Re: [vchkpw] Error in checking password length

2006-03-21 Thread Riccardo Bini 
Alle 05:58, martedì 21 marzo 2006, Tom Collins ha scritto:
 Actually, this patch is incorrect.  vadduser() takes the plaintext
 password, regardless of whether CLEAR_PASS is defined.

 The current code behaves as it should.

#define MAX_PW_PASS 40
#define MAX_PW_CLEAR_PASSWD 16

With CLEAR_PASS  password limits is 16 and not 40. What is the difference from 
MAX_PW_PASS and MAX_PW_CLEAR_PASSWD?

Thank you.
Rick

Re: [vchkpw] Error in checking password length

2006-03-21 Thread Rick Macdougall 

Riccardo Bini wrote:

Alle 05:58, martedì 21 marzo 2006, Tom Collins ha scritto:

Actually, this patch is incorrect.  vadduser() takes the plaintext
password, regardless of whether CLEAR_PASS is defined.

The current code behaves as it should.


#define MAX_PW_PASS 40
#define MAX_PW_CLEAR_PASSWD 16

With CLEAR_PASS  password limits is 16 and not 40. What is the difference from 
MAX_PW_PASS and MAX_PW_CLEAR_PASSWD?


Thank you.
Rick


Hi,


MAX_PW_PASS is the encrypted password
MAX_PW_CLEAR_PASSWD is the clear text password.

A 16 byte clear text password could become a 40 byte encrypted hash 
depending on the method used to encrypt it.


Regards,

Rick

Re: [vchkpw] Error in checking password length

2006-03-20 Thread Tom Collins 
Actually, this patch is incorrect.  vadduser() takes the plaintext 
password, regardless of whether CLEAR_PASS is defined.


The current code behaves as it should.

--
Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/

On Mar 17, 2006, at 6:23 AM, Riccardo Bini wrote:


Patch for checking password length.
Bye
Rick


--- vpopmail.c  2005-05-23 18:12:36.0 +0200
+++ /home/rick/sorgenti/vpopmail-5.4.12/vpopmail.c  2006-03-17
14:52:01.0 +0100
@@ -457,7 +457,11 @@
   if ( strlen(domain)  MAX_PW_DOMAIN ) 
return(VA_DOMAIN_NAME_TOO_LONG);

   if ( strlen(domain)  3) return(VA_INVALID_DOMAIN_NAME);

+  if ( strlen(password)  MAX_PW_PASS )  return(VA_PASSWD_TOO_LONG);
+#ifdef CLEAR_PASS
   if ( strlen(password)  MAX_PW_CLEAR_PASSWD ) 
return(VA_PASSWD_TOO_LONG);

+#endif
+
   if ( strlen(gecos)  MAX_PW_GECOS )return(VA_GECOS_TOO_LONG);

   umask(VPOPMAIL_UMASK);
@@ -1350,7 +1354,11 @@
   if ( strlen(username) == 1 ) return(VA_ILLEGAL_USERNAME);
 #endif
   if ( strlen(domain)  MAX_PW_DOMAIN ) 
return(VA_DOMAIN_NAME_TOO_LONG);
-  if ( strlen(password)  MAX_PW_CLEAR_PASSWD ) 
return(VA_PASSWD_TOO_LONG);

+
+  if ( strlen(password)  MAX_PW_PASS )  return(VA_PASSWD_TOO_LONG);
+#ifdef CLEAR_PASS
+if ( strlen(password)  MAX_PW_CLEAR_PASSWD ) 
return(VA_PASSWD_TOO_LONG);

+#endif

   lowerit(username);
   lowerit(domain);