Shadow password restored

Hello, Christian!

I have restored shadow password in mcserv.  Additionally, all mcserv
related checks have been put into one macro, so they are not performed if
mcfs is disabled.

The reason why shadow password support wasn't restored earlier is because
you didn't explain your patch, and I didn't understand it.  Instead of
defining LINUX_SHADOW to get shadow passwords, you moved that ifdef so
that shadow passwords were used even when LINUX_SHADOW was not defined.

You patch did exactly the opposite to what it seemed to do!  It's probably
the most perversive patch I have ever seen!

This also means that crypt() was used instead of pw_encrypt().  I asked
you about pw_encrypt() and you could not answer, but I didn't realize that
your patch essentially replaced pw_encrypt() with crypt().

Once I realized that, I rebooted to Slackware and implemented shadow
password support.  Yes, it worked for me.  Of course, it's insecure.  The
expiration time for the passwords is not checked.  Not a big deal compared
to transmitting passwords in clear text.

Next time please add comments to your patches.  I wasted a lot of time
today.  Of course, it's my guilt too - for trusting my eyes too much :-)

Of course, the possibility remains that you were very lucky to fix mcserv
without understanding the code.

Pavel Roskin

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]