Encrypted password patch

[Yngve Svendsen]

The following patch against current version 4 CVS implements the following 
password system:

- If the password in gnatsd.access is prefixed with $0$, the password is 
assumed to be explicit plaintext.
- If it is prefixed with $1$, it is assumed to be in MD5 format.
- If it has no prefix, it is assumed to be in standard DES crypt format.

I have tested this both on Linux and Solaris, and it works just as expected.

I'll amend the manual tomorrow (I won't commit the changes to the manual 
until the pending move of the manual in the directory tree is done) and 
then write a Perl script to convert old password files.

Yngve Svendsen


Index: gnatsd.c
===================================================================
RCS file: /cvs/gnats/gnats/gnats/gnatsd.c,v
retrieving revision 1.41
diff -u -p -r1.41 gnatsd.c
--- gnatsd.c    2001/06/10 17:17:19     1.41
+++ gnatsd.c    2001/06/20 22:11:50
@@ -276,28 +276,18 @@ match (const char *line, const char *pat
 static int
 password_match (const char *password, const char *hash)
 {
-  /* TODO: document the facility in the manual */
-
   if (! strncmp (hash, "$0$", 3))
     {
       /* explicit plain-text password */
       return ! strcmp (password, hash+3);
     }
-  else if (! strncmp (hash, "$1$", 3))
+  else
     {
-      /* MD5 hash of the password */
-#ifdef HAVE_LIBCRYPT
+         /* DES or MD5 password. If crypt supports MD5, it uses MD5 when
+         the salt starts with $1$. If there's no prefix standard DES
+         is assumed */
       char *encrypted = crypt (password, hash);
       return encrypted && ! strcmp (encrypted, hash);
-#else
-      /* TODO: log some warning */
-      return FALSE;
-#endif
-    }
-  else
-    {
-      /* default password type is plain-text */
-      return match (password, hash, TRUE);
     }
 }