Double checked authentication with crypted password OK

diff --git a/lib/lvleml.c b/lib/lvleml.c
index 0702fdc94e06dea1a185238be9fe4978b238cd90..edf8f26edbc61fb947a1dc54138c1b8101da1008 100644 (file)
--- a/lib/lvleml.c
+++ b/lib/lvleml.c
@@ -400,12 +400,22 @@ while (proceed==true) {
         if (givenpass!=(char *)0) 
           *rmtpass=strdup(givenpass);
         if (usr->passwd[0]=='$') {
-          if ((givenpass=crypt(givenpass,usr->passwd))==(char *)0) {
-            (void) rou_alert(0,"%s Trouble to crypt (Bug?) pass=<%s> "
-                               "user=<%s> (error=<%s>)",
-                                OPEP,givenpass,usr->passwd,strerror(errno));
-            givenpass=data[2];      //trying to overcome
+          char *ptr;
+          char idsalt[100];
+         
+          (void) memset(idsalt,'\000',sizeof(idsalt));
+          (void) strncpy(idsalt,usr->passwd,sizeof(idsalt)-1);
+          if ((ptr=strrchr(idsalt,'$'))!=(char *)0) {
+            ptr++;
+            *ptr='\000';
             }
+          if ((ptr=crypt(givenpass,idsalt))==(char *)0) {
+            (void) rou_alert(0,"%s Trouble to crypt (Bug?) givenpass=<%s> "
+                               "salt=<%s> (error=<%s>)",
+                                OPEP,givenpass,idsalt,strerror(errno));
+            ptr=data[2]; //trying to overcome
+            }
+          givenpass=ptr;
           }
         isok=(strcmp(givenpass,usr->passwd)==0);
         usr=sql_freeusr(usr);