From ac625a8235bcee8f56d26899c6f0ad7b13deae9a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 28 Sep 2002 13:29:51 +0000 Subject: Second stab at Volker's 'make shadow passwords work' patch. Basicly, the password and the salt must be taken from the same place in both passwd and shadow based systems. Taking salt from one, and password from the other just doesn't work. So pull them from passwd, then overwrite them if need be. When modifying this file, watch the #ifdef hell - as vl found out, some variables are globals - but only with #ifndef WITH_PAM, and the code jumps all over the place with the password cracker. Getting double-reviews of any change to this file highly advised, it is one of our most system-specifc areas of code. (So now I get to take the blame for this one... :-) Andrew Bartlett (This used to be commit f39f167900db3f06ec3c52c3ddf61e8bf3d57f56) --- source3/auth/pass_check.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/auth') diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c index 63918796ef..e1783bfd1e 100644 --- a/source3/auth/pass_check.c +++ b/source3/auth/pass_check.c @@ -634,6 +634,7 @@ NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *pas /* Also the place to keep the 'password' no matter what crazy struct it started in... */ fstrcpy(this_crypted, pass->pw_passwd); + fstrcpy(this_salt, pass->pw_passwd); #ifdef HAVE_GETSPNAM { @@ -645,8 +646,10 @@ NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *pas perhaps for IPC password changing requests */ spass = getspnam(pass->pw_name); - if (spass && spass->sp_pwdp) + if (spass && spass->sp_pwdp) { fstrcpy(this_crypted, spass->sp_pwdp); + fstrcpy(this_salt, spass->sp_pwdp); + } } #elif defined(IA_UINFO) { @@ -704,9 +707,6 @@ NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *pas } #endif - /* extract relevant info */ - fstrcpy(this_salt, pass->pw_passwd); - #if defined(HAVE_TRUNCATED_SALT) /* crypt on some platforms (HPUX in particular) won't work with more than 2 salt characters. */ -- cgit