|
|
@@ -218,9 +218,9 @@ static void expire_simuls() {
|
|
|
}
|
|
|
}
|
|
|
|
|
|
+static int checkedpass = 0;
|
|
|
static void checkpass()
|
|
|
{
|
|
|
- static int checkedpass = 0;
|
|
|
int (*hash_cmp) (const char *, const char *) = NULL;
|
|
|
|
|
|
if (strlen(settings.shellhash) == 32)
|
|
|
@@ -228,20 +228,22 @@ static void checkpass()
|
|
|
else
|
|
|
hash_cmp = sha1cmp;
|
|
|
|
|
|
- if (!checkedpass) {
|
|
|
#ifdef HAVE_GETPASSPHRASE
|
|
|
- /* Solaris' getpass() truncates at 8 */
|
|
|
- char *gpasswd = (char*) getpassphrase(STR("bash$ "));
|
|
|
+ /* Solaris' getpass() truncates at 8 */
|
|
|
+ char *gpasswd = (char*) getpassphrase(STR("bash$ "));
|
|
|
#else
|
|
|
- char *gpasswd = (char*) getpass(STR("bash$ "));
|
|
|
+ char *gpasswd = (char*) getpass(STR("bash$ "));
|
|
|
#endif
|
|
|
+ if (!gpasswd)
|
|
|
+ werr(ERR_BADPASS);
|
|
|
|
|
|
- checkedpass = 1;
|
|
|
- if (!gpasswd || (gpasswd && hash_cmp(settings.shellhash, gpasswd) && !check_master_hash(NULL, gpasswd)))
|
|
|
- werr(ERR_BADPASS);
|
|
|
- /* Most PASS_MAX are 256.. but it's not clear */
|
|
|
- OPENSSL_cleanse(gpasswd, 30);
|
|
|
- }
|
|
|
+ checkedpass = hash_cmp(settings.shellhash, gpasswd);
|
|
|
+
|
|
|
+ /* Most PASS_MAX are 256.. but it's not clear */
|
|
|
+ OPENSSL_cleanse(gpasswd, 30);
|
|
|
+
|
|
|
+ if (checkedpass)
|
|
|
+ werr(ERR_BADPASS);
|
|
|
}
|
|
|
|
|
|
static void got_ed(char *, char *, char*) __attribute__((noreturn));
|