From 4d4ed8c166d2e69d32530bc4b199b2470132428d Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 23 Mar 2000 00:27:41 +0000 Subject: [PATCH] Better fix for handling HP-UX aging info. --- auth/passwd.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/auth/passwd.c b/auth/passwd.c index 0d84c64dd..0bb5b3c04 100644 --- a/auth/passwd.c +++ b/auth/passwd.c @@ -58,6 +58,9 @@ static const char rcsid[] = "$Sudo$"; #endif /* lint */ +#define DESLEN 13 +#define HAS_AGEINFO(p, l) (l == 18 && p[DESLEN] == ',') + int passwd_verify(pw, pass, auth) struct passwd *pw; @@ -65,8 +68,11 @@ passwd_verify(pw, pass, auth) sudo_auth *auth; { char sav, *epass; + size_t pw_len; int error; + pw_len = strlen(pw->pw_passwd); + #ifdef HAVE_GETAUTHUID /* Ultrix shadow passwords may use crypt16() */ error = strcmp(pw->pw_passwd, (char *) crypt16(pass, pw->pw_passwd)); @@ -79,20 +85,20 @@ passwd_verify(pw, pass, auth) * If this turns out not to be safe we will have to use OS #ifdef's (sigh). */ sav = pass[8]; - if (strlen(pw->pw_passwd) == 13) + if (pw_len == DESLEN || HAS_AGEINFO(pw->pw_passwd, pw_len)) pass[8] = '\0'; /* * Normal UN*X password check. - * HP-UX adds extra info at the end for password aging so we only - * compare the first len(epass) bytes *unless* pass is the empty string. + * HP-UX may add aging info (separated by a ',') at the end so + * only compare the first DESLEN characters in that case. */ epass = (char *) crypt(pass, pw->pw_passwd); - if (*pass) - error = strncmp(pw->pw_passwd, epass, strlen(epass)); + pass[8] = sav; + if (HAS_AGEINFO(pw->pw_passwd, pw_len) && strlen(epass) == DESLEN) + error = strncmp(pw->pw_passwd, epass, DESLEN); else error = strcmp(pw->pw_passwd, epass); - pass[8] = sav; return(error ? AUTH_FAILURE : AUTH_SUCCESS); } -- 2.40.0