[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH]: GNATS 3 encrypted passwords
From: |
Yngve Svendsen |
Subject: |
[PATCH]: GNATS 3 encrypted passwords |
Date: |
Fri, 12 Oct 2001 20:09:04 +0200 |
The following patch provides encrypted password support in GNATS 3's
gnatsd.access file. It should apply cleanly to GNATS 3.113, 3.113.1 and to
the latest v3 CVS. This is a simple backport of similar functionality
introduced in GNATS 4.
This is a quick-and-dirty modification. Most importantly, it will not
compile on systems without crypt support, although there aren't many of
those. On systems that support both MD5 and DES (traditional crypt)
encryption, this modification provides support for both kinds of passwords..
In gnatsd.access, a password prefixed by $0$ is assumed to be plaintext,
and a $1$ prefix denotes an MD5 password. If a password has no prefix, it
is assumed to be an ordinary UNIX crypt password. This provides for easy
synchronization of GNATS and standard UNIX passwords, admins can simply
copy password hashes from the system password file.
Sites that have existing gnatsd.access files with plaintext passwords in
them either need to prefix existing passwords with $0$ or convert the
passwords to crypt or MD5.
One final gotcha: This has only been tested on Solaris 8, so your mileage
may vary.
Yngve Svendsen
Index: gnatsd.c
===================================================================
RCS file: /cvs/gnats/gnats/gnats/gnatsd.c,v
retrieving revision 1.1.1.2.4.1
diff -u -p -r1.1.1.2.4.1 gnatsd.c
--- gnatsd.c 1999/09/21 23:18:39 1.1.1.2.4.1
+++ gnatsd.c 2001/10/12 17:37:52
@@ -221,6 +221,29 @@ match (line, p, matchcase)
return 1;
}
+/* Return true iff `password' matches `hash'.
+ `hash' is a possibly encrypted password, according to the $?$
convention. */
+static int
+password_match (password, hash)
+ char *password;
+ char *hash;
+{
+ char *encrypted;
+ if (! strncmp (hash, "$0$", 3))
+ {
+ /* explicit plain-text password */
+ return ! strcmp (password, hash+3);
+ }
+ else
+ {
+ /* DES or MD5 password. If crypt supports MD5, it uses MD5 when
+ the salt starts with $1$. If there's no prefix standard DES
+ is assumed */
+ encrypted = (char *)crypt (password, hash);
+ return encrypted && ! strcmp (encrypted, hash);
+ }
+}
+
char *
get_name (host)
struct in_addr *host;
@@ -439,7 +462,7 @@ get_user_access (database, filename, use
continue;
/* check passwd */
- if (!match (passwd, fields[1], 1))
+ if (!password_match (passwd, fields[1]))
{
access = ACCESS_NONE;
break;
- [PATCH]: GNATS 3 encrypted passwords,
Yngve Svendsen <=