Răsfoiți Sursa

* Use the salt from their current password when comparing the given password

Bryan Drewery 17 ani în urmă
părinte
comite
dda5009201
3 a modificat fișierele cu 9 adăugiri și 4 ștergeri
  1. 6 2
      src/crypt.c
  2. 1 1
      src/crypt.h
  3. 2 1
      src/userrec.c

+ 6 - 2
src/crypt.c

@@ -133,7 +133,7 @@ void encrypt_cmd_pass(char *in, char *out)
   free(tmp);
 }
 
-char *encrypt_pass(struct userrec *u, char *in)
+char *encrypt_pass(struct userrec *u, char *in, const char *saltin)
 {
   char *tmp = NULL, buf[101] = "", *ret = NULL;
   size_t ret_size = 0;
@@ -143,7 +143,11 @@ char *encrypt_pass(struct userrec *u, char *in)
 
   /* Create a 5 byte salt */
   char salt[6] = "";
-  make_rand_str(salt, sizeof(salt) - 1);
+  if (saltin) {
+    strlcpy(salt, saltin, sizeof(salt));
+  } else {
+    make_rand_str(salt, sizeof(salt) - 1);
+  }
 
   /* SHA1 the salt+password */
   simple_snprintf(buf, sizeof(buf), STR("%s%s"), salt, in);

+ 1 - 1
src/crypt.h

@@ -25,7 +25,7 @@ unsigned char *decrypt_binary(const char *, unsigned char *, size_t *);
 char *encrypt_string(const char *, char *);
 char *decrypt_string(const char *, char *);
 void encrypt_cmd_pass(char *, char *);
-char *encrypt_pass(struct userrec *, char *);
+char *encrypt_pass(struct userrec *, char *, const char* = NULL);
 char *cryptit (char *);
 char *decryptit (char *);
 int lfprintf (FILE *, const char *, ...) __attribute__((format(printf, 2, 3)));

+ 2 - 1
src/userrec.c

@@ -342,7 +342,8 @@ int u_pass_match(struct userrec *u, char *in)
 
     if (strlen(pass) > MAXPASSLEN)
       pass[MAXPASSLEN] = 0;
-    newpass = encrypt_pass(u, pass);
+    /* Pass the salted pass in so the same salt can be used */
+    newpass = encrypt_pass(u, pass, cmp);
     if (!strcmp(cmp, newpass)) {
       free(newpass);
       return 1;