Actually, this patch is incorrect. vadduser() takes the plaintext
password, regardless of whether CLEAR_PASS is defined.
The current code behaves as it should.
--
Tom Collins - [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/
On Mar 17, 2006, at 6:23 AM, Riccardo Bini wrote:
Patch for checking password length.
Bye
Rick
--- vpopmail.c 2005-05-23 18:12:36.0 +0200
+++ /home/rick/sorgenti/vpopmail-5.4.12/vpopmail.c 2006-03-17
14:52:01.0 +0100
@@ -457,7 +457,11 @@
if ( strlen(domain) MAX_PW_DOMAIN )
return(VA_DOMAIN_NAME_TOO_LONG);
if ( strlen(domain) 3) return(VA_INVALID_DOMAIN_NAME);
+ if ( strlen(password) MAX_PW_PASS ) return(VA_PASSWD_TOO_LONG);
+#ifdef CLEAR_PASS
if ( strlen(password) MAX_PW_CLEAR_PASSWD )
return(VA_PASSWD_TOO_LONG);
+#endif
+
if ( strlen(gecos) MAX_PW_GECOS )return(VA_GECOS_TOO_LONG);
umask(VPOPMAIL_UMASK);
@@ -1350,7 +1354,11 @@
if ( strlen(username) == 1 ) return(VA_ILLEGAL_USERNAME);
#endif
if ( strlen(domain) MAX_PW_DOMAIN )
return(VA_DOMAIN_NAME_TOO_LONG);
- if ( strlen(password) MAX_PW_CLEAR_PASSWD )
return(VA_PASSWD_TOO_LONG);
+
+ if ( strlen(password) MAX_PW_PASS ) return(VA_PASSWD_TOO_LONG);
+#ifdef CLEAR_PASS
+if ( strlen(password) MAX_PW_CLEAR_PASSWD )
return(VA_PASSWD_TOO_LONG);
+#endif
lowerit(username);
lowerit(domain);