summaryrefslogtreecommitdiff
path: root/modules/pam_userdb/pam_userdb.c
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_userdb/pam_userdb.c')
-rw-r--r--modules/pam_userdb/pam_userdb.c18
1 files changed, 7 insertions, 11 deletions
diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c
index 11b0d6b..de8b5b1 100644
--- a/modules/pam_userdb/pam_userdb.c
+++ b/modules/pam_userdb/pam_userdb.c
@@ -145,7 +145,7 @@ _pam_parse (pam_handle_t *pamh, int argc, const char **argv,
* return values:
* 1 = User not found
* 0 = OK
- * -1 = Password incorrect
+ * -1 = Password incorrect
* -2 = System error
*/
static int
@@ -214,17 +214,13 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
/* crypt(3) password storage */
char *cryptpw;
- char salt[2];
- if (data.dsize != 13) {
+ if (data.dsize < 13) {
compare = -2;
} else if (ctrl & PAM_ICASE_ARG) {
compare = -2;
} else {
- salt[0] = *data.dptr;
- salt[1] = *(data.dptr + 1);
-
- cryptpw = crypt (pass, salt);
+ cryptpw = crypt (pass, data.dptr);
if (cryptpw) {
compare = strncasecmp (data.dptr, cryptpw, data.dsize);
@@ -362,12 +358,12 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
retval = pam_get_item(pamh, PAM_AUTHTOK, &password);
if (retval != PAM_SUCCESS || password == NULL) {
if ((ctrl & PAM_TRY_FPASS_ARG) != 0) {
- /* Converse to obtain a password */
- retval = obtain_authtok(pamh);
- if (retval != PAM_SUCCESS) {
+ /* Converse to obtain a password */
+ retval = obtain_authtok(pamh);
+ if (retval != PAM_SUCCESS) {
pam_syslog(pamh, LOG_ERR, "can not obtain password from user");
return retval;
- }
+ }
retval = pam_get_item(pamh, PAM_AUTHTOK, &password);
}
if (retval != PAM_SUCCESS || password == NULL) {