[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Encrypted password patch
From: |
Yngve Svendsen |
Subject: |
Encrypted password patch |
Date: |
Thu, 21 Jun 2001 00:26:53 +0200 |
The following patch against current version 4 CVS implements the following
password system:
- If the password in gnatsd.access is prefixed with $0$, the password is
assumed to be explicit plaintext.
- If it is prefixed with $1$, it is assumed to be in MD5 format.
- If it has no prefix, it is assumed to be in standard DES crypt format.
I have tested this both on Linux and Solaris, and it works just as expected.
I'll amend the manual tomorrow (I won't commit the changes to the manual
until the pending move of the manual in the directory tree is done) and
then write a Perl script to convert old password files.
Yngve Svendsen
Index: gnatsd.c
===================================================================
RCS file: /cvs/gnats/gnats/gnats/gnatsd.c,v
retrieving revision 1.41
diff -u -p -r1.41 gnatsd.c
--- gnatsd.c 2001/06/10 17:17:19 1.41
+++ gnatsd.c 2001/06/20 22:11:50
@@ -276,28 +276,18 @@ match (const char *line, const char *pat
static int
password_match (const char *password, const char *hash)
{
- /* TODO: document the facility in the manual */
-
if (! strncmp (hash, "$0$", 3))
{
/* explicit plain-text password */
return ! strcmp (password, hash+3);
}
- else if (! strncmp (hash, "$1$", 3))
+ else
{
- /* MD5 hash of the password */
-#ifdef HAVE_LIBCRYPT
+ /* DES or MD5 password. If crypt supports MD5, it uses MD5 when
+ the salt starts with $1$. If there's no prefix standard DES
+ is assumed */
char *encrypted = crypt (password, hash);
return encrypted && ! strcmp (encrypted, hash);
-#else
- /* TODO: log some warning */
- return FALSE;
-#endif
- }
- else
- {
- /* default password type is plain-text */
- return match (password, hash, TRUE);
}
}