Clear text passwords was nuked by somebody, now reimplemented.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3803 ec53bebd-3082-4978-b11e-865c3cabbd6b
1997-11-06 15:25:58 +00:00
parent 716bb218dc
commit 5438db2634
1 changed files with 5 additions and 2 deletions
--- a/appl/popper/pop_pass.c
+++ b/appl/popper/pop_pass.c
@@ -167,13 +167,16 @@ pop_pass (POP *p)

 #ifdef OTP
 	 if (otp_verify_user (&p->otp_ctx, p->pop_parm[1]) == 0)
-	     ;
+	     /* pass OK */;
 	 else
 #endif
-	 if(p->auth_level != AUTH_NONE)
+	 /*  Compare the supplied password with the password file entry */
+	 if (p->auth_level != AUTH_NONE)
 	     return pop_msg(p, POP_FAILURE,
 			    "Password supplied for \"%s\" is incorrect.",
 			    p->user);
+	 else if (!strcmp(crypt(p->pop_parm[1], pw->pw_passwd), pw->pw_passwd))
+	     /* pass OK */;
 	 else {
 	     int ret = -1;
 #ifdef KRB4