From 5438db2634934cc8f3d8226362af6c53621f96e9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Groenvall?= <bg@sics.se>
Date: Thu, 6 Nov 1997 15:25:58 +0000
Subject: [PATCH] Clear text passwords was nuked by somebody, now
 reimplemented.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3803 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 appl/popper/pop_pass.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/appl/popper/pop_pass.c b/appl/popper/pop_pass.c
index 8a2526f77..ba1a83c80 100644
--- a/appl/popper/pop_pass.c
+++ b/appl/popper/pop_pass.c
@@ -167,13 +167,16 @@ pop_pass (POP *p)
 
 #ifdef OTP
 	 if (otp_verify_user (&p->otp_ctx, p->pop_parm[1]) == 0)
-	     ;
+	     /* pass OK */;
 	 else
 #endif
-	 if(p->auth_level != AUTH_NONE)
+	 /*  Compare the supplied password with the password file entry */
+	 if (p->auth_level != AUTH_NONE)
 	     return pop_msg(p, POP_FAILURE,
 			    "Password supplied for \"%s\" is incorrect.",
 			    p->user);
+	 else if (!strcmp(crypt(p->pop_parm[1], pw->pw_passwd), pw->pw_passwd))
+	     /* pass OK */;
 	 else {
 	     int ret = -1;
 #ifdef KRB4