I was playing with some perl cgi for a webapp to automate user (sql) tables,
etc updating / allow users to change their passwords. I had never
noticed that `smtpctl encrypt ${string}' provided a different hash each
time. Which is obviously the more better way to do passwords. However,
looking into the code to see what I could do to solve this problem for
myself I saw lka.c was using crypt(3). Whose manual recommends switching
to crypt_checkpass(3). Here is a minor patch to do so.
Index: lka.c
===================================================================
RCS file: /cvs/src/usr.sbin/smtpd/lka.c,v
retrieving revision 1.199
diff -u -p -u -r1.199 lka.c
--- lka.c 17 May 2017 14:00:06 -0000 1.199
+++ lka.c 16 Dec 2017 13:50:07 -0000
@@ -472,10 +472,10 @@ lka_authenticate(const char *tablename,
case 0:
return (LKA_PERMFAIL);
default:
- cpass = crypt(password, lk.creds.password);
- if (cpass == NULL)
+ cpass = crypt_checkpass(password, lk.creds.password);
+ if (cpass < 0)
return (LKA_PERMFAIL);
- if (!strcmp(lk.creds.password, cpass))
+ else
return (LKA_OK);
return (LKA_PERMFAIL);
}
Thanks,
Edgar
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
