Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

support encrypted password

--HG--
extra : convert_revision : svn%3Abef2e6be-9598-11dd-8950-3d966a63a0de/trunk%4044
  • Loading branch information...
commit 6403b1ccb035a0d6ae52a3fa2914b1886b26305d 1 parent de5e2bf
bodea authored
Showing with 25 additions and 6 deletions.
  1. +2 −1  libcli/Makefile
  2. +20 −3 libcli/libcli.c
  3. +3 −2 libcli/libcli.spec
View
3  libcli/Makefile
@@ -1,6 +1,6 @@
MAJOR=1
MINOR=6
-REVISION=0
+REVISION=2
LIB=libcli.so
PREFIX?=/usr/local
@@ -10,6 +10,7 @@ DEBUG=-g
CFLAGS+=$(DEBUG) -O3 -Wall -funroll-loops
LDFLAGS+=-shared -nostartfiles -Wl,-soname,$(LIB).$(MAJOR).$(MINOR)
LIBPATH+= -L.
+LIBS=-lcrypt
all: $(LIB) clitest
View
23 libcli/libcli.c
@@ -1,12 +1,13 @@
+#define _GNU_SOURCE
#include <stdio.h>
#include <errno.h>
#include <stdarg.h>
-#include <unistd.h>
#include <stdlib.h>
#include <memory.h>
#include <malloc.h>
#include <string.h>
#include "libcli.h"
+#include <unistd.h>
// vim:sw=8 ts=8
enum cli_states
@@ -638,6 +639,21 @@ void cli_regular(struct cli_def *cli, int (*callback)(struct cli_def *cli))
cli->regular_callback = callback;
}
+#define DES_PREFIX "{crypt}" /* to distinguish b/w clear text and DES crypted */
+#define MD5_PREFIX "$1$"
+
+static int pass_matches(char *pass, char *try)
+{
+ int des;
+ if ((des = !strncasecmp(pass, DES_PREFIX, sizeof(DES_PREFIX)-1)))
+ pass += sizeof(DES_PREFIX)-1;
+
+ if (des || !strncmp(pass, MD5_PREFIX, sizeof(MD5_PREFIX)-1))
+ try = crypt(try, pass);
+
+ return !strcmp(pass, try);
+}
+
#define CTRL(c) (c - '@')
int cli_loop(struct cli_def *cli, int sockfd, char *prompt)
@@ -1192,7 +1208,8 @@ int cli_loop(struct cli_def *cli, int sockfd, char *prompt)
struct unp *u;
for (u = cli->users; u; u = u->next)
{
- if (strcmp(username, u->username) == 0 && strcmp(password, u->password) == 0)
+ if (!strcmp(u->username, username)
+ && pass_matches(u->password, password))
{
allowed++;
break;
@@ -1220,7 +1237,7 @@ int cli_loop(struct cli_def *cli, int sockfd, char *prompt)
if (cli->enable_password)
{
// Check stored static enable password
- if (strcmp(cli->enable_password, cmd) == 0)
+ if (pass_matches(cli->enable_password, cmd))
allowed++;
}
if (!allowed && cli->enable_callback)
View
5 libcli/libcli.spec
@@ -1,4 +1,4 @@
-Version: 1.6.1
+Version: 1.6.2
Summary: Cisco-like telnet command-line library
Name: libcli
Release: 1
@@ -39,9 +39,10 @@ rm -rf $RPM_BUILD_ROOT
%doc README Doc/usersguide.html Doc/developers.html
%changelog
-* Fri Jun 25 2004 Brendan O'Dea <bod@optusnet.com.au> 1.6.1-1
+* Fri Jun 25 2004 Brendan O'Dea <bod@optusnet.com.au> 1.6.2-1
- Small cosmetic changes to output.
- Exiting configure/^Z shouldn't disable.
+- Support encrypted password.
* Fri Jun 25 2004 David Parrish <david@dparrish.com> 1.6.0
- Add support for privilege levels and nested config levels. Thanks to Friedhelm
Please sign in to comment.
Something went wrong with that request. Please try again.