[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
pserver login fails on 9 char passwords
From: |
Mäkeläinen Juha |
Subject: |
pserver login fails on 9 char passwords |
Date: |
Mon, 29 Mar 2004 09:25:33 +0300 |
Resending a lost bug report:
-----Original-----
Sender: Mäkeläinen Juha
Sent: 15 Jan 2004 14:04
Reciever: 'bug-cvs@gnu.org'
Subject: pserver login fails on 9 char passwords
This problem was found when using cvs-1.11.11 server on HP-UX and wincvs
client.
If user password is 9 chars long, the crypted password from client is 13
characters but password got from HP-UX secure password system is 24 characters.
The server.c module can not handle that.
Login fails and wincvs client says:
cvs -d :pserver:u123456@our-host.fi:/cvs/fdits login
Logging in to :pserver:u123456@our-host.fi:2401:/cvs/fdits
cvs [login aborted]: authorization failed: server our-host.fi rejected access
to /cvs/fdits for user u123456
Server (HP-UX B.11.11 U 9000/800) syslog.log message:
Jan 13 09:54:54 our-host syslog: login failure (for /cvs/fdits) Jan 13 09:56:16
our-host syslog: password mismatch for u543251: F0sPYT3vo0Gmc vs.
F0sPYT3vo0GmcT.Z51tttO6Q
I have used pre-compiled versions like cvs-1.11.8 and also compiled my own
cvs-1.11.11 using these options:
CFLAGS="-g +DAportable -DLOG_AUTHPRIV" ./configure \
--without-gssapi --enable-server-flow-control
(In this system HAVE_GETSPNAM is defined.)
This is my temprary workaround to cvs-1.11.11, which seems to work:
$ LC_ALL=C diff -c server.c.orig server.c
*** server.c.orig Thu Dec 18 19:59:46 2003
--- server.c Wed Jan 14 15:42:50 2004
***************
*** 5508,5514 ****
--- 5508,5526 ----
if (*found_passwd)
{
/* user exists and has a password */
+ #ifdef FD_JM_20040114
+ /* In HP-UX B.11.11 found_passwd is occasionally longer
+ * than crypted passwd here (24 compared to 13 bytes).
+ * This happened when the user password length is 9 characters.
+ * FIXME - Our workaround is based on my belief that crypted
+ * password is never very short. Is it true?
+ * Now we compare only by the common part of both strings.
+ */
+ char *crypt_passwd = crypt (password, found_passwd);
+ if (strncmp (found_passwd, crypt_passwd, strlen (crypt_passwd))
+ == 0) #else
if (strcmp (found_passwd, crypt (password, found_passwd)) == 0)
+ #endif
{
host_user = xstrdup (username);
}
--
Juha Mäkeläinen / Systems Specialist
FD Finanssidata Oy / P.O. Box 308 / FIN-00101 Helsinki
juha.makelainen@osuuspankki.fi
t. +358-9-404 3075 / +358-40 715 5151 / fax +358-9-404 3007
- pserver login fails on 9 char passwords,
Mäkeläinen Juha <=