Mercurial > dovecot > core-2.2
changeset 5429:088b4934a8f0 HEAD
Verify the password with auth_request_password_verify() so passwd and shadow
can be used as master and deny passdbs.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 26 Mar 2007 19:15:05 +0300 |
parents | 8845275a763a |
children | c8bb83980ff7 |
files | src/auth/passdb-passwd.c src/auth/passdb-shadow.c |
diffstat | 2 files changed, 8 insertions(+), 10 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/passdb-passwd.c Mon Mar 26 19:14:17 2007 +0300 +++ b/src/auth/passdb-passwd.c Mon Mar 26 19:15:05 2007 +0300 @@ -6,7 +6,6 @@ #include "safe-memset.h" #include "passdb.h" -#include "mycrypt.h" #include <pwd.h> @@ -18,7 +17,7 @@ verify_plain_callback_t *callback) { struct passwd *pw; - bool result; + int ret; auth_request_log_debug(request, "passwd", "lookup"); @@ -41,13 +40,13 @@ PASSWD_PASS_SCHEME); /* check if the password is valid */ - result = strcmp(mycrypt(password, pw->pw_passwd), pw->pw_passwd) == 0; + ret = auth_request_password_verify(request, password, pw->pw_passwd, + PASSWD_PASS_SCHEME, "passwd"); /* clear the passwords from memory */ safe_memset(pw->pw_passwd, 0, strlen(pw->pw_passwd)); - if (!result) { - auth_request_log_info(request, "passwd", "password mismatch"); + if (ret <= 0) { callback(PASSDB_RESULT_PASSWORD_MISMATCH, request); return; }
--- a/src/auth/passdb-shadow.c Mon Mar 26 19:14:17 2007 +0300 +++ b/src/auth/passdb-shadow.c Mon Mar 26 19:15:05 2007 +0300 @@ -6,7 +6,6 @@ #include "safe-memset.h" #include "passdb.h" -#include "mycrypt.h" #include <shadow.h> @@ -18,7 +17,7 @@ verify_plain_callback_t *callback) { struct spwd *spw; - bool result; + int ret; auth_request_log_debug(request, "shadow", "lookup"); @@ -41,13 +40,13 @@ SHADOW_PASS_SCHEME); /* check if the password is valid */ - result = strcmp(mycrypt(password, spw->sp_pwdp), spw->sp_pwdp) == 0; + ret = auth_request_password_verify(request, password, spw->sp_pwdp, + SHADOW_PASS_SCHEME, "shadow"); /* clear the passwords from memory */ safe_memset(spw->sp_pwdp, 0, strlen(spw->sp_pwdp)); - if (!result) { - auth_request_log_info(request, "shadow", "password mismatch"); + if (ret <= 0) { callback(PASSDB_RESULT_PASSWORD_MISMATCH, request); return; }