ` Milan Zamazal
2001-06-24 12:33       ` Rick Macdonald
2001-06-24 15:19         ` Milan Zamazal
2001-06-24 15:05   ` Yngve Svendsen
2001-06-24 15:25     ` Milan Zamazal
2001-06-25 23:29       ` cgi_error Margaret BRIERTON
2001-06-26  1:06         ` cgi_error Yngve Svendsen
2001-06-26  6:13   ` Encrypted password patch Yngve Svendsen
2001-06-27 14:45     ` Milan Zamazal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).