diff options
Diffstat (limited to 'auth-passwd.c')
| -rw-r--r-- | auth-passwd.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/auth-passwd.c b/auth-passwd.c index 63ccf3cab..996c2cf71 100644 --- a/auth-passwd.c +++ b/auth-passwd.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth-passwd.c,v 1.44 2014/07/15 15:54:14 millert Exp $ */ | 1 | /* $OpenBSD: auth-passwd.c,v 1.45 2016/07/21 01:39:35 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -66,6 +66,8 @@ extern login_cap_t *lc; | |||
| 66 | #define DAY (24L * 60 * 60) /* 1 day in seconds */ | 66 | #define DAY (24L * 60 * 60) /* 1 day in seconds */ |
| 67 | #define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */ | 67 | #define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */ |
| 68 | 68 | ||
| 69 | #define MAX_PASSWORD_LEN 1024 | ||
| 70 | |||
| 69 | void | 71 | void |
| 70 | disable_forwarding(void) | 72 | disable_forwarding(void) |
| 71 | { | 73 | { |
| @@ -87,6 +89,9 @@ auth_password(Authctxt *authctxt, const char *password) | |||
| 87 | static int expire_checked = 0; | 89 | static int expire_checked = 0; |
| 88 | #endif | 90 | #endif |
| 89 | 91 | ||
| 92 | if (strlen(password) > MAX_PASSWORD_LEN) | ||
| 93 | return 0; | ||
| 94 | |||
| 90 | #ifndef HAVE_CYGWIN | 95 | #ifndef HAVE_CYGWIN |
| 91 | if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) | 96 | if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) |
| 92 | ok = 0; | 97 | ok = 0; |
| @@ -193,7 +198,7 @@ int | |||
| 193 | sys_auth_passwd(Authctxt *authctxt, const char *password) | 198 | sys_auth_passwd(Authctxt *authctxt, const char *password) |
| 194 | { | 199 | { |
| 195 | struct passwd *pw = authctxt->pw; | 200 | struct passwd *pw = authctxt->pw; |
| 196 | char *encrypted_password; | 201 | char *encrypted_password, *salt = NULL; |
| 197 | 202 | ||
| 198 | /* Just use the supplied fake password if authctxt is invalid */ | 203 | /* Just use the supplied fake password if authctxt is invalid */ |
| 199 | char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; | 204 | char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; |
| @@ -202,9 +207,13 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) | |||
| 202 | if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) | 207 | if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) |
| 203 | return (1); | 208 | return (1); |
| 204 | 209 | ||
| 205 | /* Encrypt the candidate password using the proper salt. */ | 210 | /* |
| 206 | encrypted_password = xcrypt(password, | 211 | * Encrypt the candidate password using the proper salt, or pass a |
| 207 | (pw_password[0] && pw_password[1]) ? pw_password : "xx"); | 212 | * NULL and let xcrypt pick one. |
| 213 | */ | ||
| 214 | if (authctxt->valid && pw_password[0] && pw_password[1]) | ||
| 215 | salt = pw_password; | ||
| 216 | encrypted_password = xcrypt(password, salt); | ||
| 208 | 217 | ||
| 209 | /* | 218 | /* |
| 210 | * Authentication is accepted if the encrypted passwords | 219 | * Authentication is accepted if the encrypted passwords |