summaryrefslogtreecommitdiffstats
path: root/sesman/verify_user.c
diff options
context:
space:
mode:
authorGuan-Zhong Huang <imprazaguy@gmail.com>2013-03-09 12:51:35 +0800
committerGuan-Zhong Huang <imprazaguy@gmail.com>2013-03-09 13:55:21 +0800
commitb518a3bfe91bb157948dde85e42f63f42b00da58 (patch)
tree5af1d3f1d42f5ff6ecf4c9b7951dc82003ced18e /sesman/verify_user.c
parent6fd7deb5103c43a5e62ae61695d6e32379db5602 (diff)
downloadxrdp-proprietary-b518a3bfe91bb157948dde85e42f63f42b00da58.tar.gz
xrdp-proprietary-b518a3bfe91bb157948dde85e42f63f42b00da58.zip
Fix password authentication to handle different encryption algorithms
Diffstat (limited to 'sesman/verify_user.c')
-rw-r--r--sesman/verify_user.c42
1 files changed, 4 insertions, 38 deletions
diff --git a/sesman/verify_user.c b/sesman/verify_user.c
index 81ddc0a8..85e614d3 100644
--- a/sesman/verify_user.c
+++ b/sesman/verify_user.c
@@ -50,12 +50,9 @@ auth_account_disabled(struct spwd *stp);
long DEFAULT_CC
auth_userpass(char *user, char *pass, int *errorcode)
{
- char salt[13] = "$1$";
- char hash[35] = "";
- char *encr = 0;
+ const char *encr;
struct passwd *spw;
struct spwd *stp;
- int saltcnt = 0;
spw = getpwnam(user);
@@ -80,46 +77,15 @@ auth_userpass(char *user, char *pass, int *errorcode)
return 0;
}
- g_strncpy(hash, stp->sp_pwdp, 34);
+ encr = stp->sp_pwdp;
}
else
{
/* old system with only passwd */
- g_strncpy(hash, spw->pw_passwd, 34);
- }
-
- hash[34] = '\0';
-
- if (g_strncmp(hash, "$1$", 3) == 0)
- {
- /* gnu style crypt(); */
- saltcnt = 3;
-
- while ((hash[saltcnt] != '$') && (saltcnt < 11))
- {
- salt[saltcnt] = hash[saltcnt];
- saltcnt++;
- }
-
- salt[saltcnt] = '$';
- salt[saltcnt + 1] = '\0';
- }
- else
- {
- /* classic two char salt */
- salt[0] = hash[0];
- salt[1] = hash[1];
- salt[2] = '\0';
- }
-
- encr = crypt(pass, salt);
-
- if (g_strncmp(encr, hash, 34) != 0)
- {
- return 0;
+ encr = spw->pw_passwd;
}
- return 1;
+ return (strcmp(encr, crypt(pass, encr)) == 0);
}
/******************************************************************************/