# HG changeset patch
# User Timo Sirainen <tss@iki.fi>
# Date 1174925705 -10800
# Node ID 088b4934a8f00c6f88b5985f2bb79bcc50fa15e8
# Parent  8845275a763a43204206603fdcf1d66b3269edca
Verify the password with auth_request_password_verify() so passwd and shadow
can be used as master and deny passdbs.

diff -r 8845275a763a -r 088b4934a8f0 src/auth/passdb-passwd.c
--- a/src/auth/passdb-passwd.c	Mon Mar 26 19:14:17 2007 +0300
+++ b/src/auth/passdb-passwd.c	Mon Mar 26 19:15:05 2007 +0300
@@ -6,7 +6,6 @@
 
 #include "safe-memset.h"
 #include "passdb.h"
-#include "mycrypt.h"
 
 #include <pwd.h>
 
@@ -18,7 +17,7 @@
 		    verify_plain_callback_t *callback)
 {
 	struct passwd *pw;
-	bool result;
+	int ret;
 
 	auth_request_log_debug(request, "passwd", "lookup");
 
@@ -41,13 +40,13 @@
 			       PASSWD_PASS_SCHEME);
 
 	/* check if the password is valid */
-	result = strcmp(mycrypt(password, pw->pw_passwd), pw->pw_passwd) == 0;
+	ret = auth_request_password_verify(request, password, pw->pw_passwd,
+					   PASSWD_PASS_SCHEME, "passwd");
 
 	/* clear the passwords from memory */
 	safe_memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
 
-	if (!result) {
-		auth_request_log_info(request, "passwd", "password mismatch");
+	if (ret <= 0) {
 		callback(PASSDB_RESULT_PASSWORD_MISMATCH, request);
 		return;
 	}
diff -r 8845275a763a -r 088b4934a8f0 src/auth/passdb-shadow.c
--- a/src/auth/passdb-shadow.c	Mon Mar 26 19:14:17 2007 +0300
+++ b/src/auth/passdb-shadow.c	Mon Mar 26 19:15:05 2007 +0300
@@ -6,7 +6,6 @@
 
 #include "safe-memset.h"
 #include "passdb.h"
-#include "mycrypt.h"
 
 #include <shadow.h>
 
@@ -18,7 +17,7 @@
 		    verify_plain_callback_t *callback)
 {
 	struct spwd *spw;
-	bool result;
+	int ret;
 
 	auth_request_log_debug(request, "shadow", "lookup");
 
@@ -41,13 +40,13 @@
 			       SHADOW_PASS_SCHEME);
 
 	/* check if the password is valid */
-	result = strcmp(mycrypt(password, spw->sp_pwdp), spw->sp_pwdp) == 0;
+	ret = auth_request_password_verify(request, password, spw->sp_pwdp,
+					   SHADOW_PASS_SCHEME, "shadow");
 
 	/* clear the passwords from memory */
 	safe_memset(spw->sp_pwdp, 0, strlen(spw->sp_pwdp));
 
-	if (!result) {
-		auth_request_log_info(request, "shadow", "password mismatch");
+	if (ret <= 0) {
 		callback(PASSDB_RESULT_PASSWORD_MISMATCH, request);
 		return;
 	}