aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--networking/httpd.c18
1 files changed, 11 insertions, 7 deletions
diff --git a/networking/httpd.c b/networking/httpd.c
index c66e0f66b..0356e4c1b 100644
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -1763,6 +1763,9 @@ static int check_user_passwd(const char *path, char *user_and_passwd)
if (ENABLE_FEATURE_HTTPD_AUTH_MD5) {
char *colon_after_user;
const char *passwd;
+# if ENABLE_FEATURE_SHADOWPASSWDS && !ENABLE_PAM
+ char sp_buf[256];
+# endif
colon_after_user = strchr(user_and_passwd, ':');
if (!colon_after_user)
@@ -1787,18 +1790,19 @@ static int check_user_passwd(const char *path, char *user_and_passwd)
*colon_after_user = '\0';
userinfo.name = user_and_passwd;
userinfo.pw = colon_after_user + 1;
- r = pam_start("httpd", user_and_passwd, &conv_info, &pamh) != PAM_SUCCESS
- || pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK) != PAM_SUCCESS
- || pam_acct_mgmt(pamh, PAM_DISALLOW_NULL_AUTHTOK) != PAM_SUCCESS
- ;
- pam_end(pamh, PAM_SUCCESS);
+ r = pam_start("httpd", user_and_passwd, &conv_info, &pamh) != PAM_SUCCESS;
+ if (r == 0) {
+ r = pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK) != PAM_SUCCESS
+ || pam_acct_mgmt(pamh, PAM_DISALLOW_NULL_AUTHTOK) != PAM_SUCCESS
+ ;
+ pam_end(pamh, PAM_SUCCESS);
+ }
*colon_after_user = ':';
goto end_check_passwd;
# else
# if ENABLE_FEATURE_SHADOWPASSWDS
/* Using _r function to avoid pulling in static buffers */
struct spwd spw;
- char buffer[256];
# endif
struct passwd *pw;
@@ -1813,7 +1817,7 @@ static int check_user_passwd(const char *path, char *user_and_passwd)
/* getspnam_r may return 0 yet set result to NULL.
* At least glibc 2.4 does this. Be extra paranoid here. */
struct spwd *result = NULL;
- r = getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result);
+ r = getspnam_r(pw->pw_name, &spw, sp_buf, sizeof(sp_buf), &result);
if (r == 0 && result)
passwd = result->sp_pwdp;
}