diff options
Diffstat (limited to 'modules/pam_userdb/pam_userdb.c')
-rw-r--r-- | modules/pam_userdb/pam_userdb.c | 18 |
1 files changed, 7 insertions, 11 deletions
diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c index 11b0d6b..de8b5b1 100644 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -145,7 +145,7 @@ _pam_parse (pam_handle_t *pamh, int argc, const char **argv, * return values: * 1 = User not found * 0 = OK - * -1 = Password incorrect + * -1 = Password incorrect * -2 = System error */ static int @@ -214,17 +214,13 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, /* crypt(3) password storage */ char *cryptpw; - char salt[2]; - if (data.dsize != 13) { + if (data.dsize < 13) { compare = -2; } else if (ctrl & PAM_ICASE_ARG) { compare = -2; } else { - salt[0] = *data.dptr; - salt[1] = *(data.dptr + 1); - - cryptpw = crypt (pass, salt); + cryptpw = crypt (pass, data.dptr); if (cryptpw) { compare = strncasecmp (data.dptr, cryptpw, data.dsize); @@ -362,12 +358,12 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, retval = pam_get_item(pamh, PAM_AUTHTOK, &password); if (retval != PAM_SUCCESS || password == NULL) { if ((ctrl & PAM_TRY_FPASS_ARG) != 0) { - /* Converse to obtain a password */ - retval = obtain_authtok(pamh); - if (retval != PAM_SUCCESS) { + /* Converse to obtain a password */ + retval = obtain_authtok(pamh); + if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "can not obtain password from user"); return retval; - } + } retval = pam_get_item(pamh, PAM_AUTHTOK, &password); } if (retval != PAM_SUCCESS || password == NULL) { |