diff options
Diffstat (limited to 'auth-passwd.c')
| -rw-r--r-- | auth-passwd.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/auth-passwd.c b/auth-passwd.c index 63ccf3ca..530b5d4f 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -193,7 +193,7 @@ int sys_auth_passwd(Authctxt *authctxt, const char *password) { struct passwd *pw = authctxt->pw; - char *encrypted_password; + char *encrypted_password, *salt = NULL; /* Just use the supplied fake password if authctxt is invalid */ char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; @@ -202,9 +202,13 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) return (1); - /* Encrypt the candidate password using the proper salt. */ - encrypted_password = xcrypt(password, - (pw_password[0] && pw_password[1]) ? pw_password : "xx"); + /* + * Encrypt the candidate password using the proper salt, or pass a + * NULL and let xcrypt pick one. + */ + if (authctxt->valid && pw_password[0] && pw_password[1]) + salt = pw_password; + encrypted_password = xcrypt(password, salt); /* * Authentication is accepted if the encrypted passwords |