gnats-prs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gnats/342: Access denied when DES crypt() format passwords used in gnats


From: Andrew . Gray
Subject: gnats/342: Access denied when DES crypt() format passwords used in gnats.access
Date: Thu, 14 Feb 2002 17:29:17 -0500

>Number:         342
>Category:       gnats
>Synopsis:       Access denied when DES crypt() format passwords used in 
>gnats.access
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Feb 14 17:29:17 -0500 2002
>Originator:     Andrew Gray
>Release:        3.999.1
>Organization:

>Environment:
Intel, Linux 2.4.2-1, RedHat 7.1 distribution, libcrypt 2.2.4
>Description:
When DES crypt() format passwords are used in the gnats.access file, access is 
denied even when the correct password is given.
>How-To-Repeat:
Compile the attached crypt.c source file using:
gcc crypt.c -o crypt -lcrypt
Generate encrypt the password "sample":
./crypt sample
In my case the encrypted password was "dQADNeZKYriCU", the time-based salt will 
change the result.
Edit the /usr/local/com/gnatsdb/gnats-adm/gnats.access file to include the 
following line:
testuser:dQADNeZKYriCU:edit
Run the command:
query-pr -H localhost -v testuser -w sample 1
The output of the command is:
query-pr: access denied
The expected output is a summary of problem report 1.
>Fix:
Apply the following patch to gnatsd.c.
The documentation says that "passwords encrypted by crypt()" should have no 
prefix, but the current code assumes that the default password format is plain 
text. The patch changes the code so that passwords with no prefix are taken to 
be encrypted by crypt().

Index: gnatsd.c
===================================================================
RCS file: /cvsroot/gnats/gnats/gnats/gnatsd.c,v
retrieving revision 1.45
diff -u -p -r1.45 gnatsd.c
--- gnatsd.c    23 Dec 2001 20:22:08 -0000      1.45
+++ gnatsd.c    14 Feb 2002 22:21:34 -0000
@@ -272,8 +272,14 @@ password_match (const char *password, co
     }
   else
     {
-      /* default password type is plain-text */
-      return match (password, hash, TRUE);
+      /* default password type is DES crypt */
+#ifdef HAVE_LIBCRYPT
+      char *encrypted = crypt (password, hash);
+      return encrypted && ! strcmp (encrypted, hash);
+#else
+      /* TODO: log some warning */
+      return FALSE;
+#endif
     }
 }
>Unformatted:
 ----gnatsweb-attachment----
 Content-Type: text/plain; name="crypt.c"
 Content-Disposition: inline; filename="crypt.c"
 
 /* $Id: crypt.c,v 1.2 2002/02/14 22:02:40 andrewg Exp $ */
 /* Program to encrypt passwords using crypt function
 * for use with GNATS.
 * Compile with "gcc crypt.c -o crypt -lcrypt" on pindari
 */
 #define _XOPEN_SOURCE
 #include <stdio.h>
 #include <unistd.h>
 #include <sys/time.h>
 
 main (int argc, char **argv)
 {
  char *result;
  char salt[2];
  struct timeval tv;
  int i;
 
  if (argc != 2 && argc != 3)
    {
      fprintf(stderr, "usage: %s password [ salt ]\n", argv[0]);
      exit(2);
    }
 
  if (argc == 3)
    result = crypt(argv[1], argv[2]);
  else
    {
      if (gettimeofday(&tv, (struct timezone *)0))
        {
          perror("gettimeofday");
          exit(2);
        }
      salt[0] = tv.tv_usec & 0x3F;
      salt[1] = tv.tv_sec & 0x3F;
      for (i = 0; i < 2; i++)
        {
          salt[i] += 46;
          if (salt[i] > 57)
            {
              salt[i] += 7;
              if (salt[i] > 90)
                salt[i] += 6;
            }
        }
     
      result = crypt(argv[1], salt);
    }
  printf("%s\n", result);
 }
 



reply via email to

[Prev in Thread] Current Thread [Next in Thread]