Truncate unencrypted password to 8 chars if encrypted password is exactly

13 characters (indicateing standard a DES password).  Many versions
of crypt() do this for you, but not all (like HP-UX's).

diff --git a/auth/passwd.c b/auth/passwd.c
index aee795f20fa2db28d1788c2c0fa41d9992bee2c6..cfb1fc6710113554549dc6ca1b692ed066f4e703 100644 (file)
--- a/auth/passwd.c
+++ b/auth/passwd.c
@@ -64,16 +64,27 @@ passwd_verify(pw, pass, auth)
     char *pass;
     sudo_auth *auth;
 {
+    char sav;
+    int error;
 
 #ifdef HAVE_GETAUTHUID
     /* Ultrix shadow passwords may use crypt16() */
-    if (!strcmp(pw->pw_passwd, (char *) crypt16(pass, pw->pw_passwd)))
+    error = strcmp(pw->pw_passwd, (char *) crypt16(pass, pw->pw_passwd));
+    if (!error)
        return(AUTH_SUCCESS);
 #endif /* HAVE_GETAUTHUID */
 
-    /* Normal UN*X password check */
-    if (!strcmp(pw->pw_passwd, (char *) crypt(pass, pw->pw_passwd)))
-       return(AUTH_SUCCESS);
+    /*
+     * Truncate to 8 chars if standard DES since not all crypt()'s do this.
+     * If this turns out not to be safe we will have to use OS #ifdef's (sigh).
+     */
+    sav = pass[8];
+    if (strlen(pw->pw_passwd) == 13)
+       pass[8] = '\0';
+
+    /* Normal UN*X password check.  */
+    error = strcmp(pw->pw_passwd, (char *) crypt(pass, pw->pw_passwd));
+    pass[8] = sav;
 
-    return(AUTH_FAILURE);
+    return(error ? AUTH_FAILURE : AUTH_SUCCESS);
 }